Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2559 → Rev 2560

/CHANGELOG
17,6 → 17,8
- Add "Alcasar-Expire-After" RADIUS attribute instead of replace "Max-All-Session".
- Rename "ChilliSpot-*" RADIUS attributes to "CoovaChilli-*".
- Check that the network interfaces are connected before updating ALCASAR.
- local hostnames are now resolved in "/etc/hosts" (better for dnsmasq)
- improve update process (even if the Linux Distribution is updated)
 
BUGS
- alcasar.sh : Fix exiting on wrong hardware architecture
/alcasar.sh
181,7 → 181,7
done
if [ "$response" = "2" ]
then
rm -f /tmp/alcasar-conf*
rm -f /var/tmp/alcasar-conf*
else
# Retrieve former NICname
EXTIF_saved=`grep ^EXTIF= $CONF_FILE | cut -d'=' -f2-` # EXTernal InterFace
195,7 → 195,7
fi
if [[ ( $unknown_os != 3 ) || ("$DISTRIBUTION" != "Mageia" ) || ( "$CURRENT_VERSION" != "6" ) ]]
then
if [ -e /tmp/alcasar-conf.tar.gz ] # update
if [ -e /var/tmp/alcasar-conf.tar.gz ] # update
then
echo
if [ $Lang == "fr" ]
1690,6 → 1690,7
$DIR_DEST_BIN/alcasar-bl.sh --adapt
# enable the default categories
$DIR_DEST_BIN/alcasar-bl.sh --cat_choice
rm -rf /tmp/blacklists
} # End BL()
 
#######################################################
2119,7 → 2120,7
$SED "s?^INSTALL_DATE=.*?INSTALL_DATE=$DATE?g" $CONF_FILE
$SED "s?^VERSION=.*?VERSION=$VERSION?g" $CONF_FILE
fi
rm -f /tmp/alcasar-conf*
rm -f /var/tmp/alcasar-conf*
chown -R root:apache $DIR_DEST_ETC/*
chmod -R 660 $DIR_DEST_ETC/*
chmod ug+x $DIR_DEST_ETC/digest
2159,7 → 2160,7
echo " Hit 'Enter' to continue"
fi
sleep 2
if [ "$mode" != "update" ] && [ "$DEBUG_ALCASAR" != "on" ]
if [ "$mode" == "install" ] || [ "$DEBUG_ALCASAR" == "on" ]
then
read a
fi
2214,9 → 2215,9
# Uninstall or update the running version
if [ "$mode" == "update" ]
then
$DIR_SCRIPTS/alcasar-uninstall.sh -update
$DIR_DEST_BIN/alcasar-uninstall.sh -update
else
$DIR_SCRIPTS/alcasar-uninstall.sh -full
$DIR_DEST_BIN/alcasar-uninstall.sh -full
fi
fi
if [ $DEBUG_ALCASAR == "on" ]
2225,7 → 2226,7
read a
fi
# Test if manual update
if [ -e /tmp/alcasar-conf*.tar.gz ] && [ "$mode" == "install" ]
if [ -e /var/tmp/alcasar-conf*.tar.gz ] && [ "$mode" == "install" ]
then
header_install
if [ $Lang == "fr" ]
2242,24 → 2243,24
fi
read response
if [ "$response" = "n" ] || [ "$response" = "N" ]
then rm -f /tmp/alcasar-conf*
then rm -f /var/tmp/alcasar-conf*
fi
done
fi
# Test if update
if [ -e /tmp/alcasar-conf* ]
if [ -e /var/tmp/alcasar-conf* ]
then
if [ $Lang == "fr" ]
then echo "#### Installation avec mise à jour ####";
else echo "#### Installation with update ####";
fi
# Extract the central configuration file
tar -xf /tmp/alcasar-conf* conf/etc/alcasar.conf
# Extract some info from the previous configuration file
tar -xf /var/tmp/alcasar-conf* conf/etc/alcasar.conf
ORGANISME=`grep ^ORGANISM= conf/etc/alcasar.conf|cut -d"=" -f2`
PREVIOUS_VERSION=`grep ^VERSION= conf/etc/alcasar.conf|cut -d"=" -f2`
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2`
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1`
mode="update"
fi
for func in init network ACC CA time_server init_db freeradius chilli e2guardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install
2295,10 → 2296,10
then
$DIR_SCRIPTS/alcasar-conf.sh --create
else
rm -f /tmp/alcasar-conf*
rm -f /var/tmp/alcasar-conf*
fi
# Uninstall the running version
$DIR_SCRIPTS/alcasar-uninstall.sh -full
$DIR_DEST_BIN/alcasar-uninstall.sh -full
;;
*)
echo "Argument inconnu :$1";
/scripts/alcasar-conf.sh
6,17 → 6,17
# This script is distributed under the Gnu General Public License (GPL)
 
