6,11 → 6,13 |
# This script is distributed under the Gnu General Public License (GPL) |
|
# Ce script permet la mise à jour ALCASAR |
# - création et chargement de l'archive des fichiers de configuration (/tmp/alcasar-conf.tar.gz) |
# - application des directives du fichier de conf central (/usr/local/etc/alcasar.conf) |
# - création de l'archive des fichiers de configuration (/tmp/alcasar-conf.tar.gz) |
# - chargement d'une archive (lors de la mise à jour d'un alcasar) |
# - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" (lors d'un changement de conf à chaud) |
# This script allows ALCASAR update |
# - create and load the configuration files backup (/tmp/alcasar-conf.tar.gz) |
# - apply ALCASAR central configuration file (/usr/local/etc/alcasar.conf) |
# - create the configuration files backup (/tmp/alcasar-conf.tar.gz) |
# - load the bachup of configuration files (during the update process) |
# - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" (when hot modification are needed) |
|
new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers |
fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde |
37,11 → 39,17 |
DATE=`date '+%d %B %Y - %Hh%M'` |
private_network_calc () |
{ |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24) |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0) |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24) |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24) |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0) |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24) |
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # classes de réseau (ex.: 2=classe B, 3=classe C) |
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.) |
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.) |
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255) |
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address |
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast |
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1) |
PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2` # second network address (ex.: 192.168.182.2) |
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254) |
} |
|
usage="Usage: alcasar-conf.sh {--create or -create} | {--load or -load} | {--apply or -apply}" |
60,10 → 68,6 |
--create|-create) |
[ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE |
mkdir $DIR_UPDATE |
# Sauvegarde du fichier général de DNSMASQ ---- provisoire le temps que le bug de dnsmasq soit corrigé. |
if [ `grep -c "^OPTIONS=\"\$OPTIONS --server=" /etc/sysconfig/dnsmasq` -eq "1" ] |
then cp /etc/sysconfig/dnsmasq $DIR_UPDATE |
fi |
# Sauvegarde de la base des usagers |
/usr/local/sbin/alcasar-mysql.sh -dump |
cp /var/Save/base/`ls /var/Save/base|tail -1` $DIR_UPDATE |
234,14 → 238,10 |
--load|-load) |
cd /tmp |
tar -xf /tmp/alcasar-conf*.tar.gz |
# récupération du fichier général de dnsmasq en attendant sa correction du bug pour les DNS externes |
[ -e $DIR_UPDATE/dnsmasq ] && cp -f $DIR_UPDATE/dnsmasq /etc/sysconfig/dnsmasq \ |
&& chown root.root /etc/sysconfig/dnsmasq \ |
&& chmod 644 /etc/sysconfig/dnsmasq |
# Récupération du logo |
# Retrieve the logo |
[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/ |
chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php |
# Récupération des certificats (CA et serveur) |
# Retrieve the security certificates (CA and server) |
[ -e $DIR_UPDATE/alcasar-ca.crt ] && cp -f $DIR_UPDATE/alcasar-ca.crt /etc/pki/CA/ |
[ -e $DIR_UPDATE/alcasar-ca.key ] && cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/ |
[ -e $DIR_UPDATE/alcasar.crt ] && cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/ |
249,11 → 249,11 |
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt /etc/pki/tls/certs/ |
chown -R root:apache /etc/pki |
chmod -R 750 /etc/pki |
# Import de la dernière base usagers |
# Import of the users database |
mysql -u$DB_USER -p$radiuspwd < `ls $DIR_UPDATE/radius*` |
# Récupération des paramêtres locaux. Suppression des fichier de la blacklist (dorénavant exploités dans /usr/local/share) |
# Retrieve lacal parameters & Remove blacklist files (now in /usr/local/share) |
[ -d $DIR_UPDATE/etc ] && rm -rf $DIR_UPDATE/etc/alcasar-dnsfilter* && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/ |
# Récupération des fichiers de Dansguardian |
# Retrieve Dansguardian files |
[ -e $DIR_UPDATE/exceptioniplist ] && cp -f $DIR_UPDATE/exceptioniplist /etc/dansguardian/lists/ |
