776,9 → 776,10 |
[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default |
cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf |
chown -R radius:radius /etc/raddb/sql/mysql/* |
# insures that mysql is up before radius start |
[ -e $SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service |
|
# make certain that mysql is up before radius start |
[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default |
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service |
systemctl daemon-reload |
} # End param_radius () |
|
########################################################################## |
1043,7 → 1044,7 |
################################################################## |
antivirus () |
{ |
# création de l'usager 'havp' |
# create 'havp' user |
havp_exist=`grep havp /etc/passwd|wc -l` |
if [ "$havp_exist" == "1" ] |
then |
1054,7 → 1055,6 |
useradd -r -g havp -s /bin/false -c "system user for havp" havp |
mkdir -p /var/tmp/havp /var/log/havp |
chown -R havp /var/tmp/havp /var/log/havp /var/run/havp |
# configuration d'HAVP |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090 |
1069,19 → 1069,19 |
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default |
echo "# Whitelist youtube flow" >> /etc/havp/whitelist |
echo "*.youtube.com/*" >> /etc/havp/whitelist |
# remplacement du fichier d'initialisation |
# replacement of init script |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default |
# if keep old init file : |
cp -f $DIR_CONF/havp-init /etc/init.d/havp |
# replace the on remplace la page d'interception (template) |
# replace of the intercept page (template) |
cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html |
cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html |
# update virus database every 2 hours (24h/12) |
# update virus database every 4 hours (24h/6) |
[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default |
$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf |
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf |
$SED "/^DatabaseMirror/i DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf |
$SED "/^DatabaseMirror/i DatabaseMirror switch.clamav.net" /etc/freshclam.conf |
$SED "/^DatabaseMirror db.fr.clamav.net/i DatabaseMirror switch.clamav.net" /etc/freshclam.conf |
$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf |
# Copy of the main virus database |
rm -f /var/lib/clamav/*.cld # in case of old database scheme |
cp -f $DIR_CONF/clamav-main.cvd /var/lib/clamav/main.cvd |
1095,9 → 1095,11 |
param_ulogd () |
{ |
# Three instances of ulogd (three different logfiles) |
cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-ssh.service /lib/systemd/system/ulogd-ext-access.service |
mv /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-traceability.service |
[ -d /var/log/firewall ] || mkdir -p /var/log/firewall |
nl=1 |
for log_type in tracability ssh ext-access |
for log_type in traceability ssh ext-access |
do |
[ -e /var/log/firewall/$log_type.log ] || touch /var/log/firewall/$log_type.log |
cp -f /etc/ulogd.conf /etc/ulogd-$log_type.conf |
1108,13 → 1110,12 |
file="/var/log/firewall/$log_type.log" |
sync=1 |
EOF |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -C /etc/ulogd-$log_type.conf?g" /lib/systemd/system/ulogd-$log_type.service |
nl=`expr $nl + 1` |
done |
chown -R root:apache /var/log/firewall |
chmod 750 /var/log/firewall |
chmod 640 /var/log/firewall/* |
[ -e /etc/init.d/ulogd.default ] || cp /etc/init.d/ulogd /etc/init.d/ulogd.default |
cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd |
} # End of param_ulogd () |
|
|
1265,7 → 1266,7 |
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service /lib/systemd/system/dnsmasq-whitelist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service |
# Start after chilli which create tun0 |
# TODO Start after chilli which create tun0 |
# $SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq |
} # End dnsmasq |
|
1447,9 → 1448,9 |
echo "QOS=off" >> $CONF_FILE |
echo "LDAP=off" >> $CONF_FILE |
echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE |
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE |
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE |
echo "DNS_FILTERING=off" >> $CONF_FILE |
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE # TODO to remove |
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE # TODO to remove |
echo "DNS_FILTERING=off" >> $CONF_FILE # TODO to remove |
echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE |
echo "MULTIWAN=off" >> $CONF_FILE |
echo "FAILOVER=30" >> $CONF_FILE |
1500,7 → 1501,7 |
WantedBy=multi-user.target |
EOF |
# processes launched at boot time (SYSV) |
for i in chilli netfs havp |
for i in chilli havp |
do |
/sbin/chkconfig --add $i |
done |