8,7 → 8,11 |
DIR_BIN="/usr/local/bin" # répertoire des scripts d'admin |
DIR_SBIN="/usr/local/sbin" # répertoire des scripts d'admin |
DIR_ETC="/usr/local/etc" # répertoire des fichiers de conf |
CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file |
VERSION="/var/www/html/VERSION" # contient la version en cours |
EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI) |
INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation |
HOSTNAME="alcasar" |
DB_USER="radius" |
radiuspwd="" |
SED="/bin/sed -i" |
16,8 → 20,30 |
MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1` |
MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1` |
UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3` |
DATE=`date '+%d %B %Y - %Hh%M'` |
private_network_calc () |
{ |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24) |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0) |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24) |
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # classes de réseau (ex.: 2=classe B, 3=classe C) |
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.) |
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # @ broadcast réseau de consultation (ex.: 192.168.182.255) |
tmp_mask=`echo $PRIVATE_NETWORK_MASK|cut -d"/" -f2`; half_mask=`expr $tmp_mask + 1` # masque du 1/2 réseau de consultation (ex.: 25) |
PRIVATE_STAT_IP=$PRIVATE_NETWORK/$half_mask # plage des adresses statiques (ex.: 192.168.182.0/25) |
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # dernier octet de l'@ de réseau |
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # dernier octet de l'@ de broadcast |
private_plage=`expr $private_broadcast_ending - $private_network_ending + 1` |
private_half_plage=`expr $private_plage / 2` |
private_dyn=`expr $private_half_plage + $private_network_ending` |
private_dyn_ip_network=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`"."$private_dyn"."`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup_sup-5` |
PRIVATE_DYN_IP=`echo $private_dyn_ip_network | cut -d"." -f1-4`/$half_mask # @ réseau (CIDR) de la plage des adresses dynamiques (ex.: 192.168.182.128/25) |
private_dyn_ip_ending=`echo $private_dyn_ip_network | cut -d"." -f4` |
PRIVATE_DYN_FIRST_IP=`echo $private_dyn_ip_network | cut -d"." -f1-3`"."`expr $private_dyn_ip_ending + 1` # 1ère adresse de la plage dynamique (ex.: 192.168.182.129) |
PRIVATE_DYN_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # dernière adresse de la plage dynamique (ex.: 192.168.182.254) |
} |
|
usage="Usage: alcasar-conf.sh --create | --load" |
usage="Usage: alcasar-conf.sh --create | --load | --apply" |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
78,8 → 104,54 |
# si version < 2.2 |
if ([ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 2 ])) |
then |
rm -f $DIR_UPDATE/etc/alcasar-ethers # ce fichier doit être lisse de commentaires |
rm -f $DIR_UPDATE/etc/alcasar-ethers # This file doesn't contain comments |
# Create the initial conf file (doesn't exist in earlier versions) |
cat <<EOF > $CONF_FILE |
########################################## |
## ## |
## ALCASAR Parameters ## |
## ## |
########################################## |
|
INSTALL_DATE=$DATE |
VERSION=$RUNNING_VERSION |
ORGANISM= |
EOF |
PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` # @ip du portail (côté Internet) |
PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` |
PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24) |
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` |
DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 1er DNS |
DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 2ème DNS |
DNS1=${DNS1:=208.67.220.220} |
DNS2=${DNS2:=208.67.222.222} |
PRIVATE_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$INTIF|cut -d"=" -f2` # @ip du portail (côté LAN) |
PRIVATE_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$INTIF|cut -d"=" -f2` |
private_network_calc |