[ -e $DIR_UPDATE/exceptionsitelist ] && cp -f $DIR_UPDATE/exceptionsitelist /etc/dansguardian/lists/ |
[ -e $DIR_UPDATE/urlregexplist ] && cp -f $DIR_UPDATE/urlregexplist /etc/dansguardian/lists/ |
263,13 → 263,16 |
[ -d $DIR_UPDATE/ossi ] && cp -rf $DIR_UPDATE/ossi /etc/dansguardian/lists/blacklists/ |
chown -R dansguardian:apache /etc/dansguardian/lists |
chmod -R g+rw /etc/dansguardian/lists |
# Start / Stop DNS/URL filtering |
PARENT_SCRIPT=$0 |
# Adapt DNS/URL filtering |
PARENT_SCRIPT=`basename $0` |
export PARENT_SCRIPT |
$DIR_SBIN/alcasar-bl.sh -adapt |
$DIR_SBIN/alcasar-bl.sh -reload |
[ -e $DIR_UPDATE/dnsmasq ] && cp -f $DIR_UPDATE/dnsmasq /etc/sysconfig/dnsmasq |
# Prise en compte des comptes de gestion (admin + manager + backup) |
# retrieve dnsmasq general config file |
[ -e $DIR_UPDATE/dnsmasq ] && cp -f $DIR_UPDATE/dnsmasq /etc/sysconfig/dnsmasq \ |
&& chown root.root /etc/sysconfig/dnsmasq \ |
&& chmod 644 /etc/sysconfig/dnsmasq |
# admin profile update (admin + manager + backup) |
$DIR_SBIN/alcasar-profil.sh --list |
# Start / Stop SSH Daemon |
ssh_active=`grep SSH $CONF_FILE|cut -d"=" -f2` |
279,7 → 282,7 |
else |
/sbin/chkconfig --del sshd |
fi |
# Effacement du répertoire d'update |
# Remove the update folder |
rm -rf $DIR_UPDATE |
;; |
--apply|-apply) |
325,22 → 328,24 |
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` |
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` |
private_network_calc |
VERSION=`grep VERSION $CONF_FILE|cut -d"=" -f2` |
INSTALL_DATE=`grep INSTALL_DATE $CONF_FILE|cut -d"=" -f2` |
ORGANISME=`grep ORGANISM $CONF_FILE|cut -d"=" -f2` |
DOMAIN=`grep DOMAIN $CONF_FILE|cut -d"=" -f2` |
DHCP_mode=`grep DHCP= $CONF_FILE|cut -d"=" -f2` |
if [ $DHCP_mode = "off" ] |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage |
then |
$DIR_SBIN/alcasar-dhcp.sh --off |
fi |
if [ $DHCP_mode = "off" ] |
then |
$DIR_SBIN/alcasar-dhcp.sh --off |
fi |
# Logout everybody |
$DIR_SBIN/alcasar-logout.sh all |
$DIR_SBIN/alcasar-logout.sh all |
# Services stop |
for i in squid ntpd chilli httpd network |
do |
[ -e /etc/init.d/$i ] && /etc/init.d/$i stop && killall $i 2>/dev/null |
done |
for i in squid ntpd chilli httpd network |
do |
[ -e /etc/init.d/$i ] && /etc/init.d/$i stop && killall $i 2>/dev/null |
done |
fi |
|
# /etc/hosts |
cat <<EOF > /etc/hosts |
361,7 → 366,6 |
ntpd: $PRIVATE_NETWORK_SHORT |
EOF |
# Alcasar Control Center |
echo "$VERSION du $INSTALL_DATE" > /var/www/html/VERSION; chown apache:apache /var/www/html/VERSION |
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf |
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf` |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL |
388,7 → 392,7 |
echo "server=$DNS1" >> $i |
echo "server=$DNS2" >> $i |
done |
$SED "s?^dhcp-range=.*?dhcp-range=$PRIVATE_IP,192.168.182.254,$PRIVATE_NETMASK,12h?g" /etc/dnsmasq.conf |
$SED "s?^dhcp-range=.*?dhcp-range=$PRIVATE_SECOND_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h?g" /etc/dnsmasq.conf |
$SED "s?^dhcp-option=option:router.*?dhcp-option=option:router,$PRIVATE_IP?g" /etc/dnsmasq.conf |
# DG + BL |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf |
403,24 → 407,32 |
$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc |
# sudoers |
$SED "s?^Host_Alias.*?Host_Alias LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost #réseau de l'organisme?g" /etc/sudoers |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage |
then |
# Services start |
for i in network squid ntpd chilli httpd |
do |
[ -e /etc/init.d/$i ] && /etc/init.d/$i start 2>/dev/null |
done |
for i in network squid ntpd chilli httpd |
do |
[ -e /etc/init.d/$i ] && /etc/init.d/$i start |
done |
# Reload BL (restart DG, dnsmasq & iptables) |
$DIR_SBIN/alcasar-bl.sh -reload |
fi |
# Start / Stop SSH Daemon |
ssh_active=`grep SSH $CONF_FILE|cut -d"=" -f2` |
if [ $ssh_active = "on" ] |
then |
/sbin/chkconfig --add sshd |
/etc/init.d/sshd start |
/bin/systemctl enable sshd.service |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage |
then |
/bin/systemctl start sshd.service |
fi |
else |
/sbin/chkconfig --del sshd |
echo "Au redémarrage du serveur, le service SSH sera désactivé !!! ; au besoin l'activer dans l'interface de gestion." |
sleep 2 |
/bin/systemctl disable sshd.service |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage |
then |
/bin/systemctl stop sshd.service |
fi |
fi |
# Reload BL (restart DG, dnsmasq & iptables) |
$DIR_SBIN/alcasar-bl.sh -reload |
;; |
*) |
echo "Argument inconnu :$1"; |