33,18 → 33,19 |
# ACC : ALCASAR Control Center installation |
# CA : Certification Authority initialization |
# init_db : Initilization of radius database managed with MariaDB |
# param_radius : FreeRadius initialisation |
# param_web_radius : copy ans modifiy original "freeradius web" in ACC |
# param_chilli : coovachilli initialisation (+authentication page) |
# param_dansguardian : DansGuardian filtering HTTP proxy configuration |
# radius : FreeRadius initialisation |
# radius_web : copy ans modifiy original "freeradius web" in ACC |
# chilli : coovachilli initialisation (+authentication page) |
# dansguardian : DansGuardian filtering HTTP proxy configuration |
# antivirus : HAVP + libclamav configuration |
# param_nfsen : Configuration du grapheur nfsen pour apache |
# ulogd : log system in userland (match NFLOG target of iptables) |
# nfsen : : Configuration du grapheur nfsen pour apache |
# dnsmasq : Name server configuration |
# BL : BlackList of Toulouse configuration : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter) |
# cron : Logs export + watchdog + connexion statistics |
# fail2ban : Fail2ban installation and configuration |
# fail2ban : Fail2ban IDS installation and configuration |
# gammu_smsd : Autoregister addon via SMS (gammu-smsd) |
# post_install : Security, log rotation, etc. |
# gammu_smsd : Autoregister addon via SMS (gammu-smsd) |
|
DATE=`date '+%d %B %Y - %Hh%M'` |
DATE_SHORT=`date '+%d/%m/%Y'` |
98,9 → 99,8 |
echo " ALCASAR V$VERSION Installation" |
echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau" |
echo "-----------------------------------------------------------------------------" |
} # End of header_install () |
} |
|
|
################################################################## |
## Function "testing" ## |
## - Test of Mageia version ## |
308,7 → 308,7 |
fi |
rm -rf /tmp/con_ok.html |
echo ". : ok" |
} # end of testing |
} # end of testing () |
|
################################################################## |
## Function "init" ## |
753,7 → 753,7 |
EOF |
# Launch after coova |
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/httpd.service |
} # End of ACC() |
} # End of ACC () |
|
########################################################################################## |
## Fonction "CA" ## |
770,7 → 770,7 |
$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?" $FIC_VIRTUAL_SSL |
chown -R root:apache /etc/pki |
chmod -R 750 /etc/pki |
} # End CA () |
} # End of CA () |
|
########################################################################################## |
## Fonction "init_db" ## |
804,15 → 804,15 |
$SED "/ExecStartPost=/a ExecStartPost=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service |
$SED "/ExecStartPost=/a ExecStop=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service |
systemctl daemon-reload |
} # End init_db () |
} # End of init_db () |
|
########################################################################## |
## Fonction "param_radius" ## |
## Fonction "radius" ## |
## - Paramètrage des fichiers de configuration FreeRadius ## |
## - Affectation du secret partagé entre coova-chilli et freeradius ## |
## - Modification de fichier de conf pour l'accès à Mysql ## |
########################################################################## |
param_radius () |
radius () |
{ |
cp -f $DIR_CONF/radiusd-db-vierge.sql /etc/raddb/ |
chown -R radius:radius /etc/raddb |
866,14 → 866,14 |
[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default |
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service |
systemctl daemon-reload |
} # End param_radius () |
} # End radius () |
|
########################################################################## |
## Function "param_web_radius" ## |
## Function "radius_web" ## |
## - Import, modification et paramètrage de l'interface "dialupadmin" ## |
## - Création du lien vers la page de changement de mot de passe ## |
########################################################################## |
param_web_radius () |
radius_web () |
{ |
# copie de l'interface d'origine dans la structure Alcasar |
[ -d /usr/share/freeradius-web ] && cp -rf /usr/share/freeradius-web/* $DIR_ACC/manager/ |
925,14 → 925,14 |
ErrorDocument 404 https://$HOSTNAME.$DOMAIN |
</Directory> |
EOF |
} # End of param_web_radius () |
} # End of radius_web () |
|
################################################################################## |
