| 6,17 → 6,17 |
|---|
| # This script is distributed under the Gnu General Public License (GPL) |
| |
| # Ce script permet la mise à jour ALCASAR |
| # - création de l'archive des fichiers de configuration dans "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
| # - création de l'archive des fichiers de configuration "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
| # - chargement de l'archive de fichiers de configuration lors de la mise à jour d'un alcasar (alcasar-conf -load). Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions |
| # - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" lors d'un changement de conf réseau à chaud (alcasar-conf -apply) |
| # This script allows ALCASAR update |
| # - create the configuration files backup "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
| # - create the configuration files backup "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
| # - load the backup of configuration files during the update process (alcasar-conf -load). If needed, it's here we update files between versions |
| # - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification is needed (alcasar-conf -apply) |
| |
| new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers |
| fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde |
| DIR_UPDATE="/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour |
| DIR_UPDATE="/var/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour |
| DIR_WEB="/var/www/html" # répertoire du centre de gestion |
| DIR_BIN="/usr/local/bin" # scripts directory |
| DIR_ETC="/usr/local/etc" # conf directory |
| 96,10 → 96,11 |
|---|
| fi |
| done |
| cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null |
| # backup of different conf files (main conf file, filtering, digest, etc) |
| # backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.) |
| mkdir $DIR_UPDATE/etc/ |
| [ -e $DIR_ETC/alcasar-ethers-info ] || cp $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info # V3.1.2 new info file for dhcp static |
| cp -rf $DIR_ETC/* $DIR_UPDATE/etc/ |
| cp /etc/hosts $DIR_UPDATE/etc/ |
| # backup of the security certificates (server & CA) |
| cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist |
| cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE # autosigned & official if exist |
| 111,14 → 112,15 |
|---|
| cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt |
| fi |
| # archive file creation |
| cd /tmp |
| cd /var/tmp |
| tar -cf alcasar-conf.tar conf/ |
| gzip -f alcasar-conf.tar |
| rm -rf $DIR_UPDATE |
| ;; |
| |
| --load|-load) |
| cd /tmp |
| tar -xf /tmp/alcasar-conf*.tar.gz |
| cd /var/tmp |
| tar -xf alcasar-conf*.tar.gz |
| # Retrieve the logo |
| [ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/ |
| chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php |
| 127,9 → 129,7 |
|---|
| cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official |
| cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/ |
| cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/ |
| |
| (cat /etc/pki/tls/private/alcasar.key; echo; cat /etc/pki/tls/certs/alcasar.crt) > /etc/pki/tls/private/alcasar.pem |
| |
| [ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist |
| chown -R root:apache /etc/pki |
| chmod -R 750 /etc/pki |
| 137,6 → 137,7 |
|---|
| gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS |
| # Retrieve local parameters |
| [ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/ |
| mv -f $DIR_ETC/hosts /etc/hosts |
| # Retrieve BL/WL custom files |
| cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/ |
| cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/ |
| 164,20 → 165,46 |
|---|
| fi |
| # Remove the update folder |
| rm -rf $DIR_UPDATE |
| # If needed : write modifications between version |
| # V3.1.3 |
| # add "HTTPS_LOGIN=on" in conf file |
| HTTPS_LOGIN=`grep -c "^HTTPS_LOGIN=" $CONF_FILE` |
| if [ $HTTPS_LOGIN == "0" ] |
| ######################### modifications between versions ####################### |
| # Extract the curent version |
| CURRENT_VERSION=`grep ^VERSION= $CONF_FILE|cut -d"=" -f2` |
| MAJ_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f1` |
| MIN_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f2` |
| UPD_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f3|cut -c1` |
| ## From 3.2.0 & 3.2.1 ## |
| if [ [ $MAJ_CURRENT_VERSION == "3" ] && [ $MIN_CURRENT_VERSION == "2" ] ] |
| then |
| echo "HTTPS_LOGIN=on" >> $CONF_FILE |
| ## rewrite the file managing domain name resolution (local & remote). Hostnames resolutions are now in /etc/hosts |
| cat << EOF > $DIR_ETC/alcasar-dns-name |
| # Vous pouvez définir ici votre nom de domain local ('localdomain' par défaut) |
| # Here you can define your local domain name ('localdomain' by default) |
| local=/$DOMAIN/ |
| domain=$DOMAIN |
| |
| ## Ajouter une ligne pour chaque nom de domaine géré par un autre seveur DNS |
| ## Add one line for each domain name managed by an other DNS server |
| ## server=/<your_domain>/<@IP_domain_server> |
| ## Exemple for an A.D. domain : server=/Your.Domain.AD/110.120.100.100 |
| ## Exemple for an other domain : server=/an_other_domain/10.20.30.40 |
| |
| ## INFO : local hostnames are resolved in /etc/hosts file |
| EOF |
| ## rewrite /etc/hosts file managing hostname resolution |
| PRIVATE_IP=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2|cut -d"/" -f1` |
| HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2` |
| cat << EOF > /etc/hosts |
| 127.0.0.1 localhost |
| $PRIVATE_IP $HOSTNAME |
| EOF |
| # apache is removed (lighttpd instead) |
| rm -rf /etc/httpd/ |
| rm -rf /var/log/httpd/ |
| # dansguardian is removed (E²guardian instead) |
| rm -rf /var/dansguardian/ |
| rm -rf /etc/dansguardian/ |
| fi |
| # V3.2.0 |
| # add "HTTPS_CHILLI=off" in conf file |
| if [ $(grep -c "^HTTPS_CHILLI=" $CONF_FILE) == "0" ]; then |
| echo "HTTPS_CHILLI=off" >> $CONF_FILE |
| fi |
| ;; |
| |
| --apply|-apply) |
| PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b" |
| PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2` |
| 316,11 → 343,9 |
|---|
| # Set hostname |
| hostnamectl set-hostname $HOSTNAME.$DOMAIN |
| # /etc/hosts |
| domainNames="alcasar.localdomain $HOSTNAME $HOSTNAME.$DOMAIN" |
| if [ "$HOSTNAME" != "alcasar" ]; then domainNames="alcasar $domainNames"; fi |
| cat <<EOF > /etc/hosts |
| 127.0.0.1 localhost |
| $PRIVATE_IP $domainNames |
| $PRIVATE_IP $HOSTNAME |
| EOF |
| # Set hostname in CoovaChilli |
| $SED "s/^uamallowed.*/uamallowed\t${domainNames// /,}/g" /etc/chilli.conf |