# Ce script permet la mise à jour ALCASAR
# - création de l'archive des fichiers de configuration dans "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
# - création de l'archive des fichiers de configuration "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
# - chargement de l'archive de fichiers de configuration lors de la mise à jour d'un alcasar (alcasar-conf -load). Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions
# - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" lors d'un changement de conf réseau à chaud (alcasar-conf -apply)
# This script allows ALCASAR update
# - create the configuration files backup "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
# - create the configuration files backup "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
# - load the backup of configuration files during the update process (alcasar-conf -load). If needed, it's here we update files between versions
# - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification is needed (alcasar-conf -apply)
 
new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers
fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde
DIR_UPDATE="/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour
DIR_UPDATE="/var/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour
DIR_WEB="/var/www/html" # répertoire du centre de gestion
DIR_BIN="/usr/local/bin" # scripts directory
DIR_ETC="/usr/local/etc" # conf directory
96,10 → 96,11
fi
done
cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
# backup of different conf files (main conf file, filtering, digest, etc)
# backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.)
mkdir $DIR_UPDATE/etc/
[ -e $DIR_ETC/alcasar-ethers-info ] || cp $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info # V3.1.2 new info file for dhcp static
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
cp /etc/hosts $DIR_UPDATE/etc/
# backup of the security certificates (server & CA)
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE # autosigned & official if exist
111,14 → 112,15
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt
fi
# archive file creation
cd /tmp
cd /var/tmp
tar -cf alcasar-conf.tar conf/
gzip -f alcasar-conf.tar
rm -rf $DIR_UPDATE
;;
 
--load|-load)
cd /tmp
tar -xf /tmp/alcasar-conf*.tar.gz
cd /var/tmp
tar -xf alcasar-conf*.tar.gz
# Retrieve the logo
[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
127,9 → 129,7
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
 
(cat /etc/pki/tls/private/alcasar.key; echo; cat /etc/pki/tls/certs/alcasar.crt) > /etc/pki/tls/private/alcasar.pem
 
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
chown -R root:apache /etc/pki
chmod -R 750 /etc/pki
137,6 → 137,7
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS
# Retrieve local parameters
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
mv -f $DIR_ETC/hosts /etc/hosts
# Retrieve BL/WL custom files
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/
164,20 → 165,46
fi
# Remove the update folder
rm -rf $DIR_UPDATE
# If needed : write modifications between version
# V3.1.3
# add "HTTPS_LOGIN=on" in conf file
HTTPS_LOGIN=`grep -c "^HTTPS_LOGIN=" $CONF_FILE`
if [ $HTTPS_LOGIN == "0" ]
######################### modifications between versions #######################
# Extract the curent version
CURRENT_VERSION=`grep ^VERSION= $CONF_FILE|cut -d"=" -f2`
MAJ_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f1`
MIN_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f2`
UPD_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f3|cut -c1`
## From 3.2.0 & 3.2.1 ##
if [ [ $MAJ_CURRENT_VERSION == "3" ] && [ $MIN_CURRENT_VERSION == "2" ] ]
then
echo "HTTPS_LOGIN=on" >> $CONF_FILE
## rewrite the file managing domain name resolution (local & remote). Hostnames resolutions are now in /etc/hosts
cat << EOF > $DIR_ETC/alcasar-dns-name
# Vous pouvez définir ici votre nom de domain local ('localdomain' par défaut)
# Here you can define your local domain name ('localdomain' by default)
local=/$DOMAIN/
domain=$DOMAIN
 
