| 42,11 → 42,11 |
|---|
| DATE_SHORT=`date '+%d/%m/%Y'` |
| # ******* Files parameters - paramètres fichiers ********* |
| DIR_INSTALL=`pwd` # répertoire d'installation |
| DIR_GESTION="$DIR_INSTALL/gestion" # répertoire d'installation contenant l'interface de gestion |
| DIR_CONF="$DIR_INSTALL/conf" # répertoire d'installation contenant les fichiers de configuration |
| DIR_SCRIPTS="$DIR_INSTALL/scripts" # répertoire d'installation contenant les scripts |
| DIR_SAVE="/var/Save" # répertoire de sauvegarde (ISO, backup, etc.) |
| DIR_WEB="/var/www/html" # répertoire du centre de gestion |
| DIR_WEB="/var/www/html" # répertoire racine APACHE |
| DIR_ACC="$DIR_WEB/acc" # répertoire du centre de gestion 'ALCASAR Control Center' |
| DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts |
| DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin |
| DIR_DEST_ETC="/usr/local/etc" # répertoire des fichiers de conf |
| 452,13 → 452,13 |
|---|
| [ -d $DIR_WEB ] && rm -rf $DIR_WEB |
| mkdir $DIR_WEB |
| # Copie et configuration des fichiers du centre de gestion |
| cp -rf $DIR_GESTION/* $DIR_WEB/ |
| cp -rf $DIR_INSTALL/web/* $DIR_WEB/ |
| echo "$VERSION du $DATE" > $DIR_WEB/VERSION |
| $SED "s?99/99/9999?$DATE_SHORT?g" $DIR_WEB/menu.php |
| $SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_WEB/phpsysinfo/includes/xml/portail.php |
| $SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_WEB/phpsysinfo/includes/xml/portail.php |
| $SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_WEB/phpsysinfo/includes/xml/portail.php |
| chmod 640 $DIR_WEB/phpsysinfo/includes/xml/portail.php |
| $SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php |
| $SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
| $SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
| $SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
| chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php |
| chown -R apache:apache $DIR_WEB/* |
| for i in ISO base logs/firewall logs/httpd logs/squid ; |
| do |
| 494,19 → 494,19 |
|---|
| # - la redirection suite à l'indisponibilité d'Internet (via watchdog) |
| # - l'accès au centre de gestion (lien https) |
| # On utilise la réécriture d'URL pour rediriger toute les URLs |
| FIC_VIRTUAL=`find /etc/httpd/conf -type f -name *default_vhosts*` |
| [ -e /etc/httpd/conf/vhosts.default ] || cp $FIC_VIRTUAL /etc/httpd/conf/vhosts.default |
| cat <<EOF > $FIC_VIRTUAL |
| NameVirtualHost *:80 |
| <VirtualHost *:80> |
| ServerName $HOSTNAME |
| DocumentRoot $DIR_WEB/redirect |
| RewriteEngine on |
| RewriteRule ^.*logo-alcasar.* /logo-alcasar.png [L] |
| RewriteRule ^(.*)$ /index.php [L] |
| </VirtualHost> |
| EOF |
| $SED "s?^\$private_ip =.*?\$private_ip = \"$PRIVATE_IP\";?g" $DIR_WEB/redirect/index-access-deny.php $DIR_WEB/redirect/index-network-pb.php |
| # FIC_VIRTUAL=`find /etc/httpd/conf -type f -name *default_vhosts*` |
| # [ -e /etc/httpd/conf/vhosts.default ] || cp $FIC_VIRTUAL /etc/httpd/conf/vhosts.default |
| # cat <<EOF > $FIC_VIRTUAL |
| #NameVirtualHost *:80 |
| #<VirtualHost *:80> |
| #ServerName $HOSTNAME |
| #DocumentRoot $DIR_WEB/redirect |
| #RewriteEngine on |
| #RewriteRule ^.*logo-alcasar.* /logo-alcasar.png [L] |
| #RewriteRule ^(.*)$ /index.php [L] |
| #</VirtualHost> |
| #EOF |
| # $SED "s?^\$private_ip =.*?\$private_ip = \"$PRIVATE_IP\";?g" $DIR_WEB/redirect/index-access-deny.php $DIR_WEB/redirect/index-network-pb.php |
| # Définition du premier compte lié au profil 'admin' |
| if [ "$mode" = "install" ] |
| then |
| 522,12 → 522,12 |
|---|
| read admin_portail |
| echo "- Nom du premier compte lié au profil 'admin' : $admin_portail" >> $FIC_PARAM |
| # Création du fichier de clés de ce compte dans le profil "admin" |
| [ -d $DIR_WEB/digest ] && rm -rf $DIR_WEB/digest |
| mkdir -p $DIR_WEB/digest |
| chmod 755 $DIR_WEB/digest |
