42,11 → 42,11 |
DATE_SHORT=`date '+%d/%m/%Y'` |
# ******* Files parameters - paramètres fichiers ********* |
DIR_INSTALL=`pwd` # répertoire d'installation |
DIR_GESTION="$DIR_INSTALL/gestion" # répertoire d'installation contenant l'interface de gestion |
DIR_CONF="$DIR_INSTALL/conf" # répertoire d'installation contenant les fichiers de configuration |
DIR_SCRIPTS="$DIR_INSTALL/scripts" # répertoire d'installation contenant les scripts |
DIR_SAVE="/var/Save" # répertoire de sauvegarde (ISO, backup, etc.) |
DIR_WEB="/var/www/html" # répertoire du centre de gestion |
DIR_WEB="/var/www/html" # répertoire racine APACHE |
DIR_ACC="$DIR_WEB/acc" # répertoire du centre de gestion 'ALCASAR Control Center' |
DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts |
DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin |
DIR_DEST_ETC="/usr/local/etc" # répertoire des fichiers de conf |
452,13 → 452,13 |
[ -d $DIR_WEB ] && rm -rf $DIR_WEB |
mkdir $DIR_WEB |
# Copie et configuration des fichiers du centre de gestion |
cp -rf $DIR_GESTION/* $DIR_WEB/ |
cp -rf $DIR_INSTALL/web/* $DIR_WEB/ |
echo "$VERSION du $DATE" > $DIR_WEB/VERSION |
$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_WEB/menu.php |
$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_WEB/phpsysinfo/includes/xml/portail.php |
$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_WEB/phpsysinfo/includes/xml/portail.php |
$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_WEB/phpsysinfo/includes/xml/portail.php |
chmod 640 $DIR_WEB/phpsysinfo/includes/xml/portail.php |
$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php |
$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php |
chown -R apache:apache $DIR_WEB/* |
for i in ISO base logs/firewall logs/httpd logs/squid ; |
do |
494,19 → 494,19 |
# - la redirection suite à l'indisponibilité d'Internet (via watchdog) |
# - l'accès au centre de gestion (lien https) |
# On utilise la réécriture d'URL pour rediriger toute les URLs |
FIC_VIRTUAL=`find /etc/httpd/conf -type f -name *default_vhosts*` |
[ -e /etc/httpd/conf/vhosts.default ] || cp $FIC_VIRTUAL /etc/httpd/conf/vhosts.default |
cat <<EOF > $FIC_VIRTUAL |
NameVirtualHost *:80 |
<VirtualHost *:80> |
ServerName $HOSTNAME |
DocumentRoot $DIR_WEB/redirect |
RewriteEngine on |
RewriteRule ^.*logo-alcasar.* /logo-alcasar.png [L] |
RewriteRule ^(.*)$ /index.php [L] |
</VirtualHost> |
EOF |
$SED "s?^\$private_ip =.*?\$private_ip = \"$PRIVATE_IP\";?g" $DIR_WEB/redirect/index-access-deny.php $DIR_WEB/redirect/index-network-pb.php |
# FIC_VIRTUAL=`find /etc/httpd/conf -type f -name *default_vhosts*` |
# [ -e /etc/httpd/conf/vhosts.default ] || cp $FIC_VIRTUAL /etc/httpd/conf/vhosts.default |
# cat <<EOF > $FIC_VIRTUAL |
#NameVirtualHost *:80 |
#<VirtualHost *:80> |
#ServerName $HOSTNAME |
#DocumentRoot $DIR_WEB/redirect |
#RewriteEngine on |
#RewriteRule ^.*logo-alcasar.* /logo-alcasar.png [L] |
#RewriteRule ^(.*)$ /index.php [L] |
#</VirtualHost> |
#EOF |
# $SED "s?^\$private_ip =.*?\$private_ip = \"$PRIVATE_IP\";?g" $DIR_WEB/redirect/index-access-deny.php $DIR_WEB/redirect/index-network-pb.php |
# Définition du premier compte lié au profil 'admin' |
if [ "$mode" = "install" ] |
then |
522,12 → 522,12 |
read admin_portail |
echo "- Nom du premier compte lié au profil 'admin' : $admin_portail" >> $FIC_PARAM |
# Création du fichier de clés de ce compte dans le profil "admin" |
[ -d $DIR_WEB/digest ] && rm -rf $DIR_WEB/digest |
mkdir -p $DIR_WEB/digest |