## Ajouter une ligne pour chaque nom de domaine géré par un autre seveur DNS
## Add one line for each domain name managed by an other DNS server
## server=/<your_domain>/<@IP_domain_server>
## Exemple for an A.D. domain : server=/Your.Domain.AD/110.120.100.100
## Exemple for an other domain : server=/an_other_domain/10.20.30.40
 
## INFO : local hostnames are resolved in /etc/hosts file
EOF
## rewrite /etc/hosts file managing hostname resolution
PRIVATE_IP=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2|cut -d"/" -f1`
HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2`
cat << EOF > /etc/hosts
127.0.0.1 localhost
$PRIVATE_IP $HOSTNAME
EOF
# apache is removed (lighttpd instead)
rm -rf /etc/httpd/
rm -rf /var/log/httpd/
# dansguardian is removed (E²guardian instead)
rm -rf /var/dansguardian/
rm -rf /etc/dansguardian/
fi
# V3.2.0
# add "HTTPS_CHILLI=off" in conf file
if [ $(grep -c "^HTTPS_CHILLI=" $CONF_FILE) == "0" ]; then
echo "HTTPS_CHILLI=off" >> $CONF_FILE
fi
;;
 
--apply|-apply)
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
316,11 → 343,9
# Set hostname
hostnamectl set-hostname $HOSTNAME.$DOMAIN
# /etc/hosts
domainNames="alcasar.localdomain $HOSTNAME $HOSTNAME.$DOMAIN"
if [ "$HOSTNAME" != "alcasar" ]; then domainNames="alcasar $domainNames"; fi
cat <<EOF > /etc/hosts
127.0.0.1 localhost
$PRIVATE_IP $domainNames
$PRIVATE_IP $HOSTNAME
EOF
# Set hostname in CoovaChilli
$SED "s/^uamallowed.*/uamallowed\t${domainNames// /,}/g" /etc/chilli.conf
/scripts/alcasar-uninstall.sh
22,20 → 22,15
 
ACC ()
{
if [ -d /etc/httpd ] ; then # Removing old Apache configuration
echo -en "(1) : "
rm -rf /etc/httpd/ && echo -n "1"
else
echo -en "(7) : "
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, "
[ -d /etc/freeradius-web ] && rm -rf /etc/freeradius-webl && echo -n "2, "
[ -e /etc/php.ini.default ] && mv -f /etc/php.ini.default /etc/php.ini && echo -n "3, "
[ -e /etc/lighttpd/lighttpd.conf.default ] && mv /etc/lighttpd/lighttpd.conf.default /etc/lighttpd/lighttpd.conf && echo -n "4, "
[ -e /etc/lighttpd/modules.conf.default ] && mv /etc/lighttpd/modules.conf.default /etc/lighttpd/modules.conf && echo -n "5, "
[ -e /etc/lighttpd/conf.d/fastcgi.conf.default ] && mv /etc/lighttpd/conf.d/fastcgi.conf.default /etc/lighttpd/conf.d/fastcgi.conf && echo -n "6, "
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "7, "
[ -e /etc/lighttpd/vhosts.d/alcasar.conf ] && rm -f /etc/lighttpd/vhosts.d/alcasar.conf && echo -n "8"
fi
echo -en "(8) : "
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, "
[ -d /etc/freeradius-web ] && rm -rf /etc/freeradius-webl && echo -n "2, "
[ -e /etc/php.ini.default ] && mv -f /etc/php.ini.default /etc/php.ini && echo -n "3, "
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "4, "
[ -e /etc/lighttpd/lighttpd.conf.default ] && mv /etc/lighttpd/lighttpd.conf.default /etc/lighttpd/lighttpd.conf && echo -n "5, "
[ -e /etc/lighttpd/modules.conf.default ] && mv /etc/lighttpd/modules.conf.default /etc/lighttpd/modules.conf && echo -n "6, "
[ -e /etc/lighttpd/conf.d/fastcgi.conf.default ] && mv /etc/lighttpd/conf.d/fastcgi.conf.default /etc/lighttpd/conf.d/fastcgi.conf && echo -n "7, "
[ -e /etc/lighttpd/vhosts.d/alcasar.conf ] && rm -f /etc/lighttpd/vhosts.d/alcasar.conf && echo -n "8"
}
 
