Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 611 → Rev 612

/alcasar.sh
49,6 → 49,7
DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts
DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin
DIR_DEST_ETC="/usr/local/etc" # répertoire des fichiers de conf
FIC_CONF="$DIR_DEST_ETC/alcasar.conf" # fichier de conf d'alcasar
FIC_PARAM="/root/ALCASAR-parameters.txt" # fichier texte résumant les paramètres d'installation
FIC_PASSWD="/root/ALCASAR-passwords.txt" # fichier texte contenant les mots de passe et secrets partagés
# ******* DBMS parameters - paramètres SGBD ********
211,22 → 212,22
# On crée aléatoirement les mots de passe et les secrets partagés
rm -f $FIC_PASSWD
grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de protection du menu Grub
echo -n "mot de passe de protection du menu de démarrage (GRUB) : " > $FIC_PASSWD
echo -n "Password to protect the boot menu (GRUB) : " > $FIC_PASSWD
echo "$grubpwd" >> $FIC_PASSWD
md5_grubpwd=`/usr/bin/md5pass $grubpwd`
$SED "/^password.*/d" /boot/grub/menu.lst
$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de l'administrateur Mysqld
echo -n "compte et mot de passe de l'administrateur Mysqld : " >> $FIC_PASSWD
echo -n "Name and password of MYSQL administrator : " >> $FIC_PASSWD
echo "root / $mysqlpwd" >> $FIC_PASSWD
radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de l'utilisateur Mysqld (utilisé par freeradius)
echo -n "compte et mot de passe de l'utilisateur Mysqld : " >> $FIC_PASSWD
echo -n "Name and password of MYSQL user : " >> $FIC_PASSWD
echo "$DB_USER / $radiuspwd" >> $FIC_PASSWD
secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # secret partagé entre intercept.php et coova-chilli
echo -n "secret partagé entre le script 'intercept.php' et coova-chilli : " >> $FIC_PASSWD
echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $FIC_PASSWD
echo "$secretuam" >> $FIC_PASSWD
secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # secret partagé entre coova-chilli et FreeRadius
echo -n "secret partagé entre coova-chilli et FreeRadius : " >> $FIC_PASSWD
echo -n "Shared secret between coova-chilli and FreeRadius : " >> $FIC_PASSWD
echo "$secretradius" >> $FIC_PASSWD
chmod 640 $FIC_PASSWD
# On installe les scripts et fichiers de configuration d'ALCASAR
240,19 → 241,30
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
# On génère le début du fichier récapitulatif
# generate FIC_PARAM and FIC_CONF
cat <<EOF > $FIC_PARAM
################################################
## ##
## ALCASAR Parameters ##
## ##
################################################
##########################################
## ##
## ALCASAR Parameters ##
## ##
##########################################
 
- Install date : $DATE
- Version : $VERSION
- Organism : $ORGANISME
EOF
chmod o-rwx $FIC_PARAM
cat <<EOF > $FIC_CONF
##########################################
## ##
## ALCASAR Parameters ##
## ##
##########################################
 
INSTALL_DATE=$DATE
VERSION=$VERSION
ORGANISM=$ORGANISME
EOF
chmod o-rwx $FIC_PARAM $FIC_CONF
} # End of init ()
 
##################################################################
335,17 → 347,14
echo -e "- DNS servers :\t\t\t$DNS1 and $DNS2" >> $FIC_PARAM
echo -e "- LAN IP address ($INTIF) :\t$PRIVATE_IP_MASK" >> $FIC_PARAM
echo -e "- Dynamic IP addresses (DHCP) :\tfrom $PRIVATE_DYN_FIRST_IP to $PRIVATE_DYN_LAST_IP" >> $FIC_PARAM
echo "#### ALCASAR Network parameters ####" > $DIR_DEST_ETC/alcasar-network
echo "# Lauch the script 'alcasar-network.sh' after your changes" >> $DIR_DEST_ETC/alcasar-network
echo "# Lancez le script 'alcasar-network.sh' après vos modifications" >> $DIR_DEST_ETC/alcasar-network
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $DIR_DEST_ETC/alcasar-network
echo "GW=$PUBLIC_GATEWAY" >> $DIR_DEST_ETC/alcasar-network
echo "DNS1=$DNS1" >> $DIR_DEST_ETC/alcasar-network
echo "DNS2=$DNS2" >> $DIR_DEST_ETC/alcasar-network
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $DIR_DEST_ETC/alcasar-network
echo "DHCP=on" >> $DIR_DEST_ETC/alcasar-network
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $DIR_DEST_ETC/alcasar-network
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $DIR_DEST_ETC/alcasar-network
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $FIC_CONF
echo "GW=$PUBLIC_GATEWAY" >> $FIC_CONF
echo "DNS1=$DNS1" >> $FIC_CONF
echo "DNS2=$DNS2" >> $FIC_CONF
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $FIC_CONF
echo "DHCP=on" >> $FIC_CONF
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $FIC_CONF
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $FIC_CONF
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
# Configuration réseau
cat <<EOF > /etc/sysconfig/network
1256,9 → 1265,13
# sshd écoute côté LAN et WAN
$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
# sshd n'est pas lancé automatiquement au démarrage
# Put the default value in conf file (sshd, QOS, protocols filter and dns filter are off)(web antivirus is on)
/sbin/chkconfig --del sshd
echo "SSH=off" >> $DIR_DEST_ETC/alcasar-network
echo "SSH=off" >> $FIC_CONF
echo "QOS=off" >> $FIC_CONF
echo "PROTOCOLS_FILTERING=off" >> $FIC_CONF
echo "DNS_FILTERING=off" >> $FIC_CONF
echo "WEB_ANTIVIRUS=on" >> $FIC_CONF
# Coloration des prompts
[ -e /etc/bashrc.default ] || cp /etc/bashrc /etc/bashrc.default
cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc