Subversion Repositories ALCASAR

Rev

Rev 1469 | Rev 1472 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1469 Rev 1471
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 1469 2014-10-30 21:58:47Z richard $ 
2
#  $Id: alcasar.sh 1471 2014-10-31 17:46:11Z richard $ 
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
 
5
 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
7
# Ce programme est un logiciel libre ; This software is free and open source
7
# Ce programme est un logiciel libre ; This software is free and open source
8
# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence. 
8
# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence. 
9
# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ; 
9
# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ; 
10
# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE. 
10
# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE. 
11
# Voir la Licence Publique Générale GNU pour plus de détails. 
11
# Voir la Licence Publique Générale GNU pour plus de détails. 
12
 
12
 
13
#  team@alcasar.net
13
#  team@alcasar.net
14
 
14
 
15
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
15
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
16
# This script is distributed under the Gnu General Public License (GPL)
16
# This script is distributed under the Gnu General Public License (GPL)
17
 
17
 
18
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
18
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
19
# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :
19
# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :
20
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
20
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
21
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
21
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
22
#
22
#
23
# Coovachilli, freeradius, mariaDB, apache, netfilter, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav, Ulog, fail2ban, NFsen and NFdump
23
# Coovachilli, freeradius, mariaDB, apache, netfilter, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav, Ulog, fail2ban, NFsen and NFdump
24
 
24
 
25
# Options :
25
# Options :
26
#       -i or --install
26
#       -i or --install
27
#       -u or --uninstall
27
#       -u or --uninstall
28
 
28
 
29
# Functions :
29
# Functions :
30
#	testing			: connectivity tests, free space test and mageia version test
30
#	testing			: connectivity tests, free space test and mageia version test
31
#	init			: Installation of RPM and scripts
31
#	init			: Installation of RPM and scripts
32
#	network			: Network parameters
32
#	network			: Network parameters
33
#	ACC			: ALCASAR Control Center installation
33
#	ACC			: ALCASAR Control Center installation
34
#	CA			: Certification Authority initialization
34
#	CA			: Certification Authority initialization
35
#	init_db			: Initilization of radius database managed with MariaDB
35
#	init_db			: Initilization of radius database managed with MariaDB
36
#	radius			: FreeRadius initialisation
36
#	radius			: FreeRadius initialisation
37
#	radius_web		: copy ans modifiy original "freeradius web" in ACC
37
#	radius_web		: copy ans modifiy original "freeradius web" in ACC
38
#	chilli			: coovachilli initialisation (+authentication page)
38
#	chilli			: coovachilli initialisation (+authentication page)
39
#	dansguardian		: DansGuardian filtering HTTP proxy configuration
39
#	dansguardian		: DansGuardian filtering HTTP proxy configuration
40
#	antivirus		: HAVP + libclamav configuration
40
#	antivirus		: HAVP + libclamav configuration
41
#	ulogd			: log system in userland (match NFLOG target of iptables)
41
#	ulogd			: log system in userland (match NFLOG target of iptables)
42
#	nfsen		:	: Configuration du grapheur nfsen pour apache 
42
#	nfsen		:	: Configuration du grapheur nfsen pour apache 
43
#	dnsmasq			: Name server configuration
43
#	dnsmasq			: Name server configuration
44
#	BL			: BlackList of Toulouse configuration : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
44
#	BL			: BlackList of Toulouse configuration : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
45
#	cron			: Logs export + watchdog + connexion statistics
45
#	cron			: Logs export + watchdog + connexion statistics
46
#	fail2ban		: Fail2ban IDS installation and configuration
46
#	fail2ban		: Fail2ban IDS installation and configuration
47
#	gammu_smsd		: Autoregister addon via SMS (gammu-smsd)
47
#	gammu_smsd		: Autoregister addon via SMS (gammu-smsd)
48
#	post_install		: Security, log rotation, etc.
48
#	post_install		: Security, log rotation, etc.
49
 
49
 
50
DATE=`date '+%d %B %Y - %Hh%M'`
50
DATE=`date '+%d %B %Y - %Hh%M'`
51
DATE_SHORT=`date '+%d/%m/%Y'`
51
DATE_SHORT=`date '+%d/%m/%Y'`
52
Lang=`echo $LANG|cut -c 1-2`
52
Lang=`echo $LANG|cut -c 1-2`
53
mode="install"
53
mode="install"
54
# ******* Files parameters - paramètres fichiers *********
54
# ******* Files parameters - paramètres fichiers *********
55
DIR_INSTALL=`pwd`				# current directory 
55
DIR_INSTALL=`pwd`				# current directory 
56
DIR_CONF="$DIR_INSTALL/conf"			# install directory (with conf files)
56
DIR_CONF="$DIR_INSTALL/conf"			# install directory (with conf files)
57
DIR_SCRIPTS="$DIR_INSTALL/scripts"		# install directory (with script files)
57
DIR_SCRIPTS="$DIR_INSTALL/scripts"		# install directory (with script files)
58
DIR_SAVE="/var/Save"				# backup directory (system_backup, user_db_backup, logs)
58
DIR_SAVE="/var/Save"				# backup directory (system_backup, user_db_backup, logs)
59
DIR_WEB="/var/www/html"				# directory of APACHE
59
DIR_WEB="/var/www/html"				# directory of APACHE
60
DIR_DG="/etc/dansguardian"			# directory of DansGuardian
60
DIR_DG="/etc/dansguardian"			# directory of DansGuardian
61
DIR_ACC="$DIR_WEB/acc"				# directory of the 'ALCASAR Control Center'
61
DIR_ACC="$DIR_WEB/acc"				# directory of the 'ALCASAR Control Center'
62
DIR_DEST_BIN="/usr/local/bin"			# directory of ALCASAR scripts
62
DIR_DEST_BIN="/usr/local/bin"			# directory of ALCASAR scripts
63
DIR_DEST_SBIN="/usr/local/sbin"			# directory of ALCASAR admin scripts
63
DIR_DEST_SBIN="/usr/local/sbin"			# directory of ALCASAR admin scripts
64
DIR_DEST_ETC="/usr/local/etc"			# directory of ALCASAR conf files
64
DIR_DEST_ETC="/usr/local/etc"			# directory of ALCASAR conf files
65
DIR_DEST_SHARE="/usr/local/share"		# directory of share files used by ALCASAR (dnsmasq for instance)
65
DIR_DEST_SHARE="/usr/local/share"		# directory of share files used by ALCASAR (dnsmasq for instance)
66
CONF_FILE="$DIR_DEST_ETC/alcasar.conf"		# central ALCASAR conf file
66
CONF_FILE="$DIR_DEST_ETC/alcasar.conf"		# central ALCASAR conf file
67
PASSWD_FILE="/root/ALCASAR-passwords.txt"	# text file with the passwords and shared secrets
67
PASSWD_FILE="/root/ALCASAR-passwords.txt"	# text file with the passwords and shared secrets
68
# ******* DBMS parameters - paramètres SGBD ********
68
# ******* DBMS parameters - paramètres SGBD ********
69
DB_RADIUS="radius"				# database name used by FreeRadius server
69
DB_RADIUS="radius"				# database name used by FreeRadius server
70
DB_USER="radius"				# user name allows to request the users database
70
DB_USER="radius"				# user name allows to request the users database
71
DB_GAMMU="gammu"				# database name used by Gammu-smsd
71
DB_GAMMU="gammu"				# database name used by Gammu-smsd
72
# ******* Network parameters - paramètres réseau *******
72
# ******* Network parameters - paramètres réseau *******
73
HOSTNAME="alcasar"				# default hostname
73
HOSTNAME="alcasar"				# default hostname
74
DOMAIN="localdomain"				# default local domain
74
DOMAIN="localdomain"				# default local domain
75
EXTIF=`/sbin/ip route|grep default|cut -d" " -f5`	# EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)
75
EXTIF=`/sbin/ip route|grep default|cut -d" " -f5`						# EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)
76
INTIF=`/sbin/ip	link|grep '^[[:digit:]]:'|grep -v "lo\|$EXTIF"|cut -d" " -f2|tr -d ":"`		# INTIF is connected to the consultation network
76
INTIF=`/sbin/ip	link|grep '^[[:digit:]]:'|grep -v "lo\|$EXTIF"|cut -d" " -f2|tr -d ":"`		# INTIF is connected to the consultation network
77
MTU="1500"
77
MTU="1500"
78
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'
78
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'
79
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24"	# Default ALCASAR IP address
79
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24"	# Default ALCASAR IP address
80
# ****** Paths - chemin des commandes *******
80
# ****** Paths - chemin des commandes *******
81
SED="/bin/sed -i"
81
SED="/bin/sed -i"
82
# ****************** End of global parameters *********************
82
# ****************** End of global parameters *********************
83
 
83
 
84
license ()
84
license ()
85
{
85
{
86
	if [ $Lang == "fr" ]
86
	if [ $Lang == "fr" ]
87
	then cat $DIR_INSTALL/gpl-3.0.fr.txt | more
87
	then cat $DIR_INSTALL/gpl-3.0.fr.txt | more
88
	else cat $DIR_INSTALL/gpl-3.0.txt | more
88
	else cat $DIR_INSTALL/gpl-3.0.txt | more
89
	fi
89
	fi
90
	echo "Taper sur Entrée pour continuer !"
90
	echo "Taper sur Entrée pour continuer !"
91
	echo "Enter to continue."
91
	echo "Enter to continue."
92
	read a
92
	read a
93
}
93
}
94
 
94
 
95
header_install ()
95
header_install ()
96
{
96
{
97
	clear
97
	clear
98
	echo "-----------------------------------------------------------------------------"
98
	echo "-----------------------------------------------------------------------------"
99
	echo "                     ALCASAR V$VERSION Installation"
99
	echo "                     ALCASAR V$VERSION Installation"
100
	echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
100
	echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
101
	echo "-----------------------------------------------------------------------------"
101
	echo "-----------------------------------------------------------------------------"
102
}
102
}
103
 
103
 
104
##################################################################
104
##################################################################
105
##			Function "testing"			##
105
##			Function "testing"			##
106
## - Test of Mageia version					##
106
## - Test of Mageia version					##
107
## - Test of free space on /var  (>10G)				##
107
## - Test of free space on /var  (>10G)				##
108
## - Test of Internet access					##
108
## - Test of Internet access					##
109
##################################################################
109
##################################################################
110
testing ()
110
testing ()
111
{
111
{
112
# Test if ALCASAR is already installed
112
# Test if ALCASAR is already installed
113
	if [ -e $CONF_FILE ]
113
	if [ -e $CONF_FILE ]
114
	then
114
	then
115
		current_version=`cat $CONF_FILE | grep VERSION | cut -d"=" -f2`
115
		current_version=`cat $CONF_FILE | grep VERSION | cut -d"=" -f2`
116
		if [ $Lang == "fr" ]
116
		if [ $Lang == "fr" ]
117
			then echo -n "La version "; echo -n $current_version ; echo " d'ALCASAR est déjà installée";
117
			then echo -n "La version "; echo -n $current_version ; echo " d'ALCASAR est déjà installée";
118
			else echo -n "ALCASAR Version "; echo -n $current_version ; echo " is already installed";
118
			else echo -n "ALCASAR Version "; echo -n $current_version ; echo " is already installed";
119
		fi
119
		fi
120
		response=0
120
		response=0
121
		PTN='^[oOnNyY]$'
121
		PTN='^[oOnNyY]$'
122
		until [[ $(expr $response : $PTN) -gt 0 ]]
122
		until [[ $(expr $response : $PTN) -gt 0 ]]
123
		do
123
		do
124
			if [ $Lang == "fr" ]
124
			if [ $Lang == "fr" ]
125
				then echo -n "Voulez-vous effectuer une mise à jour (O/n)? ";
125
				then echo -n "Voulez-vous effectuer une mise à jour (O/n)? ";
126
				else echo -n "Do you want to update (Y/n)?";
126
				else echo -n "Do you want to update (Y/n)?";
127
			 fi
127
			 fi
128
			read response
128
			read response
129
		done
129
		done
130
		if [ "$response" = "n" ] || [ "$response" = "N" ] 
130
		if [ "$response" = "n" ] || [ "$response" = "N" ] 
131
		then
131
		then
132
			rm -f /tmp/alcasar-conf*
132
			rm -f /tmp/alcasar-conf*
133
		else
133
		else
134
# Create a backup of running version importants files
134
# Create a backup of running importants files
135
			$DIR_SCRIPTS/alcasar-conf.sh --create
135
			$DIR_SCRIPTS/alcasar-conf.sh --create
136
			mode="update"
136
			mode="update"
137
		fi
137
		fi
138
	else
138
	else
139
		if [ ! -d /var/log/netflow/porttracker ]
139
		if [ ! -d /var/log/netflow/porttracker ]
140
			then
140
			then
141
# Test of free space on /var
141
# Test of free space on /var
142
			free_space=`df -BG --output=avail /var|tail -1|tr -d [:space:]G`
142
			free_space=`df -BG --output=avail /var|tail -1|tr -d [:space:]G`
143
			if [ $free_space -lt 10 ]
143
			if [ $free_space -lt 10 ]
144
				then
144
				then
145
				if [ $Lang == "fr" ]
145
				if [ $Lang == "fr" ]
146
					then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)"
146
					then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)"
147
					else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"
147
					else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"
148
				fi
148
				fi
149
			exit 0
149
			exit 0
150
			fi
150
			fi
151
		fi
151
		fi
152
# Test of Mageia version
152
# Test of Mageia version
153
# extract the current Mageia version and hardware architecture (i586 ou X64)
153
# extract the current Mageia version and hardware architecture (i586 ou X64)
154
		fic=`cat /etc/product.id`
154
		fic=`cat /etc/product.id`
155
		unknown_os=0
155
		unknown_os=0
156
		old="$IFS"
156
		old="$IFS"
157
		IFS=","
157
		IFS=","
158
		set $fic
158
		set $fic
159
		for i in $*
159
		for i in $*
160
		do
160
		do
161
			if [ "`echo $i|grep distribution|cut -d'=' -f1`" == "distribution" ]
161
			if [ "`echo $i|grep distribution|cut -d'=' -f1`" == "distribution" ]
162
				then 
162
				then 
163
				DISTRIBUTION=`echo $i|cut -d"=" -f2`
163
				DISTRIBUTION=`echo $i|cut -d"=" -f2`
164
				unknown_os=`expr $unknown_os + 1`
164
				unknown_os=`expr $unknown_os + 1`
165
			fi
165
			fi
166
			if [ "`echo $i|grep version|cut -d'=' -f1`" == "version" ]
166
			if [ "`echo $i|grep version|cut -d'=' -f1`" == "version" ]
167
				then 
167
				then 
168
				CURRENT_VERSION=`echo $i|cut -d"=" -f2`
168
				CURRENT_VERSION=`echo $i|cut -d"=" -f2`
169
				unknown_os=`expr $unknown_os + 1`
169
				unknown_os=`expr $unknown_os + 1`
170
			fi
170
			fi
171
			if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ]
171
			if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ]
172
				then 
172
				then 
173
				ARCH=`echo $i|cut -d"=" -f2`
173
				ARCH=`echo $i|cut -d"=" -f2`
174
				unknown_os=`expr $unknown_os + 1`
174
				unknown_os=`expr $unknown_os + 1`
175
			fi
175
			fi
176
		done
176
		done
177
		IFS="$old"
177
		IFS="$old"
178
		if [[ ( $unknown_os != 3 || "$DISTRIBUTION" != "Mageia" ) && ( "$CURRENT_VERSION" != "4" ) ]]
178
		if [[ ( $unknown_os != 3 || "$DISTRIBUTION" != "Mageia" ) && ( "$CURRENT_VERSION" != "4" ) ]]
179
			then
179
			then
180
			if [ $Lang == "fr" ]
180
			if [ $Lang == "fr" ]
181
				then	
181
				then	
182
				echo "L'installation ou la mise @ jour d'ALCASAR ne peut pas être réalisée."
182
				echo "L'installation ou la mise @ jour d'ALCASAR ne peut pas être réalisée."
183
				echo "Le système d'exploitation doit être remplacé (Mageia4)"
183
				echo "Le système d'exploitation doit être remplacé (Mageia4)"
184
			else
184
			else
185
				echo "The automatic update of ALCASAR can't be performed."
185
				echo "The automatic update of ALCASAR can't be performed."
186
				echo "The OS must be replaced (Mageia4)"
186
				echo "The OS must be replaced (Mageia4)"
187
			fi
187
			fi
188
			if [ -e /tmp/alcasar-conf.tar.gz ]
188
			if [ -e /tmp/alcasar-conf.tar.gz ]
189
				then
189
				then
190
				echo
190
				echo
191
				if [ $Lang == "fr" ]
191
				if [ $Lang == "fr" ]
192
					then	
192
					then	
193
					echo "1 - Récupérez le fichier de configuration actuel (/tmp/alcasar-conf.tar.gz)."
193
					echo "1 - Récupérez le fichier de configuration actuel (/tmp/alcasar-conf.tar.gz)."
194
					echo "2 - Installez Linux-Mageia4 (cf. doc d'installation)"
194
					echo "2 - Installez Linux-Mageia4 (cf. doc d'installation)"
195
					echo "3 - copiez le fichier 'alcasar-conf.tar.gz' dans le répertoire '/tmp' avant de lancer l'installation d'ALCASAR"
195
					echo "3 - copiez le fichier 'alcasar-conf.tar.gz' dans le répertoire '/tmp' avant de lancer l'installation d'ALCASAR"
196
				else
196
				else
197
					echo "1 - Retrieve the configuration file (/tmp/alcasar-conf.tar.gz)"
197
					echo "1 - Retrieve the configuration file (/tmp/alcasar-conf.tar.gz)"
198
					echo "2 - Install Linux-Mageia4 (cf. installation doc)"
198
					echo "2 - Install Linux-Mageia4 (cf. installation doc)"
199
					echo "3 - Copy the file 'alcasar-conf.tar.gz' in the folder '/tmp' before launching the installation of ALCASAR"
199
					echo "3 - Copy the file 'alcasar-conf.tar.gz' in the folder '/tmp' before launching the installation of ALCASAR"
200
				fi
200
				fi
201
			fi
201
			fi
202
			exit 0
202
			exit 0
203
		fi
203
		fi
204
	fi
204
	fi
205
	if [ $Lang == "fr" ]
205
	if [ $Lang == "fr" ]
206
		then echo -n "Tests des paramètres réseau : "
206
		then echo -n "Tests des paramètres réseau : "
207
		else echo -n "Network parameters tests : "
207
		else echo -n "Network parameters tests : "
208
	fi
208
	fi
-
 
209
 
-
 
210
# Test of Ethernet links state
-
 
211
	DOWN_IF=`/sbin/ip link|grep "NO-CARRIER"|cut -d":" -f2|tr -d " "`
-
 
212
	for i in $DOWN_IF
-
 
213
	do
-
 
214
		if [ $Lang == "fr" ]
-
 
215
		then 
-
 
216
			echo "Échec"
-
 
217
			echo "Le lien réseau de la carte $i n'est pas actif."
-
 
218
			echo "Assurez-vous que cette carte est bien connectée à un équipement (commutateur, A.P., etc.)"
-
 
219
		else
-
 
220
			echo "Failed"
-
 
221
			echo "The link state of $i interface is down."
-
 
222
			echo "Make sure that this network card is connected to a switch or an A.P."
-
 
223
		fi
-
 
224
		exit 0
-
 
225
	done
-
 
226
	echo -n "."
-
 
227
 
209
# We test EXTIF config files
228
# Test EXTIF config files
210
	PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
229
	PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
211
	PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
230
	PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
212
	if [ "$EXTIF" == "" ] || [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
231
	if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
213
		then
232
	then
214
		if [ $Lang == "fr" ]
233
		if [ $Lang == "fr" ]
215
		then 
234
		then 
216
			echo "Échec"
235
			echo "Échec"
217
			echo "La carte réseau connectée à Internet ($EXTIF) n'est pas correctement configurée."
236
			echo "La carte réseau connectée à Internet ($EXTIF) n'est pas correctement configurée."
218
			echo "Renseignez les champs suivants dans le fichier '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
237
			echo "Renseignez les champs suivants dans le fichier '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
219
			echo "Appliquez les changements : 'systemctl restart network'"
238
			echo "Appliquez les changements : 'systemctl restart network'"
220
		else
239
		else
221
			echo "Failed"
240
			echo "Failed"
222
			echo "The Internet connected network card ($EXTIF) isn't well configured."
241
			echo "The Internet connected network card ($EXTIF) isn't well configured."
223
			echo "The folowing parametres must be set in the file '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
242
			echo "The folowing parametres must be set in the file '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
224
			echo "Apply the new configuration 'systemctl restart network'"
243
			echo "Apply the new configuration 'systemctl restart network'"
225
		fi
244
		fi
226
		echo "DEVICE=$EXTIF"
245
		echo "DEVICE=$EXTIF"
227
		echo "IPADDR="
246
		echo "IPADDR="
228
		echo "NETMASK="
247
		echo "NETMASK="
229
		echo "GATEWAY="
248
		echo "GATEWAY="
230
		echo "DNS1="
249
		echo "DNS1="
231
		echo "DNS2="
250
		echo "DNS2="
232
		echo "ONBOOT=yes"
251
		echo "ONBOOT=yes"
233
		exit 0
252
		exit 0
234
	fi
253
	fi
235
	echo -n "."
254
	echo -n "."
236
# We test the Ethernet links state
-
 
237
	for i in $EXTIF $INTIF
-
 
238
	do
255
 
239
		/sbin/ip link set $i up
-
 
240
		sleep 3
-
 
241
		CMD=`/usr/sbin/ethtool $i |egrep 'Link detected'| awk '{print $NF}'`
-
 
242
		CMD2=`/sbin/mii-tool $i | grep link | awk '{print $NF}'`
-
 
243
		if [ $CMD != "yes" ] && [ $CMD2 != "ok" ]
-
 
244
			then
-
 
245
			if [ $Lang == "fr" ]
-
 
246
			then 
-
 
247
				echo "Échec"
-
 
248
				echo "Le lien réseau de la carte $i n'est pas actif."
-
 
249
				echo "Réglez ce problème puis relancez ce script."
-
 
250
			else
-
 
251
				echo "Failed"
-
 
252
				echo "The link state of $i interface id down."
-
 
253
				echo "Resolv this problem, then restart this script."
-
 
254
			fi
-
 
255
			exit 0
-
 
256
		fi
-
 
257
	echo -n "."
-
 
258
	done
-
 
259
# On teste la présence d'un routeur par défaut (Box FAI)
256
# Test if router is alive (Box FAI)
260
	if [ `ip route list|grep -c ^default` -ne "1" ] ; then
257
	if [ `ip route list|grep -c ^default` -ne "1" ] ; then
261
		if [ $Lang == "fr" ]
258
		if [ $Lang == "fr" ]
262
		then 
259
		then 
263
			echo "Échec"
260
			echo "Échec"
264
			echo "Vous n'avez pas configuré l'accès à Internet ou le câble réseau n'est pas sur la bonne carte."
261
			echo "Vous n'avez pas configuré l'accès à Internet ou le câble réseau n'est pas sur la bonne carte."
265
			echo "Réglez ce problème puis relancez ce script."
262
			echo "Réglez ce problème puis relancez ce script."
266
		else
263
		else
267
			echo "Failed"
264
			echo "Failed"
268
			echo "You haven't configured Internet access or Internet link is on the wrong Ethernet card"
265
			echo "You haven't configured Internet access or Internet link is on the wrong Ethernet card"
269
			echo "Resolv this problem, then restart this script."
266
			echo "Resolv this problem, then restart this script."
270
		fi
267
		fi
271
		exit 0
268
		exit 0
272
	fi
269
	fi
273
	echo -n "."
270
	echo -n "."
274
# On teste le lien vers le routeur par defaut
271
# On teste le lien vers le routeur par defaut
275
	IP_GW=`ip route list|grep ^default|cut -d" " -f3`
272
	IP_GW=`ip route list|grep ^default|cut -d" " -f3`
276
	arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $IP_GW|grep response|cut -d" " -f2`
273
	arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $IP_GW|grep response|cut -d" " -f2`
277
	if [ $(expr $arp_reply) -eq 0 ]
274
	if [ $(expr $arp_reply) -eq 0 ]
278
	       	then
275
	       	then
279
		if [ $Lang == "fr" ]
276
		if [ $Lang == "fr" ]
280
		then 
277
		then 
281
			echo "Échec"
278
			echo "Échec"
282
			echo "Le routeur de site ou la Box Internet ($IP_GW) ne répond pas."
279
			echo "Le routeur de site ou la Box Internet ($IP_GW) ne répond pas."
283
			echo "Réglez ce problème puis relancez ce script."
280
			echo "Réglez ce problème puis relancez ce script."
284
		else
281
		else
285
			echo "Failed"
282
			echo "Failed"
286
			echo "The Internet gateway doesn't answered"
283
			echo "The Internet gateway doesn't answered"
287
			echo "Resolv this problem, then restart this script."
284
			echo "Resolv this problem, then restart this script."
288
		fi
285
		fi
289
		exit 0
286
		exit 0
290
	fi
287
	fi
291
	echo -n "."
288
	echo -n "."
292
# On teste la connectivité Internet
289
# On teste la connectivité Internet
293
	rm -rf /tmp/con_ok.html
290
	rm -rf /tmp/con_ok.html
294
	/usr/bin/curl www.google.fr -s -o /tmp/con_ok.html
291
	/usr/bin/curl www.google.fr -s -o /tmp/con_ok.html
295
	if [ ! -e /tmp/con_ok.html ]
292
	if [ ! -e /tmp/con_ok.html ]
296
	then
293
	then
297
		if [ $Lang == "fr" ]
294
		if [ $Lang == "fr" ]
298
		then 
295
		then 
299
			echo "La tentative de connexion vers Internet a échoué (google.fr)."
296
			echo "La tentative de connexion vers Internet a échoué (google.fr)."
300
			echo "Vérifiez que la carte $EXTIF est bien connectée au routeur du FAI."
297
			echo "Vérifiez que la carte $EXTIF est bien connectée au routeur du FAI."
301
			echo "Vérifiez la validité des adresses IP des DNS."
298
			echo "Vérifiez la validité des adresses IP des DNS."
302
		else
299
		else
303
			echo "The Internet connection try failed (google.fr)."
300
			echo "The Internet connection try failed (google.fr)."
304
			echo "Please, verify that the $EXTIF card is connected with the Internet gateway."
301
			echo "Please, verify that the $EXTIF card is connected with the Internet gateway."
305
			echo "Verify the DNS IP addresses"
302
			echo "Verify the DNS IP addresses"
306
		fi
303
		fi
307
		exit 0
304
		exit 0
308
	fi
305
	fi
309
	rm -rf /tmp/con_ok.html
306
	rm -rf /tmp/con_ok.html
310
	echo ". : ok"
307
	echo ". : ok"
311
} # end of testing ()
308
} # end of testing ()
312
 
309
 
313
##################################################################
310
##################################################################
314
##			Function "init"				##
311
##			Function "init"				##
315
## - Création du fichier "/root/ALCASAR_parametres.txt"		##
312
## - Création du fichier "/root/ALCASAR_parametres.txt"		##
316
## - Installation et modification des scripts du portail	##
313
## - Installation et modification des scripts du portail	##
317
##################################################################
314
##################################################################
318
init ()
315
init ()
319
{
316
{
320
	if [ "$mode" != "update" ]
317
	if [ "$mode" != "update" ]
321
	then
318
	then
322
# On affecte le nom d'organisme
319
# On affecte le nom d'organisme
323
		header_install
320
		header_install
324
		ORGANISME=!
321
		ORGANISME=!
325
		PTN='^[a-zA-Z0-9-]*$'
322
		PTN='^[a-zA-Z0-9-]*$'
326
		until [[ $(expr $ORGANISME : $PTN) -gt 0 ]]
323
		until [[ $(expr $ORGANISME : $PTN) -gt 0 ]]
327
                do
324
                do
328
			if [ $Lang == "fr" ]
325
			if [ $Lang == "fr" ]
329
			       	then echo -n "Entrez le nom de votre organisme : "
326
			       	then echo -n "Entrez le nom de votre organisme : "
330
				else echo -n "Enter the name of your organism : "
327
				else echo -n "Enter the name of your organism : "
331
			fi
328
			fi
332
			read ORGANISME
329
			read ORGANISME
333
			if [ "$ORGANISME" == "" ]
330
			if [ "$ORGANISME" == "" ]
334
				then
331
				then
335
				ORGANISME=!
332
				ORGANISME=!
336
			fi
333
			fi
337
		done
334
		done
338
	fi
335
	fi
339
# On crée aléatoirement les mots de passe et les secrets partagés
336
# On crée aléatoirement les mots de passe et les secrets partagés
340
	rm -f $PASSWD_FILE
337
	rm -f $PASSWD_FILE
341
	grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
338
	grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
342
	echo -n "Password to protect the GRUB boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE
339
	echo -n "Password to protect the GRUB boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE
343
	echo "$grubpwd" >> $PASSWD_FILE
340
	echo "$grubpwd" >> $PASSWD_FILE
344
	md5_grubpwd=`/usr/bin/openssl passwd -1 $grubpwd`
341
	md5_grubpwd=`/usr/bin/openssl passwd -1 $grubpwd`
345
	$SED "/^password.*/d" /boot/grub/menu.lst
342
	$SED "/^password.*/d" /boot/grub/menu.lst
346
	$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
343
	$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
347
	mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
344
	mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
348
	echo -n "Name and password of Mysql/mariadb administrator : " >> $PASSWD_FILE
345
	echo -n "Name and password of Mysql/mariadb administrator : " >> $PASSWD_FILE
349
	echo "root / $mysqlpwd" >> $PASSWD_FILE
346
	echo "root / $mysqlpwd" >> $PASSWD_FILE
350
	radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
347
	radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
351
	echo -n "Name and password of Mysql/mariadb user : " >> $PASSWD_FILE
348
	echo -n "Name and password of Mysql/mariadb user : " >> $PASSWD_FILE
352
	echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE
349
	echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE
353
	secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
350
	secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
354
	echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE
351
	echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE
355
	echo "$secretuam" >> $PASSWD_FILE
352
	echo "$secretuam" >> $PASSWD_FILE
356
	secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
353
	secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
357
	echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
354
	echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
358
	echo "$secretradius" >> $PASSWD_FILE
355
	echo "$secretradius" >> $PASSWD_FILE
359
	chmod 640 $PASSWD_FILE
356
	chmod 640 $PASSWD_FILE
360
# Scripts and conf files copy 
357
# Scripts and conf files copy 
361
#  - in /usr/local/bin :  alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}
358
#  - in /usr/local/bin :  alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}
362
	cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
359
	cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
363
#  - in /usr/local/sbin :  alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
360
#  - in /usr/local/sbin :  alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
364
	cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
361
	cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
365
#  - in /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,iptables-local.sh,services}
362
#  - in /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,iptables-local.sh,services}
366
	cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
363
	cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
367
	$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh
364
	$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh
368
	$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
365
	$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
369
	$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
366
	$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
370
	$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
367
	$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
371
# generate central conf file
368
# generate central conf file
372
	cat <<EOF > $CONF_FILE
369
	cat <<EOF > $CONF_FILE
373
##########################################
370
##########################################
374
##                                      ##
371
##                                      ##
375
##          ALCASAR Parameters          ##
372
##          ALCASAR Parameters          ##
376
##                                      ##
373
##                                      ##
377
##########################################
374
##########################################
378
 
375
 
379
INSTALL_DATE=$DATE
376
INSTALL_DATE=$DATE
380
VERSION=$VERSION
377
VERSION=$VERSION
381
ORGANISM=$ORGANISME
378
ORGANISM=$ORGANISME
382
DOMAIN=$DOMAIN
379
DOMAIN=$DOMAIN
383
EOF
380
EOF
384
	chmod o-rwx $CONF_FILE
381
	chmod o-rwx $CONF_FILE
385
} # End of init ()
382
} # End of init ()
386
 
383
 
387
##################################################################
384
##################################################################
388
##			Function "network"			##
385
##			Function "network"			##
389
## - Définition du plan d'adressage du réseau de consultation	##
386
## - Définition du plan d'adressage du réseau de consultation	##
390
## - Nommage DNS du système 					##
387
## - Nommage DNS du système 					##
391
## - Configuration de l'interface INTIF (réseau de consultation)##
388
## - Configuration de l'interface INTIF (réseau de consultation)##
392
## - Modification du fichier /etc/hosts				##
389
## - Modification du fichier /etc/hosts				##
393
## - Configuration du serveur de temps (NTP)			##
390
## - Configuration du serveur de temps (NTP)			##
394
## - Renseignement des fichiers hosts.allow et hosts.deny	##
391
## - Renseignement des fichiers hosts.allow et hosts.deny	##
395
##################################################################
392
##################################################################
396
network ()
393
network ()
397
{
394
{
398
	header_install
395
	header_install
399
	if [ "$mode" != "update" ]
396
	if [ "$mode" != "update" ]
400
		then
397
		then
401
		if [ $Lang == "fr" ]
398
		if [ $Lang == "fr" ]
402
			then echo "Par défaut, l'adresse IP d'ALCASAR sur le réseau de consultation est : $DEFAULT_PRIVATE_IP_MASK"
399
			then echo "Par défaut, l'adresse IP d'ALCASAR sur le réseau de consultation est : $DEFAULT_PRIVATE_IP_MASK"
403
			else echo "The default ALCASAR IP address on consultation network is : $DEFAULT_PRIVATE_IP_MASK"
400
			else echo "The default ALCASAR IP address on consultation network is : $DEFAULT_PRIVATE_IP_MASK"
404
		fi
401
		fi
405
		response=0
402
		response=0
406
		PTN='^[oOyYnN]$'
403
		PTN='^[oOyYnN]$'
407
		until [[ $(expr $response : $PTN) -gt 0 ]]
404
		until [[ $(expr $response : $PTN) -gt 0 ]]
408
		do
405
		do
409
			if [ $Lang == "fr" ]
406
			if [ $Lang == "fr" ]
410
				then echo -n "Voulez-vous utiliser cette adresse et ce plan d'adressage (recommandé) (O/n)? : "
407
				then echo -n "Voulez-vous utiliser cette adresse et ce plan d'adressage (recommandé) (O/n)? : "
411
				else echo -n "Do you want to use this IP address and this IP addressing plan (recommanded) (Y/n)? : "
408
				else echo -n "Do you want to use this IP address and this IP addressing plan (recommanded) (Y/n)? : "
412
			fi
409
			fi
413
			read response
410
			read response
414
		done
411
		done
415
		if [ "$response" = "n" ] || [ "$response" = "N" ]
412
		if [ "$response" = "n" ] || [ "$response" = "N" ]
416
		then
413
		then
417
			PRIVATE_IP_MASK="0"
414
			PRIVATE_IP_MASK="0"
418
			PTN='^\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\)/[012]\?[[:digit:]]$'
415
			PTN='^\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\)/[012]\?[[:digit:]]$'
419
			until [[ $(expr $PRIVATE_IP_MASK : $PTN) -gt 0 ]]
416
			until [[ $(expr $PRIVATE_IP_MASK : $PTN) -gt 0 ]]
420
			do
417
			do
421
				if [ $Lang == "fr" ]
418
				if [ $Lang == "fr" ]
422
					then echo -n "Entrez l'adresse IP d'ALCASAR au format CIDR (a.b.c.d/xx) : "
419
					then echo -n "Entrez l'adresse IP d'ALCASAR au format CIDR (a.b.c.d/xx) : "
423
					else echo -n "Enter ALCASAR IP address in CIDR format (a.b.c.d/xx) : "
420
					else echo -n "Enter ALCASAR IP address in CIDR format (a.b.c.d/xx) : "
424
				fi
421
				fi
425
				read PRIVATE_IP_MASK
422
				read PRIVATE_IP_MASK
426
			done
423
			done
427
		else
424
		else
428
       			PRIVATE_IP_MASK=$DEFAULT_PRIVATE_IP_MASK
425
       			PRIVATE_IP_MASK=$DEFAULT_PRIVATE_IP_MASK
429
		fi
426
		fi
430
	else
427
	else
431
		PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf|cut -d"=" -f2` 
428
		PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf|cut -d"=" -f2` 
432
		rm -rf conf/etc/alcasar.conf
429
		rm -rf conf/etc/alcasar.conf
433
	fi
430
	fi
434
# Define LAN side global parameters
431
# Define LAN side global parameters
435
	hostname $HOSTNAME.$DOMAIN
432
	hostname $HOSTNAME.$DOMAIN
436
	echo $HOSTNAME.$DOMAIN > /etc/hostname
433
	echo $HOSTNAME.$DOMAIN > /etc/hostname
437
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)
434
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)
438
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)
435
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)
439
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`						# ALCASAR private ip address (consultation LAN side)
436
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`						# ALCASAR private ip address (consultation LAN side)
440
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`					# network prefix (ie. 24)
437
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`					# network prefix (ie. 24)
441
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX						# ie.: 192.168.182.0/24
438
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX						# ie.: 192.168.182.0/24
442
	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2`	# ie.: 2=classe B, 3=classe C
439
	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2`	# ie.: 2=classe B, 3=classe C
443
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.				# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
440
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.				# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
444
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`			# private network broadcast (ie.: 192.168.182.255)
441
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`			# private network broadcast (ie.: 192.168.182.255)
445
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`			# last octet of LAN address
442
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`			# last octet of LAN address
446
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`			# last octet of LAN broadcast
443
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`			# last octet of LAN broadcast
447
	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`		# First network address (ex.: 192.168.182.1)
444
	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`		# First network address (ex.: 192.168.182.1)
448
	PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2`	# second network address (ex.: 192.168.182.2)
445
	PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2`	# second network address (ex.: 192.168.182.2)
449
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
446
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
450
	PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6`				# MAC address of INTIF
447
	PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6`				# MAC address of INTIF
451
# Define Internet parameters
448
# Define Internet parameters
452
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
449
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
453
	DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 1er DNS
450
	DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 1er DNS
454
	DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 2ème DNS
451
	DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 2ème DNS
455
	DNS1=${DNS1:=208.67.220.220}
452
	DNS1=${DNS1:=208.67.220.220}
456
	DNS2=${DNS2:=208.67.222.222}
453
	DNS2=${DNS2:=208.67.222.222}
457
	PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
454
	PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
458
	DEFAULT_PUBLIC_NETMASK=`ipcalc -m $PUBLIC_IP | cut -d"=" -f2`
455
	DEFAULT_PUBLIC_NETMASK=`ipcalc -m $PUBLIC_IP | cut -d"=" -f2`
459
	PUBLIC_NETMASK=${PUBLIC_NETMASK:=$DEFAULT_PUBLIC_NETMASK}
456
	PUBLIC_NETMASK=${PUBLIC_NETMASK:=$DEFAULT_PUBLIC_NETMASK}
460
	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
457
	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
461
	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
458
	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
462
	echo "EXTIF=$EXTIF" >> $CONF_FILE
459
	echo "EXTIF=$EXTIF" >> $CONF_FILE
463
	echo "INTIF=$INTIF" >> $CONF_FILE
460
	echo "INTIF=$INTIF" >> $CONF_FILE
464
	echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
461
	echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
465
	echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
462
	echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
466
	echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE 
463
	echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE 
467
	echo "DNS1=$DNS1" >> $CONF_FILE
464
	echo "DNS1=$DNS1" >> $CONF_FILE
468
	echo "DNS2=$DNS2" >> $CONF_FILE
465
	echo "DNS2=$DNS2" >> $CONF_FILE
469
	echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
466
	echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
470
	echo "DHCP=full" >> $CONF_FILE
467
	echo "DHCP=full" >> $CONF_FILE
471
	echo "EXT_DHCP_IP=none" >> $CONF_FILE
468
	echo "EXT_DHCP_IP=none" >> $CONF_FILE
472
	echo "RELAY_DHCP_IP=none" >> $CONF_FILE
469
	echo "RELAY_DHCP_IP=none" >> $CONF_FILE
473
	echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
470
	echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
474
	[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
471
	[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
475
# config network
472
# config network
476
	cat <<EOF > /etc/sysconfig/network
473
	cat <<EOF > /etc/sysconfig/network
477
NETWORKING=yes
474
NETWORKING=yes
478
HOSTNAME="$HOSTNAME.$DOMAIN"
475
HOSTNAME="$HOSTNAME.$DOMAIN"
479
FORWARD_IPV4=true
476
FORWARD_IPV4=true
480
EOF
477
EOF
481
# config /etc/hosts
478
# config /etc/hosts
482
	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
479
	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
483
	cat <<EOF > /etc/hosts
480
	cat <<EOF > /etc/hosts
484
127.0.0.1	localhost
481
127.0.0.1	localhost
485
$PRIVATE_IP	$HOSTNAME.$DOMAIN $HOSTNAME $ORGANISME.$DOMAIN $ORGANISME
482
$PRIVATE_IP	$HOSTNAME.$DOMAIN $HOSTNAME $ORGANISME.$DOMAIN $ORGANISME
486
EOF
483
EOF
487
# Config EXTIF (Internet)
484
# Config EXTIF (Internet)
488
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
485
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
489
DEVICE=$EXTIF
486
DEVICE=$EXTIF
490
BOOTPROTO=static
487
BOOTPROTO=static
491
IPADDR=$PUBLIC_IP
488
IPADDR=$PUBLIC_IP
492
NETMASK=$PUBLIC_NETMASK
489
NETMASK=$PUBLIC_NETMASK
493
GATEWAY=$PUBLIC_GATEWAY
490
GATEWAY=$PUBLIC_GATEWAY
494
DNS1=127.0.0.1
491
DNS1=127.0.0.1
495
ONBOOT=yes
492
ONBOOT=yes
496
METRIC=10
493
METRIC=10
497
NOZEROCONF=yes
494
NOZEROCONF=yes
498
MII_NOT_SUPPORTED=yes
495
MII_NOT_SUPPORTED=yes
499
IPV6INIT=no
496
IPV6INIT=no
500
IPV6TO4INIT=no
497
IPV6TO4INIT=no
501
ACCOUNTING=no
498
ACCOUNTING=no
502
USERCTL=no
499
USERCTL=no
503
MTU=$MTU
500
MTU=$MTU
504
EOF
501
EOF
505
# Config INTIF (consultation LAN) in normal mode
502
# Config INTIF (consultation LAN) in normal mode
506
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
503
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
507
DEVICE=$INTIF
504
DEVICE=$INTIF
508
BOOTPROTO=static
505
BOOTPROTO=static
509
ONBOOT=yes
506
ONBOOT=yes
510
NOZEROCONF=yes
507
NOZEROCONF=yes
511
MII_NOT_SUPPORTED=yes
508
MII_NOT_SUPPORTED=yes
512
IPV6INIT=no
509
IPV6INIT=no
513
IPV6TO4INIT=no
510
IPV6TO4INIT=no
514
ACCOUNTING=no
511
ACCOUNTING=no
515
USERCTL=no
512
USERCTL=no
516
ETHTOOL_OPTS=$ETHTOOL_OPTS
513
ETHTOOL_OPTS=$ETHTOOL_OPTS
517
EOF
514
EOF
518
# Config of INTIF in bypass mode (see "alcasar-bypass.sh")
515
# Config of INTIF in bypass mode (see "alcasar-bypass.sh")
519
	cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
516
	cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
520
DEVICE=$INTIF
517
DEVICE=$INTIF
521
BOOTPROTO=static
518
BOOTPROTO=static
522
IPADDR=$PRIVATE_IP
519
IPADDR=$PRIVATE_IP
523
NETMASK=$PRIVATE_NETMASK
520
NETMASK=$PRIVATE_NETMASK
524
ONBOOT=yes
521
ONBOOT=yes
525
METRIC=10
522
METRIC=10
526
NOZEROCONF=yes
523
NOZEROCONF=yes
527
MII_NOT_SUPPORTED=yes
524
MII_NOT_SUPPORTED=yes
528
IPV6INIT=no
525
IPV6INIT=no
529
IPV6TO4INIT=no
526
IPV6TO4INIT=no
530
ACCOUNTING=no
527
ACCOUNTING=no
531
USERCTL=no
528
USERCTL=no
532
EOF
529
EOF
533
# Mise à l'heure du serveur
530
# Mise à l'heure du serveur
534
	[ -e /etc/ntp/step-tickers.default ] || cp /etc/ntp/step-tickers /etc/ntp/step-tickers.default
531
	[ -e /etc/ntp/step-tickers.default ] || cp /etc/ntp/step-tickers /etc/ntp/step-tickers.default
535
	cat <<EOF > /etc/ntp/step-tickers
532
	cat <<EOF > /etc/ntp/step-tickers
536
0.fr.pool.ntp.org	# adapt to your country
533
0.fr.pool.ntp.org	# adapt to your country
537
1.fr.pool.ntp.org
534
1.fr.pool.ntp.org
538
2.fr.pool.ntp.org
535
2.fr.pool.ntp.org
539
EOF
536
EOF
540
# Configuration du serveur de temps (sur lui même)
537
# Configuration du serveur de temps (sur lui même)
541
	[ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default
538
	[ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default
542
	cat <<EOF > /etc/ntp.conf
539
	cat <<EOF > /etc/ntp.conf
543
server 0.fr.pool.ntp.org	# adapt to your country
540
server 0.fr.pool.ntp.org	# adapt to your country
544
server 1.fr.pool.ntp.org
541
server 1.fr.pool.ntp.org
545
server 2.fr.pool.ntp.org
542
server 2.fr.pool.ntp.org
546
server 127.127.1.0   		# local clock si NTP internet indisponible ...
543
server 127.127.1.0   		# local clock si NTP internet indisponible ...
547
fudge 127.127.1.0 stratum 10
544
fudge 127.127.1.0 stratum 10
548
restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap
545
restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap
549
restrict 127.0.0.1
546
restrict 127.0.0.1
550
driftfile /var/lib/ntp/drift
547
driftfile /var/lib/ntp/drift
551
logfile /var/log/ntp.log
548
logfile /var/log/ntp.log
552
EOF
549
EOF
553
 
