Subversion Repositories ALCASAR

Rev

Rev 1157 | Rev 1163 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1157 Rev 1159
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 1157 2013-07-16 10:48:11Z stephane $ 
2
#  $Id: alcasar.sh 1159 2013-07-17 09:25:15Z crox53 $ 
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
 
5
 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
7
# Ce programme est un logiciel libre ; This software is free and open source
7
# Ce programme est un logiciel libre ; This software is free and open source
8
# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence. 
8
# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence. 
9
# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ; 
9
# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ; 
10
# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE. 
10
# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE. 
11
# Voir la Licence Publique Générale GNU pour plus de détails. 
11
# Voir la Licence Publique Générale GNU pour plus de détails. 
12
 
12
 
13
#  team@alcasar.net
13
#  team@alcasar.net
14
 
14
 
15
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
15
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
16
# This script is distributed under the Gnu General Public License (GPL)
16
# This script is distributed under the Gnu General Public License (GPL)
17
 
17
 
18
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
18
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
19
# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :
19
# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :
20
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
20
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
21
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
21
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
22
#
22
#
23
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav  and firewalleyes
23
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav  and firewalleyes
24
 
24
 
25
# Options :
25
# Options :
26
#       -i or --install
26
#       -i or --install
27
#       -u or --uninstall
27
#       -u or --uninstall
28
 
28
 
29
# Functions :
29
# Functions :
30
#	testing		: Tests de connectivité et de téléchargement avant installation
30
#	testing		: Tests de connectivité et de téléchargement avant installation
31
#	init		: Installation des RPM et des scripts
31
#	init		: Installation des RPM et des scripts
32
#	network		: Paramètrage du réseau
32
#	network		: Paramètrage du réseau
33
#	gestion		: Installation de l'interface de gestion
33
#	gestion		: Installation de l'interface de gestion
34
#	AC		: Initialisation de l'autorité de certification. Création des certificats
34
#	AC		: Initialisation de l'autorité de certification. Création des certificats
35
#	init_db		: Création de la base 'radius' sur le serveur MySql
35
#	init_db		: Création de la base 'radius' sur le serveur MySql
36
#	param_radius	: Configuration du serveur d'authentification FreeRadius
36
#	param_radius	: Configuration du serveur d'authentification FreeRadius
37
#	param_web_radius: Configuration de l'interface de gestion de FreeRadius (dialupadmin)
37
#	param_web_radius: Configuration de l'interface de gestion de FreeRadius (dialupadmin)
38
#	param_chilli	: Configuration du daemon 'coova-chilli' et de la page d'authentification
38
#	param_chilli	: Configuration du daemon 'coova-chilli' et de la page d'authentification
39
#	param_squid	: Configuration du proxy squid en mode 'cache'
39
#	param_squid	: Configuration du proxy squid en mode 'cache'
40
#	param_dansguardian : Configuration de l'analyseur de contenu DansGuardian
40
#	param_dansguardian : Configuration de l'analyseur de contenu DansGuardian
41
#	antivirus	: Installation havp + libclamav
41
#	antivirus	: Installation havp + libclamav
42
#	param_awstats	: Configuration de l'interface des statistiques de consultation WEB
42
#	param_nfsen	: Configuration du grapheur nfsen pour apache 
43
#	dnsmasq		: Configuration du serveur de noms et du serveur dhcp de secours
43
#	dnsmasq		: Configuration du serveur de noms et du serveur dhcp de secours
44
#	BL		: Configuration de la BlackList
44
#	BL		: Configuration de la BlackList
45
#	cron		: Mise en place des exports de logs (+ chiffrement)
45
#	cron		: Mise en place des exports de logs (+ chiffrement)
46
#	post_install	: Finalisation environnement ( sécurité, bannières, rotation logs, ...)
46
#	post_install	: Finalisation environnement ( sécurité, bannières, rotation logs, ...)
47
 
47
 
48
DATE=`date '+%d %B %Y - %Hh%M'`
48
DATE=`date '+%d %B %Y - %Hh%M'`
49
DATE_SHORT=`date '+%d/%m/%Y'`
49
DATE_SHORT=`date '+%d/%m/%Y'`
50
Lang=`echo $LANG|cut -c 1-2`
50
Lang=`echo $LANG|cut -c 1-2`
51
# ******* Files parameters - paramètres fichiers *********
51
# ******* Files parameters - paramètres fichiers *********
52
DIR_INSTALL=`pwd`				# current directory 
52
DIR_INSTALL=`pwd`				# current directory 
53
DIR_CONF="$DIR_INSTALL/conf"			# install directory (with conf files)
53
DIR_CONF="$DIR_INSTALL/conf"			# install directory (with conf files)
54
DIR_SCRIPTS="$DIR_INSTALL/scripts"		# install directory (with script files)
54
DIR_SCRIPTS="$DIR_INSTALL/scripts"		# install directory (with script files)
55
DIR_SAVE="/var/Save"				# backup directory (system_backup, user_db_backup, logs)
55
DIR_SAVE="/var/Save"				# backup directory (system_backup, user_db_backup, logs)
56
DIR_WEB="/var/www/html"				# directory of APACHE
56
DIR_WEB="/var/www/html"				# directory of APACHE
57
DIR_DG="/etc/dansguardian"			# directory of DansGuardian
57
DIR_DG="/etc/dansguardian"			# directory of DansGuardian
58
DIR_ACC="$DIR_WEB/acc"				# directory of the 'ALCASAR Control Center'
58
DIR_ACC="$DIR_WEB/acc"				# directory of the 'ALCASAR Control Center'
59
DIR_DEST_BIN="/usr/local/bin"			# directory of ALCASAR scripts
59
DIR_DEST_BIN="/usr/local/bin"			# directory of ALCASAR scripts
60
DIR_DEST_SBIN="/usr/local/sbin"			# directory of ALCASAR admin scripts
60
DIR_DEST_SBIN="/usr/local/sbin"			# directory of ALCASAR admin scripts
61
DIR_DEST_ETC="/usr/local/etc"			# directory of ALCASAR conf files
61
DIR_DEST_ETC="/usr/local/etc"			# directory of ALCASAR conf files
62
DIR_DEST_SHARE="/usr/local/share"		# directory of share files used by ALCASAR (dnsmasq for instance)
62
DIR_DEST_SHARE="/usr/local/share"		# directory of share files used by ALCASAR (dnsmasq for instance)
63
CONF_FILE="$DIR_DEST_ETC/alcasar.conf"		# central ALCASAR conf file
63
CONF_FILE="$DIR_DEST_ETC/alcasar.conf"		# central ALCASAR conf file
64
PASSWD_FILE="/root/ALCASAR-passwords.txt"	# text file with the passwords and shared secrets
64
PASSWD_FILE="/root/ALCASAR-passwords.txt"	# text file with the passwords and shared secrets
65
# ******* DBMS parameters - paramètres SGBD ********
65
# ******* DBMS parameters - paramètres SGBD ********
66
DB_RADIUS="radius"				# nom de la base de données utilisée par le serveur FreeRadius
66
DB_RADIUS="radius"				# nom de la base de données utilisée par le serveur FreeRadius
67
DB_USER="radius"				# nom de l'utilisateur de la base de données
67
DB_USER="radius"				# nom de l'utilisateur de la base de données
68
# ******* Network parameters - paramètres réseau *******
68
# ******* Network parameters - paramètres réseau *******
69
HOSTNAME="alcasar"				# 
69
HOSTNAME="alcasar"				# 
70
DOMAIN="localdomain"				# domaine local
70
DOMAIN="localdomain"				# domaine local
71
EXTIF="eth0"					# ETH0 est l'interface connectée à Internet (Box FAI)
71
EXTIF="eth0"					# ETH0 est l'interface connectée à Internet (Box FAI)
72
MTU="1500"
72
MTU="1500"
73
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'
73
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'
74
INTIF="eth1"					# ETH1 est l'interface connectée au réseau local de consultation
74
INTIF="eth1"					# ETH1 est l'interface connectée au réseau local de consultation
75
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24"	# adresse d'ALCASAR (+masque) proposée par défaut sur le réseau de consultation
75
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24"	# adresse d'ALCASAR (+masque) proposée par défaut sur le réseau de consultation
76
# ****** Paths - chemin des commandes *******
76
# ****** Paths - chemin des commandes *******
77
SED="/bin/sed -i"
77
SED="/bin/sed -i"
78
# ****************** End of global parameters *********************
78
# ****************** End of global parameters *********************
79
 
79
 
80
license ()
80
license ()
81
{
81
{
82
	if [ $Lang == "fr" ]
82
	if [ $Lang == "fr" ]
83
	then cat $DIR_INSTALL/gpl-3.0.fr.txt | more
83
	then cat $DIR_INSTALL/gpl-3.0.fr.txt | more
84
	else cat $DIR_INSTALL/gpl-3.0.txt | more
84
	else cat $DIR_INSTALL/gpl-3.0.txt | more
85
	fi
85
	fi
86
	echo "Taper sur Entrée pour continuer !"
86
	echo "Taper sur Entrée pour continuer !"
87
	echo "Enter to continue."
87
	echo "Enter to continue."
88
	read a
88
	read a
89
}
89
}
90
 
90
 
91
header_install ()
91
header_install ()
92
{
92
{
93
	clear
93
	clear
94
	echo "-----------------------------------------------------------------------------"
94
	echo "-----------------------------------------------------------------------------"
95
	echo "                     ALCASAR V$VERSION Installation"
95
	echo "                     ALCASAR V$VERSION Installation"
96
	echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
96
	echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
97
	echo "-----------------------------------------------------------------------------"
97
	echo "-----------------------------------------------------------------------------"
98
} # End of header_install ()
98
} # End of header_install ()
99
 
99
 
100
##################################################################
100
##################################################################
101
##			Function TESTING			##
101
##			Function TESTING			##
102
## - Test of Internet access					##
102
## - Test of Internet access					##
103
##################################################################
103
##################################################################
104
testing ()
104
testing ()
105
{
105
{
106
	if [ $Lang == "fr" ]
106
	if [ $Lang == "fr" ]
107
		then echo -n "Tests des paramètres réseau : "
107
		then echo -n "Tests des paramètres réseau : "
108
		else echo -n "Network parameters tests : "
108
		else echo -n "Network parameters tests : "
109
	fi
109
	fi
110
# We test eth0 config files
110
# We test eth0 config files
111
	PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
111
	PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
112
	PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
112
	PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
113
	if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
113
	if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
114
		then
114
		then
115
		if [ $Lang == "fr" ]
115
		if [ $Lang == "fr" ]
116
		then 
116
		then 
117
			echo "Échec"
117
			echo "Échec"
118
			echo "La carte réseau connectée à Internet ($EXTIF) n'est pas correctement configurée."
118
			echo "La carte réseau connectée à Internet ($EXTIF) n'est pas correctement configurée."
119
			echo "Renseignez les champs suivants dans le fichier '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
119
			echo "Renseignez les champs suivants dans le fichier '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
120
			echo "Appliquez les changements : 'service network restart'"
120
			echo "Appliquez les changements : 'service network restart'"
121
		else
121
		else
122
			echo "Failed"
122
			echo "Failed"
123
			echo "The Internet connected network card ($EXTIF) isn't well configured."
123
			echo "The Internet connected network card ($EXTIF) isn't well configured."
124
			echo "The folowing parametres must be set in the file '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
124
			echo "The folowing parametres must be set in the file '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
125
			echo "Apply the new configuration 'service network restart'"
125
			echo "Apply the new configuration 'service network restart'"
126
		fi
126
		fi
127
		echo "DEVICE=$EXTIF"
127
		echo "DEVICE=$EXTIF"
128
		echo "IPADDR="
128
		echo "IPADDR="
129
		echo "NETMASK="
129
		echo "NETMASK="
130
		echo "GATEWAY="
130
		echo "GATEWAY="
131
		echo "DNS1="
131
		echo "DNS1="
132
		echo "DNS2="
132
		echo "DNS2="
133
		echo "ONBOOT=yes"
133
		echo "ONBOOT=yes"
134
		exit 0
134
		exit 0
135
	fi
135
	fi
136
	echo -n "."
136
	echo -n "."
137
# We test the Ethernet links state
137
# We test the Ethernet links state
138
	for i in $EXTIF $INTIF
138
	for i in $EXTIF $INTIF
139
	do
139
	do
140
		/sbin/ip link set $i up
140
		/sbin/ip link set $i up
141
		sleep 3
141
		sleep 3
142
		CMD=`/usr/sbin/ethtool $i |egrep 'Link detected'| awk '{print $NF}'`
142
		CMD=`/usr/sbin/ethtool $i |egrep 'Link detected'| awk '{print $NF}'`
143
		CMD2=`/sbin/mii-tool $i | grep link | awk '{print $NF}'`
143
		CMD2=`/sbin/mii-tool $i | grep link | awk '{print $NF}'`
144
		if [ $CMD != "yes" ] && [ $CMD2 != "ok" ]
144
		if [ $CMD != "yes" ] && [ $CMD2 != "ok" ]
145
			then
145
			then
146
			if [ $Lang == "fr" ]
146
			if [ $Lang == "fr" ]
147
			then 
147
			then 
148
				echo "Échec"
148
				echo "Échec"
149
				echo "Le lien réseau de la carte $i n'est pas actif."
149
				echo "Le lien réseau de la carte $i n'est pas actif."
150
				echo "Réglez ce problème puis relancez ce script."
150
				echo "Réglez ce problème puis relancez ce script."
151
			else
151
			else
152
				echo "Failed"
152
				echo "Failed"
153
				echo "The link state of $i interface id down."
153
				echo "The link state of $i interface id down."
154
				echo "Resolv this problem, then restart this script."
154
				echo "Resolv this problem, then restart this script."
155
			fi
155
			fi
156
			exit 0
156
			exit 0
157
		fi
157
		fi
158
	echo -n "."
158
	echo -n "."
159
	done
159
	done
160
# On teste la présence d'un routeur par défaut (Box FAI)
160
# On teste la présence d'un routeur par défaut (Box FAI)
161
	if [ `ip route list|grep -c ^default` -ne "1" ] ; then
161
	if [ `ip route list|grep -c ^default` -ne "1" ] ; then
162
		if [ $Lang == "fr" ]
162
		if [ $Lang == "fr" ]
163
		then 
163
		then 
164
			echo "Échec"
164
			echo "Échec"
165
			echo "Vous n'avez pas configuré l'accès à Internet ou le câble réseau n'est pas sur la bonne carte."
165
			echo "Vous n'avez pas configuré l'accès à Internet ou le câble réseau n'est pas sur la bonne carte."
166
			echo "Réglez ce problème puis relancez ce script."
166
			echo "Réglez ce problème puis relancez ce script."
167
		else
167
		else
168
			echo "Failed"
168
			echo "Failed"
169
			echo "You haven't configured Internet access or Internet link is on the wrong Ethernet card"
169
			echo "You haven't configured Internet access or Internet link is on the wrong Ethernet card"
170
			echo "Resolv this problem, then restart this script."
170
			echo "Resolv this problem, then restart this script."
171
		fi
171
		fi
172
		exit 0
172
		exit 0
173
	fi
173
	fi
174
	echo -n "."
174
	echo -n "."
175
# On traite le cas où l'interface configurée lors de l'installation est "eth1" au lieu de "eth0" (mystère sur certaines versions de BIOS et de VirtualBox)
175
# On traite le cas où l'interface configurée lors de l'installation est "eth1" au lieu de "eth0" (mystère sur certaines versions de BIOS et de VirtualBox)
176
	if [ `ip route list|grep ^default|grep -c eth1` -eq "1" ] ; then
176
	if [ `ip route list|grep ^default|grep -c eth1` -eq "1" ] ; then
177
		if [ $Lang == "fr" ]
177
		if [ $Lang == "fr" ]
178
			then echo "La configuration des cartes réseau va être corrigée."
178
			then echo "La configuration des cartes réseau va être corrigée."
179
			else echo "The Ethernet card configuration will be corrected."
179
			else echo "The Ethernet card configuration will be corrected."
180
		fi
180
		fi
181
		/etc/init.d/network stop
181
		/etc/init.d/network stop
182
		mv -f /etc/sysconfig/network-scripts/ifcfg-eth1 /etc/sysconfig/network-scripts/ifcfg-eth0
182
		mv -f /etc/sysconfig/network-scripts/ifcfg-eth1 /etc/sysconfig/network-scripts/ifcfg-eth0
183
		$SED "s?eth1?eth0?g" /etc/sysconfig/network-scripts/ifcfg-eth0
183
		$SED "s?eth1?eth0?g" /etc/sysconfig/network-scripts/ifcfg-eth0
184
		/etc/init.d/network start
184
		/etc/init.d/network start
185
		echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
185
		echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
186
		sleep 2
186
		sleep 2
187
		if [ $Lang == "fr" ]
187
		if [ $Lang == "fr" ]
188
			then echo "Configuration corrigée"
188
			then echo "Configuration corrigée"
189
			else echo "Configuration updated"
189
			else echo "Configuration updated"
190
		fi
190
		fi
191
		sleep 2
191
		sleep 2
192
		if [ $Lang == "fr" ]
192
		if [ $Lang == "fr" ]
193
			then echo "Vous pouvez relancer ce script."
193
			then echo "Vous pouvez relancer ce script."
194
			else echo "You can restart this script."
194
			else echo "You can restart this script."
195
		fi
195
		fi
196
		exit 0
196
		exit 0
197
	fi
197
	fi
198
	echo -n "."
198
	echo -n "."
199
# On teste le lien vers le routeur par defaut
199
# On teste le lien vers le routeur par defaut
200
	IP_GW=`ip route list|grep ^default|cut -d" " -f3`
200
	IP_GW=`ip route list|grep ^default|cut -d" " -f3`
201
	arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $IP_GW|grep response|cut -d" " -f2`
201
	arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $IP_GW|grep response|cut -d" " -f2`
202
	if [ $(expr $arp_reply) -eq 0 ]
202
	if [ $(expr $arp_reply) -eq 0 ]
203
	       	then
203
	       	then
204
		if [ $Lang == "fr" ]
204
		if [ $Lang == "fr" ]
205
		then 
205
		then 
206
			echo "Échec"
206
			echo "Échec"
207
			echo "Le routeur de site ou la Box Internet ($IP_GW) ne répond pas."
207
			echo "Le routeur de site ou la Box Internet ($IP_GW) ne répond pas."
208
			echo "Réglez ce problème puis relancez ce script."
208
			echo "Réglez ce problème puis relancez ce script."
209
		else
209
		else
210
			echo "Failed"
210
			echo "Failed"
211
			echo "The Internet gateway doesn't answered"
211
			echo "The Internet gateway doesn't answered"
212
			echo "Resolv this problem, then restart this script."
212
			echo "Resolv this problem, then restart this script."
213
		fi
213
		fi
214
		exit 0
214
		exit 0
215
	fi
215
	fi
216
	echo -n "."
216
	echo -n "."
217
# On teste la connectivité Internet
217
# On teste la connectivité Internet
218
	rm -rf /tmp/con_ok.html
218
	rm -rf /tmp/con_ok.html
219
	/usr/bin/curl www.google.fr -s -o /tmp/con_ok.html
219
	/usr/bin/curl www.google.fr -s -o /tmp/con_ok.html
220
	if [ ! -e /tmp/con_ok.html ]
220
	if [ ! -e /tmp/con_ok.html ]
221
	then
221
	then
222
		if [ $Lang == "fr" ]
222
		if [ $Lang == "fr" ]
223
		then 
223
		then 
224
			echo "La tentative de connexion vers Internet a échoué (google.fr)."
224
			echo "La tentative de connexion vers Internet a échoué (google.fr)."
225
			echo "Vérifiez que la carte $EXTIF est bien connectée au routeur du FAI."
225
			echo "Vérifiez que la carte $EXTIF est bien connectée au routeur du FAI."
226
			echo "Vérifiez la validité des adresses IP des DNS."
226
			echo "Vérifiez la validité des adresses IP des DNS."
227
		else
227
		else
228
			echo "The Internet connection try failed (google.fr)."
228
			echo "The Internet connection try failed (google.fr)."
229
			echo "Please, verify that the $EXTIF card is connected with the Internet gateway."
229
			echo "Please, verify that the $EXTIF card is connected with the Internet gateway."
230
			echo "Verify the DNS IP addresses"
230
			echo "Verify the DNS IP addresses"
231
		fi
231
		fi
232
		exit 0
232
		exit 0
233
	fi
233
	fi
234
	rm -rf /tmp/con_ok.html
234
	rm -rf /tmp/con_ok.html
235
	echo ". : ok"
235
	echo ". : ok"
236
} # end of testing
236
} # end of testing
237
 
