Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 3189 → Rev 3190

/scripts/alcasar-bl-autoupdate.sh
39,7 → 39,7
#if [ $(echo $MAX_TLD | wc -c) -eq 0 ];then
# MAX_TLD=18
#fi
# search for correction egrep "([a-zA-Z0-9_-.]+\.){1,2}[a-zA-Z]{2,$MAX_TLD}" $ossi_custom_dir/domains > $FILE_tmp
# search for correction grep -E "([a-zA-Z0-9_-.]+\.){1,2}[a-zA-Z]{2,$MAX_TLD}" $ossi_custom_dir/domains > $FILE_tmp
}
 
usage="Usage: alcasar-bl-autoupdate.sh { -update_cat or --update_cat | -update_ossi-bl-candc or --update_ossi-bl-candc }"
/scripts/alcasar-bl.sh
107,7 → 107,7
#if [ $(echo $MAX_TLD | wc -c) -eq 0 ];then
# MAX_TLD=18
#fi
# search for correction egrep "([a-zA-Z0-9_-.]+\.){1,2}[a-zA-Z]{2,$MAX_TLD}" $ossi_custom_dir/domains > $FILE_tmp
# search for correction grep -E "([a-zA-Z0-9_-.]+\.){1,2}[a-zA-Z]{2,$MAX_TLD}" $ossi_custom_dir/domains > $FILE_tmp
}
 
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload }"
/scripts/alcasar-conf.sh
212,7 → 212,7
--apply|-apply)
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
if ! echo $PRIVATE_IP_MASK | egrep -q $PTN
if ! echo $PRIVATE_IP_MASK | grep -q -E $PTN
then
echo "Syntax error for PRIVATE_IP_MASK ($PRIVATE_IP_MASK)"
exit 0
226,7 → 226,7
DNS1=`echo $DHCP_DNS_servers | cut -d"," -f1`
DNS2=`echo $DHCP_DNS_servers | cut -d"," -f2`
else
if ! echo $PUBLIC_IP_MASK | egrep -q $PTN
if ! echo $PUBLIC_IP_MASK | grep -q -E $PTN
then
echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"
exit 0
234,19 → 234,19
PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1`
PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
PUBLIC_GATEWAY=`grep ^GW= $CONF_FILE|cut -d"=" -f2`
if ! echo $PUBLIC_GATEWAY | egrep -q $PTN
if ! echo $PUBLIC_GATEWAY | grep -q -E $PTN
then
echo "Syntax error for the Gateway IP ($PUBLIC_GATEWAY)"
exit 0
fi
DNS1=`grep ^DNS1= $CONF_FILE|cut -d"=" -f2`
if ! echo $DNS1 | egrep -q $PTN
if ! echo $DNS1 | grep -q -E $PTN
then
echo "Syntax error for the IP address of the first DNS server ($DNS1)"
exit 0
fi
DNS2=`grep ^DNS2= $CONF_FILE|cut -d"=" -f2`
if ! echo $DNS2 | egrep -q $PTN
if ! echo $DNS2 | grep -q -E $PTN
then
echo "Syntax error for the IP address of the second DNS server ($DNS2)"
exit 0
/scripts/alcasar-daemon.sh
44,7 → 44,7
-after-update)
# TODO : check precisely which processes should be restarted (reboot the system or restart alcasar processes)
# extract processes name : for i in `dnf needs-restarting|cut -d " " -f3|sort -u|tr -d ":"|rev|cut -d"/" -f1|rev`;do;echo $i;done
# system_processes=`dnf needs-restarting|egrep 'dbus|python|systemd|agetty'|wc -l` # processes to be restarted after glibc update
# system_processes=`dnf needs-restarting|grep -E 'dbus|python|systemd|agetty'|wc -l` # processes to be restarted after glibc update
nb_processes=`dnf needs-restarting|wc -l`
if [ $nb_processes -ne 0 ]; then
reboot
/scripts/alcasar-iptables-bypass.sh
23,7 → 23,7
if [[ "$public_ip_mask" == "dhcp" ]]
then
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
public_ip_mask=`ip addr show $EXTIF | egrep -o $PTN`
public_ip_mask=`ip addr show $EXTIF | grep -o -E $PTN`
fi
PUBLIC_IP=`echo $public_ip_mask | cut -d"/" -f1`
SSH_LAN=`grep ^SSH_LAN= $CONF_FILE|cut -d"=" -f2` # SSH LAN port
/scripts/alcasar-iptables.sh
27,7 → 27,7
then
dhcp_on_extif="on"
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
public_ip_mask=`ip addr show $EXTIF | egrep -o $PTN`
public_ip_mask=`ip addr show $EXTIF | grep -o -E $PTN`
fi
PUBLIC_IP=`echo $public_ip_mask | cut -d"/" -f1`
dns1=`grep ^DNS1= $CONF_FILE|cut -d"=" -f2`
478,7 → 478,7
else
custom_tcp_protocols_list=`echo $custom_tcp_protocols_list","$svc_port`
fi
udp_svc=`egrep "[[:space:]]$svc_port/udp" /etc/services|wc -l`
udp_svc=`grep -E "[[:space:]]$svc_port/udp" /etc/services|wc -l`
if [ $udp_svc = "1" ] # udp service exist
then
if [ "$custom_udp_protocols_list" == "" ]
/scripts/alcasar-rpm.sh
9,10 → 9,10
 
