BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 2993

  → / @ 2994

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 2993 → Rev 2994

/alcasar.sh
2130,7 → 2130,7
##################################################################
## "mail_service" ##
## - Install mail service for email registration method ##
## - Install Postfix conf for email registration method ##
##################################################################
mail_service()
{
2137,14 → 2137,14
[ -e /etc/postfix/main.cf.default ] || cp /etc/postfix/main.cf /etc/postfix/main.cf.default
cat << EOT >> /etc/postfix/main.cf
myhostname = $HOSTNAME.$DOMAIN
EOT
# Enable SASL authentication
smtp_sasl_auth_enable = yes
$SED "s?^smtp_sasl_auth_enable =.*?smtp_sasl_auth_enable = yes?g" /etc/postfix/main.cf
# Disallow methods that allow anonymous authentication
smtp_sasl_security_options = noanonymous
$SED "s?^smtp_sasl_security_options =.*?smtp_sasl_security_options = noanonymous?g" /etc/postfix/main.cf
# Location of sasl_passwd
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
EOT
# postfix banner anonymisation
$SED "s?^smtp_sasl_password_maps =.*?smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd?g" /etc/postfix/main.cf
# Banner anonymisation
$SED "s?^smtpd_banner =.*?smtpd_banner = \$myhostname ESMTP?g" /etc/postfix/main.cf
chown -R postfix:postfix /var/lib/postfix
} # end of mail_service

/conf/etc/alcasar-iptables-local.sh
67,13 → 67,14
# On autorise l'accès depuis Internet (multiports) vers un équipement du LAN (qui doit être en IP fixe)
# Access is allowed from Internet (multiports) to a LAN equipment (which must be in static IP)
#ext_ports=11223:11323; int_ports=11223:11323
#ext_ports=11223:11323; int_ports=12000:12100
#to_ip=192.168.182.7
#int_ports_dnat=`echo $int_ports|tr : -`
#ext_ports_dnat=`echo $ext_ports|tr : -`
#$IPTABLES -A PREROUTING -i $EXTIF -t nat -p tcp -d $PUBLIC_IP -m multiport --dports $ext_ports -j DNAT --to $to_ip:$int_ports_dnat
#$IPTABLES -A FORWARD -i $EXTIF -p tcp -d $to_ip -m multiport --dports $ext_ports -j ACCEPT
#$IPTABLES -A FORWARD -o $EXTIF -p tcp -s $to_ip -m multiport --sports $int_ports -j ACCEPT
#$IPTABLES -A FORWARD -i $EXTIF -p tcp -d $to_ip -m multiport --dports $int_ports -j ACCEPT
#$IPTABLES -A PREROUTING -i $INTIF -t nat -p tcp -s $to_ip -m multiport --sports $int_ports -j DNAT --to :$ext_ports_dnat
#$IPTABLES -A PREROUTING -i $EXTIF -t nat -p udp -d $PUBLIC_IP -m multiport --dports $ext_ports -j DNAT --to $to_ip:$int_ports_dnat
#$IPTABLES -A FORWARD -i $EXTIF -p udp -d $to_ip -m multiport --dports $ext_ports -j ACCEPT
#$IPTABLES -A FORWARD -o $EXTIF -p udp -s $to_ip -m multiport --sports $int_ports -j ACCEPT
#$IPTABLES -A FORWARD -i $EXTIF -p udp -d $to_ip -m multiport --dports $int_ports -j ACCEPT
#$IPTABLES -A PREROUTING -i $INTIF -t nat -p udp -s $to_ip -m multiport --sports $int_ports -j DNAT --to :$ext_ports_dnat

/conf/sudoers
15,24 → 15,24
# Cmnd alias specification
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh,/usr/local/bin/alcasar-network.sh,/usr/local/bin/alcasar-list-ip_gw.sh # network commands
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # manage users in command line
Cmnd_Alias SQL=/usr/local/bin/alcasar-mysql.sh # export users database
Cmnd_Alias SQL=/usr/local/bin/alcasar-mysql.sh # export users database
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # create conf backup file
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # export/save the log files
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # export/save the log files
Cmnd_Alias BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter_wl.sh,/usr/local/bin/alcasar-url_filter_bl.sh # manage the filtering system
Cmnd_Alias NF=/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # manage the firewall
Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # disconnect the users
Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # manage the trusted websites (uamallowed)
Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # disconnect the users
Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # manage the trusted websites (uamallowed)
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # manage the linux services
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # manage the SMS subsystem
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # manage the SMS subsystem
Cmnd_Alias SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh,/usr/local/bin/alcasar-ldap.sh --import-cert * # manage the certificates
Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # manage htdigest groups
Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # manage htdigest groups
Cmnd_Alias LOG_GEN=/usr/local/bin/alcasar-generate_log.sh # create log PDF from ACC
Cmnd_Alias LDAP=/usr/local/bin/alcasar-ldap.sh # enable/disable LDAP connection
Cmnd_Alias IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh # enable/disable raw capture of Iot (pcap) --> in activity ACC page
Cmnd_Alias WIFI4EU=/usr/local/bin/alcasar-wifi4eu.sh # enable/disable wifi4eu integration (logo + snippet)
Cmnd_Alias MAIL_SERVICE=/usr/bin/bash,/usr/local/bin/alcasar-mail-install-V2.sh,/usr/local/bin/alcasar-iptables.sh,/usr/local/etc/alcasar-iptables-local.sh # Service mail commands to execute with web server
Cmnd_Alias LDAP=/usr/local/bin/alcasar-ldap.sh # enable/disable LDAP connection
Cmnd_Alias IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh # enable/disable raw capture of Iot (pcap) --> in activity ACC page
Cmnd_Alias WIFI4EU=/usr/local/bin/alcasar-wifi4eu.sh # enable/disable wifi4eu integration (logo + snippet)
Cmnd_Alias MAIL_SERVICE=/usr/local/bin/alcasar-mail-install.sh # manage mail service
# Defaults specification
# Defaults syslog=auth