237
 
238
##################################################################
238
##################################################################
239
##			Fonction INIT				##
239
##			Fonction INIT				##
240
## - Création du fichier "/root/ALCASAR_parametres.txt"		##
240
## - Création du fichier "/root/ALCASAR_parametres.txt"		##
241
## - Installation et modification des scripts du portail	##
241
## - Installation et modification des scripts du portail	##
242
##################################################################
242
##################################################################
243
init ()
243
init ()
244
{
244
{
245
	if [ "$mode" != "update" ]
245
	if [ "$mode" != "update" ]
246
	then
246
	then
247
# On affecte le nom d'organisme
247
# On affecte le nom d'organisme
248
		header_install
248
		header_install
249
		ORGANISME=!
249
		ORGANISME=!
250
		PTN='^[a-zA-Z0-9-]*$'
250
		PTN='^[a-zA-Z0-9-]*$'
251
		until [[ $(expr $ORGANISME : $PTN) -gt 0 ]]
251
		until [[ $(expr $ORGANISME : $PTN) -gt 0 ]]
252
                do
252
                do
253
			if [ $Lang == "fr" ]
253
			if [ $Lang == "fr" ]
254
			       	then echo -n "Entrez le nom de votre organisme : "
254
			       	then echo -n "Entrez le nom de votre organisme : "
255
				else echo -n "Enter the name of your organism : "
255
				else echo -n "Enter the name of your organism : "
256
			fi
256
			fi
257
			read ORGANISME
257
			read ORGANISME
258
			if [ "$ORGANISME" == "" ]
258
			if [ "$ORGANISME" == "" ]
259
				then
259
				then
260
				ORGANISME=!
260
				ORGANISME=!
261
			fi
261
			fi
262
		done
262
		done
263
	fi
263
	fi
264
# On crée aléatoirement les mots de passe et les secrets partagés
264
# On crée aléatoirement les mots de passe et les secrets partagés
265
	rm -f $PASSWD_FILE
265
	rm -f $PASSWD_FILE
266
	grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# mot de passe de protection du menu Grub
266
	grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# mot de passe de protection du menu Grub
267
	echo -n "Password to protect the boot menu (GRUB) : " > $PASSWD_FILE
267
	echo -n "Password to protect the boot menu (GRUB) : " > $PASSWD_FILE
268
	echo "$grubpwd" >> $PASSWD_FILE
268
	echo "$grubpwd" >> $PASSWD_FILE
269
	md5_grubpwd=`/usr/bin/md5pass $grubpwd`
269
	md5_grubpwd=`/usr/bin/md5pass $grubpwd`
270
	$SED "/^password.*/d" /boot/grub/menu.lst
270
	$SED "/^password.*/d" /boot/grub/menu.lst
271
	$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
271
	$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
272
	mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# mot de passe de l'administrateur Mysqld
272
	mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# mot de passe de l'administrateur Mysqld
273
	echo -n "Name and password of Mysql/mariadb administrator : " >> $PASSWD_FILE
273
	echo -n "Name and password of Mysql/mariadb administrator : " >> $PASSWD_FILE
274
	echo "root / $mysqlpwd" >> $PASSWD_FILE
274
	echo "root / $mysqlpwd" >> $PASSWD_FILE
275
	radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# mot de passe de l'utilisateur Mysqld (utilisé par freeradius)
275
	radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# mot de passe de l'utilisateur Mysqld (utilisé par freeradius)
276
	echo -n "Name and password of Mysql/mariadb user : " >> $PASSWD_FILE
276
	echo -n "Name and password of Mysql/mariadb user : " >> $PASSWD_FILE
277
	echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE
277
	echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE
278
	secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# secret partagé entre intercept.php et coova-chilli
278
	secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# secret partagé entre intercept.php et coova-chilli
279
	echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE
279
	echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE
280
	echo "$secretuam" >> $PASSWD_FILE
280
	echo "$secretuam" >> $PASSWD_FILE
281
	secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# secret partagé entre coova-chilli et FreeRadius
281
	secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# secret partagé entre coova-chilli et FreeRadius
282
	echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
282
	echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
283
	echo "$secretradius" >> $PASSWD_FILE
283
	echo "$secretradius" >> $PASSWD_FILE
284
	chmod 640 $PASSWD_FILE
284
	chmod 640 $PASSWD_FILE
285
# Scripts and conf files copy 
285
# Scripts and conf files copy 
286
#  - in /usr/local/bin :  alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}
286
#  - in /usr/local/bin :  alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}
287
	cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
287
	cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
288
#  - in /usr/local/sbin :  alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
288
#  - in /usr/local/sbin :  alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
289
	cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
289
	cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
290
#  - in /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,iptables-local.sh,services}
290
#  - in /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,iptables-local.sh,services}
291
	cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
291
	cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
292
	$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh
292
	$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh
293
	$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
293
	$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
294
	$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
294
	$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
295
	$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
295
	$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
296
# generate central conf file
296
# generate central conf file
297
	cat <<EOF > $CONF_FILE
297
	cat <<EOF > $CONF_FILE
298
##########################################
298
##########################################
299
##                                      ##
299
##                                      ##
300
##          ALCASAR Parameters          ##
300
##          ALCASAR Parameters          ##
301
##                                      ##
301
##                                      ##
302
##########################################
302
##########################################
303
 
303
 
304
INSTALL_DATE=$DATE
304
INSTALL_DATE=$DATE
305
VERSION=$VERSION
305
VERSION=$VERSION
306
ORGANISM=$ORGANISME
306
ORGANISM=$ORGANISME
307
DOMAIN=$DOMAIN
307
DOMAIN=$DOMAIN
308
EOF
308
EOF
309
	chmod o-rwx $CONF_FILE
309
	chmod o-rwx $CONF_FILE
310
} # End of init ()
310
} # End of init ()
311
 
