Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 619 → Rev 628

/scripts/alcasar-conf.sh
8,7 → 8,11
DIR_BIN="/usr/local/bin" # répertoire des scripts d'admin
DIR_SBIN="/usr/local/sbin" # répertoire des scripts d'admin
DIR_ETC="/usr/local/etc" # répertoire des fichiers de conf
CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file
VERSION="/var/www/html/VERSION" # contient la version en cours
EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI)
INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation
HOSTNAME="alcasar"
DB_USER="radius"
radiuspwd=""
SED="/bin/sed -i"
16,8 → 20,30
MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1`
MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1`
UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3`
DATE=`date '+%d %B %Y - %Hh%M'`
private_network_calc ()
{
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0)
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24)
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # classes de réseau (ex.: 2=classe B, 3=classe C)
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.)
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # @ broadcast réseau de consultation (ex.: 192.168.182.255)
tmp_mask=`echo $PRIVATE_NETWORK_MASK|cut -d"/" -f2`; half_mask=`expr $tmp_mask + 1` # masque du 1/2 réseau de consultation (ex.: 25)
PRIVATE_STAT_IP=$PRIVATE_NETWORK/$half_mask # plage des adresses statiques (ex.: 192.168.182.0/25)
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # dernier octet de l'@ de réseau
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # dernier octet de l'@ de broadcast
private_plage=`expr $private_broadcast_ending - $private_network_ending + 1`
private_half_plage=`expr $private_plage / 2`
private_dyn=`expr $private_half_plage + $private_network_ending`
private_dyn_ip_network=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`"."$private_dyn"."`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup_sup-5`
PRIVATE_DYN_IP=`echo $private_dyn_ip_network | cut -d"." -f1-4`/$half_mask # @ réseau (CIDR) de la plage des adresses dynamiques (ex.: 192.168.182.128/25)
private_dyn_ip_ending=`echo $private_dyn_ip_network | cut -d"." -f4`
PRIVATE_DYN_FIRST_IP=`echo $private_dyn_ip_network | cut -d"." -f1-3`"."`expr $private_dyn_ip_ending + 1` # 1ère adresse de la plage dynamique (ex.: 192.168.182.129)
PRIVATE_DYN_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # dernière adresse de la plage dynamique (ex.: 192.168.182.254)
}
 
usage="Usage: alcasar-conf.sh --create | --load"
usage="Usage: alcasar-conf.sh --create | --load | --apply"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
78,8 → 104,54
# si version < 2.2
if ([ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 2 ]))
then
rm -f $DIR_UPDATE/etc/alcasar-ethers # ce fichier doit être lisse de commentaires
rm -f $DIR_UPDATE/etc/alcasar-ethers # This file doesn't contain comments
# Create the initial conf file (doesn't exist in earlier versions)
cat <<EOF > $CONF_FILE
##########################################
## ##
## ALCASAR Parameters ##
## ##
##########################################
 
INSTALL_DATE=$DATE
VERSION=$RUNNING_VERSION
ORGANISM=
EOF
PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` # @ip du portail (côté Internet)
PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 1er DNS
DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 2ème DNS
DNS1=${DNS1:=208.67.220.220}
DNS2=${DNS2:=208.67.222.222}
PRIVATE_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$INTIF|cut -d"=" -f2` # @ip du portail (côté LAN)
PRIVATE_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$INTIF|cut -d"=" -f2`
private_network_calc
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
echo "DNS1=$DNS1" >> $CONF_FILE
echo "DNS2=$DNS2" >> $CONF_FILE
echo "PRIVATE_IP=$PRIVATE_IP/$PRIVATE_PREFIX" >> $CONF_FILE
echo "DHCP=on" >> $CONF_FILE
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $CONF_FILE
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $CONF_FILE
if [ -r /var/run/sshd.pid ]; then
echo "SSH=on" >> $CONF_FILE
else
echo "SSH=off" >> $CONF_FILE
fi
echo "QOS=off" >> $CONF_FILE
if [ `grep ^ldap /etc/raddb/sites-available/alcasar | wc -l` -eq "0" ]; then
echo "LDAP=off" >> $CONF_FILE
else
echo "LDAP=on" >> $CONF_FILE
fi
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
echo "DNS_FILTERING=off" >> $CONF_FILE
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
fi
cp $CONF_FILE $DIR_UPDATE/etc/
# création de l'archive
cd /tmp
tar -cf alcasar-conf.tar conf/
116,11 → 188,93
$DIR_SBIN/alcasar-bl.sh -conf
# Prise en compte des comptes de gestion (admin + manager + backup)
$DIR_SBIN/alcasar-profil.sh --list
# On applique les paramètres réseau
...
# Effacement du répertoire d'update
rm -rf $DIR_UPDATE
;;
--apply|-apply)
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/[012]?[0-9]\b"
PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2`
check=$(echo $PRIVATE_IP_MASK | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for PRIVATE_IP_MASK ($PRIVATE_IP_MASK)"
exit 0
fi
PUBLIC_IP_MASK=`grep PUBLIC_IP $CONF_FILE|cut -d"=" -f2`
check=$(echo $PUBLIC_IP_MASK | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"
exit 0
fi
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
PUBLIC_GATEWAY=`grep GW $CONF_FILE|cut -d"=" -f2`
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for the Gateway IP ($PUBLIC_GATEWAY)"
exit 0
fi
DNS1=`grep DNS1 $CONF_FILE|cut -d"=" -f2`
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for the IP address of the first DNS server ($DNS1)"
exit 0
fi
DNS2=`grep DNS2 $CONF_FILE|cut -d"=" -f2`
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for the IP address of the second DNS server ($DNS2)"
exit 0
fi
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # @ réseau de consultation (ex.: 192.168.182.0)
PRIVATE_NETMASK=`echo $PRIVATE_IP_MASK | cut -d"/" -f2` # @ + masque du réseau de consult (192.168.182.0/24)
private_network_calc
 
# /etc/hosts
cat <<EOF > /etc/hosts
127.0.0.1 localhost
$PRIVATE_IP $HOSTNAME
EOF
 
# Networt Cards config
$SED "s?^IPADDR=.*?IPADDR=$PUBLIC_IP?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
$SED "s?^NETMASK=.*?NETMASK=$PUBLIC_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
$SED "s?^GATEWAY=.*?GATEWAY=$PUBLIC_GATEWAY?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
$SED "s?^IPADDR=.*?IPADDR=$PRIVATE_IP?" /etc/sysconfig/network-scripts/ifcfg-$INTIF
$SED "s?^NETMASK=.*?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$INTIF
 
# NTP server
$SED "s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap\nrestrict 127.0.0.1?" /etc/ntp.conf
 
# host.allow
cat <<EOF > /etc/hosts.allow
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
sshd: ALL
ntpd: $PRIVATE_NETWORK_SHORT
EOF
 
# Alcasar control center
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL
#...
 
 
# Start / Stop SSH Daemon
ssh_active=`grep SSH $CONF_FILE|cut -d"=" -f2`
if [ $ssh_active = "on" ]
then
/sbin/chkconfig --add sshd
else
/sbin/chkconfig --del sshd
fi
 
 
$DIR_DEST_BIN/alcasar-iptables.sh
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
/scripts/sbin/alcasar-network.sh
File deleted
Property changes:
Deleted: svn:eol-style
-native
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property