550
 
554
	chown -R ntp:ntp /var/lib/ntp
551
	chown -R ntp:ntp /var/lib/ntp
555
# Renseignement des fichiers hosts.allow et hosts.deny
552
# Renseignement des fichiers hosts.allow et hosts.deny
556
	[ -e /etc/hosts.allow.default ]  || cp /etc/hosts.allow /etc/hosts.allow.default
553
	[ -e /etc/hosts.allow.default ]  || cp /etc/hosts.allow /etc/hosts.allow.default
557
	cat <<EOF > /etc/hosts.allow
554
	cat <<EOF > /etc/hosts.allow
558
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
555
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
559
sshd: ALL
556
sshd: ALL
560
ntpd: $PRIVATE_NETWORK_SHORT
557
ntpd: $PRIVATE_NETWORK_SHORT
561
EOF
558
EOF
562
	[ -e /etc/host.deny.default ]  || cp /etc/hosts.deny /etc/hosts.deny.default
559
	[ -e /etc/host.deny.default ]  || cp /etc/hosts.deny /etc/hosts.deny.default
563
	cat <<EOF > /etc/hosts.deny
560
	cat <<EOF > /etc/hosts.deny
564
ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" | /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &
561
ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" | /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &
565
EOF
562
EOF
566
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
563
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
567
# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)
564
# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)
568
	echo "#$PUBLIC_NETWORK/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked
565
	echo "#$PUBLIC_NETWORK/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked
569
# load conntrack ftp module
566
# load conntrack ftp module
570
	[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
567
	[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
571
	echo "ip_conntrack_ftp" >>  /etc/modprobe.preload
568
	echo "ip_conntrack_ftp" >>  /etc/modprobe.preload
572
# load ipt_NETFLOW module
569
# load ipt_NETFLOW module
573
	echo "ipt_NETFLOW" >>  /etc/modprobe.preload
570
	echo "ipt_NETFLOW" >>  /etc/modprobe.preload
574
# 
571
# 
575
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
572
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
576
} # End of network ()
573
} # End of network ()
577
 
574
 
578
##################################################################
575
##################################################################
579
##			Function "ACC"				##
576
##			Function "ACC"				##
580
## - installation du centre de gestion (ALCASAR Control Center)	##
577
## - installation du centre de gestion (ALCASAR Control Center)	##
581
## - configuration du serveur web (Apache)			##
578
## - configuration du serveur web (Apache)			##
582
## - définition du 1er comptes de gestion 			##
579
## - définition du 1er comptes de gestion 			##
583
## - sécurisation des accès					##
580
## - sécurisation des accès					##
584
##################################################################
581
##################################################################
585
ACC ()
582
ACC ()
586
{
583
{
587
	[ -d $DIR_WEB ] && rm -rf $DIR_WEB
584
	[ -d $DIR_WEB ] && rm -rf $DIR_WEB
588
	mkdir $DIR_WEB
585
	mkdir $DIR_WEB
589
# Copie et configuration des fichiers du centre de gestion
586
# Copie et configuration des fichiers du centre de gestion
590
	cp -rf $DIR_INSTALL/web/* $DIR_WEB/
587
	cp -rf $DIR_INSTALL/web/* $DIR_WEB/
591
	echo "$VERSION" > $DIR_WEB/VERSION
588
	echo "$VERSION" > $DIR_WEB/VERSION
592
	$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php
589
	$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php
593
	$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
590
	$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
594
	$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
591
	$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
595
	$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
592
	$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
596
	chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
593
	chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
597
	chown -R apache:apache $DIR_WEB/*
594
	chown -R apache:apache $DIR_WEB/*
598
	for i in system_backup base logs/firewall logs/httpd logs/security;
595
	for i in system_backup base logs/firewall logs/httpd logs/security;
599
	do
596
	do
600
		[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
597
		[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
601
	done
598
	done
602
	chown -R root:apache $DIR_SAVE
599
	chown -R root:apache $DIR_SAVE
603
# Configuration et sécurisation php
600
# Configuration et sécurisation php
604
	[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default
601
	[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default
605
	timezone=`cat /etc/sysconfig/clock|grep ZONE|cut -d"=" -f2`
602
	timezone=`cat /etc/sysconfig/clock|grep ZONE|cut -d"=" -f2`
606
	$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.ini
603
	$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.ini
607
	$SED "s?^upload_max_filesize.*?upload_max_filesize = 100M?g" /etc/php.ini
604
	$SED "s?^upload_max_filesize.*?upload_max_filesize = 100M?g" /etc/php.ini
608
	$SED "s?^post_max_size.*?post_max_size = 100M?g" /etc/php.ini
605
	$SED "s?^post_max_size.*?post_max_size = 100M?g" /etc/php.ini
609
	$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini
606
	$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini
610
	$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini
607
	$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini
611
# Configuration et sécurisation Apache
608
# Configuration et sécurisation Apache
612
	rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*
609
	rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*
613
	[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
610
	[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
614
	$SED "s?^#ServerName.*?ServerName $HOSTNAME.$DOMAIN?g" /etc/httpd/conf/httpd.conf
611
	$SED "s?^#ServerName.*?ServerName $HOSTNAME.$DOMAIN?g" /etc/httpd/conf/httpd.conf
615
	$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
612
	$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
616
	$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
613
	$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
617
	$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
614
	$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
618
	$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf
615
	$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf
619
	$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/httpd.conf
616
	$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/httpd.conf
620
	$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
617
	$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
621
	$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
618
	$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
622
	$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
619
	$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
623
	$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
620
	$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
624
	$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
621
	$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
625
	$SED "s?LoadModule speling_module.*?LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/httpd.conf
622
	$SED "s?LoadModule speling_module.*?LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/httpd.conf
626
	[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] || cp /etc/httpd/conf/conf.d/ssl.conf /etc/httpd/conf/conf.d/ssl.conf.default
623
	[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] || cp /etc/httpd/conf/conf.d/ssl.conf /etc/httpd/conf/conf.d/ssl.conf.default
627
	$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" /etc/httpd/conf/conf.d/ssl.conf # Listen only on INTIF
624
	$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" /etc/httpd/conf/conf.d/ssl.conf # Listen only on INTIF
628
	[ -e /usr/share/httpd/error/include/top.html.default ] || cp /usr/share/httpd/error/include/top.html /usr/share/httpd/error/include/top.html.default
625
	[ -e /usr/share/httpd/error/include/top.html.default ] || cp /usr/share/httpd/error/include/top.html /usr/share/httpd/error/include/top.html.default
629
	$SED "s?background-color.*?background-color: #EFEFEF; }?g" /usr/share/httpd/error/include/top.html
626
	$SED "s?background-color.*?background-color: #EFEFEF; }?g" /usr/share/httpd/error/include/top.html
630
	[ -e /usr/share/httpd/error/include/bottom.html.default ] || cp /usr/share/httpd/error/include/bottom.html /usr/share/httpd/error/include/bottom.html.default
627
	[ -e /usr/share/httpd/error/include/bottom.html.default ] || cp /usr/share/httpd/error/include/bottom.html /usr/share/httpd/error/include/bottom.html.default
631
	cat <<EOF > /usr/share/httpd/error/include/bottom.html
628
	cat <<EOF > /usr/share/httpd/error/include/bottom.html
632
</body>
629
</body>
633
</html>
630
</html>
634
EOF
631
EOF
635
# Définition du premier compte lié au profil 'admin'
632
# Définition du premier compte lié au profil 'admin'
636
	header_install
633
	header_install
637
	if [ "$mode" = "install" ]
634
	if [ "$mode" = "install" ]
638
	then
635
	then
639
		admin_portal=!
636
		admin_portal=!
640
		PTN='^[a-zA-Z0-9-]*$'
637
		PTN='^[a-zA-Z0-9-]*$'
641
		until [[ $(expr $admin_portal : $PTN) -gt 0 ]]
638
		until [[ $(expr $admin_portal : $PTN) -gt 0 ]]
642
                	do
639
                	do
643
			header_install
640
			header_install
644
			if [ $Lang == "fr" ]
641
			if [ $Lang == "fr" ]
645
			then 
642
			then 
646
				echo ""
643
				echo ""
647
				echo "Définissez un premier compte d'administration du portail :"
644
				echo "Définissez un premier compte d'administration du portail :"
648
				echo
645
				echo
649
				echo -n "Nom : "
646
				echo -n "Nom : "
650
			else
647
			else
651
				echo ""
648
				echo ""
652
				echo "Define the first account allow to administrate the portal :"
649
				echo "Define the first account allow to administrate the portal :"
653
				echo
650
				echo
654
				echo -n "Account : "
651
				echo -n "Account : "
655
			fi
652
			fi
656
			read admin_portal
653
			read admin_portal
657
			if [ "$admin_portal" == "" ]
654
			if [ "$admin_portal" == "" ]
658
				then
655
				then
659
				admin_portal=!
656
				admin_portal=!
660
			fi
657
			fi
661
			done
658
			done
662
# Creation of keys file for the admin account ("admin")
659
# Creation of keys file for the admin account ("admin")
663
		[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
660
		[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
664
		mkdir -p $DIR_DEST_ETC/digest
661
		mkdir -p $DIR_DEST_ETC/digest
665
		chmod 755 $DIR_DEST_ETC/digest
662
		chmod 755 $DIR_DEST_ETC/digest
666
		until [ -s $DIR_DEST_ETC/digest/key_admin ]
663
		until [ -s $DIR_DEST_ETC/digest/key_admin ]
667
			do
664
			do
668
				/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal
665
				/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal
669
			done
666
			done
670
		$DIR_DEST_SBIN/alcasar-profil.sh --list
667
		$DIR_DEST_SBIN/alcasar-profil.sh --list
671
	fi
668
	fi
672
# synchronisation horaire
669
# synchronisation horaire
673
	ntpd -q -g &
670
	ntpd -q -g &
674
# Sécurisation du centre
671
# Sécurisation du centre
675
	rm -f /etc/httpd/conf/webapps.d/alcasar*
672
	rm -f /etc/httpd/conf/webapps.d/alcasar*
676
	cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
673
	cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
677
<Directory $DIR_ACC>
674
<Directory $DIR_ACC>
678
	SSLRequireSSL
675
	SSLRequireSSL
679
	AllowOverride None
676
	AllowOverride None
680
	Order deny,allow
677
	Order deny,allow
681
	Deny from all
678
	Deny from all
682
	Allow from 127.0.0.1
679
	Allow from 127.0.0.1
683
	Allow from $PRIVATE_NETWORK_MASK
680
	Allow from $PRIVATE_NETWORK_MASK
684
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
681
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
685
	require valid-user
682
	require valid-user
686
	AuthType digest
683
	AuthType digest
687
	AuthName $HOSTNAME.$DOMAIN
684
	AuthName $HOSTNAME.$DOMAIN
688
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
685
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
689
	AuthUserFile $DIR_DEST_ETC/digest/key_all
686
	AuthUserFile $DIR_DEST_ETC/digest/key_all
690
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
687
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
691
</Directory>
688
</Directory>
692
<Directory $DIR_ACC/admin>
689
<Directory $DIR_ACC/admin>
693
	SSLRequireSSL
690
	SSLRequireSSL
694
	AllowOverride None
691
	AllowOverride None
695
	Order deny,allow
692
	Order deny,allow
696
	Deny from all
693
	Deny from all
697
	Allow from 127.0.0.1
694
	Allow from 127.0.0.1
698
	Allow from $PRIVATE_NETWORK_MASK
695
	Allow from $PRIVATE_NETWORK_MASK
699
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
696
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
700
	require valid-user
697
	require valid-user
701
	AuthType digest
698
	AuthType digest
702
	AuthName $HOSTNAME.$DOMAIN
699
	AuthName $HOSTNAME.$DOMAIN
703
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
700
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
704
	AuthUserFile $DIR_DEST_ETC/digest/key_admin
701
	AuthUserFile $DIR_DEST_ETC/digest/key_admin
705
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
702
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
706
</Directory>
703
</Directory>
707
<Directory $DIR_ACC/manager>
704
<Directory $DIR_ACC/manager>
708
	SSLRequireSSL
705
	SSLRequireSSL
709
	AllowOverride None
706
	AllowOverride None
710
	Order deny,allow
707
	Order deny,allow
711
	Deny from all
708
	Deny from all
712
	Allow from 127.0.0.1
709
	Allow from 127.0.0.1
713
	Allow from $PRIVATE_NETWORK_MASK
710
	Allow from $PRIVATE_NETWORK_MASK
714
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
711
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
715
	require valid-user
712
	require valid-user
716
	AuthType digest
713
	AuthType digest
717
	AuthName $HOSTNAME.$DOMAIN
714
	AuthName $HOSTNAME.$DOMAIN
718
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
715
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
719
	AuthUserFile $DIR_DEST_ETC/digest/key_manager
716
	AuthUserFile $DIR_DEST_ETC/digest/key_manager
720
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
717
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
721
</Directory>
718
</Directory>
722
<Directory $DIR_ACC/backup>
719
<Directory $DIR_ACC/backup>
723
	SSLRequireSSL
720
	SSLRequireSSL
724
	AllowOverride None
721
	AllowOverride None
725
	Order deny,allow
722
	Order deny,allow
726
	Deny from all
723
	Deny from all
727
	Allow from 127.0.0.1
724
	Allow from 127.0.0.1
728
	Allow from $PRIVATE_NETWORK_MASK
725
	Allow from $PRIVATE_NETWORK_MASK
729
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
726
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
730
	require valid-user
727
	require valid-user
731
	AuthType digest
728
	AuthType digest
732
	AuthName $HOSTNAME.$DOMAIN
729
	AuthName $HOSTNAME.$DOMAIN
733
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
730
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
734
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
731
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
735
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
732
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
736
</Directory>
733
</Directory>
737
Alias /save/ "$DIR_SAVE/"
734
Alias /save/ "$DIR_SAVE/"
738
<Directory $DIR_SAVE>
735
<Directory $DIR_SAVE>
739
	SSLRequireSSL
736
	SSLRequireSSL
740
	Options Indexes
737
	Options Indexes
741
	Order deny,allow
738
	Order deny,allow
742
	Deny from all
739
	Deny from all
743
	Allow from 127.0.0.1
740
	Allow from 127.0.0.1
744
	Allow from $PRIVATE_NETWORK_MASK
741
	Allow from $PRIVATE_NETWORK_MASK
745
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
742
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
746
	require valid-user
743
	require valid-user
747
	AuthType digest
744
	AuthType digest
748
	AuthName $HOSTNAME.$DOMAIN
745
	AuthName $HOSTNAME.$DOMAIN
749
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
746
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
750
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
747
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
751
</Directory>
748
</Directory>
752
EOF
749
EOF
753
# Launch after coova
750
# Launch after coova
754
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/httpd.service
751
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/httpd.service
755
# Error page management
752
# Error page management
756
FIC_ERROR_DOC=`find /etc/httpd/conf -type f -name multilang-errordoc.conf`
753
FIC_ERROR_DOC=`find /etc/httpd/conf -type f -name multilang-errordoc.conf`
757
[ -e $FIC_ERROR_DOC ]  || cp $FIC_ERROR_DOC $FIC_ERROR_DOC.default
754
[ -e $FIC_ERROR_DOC ]  || cp $FIC_ERROR_DOC $FIC_ERROR_DOC.default
758
 
755
 
759
cat <<EOF > $FIC_ERROR_DOC
756
cat <<EOF > $FIC_ERROR_DOC
760
Alias /error/ "/var/www/html/"
757
Alias /error/ "/var/www/html/"
761
 
758
 
762
<Directory "/usr/share/httpd/error">
759
<Directory "/usr/share/httpd/error">
763
    AllowOverride None
760
    AllowOverride None
764
    Options IncludesNoExec
761
    Options IncludesNoExec
765
    AddOutputFilter Includes html
762
    AddOutputFilter Includes html
766
    AddHandler type-map var
763
    AddHandler type-map var
767
    Require all granted
764
    Require all granted
768
    LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
765
    LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
769
    ForceLanguagePriority Prefer Fallback
766
    ForceLanguagePriority Prefer Fallback
770
</Directory>
767
</Directory>
771
 
768
 
772
ErrorDocument 400 /error/error.php?error=400
769
ErrorDocument 400 /error/error.php?error=400
773
ErrorDocument 401 /error/error.php?error=401
770
ErrorDocument 401 /error/error.php?error=401
774
ErrorDocument 403 /error/error.php?error=403
771
ErrorDocument 403 /error/error.php?error=403
775
ErrorDocument 404 /error/error.php?error=404
772
ErrorDocument 404 /error/error.php?error=404
776
ErrorDocument 405 /error/error.php?error=405
773
ErrorDocument 405 /error/error.php?error=405
777
ErrorDocument 408 /error/error.php?error=408
774
ErrorDocument 408 /error/error.php?error=408
778
ErrorDocument 410 /error/error.php?error=410
775
ErrorDocument 410 /error/error.php?error=410
779
ErrorDocument 411 /error/error.php?error=411
776
ErrorDocument 411 /error/error.php?error=411
780
ErrorDocument 412 /error/error.php?error=412
777
ErrorDocument 412 /error/error.php?error=412
781
ErrorDocument 413 /error/error.php?error=413
778
ErrorDocument 413 /error/error.php?error=413
782
ErrorDocument 414 /error/error.php?error=414
779
ErrorDocument 414 /error/error.php?error=414
783
ErrorDocument 415 /error/error.php?error=415
780
ErrorDocument 415 /error/error.php?error=415
784
ErrorDocument 500 /error/error.php?error=500
781
ErrorDocument 500 /error/error.php?error=500
785
ErrorDocument 501 /error/error.php?error=501
782
ErrorDocument 501 /error/error.php?error=501
786
ErrorDocument 502 /error/error.php?error=502
783
ErrorDocument 502 /error/error.php?error=502
787
ErrorDocument 503 /error/error.php?error=503
784
ErrorDocument 503 /error/error.php?error=503
788
ErrorDocument 506 /error/error.php?error=506
785
ErrorDocument 506 /error/error.php?error=506
789
EOF
786
EOF
790
 
787
 
791
} # End of ACC ()
788
} # End of ACC ()
792
 
789
 
793
##########################################################################################
790
##########################################################################################
794
##				Fonction "CA"						##
791
##				Fonction "CA"						##
795
## - Création d'une Autorité de Certification et du certificat serveur pour apache 	##
792
## - Création d'une Autorité de Certification et du certificat serveur pour apache 	##
796
##########################################################################################
793
##########################################################################################
797
CA ()
794
CA ()
798
{
795
{
799
	$DIR_DEST_BIN/alcasar-CA.sh
796
	$DIR_DEST_BIN/alcasar-CA.sh
800
	FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf`
797
	FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf`
801
	[ -e /etc/httpd/conf/vhosts-ssl.default ]  || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
798
	[ -e /etc/httpd/conf/vhosts-ssl.default ]  || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
802
	
799
	
803
	#$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
800
	#$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
804
	#$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL
801
	#$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL
805
	#$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?" $FIC_VIRTUAL_SSL
802
	#$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?" $FIC_VIRTUAL_SSL
806
	
803
	
807
	cat <<EOF > $FIC_VIRTUAL_SSL
804
	cat <<EOF > $FIC_VIRTUAL_SSL
808
# default SSL virtual host, used for all HTTPS requests that do not
805
# default SSL virtual host, used for all HTTPS requests that do not
809
# match a ServerName or ServerAlias in any <VirtualHost> block.
806
# match a ServerName or ServerAlias in any <VirtualHost> block.
810
 
807
 
811
<VirtualHost _default_:443>
808
<VirtualHost _default_:443>
812
# general configuration
809
# general configuration
813
    ServerAdmin root@localhost
810
    ServerAdmin root@localhost
814
    ServerName localhost
811
    ServerName localhost
815
 
812
 
816
# SSL configuration
813
# SSL configuration
817
    SSLEngine on
814
    SSLEngine on
818
    SSLCertificateFile /etc/pki/tls/certs/alcasar.crt
815
    SSLCertificateFile /etc/pki/tls/certs/alcasar.crt
819
    SSLCertificateKeyFile /etc/pki/tls/private/alcasar.key
816
    SSLCertificateKeyFile /etc/pki/tls/private/alcasar.key
820
    SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
817
    SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
821
    CustomLog logs/ssl_request_log \
818
    CustomLog logs/ssl_request_log \
822
	"%t %{SSL_PROTOCOL}x %{SSL_CIPHER}x [%h] \"%r\" %b"
819
	"%t %{SSL_PROTOCOL}x %{SSL_CIPHER}x [%h] \"%r\" %b"
823
    ErrorLog logs/ssl_error_log
820
    ErrorLog logs/ssl_error_log
824
    ErrorLogFormat "[%t] [%m:%l] [client %a] %M"
821
    ErrorLogFormat "[%t] [%m:%l] [client %a] %M"
825
</VirtualHost>
822
</VirtualHost>
826
EOF
823
EOF
827
 
824
 
828
	chown -R root:apache /etc/pki
825
	chown -R root:apache /etc/pki
829
	chmod -R 750 /etc/pki
826
	chmod -R 750 /etc/pki
830
} # End of CA ()
827
} # End of CA ()
831
 
828
 
832
##########################################################################################
829
##########################################################################################
833
##			Fonction "init_db"						##
830
##			Fonction "init_db"						##
834
## - Initialisation de la base Mysql							##
831
## - Initialisation de la base Mysql							##
835
## - Affectation du mot de passe de l'administrateur (root)				##
832
## - Affectation du mot de passe de l'administrateur (root)				##
836
## - Suppression des bases et des utilisateurs superflus				##
833
## - Suppression des bases et des utilisateurs superflus				##
837
## - Création de la base 'radius'							##
834
## - Création de la base 'radius'							##
838
## - Installation du schéma de cette base						##
835
## - Installation du schéma de cette base						##
839
## - Import des tables de comptabilité (mtotacct, totacct) et info_usagers (userinfo)	##
836
## - Import des tables de comptabilité (mtotacct, totacct) et info_usagers (userinfo)	##
840
##       ces table proviennent de 'dialupadmin' (paquetage freeradius-web)		##
837
##       ces table proviennent de 'dialupadmin' (paquetage freeradius-web)		##
841
##########################################################################################
838
##########################################################################################
842
init_db ()
839
init_db ()
843
{
840
{
844
	rm -rf /var/lib/mysql # to be sure that there is no former installation
841
	rm -rf /var/lib/mysql # to be sure that there is no former installation
845
	[ -e /etc/my.cnf.default ] || cp /etc/my.cnf /etc/my.cnf.default
842
	[ -e /etc/my.cnf.default ] || cp /etc/my.cnf /etc/my.cnf.default
846
	$SED "s?^#bind-address.*?bind-address=127.0.0.1?g" /etc/my.cnf
843
	$SED "s?^#bind-address.*?bind-address=127.0.0.1?g" /etc/my.cnf
847
	$SED "s?^tmpdir.*?tmpdir=/tmp?g" /etc/my.cnf
844
	$SED "s?^tmpdir.*?tmpdir=/tmp?g" /etc/my.cnf
848
	systemctl start mysqld.service
845
	systemctl start mysqld.service
849
	sleep 4
846
	sleep 4
850
	mysqladmin -u root password $mysqlpwd
847
	mysqladmin -u root password $mysqlpwd
851
	MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
848
	MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
852
# Secure the server
849
# Secure the server
853
	$MYSQL="DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;"
850
	$MYSQL="DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;"
854
	$MYSQL="CONNECT mysql;DELETE from user where User='';DELETE FROM user WHERE User='root' AND Host NOT IN ('localhost','127.0.0.1','::1');FLUSH PRIVILEGES;" 
851
	$MYSQL="CONNECT mysql;DELETE from user where User='';DELETE FROM user WHERE User='root' AND Host NOT IN ('localhost','127.0.0.1','::1');FLUSH PRIVILEGES;" 
855
# Create 'radius' database
852
# Create 'radius' database
856
	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES;"
853
	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES;"
857
# Add an empty radius database structure
854
# Add an empty radius database structure
858
	mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/radiusd-db-vierge.sql
855
	mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/radiusd-db-vierge.sql
859
# modify the start script in order to close accounting connexion when the system is comming down or up
856
# modify the start script in order to close accounting connexion when the system is comming down or up
860
	[ -e /lib/systemd/system/mysqld.service.default ] || cp /lib/systemd/system/mysqld.service /lib/systemd/system/mysqld.service.default
857
	[ -e /lib/systemd/system/mysqld.service.default ] || cp /lib/systemd/system/mysqld.service /lib/systemd/system/mysqld.service.default
861
	$SED "/ExecStartPost=/a ExecStartPost=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service
858
	$SED "/ExecStartPost=/a ExecStartPost=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service
862
	$SED "/ExecStartPost=/a ExecStop=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
859
	$SED "/ExecStartPost=/a ExecStop=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
863
	systemctl daemon-reload
860
	systemctl daemon-reload
864
} # End of init_db ()
861
} # End of init_db ()
865
 