/scripts/alcasar-mail-install.sh
10,6 → 10,7
# ****** Paths - chemin des commandes *******
SED="/bin/sed -i"
CONF_FILE="/usr/local/etc/alcasar.conf"
POSTFIX_CONF_FILE="/etc/postfix/main.cf"
LOCAL_IPTABLE_FILE="/usr/local/etc/alcasar-iptables-local.sh"
saslPath="/etc/postfix/sasl"
smtpIP="0.0.0.0/0"
70,7 → 71,7
esac
done
fi
if [[ $TYPE_MAIL -eq 0 ]]; then # idesable mail service
if [[ $TYPE_MAIL -eq 0 ]]; then # disable mail service
$SED "s/^MAIL=.*/MAIL=off/" $CONF_FILE
$SED "s/^MAIL_TYPE=.*/MAIL_TYPE=/" $CONF_FILE
$SED "s/^MAIL_SMTP=.*/MAIL_SMTP=/" $CONF_FILE
80,13 → 81,27
$SED "s/^MAIL_WHITEDOMAIN=.*/MAIL_WHITEDOMAINE=/" $CONF_FILE
$SED "s/^MAIL_ADMIN=.*/MAIL_ADMIN=/" $CONF_FILE
$SED "/^SMTP_IP/ s/^/#/" $LOCAL_IPTABLE_FILE
$SED "/^SMTP_PORT/ s/^/#/g" $LOCAL_IPTABLE_FILE
$SED "/^\$IPTABLES -A OUTPUT -p tcp -d \$SMTP_IP/ s/^/#/" $LOCAL_IPTABLE_FILE
$SED "/^SMTP_PORT/ s/^/#/g" $LOCAL_IPTABLE_FILE
$SED "/^\$IPTABLES -A INPUT -p tcp -s \$SMTP_IP/ s/^/#/g" $LOCAL_IPTABLE_FILE
elif [[ $TYPE_MAIL -eq 2 ]]; then
$SED "s/^relayhost =.*/relayhost =/g" $POSTFIX_CONF_FILE
elif [[ $TYPE_MAIL -eq 2 ]]; then # relay to an extern mail server
echo "relayhost = [${smtp}]:${port}" >> /etc/postfix/main.cf
elif [[ $TYPE_MAIL -eq 3 ]]; then
echo "relayhost = [${smtp}]:${port}" >> /etc/postfix/main.cf
elif [[ $TYPE_MAIL -eq 3 ]]; then # use an email address
$SED "s/^MAIL=.*/MAIL=on/" $CONF_FILE
$SED "s/^MAIL_TYPE=.*/MAIL_TYPE=3/" $CONF_FILE
$SED "s/^MAIL_SMTP=.*/MAIL_SMTP=/" $CONF_FILE
$SED "s/^MAIL_SMTP_IP=.*/MAIL_SMTP_IP=$smtp/" $CONF_FILE
$SED "s/^MAIL_PORT=.*/MAIL_PORT=$port/" $CONF_FILE
$SED "s/^MAIL_ADDR=.*/MAIL_ADDR=$mailAddr/" $CONF_FILE
$SED "s/^MAIL_WHITEDOMAIN=.*/MAIL_WHITEDOMAINE=$whiteDomain/" $CONF_FILE
$SED "s/^MAIL_ADMIN=.*/MAIL_ADMIN=$adminMail/" $CONF_FILE
$SED "/^SMTP_IP/ s/^/SMTP_IP=$port/" $LOCAL_IPTABLE_FILE
$SED "/^SMTP_PORT/ s/^/SMTP_PORT=$port/g" $LOCAL_IPTABLE_FILE
$SED "/^\$IPTABLES -A OUTPUT -p tcp -d \$SMTP_IP/ s/^/#/" $LOCAL_IPTABLE_FILE
$SED "/^\$IPTABLES -A INPUT -p tcp -s \$SMTP_IP/ s/^/#/g" $LOCAL_IPTABLE_FILE
$SED "s/^relayhost =.*/relayhost =/g" $POSTFIX_CONF_FILE
$SED "s/^relayhost =.*/relayhost = $smtp:$port/g" $POSTFIX_CONF_FILE
[ -d ${saslPath} ] || mkdir ${saslPath}
echo "[${smtp}]:${port} ${mailAddr}:${mailMdp}" > ${saslPath}/sasl_passwd
postmap ${saslPath}/sasl_passwd

/web/acc/manager/htdocs/user_by_email.php
197,7 → 197,7
}
}
else { // switch email registation off
exec("/usr/local/bin/alcasar-mail-install.sh -0");
exec("sudo /usr/local/bin/alcasar-mail-install.sh -0");
}
header("Refresh:0");
exit;