/CHANGELOG |
---|
17,6 → 17,8 |
- Add "Alcasar-Expire-After" RADIUS attribute instead of replace "Max-All-Session". |
- Rename "ChilliSpot-*" RADIUS attributes to "CoovaChilli-*". |
- Check that the network interfaces are connected before updating ALCASAR. |
- local hostnames are now resolved in "/etc/hosts" (better for dnsmasq) |
- improve update process (even if the Linux Distribution is updated) |
BUGS |
- alcasar.sh : Fix exiting on wrong hardware architecture |
/alcasar.sh |
---|
181,7 → 181,7 |
done |
if [ "$response" = "2" ] |
then |
rm -f /tmp/alcasar-conf* |
rm -f /var/tmp/alcasar-conf* |
else |
# Retrieve former NICname |
EXTIF_saved=`grep ^EXTIF= $CONF_FILE | cut -d'=' -f2-` # EXTernal InterFace |
195,7 → 195,7 |
fi |
if [[ ( $unknown_os != 3 ) || ("$DISTRIBUTION" != "Mageia" ) || ( "$CURRENT_VERSION" != "6" ) ]] |
then |
if [ -e /tmp/alcasar-conf.tar.gz ] # update |
if [ -e /var/tmp/alcasar-conf.tar.gz ] # update |
then |
echo |
if [ $Lang == "fr" ] |
1690,6 → 1690,7 |
$DIR_DEST_BIN/alcasar-bl.sh --adapt |
# enable the default categories |
$DIR_DEST_BIN/alcasar-bl.sh --cat_choice |
rm -rf /tmp/blacklists |
} # End BL() |
####################################################### |
2119,7 → 2120,7 |
$SED "s?^INSTALL_DATE=.*?INSTALL_DATE=$DATE?g" $CONF_FILE |
$SED "s?^VERSION=.*?VERSION=$VERSION?g" $CONF_FILE |
fi |
rm -f /tmp/alcasar-conf* |
rm -f /var/tmp/alcasar-conf* |
chown -R root:apache $DIR_DEST_ETC/* |
chmod -R 660 $DIR_DEST_ETC/* |
chmod ug+x $DIR_DEST_ETC/digest |
2159,7 → 2160,7 |
echo " Hit 'Enter' to continue" |
fi |
sleep 2 |
if [ "$mode" != "update" ] && [ "$DEBUG_ALCASAR" != "on" ] |
if [ "$mode" == "install" ] || [ "$DEBUG_ALCASAR" == "on" ] |
then |
read a |
fi |
2214,9 → 2215,9 |
# Uninstall or update the running version |
if [ "$mode" == "update" ] |
then |
$DIR_SCRIPTS/alcasar-uninstall.sh -update |
$DIR_DEST_BIN/alcasar-uninstall.sh -update |
else |
$DIR_SCRIPTS/alcasar-uninstall.sh -full |
$DIR_DEST_BIN/alcasar-uninstall.sh -full |
fi |
fi |
if [ $DEBUG_ALCASAR == "on" ] |
2225,7 → 2226,7 |
read a |
fi |
# Test if manual update |
if [ -e /tmp/alcasar-conf*.tar.gz ] && [ "$mode" == "install" ] |
if [ -e /var/tmp/alcasar-conf*.tar.gz ] && [ "$mode" == "install" ] |
then |
header_install |
if [ $Lang == "fr" ] |
2242,24 → 2243,24 |
fi |
read response |
if [ "$response" = "n" ] || [ "$response" = "N" ] |
then rm -f /tmp/alcasar-conf* |
then rm -f /var/tmp/alcasar-conf* |
fi |
done |
fi |
# Test if update |
if [ -e /tmp/alcasar-conf* ] |
if [ -e /var/tmp/alcasar-conf* ] |
then |
if [ $Lang == "fr" ] |
then echo "#### Installation avec mise à jour ####"; |
else echo "#### Installation with update ####"; |
fi |
# Extract the central configuration file |
tar -xf /tmp/alcasar-conf* conf/etc/alcasar.conf |
# Extract some info from the previous configuration file |
tar -xf /var/tmp/alcasar-conf* conf/etc/alcasar.conf |
ORGANISME=`grep ^ORGANISM= conf/etc/alcasar.conf|cut -d"=" -f2` |
PREVIOUS_VERSION=`grep ^VERSION= conf/etc/alcasar.conf|cut -d"=" -f2` |
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1` |
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1` |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3` |
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2` |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1` |
mode="update" |
fi |
for func in init network ACC CA time_server init_db freeradius chilli e2guardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install |
2295,10 → 2296,10 |
then |
$DIR_SCRIPTS/alcasar-conf.sh --create |
else |
rm -f /tmp/alcasar-conf* |
rm -f /var/tmp/alcasar-conf* |