862
 
866
##########################################################################
863
##########################################################################
867
##			Fonction "radius"				##
864
##			Fonction "radius"				##
868
## - Paramètrage des fichiers de configuration FreeRadius		##
865
## - Paramètrage des fichiers de configuration FreeRadius		##
869
## - Affectation du secret partagé entre coova-chilli et freeradius	##
866
## - Affectation du secret partagé entre coova-chilli et freeradius	##
870
## - Modification de fichier de conf pour l'accès à Mysql		##
867
## - Modification de fichier de conf pour l'accès à Mysql		##
871
##########################################################################
868
##########################################################################
872
radius ()
869
radius ()
873
{
870
{
874
	cp -f $DIR_CONF/radiusd-db-vierge.sql /etc/raddb/
871
	cp -f $DIR_CONF/radiusd-db-vierge.sql /etc/raddb/
875
	chown -R radius:radius /etc/raddb
872
	chown -R radius:radius /etc/raddb
876
	[ -e /etc/raddb/radiusd.conf.default ] || cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
873
	[ -e /etc/raddb/radiusd.conf.default ] || cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
877
# Set radius.conf parameters
874
# Set radius.conf parameters
878
	$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
875
	$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
879
	$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
876
	$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
880
	$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
877
	$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
881
# remove the proxy function
878
# remove the proxy function
882
	$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf
879
	$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf
883
	$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf
880
	$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf
884
# remove EAP module
881
# remove EAP module
885
	$SED "s?^[\t ]*\$INCLUDE eap.conf.*?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf
882
	$SED "s?^[\t ]*\$INCLUDE eap.conf.*?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf
886
# listen on loopback (should be modified later if EAP enabled)
883
# listen on loopback (should be modified later if EAP enabled)
887
	$SED "s?^[\t ]*ipaddr =.*?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf
884
	$SED "s?^[\t ]*ipaddr =.*?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf
888
# enable the  SQL module (and SQL counter)
885
# enable the  SQL module (and SQL counter)
889
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql.conf.*?\$INCLUDE sql.conf?g" /etc/raddb/radiusd.conf
886
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql.conf.*?\$INCLUDE sql.conf?g" /etc/raddb/radiusd.conf
890
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
887
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
891
	$SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
888
	$SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
892
# only include modules for ALCASAR needs
889
# only include modules for ALCASAR needs
893
	$SED "s?^[\t ]*\$INCLUDE \${confdir}/modules/.*?\t#\$INCLUDE \${confdir}/modules/\n\t# we only include modules for ALCASAR needs\n\t\$INCLUDE \${confdir}/modules/attr_filter\n\t\$INCLUDE \${confdir}/modules/expiration\n\t\$INCLUDE \${confdir}/modules/logintime\n\t\$INCLUDE \${confdir}/modules/ldap\n\t\$INCLUDE \${confdir}/modules/pap?g" /etc/raddb/radiusd.conf
890
	$SED "s?^[\t ]*\$INCLUDE \${confdir}/modules/.*?\t#\$INCLUDE \${confdir}/modules/\n\t# we only include modules for ALCASAR needs\n\t\$INCLUDE \${confdir}/modules/attr_filter\n\t\$INCLUDE \${confdir}/modules/expiration\n\t\$INCLUDE \${confdir}/modules/logintime\n\t\$INCLUDE \${confdir}/modules/ldap\n\t\$INCLUDE \${confdir}/modules/pap?g" /etc/raddb/radiusd.conf
894
	$SED "s/^[\t ]exec$/\#\texec/g" /etc/raddb/radiusd.conf
891
	$SED "s/^[\t ]exec$/\#\texec/g" /etc/raddb/radiusd.conf
895
	$SED "s?^[\t ]*expr.*?\#\texpr?g" /etc/raddb/radiusd.conf
892
	$SED "s?^[\t ]*expr.*?\#\texpr?g" /etc/raddb/radiusd.conf
896
	$SED "s?^[\t ]*\#	daily.*?\#\tdaily\n\tsql?g" /etc/raddb/radiusd.conf
893
	$SED "s?^[\t ]*\#	daily.*?\#\tdaily\n\tsql?g" /etc/raddb/radiusd.conf
897
	$SED "s?^[\t ]*logintime.*?\tlogintime\n\tnoresetcounter\n\tdailycounter\n\tmonthlycounter\n\tattr_filter.access_reject\n\tattr_filter.accounting_response\n\tpap?g" /etc/raddb/radiusd.conf
894
	$SED "s?^[\t ]*logintime.*?\tlogintime\n\tnoresetcounter\n\tdailycounter\n\tmonthlycounter\n\tattr_filter.access_reject\n\tattr_filter.accounting_response\n\tpap?g" /etc/raddb/radiusd.conf
898
	$SED "s?^[\t ]*\$INCLUDE sites-enabled/.*?\#\$INCLUDE sites-enabled/\n\#\tenable only alcasar virtual server\n\$INCLUDE sites-enabled/alcasar?g" /etc/raddb/radiusd.conf
895
	$SED "s?^[\t ]*\$INCLUDE sites-enabled/.*?\#\$INCLUDE sites-enabled/\n\#\tenable only alcasar virtual server\n\$INCLUDE sites-enabled/alcasar?g" /etc/raddb/radiusd.conf
899
# remvove virtual server and copy our conf file
896
# remvove virtual server and copy our conf file
900
	rm -f /etc/raddb/sites-enabled/*
897
	rm -f /etc/raddb/sites-enabled/*
901
       	cp $DIR_CONF/radius/alcasar-radius /etc/raddb/sites-available/alcasar
898
       	cp $DIR_CONF/radius/alcasar-radius /etc/raddb/sites-available/alcasar
902
	chown radius:apache /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap # droits rw pour apache (module ldap)
899
	chown radius:apache /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap # droits rw pour apache (module ldap)
903
	chmod 660 /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap
900
	chmod 660 /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap
904
	chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/modules
901
	chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/modules
905
	ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
902
	ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
906
# Inutile dans notre fonctionnement mais les liens sont recréés par un update de radius ... donc forcé en tant que fichier à 'vide'
903
# Inutile dans notre fonctionnement mais les liens sont recréés par un update de radius ... donc forcé en tant que fichier à 'vide'
907
	touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default}
904
	touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default}
908
# client.conf configuration (127.0.0.1 suffit mais on laisse le deuxième client pour la future gestion de l'EAP)
905
# client.conf configuration (127.0.0.1 suffit mais on laisse le deuxième client pour la future gestion de l'EAP)
909
	[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
906
	[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
910
	cat << EOF > /etc/raddb/clients.conf
907
	cat << EOF > /etc/raddb/clients.conf
911
client 127.0.0.1 {
908
client 127.0.0.1 {
912
	secret = $secretradius
909
	secret = $secretradius
913
	shortname = localhost
910
	shortname = localhost
914
}
911
}
915
EOF
912
EOF
916
# sql.conf modification
913
# sql.conf modification
917
	[ -e /etc/raddb/sql.conf.default ] || cp /etc/raddb/sql.conf /etc/raddb/sql.conf.default
914
	[ -e /etc/raddb/sql.conf.default ] || cp /etc/raddb/sql.conf /etc/raddb/sql.conf.default
918
	$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/sql.conf
915
	$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/sql.conf
919
	$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/sql.conf
916
	$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/sql.conf
920
	$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/sql.conf
917
	$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/sql.conf
921
	$SED "s?^[\t ]*sqltrace =.*?sqltrace = no?g" /etc/raddb/sql.conf
918
	$SED "s?^[\t ]*sqltrace =.*?sqltrace = no?g" /etc/raddb/sql.conf
922
# dialup.conf modification (case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.) 
919
# dialup.conf modification (case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.) 
923
	[ -e /etc/raddb/sql/mysql/dialup.conf.default ] || cp /etc/raddb/sql/mysql/dialup.conf /etc/raddb/sql/mysql/dialup.conf.default
920
	[ -e /etc/raddb/sql/mysql/dialup.conf.default ] || cp /etc/raddb/sql/mysql/dialup.conf /etc/raddb/sql/mysql/dialup.conf.default
924
	cp -f $DIR_CONF/radius/dialup.conf /etc/raddb/sql/mysql/dialup.conf
921
	cp -f $DIR_CONF/radius/dialup.conf /etc/raddb/sql/mysql/dialup.conf
925
# counter.conf modification (change the Max-All-Session-Time counter)
922
# counter.conf modification (change the Max-All-Session-Time counter)
926
	[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default
923
	[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default
927
	cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf
924
	cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf
928
	chown -R radius:radius /etc/raddb/sql/mysql/*
925
	chown -R radius:radius /etc/raddb/sql/mysql/*
929
# make certain that mysql is up before radius start
926
# make certain that mysql is up before radius start
930
	[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default
927
	[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default
931
	$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
928
	$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
932
	systemctl daemon-reload
929
	systemctl daemon-reload
933
} # End radius ()
930
} # End radius ()
934
 
931
 
935
##########################################################################
932
##########################################################################
936
##			Function "radius_web"				##
933
##			Function "radius_web"				##
937
## - Import, modification et paramètrage de l'interface "dialupadmin"	##
934
## - Import, modification et paramètrage de l'interface "dialupadmin"	##
938
## - Création du lien vers la page de changement de mot de passe        ##
935
## - Création du lien vers la page de changement de mot de passe        ##
939
##########################################################################
936
##########################################################################
940
radius_web ()
937
radius_web ()
941
{
938
{
942
# copie de l'interface d'origine dans la structure Alcasar
939
# copie de l'interface d'origine dans la structure Alcasar
943
	[ -d /usr/share/freeradius-web ] && cp -rf /usr/share/freeradius-web/* $DIR_ACC/manager/
940
	[ -d /usr/share/freeradius-web ] && cp -rf /usr/share/freeradius-web/* $DIR_ACC/manager/
944
	rm -f $DIR_ACC/manager/index.html $DIR_ACC/manager/readme 
941
	rm -f $DIR_ACC/manager/index.html $DIR_ACC/manager/readme 
945
	rm -f $DIR_ACC/manager/htdocs/about.html $DIR_ACC/manager/htdocs/index.html $DIR_ACC/manager/htdocs/content.html
942
	rm -f $DIR_ACC/manager/htdocs/about.html $DIR_ACC/manager/htdocs/index.html $DIR_ACC/manager/htdocs/content.html
946
# copie des fichiers modifiés
943
# copie des fichiers modifiés
947
	cp -rf $DIR_INSTALL/web/acc/manager/* $DIR_ACC/manager/
944
	cp -rf $DIR_INSTALL/web/acc/manager/* $DIR_ACC/manager/
948
	chown -R apache:apache $DIR_ACC/manager/
945
	chown -R apache:apache $DIR_ACC/manager/
949
# Modification des fichiers de configuration
946
# Modification des fichiers de configuration
950
	[ -e /etc/freeradius-web/admin.conf.default ] || cp /etc/freeradius-web/admin.conf /etc/freeradius-web/admin.conf.default
947
	[ -e /etc/freeradius-web/admin.conf.default ] || cp /etc/freeradius-web/admin.conf /etc/freeradius-web/admin.conf.default
951
	$SED "s?^general_domain:.*?general_domain: $DOMAIN?g" /etc/freeradius-web/admin.conf
948
	$SED "s?^general_domain:.*?general_domain: $DOMAIN?g" /etc/freeradius-web/admin.conf
952
	$SED "s?^sql_username:.*?sql_username: $DB_USER?g" /etc/freeradius-web/admin.conf
949
	$SED "s?^sql_username:.*?sql_username: $DB_USER?g" /etc/freeradius-web/admin.conf
953
	$SED "s?^sql_password:.*?sql_password: $radiuspwd?g" /etc/freeradius-web/admin.conf
950
	$SED "s?^sql_password:.*?sql_password: $radiuspwd?g" /etc/freeradius-web/admin.conf
954
	$SED "s?^sql_debug:.*?sql_debug: false?g" /etc/freeradius-web/admin.conf
951
	$SED "s?^sql_debug:.*?sql_debug: false?g" /etc/freeradius-web/admin.conf
955
	$SED "s?^sql_usergroup_table: .*?sql_usergroup_table: radusergroup?g" /etc/freeradius-web/admin.conf
952
	$SED "s?^sql_usergroup_table: .*?sql_usergroup_table: radusergroup?g" /etc/freeradius-web/admin.conf
956
	$SED "s?^sql_password_attribute:.*?sql_password_attribute: Crypt-Password?g" /etc/freeradius-web/admin.conf
953
	$SED "s?^sql_password_attribute:.*?sql_password_attribute: Crypt-Password?g" /etc/freeradius-web/admin.conf
957
	$SED "s?^general_finger_type.*?# general_finger_type: snmp?g" /etc/freeradius-web/admin.conf
954
	$SED "s?^general_finger_type.*?# general_finger_type: snmp?g" /etc/freeradius-web/admin.conf
958
	$SED "s?^general_stats_use_totacct.*?general_stats_use_totacct: yes?g" /etc/freeradius-web/admin.conf
955
	$SED "s?^general_stats_use_totacct.*?general_stats_use_totacct: yes?g" /etc/freeradius-web/admin.conf
959
	$SED "s?^general_charset.*?general_charset: utf-8?g" /etc/freeradius-web/admin.conf
956
	$SED "s?^general_charset.*?general_charset: utf-8?g" /etc/freeradius-web/admin.conf
960
	[ -e /etc/freeradius-web/config.php.default ] || cp /etc/freeradius-web/config.php /etc/freeradius-web/config.php.default
957
	[ -e /etc/freeradius-web/config.php.default ] || cp /etc/freeradius-web/config.php /etc/freeradius-web/config.php.default
961
	cp -f $DIR_CONF/radius/freeradiusweb-config.php /etc/freeradius-web/config.php
958
	cp -f $DIR_CONF/radius/freeradiusweb-config.php /etc/freeradius-web/config.php
962
	cat <<EOF > /etc/freeradius-web/naslist.conf
959
	cat <<EOF > /etc/freeradius-web/naslist.conf
963
nas1_name: alcasar-$ORGANISME
960
nas1_name: alcasar-$ORGANISME
964
nas1_model: Portail captif
961
nas1_model: Portail captif
965
nas1_ip: $PRIVATE_IP
962
nas1_ip: $PRIVATE_IP
966
nas1_port_num: 0
963
nas1_port_num: 0
967
nas1_community: public
964
nas1_community: public
968
EOF
965
EOF
969
# Modification des attributs visibles lors de la création d'un usager ou d'un groupe
966
# Modification des attributs visibles lors de la création d'un usager ou d'un groupe
970
	[ -e /etc/freeradius-web/user_edit.attrs.default ] || mv /etc/freeradius-web/user_edit.attrs /etc/freeradius-web/user_edit.attrs.default
967
	[ -e /etc/freeradius-web/user_edit.attrs.default ] || mv /etc/freeradius-web/user_edit.attrs /etc/freeradius-web/user_edit.attrs.default
971
	cp -f $DIR_CONF/radius/user_edit.attrs /etc/freeradius-web/user_edit.attrs
968
	cp -f $DIR_CONF/radius/user_edit.attrs /etc/freeradius-web/user_edit.attrs
972
# Ajout du mappage des attributs chillispot
969
# Ajout du mappage des attributs chillispot
973
	[ -e /etc/freeradius-web/sql.attrmap.default ] || mv /etc/freeradius-web/sql.attrmap /etc/freeradius-web/sql.attrmap.default
970
	[ -e /etc/freeradius-web/sql.attrmap.default ] || mv /etc/freeradius-web/sql.attrmap /etc/freeradius-web/sql.attrmap.default
974
	cp -f $DIR_CONF/radius/sql.attrmap /etc/freeradius-web/sql.attrmap
971
	cp -f $DIR_CONF/radius/sql.attrmap /etc/freeradius-web/sql.attrmap
975
# Modification des attributs visibles sur les pages des statistiques (suppression NAS_IP et NAS_port)
972
# Modification des attributs visibles sur les pages des statistiques (suppression NAS_IP et NAS_port)
976
	[ -e /etc/freeradius-web/sql.attrs.default ] || cp /etc/freeradius-web/sql.attrs /etc/freeradius-web/sql.attrs.default
973
	[ -e /etc/freeradius-web/sql.attrs.default ] || cp /etc/freeradius-web/sql.attrs /etc/freeradius-web/sql.attrs.default
977
	$SED "s?^NASIPAddress.*?NASIPAddress\tNas IP Address\tno?g" /etc/freeradius-web/sql.attrs
974
	$SED "s?^NASIPAddress.*?NASIPAddress\tNas IP Address\tno?g" /etc/freeradius-web/sql.attrs
978
	$SED "s?^NASPortId.*?NASPortId\tNas Port\tno?g" /etc/freeradius-web/sql.attrs
975
	$SED "s?^NASPortId.*?NASPortId\tNas Port\tno?g" /etc/freeradius-web/sql.attrs
979
	chown -R apache:apache /etc/freeradius-web
976
	chown -R apache:apache /etc/freeradius-web
980
# Ajout de l'alias vers la page de "changement de mot de passe usager"
977
# Ajout de l'alias vers la page de "changement de mot de passe usager"
981
	cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
978
	cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
982
<Directory $DIR_WEB/pass>
979
<Directory $DIR_WEB/pass>
983
	SSLRequireSSL
980
	SSLRequireSSL
984
	AllowOverride None
981
	AllowOverride None
985
	Order deny,allow
982
	Order deny,allow
986
	Deny from all
983
	Deny from all
987
	Allow from 127.0.0.1
984
	Allow from 127.0.0.1
988
	Allow from $PRIVATE_NETWORK_MASK
985
	Allow from $PRIVATE_NETWORK_MASK
989
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN
986
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN
990
</Directory>
987
</Directory>
991
EOF
988
EOF
992
} # End of radius_web ()
989
} # End of radius_web ()
993
 
990
 
994
##################################################################################
991
##################################################################################
995
##			Fonction "chilli"					##
992
##			Fonction "chilli"					##
996
## - Création du fichier d'initialisation et de configuration de coova-chilli	##
993
## - Création du fichier d'initialisation et de configuration de coova-chilli	##
997
## - Paramètrage de la page d'authentification (intercept.php)			##
994
## - Paramètrage de la page d'authentification (intercept.php)			##
998
##################################################################################
995
##################################################################################
999
chilli ()
996
chilli ()
1000
{
997
{
1001
# chilli unit for systemd
998
# chilli unit for systemd
1002
cat << EOF > /lib/systemd/system/chilli.service
999
cat << EOF > /lib/systemd/system/chilli.service
1003
#  This file is part of systemd.
1000
#  This file is part of systemd.
1004
#
1001
#
1005
#  systemd is free software; you can redistribute it and/or modify it
1002
#  systemd is free software; you can redistribute it and/or modify it
1006
#  under the terms of the GNU General Public License as published by
1003
#  under the terms of the GNU General Public License as published by
1007
#  the Free Software Foundation; either version 2 of the License, or
1004
#  the Free Software Foundation; either version 2 of the License, or
1008
#  (at your option) any later version.
1005
#  (at your option) any later version.
1009
[Unit]
1006
[Unit]
1010
Description=chilli is a captive portal daemon
1007
Description=chilli is a captive portal daemon
1011
After=network.target
1008
After=network.target
1012
 
1009
 
1013
[Service]
1010
[Service]
1014
Type=forking
1011
Type=forking
1015
ExecStart=/usr/libexec/chilli start
1012
ExecStart=/usr/libexec/chilli start
1016
ExecStop=/usr/libexec/chilli stop
1013
ExecStop=/usr/libexec/chilli stop
1017
ExecReload=/usr/libexec/chilli reload
1014
ExecReload=/usr/libexec/chilli reload
1018
PIDFile=/var/run/chilli.pid
1015
PIDFile=/var/run/chilli.pid
1019
 
1016
 
1020
[Install]
1017
[Install]
1021
WantedBy=multi-user.target
1018
WantedBy=multi-user.target
1022
EOF
1019
EOF
1023
# init file creation
1020
# init file creation
1024
	[ -e /etc/init.d/chilli.default ] || mv /etc/init.d/chilli /etc/init.d/chilli.default
1021
	[ -e /etc/init.d/chilli.default ] || mv /etc/init.d/chilli /etc/init.d/chilli.default
1025
	cat <<EOF > /usr/libexec/chilli
1022
	cat <<EOF > /usr/libexec/chilli
1026
#!/bin/sh
1023
#!/bin/sh
1027
#
1024
#
1028
# chilli CoovaChilli init
1025
# chilli CoovaChilli init
1029
#
1026
#
1030
# chkconfig: 2345 65 35
1027
# chkconfig: 2345 65 35
1031
# description: CoovaChilli
1028
# description: CoovaChilli
1032
### BEGIN INIT INFO
1029
### BEGIN INIT INFO
1033
# Provides:       chilli
1030
# Provides:       chilli
1034
# Required-Start: network 
1031
# Required-Start: network 
1035
# Should-Start: 
1032
# Should-Start: 
1036
# Required-Stop:  network
1033
# Required-Stop:  network
1037
# Should-Stop: 
1034
# Should-Stop: 
1038
# Default-Start:  2 3 5
1035
# Default-Start:  2 3 5
1039
# Default-Stop:
1036
# Default-Stop:
1040
# Description:    CoovaChilli access controller
1037
# Description:    CoovaChilli access controller
1041
### END INIT INFO
1038
### END INIT INFO
1042
 
1039
 
1043
[ -f /usr/sbin/chilli ] || exit 0
1040
[ -f /usr/sbin/chilli ] || exit 0
1044
. /etc/init.d/functions
1041
. /etc/init.d/functions
1045
CONFIG=/etc/chilli.conf
1042
CONFIG=/etc/chilli.conf
1046
pidfile=/var/run/chilli.pid
1043
pidfile=/var/run/chilli.pid
1047
[ -f \$CONFIG ] || {
1044
[ -f \$CONFIG ] || {
1048
    echo "\$CONFIG Not found"
1045
    echo "\$CONFIG Not found"
1049
    exit 0
1046
    exit 0
1050
}
1047
}
1051
RETVAL=0
1048
RETVAL=0
1052
prog="chilli"
1049
prog="chilli"
1053
case \$1 in
1050
case \$1 in
1054
    start)
1051
    start)
1055
	if [ -f \$pidfile ] ; then 
1052
	if [ -f \$pidfile ] ; then 
1056
		gprintf "chilli is already running"
1053
		gprintf "chilli is already running"
1057
	else
1054
	else
1058
        	gprintf "Starting \$prog: "
1055
        	gprintf "Starting \$prog: "
1059
		rm -f /var/run/chilli* # cleaning
1056
		rm -f /var/run/chilli* # cleaning
1060
        	/sbin/modprobe tun >/dev/null 2>&1
1057
        	/sbin/modprobe tun >/dev/null 2>&1
1061
        	echo 1 > /proc/sys/net/ipv4/ip_forward
1058
        	echo 1 > /proc/sys/net/ipv4/ip_forward
1062
		[ -e /dev/net/tun ] || {
1059
		[ -e /dev/net/tun ] || {
1063
	    	(cd /dev; 
1060
	    	(cd /dev; 
1064
			mkdir net; 
1061
			mkdir net; 
1065
			cd net; 
1062
			cd net; 
1066
			mknod tun c 10 200)
1063
			mknod tun c 10 200)
1067
		}
1064
		}
1068
		ifconfig $INTIF 0.0.0.0
1065
		ifconfig $INTIF 0.0.0.0
1069
		daemon /usr/sbin/chilli -c \$CONFIG --pidfile=\$pidfile &
1066
		daemon /usr/sbin/chilli -c \$CONFIG --pidfile=\$pidfile &
1070
        	RETVAL=$?
1067
        	RETVAL=$?
1071
	fi
1068
	fi
1072
	;;
1069
	;;
1073
 