CA ()
96,20 → 91,15
 
e2guardian ()
{
if [ -d /etc/dansguardian ] ; then # Removing old Dansguardian
echo -en "(1) : "
rm -rf /etc/dansguardian/ && echo -n "1"
else
echo -en "(8) : "
[ -d /var/e2guardian ] && rm -rf /var/e2guardian && echo -n "1, "
[ -e /etc/e2guardian/e2guardian.conf.default ] && mv /etc/e2guardian/e2guardian.conf.default /etc/e2guardian/e2guardian.conf && echo -n "2, "
[ -e /etc/e2guardian/lists/bannedphraselist.default ] && mv /etc/e2guardian/lists/bannedphraselist.default /etc/e2guardian/lists/bannedphraselist && echo -n "3, "
[ -e /etc/e2guardian/e2guardianf1.conf.default ] && mv /etc/e2guardian/e2guardianf1.conf.default /etc/e2guardian/e2guardianf1.conf && echo -n "4, "
[ -e /etc/e2guardian/lists/bannedextensionlist.default ] && mv /etc/e2guardian/lists/bannedextensionlist.default /etc/e2guardian/lists/bannedextensionlist && echo -n "5, "
[ -e /etc/e2guardian/lists/bannedmimetypelist.default ] && mv /etc/e2guardian/lists/bannedmimetypelist.default /etc/e2guardian/lists/bannedmimetypelist && echo -n "6, "
[ -e /etc/e2guardian/lists/exceptioniplist.default ] && mv /etc/e2guardian/lists/exceptioniplist.default /etc/e2guardian/lists/exceptioniplist && echo -n "7, "
[ -e /etc/e2guardian/lists/bannedsitelist.default ] && mv /etc/e2guardian/lists/bannedsitelist.default /etc/e2guardian/lists/bannedsitelist && echo -n "8"
fi
echo -en "(8) : "
[ -d /var/e2guardian ] && rm -rf /var/e2guardian && echo -n "1, "
[ -e /etc/e2guardian/e2guardian.conf.default ] && mv /etc/e2guardian/e2guardian.conf.default /etc/e2guardian/e2guardian.conf && echo -n "2, "
[ -e /etc/e2guardian/lists/bannedphraselist.default ] && mv /etc/e2guardian/lists/bannedphraselist.default /etc/e2guardian/lists/bannedphraselist && echo -n "3, "
[ -e /etc/e2guardian/e2guardianf1.conf.default ] && mv /etc/e2guardian/e2guardianf1.conf.default /etc/e2guardian/e2guardianf1.conf && echo -n "4, "
[ -e /etc/e2guardian/lists/bannedextensionlist.default ] && mv /etc/e2guardian/lists/bannedextensionlist.default /etc/e2guardian/lists/bannedextensionlist && echo -n "5, "
[ -e /etc/e2guardian/lists/bannedmimetypelist.default ] && mv /etc/e2guardian/lists/bannedmimetypelist.default /etc/e2guardian/lists/bannedmimetypelist && echo -n "6, "
[ -e /etc/e2guardian/lists/exceptioniplist.default ] && mv /etc/e2guardian/lists/exceptioniplist.default /etc/e2guardian/lists/exceptioniplist && echo -n "7, "
[ -e /etc/e2guardian/lists/bannedsitelist.default ] && mv /etc/e2guardian/lists/bannedsitelist.default /etc/e2guardian/lists/bannedsitelist && echo -n "8"
}
 
antivirus ()