311
 
312
##################################################################
312
##################################################################
313
##			Fonction network			##
313
##			Fonction network			##
314
## - Définition du plan d'adressage du réseau de consultation	##
314
## - Définition du plan d'adressage du réseau de consultation	##
315
## - Nommage DNS du système 					##
315
## - Nommage DNS du système 					##
316
## - Configuration de l'interface eth1 (réseau de consultation)	##
316
## - Configuration de l'interface eth1 (réseau de consultation)	##
317
## - Modification du fichier /etc/hosts				##
317
## - Modification du fichier /etc/hosts				##
318
## - Configuration du serveur de temps (NTP)			##
318
## - Configuration du serveur de temps (NTP)			##
319
## - Renseignement des fichiers hosts.allow et hosts.deny	##
319
## - Renseignement des fichiers hosts.allow et hosts.deny	##
320
##################################################################
320
##################################################################
321
network ()
321
network ()
322
{
322
{
323
	header_install
323
	header_install
324
	if [ "$mode" != "update" ]
324
	if [ "$mode" != "update" ]
325
		then
325
		then
326
		if [ $Lang == "fr" ]
326
		if [ $Lang == "fr" ]
327
			then echo "Par défaut, l'adresse IP d'ALCASAR sur le réseau de consultation est : $DEFAULT_PRIVATE_IP_MASK"
327
			then echo "Par défaut, l'adresse IP d'ALCASAR sur le réseau de consultation est : $DEFAULT_PRIVATE_IP_MASK"
328
			else echo "The default ALCASAR IP address on consultation network is : $DEFAULT_PRIVATE_IP_MASK"
328
			else echo "The default ALCASAR IP address on consultation network is : $DEFAULT_PRIVATE_IP_MASK"
329
		fi
329
		fi
330
		response=0
330
		response=0
331
		PTN='^[oOyYnN]$'
331
		PTN='^[oOyYnN]$'
332
		until [[ $(expr $response : $PTN) -gt 0 ]]
332
		until [[ $(expr $response : $PTN) -gt 0 ]]
333
		do
333
		do
334
			if [ $Lang == "fr" ]
334
			if [ $Lang == "fr" ]
335
				then echo -n "Voulez-vous utiliser cette adresse et ce plan d'adressage (recommandé) (O/n)? : "
335
				then echo -n "Voulez-vous utiliser cette adresse et ce plan d'adressage (recommandé) (O/n)? : "
336
				else echo -n "Do you want to use this IP address and this IP addressing plan (recommanded) (Y/n)? : "
336
				else echo -n "Do you want to use this IP address and this IP addressing plan (recommanded) (Y/n)? : "
337
			fi
337
			fi
338
			read response
338
			read response
339
		done
339
		done
340
		if [ "$response" = "n" ] || [ "$response" = "N" ]
340
		if [ "$response" = "n" ] || [ "$response" = "N" ]
341
		then
341
		then
342
			PRIVATE_IP_MASK="0"
342
			PRIVATE_IP_MASK="0"
343
			PTN='^\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\)/[012]\?[[:digit:]]$'
343
			PTN='^\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\)/[012]\?[[:digit:]]$'
344
			until [[ $(expr $PRIVATE_IP_MASK : $PTN) -gt 0 ]]
344
			until [[ $(expr $PRIVATE_IP_MASK : $PTN) -gt 0 ]]
345
			do
345
			do
346
				if [ $Lang == "fr" ]
346
				if [ $Lang == "fr" ]
347
					then echo -n "Entrez l'adresse IP d'ALCASAR au format CIDR (a.b.c.d/xx) : "
347
					then echo -n "Entrez l'adresse IP d'ALCASAR au format CIDR (a.b.c.d/xx) : "
348
					else echo -n "Enter ALCASAR IP address in CIDR format (a.b.c.d/xx) : "
348
					else echo -n "Enter ALCASAR IP address in CIDR format (a.b.c.d/xx) : "
349
				fi
349
				fi
350
				read PRIVATE_IP_MASK
350
				read PRIVATE_IP_MASK
351
			done
351
			done
352
		else
352
		else
353
       			PRIVATE_IP_MASK=$DEFAULT_PRIVATE_IP_MASK
353
       			PRIVATE_IP_MASK=$DEFAULT_PRIVATE_IP_MASK
354
		fi
354
		fi
355
	else
355
	else
356
		PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf|cut -d"=" -f2` 
356
		PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf|cut -d"=" -f2` 
357
		rm -rf conf/etc/alcasar.conf
357
		rm -rf conf/etc/alcasar.conf
358
	fi
358
	fi
359
# Define LAN side global parameters
359
# Define LAN side global parameters
360
	hostname $HOSTNAME
360
	hostname $HOSTNAME
361
	echo $HOSTNAME > /etc/hostname
361
	echo $HOSTNAME > /etc/hostname
362
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)
362
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)
363
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)
363
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)
364
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`						# ALCASAR private ip address (consultation LAN side)
364
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`						# ALCASAR private ip address (consultation LAN side)
365
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`					# network prefix (ie. 24)
365
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`					# network prefix (ie. 24)
366
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX						# ie.: 192.168.182.0/24
366
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX						# ie.: 192.168.182.0/24
367
	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2`	# ie.: 2=classe B, 3=classe C
367
	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2`	# ie.: 2=classe B, 3=classe C
368
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.				# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
368
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.				# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
369
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`			# private network broadcast (ie.: 192.168.182.255)
369
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`			# private network broadcast (ie.: 192.168.182.255)
370
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`			# last octet of LAN address
370
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`			# last octet of LAN address
371
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`			# last octet of LAN broadcast
371
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`			# last octet of LAN broadcast
372
	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`		# First network address (ex.: 192.168.182.1)
372
	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`		# First network address (ex.: 192.168.182.1)
373
	PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2`	# second network address (ex.: 192.168.182.2)
373
	PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2`	# second network address (ex.: 192.168.182.2)
374
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
374
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
375
	PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6`				# MAC address of INTIF (eth1)
375
	PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6`				# MAC address of INTIF (eth1)
376
# Define Internet parameters
376
# Define Internet parameters
377
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
377
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
378
	DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 1er DNS
378
	DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 1er DNS
379
	DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 2ème DNS
379
	DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 2ème DNS
380
	DNS1=${DNS1:=208.67.220.220}
380
	DNS1=${DNS1:=208.67.220.220}
381
	DNS2=${DNS2:=208.67.222.222}
381
	DNS2=${DNS2:=208.67.222.222}
382
	PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
382
	PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
383
	DEFAULT_PUBLIC_NETMASK=`ipcalc -m $PUBLIC_IP | cut -d"=" -f2`
383
	DEFAULT_PUBLIC_NETMASK=`ipcalc -m $PUBLIC_IP | cut -d"=" -f2`
384
	PUBLIC_NETMASK=${PUBLIC_NETMASK:=$DEFAULT_PUBLIC_NETMASK}
384
	PUBLIC_NETMASK=${PUBLIC_NETMASK:=$DEFAULT_PUBLIC_NETMASK}
385
	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
385
	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
386
	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
386
	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
387
	echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
387
	echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
388
	echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
388
	echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
389
	echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE 
389
	echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE 
390
	echo "DNS1=$DNS1" >> $CONF_FILE
390
	echo "DNS1=$DNS1" >> $CONF_FILE
391
	echo "DNS2=$DNS2" >> $CONF_FILE
391
	echo "DNS2=$DNS2" >> $CONF_FILE
392
	echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
392
	echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
393
	echo "DHCP=full" >> $CONF_FILE
393
	echo "DHCP=full" >> $CONF_FILE
394
	echo "EXT_DHCP_IP=none" >> $CONF_FILE
394
	echo "EXT_DHCP_IP=none" >> $CONF_FILE
395
	echo "RELAY_DHCP_IP=none" >> $CONF_FILE
395
	echo "RELAY_DHCP_IP=none" >> $CONF_FILE
396
	echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
396
	echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
397
	[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
397
	[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
398
# config network
398
# config network
399
	cat <<EOF > /etc/sysconfig/network
399
	cat <<EOF > /etc/sysconfig/network
400
NETWORKING=yes
400
NETWORKING=yes
401
HOSTNAME="$HOSTNAME"
401
HOSTNAME="$HOSTNAME"
402
FORWARD_IPV4=true
402
FORWARD_IPV4=true
403
EOF
403
EOF
404
# config /etc/hosts
404
# config /etc/hosts
405
	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
405
	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
406
	cat <<EOF > /etc/hosts
406
	cat <<EOF > /etc/hosts
407
127.0.0.1	localhost
407
127.0.0.1	localhost
408
$PRIVATE_IP	$HOSTNAME $HOSTNAME.$DOMAIN
408
$PRIVATE_IP	$HOSTNAME $HOSTNAME.$DOMAIN
409
EOF
409
EOF
410
# Config eth0 (Internet)
410
# Config eth0 (Internet)
411
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
411
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
412
DEVICE=$EXTIF
412
DEVICE=$EXTIF
413
BOOTPROTO=static
413
BOOTPROTO=static
414
IPADDR=$PUBLIC_IP
414
IPADDR=$PUBLIC_IP
415
NETMASK=$PUBLIC_NETMASK
415
NETMASK=$PUBLIC_NETMASK
416
GATEWAY=$PUBLIC_GATEWAY
416
GATEWAY=$PUBLIC_GATEWAY
417
DNS1=127.0.0.1
417
DNS1=127.0.0.1
418
ONBOOT=yes
418
ONBOOT=yes
419
METRIC=10
419
METRIC=10
420
NOZEROCONF=yes
420
NOZEROCONF=yes
421
MII_NOT_SUPPORTED=yes
421
MII_NOT_SUPPORTED=yes
422
IPV6INIT=no
422
IPV6INIT=no
423
IPV6TO4INIT=no
423
IPV6TO4INIT=no
424
ACCOUNTING=no
424
ACCOUNTING=no
425
USERCTL=no
425
USERCTL=no
426
MTU=$MTU
426
MTU=$MTU
427
EOF
427
EOF
428
# Config eth1 (consultation LAN) in normal mode
428
# Config eth1 (consultation LAN) in normal mode
429
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
429
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
430
DEVICE=$INTIF
430
DEVICE=$INTIF
431
BOOTPROTO=static
431
BOOTPROTO=static
432
ONBOOT=yes
432
ONBOOT=yes
433
NOZEROCONF=yes
433
NOZEROCONF=yes
434
MII_NOT_SUPPORTED=yes
434
MII_NOT_SUPPORTED=yes
435
IPV6INIT=no
435
IPV6INIT=no
436
IPV6TO4INIT=no
436
IPV6TO4INIT=no
437
ACCOUNTING=no
437
ACCOUNTING=no
438
USERCTL=no
438
USERCTL=no
439
ETHTOOL_OPTS=$ETHTOOL_OPTS
439
ETHTOOL_OPTS=$ETHTOOL_OPTS
440
EOF
440
EOF
441
# Config of eth1 in bypass mode (see "alcasar-bypass.sh")
441
# Config of eth1 in bypass mode (see "alcasar-bypass.sh")
442
	cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
442
	cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
443
DEVICE=$INTIF
443
DEVICE=$INTIF
444
BOOTPROTO=static
444
BOOTPROTO=static
445
IPADDR=$PRIVATE_IP
445
IPADDR=$PRIVATE_IP
446
NETMASK=$PRIVATE_NETMASK
446
NETMASK=$PRIVATE_NETMASK
447
ONBOOT=yes
447
ONBOOT=yes
448
METRIC=10
448
METRIC=10
449
NOZEROCONF=yes
449
NOZEROCONF=yes
450
MII_NOT_SUPPORTED=yes
450
MII_NOT_SUPPORTED=yes
451
IPV6INIT=no
451
IPV6INIT=no
452
IPV6TO4INIT=no
452
IPV6TO4INIT=no
453
ACCOUNTING=no
453
ACCOUNTING=no
454
USERCTL=no
454
USERCTL=no
455
EOF
455
EOF
456
# Mise à l'heure du serveur
456
# Mise à l'heure du serveur
457
	[ -e /etc/ntp/step-tickers.default ] || cp /etc/ntp/step-tickers /etc/ntp/step-tickers.default
457
	[ -e /etc/ntp/step-tickers.default ] || cp /etc/ntp/step-tickers /etc/ntp/step-tickers.default
458
	cat <<EOF > /etc/ntp/step-tickers
458
	cat <<EOF > /etc/ntp/step-tickers
459
0.fr.pool.ntp.org	# adapt to your country
459
0.fr.pool.ntp.org	# adapt to your country
460
1.fr.pool.ntp.org
460
1.fr.pool.ntp.org
461
2.fr.pool.ntp.org
461
2.fr.pool.ntp.org
462
EOF
462
EOF
463
# Configuration du serveur de temps (sur lui même)
463
# Configuration du serveur de temps (sur lui même)
464
	[ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default
464
	[ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default
465
	cat <<EOF > /etc/ntp.conf
465
	cat <<EOF > /etc/ntp.conf
466
server 0.fr.pool.ntp.org	# adapt to your country
466
server 0.fr.pool.ntp.org	# adapt to your country
467
server 1.fr.pool.ntp.org
467
server 1.fr.pool.ntp.org
468
server 2.fr.pool.ntp.org
468
server 2.fr.pool.ntp.org
469
server 127.127.1.0   		# local clock si NTP internet indisponible ...
469
server 127.127.1.0   		# local clock si NTP internet indisponible ...
470
fudge 127.127.1.0 stratum 10
470
fudge 127.127.1.0 stratum 10
471
restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap
471
restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap
472
restrict 127.0.0.1
472
restrict 127.0.0.1
473
driftfile /var/lib/ntp/drift
473
driftfile /var/lib/ntp/drift
474
logfile /var/log/ntp.log
474
logfile /var/log/ntp.log
475
EOF
475
EOF
476
 