| until [ -s $DIR_WEB/digest/key_admin ] |
| [ -d $DIR_ACC/digest ] && rm -rf $DIR_ACC/acc/digest |
| mkdir -p $DIR_ACC/digest |
| chmod 755 $DIR_ACC/digest |
| until [ -s $DIR_ACC/digest/key_admin ] |
| do |
| /usr/sbin/htdigest -c $DIR_WEB/digest/key_admin $HOSTNAME $admin_portail |
| /usr/sbin/htdigest -c $DIR_ACC/digest/key_admin $HOSTNAME $admin_portail |
| done |
| # Création des fichiers de clés des deux autres profils (backup + manager) contenant ce compte |
| $DIR_DEST_SBIN/alcasar-profil.sh -list |
| 535,12 → 535,12 |
|---|
| # Sécurisation du centre |
| rm -f /etc/httpd/conf/webapps.d/* |
| cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf |
| <Directory $DIR_WEB/digest> |
| <Directory $DIR_ACC/digest> |
| AllowOverride none |
| Order deny,allow |
| Deny from all |
| </Directory> |
| <Directory $DIR_WEB/admin> |
| <Directory $DIR_ACC> |
| SSLRequireSSL |
| AllowOverride None |
| Order deny,allow |
| 551,10 → 551,10 |
|---|
| AuthType digest |
| AuthName $HOSTNAME |
| BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
| AuthUserFile $DIR_WEB/digest/key_admin |
| AuthUserFile $DIR_ACC/digest/key_all |
| ErrorDocument 404 https://$PRIVATE_IP/ |
| </Directory> |
| <Directory $DIR_WEB/manager/htdocs> |
| <Directory $DIR_ACC/admin> |
| SSLRequireSSL |
| AllowOverride None |
| Order deny,allow |
| 565,10 → 565,10 |
|---|
| AuthType digest |
| AuthName $HOSTNAME |
| BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
| AuthUserFile $DIR_WEB/digest/key_manager |
| AuthUserFile $DIR_ACC/digest/key_admin |
| ErrorDocument 404 https://$PRIVATE_IP/ |
| </Directory> |
| <Directory $DIR_WEB/manager/html> |
| <Directory $DIR_ACC/manager/htdocs> |
| SSLRequireSSL |
| AllowOverride None |
| Order deny,allow |
| 579,10 → 579,10 |
|---|
| AuthType digest |
| AuthName $HOSTNAME |
| BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
| AuthUserFile $DIR_WEB/digest/key_manager |
| AuthUserFile $DIR_ACC/digest/key_manager |
| ErrorDocument 404 https://$PRIVATE_IP/ |
| </Directory> |
| <Directory $DIR_WEB/backup> |
| <Directory $DIR_ACC/manager/html> |
| SSLRequireSSL |
| AllowOverride None |
| Order deny,allow |
| 593,9 → 593,23 |
|---|
| AuthType digest |
| AuthName $HOSTNAME |
| BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
| AuthUserFile $DIR_WEB/digest/key_backup |
| AuthUserFile $DIR_ACC/digest/key_manager |
| ErrorDocument 404 https://$PRIVATE_IP/ |
| </Directory> |
| <Directory $DIR_ACC/backup> |
| SSLRequireSSL |
| AllowOverride None |
| Order deny,allow |
| Deny from all |
| Allow from 127.0.0.1 |
| Allow from $PRIVATE_NETWORK_MASK |
| require valid-user |
| AuthType digest |
| AuthName $HOSTNAME |
| BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
| AuthUserFile $DIR_ACC/digest/key_backup |
| ErrorDocument 404 https://$PRIVATE_IP/ |
| </Directory> |
| Alias /save/ "$DIR_SAVE/" |
| <Directory $DIR_SAVE> |
| SSLRequireSSL |
| 607,7 → 621,7 |
|---|
| require valid-user |
| AuthType digest |
| AuthName $HOSTNAME |
| AuthUserFile $DIR_WEB/digest/key_backup |
| AuthUserFile $DIR_ACC/digest/key_backup |
| ErrorDocument 404 https://$PRIVATE_IP/ |
| ReadmeName /readmeSave.html |
| </Directory> |
| 734,12 → 748,12 |
|---|
| param_web_radius () |
| { |
| # copie de l'interface d'origine dans la structure Alcasar |
| [ -d /usr/share/freeradius-web ] && cp -rf /usr/share/freeradius-web/* $DIR_WEB/manager/ |
| [ -d /usr/share/freeradius-web ] && cp -rf /usr/share/freeradius-web/* $DIR_ACC/manager/ |
| # copie des fichiers modifiés et suppression des fichiers inutiles |
| cp -rf $DIR_GESTION/manager/* $DIR_WEB/manager/ |
| rm -f $DIR_WEB/manager/index.html $DIR_WEB/manager/readme |
| rm -f $DIR_WEB/manager/htdocs/about.html $DIR_WEB/manager/htdocs/index.html $DIR_WEB/manager/htdocs/content.html |
| chown -R apache:apache $DIR_WEB/manager/ |
