Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2823 → Rev 2824

/rpms/ipt-netflow-2.5.spec
1,4 → 1,4
%define kversion 5.6.8-server-1.mga7
%define kversion 5.6.14-server-2.mga7
%define debug_package %{nil}
Name: ipt-netflow
Version: 2.5
45,7 → 45,7
 
%changelog
* Fri May 22 2020 Richard REY <Rexy>
- Version 2.5 for the kernel 5.6.8 (ALCASAR 3.5)
- Version 2.5 for the kernel 5.6.14 (ALCASAR 3.5)
* Tue May 21 2019 Richard REY <Rexy>
- Version 2.4 for the kernel 4.14.131 (ALCASAR 3.4)
* Wed Jan 02 2019 Richard REY <Rexy>
/rpms/x86_64/ipt-netflow-2.5-1.mga7.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
/scripts/alcasar-conf.sh
67,7 → 67,7
# backup the users database (test to delete in future version)
$DIR_BIN/alcasar-mysql.sh --dump
cp /var/Save/base/"$(ls -1t /var/Save/base|head -1)" $DIR_UPDATE
# backup the logo
# backup organism logo
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
# backup BL/WL custom files
mkdir $DIR_UPDATE/custom_bl
81,10 → 81,9
cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
fi
done
# backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.)
# backup conf files (main conf file, filtering, digest, etc.)
mkdir $DIR_UPDATE/etc/
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
cp /etc/hosts $DIR_UPDATE/etc/
# backup of the security certificates (server & CA)
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE
96,33 → 95,6
else
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.pem
fi
# pureip & safesearch status
[ -d /etc/dansguardian ] && dg_path=/etc/dansguardian || dg_path=/etc/e2guardian
 
if ! grep -Eq '^WL_SAFESEARCH=' $DIR_UPDATE/etc/alcasar.conf; then
if [ -f /etc/dnsmasq-whitelist.conf ] && grep -iq "SafeSearch" /etc/dnsmasq-whitelist.conf; then
echo 'WL_SAFESEARCH=on' >> $DIR_UPDATE/etc/alcasar.conf
else
echo 'WL_SAFESEARCH=off' >> $DIR_UPDATE/etc/alcasar.conf
fi
fi
 
if ! grep -Eq '^BL_SAFESEARCH=' $DIR_UPDATE/etc/alcasar.conf; then
if [ -f /etc/dnsmasq-blacklist.conf ] && grep -iq "SafeSearch" /etc/dnsmasq-blacklist.conf; then
echo 'BL_SAFESEARCH=on' >> $DIR_UPDATE/etc/alcasar.conf
else
echo 'BL_SAFESEARCH=off' >> $DIR_UPDATE/etc/alcasar.conf
fi
fi
 
if ! grep -Eq '^BL_PUREIP=' $DIR_UPDATE/etc/alcasar.conf; then
if grep -Eq "^\*ip" $dg_path/lists/bannedsitelist; then
echo 'BL_PUREIP=on' >> $DIR_UPDATE/etc/alcasar.conf
else
echo 'BL_PUREIP=off' >> $DIR_UPDATE/etc/alcasar.conf
fi
fi
 
