WebSVN – ALCASAR – Path Comparison – / – /alcasar.sh Rev 1392 and /alcasar.sh Rev 1393

Ignore whitespace Rev 1392 → Rev 1393

 /alcasar.sh
 ,9 → 1164,13
         groupadd -f havp
         useradd -r -g havp -s /bin/false -c "system user for havp" havp
         mkdir -p /var/tmp/havp /var/log/havp /var/run/havp
+        mkdir -p /var/tmp/havp2 /var/log/havp2
         chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
+        chown -R havp /var/tmp/havp2 /var/log/havp2
         [ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
         $SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
+        $SED "s?^# PIDFILE.*?PIDFILE /var/run/havp/havp.pid?g" /etc/havp/havp.config    # pidfile
+        $SED "s?^# TRANSPARENT.*?TRANSPARENT false?g" /etc/havp/havp.config             # transparent mode
         $SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config                            # datas come on 8090
         $SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config       # we listen only on loopback
         $SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config   # Log format
 ,6 → 1179,11
         $SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config              # 10 daemons are started simultaneously
         $SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config               # doesn't scan image files
         $SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
+        cp /etc/havp/havp.config /etc/havp/havp2.config
+        $SED "s?^PIDFILE.*?PIDFILE /var/run/havp/havp2.pid?g" /etc/havp/havp2.config    # pidfile
+        $SED "s?^TRANSPARENT.*?TRANSPARENT true?g" /etc/havp/havp2.config               # transparent mode
+        $SED "s?^PORT.*?PORT 8091?g" /etc/havp/havp2.config                             # datas come on 8091
+        $SED "s?^BIND_ADDRESS.*?BIND_ADDRESS 192.168.182.1?g" /etc/havp/havp2.config    # we listen only on tun0
 # skip checking of youtube flow (too heavy load / risk too low)
         [ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
         echo "# Whitelist youtube flow" >> /etc/havp/whitelist
 ,6 → 1191,21
 # replacement of init script
         [ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
         cp -f $DIR_CONF/havp-init /etc/init.d/havp
+        cp /etc/init.d/havp /etc/init.d/havp2
+        $SED "s?^# description.*?# description: starts HAVP2 the High Availability Antivirus Proxy?g" /etc/init.d/havp2         # description
+        $SED "s?^HAVP_CONFIG.*?HAVP_CONFIG=/etc/havp/havp2.config?g" /etc/init.d/havp2                                          # config file
+        $SED "s?^PIDFILE.*?PIDFILE=/var/run/havp/havp2.pid?g" /etc/init.d/havp2                                                 # pidfile
+        $SED "s?^NAME.*?NAME=havp2?g" /etc/init.d/havp2                                                                         # name
+        $SED "s?^DESC.*?DESC=havp2?g" /etc/init.d/havp2                                                                         # desc
+        #$SED "s?if [ -f /etc/sysconfig/havp ] ; then.*?if [ -f /etc/sysconfig/havp2 ] ; then?g" /etc/init.d/havp2              # defaults
+        #$SED "s?. /etc/sysconfig/havp.*?. /etc/sysconfig/havp2?g" /etc/init.d/havp2                                            # defaults
+        $SED "s?^havp_mountpoint.*?havp_mountpoint=/var/tmp/havp2?g" /etc/init.d/havp2                                          # mountpoint
+        $SED "s?echo \"Reloading HAVP ...\".*?echo \"Reloading HAVP2 ...\"?g" /etc/init.d/havp2                                 # reloading havp
+        $SED "s?echo \"Error: HAVP not running\".*?echo \"Error : HAVP2 not running\"?g" /etc/init.d/havp2                      # error havp
+        $SED "s?echo \"Error: HAVP not running or PIDFILE not readable\".*?echo \"Error : HAVP2 not running or PIDFILE not readable\"?g" /etc/init.d/havp2 # error havp
+        $SED "s?echo \"Error: HAVP not running or PIDFILE unreadable\".*?echo \"Error : HAVP2 not running or PIDFILE unreadable\"?g" /etc/init.d/havp2 # error havp
+        $SED "s?echo \"Shutting down HAVP ...\".*?echo \"Shutting down HAVP2 ...\"?g" /etc/init.d/havp2                         # shutting down havp
+        $SED "s?status havp.*?status havp2?g" /etc/init.d/havp2                                                                 # status havp
 # replace of the intercept page (template)
         cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
         cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
 ,15 → 1254,16
 ##########################################################
 nfsen()
 {
-        tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
+        tar xzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
 # Create a specific user and group
-        [ `grep "^www-data:" /etc/group | wc -l` == 1 ] || groupadd www-data
-        [ `grep "^nfsen:" /etc/passwd | wc -l` == 1 ] || useradd -r -g nfsen -s /bin/false -c "system user for the grapher nfsen" nfsen
+        [ `grep "^apache:" /etc/group | wc -l` == 1 ] || groupadd apache
+        #[ `grep "^nfsen:" /etc/passwd | wc -l` == 1 ] || useradd -r -g nfsen -s /bin/false -c "system user for the grapher nfsen" nfsen
         groupadd -f chilli
 # Add PortTracker plugin
         mkdir -p /var/www/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
-        chown -R nfsen:www-data /var/www/nfsen
+        chown -R apache:apache /var/www/nfsen
         chown -R apache:apache /usr/share/nfsen
+        chown -R apache:apache /var/log/netflow
         cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
 # use of our conf file and init unit
         cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
 ,7 → 1276,7
         cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
         cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
         [ -d /var/log/netflow/porttracker ] || sudo -u apache nftrack -I -d /var/log/netflow/porttracker
-        chown -R apache:www-data /var/log/netflow/porttracker/
+        chown -R apache:apache /var/log/netflow/porttracker/
         chmod -R 775 /var/log/netflow/porttracker
 # Apache conf file
         rm -f /etc/httpd/conf/conf.d/nfsen.conf
 ,9 → 1310,12
 [Service]
 Type=oneshot
 RemainAfterExit=yes
+PIDFile=/var/run/nfsen/nfsen.pid
+ExecStartPre=/bin/mkdir -p /var/run/nfsen
+ExecStartPre=/bin/chown apache:apache /var/run/nfsen
 ExecStart=/usr/bin/nfsen start
 ExecStop=/usr/bin/nfsen stop
-ExecRestart=/usr/bin/nfsen restart
+ExecReload=/usr/bin/nfsen restart
 TimeoutSec=0
 [Install]
 ,9 → 1322,10
 WantedBy=multi-user.target
 EOF
 # Add the listen port to collect netflow packet (nfcapd)
-$SED s?'\$ziparg $extensions.*?\$ziparg $extensions -b 127.0.0.1";'?g /usr/libexec/NfSenRC.pm
+$SED "s?'\$ziparg $extensions.*?\$ziparg $extensions -b 127.0.0.1;'?g" /usr/libexec/NfSenRC.pm
 # expire delay for the profile "live"
-        nfsen -m live -e 62d 2>/dev/null
+        systemctl start nfsen
+        /bin/nfsen -m live -e 62d 2>/dev/null
 # clear the installation
         cd $DirTmp
         rm -rf /tmp/nfsen-1.3.6p1/
 ,7 → 1724,7
                 /sbin/chkconfig --add $i
         done
 # processes launched at boot time (Systemctl)
-        for i in alcasar-load_balancing nfsen mysqld httpd ntpd iptables ulogd dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban
+        for i in alcasar-load_balancing mysqld httpd ntpd iptables ulogd dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban
         do
                 systemctl -q enable $i.service
         done

Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1392 → Rev 1393