476
 
477
	chown -R ntp:ntp /var/lib/ntp
477
	chown -R ntp:ntp /var/lib/ntp
478
# Renseignement des fichiers hosts.allow et hosts.deny
478
# Renseignement des fichiers hosts.allow et hosts.deny
479
	[ -e /etc/hosts.allow.default ]  || cp /etc/hosts.allow /etc/hosts.allow.default
479
	[ -e /etc/hosts.allow.default ]  || cp /etc/hosts.allow /etc/hosts.allow.default
480
	cat <<EOF > /etc/hosts.allow
480
	cat <<EOF > /etc/hosts.allow
481
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
481
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
482
sshd: ALL
482
sshd: ALL
483
ntpd: $PRIVATE_NETWORK_SHORT
483
ntpd: $PRIVATE_NETWORK_SHORT
484
EOF
484
EOF
485
	[ -e /etc/host.deny.default ]  || cp /etc/hosts.deny /etc/hosts.deny.default
485
	[ -e /etc/host.deny.default ]  || cp /etc/hosts.deny /etc/hosts.deny.default
486
	cat <<EOF > /etc/hosts.deny
486
	cat <<EOF > /etc/hosts.deny
487
ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" | /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &
487
ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" | /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &
488
EOF
488
EOF
489
# Firewall config
489
# Firewall config
490
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
490
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
491
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
491
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
492
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
492
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
493
# create the filter exception file and ip_bloqued file
493
# create the filter exception file and ip_bloqued file
494
	touch $DIR_DEST_ETC/alcasar-filter-exceptions
494
	touch $DIR_DEST_ETC/alcasar-filter-exceptions
495
# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)
495
# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)
496
	echo "#$PUBLIC_NETWORK/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked
496
	echo "#$PUBLIC_NETWORK/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked
497
# load conntrack ftp module
497
# load conntrack ftp module
498
	[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
498
	[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
499
	echo "ip_conntrack_ftp" >>  /etc/modprobe.preload
499
	echo "ip_conntrack_ftp" >>  /etc/modprobe.preload
-
 
500
# load ipt_NETFLOW module
-
 
501
	echo "ipt_NETFLOW" >>  /etc/modprobe.preload
500
# 
502
# 
501
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
503
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
502
} # End of network ()
504
} # End of network ()
503
 
505
 
504
##################################################################
506
##################################################################
505
##			Fonction gestion			##
507
##			Fonction gestion			##
506
## - installation du centre de gestion				##
508
## - installation du centre de gestion				##
507
## - configuration du serveur web (Apache)			##
509
## - configuration du serveur web (Apache)			##
508
## - définition du 1er comptes de gestion 			##
510
## - définition du 1er comptes de gestion 			##
509
## - sécurisation des accès					##
511
## - sécurisation des accès					##
510
##################################################################
512
##################################################################
511
gestion()
513
gestion()
512
{
514
{
513
	[ -d $DIR_WEB ] && rm -rf $DIR_WEB
515
	[ -d $DIR_WEB ] && rm -rf $DIR_WEB
514
	mkdir $DIR_WEB
516
	mkdir $DIR_WEB
515
# Copie et configuration des fichiers du centre de gestion
517
# Copie et configuration des fichiers du centre de gestion
516
	cp -rf $DIR_INSTALL/web/* $DIR_WEB/
518
	cp -rf $DIR_INSTALL/web/* $DIR_WEB/
517
	echo "$VERSION" > $DIR_WEB/VERSION
519
	echo "$VERSION" > $DIR_WEB/VERSION
518
	$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php
520
	$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php
519
	$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
521
	$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
520
	$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
522
	$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
521
	$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
523
	$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
522
	$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php
524
	$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php
523
	chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
525
	chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
524
	chown -R apache:apache $DIR_WEB/*
526
	chown -R apache:apache $DIR_WEB/*
525
	for i in system_backup base logs/firewall logs/httpd logs/squid logs/security;
527
	for i in system_backup base logs/firewall logs/httpd logs/squid logs/security;
526
	do
528
	do
527
		[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
529
		[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
528
	done
530
	done
529
	chown -R root:apache $DIR_SAVE
531
	chown -R root:apache $DIR_SAVE
530
# Configuration et sécurisation php
532
# Configuration et sécurisation php
531
	[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default
533
	[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default
532
	timezone=`cat /etc/sysconfig/clock|grep ZONE|cut -d"=" -f2`
534
	timezone=`cat /etc/sysconfig/clock|grep ZONE|cut -d"=" -f2`
533
	$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.ini
535
	$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.ini
534
	$SED "s?^upload_max_filesize.*?upload_max_filesize = 100M?g" /etc/php.ini
536
	$SED "s?^upload_max_filesize.*?upload_max_filesize = 100M?g" /etc/php.ini
535
	$SED "s?^post_max_size.*?post_max_size = 100M?g" /etc/php.ini
537
	$SED "s?^post_max_size.*?post_max_size = 100M?g" /etc/php.ini
536
	$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini
538
	$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini
537
	$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini
539
	$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini
538
# Configuration et sécurisation Apache
540
# Configuration et sécurisation Apache
539
	rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*
541
	rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*
540
	[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
542
	[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
541
	$SED "s?^#ServerName.*?ServerName $HOSTNAME?g" /etc/httpd/conf/httpd.conf
543
	$SED "s?^#ServerName.*?ServerName $HOSTNAME?g" /etc/httpd/conf/httpd.conf
542
	$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
544
	$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
543
	$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
545
	$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
544
	$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
546
	$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
545
	$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf
547
	$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf
546
	$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/httpd.conf
548
	$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/httpd.conf
547
	$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
549
	$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
548
	$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
550
	$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
549
	$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
551
	$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
550
	$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
552
	$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
551
	$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
553
	$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
552
	$SED "s?LoadModule speling_module.*?LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/httpd.conf
554
	$SED "s?LoadModule speling_module.*?LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/httpd.conf
553
	FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
555
	FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
554
	$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF
556
	$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF
555
	$SED "s?background-color.*?background-color: #EFEFEF; }?g" /var/www/error/include/top.html
557
	$SED "s?background-color.*?background-color: #EFEFEF; }?g" /var/www/error/include/top.html
556
	[ -e /var/www/error/include/bottom.html.default ] || mv /var/www/error/include/bottom.html /var/www/error/include/bottom.html.default
558
	[ -e /var/www/error/include/bottom.html.default ] || mv /var/www/error/include/bottom.html /var/www/error/include/bottom.html.default
557
	cat <<EOF > /var/www/error/include/bottom.html
559
	cat <<EOF > /var/www/error/include/bottom.html
558
</body>
560
</body>
559
</html>
561
</html>
560
EOF
562
EOF
561
# Définition du premier compte lié au profil 'admin'
563
# Définition du premier compte lié au profil 'admin'
562
	header_install
564
	header_install
563
	if [ "$mode" = "install" ]
565
	if [ "$mode" = "install" ]
564
	then
566
	then
565
		admin_portal=!
567
		admin_portal=!
566
		PTN='^[a-zA-Z0-9-]*$'
568
		PTN='^[a-zA-Z0-9-]*$'
567
		until [[ $(expr $admin_portal : $PTN) -gt 0 ]]
569
		until [[ $(expr $admin_portal : $PTN) -gt 0 ]]
568
                	do
570
                	do
569
			header_install
571
			header_install
570
			if [ $Lang == "fr" ]
572
			if [ $Lang == "fr" ]
571
			then 
573
			then 
572
				echo ""
574
				echo ""
573
				echo "Définissez un premier compte d'administration du portail :"
575
				echo "Définissez un premier compte d'administration du portail :"
574
				echo
576
				echo
575
				echo -n "Nom : "
577
				echo -n "Nom : "
576
			else
578
			else
577
				echo ""
579
				echo ""
578
				echo "Define the first account allow to administrate the portal :"
580
				echo "Define the first account allow to administrate the portal :"
579
				echo
581
				echo
580
				echo -n "Account : "
582
				echo -n "Account : "
581
			fi
583
			fi
582
			read admin_portal
584
			read admin_portal
583
			if [ "$admin_portal" == "" ]
585
			if [ "$admin_portal" == "" ]
584
				then
586
				then
585
				admin_portal=!
587
				admin_portal=!
586
			fi
588
			fi
587
			done
589
			done
588
# Création du fichier de clés de ce compte dans le profil "admin"
590
# Création du fichier de clés de ce compte dans le profil "admin"
589
		[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
591
		[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
590
		mkdir -p $DIR_DEST_ETC/digest
592
		mkdir -p $DIR_DEST_ETC/digest
591
		chmod 755 $DIR_DEST_ETC/digest
593
		chmod 755 $DIR_DEST_ETC/digest
592
		until [ -s $DIR_DEST_ETC/digest/key_admin ]
594
		until [ -s $DIR_DEST_ETC/digest/key_admin ]
593
			do
595
			do
594
				/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME $admin_portal
596
				/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME $admin_portal
595
			done
597
			done
596
		$DIR_DEST_SBIN/alcasar-profil.sh --list
598
		$DIR_DEST_SBIN/alcasar-profil.sh --list
597
	else   # mise à jour des versions < 2.1
599
	else   # mise à jour des versions < 2.1
598
		if [ $MAJ_PREVIOUS_VERSION -lt 2 ] || ([ $MAJ_PREVIOUS_VERSION -eq 2 ] && [ $MIN_PREVIOUS_VERSION -lt 1 ])
600
		if [ $MAJ_PREVIOUS_VERSION -lt 2 ] || ([ $MAJ_PREVIOUS_VERSION -eq 2 ] && [ $MIN_PREVIOUS_VERSION -lt 1 ])
599
			then
601
			then
600
			if [ $Lang == "fr" ]
602
			if [ $Lang == "fr" ]
601
			then 
603
			then 
602
				echo "Cette mise à jour nécessite de redéfinir le premier compte d'administration du portail"
604
				echo "Cette mise à jour nécessite de redéfinir le premier compte d'administration du portail"
603
				echo
605
				echo
604
				echo -n "Nom : "
606
				echo -n "Nom : "
605
			else
607
			else
606
				echo "This update need to redefine the first admin account"
608
				echo "This update need to redefine the first admin account"
607
				echo
609
				echo
608
				echo -n "Account : "
610
				echo -n "Account : "
609
			fi
611
			fi
610
			read admin_portal
612
			read admin_portal
611
			[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
613
			[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
612
			mkdir -p $DIR_DEST_ETC/digest
614
			mkdir -p $DIR_DEST_ETC/digest
613
			chmod 755 $DIR_DEST_ETC/digest
615
			chmod 755 $DIR_DEST_ETC/digest
614
			until [ -s $DIR_DEST_ETC/digest/key_admin ]
616
			until [ -s $DIR_DEST_ETC/digest/key_admin ]
615
			do
617
			do
616
				/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME $admin_portal
618
				/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME $admin_portal
617
			done
619
			done
618
			$DIR_DEST_SBIN/alcasar-profil.sh --list
620
			$DIR_DEST_SBIN/alcasar-profil.sh --list
619
		fi
621
		fi
620
	fi
622
	fi
621
# synchronisation horaire
623
# synchronisation horaire
622
	ntpd -q -g &
624
	ntpd -q -g &
623
# Sécurisation du centre
625
# Sécurisation du centre
624
	rm -f /etc/httpd/conf/webapps.d/alcasar*
626
	rm -f /etc/httpd/conf/webapps.d/alcasar*
625
	cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
627
	cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
626
<Directory $DIR_ACC>
628
<Directory $DIR_ACC>
627
	SSLRequireSSL
629
	SSLRequireSSL
628
	AllowOverride None
630
	AllowOverride None
629
	Order deny,allow
631
	Order deny,allow
630
	Deny from all
632
	Deny from all
631
	Allow from 127.0.0.1
633
	Allow from 127.0.0.1
632
	Allow from $PRIVATE_NETWORK_MASK
634
	Allow from $PRIVATE_NETWORK_MASK
633
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
635
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
634
	require valid-user
636
	require valid-user
635
	AuthType digest
637
	AuthType digest
636
	AuthName $HOSTNAME
638
	AuthName $HOSTNAME
637
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
639
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
638
	AuthUserFile $DIR_DEST_ETC/digest/key_all
640
	AuthUserFile $DIR_DEST_ETC/digest/key_all
639
	ErrorDocument 404 https://$HOSTNAME/
641
	ErrorDocument 404 https://$HOSTNAME/
640
</Directory>
642
</Directory>
641
<Directory $DIR_ACC/admin>
643
<Directory $DIR_ACC/admin>
642
	SSLRequireSSL
644
	SSLRequireSSL
643
	AllowOverride None
645
	AllowOverride None
644
	Order deny,allow
646
	Order deny,allow
645
	Deny from all
647
	Deny from all
646
	Allow from 127.0.0.1
648
	Allow from 127.0.0.1
647
	Allow from $PRIVATE_NETWORK_MASK
649
	Allow from $PRIVATE_NETWORK_MASK
648
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
650
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
649
	require valid-user
651
	require valid-user
650
	AuthType digest
652
	AuthType digest
651
	AuthName $HOSTNAME
653
	AuthName $HOSTNAME
652
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
654
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
653
	AuthUserFile $DIR_DEST_ETC/digest/key_admin
655
	AuthUserFile $DIR_DEST_ETC/digest/key_admin
654
	ErrorDocument 404 https://$HOSTNAME/
656
	ErrorDocument 404 https://$HOSTNAME/
655
</Directory>
657
</Directory>
656
<Directory $DIR_ACC/manager>
658
<Directory $DIR_ACC/manager>
657
	SSLRequireSSL
659
	SSLRequireSSL
658
	AllowOverride None
660
	AllowOverride None
659
	Order deny,allow
661
	Order deny,allow
660
	Deny from all
662
	Deny from all
661
	Allow from 127.0.0.1
663
	Allow from 127.0.0.1
662
	Allow from $PRIVATE_NETWORK_MASK
664
	Allow from $PRIVATE_NETWORK_MASK
663
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
665
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
664
	require valid-user
666
	require valid-user
665
	AuthType digest
667
	AuthType digest
666
	AuthName $HOSTNAME
668
	AuthName $HOSTNAME
667
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
669
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
668
	AuthUserFile $DIR_DEST_ETC/digest/key_manager
670
	AuthUserFile $DIR_DEST_ETC/digest/key_manager
669
	ErrorDocument 404 https://$HOSTNAME/
671
	ErrorDocument 404 https://$HOSTNAME/
670
</Directory>
672
</Directory>
671
<Directory $DIR_ACC/backup>
673
<Directory $DIR_ACC/backup>
672
	SSLRequireSSL
674
	SSLRequireSSL
673
	AllowOverride None
675
	AllowOverride None
674
	Order deny,allow
676
	Order deny,allow
675
	Deny from all
677
	Deny from all
676
	Allow from 127.0.0.1
678
	Allow from 127.0.0.1
677
	Allow from $PRIVATE_NETWORK_MASK
679
	Allow from $PRIVATE_NETWORK_MASK
678
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
680
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
679
	require valid-user
681
	require valid-user
680
	AuthType digest
682
	AuthType digest
681
	AuthName $HOSTNAME
683
	AuthName $HOSTNAME
682
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
684
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
683
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
685
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
684
	ErrorDocument 404 https://$HOSTNAME/
686
	ErrorDocument 404 https://$HOSTNAME/
685
</Directory>
687
</Directory>
686
Alias /save/ "$DIR_SAVE/"
688
Alias /save/ "$DIR_SAVE/"
687
<Directory $DIR_SAVE>
689
<Directory $DIR_SAVE>
688
	SSLRequireSSL
690
	SSLRequireSSL
689
	Options Indexes
691
	Options Indexes
690
	Order deny,allow
692
	Order deny,allow
691
	Deny from all
693
	Deny from all
692
	Allow from 127.0.0.1
694
	Allow from 127.0.0.1
693
	Allow from $PRIVATE_NETWORK_MASK
695
	Allow from $PRIVATE_NETWORK_MASK
694
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
696
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
695
	require valid-user
697
	require valid-user
696
	AuthType digest
698
	AuthType digest
697
	AuthName $HOSTNAME
699
	AuthName $HOSTNAME
698
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
700
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
699
	ErrorDocument 404 https://$HOSTNAME/
701
	ErrorDocument 404 https://$HOSTNAME/
700
</Directory>
702
</Directory>
701
EOF
703
EOF
702
} # End of gestion ()
704
} # End of gestion ()
703
 