# archive file creation
cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
tar -cf alcasar-conf.tar conf/
133,59 → 105,25
--load|-load)
cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
tar -xf alcasar-conf*.tar.gz
######################### modifications between versions #######################
# Retrieve the previous version
# copy alcasar.conf parameters
PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2`
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2`
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1`
## From 3.2.0 & 3.2.1 ##
## rewrite /etc/hosts file managing hostname resolution
PRIVATE_IP=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2|cut -d"/" -f1`
HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2-`
domainNames="$HOSTNAME $HOSTNAME.$DOMAIN"
[ "$HOSTNAME" != 'alcasar' ] && domainNames="alcasar $domainNames"
if [ "$(grep -c "$PRIVATE_IP\s$domainNames" $DIR_UPDATE/etc/hosts )" -eq 0 ]; then
cat << EOF > $DIR_UPDATE/etc/hosts
127.0.0.1 localhost
$PRIVATE_IP $domainNames
EOF
fi
## apache & dansguardian are replaced with lighttpd & E²guardian
if [ "$(rpm -qa | grep '^\(apache\|apache-mod_php\|apache-mod_ssl\|dansguardian\)-' | wc -l)" -ne 0 ]; then
rm_rpm="apache apache-mod_php apache-mod_ssl dansguardian"
/usr/sbin/urpme --auto -a $rm_rpm 2>/dev/null
/usr/sbin/urpme --auto --auto-orphans
rm -rf /etc/httpd/ /var/log/httpd/ /var/dansguardian/ /etc/dansguardian/
fi
## lighttpd need a .pem certificate (aggregation with private key & server crt)
for line in `cat $DIR_UPDATE/etc/alcasar.conf | grep "=" | grep -v "^#" | grep -v " "| grep -v "VERSION"`
do
key=`echo $line | cut -d"=" -f1`
key=$key=
value=`echo $line|cut -d"=" -f2-`
if [ "$value" != "" ]
then
echo "key = $key ; value = $value"
sed -i "s?^$key.*?$key$value?g" /usr/local/etc/alcasar.conf
fi
done
## lighttpd need a .pem certificate (aggregation with private key & server crt)
[ ! -f $DIR_UPDATE/alcasar.pem ] && (cat $DIR_UPDATE/alcasar.key; echo; cat $DIR_UPDATE/alcasar.crt) > $DIR_UPDATE/alcasar.pem
## From 3.3.0 ##
# add "SMS=off" in conf file
if [ "$(grep -c '^SMS=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
echo "SMS=off" >> $DIR_UPDATE/etc/alcasar.conf
fi
if [ "$(grep -c '^SMS_NUM=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
echo "SMS_NUM=" >> $DIR_UPDATE/etc/alcasar.conf
fi
## From 3.4.0 ##
# Fix subdomain dot position (.domain.org to domain.org.) for Unbound
for file in $DIR_E2G/exceptionsitelist $DIR_BLACKLIST/ossi-bl*/domains $DIR_BLACKLIST/ossi-wl*/domains; do
[ -f $file ] && $SED "s/^\.\(.*\)$/\1./g" $file
done
# Add LDAPS parameters to config file
if [ "$(grep -c '^LDAP_SSL=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
echo "LDAP_SSL=on" >> $DIR_UPDATE/etc/alcasar.conf
fi
if [ "$(grep -c '^LDAP_CERT_REQUIRED=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
echo "LDAP_CERT_REQUIRED=" >> $DIR_UPDATE/etc/alcasar.conf
fi
# remove DNSMASQ primary service (keep only one instance for whitelist on port 55)
[ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf
[ -e /lib/systemd/system/dnsmasq.service.default ] && rm /lib/systemd/system/dnsmasq.service.default
[ -e /lib/systemd/system/dnsmasq.service ] && rm /lib/systemd/system/dnsmasq.service
###################### End of modifications between versions #######################
# Retrieve the logo
# Retrieve organism logo
[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
# Retrieve the security certificates (CA and server)
204,9 → 142,7
# Import of the users database
$DIR_BIN/alcasar-mysql.sh --import "$(ls $DIR_UPDATE/alcasar-users-database*)"
# Retrieve local parameters
cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
mv -f $DIR_UPDATE/etc/hosts /etc/hosts
chmod 755 /etc/hosts
#TODO cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
# Retrieve BL/WL custom files
cp -f $DIR_UPDATE/custom_bl/exceptioniplist $DIR_E2G/
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist $DIR_E2G/
/scripts/alcasar-urpmi.sh
12,7 → 12,7
VERSION="7"
ARCH="x86_64"
# The kernel version we compile netflow for
KERNEL="kernel-server-5.6.8-1.mga7-1-1.mga7"
KERNEL="kernel-server-5.6.14-2.mga7-1-1.mga7"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
# (old) perl-Socket6 : needed by nfsen
# "fonts-dejavu-common" & "fonts-ttf-dejavu" : fonts needed by wkhtmltopdf
75,7 → 75,7
ACTIVE_REPO=`cat /etc/urpmi/urpmi.cfg|grep "mageia.org"|wc -l`
MIRROR_NBR=2
# For Europeans
MIRRORLIST1="https://www.mirrorservice.org/sites/mageia.org/pub/mageia/distrib/$VERSION/$ARCH"
MIRRORLIST1="https://www.mirrorservice.org/pub/mageia/distrib/$VERSION/$ARCH"
# For International install
MIRRORLIST2="https://mirrors.mageia.org/api/mageia.$VERSION.$ARCH.list"
try_nb="0"; nb_repository="0"