WebSVN – ALCASAR – Path Comparison – / – /alcasar.sh Rev 1364 and /alcasar.sh Rev 1365

Ignore whitespace Rev 1364 → Rev 1365

 /alcasar.sh
 ,15 → 136,18
                         mode="update"
                 fi
         else
-                free_space=`df -BG --output=avail /var|tail -1|tr -d [:space:]G`
-                if [ $free_space -lt 10 ]
-                then
-                        if [ $Lang == "fr" ]
-                                then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)"
-                                else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"
+                if [ ! -d /var/log/netflow/porttracker ]
+                        then
+                        free_space=`df -BG --output=avail /var|tail -1|tr -d [:space:]G`
+                        if [ $free_space -lt 10 ]
+                                then
+                                if [ $Lang == "fr" ]
+                                        then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)"
+                                        else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"
+                                fi
+                        exit 0
                         fi
-                exit 0
-                fi
+                fi
         fi
 if [ $Lang == "fr" ]
                 then echo -n "Tests des paramètres réseau : "
 ,14 → 1128,12
 param_ulogd ()
 {
 # Three instances of ulogd (three different logfiles)
-        cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-ssh.service
-        cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-ext-access.service
-        mv /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-traceability.service
         [ -d /var/log/firewall ] || mkdir -p /var/log/firewall
         nl=1
         for log_type in traceability ssh ext-access
         do
-                [ -e /var/log/firewall/$log_type.log ] || touch /var/log/firewall/$log_type.log
+                [ -e /lib/systemd/system/ulogd-$log_type.service ] || cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-$log_type.service
+                /var/log/firewall/$log_type.log ] || touch /var/log/firewall/$log_type.log
                 cp -f /etc/ulogd.conf /etc/ulogd-$log_type.conf
                 $SED "s?^nlgroup=.*?nlgroup=$nl?g" /etc/ulogd-$log_type.conf
                 $SED '/OPRINT/,$d' /etc/ulogd-$log_type.conf
 ,46 → 1156,32
 ##########################################################
 param_nfsen()
 {
-#Decompression tarball
         tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
-#Création groupe et utilisteur
-        if grep "^www-data:" /etc/group > /dev/null; then
-                echo "Group already exists !"
-        else
-                groupadd www-data
-                echo "Group 'www-data' created !"
-        fi
-        if grep "^nfsen:" /etc/passwd > /dev/null; then
-                echo "User already exists !"
-        else
-                useradd -m nfsen
-                echo "User 'nfsen' created !"
-        fi
+# Create a specific user and group
+        [ `grep "^www-data:" /etc/group | wc -l` == 1 ] || groupadd www-data
+        [ `grep "^nfsen:" /etc/passwd | wc -l` == 1 ] || useradd -m nfsen
         usermod -G www-data nfsen
-#Ajout du plugin nfsen : PortTracker
+# Add PortTracker plugin
         mkdir -p /var/www/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
         chown -R nfsen:www-data /var/www/nfsen
         chown -R apache:apache /usr/share/nfsen /var/log/netflow/porttracker
         cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
-#Copie du fichier de conf modifié de nfsen
+# use of our conf file and init unit
         cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
-#Copie du script d'initialisation de nfsen
         cp $DIR_CONF/nfsen/nfsen.service /lib/systemd/system/
-#Installation de nfsen via le scrip Perl
+# Installation of nfsen
         DirTmp=$(pwd)
         cd /tmp/nfsen-1.3.6p1/
-        /usr/bin/perl5 install.pl etc/nfsen.conf #script lancé deux fois pour corriger,
-        /usr/bin/perl5 install.pl etc/nfsen.conf #un problème Perl : "Semaphore introuvable"
-#Création de la DB pour rrdtool
+        /usr/bin/perl5 install.pl etc/nfsen.conf
+        /usr/bin/perl5 install.pl etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable"
+# Create RRD DB for porttracker (only in it still doesn't exist)
         cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
         cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
-        sudo -u apache nftrack -I -d /var/log/netflow/porttracker
+        [ d /var/log/netflow/porttracker ] || sudo -u apache nftrack -I -d /var/log/netflow/porttracker
         chown -R apache:www-data /var/log/netflow/porttracker/
         chmod -R 775 /var/log/netflow/porttracker
-#Configuration du fichier de conf d'apache
-        if [ -f /etc/httpd/conf/conf.d/nfsen.conf ];then
-                rm -f /etc/httpd/conf/conf.d/nfsen.conf
-        fi
+# Apache conf file
+        rm -f /etc/httpd/conf/conf.d/nfsen.conf
         cat <<EOF >> /etc/httpd/conf/conf.d/nfsen.conf
 Alias /nfsen /var/www/nfsen
 <Directory /var/www/nfsen/>
 ,11 → 1195,11
 php_flag track_vars on
 </Directory>
 EOF
-#Ajout du paramètre : IP d'écoute pour le collecteur (nfcapd)
+# Add the listen port to collect netflow packet (nfcapd)
 $SED s?'\$ziparg $extensions.*?\$ziparg $extensions -b 127.0.0.1";'?g /usr/libexec/NfSenRC.pm
-#Configuration du délais d'expiration des captures du profile "live"
+# expire delay for the profile "live"
         nfsen -m live -e 62d 2>/dev/null
-#Suppression des sources de nfsen
+# clear the installation
         cd $DirTmp
         rm -rf /tmp/nfsen-1.3.6p1/
 } # End of param_nfsen
 ,8 → 1283,8
 # Create dnsmasq-blacklist and dnsmasq-whitelist unit
         cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service
         cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-whitelist.service
-        $SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service
-        $SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
+        $SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service
+        $SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
 # TODO Start after chilli which create tun0
 #       $SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq
 } # End dnsmasq
 ,8 → 1525,7
                 /sbin/chkconfig --add $i
         done
 # processes launched at boot time (Systemctl)
-        for i in alcasar-load_balancing nfsen mysqld httpd ntpd iptables ulogd dnsmasq radiusd dansguardian freshclam
+        for i in alcasar-load_balancing nfsen mysqld httpd ntpd iptables ulogd dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access
         do
                 systemctl -q enable $i
         done
 ,7 → 1562,7
         $SED "/^kernel/s/BOOT_IMAGE=linux /BOOT_IMAGE=linux-nonfb /" /boot/grub/menu.lst
         $SED "/^gfxmenu/d" /boot/grub/menu.lst
 # Remove unused services and users
-        for svc in sshd.service
+        for svc in sshd.service alsa-state
         do
                 /bin/systemctl -q disable $svc
         done

Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1364 → Rev 1365