BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /alcasar.sh @ 1341

  → /alcasar.sh @ 1342

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 1341 → Rev 1342

/alcasar.sh
20,7 → 20,7
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
#
# Coovachilli, freeradius, mariaDB, apache, netfilter, squid, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav, Ulog, fail2ban, NFsen and NFdump
# Coovachilli, freeradius, mariaDB, apache, netfilter, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav, Ulog, fail2ban, NFsen and NFdump
# Options :
# -i or --install
36,7 → 36,6
# param_radius : FreeRadius initialisation
# param_web_radius : copy ans modifiy original "freeradius web" in ACC
# param_chilli : coovachilli initialisation (+authentication page)
# param_squid : Squid cache proxy configuration
# param_dansguardian : DansGuardian filtering HTTP proxy configuration
# antivirus : HAVP + libclamav configuration
# param_nfsen : Configuration du grapheur nfsen pour apache
101,11 → 100,21
##################################################################
## Function "testing" ##
## - Test of free space on /var (>10G) ##
## - Test of Internet access ##
##################################################################
testing ()
{
if [ $Lang == "fr" ]
free_space=`df -BG --output=avail /var|tail -1|tr -d [:space:]G`
if [ $free_space -lt 10 ]
then
if [ $Lang == "fr" ]
then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)"
else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"
fi
exit 0
fi
if [ $Lang == "fr" ]
then echo -n "Tests des paramètres réseau : "
else echo -n "Network parameters tests : "
fi
502,7 → 511,7
$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
chown -R apache:apache $DIR_WEB/*
for i in system_backup base logs/firewall logs/httpd logs/squid logs/security;
for i in system_backup base logs/firewall logs/httpd logs/security;
do
[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
done
976,45 → 985,6
groupadd -f chilli
useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
} # End of param_chilli ()
##########################################################
## Fonction "param_squid" ##
## - Paramètrage du proxy 'squid' en mode 'cache' ##
## - Initialisation de la base de données ##
##########################################################
param_squid ()
{
# paramètrage de Squid (connecté en série derrière Dansguardian)
[ -e /etc/squid/squid.conf.default ] || cp /etc/squid/squid.conf /etc/squid/squid.conf.default
# suppression des références 'localnet', 'icp', 'htcp' et 'always_direct'
$SED "/^acl localnet/d" /etc/squid/squid.conf
$SED "/^icp_access allow localnet/d" /etc/squid/squid.conf
$SED "/^icp_port 3130/d" /etc/squid/squid.conf
$SED "/^http_access allow localnet/d" /etc/squid/squid.conf
$SED "/^htcp_access allow localnet/d" /etc/squid/squid.conf
$SED "/^always_direct allow localnet/d" /etc/squid/squid.conf
# mode 'proxy transparent local'
$SED "s?^http_port.*?http_port 127.0.0.1:3128 transparent?g" /etc/squid/squid.conf
# Configuration du cache local
$SED "s?^#cache_dir.*?cache_dir ufs \/var\/spool\/squid 256 16 256?g" /etc/squid/squid.conf
# désactivation des "access log"
echo '#Disable access log' >> /etc/squid/squid.conf
echo "access_log none" >> /etc/squid/squid.conf
# anonymisation of squid version
echo "via off" >> /etc/squid/squid.conf
# remove the 'X_forwarded' http option
echo "forwarded_for delete" >> /etc/squid/squid.conf
# linked squid output in HAVP input
echo "cache_peer 127.0.0.1 parent 8090 0 no-query default" >> /etc/squid/squid.conf
echo "never_direct allow all" >> /etc/squid/squid.conf
# avoid error messages on network interfaces state changes
$SED "s?^SQUID_AUTO_RELOAD.*?SQUID_AUTO_RELOAD=no?g" /etc/sysconfig/squid
# reduce squid shutdown time (100 to 50)
$SED "s?^SQUID_SHUTDOWN_TIMEOUT.*?SQUID_SHUTDOWN_TIMEOUT=50?g" /etc/sysconfig/squid
# Squid cache init
/usr/sbin/squid -z
} # End of param_squid ()
##################################################################
## Fonction "param_dansguardian" ##
1031,8 → 1001,8
$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
# Listen only on LAN side
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
# DG send its flow to SQUID
$SED "s?^proxyport.*?proxyport = 3128?g" $DIR_DG/dansguardian.conf
# DG send its flow to HAVP
$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf
# replace the default deny HTML page
cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
1471,13 → 1441,13
[ -e /etc/sudoers.default ] || cp /etc/sudoers /etc/sudoers.default
cp -f $DIR_CONF/sudoers /etc/. ; chmod 440 /etc/sudoers ; chown root:root /etc/sudoers
$SED "s?^Host_Alias.*?Host_Alias LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost #réseau de l'organisme?g" /etc/sudoers
# prise en compte de la rotation des logs sur 1 an (concerne mysql, httpd, dansguardian, squid, radiusd, ulogd)
# prise en compte de la rotation des logs sur 1 an (concerne mysql, httpd, dansguardian, radiusd, ulogd)
cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
chmod 644 /etc/logrotate.d/*
# rectification sur versions précédentes de la compression des logs
$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
# actualisation des fichiers logs compressés
for dir in firewall squid dansguardian httpd
for dir in firewall dansguardian httpd
do
find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
done
1507,7 → 1477,7
WantedBy=multi-user.target
EOF
# processes launched at boot time (SYSV)
for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam
for i in ntpd iptables ulogd dnsmasq chilli httpd radiusd netfs mysqld dansguardian havp freshclam
do
/sbin/chkconfig --add $i
done
1744,12 → 1714,12
fi
fi
# RPMs install
echo "STOP" ; read a
$DIR_SCRIPTS/alcasar-urpmi.sh
if [ "$?" != "0" ]
then
exit 0
fi
echo "STOP" ; read a
if [ -e $CONF_FILE ]
then
# Uninstall the running version
1795,7 → 1765,7
else
mode="install"
fi
for func in init network ACC CA init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron fail2ban post_install
for func in init network ACC CA init_db param_radius param_web_radius param_chilli param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron fail2ban post_install
do
$func
# echo "*** 'debug' : end of function $func ***"; read a