BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /alcasar.sh @ 2192

  → /alcasar.sh @ 2195

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 2192 → Rev 2195

/alcasar.sh
1863,22 → 1863,19
} # END gammu_smsd()
##################################################################
## Fonction "post_install" ##
## - Modification des bannières (locales et ssh) et des prompts ##
## - Installation de la structure de chiffrement pour root ##
## - Mise en place du sudoers et de la sécurité sur les fichiers##
## - Mise en place du la rotation des logs ##
## - Configuration dans le cas d'une mise à jour ##
##################################################################
##########################################################
## Fonction "post_install" ##
## - Modifying banners (locals et ssh) & prompts ##
## - SSH config ##
## - sudoers config & files security ##
## - log rotate & ANSSI security parameters ##
## - Apply former conf in case of an update ##
##########################################################
post_install()
{
# création de la bannière locale
[ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default
cp -f $DIR_CONF/banner /etc/mageia-release
echo " V$VERSION" >> /etc/mageia-release
# création de la bannière SSH
cp /etc/mageia-release /etc/ssh/alcasar-banner-ssh
# change the SSH banner
cp -f $DIR_CONF/banner /etc/ssh/alcasar-banner-ssh
echo " V$VERSION" >> /etc/ssh/alcasar-banner-ssh
chmod 644 /etc/ssh/alcasar-banner-ssh ; chown root:root /etc/ssh/alcasar-banner-ssh
[ -e /etc/ssh/sshd_config.default ] || cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default
$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1886,11 → 1883,11
# postfix banner anonymisation
$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
chown -R postfix:postfix /var/lib/postfix
# sshd écoute côté LAN et WAN
# sshd liste on EXTIF & INTIF
$SED "s?^#ListenAddress 0\.0\.0\.0.*?ListenAddress 0\.0\.0\.0?g" /etc/ssh/sshd_config
# sshd autorise les connections root par certificat
# sshd authorized certificate for root login
$SED "s?^PermitRootLogin.*?PermitRootLogin without-password?g" /etc/ssh/sshd_config
# Put the default values in conf file
# ALCASAR conf file
echo "SSH=on" >> $CONF_FILE
echo "SSH_ADMIN_FROM=0.0.0.0/0.0.0.0" >> $CONF_FILE
echo "LDAP=off" >> $CONF_FILE
1900,11 → 1897,11
echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE
echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE
echo "#WAN2=\"1,$EXTIF:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE
# Coloration des prompts
# Prompt customisation (colors)
[ -e /etc/bashrc.default ] || cp /etc/bashrc /etc/bashrc.default
cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc
# Droits d'exécution pour utilisateur apache et sysadmin
# sudoers configuration for "apache" & "sysadmin"
[ -e /etc/sudoers.default ] || cp /etc/sudoers /etc/sudoers.default
cp -f $DIR_CONF/sudoers /etc/. ; chmod 440 /etc/sudoers ; chown root:root /etc/sudoers
$SED "s?^Host_Alias.*?Host_Alias LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost #réseau de l'organisme?g" /etc/sudoers
1911,7 → 1908,7
# Modify some logrotate files (gammu, ulogd)
cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
chmod 644 /etc/logrotate.d/*
# rectification sur versions précédentes de la compression des logs
# Log compression
$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
# actualisation des fichiers logs compressés
for dir in firewall dansguardian httpd
1987,9 → 1984,7
# switch to multi-users runlevel (instead of x11)
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# GRUB modifications (only one time)
# limit wait time to 3s
# create an alcasar entry instead of linux-nonfb
# change display to 1024*768 (vga791) only if not on VM
# Limit wait time to 3s - Create an alcasar entry instead of linux-nonfb - Change the default banner
grub_already_modified=`grep ALCASAR /boot/grub/menu.lst|wc -l`
if [ $grub_already_modified == 0 ]
then
1996,11 → 1991,16
$SED "s?^timeout.*?timeout 3?g" /boot/grub/menu.lst
$SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst
$SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst
# is an virtual machine (proxmox, vmware, ) ?
# change display to 1024*768 (vga791) only if not on VM
[ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default
vm_vga=`lsmod | egrep "virtio|vmwgfx" | wc -l`
if [ $vm_vga == 0 ]
if [ $vm_vga == 0 ] # is not a virtual machine (proxmox, vmware)
then
$SED "/^kernel/s/$/ vga=791/" /boot/grub/menu.lst
cp -f $DIR_CONF/banner /etc/mageia-release
echo " V$VERSION" >> /etc/mageia-release
else
echo "ALCASAR V$VERSION" > /etc/mageia-release
fi
$SED "/^kernel/s/BOOT_IMAGE=linux /BOOT_IMAGE=linux-nonfb /" /boot/grub/menu.lst
$SED "/^gfxmenu/d" /boot/grub/menu.lst