1070
 
1074
    reload)
1071
    reload)
1075
	killall -HUP chilli
1072
	killall -HUP chilli
1076
	;;
1073
	;;
1077
 
1074
 
1078
    restart)
1075
    restart)
1079
	\$0 stop
1076
	\$0 stop
1080
        sleep 2
1077
        sleep 2
1081
	\$0 start
1078
	\$0 start
1082
	;;
1079
	;;
1083
    
1080
    
1084
    status)
1081
    status)
1085
        status chilli
1082
        status chilli
1086
        RETVAL=0
1083
        RETVAL=0
1087
        ;;
1084
        ;;
1088
 
1085
 
1089
    stop)
1086
    stop)
1090
	if [ -f \$pidfile ] ; then  
1087
	if [ -f \$pidfile ] ; then  
1091
        	gprintf "Shutting down \$prog: "
1088
        	gprintf "Shutting down \$prog: "
1092
		killproc /usr/sbin/chilli
1089
		killproc /usr/sbin/chilli
1093
		RETVAL=\$?
1090
		RETVAL=\$?
1094
		[ \$RETVAL = 0 ] && rm -f $pidfile
1091
		[ \$RETVAL = 0 ] && rm -f $pidfile
1095
	else	
1092
	else	
1096
        	gprintf "chilli is not running"
1093
        	gprintf "chilli is not running"
1097
	fi
1094
	fi
1098
	;;
1095
	;;
1099
    
1096
    
1100
    *)
1097
    *)
1101
        echo "Usage: \$0 {start|stop|restart|reload|status}"
1098
        echo "Usage: \$0 {start|stop|restart|reload|status}"
1102
        exit 1
1099
        exit 1
1103
esac
1100
esac
1104
echo
1101
echo
1105
EOF
1102
EOF
1106
chmod a+x /usr/libexec/chilli
1103
chmod a+x /usr/libexec/chilli
1107
# conf file creation
1104
# conf file creation
1108
	[ -e /etc/chilli.conf.default ] || cp /etc/chilli.conf /etc/chilli.conf.default
1105
	[ -e /etc/chilli.conf.default ] || cp /etc/chilli.conf /etc/chilli.conf.default
1109
	cat <<EOF > /etc/chilli.conf
1106
	cat <<EOF > /etc/chilli.conf
1110
# coova config for ALCASAR
1107
# coova config for ALCASAR
1111
cmdsocket	/var/run/chilli.sock
1108
cmdsocket	/var/run/chilli.sock
1112
unixipc		chilli.$INTIF.ipc
1109
unixipc		chilli.$INTIF.ipc
1113
pidfile		/var/run/chilli.$INTIF.pid
1110
pidfile		/var/run/chilli.$INTIF.pid
1114
net		$PRIVATE_NETWORK_MASK
1111
net		$PRIVATE_NETWORK_MASK
1115
dhcpif		$INTIF
1112
dhcpif		$INTIF
1116
ethers		$DIR_DEST_ETC/alcasar-ethers
1113
ethers		$DIR_DEST_ETC/alcasar-ethers
1117
#nodynip
1114
#nodynip
1118
#statip
1115
#statip
1119
dynip		$PRIVATE_NETWORK_MASK
1116
dynip		$PRIVATE_NETWORK_MASK
1120
domain		$DOMAIN
1117
domain		$DOMAIN
1121
dns1		$PRIVATE_IP
1118
dns1		$PRIVATE_IP
1122
dns2		$PRIVATE_IP
1119
dns2		$PRIVATE_IP
1123
uamlisten	$PRIVATE_IP
1120
uamlisten	$PRIVATE_IP
1124
uamport		3990
1121
uamport		3990
1125
macauth
1122
macauth
1126
macpasswd	password
1123
macpasswd	password
1127
locationname	$HOSTNAME.$DOMAIN
1124
locationname	$HOSTNAME.$DOMAIN
1128
radiusserver1	127.0.0.1
1125
radiusserver1	127.0.0.1
1129
radiusserver2	127.0.0.1
1126
radiusserver2	127.0.0.1
1130
radiussecret	$secretradius
1127
radiussecret	$secretradius
1131
radiusauthport	1812
1128
radiusauthport	1812
1132
radiusacctport	1813
1129
radiusacctport	1813
1133
uamserver	https://$HOSTNAME.$DOMAIN/intercept.php
1130
uamserver	https://$HOSTNAME.$DOMAIN/intercept.php
1134
radiusnasid	$HOSTNAME.$DOMAIN
1131
radiusnasid	$HOSTNAME.$DOMAIN
1135
uamsecret	$secretuam
1132
uamsecret	$secretuam
1136
uamallowed	$HOSTNAME,$HOSTNAME.$DOMAIN
1133
uamallowed	$HOSTNAME,$HOSTNAME.$DOMAIN
1137
coaport		3799
1134
coaport		3799
1138
conup		$DIR_DEST_BIN/alcasar-conup.sh
1135
conup		$DIR_DEST_BIN/alcasar-conup.sh
1139
condown		$DIR_DEST_BIN/alcasar-condown.sh
1136
condown		$DIR_DEST_BIN/alcasar-condown.sh
1140
include		$DIR_DEST_ETC/alcasar-uamallowed
1137
include		$DIR_DEST_ETC/alcasar-uamallowed
1141
include		$DIR_DEST_ETC/alcasar-uamdomain
1138
include		$DIR_DEST_ETC/alcasar-uamdomain
1142
#dhcpgateway
1139
#dhcpgateway
1143
#dhcprelayagent
1140
#dhcprelayagent
1144
#dhcpgatewayport
1141
#dhcpgatewayport
1145
EOF
1142
EOF
1146
# create file for DHCP static ip. Reserve the second IP address for INTIF (the first one is for tun0)
1143
# create file for DHCP static ip. Reserve the second IP address for INTIF (the first one is for tun0)
1147
	echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
1144
	echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
1148
# create files for trusted domains and urls
1145
# create files for trusted domains and urls
1149
	touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
1146
	touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
1150
	chown root:apache $DIR_DEST_ETC/alcasar-*
1147
	chown root:apache $DIR_DEST_ETC/alcasar-*
1151
	chmod 660 $DIR_DEST_ETC/alcasar-*
1148
	chmod 660 $DIR_DEST_ETC/alcasar-*
1152
# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli)
1149
# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli)
1153
	$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php
1150
	$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php
1154
	$SED "s?^\$userpassword=1.*?\$userpassword=1;?g" $DIR_WEB/intercept.php
1151
	$SED "s?^\$userpassword=1.*?\$userpassword=1;?g" $DIR_WEB/intercept.php
1155
# user 'chilli' creation (in order to run conup/off and up/down scripts
1152
# user 'chilli' creation (in order to run conup/off and up/down scripts
1156
	chilli_exist=`grep chilli /etc/passwd|wc -l`
1153
	chilli_exist=`grep chilli /etc/passwd|wc -l`
1157
	if [ "$chilli_exist" == "1" ]
1154
	if [ "$chilli_exist" == "1" ]
1158
	then
1155
	then
1159
	      userdel -r chilli 2>/dev/null
1156
	      userdel -r chilli 2>/dev/null
1160
	fi
1157
	fi
1161
	groupadd -f chilli
1158
	groupadd -f chilli
1162
	useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
1159
	useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
1163
}  # End of chilli ()
1160
}  # End of chilli ()
1164
 
1161
 
1165
##################################################################
1162
##################################################################
1166
##		Fonction "dansguardian"				##
1163
##		Fonction "dansguardian"				##
1167
## - Paramètrage du gestionnaire de contenu Dansguardian	##
1164
## - Paramètrage du gestionnaire de contenu Dansguardian	##
1168
##################################################################
1165
##################################################################
1169
dansguardian ()
1166
dansguardian ()
1170
{
1167
{
1171
	mkdir /var/dansguardian
1168
	mkdir /var/dansguardian
1172
	chown dansguardian /var/dansguardian
1169
	chown dansguardian /var/dansguardian
1173
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dansguardian -c /etc/dansguardian/dansguardian.conf?g" /lib/systemd/system/dansguardian.service
1170
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dansguardian -c /etc/dansguardian/dansguardian.conf?g" /lib/systemd/system/dansguardian.service
1174
	$SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/dansguardian.service
1171
	$SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/dansguardian.service
1175
	[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
1172
	[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
1176
# By default the filter is off 
1173
# By default the filter is off 
1177
	$SED "s/^reportinglevel =.*/reportinglevel = -1/g" $DIR_DG/dansguardian.conf
1174
	$SED "s/^reportinglevel =.*/reportinglevel = -1/g" $DIR_DG/dansguardian.conf
1178
# French deny HTML page
1175
# French deny HTML page
1179
	$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
1176
	$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
1180
# Listen only on LAN side
1177
# Listen only on LAN side
1181
	$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
1178
	$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
1182
# DG send its flow to HAVP
1179
# DG send its flow to HAVP
1183
	$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf
1180
	$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf
1184
# replace the default deny HTML page
1181
# replace the default deny HTML page
1185
	cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
1182
	cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
1186
	cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
1183
	cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
1187
# Don't log
1184
# Don't log
1188
	$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/dansguardian.conf
1185
	$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/dansguardian.conf
1189
# Run 10 daemons (20 in largest server)
1186
# Run 10 daemons (20 in largest server)
1190
	$SED "s?^minchildren =.*?minchildren = 10?g" $DIR_DG/dansguardian.conf
1187
	$SED "s?^minchildren =.*?minchildren = 10?g" $DIR_DG/dansguardian.conf
1191
# on désactive par défaut le controle de contenu des pages html
1188
# on désactive par défaut le controle de contenu des pages html
1192
	$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf
1189
	$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf
1193
	cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
1190
	cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
1194
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
1191
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
1195
# on désactive par défaut le contrôle d'URL par expressions régulières
1192
# on désactive par défaut le contrôle d'URL par expressions régulières
1196
	cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
1193
	cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
1197
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
1194
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
1198
# on désactive par défaut le contrôle de téléchargement de fichiers
1195
# on désactive par défaut le contrôle de téléchargement de fichiers
1199
	[ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
1196
	[ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
1200
	$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
1197
	$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
1201
	[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
1198
	[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
1202
	[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
1199
	[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
1203
	touch $DIR_DG/lists/bannedextensionlist
1200
	touch $DIR_DG/lists/bannedextensionlist
1204
	touch $DIR_DG/lists/bannedmimetypelist
1201
	touch $DIR_DG/lists/bannedmimetypelist
1205
# 'Safesearch' regex actualisation
1202
# 'Safesearch' regex actualisation
1206
	$SED "s?images?search?g" $DIR_DG/lists/urlregexplist
1203
	$SED "s?images?search?g" $DIR_DG/lists/urlregexplist
1207
# empty LAN IP list that won't be WEB filtered
1204
# empty LAN IP list that won't be WEB filtered
1208
	[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
1205
	[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
1209
	touch $DIR_DG/lists/exceptioniplist
1206
	touch $DIR_DG/lists/exceptioniplist
1210
# Keep a copy of URL & domain filter configuration files
1207
# Keep a copy of URL & domain filter configuration files
1211
	[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
1208
	[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
1212
	[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
1209
	[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
1213
} # End of dansguardian ()
1210
} # End of dansguardian ()
1214
 
1211
 
1215
##################################################################
1212
##################################################################
1216
##			Fonction "antivirus"			##
1213
##			Fonction "antivirus"			##
1217
## - configuration of havp, libclamav and freshclam		##
1214
## - configuration of havp, libclamav and freshclam		##
1218
##################################################################
1215
##################################################################
1219
antivirus ()		
1216
antivirus ()		
1220
{
1217
{
1221
# create 'havp' user
1218
# create 'havp' user
1222
	havp_exist=`grep havp /etc/passwd|wc -l`
1219
	havp_exist=`grep havp /etc/passwd|wc -l`
1223
	if [ "$havp_exist" == "1" ]
1220
	if [ "$havp_exist" == "1" ]
1224
	then
1221
	then
1225
	      userdel -r havp 2>/dev/null
1222
	      userdel -r havp 2>/dev/null
1226
	      groupdel havp 2>/dev/null
1223
	      groupdel havp 2>/dev/null
1227
	fi
1224
	fi
1228
	groupadd -f havp
1225
	groupadd -f havp
1229
	useradd -r -g havp -s /bin/false -c "system user for havp" havp
1226
	useradd -r -g havp -s /bin/false -c "system user for havp" havp
1230
	mkdir -p /var/tmp/havp /var/log/havp /var/run/havp
1227
	mkdir -p /var/tmp/havp /var/log/havp /var/run/havp
1231
	mkdir -p /var/tmp/havp2 /var/log/havp2
1228
	mkdir -p /var/tmp/havp2 /var/log/havp2
1232
	chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
1229
	chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
1233
	chown -R havp /var/tmp/havp2 /var/log/havp2
1230
	chown -R havp /var/tmp/havp2 /var/log/havp2
1234
	[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
1231
	[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
1235
	$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
1232
	$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
1236
	$SED "s?^# PIDFILE.*?PIDFILE /var/run/havp/havp.pid?g" /etc/havp/havp.config	# pidfile			
1233
	$SED "s?^# PIDFILE.*?PIDFILE /var/run/havp/havp.pid?g" /etc/havp/havp.config	# pidfile			
1237
	$SED "s?^# TRANSPARENT.*?TRANSPARENT false?g" /etc/havp/havp.config		# transparent mode			
1234
	$SED "s?^# TRANSPARENT.*?TRANSPARENT false?g" /etc/havp/havp.config		# transparent mode			
1238
	$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config				# datas come on 8090			
1235
	$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config				# datas come on 8090			
1239
	$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config	# we listen only on loopback
1236
	$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config	# we listen only on loopback
1240
	$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config	# Log format
1237
	$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config	# Log format
1241
	$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config		# active libclamav AV
1238
	$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config		# active libclamav AV
1242
	$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config			# log only when malware matches
1239
	$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config			# log only when malware matches
1243
	$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config		# 10 daemons are started simultaneously
1240
	$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config		# 10 daemons are started simultaneously
1244
	$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config		# doesn't scan image files
1241
	$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config		# doesn't scan image files
1245
	$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
1242
	$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
1246
	cp /etc/havp/havp.config /etc/havp/havp2.config
1243
	cp /etc/havp/havp.config /etc/havp/havp2.config
1247
	$SED "s?^PIDFILE.*?PIDFILE /var/run/havp/havp2.pid?g" /etc/havp/havp2.config	# pidfile
1244
	$SED "s?^PIDFILE.*?PIDFILE /var/run/havp/havp2.pid?g" /etc/havp/havp2.config	# pidfile
1248
	$SED "s?^TRANSPARENT.*?TRANSPARENT true?g" /etc/havp/havp2.config		# transparent mode
1245
	$SED "s?^TRANSPARENT.*?TRANSPARENT true?g" /etc/havp/havp2.config		# transparent mode
1249
	$SED "s?^PORT.*?PORT 8091?g" /etc/havp/havp2.config				# datas come on 8091
1246
	$SED "s?^PORT.*?PORT 8091?g" /etc/havp/havp2.config				# datas come on 8091
1250
	$SED "s?^BIND_ADDRESS.*?BIND_ADDRESS 192.168.182.1?g" /etc/havp/havp2.config	# we listen only on tun0
1247
	$SED "s?^BIND_ADDRESS.*?BIND_ADDRESS 192.168.182.1?g" /etc/havp/havp2.config	# we listen only on tun0
1251
# skip checking of youtube flow (too heavy load / risk too low)
1248
# skip checking of youtube flow (too heavy load / risk too low)
1252
	[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
1249
	[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
1253
	echo "# Whitelist youtube flow" >> /etc/havp/whitelist
1250
	echo "# Whitelist youtube flow" >> /etc/havp/whitelist
1254
	echo "*.youtube.com/*" >> /etc/havp/whitelist
1251
	echo "*.youtube.com/*" >> /etc/havp/whitelist
1255
# replacement of init script
1252
# replacement of init script
1256
	[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
1253
	[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
1257
	cp -f $DIR_CONF/havp-init /etc/init.d/havp
1254
	cp -f $DIR_CONF/havp-init /etc/init.d/havp
1258
	cp /etc/init.d/havp /etc/init.d/havp2
1255
	cp /etc/init.d/havp /etc/init.d/havp2
1259
	$SED "s?^# description.*?# description: starts HAVP2 the High Availability Antivirus Proxy?g" /etc/init.d/havp2		# description
1256
	$SED "s?^# description.*?# description: starts HAVP2 the High Availability Antivirus Proxy?g" /etc/init.d/havp2		# description
1260
	$SED "s?^HAVP_CONFIG.*?HAVP_CONFIG=/etc/havp/havp2.config?g" /etc/init.d/havp2						# config file
1257
	$SED "s?^HAVP_CONFIG.*?HAVP_CONFIG=/etc/havp/havp2.config?g" /etc/init.d/havp2						# config file
1261
	$SED "s?^PIDFILE.*?PIDFILE=/var/run/havp/havp2.pid?g" /etc/init.d/havp2							# pidfile
1258
	$SED "s?^PIDFILE.*?PIDFILE=/var/run/havp/havp2.pid?g" /etc/init.d/havp2							# pidfile
1262
	$SED "s?^NAME.*?NAME=havp2?g" /etc/init.d/havp2										# name
1259
	$SED "s?^NAME.*?NAME=havp2?g" /etc/init.d/havp2										# name
1263
	$SED "s?^DESC.*?DESC=havp2?g" /etc/init.d/havp2										# desc
1260
	$SED "s?^DESC.*?DESC=havp2?g" /etc/init.d/havp2										# desc
1264
	#$SED "s?if [ -f /etc/sysconfig/havp ] ; then.*?if [ -f /etc/sysconfig/havp2 ] ; then?g" /etc/init.d/havp2		# defaults
1261
	#$SED "s?if [ -f /etc/sysconfig/havp ] ; then.*?if [ -f /etc/sysconfig/havp2 ] ; then?g" /etc/init.d/havp2		# defaults
1265
	#$SED "s?. /etc/sysconfig/havp.*?. /etc/sysconfig/havp2?g" /etc/init.d/havp2						# defaults
1262
	#$SED "s?. /etc/sysconfig/havp.*?. /etc/sysconfig/havp2?g" /etc/init.d/havp2						# defaults
1266
	$SED "s?^havp_mountpoint.*?havp_mountpoint=/var/tmp/havp2?g" /etc/init.d/havp2						# mountpoint
1263
	$SED "s?^havp_mountpoint.*?havp_mountpoint=/var/tmp/havp2?g" /etc/init.d/havp2						# mountpoint
1267
	$SED "s?echo \"Reloading HAVP ...\".*?echo \"Reloading HAVP2 ...\"?g" /etc/init.d/havp2					# reloading havp
1264
	$SED "s?echo \"Reloading HAVP ...\".*?echo \"Reloading HAVP2 ...\"?g" /etc/init.d/havp2					# reloading havp
1268
	$SED "s?echo \"Error: HAVP not running\".*?echo \"Error : HAVP2 not running\"?g" /etc/init.d/havp2			# error havp
1265
	$SED "s?echo \"Error: HAVP not running\".*?echo \"Error : HAVP2 not running\"?g" /etc/init.d/havp2			# error havp
1269
	$SED "s?echo \"Error: HAVP not running or PIDFILE not readable\".*?echo \"Error : HAVP2 not running or PIDFILE not readable\"?g" /etc/init.d/havp2 # error havp
1266
	$SED "s?echo \"Error: HAVP not running or PIDFILE not readable\".*?echo \"Error : HAVP2 not running or PIDFILE not readable\"?g" /etc/init.d/havp2 # error havp
1270
	$SED "s?echo \"Error: HAVP not running or PIDFILE unreadable\".*?echo \"Error : HAVP2 not running or PIDFILE unreadable\"?g" /etc/init.d/havp2 # error havp
1267
	$SED "s?echo \"Error: HAVP not running or PIDFILE unreadable\".*?echo \"Error : HAVP2 not running or PIDFILE unreadable\"?g" /etc/init.d/havp2 # error havp
1271
	$SED "s?echo \"Shutting down HAVP ...\".*?echo \"Shutting down HAVP2 ...\"?g" /etc/init.d/havp2 			# shutting down havp
1268
	$SED "s?echo \"Shutting down HAVP ...\".*?echo \"Shutting down HAVP2 ...\"?g" /etc/init.d/havp2 			# shutting down havp
1272
	$SED "s?status havp.*?status havp2?g" /etc/init.d/havp2 								# status havp
1269
	$SED "s?status havp.*?status havp2?g" /etc/init.d/havp2 								# status havp
1273
# replace of the intercept page (template)
1270
# replace of the intercept page (template)
1274
	cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
1271
	cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
1275
	cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
1272
	cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
1276
# update virus database every 4 hours (24h/6)
1273
# update virus database every 4 hours (24h/6)
1277
	[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
1274
	[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
1278
	$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
1275
	$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
1279
	$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
1276
	$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
1280
	$SED "/^DatabaseMirror/i DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
1277
	$SED "/^DatabaseMirror/i DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
1281
	$SED "/^DatabaseMirror db.fr.clamav.net/i DatabaseMirror switch.clamav.net" /etc/freshclam.conf
1278
	$SED "/^DatabaseMirror db.fr.clamav.net/i DatabaseMirror switch.clamav.net" /etc/freshclam.conf
1282
	$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
1279
	$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
1283
# update now
1280
# update now
1284
	/usr/bin/freshclam --no-warnings
1281
	/usr/bin/freshclam --no-warnings
1285
} # End of antivirus ()
1282
} # End of antivirus ()
1286
 
