Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1757 → Rev 1758

/scripts/alcasar-conf.sh
6,13 → 6,13
# This script is distributed under the Gnu General Public License (GPL)
 
# Ce script permet la mise à jour ALCASAR
# - création de l'archive des fichiers de configuration (/tmp/alcasar-conf.tar.gz)
# - chargement d'une archive (lors de la mise à jour d'un alcasar)
# - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" (lors d'un changement de conf à chaud)
# - création de l'archive des fichiers de configuration dans "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
# - chargement de l'archive de fichiers de configuration lors de la mise à jour d'un alcasar (alcasar-conf -load)
# - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" lors d'un changement de conf réseau à chaud (alcasar-conf -apply)
# This script allows ALCASAR update
# - create the configuration files backup (/tmp/alcasar-conf.tar.gz)
# - load the bachup of configuration files (during the update process)
# - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" (when hot modification are needed)
# - create the configuration files backup "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
# - load the bachup of configuration files during the update process (alcasar-conf -load)
# - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification is needed (alcasar-conf -apply)
 
new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers
fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde
68,12 → 68,12
--create|-create)
[ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE
mkdir $DIR_UPDATE
# Sauvegarde de la base des usagers
# backup the users database
$DIR_SBIN/alcasar-mysql.sh -dump
cp /var/Save/base/`ls /var/Save/base|tail -1` $DIR_UPDATE
# Sauvegarde du logo
# backup the logo
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
# Sauvegarde des fichiers exploités par dansguardian
# backup Dansguardian files
cp -f /etc/dansguardian/lists/exceptioniplist $DIR_UPDATE
cp -f /etc/dansguardian/lists/urlregexplist $DIR_UPDATE
cp -f /etc/dansguardian/lists/exceptionsitelist $DIR_UPDATE
81,13 → 81,12
cp -f /etc/dansguardian/lists/exceptionurllist $DIR_UPDATE
cp -f /etc/dansguardian/lists/bannedurllist $DIR_UPDATE
cp -rf /etc/dansguardian/lists/blacklists/ossi $DIR_UPDATE
# sauvegarde des fichiers : de conf, de filtrage, d'exception, digest, etc.
# backup of different conf files (main conf file, filtering, digest, etc)
mkdir $DIR_UPDATE/etc/
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
# sauvegarde des certificats (serveur et CA)
cert_date=`/usr/bin/openssl x509 -noout -in /etc/pki/tls/certs/alcasar.crt -dates|grep After|cut -d"=" -f2`
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE
cp -f /etc/pki/tls/private/alcasar.key $DIR_UPDATE
# backup of the security certificates (server & CA)
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE # autosigned & official if exist
cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE
if [ -e /etc/pki/tls/certs/server-chain.crt ]; then
95,11 → 94,9
else
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt
fi
# DNSMASQ conf file
# backup DNSMASQ conf file
cp /etc/sysconfig/dnsmasq $DIR_UPDATE
# ALCASAR conf file
cp $CONF_FILE $DIR_UPDATE/etc/
# création de l'archive et copie dans le répertoire WEB associé
# archive file creation
cd /tmp
tar -cf alcasar-conf.tar conf/
gzip -f alcasar-conf.tar
112,10 → 109,10
[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
# Retrieve the security certificates (CA and server)
[ -e $DIR_UPDATE/alcasar-ca.crt ] && cp -f $DIR_UPDATE/alcasar-ca.crt /etc/pki/CA/
[ -e $DIR_UPDATE/alcasar-ca.key ] && cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/
[ -e $DIR_UPDATE/alcasar.crt ] && cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
[ -e $DIR_UPDATE/alcasar.key ] && cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt /etc/pki/tls/certs/
chown -R root:apache /etc/pki
chmod -R 750 /etc/pki
124,13 → 121,13
# Retrieve local parameters & Remove blacklist files (now in /usr/local/share)
[ -d $DIR_UPDATE/etc ] && rm -rf $DIR_UPDATE/etc/alcasar-dnsfilter* && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
# Retrieve Dansguardian files
[ -e $DIR_UPDATE/exceptioniplist ] && cp -f $DIR_UPDATE/exceptioniplist /etc/dansguardian/lists/
[ -e $DIR_UPDATE/exceptionsitelist ] && cp -f $DIR_UPDATE/exceptionsitelist /etc/dansguardian/lists/
[ -e $DIR_UPDATE/urlregexplist ] && cp -f $DIR_UPDATE/urlregexplist /etc/dansguardian/lists/
[ -e $DIR_UPDATE/bannedsitelist ] && cp -f $DIR_UPDATE/bannedsitelist /etc/dansguardian/lists/
[ -e $DIR_UPDATE/exceptionurllist ] && cp -f $DIR_UPDATE/exceptionurllist /etc/dansguardian/lists/
[ -e $DIR_UPDATE/bannedurllist ] && cp -f $DIR_UPDATE/bannedurllist /etc/dansguardian/lists/
[ -d $DIR_UPDATE/ossi ] && cp -rf $DIR_UPDATE/ossi /etc/dansguardian/lists/blacklists/
cp -f $DIR_UPDATE/exceptioniplist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/exceptionsitelist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/urlregexplist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/bannedsitelist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/exceptionurllist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/bannedurllist /etc/dansguardian/lists/
cp -rf $DIR_UPDATE/ossi /etc/dansguardian/lists/blacklists/
chown -R dansguardian:apache /etc/dansguardian/lists
chmod -R g+rw /etc/dansguardian/lists
# Adapt DNS/URL filtering
152,6 → 149,13
else
/usr/bin/systemctl -q disable sshd.service
fi
# modifications added with this version (2.9.2)
# add "HOSTNAME=" in alcasar.conf
hostname_defined=`grep ^HOSTNAME= $CONF_FILE|wc -l`
if [ $hostname_define = "0" ]
then
$SED "/^DOMAIN=/iHOSTNAME=alcasar" $CONF_FILE
fi
# Remove the update folder
rm -rf $DIR_UPDATE
;;
/scripts/alcasar-importcert.sh
27,11 → 27,12
 
function defaultNdd()
{
$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf
$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf
$SED "s/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g" /etc/hosts
$SED "s/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g" /etc/chilli.conf
$SED "s/^domain.*/domain\t\tlocaldomain/g" /etc/chilli.conf
$SED "s/^ServerName.*/ServerName alcasar.localdomain/g" /etc/httpd/conf/httpd.conf
$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
hostnamectl set-hostname alcasar.localdomain
$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf
60,6 → 61,7
echo "fqdn=$fqdn hostname=$hostname domain=$domain"
if [ "$fqdn" != "" ]
then
$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
cat <<EOF > /etc/hosts
127.0.0.1 localhost