## Fonction "param_chilli" ## |
## Fonction "chilli" ## |
## - Création du fichier d'initialisation et de configuration de coova-chilli ## |
## - Paramètrage de la page d'authentification (intercept.php) ## |
################################################################################## |
param_chilli () |
chilli () |
{ |
# chilli unit for systemd |
cat << EOF > /lib/systemd/system/chilli.service |
1096,13 → 1096,13 |
fi |
groupadd -f chilli |
useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli |
} # End of param_chilli () |
} # End of chilli () |
|
################################################################## |
## Fonction "param_dansguardian" ## |
## Fonction "dansguardian" ## |
## - Paramètrage du gestionnaire de contenu Dansguardian ## |
################################################################## |
param_dansguardian () |
dansguardian () |
{ |
mkdir /var/dansguardian |
chown dansguardian /var/dansguardian |
1146,7 → 1146,7 |
# Keep a copy of URL & domain filter configuration files |
[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default |
[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default |
} # End of param_dansguardian () |
} # End of dansguardian () |
|
################################################################## |
## Fonction "antivirus" ## |
1194,13 → 1194,13 |
$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf |
# update now |
/usr/bin/freshclam --no-warnings |
} |
} # End of antivirus () |
|
################################################################################## |
## function "param_ulogd" ## |
## function "ulogd" ## |
## - Ulog config for multi-log files ## |
################################################################################## |
param_ulogd () |
ulogd () |
{ |
# Three instances of ulogd (three different logfiles) |
[ -d /var/log/firewall ] || mkdir -p /var/log/firewall |
1222,13 → 1222,13 |
chown -R root:apache /var/log/firewall |
chmod 750 /var/log/firewall |
chmod 640 /var/log/firewall/* |
} # End of param_ulogd () |
} # End of ulogd () |
|
|
########################################################## |
## Function "param_nfsen" ## |
## Function "nfsen" ## |
########################################################## |
param_nfsen() |
nfsen() |
{ |
tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/ |
# Create a specific user and group |
1300,12 → 1300,12 |
# clear the installation |
cd $DirTmp |
rm -rf /tmp/nfsen-1.3.6p1/ |
} # End of param_nfsen |
} # End of nfsen () |
|
########################################################## |
## Function "param_dnsmasq" ## |
## Function "dnsmasq" ## |
########################################################## |
param_dnsmasq () |
dnsmasq () |
{ |
[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq |
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default |
1383,9 → 1383,13 |
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-whitelist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service |
<<<<<<< .mine |
} # End of dnsmasq() |
======= |
$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-blacklist.pid?g" /lib/systemd/system/dnsmasq-blacklist.service |
$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service |
} # End dnsmasq |
>>>>>>> .r1387 |
|
########################################################## |
## Fonction "BL" ## |
1691,9 → 1695,9 |
/sbin/chkconfig --add $i |
done |
# processes launched at boot time (Systemctl) |
for i in alcasar-load_balancing nfsen mysqld httpd ntpd iptables ulogd dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli |
for i in alcasar-load_balancing nfsen mysqld httpd ntpd iptables ulogd dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban |
do |
systemctl -q enable $i |
systemctl -q enable $i.service |
done |
# Apply French Security Agency (ANSSI) rules |
# ignore ICMP broadcast (smurf attack) |
1904,7 → 1908,7 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3` |
mode="update" |
fi |
for func in init network ACC CA init_db param_radius param_web_radius param_chilli param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron fail2ban gammu_smsd post_install |
for func in init network ACC CA init_db radius radius_web chilli dansguardian antivirus ulogd nfsen dnsmasq BL cron fail2ban gammu_smsd post_install |
do |
$func |
# echo "*** 'debug' : end of function $func ***"; read a |