6,17 → 6,17 |
# This script is distributed under the Gnu General Public License (GPL) |
|
# Ce script permet la mise à jour ALCASAR |
# - création de l'archive des fichiers de configuration dans "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
# - création de l'archive des fichiers de configuration "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
# - chargement de l'archive de fichiers de configuration lors de la mise à jour d'un alcasar (alcasar-conf -load). Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions |
# - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" lors d'un changement de conf réseau à chaud (alcasar-conf -apply) |
# This script allows ALCASAR update |
# - create the configuration files backup "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
# - create the configuration files backup "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
# - load the backup of configuration files during the update process (alcasar-conf -load). If needed, it's here we update files between versions |
# - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification is needed (alcasar-conf -apply) |
|
new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers |
fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde |
DIR_UPDATE="/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour |
DIR_UPDATE="/var/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour |
DIR_WEB="/var/www/html" # répertoire du centre de gestion |
DIR_BIN="/usr/local/bin" # scripts directory |
DIR_ETC="/usr/local/etc" # conf directory |
96,10 → 96,11 |
fi |
done |
cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null |
# backup of different conf files (main conf file, filtering, digest, etc) |
# backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.) |
mkdir $DIR_UPDATE/etc/ |
[ -e $DIR_ETC/alcasar-ethers-info ] || cp $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info # V3.1.2 new info file for dhcp static |
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/ |
cp /etc/hosts $DIR_UPDATE/etc/ |
# backup of the security certificates (server & CA) |
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist |
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE # autosigned & official if exist |
111,14 → 112,15 |
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt |
fi |
# archive file creation |
cd /tmp |
cd /var/tmp |
tar -cf alcasar-conf.tar conf/ |
gzip -f alcasar-conf.tar |
rm -rf $DIR_UPDATE |
;; |
|
--load|-load) |
cd /tmp |
tar -xf /tmp/alcasar-conf*.tar.gz |
cd /var/tmp |
tar -xf alcasar-conf*.tar.gz |
# Retrieve the logo |
[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/ |
chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php |
127,9 → 129,7 |
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official |
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/ |
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/ |
|
(cat /etc/pki/tls/private/alcasar.key; echo; cat /etc/pki/tls/certs/alcasar.crt) > /etc/pki/tls/private/alcasar.pem |
|
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist |
chown -R root:apache /etc/pki |
chmod -R 750 /etc/pki |
137,6 → 137,7 |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS |
# Retrieve local parameters |
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/ |
mv -f $DIR_ETC/hosts /etc/hosts |
# Retrieve BL/WL custom files |
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/ |
164,20 → 165,46 |
fi |
# Remove the update folder |
rm -rf $DIR_UPDATE |
# If needed : write modifications between version |
# V3.1.3 |
# add "HTTPS_LOGIN=on" in conf file |
HTTPS_LOGIN=`grep -c "^HTTPS_LOGIN=" $CONF_FILE` |
if [ $HTTPS_LOGIN == "0" ] |
######################### modifications between versions ####################### |
# Extract the curent version |
CURRENT_VERSION=`grep ^VERSION= $CONF_FILE|cut -d"=" -f2` |
MAJ_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f1` |
MIN_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f2` |
UPD_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f3|cut -c1` |
## From 3.2.0 & 3.2.1 ## |
if [ [ $MAJ_CURRENT_VERSION == "3" ] && [ $MIN_CURRENT_VERSION == "2" ] ] |
then |
echo "HTTPS_LOGIN=on" >> $CONF_FILE |
## rewrite the file managing domain name resolution (local & remote). Hostnames resolutions are now in /etc/hosts |
cat << EOF > $DIR_ETC/alcasar-dns-name |
# Vous pouvez définir ici votre nom de domain local ('localdomain' par défaut) |
# Here you can define your local domain name ('localdomain' by default) |
local=/$DOMAIN/ |
domain=$DOMAIN |
|
## Ajouter une ligne pour chaque nom de domaine géré par un autre seveur DNS |
## Add one line for each domain name managed by an other DNS server |
## server=/<your_domain>/<@IP_domain_server> |
## Exemple for an A.D. domain : server=/Your.Domain.AD/110.120.100.100 |
## Exemple for an other domain : server=/an_other_domain/10.20.30.40 |
|
## INFO : local hostnames are resolved in /etc/hosts file |
EOF |
## rewrite /etc/hosts file managing hostname resolution |
PRIVATE_IP=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2|cut -d"/" -f1` |
HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2` |
cat << EOF > /etc/hosts |
127.0.0.1 localhost |
$PRIVATE_IP $HOSTNAME |
EOF |
# apache is removed (lighttpd instead) |
rm -rf /etc/httpd/ |
rm -rf /var/log/httpd/ |
# dansguardian is removed (E²guardian instead) |
rm -rf /var/dansguardian/ |
rm -rf /etc/dansguardian/ |
fi |
# V3.2.0 |
# add "HTTPS_CHILLI=off" in conf file |
if [ $(grep -c "^HTTPS_CHILLI=" $CONF_FILE) == "0" ]; then |
echo "HTTPS_CHILLI=off" >> $CONF_FILE |
fi |
;; |
|
--apply|-apply) |
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b" |
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2` |
316,11 → 343,9 |
# Set hostname |
hostnamectl set-hostname $HOSTNAME.$DOMAIN |
# /etc/hosts |
domainNames="alcasar.localdomain $HOSTNAME $HOSTNAME.$DOMAIN" |
if [ "$HOSTNAME" != "alcasar" ]; then domainNames="alcasar $domainNames"; fi |
cat <<EOF > /etc/hosts |
127.0.0.1 localhost |
$PRIVATE_IP $domainNames |
$PRIVATE_IP $HOSTNAME |
EOF |
# Set hostname in CoovaChilli |
$SED "s/^uamallowed.*/uamallowed\t${domainNames// /,}/g" /etc/chilli.conf |