fi |
# Uninstall the running version |
$DIR_SCRIPTS/alcasar-uninstall.sh -full |
$DIR_DEST_BIN/alcasar-uninstall.sh -full |
;; |
*) |
echo "Argument inconnu :$1"; |
/scripts/alcasar-conf.sh |
---|
6,17 → 6,17 |
# This script is distributed under the Gnu General Public License (GPL) |
# Ce script permet la mise à jour ALCASAR |
# - création de l'archive des fichiers de configuration dans "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
# - création de l'archive des fichiers de configuration "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
# - chargement de l'archive de fichiers de configuration lors de la mise à jour d'un alcasar (alcasar-conf -load). Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions |
# - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" lors d'un changement de conf réseau à chaud (alcasar-conf -apply) |
# This script allows ALCASAR update |
# - create the configuration files backup "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
# - create the configuration files backup "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
# - load the backup of configuration files during the update process (alcasar-conf -load). If needed, it's here we update files between versions |
# - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification is needed (alcasar-conf -apply) |
new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers |
fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde |
DIR_UPDATE="/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour |
DIR_UPDATE="/var/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour |
DIR_WEB="/var/www/html" # répertoire du centre de gestion |
DIR_BIN="/usr/local/bin" # scripts directory |
DIR_ETC="/usr/local/etc" # conf directory |
96,10 → 96,11 |
fi |
done |
cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null |
# backup of different conf files (main conf file, filtering, digest, etc) |
# backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.) |
mkdir $DIR_UPDATE/etc/ |
[ -e $DIR_ETC/alcasar-ethers-info ] || cp $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info # V3.1.2 new info file for dhcp static |
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/ |
cp /etc/hosts $DIR_UPDATE/etc/ |
# backup of the security certificates (server & CA) |
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist |
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE # autosigned & official if exist |
111,14 → 112,15 |
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt |
fi |
# archive file creation |
cd /tmp |
cd /var/tmp |
tar -cf alcasar-conf.tar conf/ |
gzip -f alcasar-conf.tar |
rm -rf $DIR_UPDATE |
;; |
--load|-load) |
cd /tmp |
tar -xf /tmp/alcasar-conf*.tar.gz |
cd /var/tmp |
tar -xf alcasar-conf*.tar.gz |
# Retrieve the logo |
[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/ |
chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php |
127,9 → 129,7 |
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official |
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/ |
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/ |
(cat /etc/pki/tls/private/alcasar.key; echo; cat /etc/pki/tls/certs/alcasar.crt) > /etc/pki/tls/private/alcasar.pem |
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist |
chown -R root:apache /etc/pki |
chmod -R 750 /etc/pki |
137,6 → 137,7 |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS |
# Retrieve local parameters |
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/ |
mv -f $DIR_ETC/hosts /etc/hosts |
# Retrieve BL/WL custom files |
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/ |