705
 
704
##########################################################################################
706
##########################################################################################
705
##				Fonction AC()						##
707
##				Fonction AC()						##
706
## - Création d'une Autorité de Certification et du certificat serveur pour apache 	##
708
## - Création d'une Autorité de Certification et du certificat serveur pour apache 	##
707
##########################################################################################
709
##########################################################################################
708
AC ()
710
AC ()
709
{
711
{
710
	$SED "s?ifcfg-eth.?ifcfg-$INTIF?g" $DIR_DEST_BIN/alcasar-CA.sh
712
	$SED "s?ifcfg-eth.?ifcfg-$INTIF?g" $DIR_DEST_BIN/alcasar-CA.sh
711
	$DIR_DEST_BIN/alcasar-CA.sh
713
	$DIR_DEST_BIN/alcasar-CA.sh
712
	FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf`
714
	FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf`
713
	[ -e /etc/httpd/conf/vhosts-ssl.default ]  || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
715
	[ -e /etc/httpd/conf/vhosts-ssl.default ]  || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
714
	$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
716
	$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
715
	$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL
717
	$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL
716
	$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?" $FIC_VIRTUAL_SSL
718
	$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?" $FIC_VIRTUAL_SSL
717
	chown -R root:apache /etc/pki
719
	chown -R root:apache /etc/pki
718
	chmod -R 750 /etc/pki
720
	chmod -R 750 /etc/pki
719
} # End AC ()
721
} # End AC ()
720
 
722
 
721
##########################################################################################
723
##########################################################################################
722
##			Fonction init_db()						##
724
##			Fonction init_db()						##
723
## - Initialisation de la base Mysql							##
725
## - Initialisation de la base Mysql							##
724
## - Affectation du mot de passe de l'administrateur (root)				##
726
## - Affectation du mot de passe de l'administrateur (root)				##
725
## - Suppression des bases et des utilisateurs superflus				##
727
## - Suppression des bases et des utilisateurs superflus				##
726
## - Création de la base 'radius'							##
728
## - Création de la base 'radius'							##
727
## - Installation du schéma de cette base						##
729
## - Installation du schéma de cette base						##
728
## - Import des tables de comptabilité (mtotacct, totacct) et info_usagers (userinfo)	##
730
## - Import des tables de comptabilité (mtotacct, totacct) et info_usagers (userinfo)	##
729
##       ces table proviennent de 'dialupadmin' (paquetage freeradius-web)		##
731
##       ces table proviennent de 'dialupadmin' (paquetage freeradius-web)		##
730
##########################################################################################
732
##########################################################################################
731
init_db ()
733
init_db ()
732
{
734
{
733
	mkdir -p /var/lib/mysql/.tmp
735
	mkdir -p /var/lib/mysql/.tmp
734
	chown -R mysql:mysql /var/lib/mysql/
736
	chown -R mysql:mysql /var/lib/mysql/
735
	[ -e /etc/my.cnf.rpmnew ] && mv /etc/my.cnf.rpmnew /etc/my.cnf		# prend en compte les migrations de MySQL
737
	[ -e /etc/my.cnf.rpmnew ] && mv /etc/my.cnf.rpmnew /etc/my.cnf		# prend en compte les migrations de MySQL
736
	[ -e /etc/my.cnf.default ] || cp /etc/my.cnf /etc/my.cnf.default
738
	[ -e /etc/my.cnf.default ] || cp /etc/my.cnf /etc/my.cnf.default
737
	$SED "s?^#bind-address.*?bind-address=127.0.0.1?g" /etc/my.cnf
739
	$SED "s?^#bind-address.*?bind-address=127.0.0.1?g" /etc/my.cnf
738
	/etc/init.d/mysqld start
740
	/etc/init.d/mysqld start
739
	sleep 4
741
	sleep 4
740
	mysqladmin -u root password $mysqlpwd
742
	mysqladmin -u root password $mysqlpwd
741
	MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
743
	MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
742
# Delete exemple databases if exist
744
# Delete exemple databases if exist
743
	$MYSQL="DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;CONNECT mysql;DELETE from user where user='';FLUSH PRIVILEGES;" 
745
	$MYSQL="DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;CONNECT mysql;DELETE from user where user='';FLUSH PRIVILEGES;" 
744
# Create 'radius' database
746
# Create 'radius' database
745
	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES"
747
	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES"
746
# Add an empty radius database structure
748
# Add an empty radius database structure
747
	mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/radiusd-db-vierge.sql
749
	mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/radiusd-db-vierge.sql
748
# modify the start script in order to close accounting connexion when the system is comming down or up
750
# modify the start script in order to close accounting connexion when the system is comming down or up
749
	[ -e /etc/init.d/mysqld.default ] || cp /etc/init.d/mysqld /etc/init.d/mysqld.default
751
	[ -e /etc/init.d/mysqld.default ] || cp /etc/init.d/mysqld /etc/init.d/mysqld.default
750
	$SED "/wait_for_pid created/a echo \"Flush ALCASAR open accounting sessions\"; /usr/local/sbin/alcasar-mysql.sh -acct_stop" /etc/init.d/mysqld
752
	$SED "/wait_for_pid created/a echo \"Flush ALCASAR open accounting sessions\"; /usr/local/sbin/alcasar-mysql.sh -acct_stop" /etc/init.d/mysqld
751
	$SED "/'stop')/a echo \"Flush ALCASAR open accounting sessions\"; /usr/local/sbin/alcasar-mysql.sh -acct_stop" /etc/init.d/mysqld
753
	$SED "/'stop')/a echo \"Flush ALCASAR open accounting sessions\"; /usr/local/sbin/alcasar-mysql.sh -acct_stop" /etc/init.d/mysqld
752
} # End init_db ()
754
} # End init_db ()
753
 