| cp -rf $DIR_INSTALL/web/acc/manager/* $DIR_ACC/manager/ |
| rm -f $DIR_ACC/manager/index.html $DIR_ACC/manager/readme |
| rm -f $DIR_ACC/manager/htdocs/about.html $DIR_ACC/manager/htdocs/index.html $DIR_ACC/manager/htdocs/content.html |
| chown -R apache:apache $DIR_ACC/manager/ |
| # Modification du fichier de configuration |
| [ -e /etc/freeradius-web/admin.conf.default ] || cp /etc/freeradius-web/admin.conf /etc/freeradius-web/admin.conf.default |
| $SED "s?^general_domain:.*?general_domain: $ORGANISME.$DOMAIN?g" /etc/freeradius-web/admin.conf |
| 770,8 → 784,8 |
|---|
| chown -R apache:apache /etc/freeradius-web |
| # Ajout de l'alias vers la page de "changement de mot de passe usager" |
| cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf |
| Alias /pass/ "$DIR_WEB/manager/pass/" |
| <Directory $DIR_WEB/manager/pass> |
| Alias /pass/ "$DIR_ACC/manager/pass/" |
| <Directory $DIR_ACC/manager/pass> |
| SSLRequireSSL |
| AllowOverride None |
| Order deny,allow |
| 993,8 → 1007,8 |
|---|
| ################################################################################## |
| param_awstats() |
| { |
| cp -rf /usr/share/awstats/www/ $DIR_WEB/awstats/ |
| chown -R apache:apache $DIR_WEB/awstats |
| cp -rf /usr/share/awstats/www/ $DIR_ACC/awstats/ |
| chown -R apache:apache $DIR_ACC/awstats |
| cp /etc/awstats/awstats.conf /etc/awstats/awstats.conf.default |
| $SED "s?^LogFile=.*?LogFile=\"/var/log/squid/access.log\"?g" /etc/awstats/awstats.conf |
| $SED "s?^LogFormat=.*?LogFormat=4?g" /etc/awstats/awstats.conf |
| 1006,7 → 1020,7 |
|---|
| $SED "s?^BuildReportFormat=.*?BuildReportFormat=xhtml?g" /etc/awstats/awstats.conf |
| $SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf |
| cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf |
| <Directory $DIR_WEB/awstats> |
| <Directory $DIR_ACC/awstats> |
| SSLRequireSSL |
| Options ExecCGI |
| AddHandler cgi-script .pl |
| 1019,7 → 1033,7 |
|---|
| AuthType digest |
| AuthName $HOSTNAME |
| BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
| AuthUserFile $DIR_WEB/digest/key_admin |
| AuthUserFile $DIR_ACC/digest/key_admin |
| ErrorDocument 404 https://$PRIVATE_IP/ |
| </Directory> |
| SetEnv PERL5LIB /usr/share/awstats/lib:/usr/share/awstats/plugins |
| 1075,8 → 1089,8 |
|---|
| # on copie par défaut la BL de toulouse embarqués dans l'archive d'ALCASAR |
| rm -rf /etc/dansguardian/lists/blacklists |
| tar zxf $DIR_CONF/blacklists.tar.gz --directory=/etc/dansguardian/lists/ 2>&1 >/dev/null |
| cp -f $DIR_CONF/VERSION-BL $DIR_WEB/ |
| chown apache:apache $DIR_WEB/VERSION-BL |
| cp -f $DIR_CONF/VERSION-BL $DIR_ACC/ |
| chown apache:apache $DIR_ACC/VERSION-BL |
| # on crée le répertoire de la BL secondaire |
| mkdir /etc/dansguardian/lists/blacklists/ossi |
| touch /etc/dansguardian/lists/blacklists/ossi/domains |
| 1108,7 → 1122,7 |
|---|
| chown -R root:apache /usr/local/etc/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled} |
| # On fait pointer le black-hole sur une page interne |
| $SED "s?^IP_RETOUR=.*?IP_RETOUR=\"$PRIVATE_IP\"?g" $DIR_DEST_SBIN/alcasar-bl.sh |
| ln -sf $DIR_WEB/redirect/index-access-deny.php $DIR_WEB/redirect/index.php |
| ln -sf $DIR_WEB/index-access-deny.php $DIR_WEB/index.php |
| # On récupère la dernière version de la BL Toulouse |
| $DIR_DEST_SBIN/alcasar-bl.sh -download |
| } |
| 1343,11 → 1357,11 |
|---|
| do |
| if [ "`echo $i|grep version|cut -d'=' -f1`" == "version" ] |
| then |
| version=`echo $i|cut -d"=" -f2` |
| mdv_version=`echo $i|cut -d"=" -f2` |
| fi |
| done |
| IFS="$old" |
| if [ ! "$version" = "$MDV_NEEDED" ] |
| if [ ! "$mdv_version" = "$MDV_NEEDED" ] |
| then |
| echo "La version actuelle de Linux Mandriva va être mise à jour en ($MDV_NEEDED). En cas de problème, suivez la procédure manuelle (cf. doc exploitation)" |
| sleep 5 |