Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 627 → Rev 628

/alcasar.sh
49,9 → 49,8
DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts
DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin
DIR_DEST_ETC="/usr/local/etc" # répertoire des fichiers de conf
FIC_CONF="$DIR_DEST_ETC/alcasar.conf" # fichier de conf d'alcasar
FIC_PARAM="/root/ALCASAR-parameters.txt" # fichier texte résumant les paramètres d'installation
FIC_PASSWD="/root/ALCASAR-passwords.txt" # fichier texte contenant les mots de passe et secrets partagés
CONF_FILE="$DIR_DEST_ETC/alcasar.conf" # fichier de conf d'alcasar
PASSWD_FILE="/root/ALCASAR-passwords.txt" # fichier texte contenant les mots de passe et secrets partagés
# ******* DBMS parameters - paramètres SGBD ********
DB_RADIUS="radius" # nom de la base de données utilisée par le serveur FreeRadius
DB_USER="radius" # nom de l'utilisateur de la base de données
210,26 → 209,26
done
fi
# On crée aléatoirement les mots de passe et les secrets partagés
rm -f $FIC_PASSWD
rm -f $PASSWD_FILE
grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de protection du menu Grub
echo -n "Password to protect the boot menu (GRUB) : " > $FIC_PASSWD
echo "$grubpwd" >> $FIC_PASSWD
echo -n "Password to protect the boot menu (GRUB) : " > $PASSWD_FILE
echo "$grubpwd" >> $PASSWD_FILE
md5_grubpwd=`/usr/bin/md5pass $grubpwd`
$SED "/^password.*/d" /boot/grub/menu.lst
$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de l'administrateur Mysqld
echo -n "Name and password of MYSQL administrator : " >> $FIC_PASSWD
echo "root / $mysqlpwd" >> $FIC_PASSWD
echo -n "Name and password of MYSQL administrator : " >> $PASSWD_FILE
echo "root / $mysqlpwd" >> $PASSWD_FILE
radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de l'utilisateur Mysqld (utilisé par freeradius)
echo -n "Name and password of MYSQL user : " >> $FIC_PASSWD
echo "$DB_USER / $radiuspwd" >> $FIC_PASSWD
echo -n "Name and password of MYSQL user : " >> $PASSWD_FILE
echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE
secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # secret partagé entre intercept.php et coova-chilli
echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $FIC_PASSWD
echo "$secretuam" >> $FIC_PASSWD
echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE
echo "$secretuam" >> $PASSWD_FILE
secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # secret partagé entre coova-chilli et FreeRadius
echo -n "Shared secret between coova-chilli and FreeRadius : " >> $FIC_PASSWD
echo "$secretradius" >> $FIC_PASSWD
chmod 640 $FIC_PASSWD
echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
echo "$secretradius" >> $PASSWD_FILE
chmod 640 $PASSWD_FILE
# On installe les scripts et fichiers de configuration d'ALCASAR
# - dans /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log-clean.sh,log-export.sh,mondo.sh,watchdog.sh}
cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
241,8 → 240,8
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
# generate FIC_PARAM and FIC_CONF
cat <<EOF > $FIC_PARAM
# generate central conf file
cat <<EOF > $CONF_FILE
##########################################
## ##
## ALCASAR Parameters ##
249,22 → 248,11
## ##
##########################################
 
- Install date : $DATE
- Version : $VERSION
- Organism : $ORGANISME
EOF
cat <<EOF > $FIC_CONF
##########################################
## ##
## ALCASAR Parameters ##
## ##
##########################################
 
INSTALL_DATE=$DATE
VERSION=$VERSION
ORGANISM=$ORGANISME
EOF
chmod o-rwx $FIC_PARAM $FIC_CONF
chmod o-rwx $CONF_FILE
} # End of init ()
 