Lang=`echo $LANG|cut -c 1-2`
SED="/bin/sed -i"
VERSION="8"
VERSION="9"
ARCH="x86_64"
# The kernel version we compile netflow for
KERNEL="kernel-server-5.15.126-1.mga8-1-1.mga8"
KERNEL="kernel-server-6.6.22-1.mga9"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
# (old) perl-Socket6 : needed by nfsen
# "fonts-dejavu-common" & "fonts-ttf-dejavu" : fonts needed by wkhtmltopdf
20,7 → 20,7
# "socat" : avoid a warning when run the install script of letsencrypt ("acme.sh")
# "sudo" : needed after a reinstallation (to be investigated)
# "postfix" + "cyrus-sasl" + "lib64sasl2-plug-plain" : email registration method
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-dom php-filter unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware kernel-firmware-nonfree dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop"
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-dom php-filter unbound e2guardian postfix mariadb ntpsec bind-utils openssh-server rng-utils rsync fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware kernel-firmware-nonfree dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop"
 
rpm_repository_sync ()
{
41,7 → 41,6
# restore previous rpm conf file & removed RPMs
[ -e /etc/urpmi/urpmi.cfg.old ] && mv /etc/urpmi/urpmi.cfg.old /etc/urpmi/urpmi.cfg
urpmi --no-verify-rpm --auto rpms/$ARCH/wkhtmltopdf*.rpm
urpmi --auto --quiet freeradius-ldap lighttpd-mod_auth
echo
if [ $Lang == "fr" ]
then
53,28 → 52,6
fi
}
 
# extract the current Mageia version and hardware architecture (i586 ou X64)
fic=`cat /etc/product.id`
old="$IFS"
IFS=","
set $fic
for i in $*
do
if [ "`echo $i|grep distribution|cut -d'=' -f1`" == "distribution" ]
then
DISTRIBUTION=`echo $i|cut -d"=" -f2`
fi
if [ "`echo $i|grep version|cut -d'=' -f1`" == "version" ]
then
CURRENT_VERSION=`echo $i|cut -d"=" -f2`
fi
if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ]
then
ARCH=`echo $i|cut -d"=" -f2`
fi
done
IFS="$old"
 
# We prefer wget than curl
urpmi --no-verify-rpm --auto rpms/$ARCH/wget*.rpm
 
130,15 → 107,12
 
# At this time, we only skip Kernel update
echo "/^kernel/" > /etc/urpmi/skip.list
if [ `egrep '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
if [ `grep -E '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
$SED "s?^exclude=.*?exclude=kernel\*?g" /etc/dnf/dnf.conf
else
echo "exclude=kernel*" >> /etc/dnf/dnf.conf
fi
 
# Remove some RPMs in order to avoid error and automatic update
urpme wkhtmltopdf freeradius-ldap lighttpd-mod_auth
 
# download the kernel used by ALCASAR
if [ $Lang == "fr" ]
then
/scripts/alcasar-uninstall.sh
396,7 → 396,7
 
# Reset "skip.list" (we keep "kernel" in order not to download kernel we don't want to have)
echo "/^kernel/" > /etc/urpmi/skip.list
if [ `egrep '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
if [ `grep -E '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
$SED "s?^exclude=.*?exclude=kernel\*?g" /etc/dnf/dnf.conf
else
echo "exclude=kernel*" >> /etc/dnf/dnf.conf
/scripts/alcasar-watchdog.sh
82,7 → 82,7
if [ "$MULTIWAN" == "off" ] || [ "$MULTIWAN" == "Off" ]
then
IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3`
arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
arp_reply=`LANG=en_US.UTF-8 /usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
if [ $arp_reply -eq "0" ]
then
LAN_DOWN="2"
164,7 → 164,7
# IP usurpation test : process only equipment with an authenticated user
if [[ $(expr $active_session) -eq 1 ]]
then
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $active_ip|grep -c "Unicast reply"`
arp_reply=`LANG=en_US.UTF-8 /usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c1 -w4 $active_ip|grep -c "Unicast reply"`
# disconnect users whose equipement is usurped. For example, if there are 2 same @MAC it will make 2 lines in output.
if [[ $(expr $arp_reply) -gt 1 ]]
then