1283
 
1287
##################################################################################
1284
##################################################################################
1288
##			function "ulogd"					##
1285
##			function "ulogd"					##
1289
## - Ulog config for multi-log files 						##
1286
## - Ulog config for multi-log files 						##
1290
##################################################################################
1287
##################################################################################
1291
ulogd ()
1288
ulogd ()
1292
{
1289
{
1293
# Three instances of ulogd (three different logfiles)
1290
# Three instances of ulogd (three different logfiles)
1294
	[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
1291
	[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
1295
	nl=1
1292
	nl=1
1296
	for log_type in traceability ssh ext-access
1293
	for log_type in traceability ssh ext-access
1297
	do
1294
	do
1298
		[ -e /lib/systemd/system/ulogd-$log_type.service ] || cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-$log_type.service
1295
		[ -e /lib/systemd/system/ulogd-$log_type.service ] || cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-$log_type.service
1299
		[ -e /var/log/firewall/$log_type.log ] || echo "" > /var/log/firewall/$log_type.log
1296
		[ -e /var/log/firewall/$log_type.log ] || echo "" > /var/log/firewall/$log_type.log
1300
		cp -f $DIR_CONF/ulogd-sample.conf /etc/ulogd-$log_type.conf
1297
		cp -f $DIR_CONF/ulogd-sample.conf /etc/ulogd-$log_type.conf
1301
		$SED "s?^nlgroup=.*?nlgroup=$nl?g" /etc/ulogd-$log_type.conf 
1298
		$SED "s?^nlgroup=.*?nlgroup=$nl?g" /etc/ulogd-$log_type.conf 
1302
		cat << EOF >> /etc/ulogd-$log_type.conf
1299
		cat << EOF >> /etc/ulogd-$log_type.conf
1303
[emu1]
1300
[emu1]
1304
file="/var/log/firewall/$log_type.log"
1301
file="/var/log/firewall/$log_type.log"
1305
sync=1
1302
sync=1
1306
EOF
1303
EOF
1307
		$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -u ulogd -c /etc/ulogd-$log_type.conf $ULOGD_OPTIONS?g" /lib/systemd/system/ulogd-$log_type.service
1304
		$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -u ulogd -c /etc/ulogd-$log_type.conf $ULOGD_OPTIONS?g" /lib/systemd/system/ulogd-$log_type.service
1308
		nl=`expr $nl + 1`
1305
		nl=`expr $nl + 1`
1309
	done
1306
	done
1310
	chown -R root:apache /var/log/firewall
1307
	chown -R root:apache /var/log/firewall
1311
	chmod 750 /var/log/firewall
1308
	chmod 750 /var/log/firewall
1312
	chmod 640 /var/log/firewall/*
1309
	chmod 640 /var/log/firewall/*
1313
}  # End of ulogd ()
1310
}  # End of ulogd ()
1314
 
1311
 
1315
 
1312
 
1316
##########################################################
1313
##########################################################
1317
##              Function "nfsen"			##
1314
##              Function "nfsen"			##
1318
##########################################################
1315
##########################################################
1319
nfsen()
1316
nfsen()
1320
{
1317
{
1321
	tar xzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
1318
	tar xzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
1322
# Add PortTracker plugin
1319
# Add PortTracker plugin
1323
	for i in /var/www/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
1320
	for i in /var/www/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
1324
	do
1321
	do
1325
	[ ! -d $i ] && mkdir $i && chown -R apache:apache $i && echo "$i created" || echo "$i already exists"
1322
	[ ! -d $i ] && mkdir $i && chown -R apache:apache $i && echo "$i created" || echo "$i already exists"
1326
	done
1323
	done
1327
	cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
1324
	cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
1328
# use of our conf file and init unit
1325
# use of our conf file and init unit
1329
	cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
1326
	cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
1330
# Installation of nfsen
1327
# Installation of nfsen
1331
	DirTmp=$(pwd)
1328
	DirTmp=$(pwd)
1332
	cd /tmp/nfsen-1.3.6p1/
1329
	cd /tmp/nfsen-1.3.6p1/
1333
	/usr/bin/perl5 install.pl etc/nfsen.conf
1330
	/usr/bin/perl5 install.pl etc/nfsen.conf
1334
	/usr/bin/perl5 install.pl etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable"
1331
	/usr/bin/perl5 install.pl etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable"
1335
# Create RRD DB for porttracker (only in it still doesn't exist)
1332
# Create RRD DB for porttracker (only in it still doesn't exist)
1336
	cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
1333
	cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
1337
	cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
1334
	cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
1338
	if [ "$(ls -A "/var/log/netflow/porttracker" 2>&1)" = "" ]; then sudo -u apache nftrack -I -d /var/log/netflow/porttracker; else echo "RRD DB already exists"; fi
1335
	if [ "$(ls -A "/var/log/netflow/porttracker" 2>&1)" = "" ]; then sudo -u apache nftrack -I -d /var/log/netflow/porttracker; else echo "RRD DB already exists"; fi
1339
	chmod -R 770 /var/log/netflow/porttracker
1336
	chmod -R 770 /var/log/netflow/porttracker
1340
# Apache conf file
1337
# Apache conf file
1341
	cat << EOF > /etc/httpd/conf/conf.d/nfsen.conf
1338
	cat << EOF > /etc/httpd/conf/conf.d/nfsen.conf
1342
Alias /nfsen /var/www/nfsen 
1339
Alias /nfsen /var/www/nfsen 
1343
<Directory /var/www/nfsen/> 
1340
<Directory /var/www/nfsen/> 
1344
DirectoryIndex nfsen.php 
1341
DirectoryIndex nfsen.php 
1345
Options -Indexes 
1342
Options -Indexes 
1346
AllowOverride all 
1343
AllowOverride all 
1347
order allow,deny 
1344
order allow,deny 
1348
allow from all 
1345
allow from all 
1349
AddType application/x-httpd-php .php 
1346
AddType application/x-httpd-php .php 
1350
php_flag magic_quotes_gpc on 
1347
php_flag magic_quotes_gpc on 
1351
php_flag track_vars on 
1348
php_flag track_vars on 
1352
</Directory>
1349
</Directory>
1353
EOF
1350
EOF
1354
# nfsen unit for systemd
1351
# nfsen unit for systemd
1355
cat << EOF > /lib/systemd/system/nfsen.service
1352
cat << EOF > /lib/systemd/system/nfsen.service
1356
#  This file is part of systemd.
1353
#  This file is part of systemd.
1357
#
1354
#
1358
#  systemd is free software; you can redistribute it and/or modify it
1355
#  systemd is free software; you can redistribute it and/or modify it
1359
#  under the terms of the GNU General Public License as published by
1356
#  under the terms of the GNU General Public License as published by
1360
#  the Free Software Foundation; either version 2 of the License, or
1357
#  the Free Software Foundation; either version 2 of the License, or
1361
#  (at your option) any later version.
1358
#  (at your option) any later version.
1362
 
1359
 
1363
# This unit launches nfsen (a Netflow grapher).
1360
# This unit launches nfsen (a Netflow grapher).
1364
[Unit]
1361
[Unit]
1365
Description= NfSen init script
1362
Description= NfSen init script
1366
After=network.target iptables.service
1363
After=network.target iptables.service
1367
 
1364
 
1368
[Service]
1365
[Service]
1369
Type=oneshot
1366
Type=oneshot
1370
RemainAfterExit=yes
1367
RemainAfterExit=yes
1371
PIDFile=/var/run/nfsen/nfsen.pid
1368
PIDFile=/var/run/nfsen/nfsen.pid
1372
ExecStartPre=/bin/mkdir -p /var/run/nfsen
1369
ExecStartPre=/bin/mkdir -p /var/run/nfsen
1373
ExecStartPre=/bin/chown apache:apache /var/run/nfsen
1370
ExecStartPre=/bin/chown apache:apache /var/run/nfsen
1374
ExecStart=/usr/bin/nfsen start 
1371
ExecStart=/usr/bin/nfsen start 
1375
ExecStop=/usr/bin/nfsen stop
1372
ExecStop=/usr/bin/nfsen stop
1376
ExecReload=/usr/bin/nfsen restart
1373
ExecReload=/usr/bin/nfsen restart
1377
TimeoutSec=0
1374
TimeoutSec=0
1378
 
1375
 
1379
[Install]
1376
[Install]
1380
WantedBy=multi-user.target
1377
WantedBy=multi-user.target
1381
EOF
1378
EOF
1382
# Add the listen port to collect netflow packet (nfcapd)
1379
# Add the listen port to collect netflow packet (nfcapd)
1383
$SED "s?'\$ziparg $extensions.*?\$ziparg $extensions -b 127.0.0.1;'?g" /usr/libexec/NfSenRC.pm 
1380
$SED "s?'\$ziparg $extensions.*?\$ziparg $extensions -b 127.0.0.1;'?g" /usr/libexec/NfSenRC.pm 
1384
# expire delay for the profile "live"
1381
# expire delay for the profile "live"
1385
	systemctl start nfsen
1382
	systemctl start nfsen
1386
	/bin/nfsen -m live -e 62d 2>/dev/null
1383
	/bin/nfsen -m live -e 62d 2>/dev/null
1387
# add SURFmap plugin
1384
# add SURFmap plugin
1388
	tar xzf $DIR_CONF/nfsen/SURFmap_v3.3b1.tar.gz -C /tmp/
1385
	tar xzf $DIR_CONF/nfsen/SURFmap_v3.3b1.tar.gz -C /tmp/
1389
	cp $DIR_CONF/nfsen/install-surfmap.sh /tmp/SURFmap/install.sh
1386
	cp $DIR_CONF/nfsen/install-surfmap.sh /tmp/SURFmap/install.sh
1390
	cd /tmp/SURFmap
1387
	cd /tmp/SURFmap
1391
	/usr/bin/sh install.sh
1388
	/usr/bin/sh install.sh
1392
 
1389
 
1393
# clear the installation
1390
# clear the installation
1394
	cd $DirTmp
1391
	cd $DirTmp
1395
	rm -rf /tmp/nfsen-1.3.6p1/
1392
	rm -rf /tmp/nfsen-1.3.6p1/
1396
	rm -rf /tmp/SURFmap/
1393
	rm -rf /tmp/SURFmap/
1397
} # End of nfsen ()
1394
} # End of nfsen ()
1398
 
1395
 
1399
##################################################
1396
##################################################
1400
##		Function "dnsmasq"		##
1397
##		Function "dnsmasq"		##
1401
##################################################
1398
##################################################
1402
dnsmasq ()
1399
dnsmasq ()
1403
{
1400
{
1404
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
1401
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
1405
	[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
1402
	[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
1406
	$SED "s?^OPTION=.*?OPTION=-C /etc/dnsmasq.conf?g" /etc/sysconfig/dnsmasq # default conf file for the first dnsmasq instance
1403
	$SED "s?^OPTION=.*?OPTION=-C /etc/dnsmasq.conf?g" /etc/sysconfig/dnsmasq # default conf file for the first dnsmasq instance
1407
	[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
1404
	[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
1408
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if bypass is on.
1405
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if bypass is on.
1409
	cat << EOF > /etc/dnsmasq.conf 
1406
	cat << EOF > /etc/dnsmasq.conf 
1410
# Configuration file for "dnsmasq in forward mode"
1407
# Configuration file for "dnsmasq in forward mode"
1411
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1408
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1412
listen-address=$PRIVATE_IP
1409
listen-address=$PRIVATE_IP
1413
pid-file=/var/run/dnsmasq.pid
1410
pid-file=/var/run/dnsmasq.pid
1414
listen-address=127.0.0.1
1411
listen-address=127.0.0.1
1415
no-dhcp-interface=$INTIF
1412
no-dhcp-interface=$INTIF
1416
no-dhcp-interface=tun0
1413
no-dhcp-interface=tun0
1417
no-dhcp-interface=lo
1414
no-dhcp-interface=lo
1418
bind-interfaces
1415
bind-interfaces
1419
cache-size=256
1416
cache-size=256
1420
domain=$DOMAIN
1417
domain=$DOMAIN
1421
domain-needed
1418
domain-needed
1422
expand-hosts
1419
expand-hosts
1423
bogus-priv
1420
bogus-priv
1424
filterwin2k
1421
filterwin2k
1425
server=$DNS1
1422
server=$DNS1
1426
server=$DNS2
1423
server=$DNS2
1427
# DHCP service is configured. It will be enabled in "bypass" mode
1424
# DHCP service is configured. It will be enabled in "bypass" mode
1428
dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
1425
dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
1429
dhcp-option=option:router,$PRIVATE_IP
1426
dhcp-option=option:router,$PRIVATE_IP
1430
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
1427
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
1431
 
1428
 
1432
# Exemple of static dhcp assignation : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
1429
# Exemple of static dhcp assignation : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
1433
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
1430
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
1434
EOF
1431
EOF
1435
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
1432
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
1436
	cat << EOF > /etc/dnsmasq-blacklist.conf 
1433
	cat << EOF > /etc/dnsmasq-blacklist.conf 
1437
# Configuration file for "dnsmasq with blacklist"
1434
# Configuration file for "dnsmasq with blacklist"
1438
# Add Toulouse blacklist domains
1435
# Add Toulouse blacklist domains
1439
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
1436
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
1440
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1437
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1441
pid-file=/var/run/dnsmasq-blacklist.pid
1438
pid-file=/var/run/dnsmasq-blacklist.pid
1442
listen-address=$PRIVATE_IP
1439
listen-address=$PRIVATE_IP
1443
port=54
1440
port=54
1444
no-dhcp-interface=$INTIF
1441
no-dhcp-interface=$INTIF
1445
no-dhcp-interface=tun0
1442
no-dhcp-interface=tun0
1446
bind-interfaces
1443
bind-interfaces
1447
cache-size=256
1444
cache-size=256
1448
domain=$DOMAIN
1445
domain=$DOMAIN
1449
domain-needed
1446
domain-needed
1450
expand-hosts
1447
expand-hosts
1451
bogus-priv
1448
bogus-priv
1452
filterwin2k
1449
filterwin2k
1453
server=$DNS1
1450
server=$DNS1
1454
server=$DNS2
1451
server=$DNS2
1455
EOF
1452
EOF
1456
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
1453
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
1457
	cat << EOF > /etc/dnsmasq-whitelist.conf 
1454
	cat << EOF > /etc/dnsmasq-whitelist.conf 
1458
# Configuration file for "dnsmasq with whitelist"
1455
# Configuration file for "dnsmasq with whitelist"
1459
# Inclusion de la whitelist <domains> de Toulouse dans la configuration
1456
# Inclusion de la whitelist <domains> de Toulouse dans la configuration
1460
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
1457
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
1461
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux
1458
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux
1462
listen-address=$PRIVATE_IP
1459
listen-address=$PRIVATE_IP
1463
pid-file=/var/run/dnsmasq-whitelist.pid
1460
pid-file=/var/run/dnsmasq-whitelist.pid
1464
port=55
1461
port=55
1465
no-dhcp-interface=$INTIF
1462
no-dhcp-interface=$INTIF
1466
no-dhcp-interface=tun0
1463
no-dhcp-interface=tun0
1467
bind-interfaces
1464
bind-interfaces
1468
cache-size=256
1465
cache-size=256
1469
domain=$DOMAIN
1466
domain=$DOMAIN
1470
domain-needed
1467
domain-needed
1471
expand-hosts
1468
expand-hosts
1472
bogus-priv
1469
bogus-priv
1473
filterwin2k
1470
filterwin2k
1474
address=/#/$PRIVATE_IP
1471
address=/#/$PRIVATE_IP
1475
ipset=/#/whitelist_ip_allowed
1472
ipset=/#/whitelist_ip_allowed
1476
EOF
1473
EOF
1477
# Start after chilli (which create tun0)
1474
# Start after chilli (which create tun0)
1478
	$SED "s?^After=.*?After=syslog.target network.target chilli.service?g" /lib/systemd/system/dnsmasq.service
1475
	$SED "s?^After=.*?After=syslog.target network.target chilli.service?g" /lib/systemd/system/dnsmasq.service
1479
# Create dnsmasq-blacklist and dnsmasq-whitelist unit
1476
# Create dnsmasq-blacklist and dnsmasq-whitelist unit
1480
	cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service
1477
	cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service
1481
	cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-whitelist.service
1478
	cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-whitelist.service
1482
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service
1479
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service
1483
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
1480
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
1484
	$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-blacklist.pid?g" /lib/systemd/system/dnsmasq-blacklist.service
1481
	$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-blacklist.pid?g" /lib/systemd/system/dnsmasq-blacklist.service
1485
	$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service
1482
	$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service
1486
} # End dnsmasq
1483
} # End dnsmasq
1487
 
1484
 
1488
##########################################################
1485
##########################################################
1489
##		Fonction "BL"				##
1486
##		Fonction "BL"				##
1490
##########################################################
1487
##########################################################
1491
BL ()
1488
BL ()
1492
{
1489
{
1493
# modify iptables boot file to start alcasar-iptables.sh when the system is booting
1490
# modify iptables boot file to start alcasar-iptables.sh when the system is booting
1494
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default
1491
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default
1495
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
1492
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
1496
# copy and extract toulouse BL
1493
# copy and extract toulouse BL
1497
	rm -rf $DIR_DG/lists/blacklists
1494
	rm -rf $DIR_DG/lists/blacklists
1498
	tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
1495
	tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
1499
# creation of the OSSI BL and WL categories (domain name and url)
1496
# creation of the OSSI BL and WL categories (domain name and url)
1500
	mkdir $DIR_DG/lists/blacklists/ossi
1497
	mkdir $DIR_DG/lists/blacklists/ossi
1501
	touch $DIR_DG/lists/blacklists/ossi/domains $DIR_DG/lists/blacklists/ossi/domains_wl
1498
	touch $DIR_DG/lists/blacklists/ossi/domains $DIR_DG/lists/blacklists/ossi/domains_wl
1502
	touch $DIR_DG/lists/blacklists/ossi/urls $DIR_DG/lists/blacklists/ossi/urls_wl
1499
	touch $DIR_DG/lists/blacklists/ossi/urls $DIR_DG/lists/blacklists/ossi/urls_wl
1503
	chown -R dansguardian:apache $DIR_DG $DIR_DEST_SHARE
1500
	chown -R dansguardian:apache $DIR_DG $DIR_DEST_SHARE
1504
	chmod -R g+rw $DIR_DG $DIR_DEST_SHARE
1501
	chmod -R g+rw $DIR_DG $DIR_DEST_SHARE
1505
# creation of file for the rehabilited domains and urls
1502
# creation of file for the rehabilited domains and urls
1506
	[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
1503
	[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
1507
	[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
1504
	[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
1508
	touch $DIR_DG/lists/exceptionsitelist
1505
	touch $DIR_DG/lists/exceptionsitelist
1509
	touch $DIR_DG/lists/exceptionurllist
1506
	touch $DIR_DG/lists/exceptionurllist
1510
# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian
1507
# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian
1511
	cat <<EOF > $DIR_DG/lists/bannedurllist
1508
	cat <<EOF > $DIR_DG/lists/bannedurllist
1512
# Dansguardian filter config for ALCASAR
1509
# Dansguardian filter config for ALCASAR
1513
EOF
1510
EOF
1514
	cat <<EOF > $DIR_DG/lists/bannedsitelist
1511
	cat <<EOF > $DIR_DG/lists/bannedsitelist
1515
# Dansguardian domain filter config for ALCASAR
1512
# Dansguardian domain filter config for ALCASAR
1516
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
1513
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
1517
#**
1514
#**
1518
# block all SSL and CONNECT tunnels
1515
# block all SSL and CONNECT tunnels
1519
**s
1516
**s
1520
# block all SSL and CONNECT tunnels specified only as an IP
1517
# block all SSL and CONNECT tunnels specified only as an IP
1521
*ips
1518
*ips
1522
# block all sites specified only by an IP
1519
# block all sites specified only by an IP
1523
*ip
1520
*ip
1524
EOF
1521
EOF
1525
# Add Bing and Youtube to the safesearch url regext list (parental control)
1522
# Add Bing and Youtube to the safesearch url regext list (parental control)
1526
	cat <<EOF >> $DIR_DG/lists/urlregexplist
1523
	cat <<EOF >> $DIR_DG/lists/urlregexplist
1527
# Bing - add 'adlt=strict'
1524
# Bing - add 'adlt=strict'
1528
#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
1525
#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
1529
# Youtube - add 'edufilter=your_ID' 
1526
# Youtube - add 'edufilter=your_ID' 
1530
#"(^http://[0-9a-z]+\.youtube\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&edufilter=ABCD1234567890abcdef"
1527
#"(^http://[0-9a-z]+\.youtube\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&edufilter=ABCD1234567890abcdef"
1531
EOF
1528
EOF
1532
# change the the google safesearch ("safe=strict" instead of "safe=vss")
1529
# change the the google safesearch ("safe=strict" instead of "safe=vss")
1533
	$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
1530
	$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
1534
# adapt the BL to ALCASAR architecture. Enable the default categories
1531
# adapt the BL to ALCASAR architecture. Enable the default categories
1535
	if [ "$mode" != "update" ]; then
1532
	if [ "$mode" != "update" ]; then
1536
		$DIR_DEST_SBIN/alcasar-bl.sh --adapt
1533
		$DIR_DEST_SBIN/alcasar-bl.sh --adapt
1537
		$DIR_DEST_SBIN/alcasar-bl.sh --cat_choice
1534
		$DIR_DEST_SBIN/alcasar-bl.sh --cat_choice
1538
# !!! we can be banned by DNS server (waiting for a cool solution	$DIR_DEST_SBIN/alcasar-bl.sh --ip_retrieving
1535
# !!! we can be banned by DNS server (waiting for a cool solution	$DIR_DEST_SBIN/alcasar-bl.sh --ip_retrieving
1539
	fi
1536
	fi
1540
}
1537
}
1541
 
1538
 
1542
##########################################################
1539
##########################################################
1543
##		Fonction "cron"				##
1540
##		Fonction "cron"				##
1544
## - Mise en place des différents fichiers de cron	##
1541
## - Mise en place des différents fichiers de cron	##
1545
##########################################################
1542
##########################################################
1546
cron ()
1543
cron ()
1547
{
1544
{
1548
# Modif du fichier 'crontab' pour passer les cron à minuit au lieu de 04h00
1545
# Modif du fichier 'crontab' pour passer les cron à minuit au lieu de 04h00
1549
	[ -e /etc/crontab.default ] || cp /etc/crontab /etc/crontab.default
1546
	[ -e /etc/crontab.default ] || cp /etc/crontab /etc/crontab.default
1550
	cat <<EOF > /etc/crontab
1547
	cat <<EOF > /etc/crontab
1551
SHELL=/bin/bash
1548
SHELL=/bin/bash
1552
PATH=/sbin:/bin:/usr/sbin:/usr/bin
1549
PATH=/sbin:/bin:/usr/sbin:/usr/bin
1553
MAILTO=root
1550
MAILTO=root
1554
HOME=/
1551
HOME=/
1555
 
1552
 
1556
# run-parts
1553
# run-parts
1557
01 * * * * root nice -n 19 run-parts --report /etc/cron.hourly
1554
01 * * * * root nice -n 19 run-parts --report /etc/cron.hourly
1558
02 0 * * * root nice -n 19 run-parts --report /etc/cron.daily
1555
02 0 * * * root nice -n 19 run-parts --report /etc/cron.daily
1559
22 0 * * 0 root nice -n 19 run-parts --report /etc/cron.weekly
1556
22 0 * * 0 root nice -n 19 run-parts --report /etc/cron.weekly
1560
42 0 1 * * root nice -n 19 run-parts --report /etc/cron.monthly
1557
42 0 1 * * root nice -n 19 run-parts --report /etc/cron.monthly
1561
EOF
1558
EOF
1562
	[ -e /etc/anacrontab.default ] || cp /etc/anacrontab /etc/anacrontab.default
1559
	[ -e /etc/anacrontab.default ] || cp /etc/anacrontab /etc/anacrontab.default
1563
	cat <<EOF >> /etc/anacrontab
1560
	cat <<EOF >> /etc/anacrontab
1564
7       8       cron.MysqlDump          nice /etc/cron.d/alcasar-mysql
1561
7       8       cron.MysqlDump          nice /etc/cron.d/alcasar-mysql
1565
7       10      cron.logExport          nice /etc/cron.d/alcasar-archive
1562
7       10      cron.logExport          nice /etc/cron.d/alcasar-archive
1566
7	20	cron.importClean	nice /etc/cron.d/alcasar-clean_import
1563
7	20	cron.importClean	nice /etc/cron.d/alcasar-clean_import
1567
EOF
1564
EOF
1568
 