755
 
754
##########################################################################
756
##########################################################################
755
##			Fonction param_radius				##
757
##			Fonction param_radius				##
756
## - Paramètrage des fichiers de configuration FreeRadius		##
758
## - Paramètrage des fichiers de configuration FreeRadius		##
757
## - Affectation du secret partagé entre coova-chilli et freeradius	##
759
## - Affectation du secret partagé entre coova-chilli et freeradius	##
758
## - Modification de fichier de conf pour l'accès à Mysql		##
760
## - Modification de fichier de conf pour l'accès à Mysql		##
759
##########################################################################
761
##########################################################################
760
param_radius ()
762
param_radius ()
761
{
763
{
762
	cp -f $DIR_CONF/radiusd-db-vierge.sql /etc/raddb/
764
	cp -f $DIR_CONF/radiusd-db-vierge.sql /etc/raddb/
763
	chown -R radius:radius /etc/raddb
765
	chown -R radius:radius /etc/raddb
764
	[ -e /etc/raddb/radiusd.conf.default ] || cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
766
	[ -e /etc/raddb/radiusd.conf.default ] || cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
765
# paramètrage radius.conf
767
# paramètrage radius.conf
766
	$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
768
	$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
767
	$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
769
	$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
768
	$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
770
	$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
769
# suppression de la fonction proxy
771
# suppression de la fonction proxy
770
	$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf
772
	$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf
771
	$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf
773
	$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf
772
# suppression du module EAP
774
# suppression du module EAP
773
	$SED "s?^[\t ]*\$INCLUDE eap.conf.*?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf
775
	$SED "s?^[\t ]*\$INCLUDE eap.conf.*?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf
774
# écoute sur loopback uniquement (à modifier plus tard pour l'EAP)
776
# écoute sur loopback uniquement (à modifier plus tard pour l'EAP)
775
	$SED "s?^[\t ]*ipaddr =.*?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf
777
	$SED "s?^[\t ]*ipaddr =.*?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf
776
# prise en compte du module SQL et des compteurs SQL
778
# prise en compte du module SQL et des compteurs SQL
777
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql.conf.*?\$INCLUDE sql.conf?g" /etc/raddb/radiusd.conf
779
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql.conf.*?\$INCLUDE sql.conf?g" /etc/raddb/radiusd.conf
778
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
780
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
779
	$SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
781
	$SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
780
# purge du répertoire des serveurs virtuels et copie du fichier de configuration d'Alcasar
782
# purge du répertoire des serveurs virtuels et copie du fichier de configuration d'Alcasar
781
	rm -f /etc/raddb/sites-enabled/*
783
	rm -f /etc/raddb/sites-enabled/*
782
       	cp $DIR_CONF/alcasar-radius /etc/raddb/sites-available/alcasar
784
       	cp $DIR_CONF/alcasar-radius /etc/raddb/sites-available/alcasar
783
	chown radius:apache /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap # droits rw pour apache (module ldap)
785
	chown radius:apache /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap # droits rw pour apache (module ldap)
784
	chmod 660 /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap
786
	chmod 660 /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap
785
	chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/modules
787
	chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/modules
786
	ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
788
	ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
787
# Inutile dans notre fonctionnement mais les liens sont recréés par un update de radius ... donc forcé en tant que fichier à 'vide'
789
# Inutile dans notre fonctionnement mais les liens sont recréés par un update de radius ... donc forcé en tant que fichier à 'vide'
788
	touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default}
790
	touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default}
789
# configuration du fichier client.conf (127.0.0.1 suffit mais on laisse le deuxième client pour la future gestion de l'EAP)
791
# configuration du fichier client.conf (127.0.0.1 suffit mais on laisse le deuxième client pour la future gestion de l'EAP)
790
	[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
792
	[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
791
	cat << EOF > /etc/raddb/clients.conf
793
	cat << EOF > /etc/raddb/clients.conf
792
client 127.0.0.1 {
794
client 127.0.0.1 {
793
	secret = $secretradius
795
	secret = $secretradius
794
	shortname = localhost
796
	shortname = localhost
795
}
797
}
796
EOF
798
EOF
797
# modif sql.conf
799
# modif sql.conf
798
	[ -e /etc/raddb/sql.conf.default ] || cp /etc/raddb/sql.conf /etc/raddb/sql.conf.default
800
	[ -e /etc/raddb/sql.conf.default ] || cp /etc/raddb/sql.conf /etc/raddb/sql.conf.default
799
	$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/sql.conf
801
	$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/sql.conf
800
	$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/sql.conf
802
	$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/sql.conf
801
	$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/sql.conf
803
	$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/sql.conf
802
	$SED "s?^[\t ]*sqltrace =.*?sqltrace = no?g" /etc/raddb/sql.conf
804
	$SED "s?^[\t ]*sqltrace =.*?sqltrace = no?g" /etc/raddb/sql.conf
803
# modif dialup.conf
805
# modif dialup.conf
804
	[ -e /etc/raddb/sql/mysql/dialup.conf.default ] || cp /etc/raddb/sql/mysql/dialup.conf /etc/raddb/sql/mysql/dialup.conf.default
806
	[ -e /etc/raddb/sql/mysql/dialup.conf.default ] || cp /etc/raddb/sql/mysql/dialup.conf /etc/raddb/sql/mysql/dialup.conf.default
805
	cp -f $DIR_CONF/dialup.conf /etc/raddb/sql/mysql/dialup.conf
807
	cp -f $DIR_CONF/dialup.conf /etc/raddb/sql/mysql/dialup.conf
806
# insures that mysql is up before radius start
808
# insures that mysql is up before radius start
807
	$SED "s?^# Should-Start.*?# Should-Start: \$network mysqld?" /etc/init.d/radiusd
809
	$SED "s?^# Should-Start.*?# Should-Start: \$network mysqld?" /etc/init.d/radiusd
808
	$SED "s?^# Should-Stop.*?# Should-Start: \$network mysqld?" /etc/init.d/radiusd
810
	$SED "s?^# Should-Stop.*?# Should-Start: \$network mysqld?" /etc/init.d/radiusd
809
 
