Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1357 → Rev 1358

/alcasar.sh
776,9 → 776,10
[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default
cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf
chown -R radius:radius /etc/raddb/sql/mysql/*
# insures that mysql is up before radius start
[ -e $SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
 
# make certain that mysql is up before radius start
[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
systemctl daemon-reload
} # End param_radius ()
 
##########################################################################
1043,7 → 1044,7
##################################################################
antivirus ()
{
# création de l'usager 'havp'
# create 'havp' user
havp_exist=`grep havp /etc/passwd|wc -l`
if [ "$havp_exist" == "1" ]
then
1054,7 → 1055,6
useradd -r -g havp -s /bin/false -c "system user for havp" havp
mkdir -p /var/tmp/havp /var/log/havp
chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
# configuration d'HAVP
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090
1069,19 → 1069,19
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
echo "# Whitelist youtube flow" >> /etc/havp/whitelist
echo "*.youtube.com/*" >> /etc/havp/whitelist
# remplacement du fichier d'initialisation
# replacement of init script
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
# if keep old init file :
cp -f $DIR_CONF/havp-init /etc/init.d/havp
# replace the on remplace la page d'interception (template)
# replace of the intercept page (template)
cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
# update virus database every 2 hours (24h/12)
# update virus database every 4 hours (24h/6)
[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
$SED "/^DatabaseMirror/i DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
$SED "/^DatabaseMirror/i DatabaseMirror switch.clamav.net" /etc/freshclam.conf
$SED "/^DatabaseMirror db.fr.clamav.net/i DatabaseMirror switch.clamav.net" /etc/freshclam.conf
$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
# Copy of the main virus database
rm -f /var/lib/clamav/*.cld # in case of old database scheme
cp -f $DIR_CONF/clamav-main.cvd /var/lib/clamav/main.cvd
1095,9 → 1095,11
param_ulogd ()
{
# Three instances of ulogd (three different logfiles)
cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-ssh.service /lib/systemd/system/ulogd-ext-access.service
mv /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-traceability.service
[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
nl=1
for log_type in tracability ssh ext-access
for log_type in traceability ssh ext-access
do
[ -e /var/log/firewall/$log_type.log ] || touch /var/log/firewall/$log_type.log
cp -f /etc/ulogd.conf /etc/ulogd-$log_type.conf
1108,13 → 1110,12
file="/var/log/firewall/$log_type.log"
sync=1
EOF
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -C /etc/ulogd-$log_type.conf?g" /lib/systemd/system/ulogd-$log_type.service
nl=`expr $nl + 1`
done
chown -R root:apache /var/log/firewall
chmod 750 /var/log/firewall
chmod 640 /var/log/firewall/*
[ -e /etc/init.d/ulogd.default ] || cp /etc/init.d/ulogd /etc/init.d/ulogd.default
cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd
} # End of param_ulogd ()
 
 
1265,7 → 1266,7
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service /lib/systemd/system/dnsmasq-whitelist.service
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
# Start after chilli which create tun0
# TODO Start after chilli which create tun0
# $SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq
} # End dnsmasq
 
1447,9 → 1448,9
echo "QOS=off" >> $CONF_FILE
echo "LDAP=off" >> $CONF_FILE
echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
echo "DNS_FILTERING=off" >> $CONF_FILE
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE # TODO to remove
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE # TODO to remove
echo "DNS_FILTERING=off" >> $CONF_FILE # TODO to remove
echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE
echo "MULTIWAN=off" >> $CONF_FILE
echo "FAILOVER=30" >> $CONF_FILE
1500,7 → 1501,7
WantedBy=multi-user.target
EOF
# processes launched at boot time (SYSV)
for i in chilli netfs havp
for i in chilli havp
do
/sbin/chkconfig --add $i
done