##################################################################
311,7 → 299,6
fi
# Définition de la config réseau côté "LAN de consultation"
hostname $HOSTNAME
echo "- Hostname : $HOSTNAME" >> $FIC_PARAM
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0)
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # masque réseau de consultation (ex.: 255.255.255.0)
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # @ip du portail (côté réseau de consultation)
342,19 → 329,14
PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
echo -e "- WAN IP address ($EXTIF) :\t$PUBLIC_IP/$PUBLIC_PREFIX" >> $FIC_PARAM
echo -e "- Gateway IP address :\t\t$PUBLIC_GATEWAY" >> $FIC_PARAM
echo -e "- DNS servers :\t\t\t$DNS1 and $DNS2" >> $FIC_PARAM
echo -e "- LAN IP address ($INTIF) :\t$PRIVATE_IP_MASK" >> $FIC_PARAM
echo -e "- Dynamic IP addresses (DHCP) :\tfrom $PRIVATE_DYN_FIRST_IP to $PRIVATE_DYN_LAST_IP" >> $FIC_PARAM
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $FIC_CONF
echo "GW=$PUBLIC_GATEWAY" >> $FIC_CONF
echo "DNS1=$DNS1" >> $FIC_CONF
echo "DNS2=$DNS2" >> $FIC_CONF
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $FIC_CONF
echo "DHCP=on" >> $FIC_CONF
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $FIC_CONF
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $FIC_CONF
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
echo "DNS1=$DNS1" >> $CONF_FILE
echo "DNS2=$DNS2" >> $CONF_FILE
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
echo "DHCP=on" >> $CONF_FILE
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $CONF_FILE
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $CONF_FILE
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
# Configuration réseau
cat <<EOF > /etc/sysconfig/network
462,7 → 444,6
$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
$SED "s?^\$private_ip =.*?\$private_ip = \"$PRIVATE_IP\";?g" $DIR_WEB/index.php
$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php
chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
chown -R apache:apache $DIR_WEB/*
494,7 → 475,6
</body>
</html>
EOF
echo "- ALCASAR Control Center URL : http://$HOSTNAME" >> $FIC_PARAM
# Définition du premier compte lié au profil 'admin'
header_install
if [ "$mode" = "install" ]
522,7 → 502,6
admin_portal=!
fi
done
echo "- Name of the first account of the admin profile : $admin_portal" >> $FIC_PARAM
# Création du fichier de clés de ce compte dans le profil "admin"
[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
mkdir -p $DIR_DEST_ETC/digest
546,7 → 525,6
echo -n "Account : "
fi
read admin_portal
echo "- Name of the first account of the admin profile : $admin_portal" >> $FIC_PARAM
[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
mkdir -p $DIR_DEST_ETC/digest
chmod 755 $DIR_DEST_ETC/digest
794,7 → 772,6
ErrorDocument 404 https://$HOSTNAME
</Directory>
EOF
echo "- User change password URL : https://$HOSTNAME/pass/" >> $FIC_PARAM
} # End of param_web_radius ()
 
##########################################################################################
857,7 → 834,6
touch $DIR_DEST_ETC/alcasar-macallowed $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
chown root:apache $DIR_DEST_ETC/alcasar-*
chmod 660 $DIR_DEST_ETC/alcasar-*
echo "- User disconnect URL : http://alcasar:3990/logoff" >> $FIC_PARAM
# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli et nom d'organisme)
$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php
$SED "s?^\$userpassword=1.*?\$userpassword=1;?g" $DIR_WEB/intercept.php
1277,12 → 1253,12
$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
# Put the default value in conf file (sshd, QOS, protocols filter and dns filter are off)(web antivirus is on)
/sbin/chkconfig --del sshd
echo "SSH=off" >> $FIC_CONF
echo "QOS=off" >> $FIC_CONF
echo "LDAP=off" >> $FIC_CONF
echo "PROTOCOLS_FILTERING=off" >> $FIC_CONF
echo "DNS_FILTERING=off" >> $FIC_CONF
echo "WEB_ANTIVIRUS=on" >> $FIC_CONF
echo "SSH=off" >> $CONF_FILE
echo "QOS=off" >> $CONF_FILE
echo "LDAP=off" >> $CONF_FILE
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
echo "DNS_FILTERING=off" >> $CONF_FILE
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
# Coloration des prompts
[ -e /etc/bashrc.default ] || cp /etc/bashrc /etc/bashrc.default
cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
1401,10 → 1377,13
/usr/sbin/userdel -f $rm_users
fi
done
# Load the previous conf file
# Load and update the previous conf file
if [ "$mode" = "update" ]
then
$DIR_DEST_BIN/alcasar-conf.sh --load
$SED "s?^INSTALL_DATE=.*?INSTALL_DATE=$DATE?g" $CONF_FILE
$SED "s?^VERSION=.*?VERSION=$VERSION?g" $CONF_FILE
$SED "s?^ORGANISM=.*?ORGANISM=$ORGANISM?g" $CONF_FILE
fi
rm -f /tmp/alcasar-conf*
chown -R root:apache $DIR_DEST_ETC/*