164,20 → 165,46 |
fi |
# Remove the update folder |
rm -rf $DIR_UPDATE |
# If needed : write modifications between version |
# V3.1.3 |
# add "HTTPS_LOGIN=on" in conf file |
HTTPS_LOGIN=`grep -c "^HTTPS_LOGIN=" $CONF_FILE` |
if [ $HTTPS_LOGIN == "0" ] |
######################### modifications between versions ####################### |
# Extract the curent version |
CURRENT_VERSION=`grep ^VERSION= $CONF_FILE|cut -d"=" -f2` |
MAJ_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f1` |
MIN_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f2` |
UPD_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f3|cut -c1` |
## From 3.2.0 & 3.2.1 ## |
if [ [ $MAJ_CURRENT_VERSION == "3" ] && [ $MIN_CURRENT_VERSION == "2" ] ] |
then |
echo "HTTPS_LOGIN=on" >> $CONF_FILE |
## rewrite the file managing domain name resolution (local & remote). Hostnames resolutions are now in /etc/hosts |
cat << EOF > $DIR_ETC/alcasar-dns-name |
# Vous pouvez définir ici votre nom de domain local ('localdomain' par défaut) |
# Here you can define your local domain name ('localdomain' by default) |
local=/$DOMAIN/ |
domain=$DOMAIN |
## Ajouter une ligne pour chaque nom de domaine géré par un autre seveur DNS |
## Add one line for each domain name managed by an other DNS server |
## server=/<your_domain>/<@IP_domain_server> |
## Exemple for an A.D. domain : server=/Your.Domain.AD/110.120.100.100 |
## Exemple for an other domain : server=/an_other_domain/10.20.30.40 |
## INFO : local hostnames are resolved in /etc/hosts file |
EOF |
## rewrite /etc/hosts file managing hostname resolution |
PRIVATE_IP=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2|cut -d"/" -f1` |
HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2` |
cat << EOF > /etc/hosts |
127.0.0.1 localhost |
$PRIVATE_IP $HOSTNAME |
EOF |
# apache is removed (lighttpd instead) |
rm -rf /etc/httpd/ |
rm -rf /var/log/httpd/ |
# dansguardian is removed (E²guardian instead) |
rm -rf /var/dansguardian/ |
rm -rf /etc/dansguardian/ |
fi |
# V3.2.0 |
# add "HTTPS_CHILLI=off" in conf file |
if [ $(grep -c "^HTTPS_CHILLI=" $CONF_FILE) == "0" ]; then |
echo "HTTPS_CHILLI=off" >> $CONF_FILE |
fi |
;; |
--apply|-apply) |
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b" |
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2` |
316,11 → 343,9 |
# Set hostname |
hostnamectl set-hostname $HOSTNAME.$DOMAIN |
# /etc/hosts |
domainNames="alcasar.localdomain $HOSTNAME $HOSTNAME.$DOMAIN" |
if [ "$HOSTNAME" != "alcasar" ]; then domainNames="alcasar $domainNames"; fi |
cat <<EOF > /etc/hosts |
127.0.0.1 localhost |
$PRIVATE_IP $domainNames |
$PRIVATE_IP $HOSTNAME |
EOF |
# Set hostname in CoovaChilli |
$SED "s/^uamallowed.*/uamallowed\t${domainNames// /,}/g" /etc/chilli.conf |
/scripts/alcasar-uninstall.sh |
---|
22,20 → 22,15 |
ACC () |
{ |
if [ -d /etc/httpd ] ; then # Removing old Apache configuration |
echo -en "(1) : " |
rm -rf /etc/httpd/ && echo -n "1" |
else |
echo -en "(7) : " |
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, " |
[ -d /etc/freeradius-web ] && rm -rf /etc/freeradius-webl && echo -n "2, " |
[ -e /etc/php.ini.default ] && mv -f /etc/php.ini.default /etc/php.ini && echo -n "3, " |
[ -e /etc/lighttpd/lighttpd.conf.default ] && mv /etc/lighttpd/lighttpd.conf.default /etc/lighttpd/lighttpd.conf && echo -n "4, " |
[ -e /etc/lighttpd/modules.conf.default ] && mv /etc/lighttpd/modules.conf.default /etc/lighttpd/modules.conf && echo -n "5, " |
[ -e /etc/lighttpd/conf.d/fastcgi.conf.default ] && mv /etc/lighttpd/conf.d/fastcgi.conf.default /etc/lighttpd/conf.d/fastcgi.conf && echo -n "6, " |
