| 6,11 → 6,13 |
|---|
| # This script is distributed under the Gnu General Public License (GPL) |
| |
| # Ce script permet la mise à jour ALCASAR |
| # - création et chargement de l'archive des fichiers de configuration (/tmp/alcasar-conf.tar.gz) |
| # - application des directives du fichier de conf central (/usr/local/etc/alcasar.conf) |
| # - création de l'archive des fichiers de configuration (/tmp/alcasar-conf.tar.gz) |
| # - chargement d'une archive (lors de la mise à jour d'un alcasar) |
| # - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" (lors d'un changement de conf à chaud) |
| # This script allows ALCASAR update |
| # - create and load the configuration files backup (/tmp/alcasar-conf.tar.gz) |
| # - apply ALCASAR central configuration file (/usr/local/etc/alcasar.conf) |
| # - create the configuration files backup (/tmp/alcasar-conf.tar.gz) |
| # - load the bachup of configuration files (during the update process) |
| # - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" (when hot modification are needed) |
| |
| new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers |
| fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde |
| 37,11 → 39,17 |
|---|
| DATE=`date '+%d %B %Y - %Hh%M'` |
| private_network_calc () |
| { |
| PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24) |
| PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0) |
| PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24) |
| PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24) |
| PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0) |
| PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24) |
| classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # classes de réseau (ex.: 2=classe B, 3=classe C) |
| PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.) |
| PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.) |
| PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255) |
| private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address |
| private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast |
| PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1) |
| PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2` # second network address (ex.: 192.168.182.2) |
| PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254) |
| } |
| |
| usage="Usage: alcasar-conf.sh {--create or -create} | {--load or -load} | {--apply or -apply}" |
| 60,10 → 68,6 |
|---|
| --create|-create) |
| [ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE |
| mkdir $DIR_UPDATE |
| # Sauvegarde du fichier général de DNSMASQ ---- provisoire le temps que le bug de dnsmasq soit corrigé. |
| if [ `grep -c "^OPTIONS=\"\$OPTIONS --server=" /etc/sysconfig/dnsmasq` -eq "1" ] |
| then cp /etc/sysconfig/dnsmasq $DIR_UPDATE |
| fi |
| # Sauvegarde de la base des usagers |
| /usr/local/sbin/alcasar-mysql.sh -dump |
| cp /var/Save/base/`ls /var/Save/base|tail -1` $DIR_UPDATE |
| 234,14 → 238,10 |
|---|
| --load|-load) |
| cd /tmp |
| tar -xf /tmp/alcasar-conf*.tar.gz |
| # récupération du fichier général de dnsmasq en attendant sa correction du bug pour les DNS externes |
| [ -e $DIR_UPDATE/dnsmasq ] && cp -f $DIR_UPDATE/dnsmasq /etc/sysconfig/dnsmasq \ |
| && chown root.root /etc/sysconfig/dnsmasq \ |
| && chmod 644 /etc/sysconfig/dnsmasq |
| # Récupération du logo |
| # Retrieve the logo |
| [ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/ |
| chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php |
| # Récupération des certificats (CA et serveur) |
| # Retrieve the security certificates (CA and server) |
| [ -e $DIR_UPDATE/alcasar-ca.crt ] && cp -f $DIR_UPDATE/alcasar-ca.crt /etc/pki/CA/ |
| [ -e $DIR_UPDATE/alcasar-ca.key ] && cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/ |
| [ -e $DIR_UPDATE/alcasar.crt ] && cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/ |
| 249,11 → 249,11 |
|---|
| [ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt /etc/pki/tls/certs/ |
| chown -R root:apache /etc/pki |
| chmod -R 750 /etc/pki |
| # Import de la dernière base usagers |
| # Import of the users database |
| mysql -u$DB_USER -p$radiuspwd < `ls $DIR_UPDATE/radius*` |
| # Récupération des paramêtres locaux. Suppression des fichier de la blacklist (dorénavant exploités dans /usr/local/share) |
| # Retrieve lacal parameters & Remove blacklist files (now in /usr/local/share) |
| [ -d $DIR_UPDATE/etc ] && rm -rf $DIR_UPDATE/etc/alcasar-dnsfilter* && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/ |
| # Récupération des fichiers de Dansguardian |
| # Retrieve Dansguardian files |
| [ -e $DIR_UPDATE/exceptioniplist ] && cp -f $DIR_UPDATE/exceptioniplist /etc/dansguardian/lists/ |
| [ -e $DIR_UPDATE/exceptionsitelist ] && cp -f $DIR_UPDATE/exceptionsitelist /etc/dansguardian/lists/ |