1565
 
1569
	cat <<EOF > /etc/cron.d/alcasar-mysql
1566
	cat <<EOF > /etc/cron.d/alcasar-mysql
1570
# Contrôle, réparation et export de la base des usagers (tous les lundi à 4h45)
1567
# Contrôle, réparation et export de la base des usagers (tous les lundi à 4h45)
1571
45 4 * * 1 root $DIR_DEST_SBIN/alcasar-mysql.sh --dump
1568
45 4 * * 1 root $DIR_DEST_SBIN/alcasar-mysql.sh --dump
1572
# Nettoyage des utilisateurs dont la date d'expiration du compte est supérieure à 7 jours
1569
# Nettoyage des utilisateurs dont la date d'expiration du compte est supérieure à 7 jours
1573
40 4 * * * root /usr/local/sbin/alcasar-mysql.sh --expire_user 2>&1 >/dev/null
1570
40 4 * * * root /usr/local/sbin/alcasar-mysql.sh --expire_user 2>&1 >/dev/null
1574
EOF
1571
EOF
1575
	cat <<EOF > /etc/cron.d/alcasar-archive
1572
	cat <<EOF > /etc/cron.d/alcasar-archive
1576
# Archive des logs et de la base de données (tous les lundi à 5h35)
1573
# Archive des logs et de la base de données (tous les lundi à 5h35)
1577
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
1574
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
1578
EOF
1575
EOF
1579
	cat << EOF > /etc/cron.d/alcasar-clean_import
1576
	cat << EOF > /etc/cron.d/alcasar-clean_import
1580
# suppression des fichiers de mots de passe lors d'imports massifs par fichier de plus de 24h
1577
# suppression des fichiers de mots de passe lors d'imports massifs par fichier de plus de 24h
1581
30 * * * *  root $DIR_DEST_BIN/alcasar-import-clean.sh
1578
30 * * * *  root $DIR_DEST_BIN/alcasar-import-clean.sh
1582
EOF
1579
EOF
1583
	cat << EOF > /etc/cron.d/alcasar-distrib-updates
1580
	cat << EOF > /etc/cron.d/alcasar-distrib-updates
1584
# mise à jour automatique de la distribution tous les jours 3h30
1581
# mise à jour automatique de la distribution tous les jours 3h30
1585
30 3 * * *  root /usr/sbin/urpmi --auto-update --auto 2>&1
1582
30 3 * * *  root /usr/sbin/urpmi --auto-update --auto 2>&1
1586
EOF
1583
EOF
1587
	#cat << EOF > /etc/cron.d/alcasar-netflow
1584
	#cat << EOF > /etc/cron.d/alcasar-netflow
1588
# mise à jour automatique du délais d'expiration des log Nertflow (tous les vendredi à 0h05)
1585
# mise à jour automatique du délais d'expiration des log Nertflow (tous les vendredi à 0h05)
1589
#15 0 * * 1  root $DIR_DEST_BIN/alcasar-netflow.sh
1586
#15 0 * * 1  root $DIR_DEST_BIN/alcasar-netflow.sh
1590
#EOF
1587
#EOF
1591
 
1588
 
1592
# mise à jour des stats de connexion (accounting). Scripts provenant de "dialupadmin" (rpm freeradius-web) (cf. wiki.freeradius.org/Dialup_admin).
1589
# mise à jour des stats de connexion (accounting). Scripts provenant de "dialupadmin" (rpm freeradius-web) (cf. wiki.freeradius.org/Dialup_admin).
1593
# on écrase le crontab d'origine installé par le RPM "freeradius-web" (bug remonté à qa.mandriva.com : 46739).
1590
# on écrase le crontab d'origine installé par le RPM "freeradius-web" (bug remonté à qa.mandriva.com : 46739).
1594
# 'tot_stats' (tout les jours à 01h01) : aggrégat des connexions journalières par usager (renseigne la table 'totacct') 
1591
# 'tot_stats' (tout les jours à 01h01) : aggrégat des connexions journalières par usager (renseigne la table 'totacct') 
1595
# 'monthly_tot_stat' (tous les jours à 01h05) : aggrégat des connexions mensuelles par usager (renseigne la table 'mtotacct')
1592
# 'monthly_tot_stat' (tous les jours à 01h05) : aggrégat des connexions mensuelles par usager (renseigne la table 'mtotacct')
1596
# 'truncate_raddact' (tous les 1er du mois à 01h10) : supprime les entrées journalisées plus vieilles que '$back_days' jours (défini ci-après)
1593
# 'truncate_raddact' (tous les 1er du mois à 01h10) : supprime les entrées journalisées plus vieilles que '$back_days' jours (défini ci-après)
1597
# 'clean_radacct' (tous les 1er du mois à 01h15) : ferme les session ouvertes de plus de '$back_days' jours (défini ci-après)
1594
# 'clean_radacct' (tous les 1er du mois à 01h15) : ferme les session ouvertes de plus de '$back_days' jours (défini ci-après)
1598
	$SED "s?^\$back_days.*?\$back_days = 365;?g" /usr/bin/truncate_radacct
1595
	$SED "s?^\$back_days.*?\$back_days = 365;?g" /usr/bin/truncate_radacct
1599
	$SED "s?^\$back_days.*?\$back_days = 30;?g" /usr/bin/clean_radacct
1596
	$SED "s?^\$back_days.*?\$back_days = 30;?g" /usr/bin/clean_radacct
1600
	rm -f /etc/cron.daily/freeradius-web
1597
	rm -f /etc/cron.daily/freeradius-web
1601
	rm -f /etc/cron.monthly/freeradius-web
1598
	rm -f /etc/cron.monthly/freeradius-web
1602
	cat << EOF > /etc/cron.d/freeradius-web
1599
	cat << EOF > /etc/cron.d/freeradius-web
1603
1 1 * * * root /usr/bin/tot_stats > /dev/null 2>&1
1600
1 1 * * * root /usr/bin/tot_stats > /dev/null 2>&1
1604
5 1 * * * root /usr/bin/monthly_tot_stats > /dev/null 2>&1
1601
5 1 * * * root /usr/bin/monthly_tot_stats > /dev/null 2>&1
1605
10 1 1 * * root /usr/bin/truncate_radacct > /dev/null 2>&1
1602
10 1 1 * * root /usr/bin/truncate_radacct > /dev/null 2>&1
1606
15 1 1 * * root /usr/bin/clean_radacct > /dev/null 2>&1
1603
15 1 1 * * root /usr/bin/clean_radacct > /dev/null 2>&1
1607
EOF
1604
EOF
1608
	cat << EOF > /etc/cron.d/alcasar-watchdog
1605
	cat << EOF > /etc/cron.d/alcasar-watchdog
1609
# activation du "chien de garde" (watchdog) toutes les 3'
1606
# activation du "chien de garde" (watchdog) toutes les 3'
1610
*/3 * * * * root $DIR_DEST_BIN/alcasar-watchdog.sh > /dev/null 2>&1
1607
*/3 * * * * root $DIR_DEST_BIN/alcasar-watchdog.sh > /dev/null 2>&1
1611
EOF
1608
EOF
1612
# activation du "chien de garde des services" (watchdog) toutes les 18'
1609
# activation du "chien de garde des services" (watchdog) toutes les 18'
1613
	cat << EOF > /etc/cron.d/alcasar-daemon-watchdog
1610
	cat << EOF > /etc/cron.d/alcasar-daemon-watchdog
1614
# activation du "chien de garde" (daemon-watchdog) toutes les 18'
1611
# activation du "chien de garde" (daemon-watchdog) toutes les 18'
1615
*/18 * * * * root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
1612
*/18 * * * * root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
1616
EOF
1613
EOF
1617
# suppression des crons usagers
1614
# suppression des crons usagers
1618
	rm -f /var/spool/cron/*
1615
	rm -f /var/spool/cron/*
1619
} # End cron
1616
} # End cron
1620
 
1617
 
1621
##################################################################
1618
##################################################################
1622
## 			Fonction "Fail2Ban"			##
1619
## 			Fonction "Fail2Ban"			##
1623
##- Modification de la configuration de fail2ban		##
1620
##- Modification de la configuration de fail2ban		##
1624
##- Sécurisation DDOS, SSH-Brute-Force, Intercept.php ...	##
1621
##- Sécurisation DDOS, SSH-Brute-Force, Intercept.php ...	##
1625
##################################################################
1622
##################################################################
1626
fail2ban()
1623
fail2ban()
1627
{
1624
{
1628
	$DIR_CONF/fail2ban.sh
1625
	$DIR_CONF/fail2ban.sh
1629
#Autorise la lecture seule 2 des 3 fichiers de log concernés, havp est traité dans le script d'init de havp
1626
#Autorise la lecture seule 2 des 3 fichiers de log concernés, havp est traité dans le script d'init de havp
1630
	[ -e /var/log/fail2ban.log ] || touch /var/log/fail2ban.log
1627
	[ -e /var/log/fail2ban.log ] || touch /var/log/fail2ban.log
1631
	[ -e /var/Save/logs/security/watchdog.log ] || touch /var/Save/logs/security/watchdog.log
1628
	[ -e /var/Save/logs/security/watchdog.log ] || touch /var/Save/logs/security/watchdog.log
1632
	chmod 644 /var/log/fail2ban.log
1629
	chmod 644 /var/log/fail2ban.log
1633
	chmod 644 /var/Save/logs/security/watchdog.log
1630
	chmod 644 /var/Save/logs/security/watchdog.log
1634
	/usr/bin/touch /var/log/auth.log
1631
	/usr/bin/touch /var/log/auth.log
1635
	
1632
	
1636
 
1633
 
1637
# Edition de l'unité fail2ban
1634
# Edition de l'unité fail2ban
1638
[ -e /usr/lib/systemd/system/fail2ban.service ] && cp /usr/lib/systemd/system/fail2ban.service /usr/lib/systemd/system/fail2ban.service.default
1635
[ -e /usr/lib/systemd/system/fail2ban.service ] && cp /usr/lib/systemd/system/fail2ban.service /usr/lib/systemd/system/fail2ban.service.default
1639
$SED '/Type/a\PIDFile=/var/run/fail2ban/fail2ban.pid' /usr/lib/systemd/system/fail2ban.service
1636
$SED '/Type/a\PIDFile=/var/run/fail2ban/fail2ban.pid' /usr/lib/systemd/system/fail2ban.service
1640
$SED '/After=*/c After=syslog.target network.target httpd.service' /usr/lib/systemd/system/fail2ban.service
1637
$SED '/After=*/c After=syslog.target network.target httpd.service' /usr/lib/systemd/system/fail2ban.service
1641
 
1638
 
1642
 
1639
 
1643
} #Fin de fail2ban_install()
1640
} #Fin de fail2ban_install()
1644
 
1641
 
1645
##################################################################
1642
##################################################################
1646
## 			Fonction "gammu_smsd"			##
1643
## 			Fonction "gammu_smsd"			##
1647
## - Creation de la base de donnée Gammu			##
1644
## - Creation de la base de donnée Gammu			##
1648
## - Creation du fichier de config: gammu_smsd_conf		##
1645
## - Creation du fichier de config: gammu_smsd_conf		##
1649
##								##
1646
##								##
1650
##################################################################
1647
##################################################################
1651
gammu_smsd()
1648
gammu_smsd()
1652
{
1649
{
1653
# Create 'gammu' databse
1650
# Create 'gammu' databse
1654
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
1651
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
1655
	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_GAMMU;GRANT ALL ON $DB_GAMMU.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES"
1652
	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_GAMMU;GRANT ALL ON $DB_GAMMU.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES"
1656
# Add a gammu database structure
1653
# Add a gammu database structure
1657
	mysql -u$DB_USER -p$radiuspwd $DB_GAMMU < $DIR_CONF/gammu-smsd-db-vierge.sql
1654
	mysql -u$DB_USER -p$radiuspwd $DB_GAMMU < $DIR_CONF/gammu-smsd-db-vierge.sql
1658
 
1655
 
1659
# config file for the daemon
1656
# config file for the daemon
1660
cat << EOF > /etc/gammu_smsd_conf
1657
cat << EOF > /etc/gammu_smsd_conf
1661
[gammu]
1658
[gammu]
1662
port = /dev/ttyUSB0
1659
port = /dev/ttyUSB0
1663
connection = at115200
1660
connection = at115200
1664
 
1661
 
1665
;########################################################
1662
;########################################################
1666
 
1663
 
1667
[smsd]
1664
[smsd]
1668
 
1665
 
1669
PIN = 1234
1666
PIN = 1234
1670
 
1667
 
1671
logfile = /var/log/gammu-smsd/gammu-smsd.log
1668
logfile = /var/log/gammu-smsd/gammu-smsd.log
1672
logformat = textall
1669
logformat = textall
1673
debuglevel = 0
1670
debuglevel = 0
1674
 
1671
 
1675
service = sql
1672
service = sql
1676
driver = native_mysql
1673
driver = native_mysql
1677
user = $DB_USER
1674
user = $DB_USER
1678
password = $radiuspwd
1675
password = $radiuspwd
1679
pc = localhost
1676
pc = localhost
1680
database = $DB_GAMMU
1677
database = $DB_GAMMU
1681
 
1678
 
1682
RunOnReceive = /usr/local/bin/alcasar-sms.sh --new_sms
1679
RunOnReceive = /usr/local/bin/alcasar-sms.sh --new_sms
1683
 
1680
 
1684
StatusFrequency = 30
1681
StatusFrequency = 30
1685
;LoopSleep = 2
1682
;LoopSleep = 2
1686
 
1683
 
1687
;ResetFrequency = 300
1684
;ResetFrequency = 300
1688
;HardResetFrequency = 120
1685
;HardResetFrequency = 120
1689
 
1686
 
1690
CheckSecurity = 1 
1687
CheckSecurity = 1 
1691
CheckSignal = 1
1688
CheckSignal = 1
1692
CheckBattery = 0
1689
CheckBattery = 0
1693
EOF
1690
EOF
1694
 
1691
 
1695
chmod 755 /etc/gammu_smsd_conf
1692
chmod 755 /etc/gammu_smsd_conf
1696
 
1693
 
1697
#Creation dossier de log Gammu-smsd
1694
#Creation dossier de log Gammu-smsd
1698
[ -e /var/log/gammu-smsd ] || mkdir /var/log/gammu-smsd
1695
[ -e /var/log/gammu-smsd ] || mkdir /var/log/gammu-smsd
1699
chmod 755 /var/log/gammu-smsd
1696
chmod 755 /var/log/gammu-smsd
1700
 
1697
 
1701
#Edition du script sql gammu <-> radius
1698
#Edition du script sql gammu <-> radius
1702
$SED "s/^u_db=\".*/u_db=\"$DB_USER\"/g" $DIR_DEST_BIN/alcasar-sms.sh
1699
$SED "s/^u_db=\".*/u_db=\"$DB_USER\"/g" $DIR_DEST_BIN/alcasar-sms.sh
1703
$SED "s/^p_db=\".*/p_db=\"$radiuspwd\"/g" $DIR_DEST_BIN/alcasar-sms.sh
1700
$SED "s/^p_db=\".*/p_db=\"$radiuspwd\"/g" $DIR_DEST_BIN/alcasar-sms.sh
1704
 
1701
 
1705
#Création de la règle udev pour les Huawei // idVendor: 12d1
1702
#Création de la règle udev pour les Huawei // idVendor: 12d1
1706
cat << EOF > /etc/udev/rules.d/66-huawei.rules
1703
cat << EOF > /etc/udev/rules.d/66-huawei.rules
1707
KERNEL=="ttyUSB0",ATTRS{idVendor}=="12d1",RUN+="/usr/local/bin/alcasar-sms.sh --mode"
1704
KERNEL=="ttyUSB0",ATTRS{idVendor}=="12d1",RUN+="/usr/local/bin/alcasar-sms.sh --mode"
1708
EOF
1705
EOF
1709
 
1706
 
1710
} # END gammu_smsd()
1707
} # END gammu_smsd()
1711
 
1708
 
1712
##################################################################
1709
##################################################################
1713
##			Fonction "post_install"			##
1710
##			Fonction "post_install"			##
1714
## - Modification des bannières (locales et ssh) et des prompts ##
1711
## - Modification des bannières (locales et ssh) et des prompts ##
1715
## - Installation de la structure de chiffrement pour root	##
1712
## - Installation de la structure de chiffrement pour root	##
1716
## - Mise en place du sudoers et de la sécurité sur les fichiers##
1713
## - Mise en place du sudoers et de la sécurité sur les fichiers##
1717
## - Mise en place du la rotation des logs			##
1714
## - Mise en place du la rotation des logs			##
1718
## - Configuration dans le cas d'une mise à jour		##
1715
## - Configuration dans le cas d'une mise à jour		##
1719
##################################################################
1716
##################################################################
1720
post_install()
1717
post_install()
1721
{
1718
{
1722
# création de la bannière locale
1719
# création de la bannière locale
1723
	[ -e /etc/mageia-release.default ]  || cp /etc/mageia-release /etc/mageia-release.default
1720
	[ -e /etc/mageia-release.default ]  || cp /etc/mageia-release /etc/mageia-release.default
1724
	cp -f $DIR_CONF/banner /etc/mageia-release
1721
	cp -f $DIR_CONF/banner /etc/mageia-release
1725
	echo " V$VERSION" >> /etc/mageia-release
1722
	echo " V$VERSION" >> /etc/mageia-release
1726
# création de la bannière SSH
1723
# création de la bannière SSH
1727
	cp /etc/mageia-release /etc/ssh/alcasar-banner-ssh
1724
	cp /etc/mageia-release /etc/ssh/alcasar-banner-ssh
1728
	chmod 644 /etc/ssh/alcasar-banner-ssh ; chown root:root /etc/ssh/alcasar-banner-ssh
1725
	chmod 644 /etc/ssh/alcasar-banner-ssh ; chown root:root /etc/ssh/alcasar-banner-ssh
1729
	[ -e /etc/ssh/sshd_config.default ] || cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default
1726
	[ -e /etc/ssh/sshd_config.default ] || cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default
1730
	$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1727
	$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1731
	$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1728
	$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1732
# postfix banner anonymisation
1729
# postfix banner anonymisation
1733
	$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
1730
	$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
1734
# sshd écoute côté LAN et WAN
1731
# sshd écoute côté LAN et WAN
1735
	$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
1732
	$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
1736
	$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config 
1733
	$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config 
1737
	# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)
1734
	# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)
1738
	echo "SSH=off" >> $CONF_FILE
1735
	echo "SSH=off" >> $CONF_FILE
1739
	echo 'SSH_ADMIN_FROM=0.0.0.0/0.0.0.0' >> $CONF_FILE
1736
	echo 'SSH_ADMIN_FROM=0.0.0.0/0.0.0.0' >> $CONF_FILE
1740
	echo "QOS=off" >> $CONF_FILE
1737
	echo "QOS=off" >> $CONF_FILE
1741
	echo "LDAP=off" >> $CONF_FILE
1738
	echo "LDAP=off" >> $CONF_FILE
1742
	echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
1739
	echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
1743
	echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE
1740
	echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE
1744
	echo "MULTIWAN=off" >> $CONF_FILE
1741
	echo "MULTIWAN=off" >> $CONF_FILE
1745
	echo "FAILOVER=30" >> $CONF_FILE
1742
	echo "FAILOVER=30" >> $CONF_FILE
1746
	echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE
1743
	echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE
1747
	echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE
1744
	echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE
1748
	echo "#WAN2=\"1,$EXTIF:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE
1745
	echo "#WAN2=\"1,$EXTIF:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE
1749
# Coloration des prompts
1746
# Coloration des prompts
1750
	[ -e /etc/bashrc.default ]  || cp /etc/bashrc /etc/bashrc.default
1747
	[ -e /etc/bashrc.default ]  || cp /etc/bashrc /etc/bashrc.default
1751
	cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
1748
	cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
1752
	$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc
1749
	$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc
1753
# Droits d'exécution pour utilisateur apache et sysadmin
1750
# Droits d'exécution pour utilisateur apache et sysadmin
1754
	[ -e /etc/sudoers.default ]  || cp /etc/sudoers /etc/sudoers.default
1751
	[ -e /etc/sudoers.default ]  || cp /etc/sudoers /etc/sudoers.default
1755
	cp -f $DIR_CONF/sudoers /etc/. ; chmod 440 /etc/sudoers ; chown root:root /etc/sudoers
1752
	cp -f $DIR_CONF/sudoers /etc/. ; chmod 440 /etc/sudoers ; chown root:root /etc/sudoers
1756
	$SED "s?^Host_Alias.*?Host_Alias	LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost		#réseau de l'organisme?g" /etc/sudoers
1753
	$SED "s?^Host_Alias.*?Host_Alias	LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost		#réseau de l'organisme?g" /etc/sudoers
1757
# prise en compte de la rotation des logs sur 1 an (concerne mysql, httpd, dansguardian, radiusd, ulogd)
1754
# prise en compte de la rotation des logs sur 1 an (concerne mysql, httpd, dansguardian, radiusd, ulogd)
1758
	cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
1755
	cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
1759
	chmod 644 /etc/logrotate.d/*
1756
	chmod 644 /etc/logrotate.d/*
1760
# rectification sur versions précédentes de la compression des logs
1757
# rectification sur versions précédentes de la compression des logs
1761
	$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
1758
	$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
1762
# actualisation des fichiers logs compressés
1759
# actualisation des fichiers logs compressés
1763
	for dir in firewall dansguardian httpd
1760
	for dir in firewall dansguardian httpd
1764
	do
1761
	do
1765
	      find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
1762
	      find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
1766
	done
1763
	done
1767
# create the alcasar-load_balancing unit
1764
# create the alcasar-load_balancing unit
1768
	cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
1765
	cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
1769
#  This file is part of systemd.
1766
#  This file is part of systemd.
1770
#
1767
#
1771
#  systemd is free software; you can redistribute it and/or modify it
1768
#  systemd is free software; you can redistribute it and/or modify it
1772
#  under the terms of the GNU General Public License as published by
1769
#  under the terms of the GNU General Public License as published by
1773
#  the Free Software Foundation; either version 2 of the License, or
1770
#  the Free Software Foundation; either version 2 of the License, or
1774
#  (at your option) any later version.
1771
#  (at your option) any later version.
1775
 
1772
 
1776
# This unit lauches alcasar-load-balancing.sh script.
1773
# This unit lauches alcasar-load-balancing.sh script.
1777
[Unit]
1774
[Unit]
1778
Description=alcasar-load_balancing.sh execution
1775
Description=alcasar-load_balancing.sh execution
1779
After=network.target iptables.service
1776
After=network.target iptables.service
1780
 
1777
 
1781
[Service]
1778
[Service]
1782
Type=oneshot
1779
Type=oneshot
1783
RemainAfterExit=yes
1780
RemainAfterExit=yes
1784
ExecStart=/usr/local/sbin/alcasar-load_balancing.sh start
1781
ExecStart=/usr/local/sbin/alcasar-load_balancing.sh start
1785
ExecStop=/usr/local/sbin/alcasar-load_balancing.sh stop
1782
ExecStop=/usr/local/sbin/alcasar-load_balancing.sh stop
1786
TimeoutSec=0
1783
TimeoutSec=0
1787
SysVStartPriority=99
1784
SysVStartPriority=99
1788
 