chmod 755 $DIR_WEB/digest |
until [ -s $DIR_WEB/digest/key_admin ] |
[ -d $DIR_ACC/digest ] && rm -rf $DIR_ACC/acc/digest |
mkdir -p $DIR_ACC/digest |
chmod 755 $DIR_ACC/digest |
until [ -s $DIR_ACC/digest/key_admin ] |
do |
/usr/sbin/htdigest -c $DIR_WEB/digest/key_admin $HOSTNAME $admin_portail |
/usr/sbin/htdigest -c $DIR_ACC/digest/key_admin $HOSTNAME $admin_portail |
done |
# Création des fichiers de clés des deux autres profils (backup + manager) contenant ce compte |
$DIR_DEST_SBIN/alcasar-profil.sh -list |
535,12 → 535,12 |
# Sécurisation du centre |
rm -f /etc/httpd/conf/webapps.d/* |
cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf |
<Directory $DIR_WEB/digest> |
<Directory $DIR_ACC/digest> |
AllowOverride none |
Order deny,allow |
Deny from all |
</Directory> |
<Directory $DIR_WEB/admin> |
<Directory $DIR_ACC> |
SSLRequireSSL |
AllowOverride None |
Order deny,allow |
551,10 → 551,10 |
AuthType digest |
AuthName $HOSTNAME |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_WEB/digest/key_admin |
AuthUserFile $DIR_ACC/digest/key_all |
ErrorDocument 404 https://$PRIVATE_IP/ |
</Directory> |
<Directory $DIR_WEB/manager/htdocs> |
<Directory $DIR_ACC/admin> |
SSLRequireSSL |
AllowOverride None |
Order deny,allow |
565,10 → 565,10 |
AuthType digest |
AuthName $HOSTNAME |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_WEB/digest/key_manager |
AuthUserFile $DIR_ACC/digest/key_admin |
ErrorDocument 404 https://$PRIVATE_IP/ |
</Directory> |
<Directory $DIR_WEB/manager/html> |
<Directory $DIR_ACC/manager/htdocs> |
SSLRequireSSL |
AllowOverride None |
Order deny,allow |
579,10 → 579,10 |
AuthType digest |
AuthName $HOSTNAME |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_WEB/digest/key_manager |
AuthUserFile $DIR_ACC/digest/key_manager |
ErrorDocument 404 https://$PRIVATE_IP/ |
</Directory> |
<Directory $DIR_WEB/backup> |
<Directory $DIR_ACC/manager/html> |
SSLRequireSSL |
AllowOverride None |
Order deny,allow |
593,9 → 593,23 |
AuthType digest |
AuthName $HOSTNAME |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_WEB/digest/key_backup |
AuthUserFile $DIR_ACC/digest/key_manager |
ErrorDocument 404 https://$PRIVATE_IP/ |
</Directory> |
<Directory $DIR_ACC/backup> |
SSLRequireSSL |
AllowOverride None |
Order deny,allow |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_ACC/digest/key_backup |
ErrorDocument 404 https://$PRIVATE_IP/ |
</Directory> |
Alias /save/ "$DIR_SAVE/" |
<Directory $DIR_SAVE> |
SSLRequireSSL |
607,7 → 621,7 |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
AuthUserFile $DIR_WEB/digest/key_backup |
AuthUserFile $DIR_ACC/digest/key_backup |
ErrorDocument 404 https://$PRIVATE_IP/ |
ReadmeName /readmeSave.html |
</Directory> |
734,12 → 748,12 |
param_web_radius () |
{ |
# copie de l'interface d'origine dans la structure Alcasar |
[ -d /usr/share/freeradius-web ] && cp -rf /usr/share/freeradius-web/* $DIR_WEB/manager/ |
[ -d /usr/share/freeradius-web ] && cp -rf /usr/share/freeradius-web/* $DIR_ACC/manager/ |
# copie des fichiers modifiés et suppression des fichiers inutiles |
cp -rf $DIR_GESTION/manager/* $DIR_WEB/manager/ |
rm -f $DIR_WEB/manager/index.html $DIR_WEB/manager/readme |
rm -f $DIR_WEB/manager/htdocs/about.html $DIR_WEB/manager/htdocs/index.html $DIR_WEB/manager/htdocs/content.html |
chown -R apache:apache $DIR_WEB/manager/ |
cp -rf $DIR_INSTALL/web/acc/manager/* $DIR_ACC/manager/ |
rm -f $DIR_ACC/manager/index.html $DIR_ACC/manager/readme |
