Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2770 → Rev 2771

/alcasar.sh
224,17 → 224,14
fi
fi
# Test free space on /var
if [ ! -d /var/log/netflow/porttracker ]
free_space=`df -BG --output=avail /var|tail -1|tr -d '[:space:]G'`
if [ $free_space -lt 10 ]
then
free_space=`df -BG --output=avail /var|tail -1|tr -d '[:space:]G'`
if [ $free_space -lt 10 ]
then
if [ $Lang == "fr" ]
then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)"
else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"
fi
exit 0
if [ $Lang == "fr" ]
then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)"
else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"
fi
exit 0
fi
 
# Detect external/internal interfaces
242,8 → 239,8
EXTIF=$(/usr/sbin/ip route list | awk '/^default / {print $5}')
if [ -z "$EXTIF" ]; then
if [ "$Lang" == 'fr' ]
then echo -n "Aucune passerelle par défaut configurée"
else echo -n "No default gateway configured"
then echo "Aucune passerelle par défaut configurée"
else echo "No default gateway configured"
fi
exit 1
fi
1075,6 → 1072,8
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
 
# This unit launches coova-chilli a captive portal
[Unit]
Description=chilli is a captive portal daemon
After=network.target
1486,32 → 1485,15
 
##########################################################
## Function "nfsen" ##
## - install the nfsen grapher ##
## - install the two plugins porttracker & surfmap ##
## - configure NetFlow collector (nfcapd) ##
## - configure NetFlow grapher (nfsen-ng) ##
##########################################################
nfsen()
{
tar xzf ./conf/nfsen/nfsen-*.tar.gz -C /tmp/
# Add PortTracker plugin
for i in /var/www/html/acc/manager/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
do
[ ! -d $i ] && mkdir -p $i && chown -R apache:apache $i
done
$SED "s?^my \$PORTSDBDIR =.*?my \$PORTSDBDIR = \"/var/log/netflow/porttracker\";?g" /tmp/nfsen-*/contrib/PortTracker/PortTracker.pm
# use of our conf file and init unit
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-*/etc/
# Installation of nfsen (we change a little 'install.pl in order not to ask the user for the perl version)
DirTmp=$(pwd)
cd /tmp/nfsen-*/ || { echo "Unable to find nfsen directory"; exit 1; }
/usr/bin/perl install.pl /tmp/nfsen-*/etc/nfsen.conf
/usr/bin/perl install.pl /tmp/nfsen-*/etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable"
# Create RRD DB for porttracker (only in it still doesn't exist)
cp contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
cp contrib/PortTracker/PortTracker.php /var/www/html/acc/manager/nfsen/plugins/
if [ "$(ls -A "/var/log/netflow/porttracker" 2>&1)" = "" ]; then sudo -u apache nftrack -I -d /var/log/netflow/porttracker; else echo "RRD DB already exists"; fi
chmod -R 770 /var/log/netflow/porttracker
# nfsen unit for systemd
cat << EOF > /lib/systemd/system/nfsen.service
groupadd -f nfcapd
useradd -r -g nfcapd -s /bin/false -c "system user for nfcapd" nfcapd
# nfcapd unit for systemd
cat << EOF > /lib/systemd/system/nfcapd.service
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
1519,42 → 1501,24
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
 
# This unit launches nfsen (a Netflow grapher).
# This unit launches nfcapd (a Netflow collector).
[Unit]
Description= NfSen init script
After=network.target iptables.service
Description=Netflow Capture Daemon
After=network-online.target iptables.service
 
[Service]
Type=oneshot
RemainAfterExit=yes
PIDFile=/var/run/nfsen/nfsen.pid
ExecStartPre=/bin/mkdir -p /var/run/nfsen
ExecStartPre=/bin/chown apache:apache /var/run/nfsen
ExecStart=/usr/bin/nfsen start
ExecStop=/usr/bin/nfsen stop
ExecReload=/usr/bin/nfsen restart
TimeoutSec=0
Type=exec
PIDFile=/run/nfcapd/nfcapd.pid
ExecStart=/usr/bin/nfcapd -w -D -b 127.0.0.1 -p 2055 -u nfcapd -g nfcapd -B 200000 -t 300 -S 7 -z -P /var/run/nfcapd/nfcapd.pid -I alcasar_netflow -l /var/log/nfsen/profile-data/live/alcasar_netflow
ExecReload=/bin/kill -HUP $MAINPID
 
[Install]
WantedBy=multi-user.target
EOF
# Add the listen port to collect netflow packet (nfcapd)
$SED 's?$ziparg $extensions.*?$ziparg $extensions -b 127.0.0.1";?g' /usr/libexec/NfSenRC.pm
# expire delay for the profile "live"
/usr/bin/systemctl start nfsen
/bin/nfsen -m live -e 62d 2>/dev/null
# add SURFmap plugin (waiting for new technical solution)
# see https://adullact.net/forum/forum.php?thread_id=319545&forum_id=1601&group_id=450
# cp $DIR_CONF/nfsen/SURFmap_*.tar.gz /tmp/
# cp $DIR_CONF/nfsen/GeoLiteCity* /tmp/
# tar xzf /tmp/SURFmap_*.tar.gz -C /tmp/
# cd /tmp/
# /usr/bin/sh SURFmap/install.sh (no more used since Google sells the access to googleMap API)
# clear the installation
# rm -rf /tmp/SURFmap*
rm -rf /tmp/nfsen-*
cd $DirTmp || { echo "Unable to find $DirTmp directory"; exit 1; }
chown -R apache:apache /var/www/html/acc/manager/nfsen /usr/share/nfsen /var/log/nfsen
[ -e /var/log/nfsen/profile-data/live/alcasar_netflow ] || mkdir -p /var/log/nfsen/profile-data/live/alcasar_netflow
[ -e /var/run/nfcapd ] || mkdir -p /var/run/nfcapd
chown -R nfcapd:nfcapd /var/log/nfsen/profile-data/live/alcasar_netflow /var/run/nfcapd
# chown -R apache:apache /var/www/html/acc/manager/nfsen-ng
} # End of nfsen()
 
###########################################################
1937,7 → 1901,10
# Automatic renew the Let's Encrypt certificate (daily --> see "cron.daily")
@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1
EOF
 
cat <<EOF > /etc/cron.d/alcasar-nfcapd-expire
# Remove netflow files older than one year
@daily root /usr/bin/nfexpire -e /var/log/nfsen/profile-data/live/alcasar_netflow -t 365d
EOF
# removing the users crons
rm -f /var/spool/cron/*
} # End of cron()
2234,7 → 2201,7
EOF
/usr/bin/systemctl daemon-reload
# processes launched at boot time (Systemctl)
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfsen e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd
do
/usr/bin/systemctl -q enable $i.service
done