| [ -e $DIR_UPDATE/urlregexplist ] && cp -f $DIR_UPDATE/urlregexplist /etc/dansguardian/lists/ |
| 263,13 → 263,16 |
|---|
| [ -d $DIR_UPDATE/ossi ] && cp -rf $DIR_UPDATE/ossi /etc/dansguardian/lists/blacklists/ |
| chown -R dansguardian:apache /etc/dansguardian/lists |
| chmod -R g+rw /etc/dansguardian/lists |
| # Start / Stop DNS/URL filtering |
| PARENT_SCRIPT=$0 |
| # Adapt DNS/URL filtering |
| PARENT_SCRIPT=`basename $0` |
| export PARENT_SCRIPT |
| $DIR_SBIN/alcasar-bl.sh -adapt |
| $DIR_SBIN/alcasar-bl.sh -reload |
| [ -e $DIR_UPDATE/dnsmasq ] && cp -f $DIR_UPDATE/dnsmasq /etc/sysconfig/dnsmasq |
| # Prise en compte des comptes de gestion (admin + manager + backup) |
| # retrieve dnsmasq general config file |
| [ -e $DIR_UPDATE/dnsmasq ] && cp -f $DIR_UPDATE/dnsmasq /etc/sysconfig/dnsmasq \ |
| && chown root.root /etc/sysconfig/dnsmasq \ |
| && chmod 644 /etc/sysconfig/dnsmasq |
| # admin profile update (admin + manager + backup) |
| $DIR_SBIN/alcasar-profil.sh --list |
| # Start / Stop SSH Daemon |
| ssh_active=`grep SSH $CONF_FILE|cut -d"=" -f2` |
| 279,7 → 282,7 |
|---|
| else |
| /sbin/chkconfig --del sshd |
| fi |
| # Effacement du répertoire d'update |
| # Remove the update folder |
| rm -rf $DIR_UPDATE |
| ;; |
| --apply|-apply) |
| 325,22 → 328,24 |
|---|
| PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` |
| PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` |
| private_network_calc |
| VERSION=`grep VERSION $CONF_FILE|cut -d"=" -f2` |
| INSTALL_DATE=`grep INSTALL_DATE $CONF_FILE|cut -d"=" -f2` |
| ORGANISME=`grep ORGANISM $CONF_FILE|cut -d"=" -f2` |
| DOMAIN=`grep DOMAIN $CONF_FILE|cut -d"=" -f2` |
| DHCP_mode=`grep DHCP= $CONF_FILE|cut -d"=" -f2` |
| if [ $DHCP_mode = "off" ] |
| if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage |
| then |
| $DIR_SBIN/alcasar-dhcp.sh --off |
| fi |
| if [ $DHCP_mode = "off" ] |
| then |
| $DIR_SBIN/alcasar-dhcp.sh --off |
| fi |
| # Logout everybody |
| $DIR_SBIN/alcasar-logout.sh all |
| $DIR_SBIN/alcasar-logout.sh all |
| # Services stop |
| for i in squid ntpd chilli httpd network |
| do |
| [ -e /etc/init.d/$i ] && /etc/init.d/$i stop && killall $i 2>/dev/null |
| done |
| for i in squid ntpd chilli httpd network |
| do |
| [ -e /etc/init.d/$i ] && /etc/init.d/$i stop && killall $i 2>/dev/null |
| done |
| fi |
| |
| # /etc/hosts |
| cat <<EOF > /etc/hosts |
| 361,7 → 366,6 |
|---|
| ntpd: $PRIVATE_NETWORK_SHORT |
| EOF |
| # Alcasar Control Center |
| echo "$VERSION du $INSTALL_DATE" > /var/www/html/VERSION; chown apache:apache /var/www/html/VERSION |
| $SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf |
| FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf` |
| $SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL |
| 388,7 → 392,7 |
|---|
| echo "server=$DNS1" >> $i |
| echo "server=$DNS2" >> $i |
| done |
| $SED "s?^dhcp-range=.*?dhcp-range=$PRIVATE_IP,192.168.182.254,$PRIVATE_NETMASK,12h?g" /etc/dnsmasq.conf |
| $SED "s?^dhcp-range=.*?dhcp-range=$PRIVATE_SECOND_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h?g" /etc/dnsmasq.conf |
| $SED "s?^dhcp-option=option:router.*?dhcp-option=option:router,$PRIVATE_IP?g" /etc/dnsmasq.conf |
| # DG + BL |
| $SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf |
| 403,24 → 407,32 |
|---|
| $SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc |
| # sudoers |
| $SED "s?^Host_Alias.*?Host_Alias LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost #réseau de l'organisme?g" /etc/sudoers |
| if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage |
| then |
| # Services start |
| for i in network squid ntpd chilli httpd |
| do |
| [ -e /etc/init.d/$i ] && /etc/init.d/$i start 2>/dev/null |
| done |
| for i in network squid ntpd chilli httpd |
| do |
| [ -e /etc/init.d/$i ] && /etc/init.d/$i start |
| done |
| # Reload BL (restart DG, dnsmasq & iptables) |
| $DIR_SBIN/alcasar-bl.sh -reload |
| fi |
| # Start / Stop SSH Daemon |
| ssh_active=`grep SSH $CONF_FILE|cut -d"=" -f2` |
| if [ $ssh_active = "on" ] |
| then |
| /sbin/chkconfig --add sshd |
| /etc/init.d/sshd start |
| /bin/systemctl enable sshd.service |
| if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage |
| then |
| /bin/systemctl start sshd.service |
| fi |
| else |
| /sbin/chkconfig --del sshd |
| echo "Au redémarrage du serveur, le service SSH sera désactivé !!! ; au besoin l'activer dans l'interface de gestion." |
| sleep 2 |
| /bin/systemctl disable sshd.service |
| if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage |
| then |
| /bin/systemctl stop sshd.service |
| fi |
| fi |
| # Reload BL (restart DG, dnsmasq & iptables) |
| $DIR_SBIN/alcasar-bl.sh -reload |
| ;; |
| *) |
| echo "Argument inconnu :$1"; |