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "7, " |
[ -e /etc/lighttpd/vhosts.d/alcasar.conf ] && rm -f /etc/lighttpd/vhosts.d/alcasar.conf && echo -n "8" |
fi |
echo -en "(8) : " |
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, " |
[ -d /etc/freeradius-web ] && rm -rf /etc/freeradius-webl && echo -n "2, " |
[ -e /etc/php.ini.default ] && mv -f /etc/php.ini.default /etc/php.ini && echo -n "3, " |
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "4, " |
[ -e /etc/lighttpd/lighttpd.conf.default ] && mv /etc/lighttpd/lighttpd.conf.default /etc/lighttpd/lighttpd.conf && echo -n "5, " |
[ -e /etc/lighttpd/modules.conf.default ] && mv /etc/lighttpd/modules.conf.default /etc/lighttpd/modules.conf && echo -n "6, " |
[ -e /etc/lighttpd/conf.d/fastcgi.conf.default ] && mv /etc/lighttpd/conf.d/fastcgi.conf.default /etc/lighttpd/conf.d/fastcgi.conf && echo -n "7, " |
[ -e /etc/lighttpd/vhosts.d/alcasar.conf ] && rm -f /etc/lighttpd/vhosts.d/alcasar.conf && echo -n "8" |
} |
CA () |
96,20 → 91,15 |
e2guardian () |
{ |
if [ -d /etc/dansguardian ] ; then # Removing old Dansguardian |
echo -en "(1) : " |
rm -rf /etc/dansguardian/ && echo -n "1" |
else |
echo -en "(8) : " |
[ -d /var/e2guardian ] && rm -rf /var/e2guardian && echo -n "1, " |
[ -e /etc/e2guardian/e2guardian.conf.default ] && mv /etc/e2guardian/e2guardian.conf.default /etc/e2guardian/e2guardian.conf && echo -n "2, " |
[ -e /etc/e2guardian/lists/bannedphraselist.default ] && mv /etc/e2guardian/lists/bannedphraselist.default /etc/e2guardian/lists/bannedphraselist && echo -n "3, " |
[ -e /etc/e2guardian/e2guardianf1.conf.default ] && mv /etc/e2guardian/e2guardianf1.conf.default /etc/e2guardian/e2guardianf1.conf && echo -n "4, " |
[ -e /etc/e2guardian/lists/bannedextensionlist.default ] && mv /etc/e2guardian/lists/bannedextensionlist.default /etc/e2guardian/lists/bannedextensionlist && echo -n "5, " |
[ -e /etc/e2guardian/lists/bannedmimetypelist.default ] && mv /etc/e2guardian/lists/bannedmimetypelist.default /etc/e2guardian/lists/bannedmimetypelist && echo -n "6, " |
[ -e /etc/e2guardian/lists/exceptioniplist.default ] && mv /etc/e2guardian/lists/exceptioniplist.default /etc/e2guardian/lists/exceptioniplist && echo -n "7, " |
[ -e /etc/e2guardian/lists/bannedsitelist.default ] && mv /etc/e2guardian/lists/bannedsitelist.default /etc/e2guardian/lists/bannedsitelist && echo -n "8" |
fi |
echo -en "(8) : " |
[ -d /var/e2guardian ] && rm -rf /var/e2guardian && echo -n "1, " |
[ -e /etc/e2guardian/e2guardian.conf.default ] && mv /etc/e2guardian/e2guardian.conf.default /etc/e2guardian/e2guardian.conf && echo -n "2, " |
[ -e /etc/e2guardian/lists/bannedphraselist.default ] && mv /etc/e2guardian/lists/bannedphraselist.default /etc/e2guardian/lists/bannedphraselist && echo -n "3, " |
[ -e /etc/e2guardian/e2guardianf1.conf.default ] && mv /etc/e2guardian/e2guardianf1.conf.default /etc/e2guardian/e2guardianf1.conf && echo -n "4, " |
[ -e /etc/e2guardian/lists/bannedextensionlist.default ] && mv /etc/e2guardian/lists/bannedextensionlist.default /etc/e2guardian/lists/bannedextensionlist && echo -n "5, " |
[ -e /etc/e2guardian/lists/bannedmimetypelist.default ] && mv /etc/e2guardian/lists/bannedmimetypelist.default /etc/e2guardian/lists/bannedmimetypelist && echo -n "6, " |
[ -e /etc/e2guardian/lists/exceptioniplist.default ] && mv /etc/e2guardian/lists/exceptioniplist.default /etc/e2guardian/lists/exceptioniplist && echo -n "7, " |
[ -e /etc/e2guardian/lists/bannedsitelist.default ] && mv /etc/e2guardian/lists/bannedsitelist.default /etc/e2guardian/lists/bannedsitelist && echo -n "8" |
} |
antivirus () |