1785
 
1789
[Install]
1786
[Install]
1790
WantedBy=multi-user.target
1787
WantedBy=multi-user.target
1791
EOF
1788
EOF
1792
# processes launched at boot time (SYSV)
1789
# processes launched at boot time (SYSV)
1793
	for i in havp 
1790
	for i in havp 
1794
	do
1791
	do
1795
		/sbin/chkconfig --add $i
1792
		/sbin/chkconfig --add $i
1796
	done
1793
	done
1797
# processes launched at boot time (Systemctl)
1794
# processes launched at boot time (Systemctl)
1798
	for i in alcasar-load_balancing mysqld httpd ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban
1795
	for i in alcasar-load_balancing mysqld httpd ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban
1799
	do
1796
	do
1800
		systemctl -q enable $i.service
1797
		systemctl -q enable $i.service
1801
	done
1798
	done
1802
	
1799
	
1803
# disable processes at boot time (Systemctl)
1800
# disable processes at boot time (Systemctl)
1804
	for i in ulogd
1801
	for i in ulogd
1805
	do
1802
	do
1806
		systemctl -q disable $i.service
1803
		systemctl -q disable $i.service
1807
	done
1804
	done
1808
	
1805
	
1809
# Apply French Security Agency (ANSSI) rules
1806
# Apply French Security Agency (ANSSI) rules
1810
# ignore ICMP broadcast (smurf attack)
1807
# ignore ICMP broadcast (smurf attack)
1811
	echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" > /etc/sysctl.d/alcasar.conf
1808
	echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" > /etc/sysctl.d/alcasar.conf
1812
# ignore ICMP errors bogus
1809
# ignore ICMP errors bogus
1813
	echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" >> /etc/sysctl.d/alcasar.conf
1810
	echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" >> /etc/sysctl.d/alcasar.conf
1814
# remove ICMP redirects responces
1811
# remove ICMP redirects responces
1815
	echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.d/alcasar.conf
1812
	echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.d/alcasar.conf
1816
	echo "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.d/alcasar.conf
1813
	echo "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.d/alcasar.conf
1817
# enable SYN Cookies (Syn flood attacks)
1814
# enable SYN Cookies (Syn flood attacks)
1818
	echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.d/alcasar.conf
1815
	echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.d/alcasar.conf
1819
# enable kernel antispoofing
1816
# enable kernel antispoofing
1820
	echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.d/alcasar.conf
1817
	echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.d/alcasar.conf
1821
# ignore source routing
1818
# ignore source routing
1822
	echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.d/alcasar.conf
1819
	echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.d/alcasar.conf
1823
# set conntrack timer to 1h (3600s) instead of 5 weeks
1820
# set conntrack timer to 1h (3600s) instead of 5 weeks
1824
	echo "net.netfilter.nf_conntrack_tcp_timeout_established = 3600" >> /etc/sysctl.d/alcasar.conf
1821
	echo "net.netfilter.nf_conntrack_tcp_timeout_established = 3600" >> /etc/sysctl.d/alcasar.conf
1825
# disable log_martians (ALCASAR is often installed between two private network addresses) 
1822
# disable log_martians (ALCASAR is often installed between two private network addresses) 
1826
	echo "net.ipv4.conf.all.log_martians = 0" >> /etc/sysctl.d/alcasar.conf
1823
	echo "net.ipv4.conf.all.log_martians = 0" >> /etc/sysctl.d/alcasar.conf
1827
# remove Magic SysReq Keys
1824
# remove Magic SysReq Keys
1828
	[ -e /etc/sysctl.d/51-alt-sysrq.conf ] && rm /etc/sysctl.d/51-alt-sysrq.conf
1825
	[ -e /etc/sysctl.d/51-alt-sysrq.conf ] && rm /etc/sysctl.d/51-alt-sysrq.conf
1829
# switch to multi-users runlevel (instead of x11)
1826
# switch to multi-users runlevel (instead of x11)
1830
	ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
1827
	ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
1831
#	GRUB modifications
1828
#	GRUB modifications
1832
# limit wait time to 3s
1829
# limit wait time to 3s
1833
# create an alcasar entry instead of linux-nonfb
1830
# create an alcasar entry instead of linux-nonfb
1834
# change display to 1024*768 (vga791)
1831
# change display to 1024*768 (vga791)
1835
	$SED "s?^timeout.*?timeout 3?g" /boot/grub/menu.lst
1832
	$SED "s?^timeout.*?timeout 3?g" /boot/grub/menu.lst
1836
	$SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst
1833
	$SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst
1837
	$SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst
1834
	$SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst
1838
	$SED "/^kernel/s/vga=.*/vga=791 nomodeset/" /boot/grub/menu.lst
1835
	$SED "/^kernel/s/vga=.*/vga=791 nomodeset/" /boot/grub/menu.lst
1839
	$SED "/^kernel/s/BOOT_IMAGE=linux /BOOT_IMAGE=linux-nonfb /" /boot/grub/menu.lst
1836
	$SED "/^kernel/s/BOOT_IMAGE=linux /BOOT_IMAGE=linux-nonfb /" /boot/grub/menu.lst
1840
	$SED "/^gfxmenu/d" /boot/grub/menu.lst
1837
	$SED "/^gfxmenu/d" /boot/grub/menu.lst
1841
# Remove unused services and users
1838
# Remove unused services and users
1842
	for svc in sshd.service
1839
	for svc in sshd.service
1843
	do
1840
	do
1844
		/bin/systemctl -q disable $svc
1841
		/bin/systemctl -q disable $svc
1845
	done
1842
	done
1846
#	for rm_users in games
1843
#	for rm_users in games
1847
#	do
1844
#	do
1848
#		user=`cat /etc/passwd|grep $rm_users|cut -d":" -f1`
1845
#		user=`cat /etc/passwd|grep $rm_users|cut -d":" -f1`
1849
#		if [ "$user" == "$rm_users" ]
1846
#		if [ "$user" == "$rm_users" ]
1850
#		then
1847
#		then
1851
#			/usr/sbin/userdel -r $rm_users
1848
#			/usr/sbin/userdel -r $rm_users
1852
#		fi
1849
#		fi
1853
#	done
1850
#	done
1854
# Load and apply the previous conf file
1851
# Load and apply the previous conf file
1855
	if [ "$mode" = "update" ]
1852
	if [ "$mode" = "update" ]
1856
	then
1853
	then
1857
		$DIR_DEST_BIN/alcasar-archive.sh --now # exports current logs in /var/Save/logs
1854
		$DIR_DEST_BIN/alcasar-archive.sh --now # exports current logs in /var/Save/logs
1858
		$DIR_DEST_BIN/alcasar-conf.sh --load
1855
		$DIR_DEST_BIN/alcasar-conf.sh --load
1859
		PARENT_SCRIPT=`basename $0`
1856
		PARENT_SCRIPT=`basename $0`
1860
		export PARENT_SCRIPT # to avoid stop&start process during the installation process
1857
		export PARENT_SCRIPT # to avoid stop&start process during the installation process
1861
		$DIR_DEST_BIN/alcasar-conf.sh --apply
1858
		$DIR_DEST_BIN/alcasar-conf.sh --apply
1862
		$SED "s?^INSTALL_DATE=.*?INSTALL_DATE=$DATE?g" $CONF_FILE
1859
		$SED "s?^INSTALL_DATE=.*?INSTALL_DATE=$DATE?g" $CONF_FILE
1863
		$SED "s?^VERSION=.*?VERSION=$VERSION?g" $CONF_FILE
1860
		$SED "s?^VERSION=.*?VERSION=$VERSION?g" $CONF_FILE
1864
		if [ $MAJ_PREVIOUS_VERSION -lt 2 ] || ([ $MAJ_PREVIOUS_VERSION -eq 2 ] && [ $MIN_PREVIOUS_VERSION -lt 8 ])
1861
		if [ $MAJ_PREVIOUS_VERSION -lt 2 ] || ([ $MAJ_PREVIOUS_VERSION -eq 2 ] && [ $MIN_PREVIOUS_VERSION -lt 8 ])
1865
		# update needed for versions previous then 2.8 due to the integration of the domainname ("localdomain" by default)
1862
		# update needed for versions previous then 2.8 due to the integration of the domainname ("localdomain" by default)
1866
		then
1863
		then
1867
			header_install
1864
			header_install
1868
			if [ $Lang == "fr" ]
1865
			if [ $Lang == "fr" ]
1869
			then 
1866
			then 
1870
				echo "Cette mise à jour nécessite de redéfinir le premier compte d'administration du portail"
1867
				echo "Cette mise à jour nécessite de redéfinir le premier compte d'administration du portail"
1871
				echo
1868
				echo
1872
				echo -n "Nom : "
1869
				echo -n "Nom : "
1873
			else
1870
			else
1874
				echo "This update need to redefine the first admin account"
1871
				echo "This update need to redefine the first admin account"
1875
				echo
1872
				echo
1876
				echo -n "Account : "
1873
				echo -n "Account : "
1877
			fi
1874
			fi
1878
			read admin_portal
1875
			read admin_portal
1879
			[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
1876
			[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
1880
			mkdir -p $DIR_DEST_ETC/digest
1877
			mkdir -p $DIR_DEST_ETC/digest
1881
			chmod 755 $DIR_DEST_ETC/digest
1878
			chmod 755 $DIR_DEST_ETC/digest
1882
			until [ -s $DIR_DEST_ETC/digest/key_admin ]
1879
			until [ -s $DIR_DEST_ETC/digest/key_admin ]
1883
			do
1880
			do
1884
				/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal
1881
				/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal
1885
			done
1882
			done
1886
			$DIR_DEST_SBIN/alcasar-profil.sh --list
1883
			$DIR_DEST_SBIN/alcasar-profil.sh --list
1887
		fi
1884
		fi
1888
	fi
1885
	fi
1889
	rm -f /tmp/alcasar-conf*
1886
	rm -f /tmp/alcasar-conf*
1890
	chown -R root:apache $DIR_DEST_ETC/*
1887
	chown -R root:apache $DIR_DEST_ETC/*
1891
	chmod -R 660 $DIR_DEST_ETC/*
1888
	chmod -R 660 $DIR_DEST_ETC/*
1892
	chmod ug+x $DIR_DEST_ETC/digest
1889
	chmod ug+x $DIR_DEST_ETC/digest
1893
# Apply and save the firewall rules
1890
# Apply and save the firewall rules
1894
 	sh $DIR_DEST_BIN/alcasar-iptables.sh
1891
 	sh $DIR_DEST_BIN/alcasar-iptables.sh
1895
	sleep 2
1892
	sleep 2
1896
	cd $DIR_INSTALL
1893
	cd $DIR_INSTALL
1897
	echo ""
1894
	echo ""
1898
	echo "#############################################################################"
1895
	echo "#############################################################################"
1899
	if [ $Lang == "fr" ]
1896
	if [ $Lang == "fr" ]
1900
		then
1897
		then
1901
		echo "#                        Fin d'installation d'ALCASAR                       #"
1898
		echo "#                        Fin d'installation d'ALCASAR                       #"
1902
		echo "#                                                                           #"
1899
		echo "#                                                                           #"
1903
		echo "#         Application Libre pour le Contrôle Authentifié et Sécurisé        #"
1900
		echo "#         Application Libre pour le Contrôle Authentifié et Sécurisé        #"
1904
		echo "#                     des Accès au Réseau ( ALCASAR )                       #"
1901
		echo "#                     des Accès au Réseau ( ALCASAR )                       #"
1905
		echo "#                                                                           #"
1902
		echo "#                                                                           #"
1906
		echo "#############################################################################"
1903
		echo "#############################################################################"
1907
		echo
1904
		echo
1908
		echo "- ALCASAR sera fonctionnel après redémarrage du système"
1905
		echo "- ALCASAR sera fonctionnel après redémarrage du système"
1909
		echo
1906
		echo
1910
		echo "- Lisez attentivement la documentation d'exploitation"
1907
		echo "- Lisez attentivement la documentation d'exploitation"
1911
		echo
1908
		echo
1912
		echo "- Le centre de controle d'ALCASAR (ACC) est à l'adresse http://alcasar"
1909
		echo "- Le centre de controle d'ALCASAR (ACC) est à l'adresse http://alcasar"
1913
		echo
1910
		echo
1914
		echo "                   Appuyez sur 'Entrée' pour continuer"
1911
		echo "                   Appuyez sur 'Entrée' pour continuer"
1915
	else	
1912
	else	
1916
		echo "#                        Enf of ALCASAR install process                     #"
1913
		echo "#                        Enf of ALCASAR install process                     #"
1917
		echo "#                                                                           #"
1914
		echo "#                                                                           #"
1918
		echo "#         Application Libre pour le Contrôle Authentifié et Sécurisé        #"
1915
		echo "#         Application Libre pour le Contrôle Authentifié et Sécurisé        #"
1919
		echo "#                     des Accès au Réseau ( ALCASAR )                       #"
1916
		echo "#                     des Accès au Réseau ( ALCASAR )                       #"
1920
		echo "#                                                                           #"
1917
		echo "#                                                                           #"
1921
		echo "#############################################################################"
1918
		echo "#############################################################################"
1922
		echo
1919
		echo
1923
		echo "- The system will be rebooted in order to operate ALCASAR"
1920
		echo "- The system will be rebooted in order to operate ALCASAR"
1924
		echo
1921
		echo
1925
		echo "- Read the exploitation documentation"
1922
		echo "- Read the exploitation documentation"
1926
		echo
1923
		echo
1927
		echo "- The ALCASAR Control Center (ACC) is at http://alcasar"
1924
		echo "- The ALCASAR Control Center (ACC) is at http://alcasar"
1928
		echo
1925
		echo
1929
		echo "                   Hit 'Enter' to continue"
1926
		echo "                   Hit 'Enter' to continue"
1930
	fi
1927
	fi
1931
	sleep 2
1928
	sleep 2
1932
	if [ "$mode" != "update" ]
1929
	if [ "$mode" != "update" ]
1933
	then
1930
	then
1934
		read a
1931
		read a
1935
	fi
1932
	fi
1936
	clear
1933
	clear
1937
	reboot
1934
	reboot
1938
} # End post_install ()
1935
} # End post_install ()
1939
 
1936
 
1940
#################################
1937
#################################
1941
#  	Main Install loop  	#
1938
#  	Main Install loop  	#
1942
#################################
1939
#################################
1943
dir_exec=`dirname "$0"`
1940
dir_exec=`dirname "$0"`
1944
if [ $dir_exec != "." ]
1941
if [ $dir_exec != "." ]
1945
then
1942
then
1946
	echo "Lancez ce programme depuis le répertoire de l'archive d'ALCASAR"
1943
	echo "Lancez ce programme depuis le répertoire de l'archive d'ALCASAR"
1947
	echo "Launch this program from the ALCASAR archive directory"
1944
	echo "Launch this program from the ALCASAR archive directory"
1948
	exit 0
1945
	exit 0
1949
fi
1946
fi
1950
VERSION=`cat $DIR_INSTALL/VERSION`
1947
VERSION=`cat $DIR_INSTALL/VERSION`
1951
usage="Usage: alcasar.sh {-i or --install} | {-u or --uninstall}"
1948
usage="Usage: alcasar.sh {-i or --install} | {-u or --uninstall}"
1952
nb_args=$#
1949
nb_args=$#
1953
args=$1
1950
args=$1
1954
if [ $nb_args -eq 0 ]
1951
if [ $nb_args -eq 0 ]
1955
then
1952
then
1956
	nb_args=1
1953
	nb_args=1
1957
	args="-h"
1954
	args="-h"
1958
fi
1955
fi
1959
chmod -R u+x $DIR_SCRIPTS/*
1956
chmod -R u+x $DIR_SCRIPTS/*
1960
case $args in
1957
case $args in
1961
	-\? | -h* | --h*)
1958
	-\? | -h* | --h*)
1962
		echo "$usage"
1959
		echo "$usage"
1963
		exit 0
1960
		exit 0
1964
		;;
1961
		;;
1965
	-i | --install)
1962
	-i | --install)
1966
		license
1963
		license
1967
		header_install
1964
		header_install
1968
		testing
1965
		testing
1969
# RPMs install
1966
# RPMs install
1970
		$DIR_SCRIPTS/alcasar-urpmi.sh
1967
		$DIR_SCRIPTS/alcasar-urpmi.sh
1971
		if [ "$?" != "0" ]
1968
		if [ "$?" != "0" ]
1972
		then
1969
		then
1973
			exit 0
1970
			exit 0
1974
		fi
1971
		fi
1975
		if [ -e $CONF_FILE ]
1972
		if [ -e $CONF_FILE ]
1976
		then
1973
		then
1977
# Uninstall the running version
1974
# Uninstall the running version
1978
			$DIR_SCRIPTS/sbin/alcasar-uninstall.sh
1975
			$DIR_SCRIPTS/sbin/alcasar-uninstall.sh
1979
		fi
1976
		fi
1980
# Test if manual update	
1977
# Test if manual update	
1981
		if [ -e /tmp/alcasar-conf*.tar.gz ] && [ "$mode" == "install" ]
1978
		if [ -e /tmp/alcasar-conf*.tar.gz ] && [ "$mode" == "install" ]
1982
		then
1979
		then
1983
			header_install
1980
			header_install
1984
			if [ $Lang == "fr" ]
1981
			if [ $Lang == "fr" ]
1985
				then echo "Le fichier de configuration d'une ancienne version a été trouvé";
1982
				then echo "Le fichier de configuration d'une ancienne version a été trouvé";
1986
				else echo "The configuration file of an old version has been found";
1983
				else echo "The configuration file of an old version has been found";
1987
			fi
1984
			fi
1988
			response=0
1985
			response=0
1989
			PTN='^[oOnNyY]$'
1986
			PTN='^[oOnNyY]$'
1990
			until [[ $(expr $response : $PTN) -gt 0 ]]
1987
			until [[ $(expr $response : $PTN) -gt 0 ]]
1991
			do
1988
			do
1992
				if [ $Lang == "fr" ]
1989
				if [ $Lang == "fr" ]
1993
					then echo -n "Voulez-vous l'utiliser (O/n)? ";
1990
					then echo -n "Voulez-vous l'utiliser (O/n)? ";
1994
					else echo -n "Do you want to use it (Y/n)?";
1991
					else echo -n "Do you want to use it (Y/n)?";
1995
				 fi
1992
				 fi
1996
				read response
1993
				read response
1997
				if [ "$response" = "n" ] || [ "$response" = "N" ] 
1994
				if [ "$response" = "n" ] || [ "$response" = "N" ] 
1998
				then rm -f /tmp/alcasar-conf*
1995
				then rm -f /tmp/alcasar-conf*
1999
				fi
1996
				fi
2000
			done
1997
			done
2001
		fi
1998
		fi
2002
# Test if update
1999
# Test if update
2003
		if [ -e /tmp/alcasar-conf* ] 
2000
		if [ -e /tmp/alcasar-conf* ] 
2004
		then
2001
		then
2005
			if [ $Lang == "fr" ]
2002
			if [ $Lang == "fr" ]
2006
				then echo "#### Installation avec mise à jour ####";
2003
				then echo "#### Installation avec mise à jour ####";
2007
				else echo "#### Installation with update     ####";
2004
				else echo "#### Installation with update     ####";
2008
			fi
2005
			fi
2009
# Extract the central configuration file
2006
# Extract the central configuration file
2010
			tar -xf /tmp/alcasar-conf* conf/etc/alcasar.conf 
2007
			tar -xf /tmp/alcasar-conf* conf/etc/alcasar.conf 
2011
			ORGANISME=`grep ORGANISM conf/etc/alcasar.conf|cut -d"=" -f2`
2008
			ORGANISME=`grep ORGANISM conf/etc/alcasar.conf|cut -d"=" -f2`
2012
			PREVIOUS_VERSION=`grep VERSION conf/etc/alcasar.conf|cut -d"=" -f2`
2009
			PREVIOUS_VERSION=`grep VERSION conf/etc/alcasar.conf|cut -d"=" -f2`
2013
			MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
2010
			MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
2014
			MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
2011
			MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
2015
			UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
2012
			UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
2016
			mode="update"
2013
			mode="update"
2017
		fi
2014
		fi
2018
		for func in init network ACC CA init_db radius radius_web chilli dansguardian antivirus ulogd nfsen dnsmasq BL cron fail2ban gammu_smsd post_install
2015
		for func in init network ACC CA init_db radius radius_web chilli dansguardian antivirus ulogd nfsen dnsmasq BL cron fail2ban gammu_smsd post_install
2019
		do
2016
		do
2020
			$func
2017
			$func
2021
# echo "*** 'debug' : end of function $func ***"; read a
2018
# echo "*** 'debug' : end of function $func ***"; read a
2022
		done
2019
		done
2023
		;;
2020
		;;
2024
	-u | --uninstall)
2021
	-u | --uninstall)
2025
		if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]
2022
		if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]
2026
		then
2023
		then
2027
			if [ $Lang == "fr" ]
2024
			if [ $Lang == "fr" ]
2028
				then echo "ALCASAR n'est pas installé!";
2025
				then echo "ALCASAR n'est pas installé!";
2029
				else echo "ALCASAR isn't installed!";
2026
				else echo "ALCASAR isn't installed!";
2030
			fi
2027
			fi
2031
			exit 0
2028
			exit 0
2032
		fi
2029
		fi
2033
		response=0
2030
		response=0
2034
		PTN='^[oOnN]$'
2031
		PTN='^[oOnN]$'
2035
		until [[ $(expr $response : $PTN) -gt 0 ]]
2032
		until [[ $(expr $response : $PTN) -gt 0 ]]
2036
		do
2033
		do
2037
			if [ $Lang == "fr" ]
2034
			if [ $Lang == "fr" ]
2038
				then echo -n "Voulez-vous créer le fichier de configuration de la version actuelle (0/n)? ";
2035
				then echo -n "Voulez-vous créer le fichier de configuration de la version actuelle (0/n)? ";
2039
				else echo -n "Do you want to create the running version configuration file (Y/n)? ";
2036
				else echo -n "Do you want to create the running version configuration file (Y/n)? ";
2040
			fi
2037
			fi
2041
			read response
2038
			read response
2042
		done
2039
		done
2043
		if [ "$response" = "o" ] || [ "$response" = "O" ] || [ "$response" = "Y" ] || [ "$response" = "y" ]
2040
		if [ "$response" = "o" ] || [ "$response" = "O" ] || [ "$response" = "Y" ] || [ "$response" = "y" ]
2044
		then
2041
		then
2045
			$DIR_SCRIPTS/alcasar-conf.sh --create
2042
			$DIR_SCRIPTS/alcasar-conf.sh --create
2046
		else	
2043
		else	
2047
			rm -f /tmp/alcasar-conf*
2044
			rm -f /tmp/alcasar-conf*
2048
		fi
2045
		fi
2049
# Uninstall the running version
2046
# Uninstall the running version
2050
		$DIR_SCRIPTS/sbin/alcasar-uninstall.sh
2047
		$DIR_SCRIPTS/sbin/alcasar-uninstall.sh
2051
		;;
2048
		;;
2052
	*)
2049
	*)
2053
		echo "Argument inconnu :$1";
2050
		echo "Argument inconnu :$1";
2054
		echo "Unknown argument :$1";
2051
		echo "Unknown argument :$1";
2055
		echo "$usage"
2052
		echo "$usage"
2056
		exit 1
2053
		exit 1
2057
		;;
2054
		;;
2058
esac
2055
esac
2059
# end of script
2056
# end of script
2060
 
2057
 
2061
 
2058