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE |
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE |
echo "DNS1=$DNS1" >> $CONF_FILE |
echo "DNS2=$DNS2" >> $CONF_FILE |
echo "PRIVATE_IP=$PRIVATE_IP/$PRIVATE_PREFIX" >> $CONF_FILE |
echo "DHCP=on" >> $CONF_FILE |
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $CONF_FILE |
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $CONF_FILE |
if [ -r /var/run/sshd.pid ]; then |
echo "SSH=on" >> $CONF_FILE |
else |
echo "SSH=off" >> $CONF_FILE |
fi |
echo "QOS=off" >> $CONF_FILE |
if [ `grep ^ldap /etc/raddb/sites-available/alcasar | wc -l` -eq "0" ]; then |
echo "LDAP=off" >> $CONF_FILE |
else |
echo "LDAP=on" >> $CONF_FILE |
fi |
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE |
echo "DNS_FILTERING=off" >> $CONF_FILE |
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE |
fi |
cp $CONF_FILE $DIR_UPDATE/etc/ |
# création de l'archive |
cd /tmp |
tar -cf alcasar-conf.tar conf/ |
116,11 → 188,93 |
$DIR_SBIN/alcasar-bl.sh -conf |
# Prise en compte des comptes de gestion (admin + manager + backup) |
$DIR_SBIN/alcasar-profil.sh --list |
# On applique les paramètres réseau |
... |
# Effacement du répertoire d'update |
rm -rf $DIR_UPDATE |
;; |
--apply|-apply) |
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/[012]?[0-9]\b" |
PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2` |
check=$(echo $PRIVATE_IP_MASK | egrep $PTN) |
if [[ "$?" -ne 0 ]] |
then |
echo "Syntax error for PRIVATE_IP_MASK ($PRIVATE_IP_MASK)" |
exit 0 |
fi |
PUBLIC_IP_MASK=`grep PUBLIC_IP $CONF_FILE|cut -d"=" -f2` |
check=$(echo $PUBLIC_IP_MASK | egrep $PTN) |
if [[ "$?" -ne 0 ]] |
then |
echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)" |
exit 0 |
fi |
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b" |
PUBLIC_GATEWAY=`grep GW $CONF_FILE|cut -d"=" -f2` |
check=$(echo $PUBLIC_GATEWAY | egrep $PTN) |
if [[ "$?" -ne 0 ]] |
then |
echo "Syntax error for the Gateway IP ($PUBLIC_GATEWAY)" |
exit 0 |
fi |
DNS1=`grep DNS1 $CONF_FILE|cut -d"=" -f2` |
check=$(echo $PUBLIC_GATEWAY | egrep $PTN) |
if [[ "$?" -ne 0 ]] |
then |
echo "Syntax error for the IP address of the first DNS server ($DNS1)" |
exit 0 |
fi |
DNS2=`grep DNS2 $CONF_FILE|cut -d"=" -f2` |
check=$(echo $PUBLIC_GATEWAY | egrep $PTN) |
if [[ "$?" -ne 0 ]] |
then |
echo "Syntax error for the IP address of the second DNS server ($DNS2)" |
exit 0 |
fi |
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # @ réseau de consultation (ex.: 192.168.182.0) |
PRIVATE_NETMASK=`echo $PRIVATE_IP_MASK | cut -d"/" -f2` # @ + masque du réseau de consult (192.168.182.0/24) |
private_network_calc |
|
# /etc/hosts |
cat <<EOF > /etc/hosts |
127.0.0.1 localhost |
$PRIVATE_IP $HOSTNAME |
EOF |
|
# Networt Cards config |
$SED "s?^IPADDR=.*?IPADDR=$PUBLIC_IP?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
$SED "s?^NETMASK=.*?NETMASK=$PUBLIC_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
$SED "s?^GATEWAY=.*?GATEWAY=$PUBLIC_GATEWAY?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
$SED "s?^IPADDR=.*?IPADDR=$PRIVATE_IP?" /etc/sysconfig/network-scripts/ifcfg-$INTIF |
$SED "s?^NETMASK=.*?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$INTIF |
|
# NTP server |
$SED "s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap\nrestrict 127.0.0.1?" /etc/ntp.conf |
|
# host.allow |
cat <<EOF > /etc/hosts.allow |
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP |
sshd: ALL |
ntpd: $PRIVATE_NETWORK_SHORT |
EOF |
|
# Alcasar control center |
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf |
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf` |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL |
#... |
|
|
# Start / Stop SSH Daemon |
ssh_active=`grep SSH $CONF_FILE|cut -d"=" -f2` |
if [ $ssh_active = "on" ] |
then |
/sbin/chkconfig --add sshd |
else |
/sbin/chkconfig --del sshd |
fi |
|
|
$DIR_DEST_BIN/alcasar-iptables.sh |
;; |
*) |
echo "Argument inconnu :$1"; |
echo "$usage" |