rm -f $DIR_ACC/manager/htdocs/about.html $DIR_ACC/manager/htdocs/index.html $DIR_ACC/manager/htdocs/content.html |
chown -R apache:apache $DIR_ACC/manager/ |
# Modification du fichier de configuration |
[ -e /etc/freeradius-web/admin.conf.default ] || cp /etc/freeradius-web/admin.conf /etc/freeradius-web/admin.conf.default |
$SED "s?^general_domain:.*?general_domain: $ORGANISME.$DOMAIN?g" /etc/freeradius-web/admin.conf |
770,8 → 784,8 |
chown -R apache:apache /etc/freeradius-web |
# Ajout de l'alias vers la page de "changement de mot de passe usager" |
cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf |
Alias /pass/ "$DIR_WEB/manager/pass/" |
<Directory $DIR_WEB/manager/pass> |
Alias /pass/ "$DIR_ACC/manager/pass/" |
<Directory $DIR_ACC/manager/pass> |
SSLRequireSSL |
AllowOverride None |
Order deny,allow |
993,8 → 1007,8 |
################################################################################## |
param_awstats() |
{ |
cp -rf /usr/share/awstats/www/ $DIR_WEB/awstats/ |
chown -R apache:apache $DIR_WEB/awstats |
cp -rf /usr/share/awstats/www/ $DIR_ACC/awstats/ |
chown -R apache:apache $DIR_ACC/awstats |
cp /etc/awstats/awstats.conf /etc/awstats/awstats.conf.default |
$SED "s?^LogFile=.*?LogFile=\"/var/log/squid/access.log\"?g" /etc/awstats/awstats.conf |
$SED "s?^LogFormat=.*?LogFormat=4?g" /etc/awstats/awstats.conf |
1006,7 → 1020,7 |
$SED "s?^BuildReportFormat=.*?BuildReportFormat=xhtml?g" /etc/awstats/awstats.conf |
$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf |
cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf |
<Directory $DIR_WEB/awstats> |
<Directory $DIR_ACC/awstats> |
SSLRequireSSL |
Options ExecCGI |
AddHandler cgi-script .pl |
1019,7 → 1033,7 |
AuthType digest |
AuthName $HOSTNAME |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_WEB/digest/key_admin |
AuthUserFile $DIR_ACC/digest/key_admin |
ErrorDocument 404 https://$PRIVATE_IP/ |
</Directory> |
SetEnv PERL5LIB /usr/share/awstats/lib:/usr/share/awstats/plugins |
1075,8 → 1089,8 |
# on copie par défaut la BL de toulouse embarqués dans l'archive d'ALCASAR |
rm -rf /etc/dansguardian/lists/blacklists |
tar zxf $DIR_CONF/blacklists.tar.gz --directory=/etc/dansguardian/lists/ 2>&1 >/dev/null |
cp -f $DIR_CONF/VERSION-BL $DIR_WEB/ |
chown apache:apache $DIR_WEB/VERSION-BL |
cp -f $DIR_CONF/VERSION-BL $DIR_ACC/ |
chown apache:apache $DIR_ACC/VERSION-BL |
# on crée le répertoire de la BL secondaire |
mkdir /etc/dansguardian/lists/blacklists/ossi |
touch /etc/dansguardian/lists/blacklists/ossi/domains |
1108,7 → 1122,7 |
chown -R root:apache /usr/local/etc/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled} |
# On fait pointer le black-hole sur une page interne |
$SED "s?^IP_RETOUR=.*?IP_RETOUR=\"$PRIVATE_IP\"?g" $DIR_DEST_SBIN/alcasar-bl.sh |
ln -sf $DIR_WEB/redirect/index-access-deny.php $DIR_WEB/redirect/index.php |
ln -sf $DIR_WEB/index-access-deny.php $DIR_WEB/index.php |
# On récupère la dernière version de la BL Toulouse |
$DIR_DEST_SBIN/alcasar-bl.sh -download |
} |
1343,11 → 1357,11 |
do |
if [ "`echo $i|grep version|cut -d'=' -f1`" == "version" ] |
then |
version=`echo $i|cut -d"=" -f2` |
mdv_version=`echo $i|cut -d"=" -f2` |
fi |
done |
IFS="$old" |
if [ ! "$version" = "$MDV_NEEDED" ] |
if [ ! "$mdv_version" = "$MDV_NEEDED" ] |
then |
echo "La version actuelle de Linux Mandriva va être mise à jour en ($MDV_NEEDED). En cas de problème, suivez la procédure manuelle (cf. doc exploitation)" |
sleep 5 |