811
 
810
} # End param_radius ()
812
} # End param_radius ()
811
 
813
 
812
##########################################################################
814
##########################################################################
813
##			Fonction param_web_radius			##
815
##			Fonction param_web_radius			##
814
## - Import, modification et paramètrage de l'interface "dialupadmin"	##
816
## - Import, modification et paramètrage de l'interface "dialupadmin"	##
815
## - Création du lien vers la page de changement de mot de passe        ##
817
## - Création du lien vers la page de changement de mot de passe        ##
816
##########################################################################
818
##########################################################################
817
param_web_radius ()
819
param_web_radius ()
818
{
820
{
819
# copie de l'interface d'origine dans la structure Alcasar
821
# copie de l'interface d'origine dans la structure Alcasar
820
	[ -d /usr/share/freeradius-web ] && cp -rf /usr/share/freeradius-web/* $DIR_ACC/manager/
822
	[ -d /usr/share/freeradius-web ] && cp -rf /usr/share/freeradius-web/* $DIR_ACC/manager/
821
	rm -f $DIR_ACC/manager/index.html $DIR_ACC/manager/readme 
823
	rm -f $DIR_ACC/manager/index.html $DIR_ACC/manager/readme 
822
	rm -f $DIR_ACC/manager/htdocs/about.html $DIR_ACC/manager/htdocs/index.html $DIR_ACC/manager/htdocs/content.html
824
	rm -f $DIR_ACC/manager/htdocs/about.html $DIR_ACC/manager/htdocs/index.html $DIR_ACC/manager/htdocs/content.html
823
# copie des fichiers modifiés
825
# copie des fichiers modifiés
824
	cp -rf $DIR_INSTALL/web/acc/manager/* $DIR_ACC/manager/
826
	cp -rf $DIR_INSTALL/web/acc/manager/* $DIR_ACC/manager/
825
	chown -R apache:apache $DIR_ACC/manager/
827
	chown -R apache:apache $DIR_ACC/manager/
826
# Modification des fichiers de configuration
828
# Modification des fichiers de configuration
827
	[ -e /etc/freeradius-web/admin.conf.default ] || cp /etc/freeradius-web/admin.conf /etc/freeradius-web/admin.conf.default
829
	[ -e /etc/freeradius-web/admin.conf.default ] || cp /etc/freeradius-web/admin.conf /etc/freeradius-web/admin.conf.default
828
	$SED "s?^general_domain:.*?general_domain: $DOMAIN?g" /etc/freeradius-web/admin.conf
830
	$SED "s?^general_domain:.*?general_domain: $DOMAIN?g" /etc/freeradius-web/admin.conf
829
	$SED "s?^sql_username:.*?sql_username: $DB_USER?g" /etc/freeradius-web/admin.conf
831
	$SED "s?^sql_username:.*?sql_username: $DB_USER?g" /etc/freeradius-web/admin.conf
830
	$SED "s?^sql_password:.*?sql_password: $radiuspwd?g" /etc/freeradius-web/admin.conf
832
	$SED "s?^sql_password:.*?sql_password: $radiuspwd?g" /etc/freeradius-web/admin.conf
831
	$SED "s?^sql_debug:.*?sql_debug: false?g" /etc/freeradius-web/admin.conf
833
	$SED "s?^sql_debug:.*?sql_debug: false?g" /etc/freeradius-web/admin.conf
832
	$SED "s?^sql_usergroup_table: .*?sql_usergroup_table: radusergroup?g" /etc/freeradius-web/admin.conf
834
	$SED "s?^sql_usergroup_table: .*?sql_usergroup_table: radusergroup?g" /etc/freeradius-web/admin.conf
833
	$SED "s?^sql_password_attribute:.*?sql_password_attribute: Crypt-Password?g" /etc/freeradius-web/admin.conf
835
	$SED "s?^sql_password_attribute:.*?sql_password_attribute: Crypt-Password?g" /etc/freeradius-web/admin.conf
834
	$SED "s?^general_finger_type.*?# general_finger_type: snmp?g" /etc/freeradius-web/admin.conf
836
	$SED "s?^general_finger_type.*?# general_finger_type: snmp?g" /etc/freeradius-web/admin.conf
835
	$SED "s?^general_stats_use_totacct.*?general_stats_use_totacct: yes?g" /etc/freeradius-web/admin.conf
837
	$SED "s?^general_stats_use_totacct.*?general_stats_use_totacct: yes?g" /etc/freeradius-web/admin.conf
836
	$SED "s?^general_charset.*?general_charset: utf-8?g" /etc/freeradius-web/admin.conf
838
	$SED "s?^general_charset.*?general_charset: utf-8?g" /etc/freeradius-web/admin.conf
837
	[ -e /etc/freeradius-web/config.php.default ] || cp /etc/freeradius-web/config.php /etc/freeradius-web/config.php.default
839
	[ -e /etc/freeradius-web/config.php.default ] || cp /etc/freeradius-web/config.php /etc/freeradius-web/config.php.default
838
	cp -f $DIR_CONF/freeradiusweb-config.php /etc/freeradius-web/config.php
840
	cp -f $DIR_CONF/freeradiusweb-config.php /etc/freeradius-web/config.php
839
	cat <<EOF > /etc/freeradius-web/naslist.conf
841
	cat <<EOF > /etc/freeradius-web/naslist.conf
840
nas1_name: alcasar-$ORGANISME
842
nas1_name: alcasar-$ORGANISME
841
nas1_model: Portail captif
843
nas1_model: Portail captif
842
nas1_ip: $PRIVATE_IP
844
nas1_ip: $PRIVATE_IP
843
nas1_port_num: 0
845
nas1_port_num: 0
844
nas1_community: public
846
nas1_community: public
845
EOF
847
EOF
846
# Modification des attributs visibles lors de la création d'un usager ou d'un groupe
848
# Modification des attributs visibles lors de la création d'un usager ou d'un groupe
847
	[ -e /etc/freeradius-web/user_edit.attrs.default ] || mv /etc/freeradius-web/user_edit.attrs /etc/freeradius-web/user_edit.attrs.default
849
	[ -e /etc/freeradius-web/user_edit.attrs.default ] || mv /etc/freeradius-web/user_edit.attrs /etc/freeradius-web/user_edit.attrs.default
848
	cp -f $DIR_CONF/user_edit.attrs /etc/freeradius-web/user_edit.attrs
850
	cp -f $DIR_CONF/user_edit.attrs /etc/freeradius-web/user_edit.attrs
849
# Ajout du mappage des attributs chillispot
851
# Ajout du mappage des attributs chillispot
850
	[ -e /etc/freeradius-web/sql.attrmap.default ] || mv /etc/freeradius-web/sql.attrmap /etc/freeradius-web/sql.attrmap.default
852
	[ -e /etc/freeradius-web/sql.attrmap.default ] || mv /etc/freeradius-web/sql.attrmap /etc/freeradius-web/sql.attrmap.default
851
	cp -f $DIR_CONF/sql.attrmap /etc/freeradius-web/sql.attrmap
853
	cp -f $DIR_CONF/sql.attrmap /etc/freeradius-web/sql.attrmap
852
# Modification des attributs visibles sur les pages des statistiques (suppression NAS_IP et NAS_port)
854
# Modification des attributs visibles sur les pages des statistiques (suppression NAS_IP et NAS_port)
853
	[ -e /etc/freeradius-web/sql.attrs.default ] || cp /etc/freeradius-web/sql.attrs /etc/freeradius-web/user_edit.attrs.default
855
	[ -e /etc/freeradius-web/sql.attrs.default ] || cp /etc/freeradius-web/sql.attrs /etc/freeradius-web/user_edit.attrs.default
854
	$SED "s?^NASIPAddress.*?NASIPAddress\tNas IP Address\tno?g" /etc/freeradius-web/sql.attrs
856
	$SED "s?^NASIPAddress.*?NASIPAddress\tNas IP Address\tno?g" /etc/freeradius-web/sql.attrs
855
	$SED "s?^NASPortId.*?NASPortId\tNas Port\tno?g" /etc/freeradius-web/sql.attrs
857
	$SED "s?^NASPortId.*?NASPortId\tNas Port\tno?g" /etc/freeradius-web/sql.attrs
856
	chown -R apache:apache /etc/freeradius-web
858
	chown -R apache:apache /etc/freeradius-web
857
# Ajout de l'alias vers la page de "changement de mot de passe usager"
859
# Ajout de l'alias vers la page de "changement de mot de passe usager"
858
	cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
860
	cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
859
<Directory $DIR_WEB/pass>
861
<Directory $DIR_WEB/pass>
860
	SSLRequireSSL
862
	SSLRequireSSL
861
	AllowOverride None
863
	AllowOverride None
862
	Order deny,allow
864
	Order deny,allow
863
	Deny from all
865
	Deny from all
864
	Allow from 127.0.0.1
866
	Allow from 127.0.0.1
865
	Allow from $PRIVATE_NETWORK_MASK
867
	Allow from $PRIVATE_NETWORK_MASK
866
	ErrorDocument 404 https://$HOSTNAME
868
	ErrorDocument 404 https://$HOSTNAME
867
</Directory>
869
</Directory>
868
EOF
870
EOF
869
} # End of param_web_radius ()
871
} # End of param_web_radius ()
870
 
872
 
871
##################################################################################
873
##################################################################################
872
##			Fonction param_chilli					##
874
##			Fonction param_chilli					##
873
## - Création du fichier d'initialisation et de configuration de coova-chilli	##
875
## - Création du fichier d'initialisation et de configuration de coova-chilli	##
874
## - Paramètrage de la page d'authentification (intercept.php)			##
876
## - Paramètrage de la page d'authentification (intercept.php)			##
875
##################################################################################
877
##################################################################################
876
param_chilli ()
878
param_chilli ()
877
{
879
{
878
# init file creation
880
# init file creation
879
	[ -e /etc/init.d/chilli.default ] || cp /etc/init.d/chilli /etc/init.d/chilli.default
881
	[ -e /etc/init.d/chilli.default ] || cp /etc/init.d/chilli /etc/init.d/chilli.default
880
	cat <<EOF > /etc/init.d/chilli
882
	cat <<EOF > /etc/init.d/chilli
881
#!/bin/sh
883
#!/bin/sh
882
#
884
#
883
# chilli CoovaChilli init
885
# chilli CoovaChilli init
884
#
886
#
885
# chkconfig: 2345 65 35
887
# chkconfig: 2345 65 35
886
# description: CoovaChilli
888
# description: CoovaChilli
887
### BEGIN INIT INFO
889
### BEGIN INIT INFO
888
# Provides:       chilli
890
# Provides:       chilli
889
# Required-Start: network 
891
# Required-Start: network 
890
# Should-Start: 
892
# Should-Start: 
891
# Required-Stop:  network
893
# Required-Stop:  network
892
# Should-Stop: 
894
# Should-Stop: 
893
# Default-Start:  2 3 5
895
# Default-Start:  2 3 5
894
# Default-Stop:
896
# Default-Stop:
895
# Description:    CoovaChilli access controller
897
# Description:    CoovaChilli access controller
896
### END INIT INFO
898
### END INIT INFO
897
 
899
 
898
[ -f /usr/sbin/chilli ] || exit 0
900
[ -f /usr/sbin/chilli ] || exit 0
899
. /etc/init.d/functions
901
. /etc/init.d/functions
900
CONFIG=/etc/chilli.conf
902
CONFIG=/etc/chilli.conf
901
pidfile=/var/run/chilli.pid
903
pidfile=/var/run/chilli.pid
902
[ -f \$CONFIG ] || {
904
[ -f \$CONFIG ] || {
903
    echo "\$CONFIG Not found"
905
    echo "\$CONFIG Not found"
904
    exit 0
906
    exit 0
905
}
907
}
906
RETVAL=0
908
RETVAL=0
907
prog="chilli"
909
prog="chilli"
908
case \$1 in
910
case \$1 in
909
    start)
911
    start)
910
	if [ -f \$pidfile ] ; then 
912
	if [ -f \$pidfile ] ; then 
911
		gprintf "chilli is already running"
913
		gprintf "chilli is already running"
912
	else
914
	else
913
        	gprintf "Starting \$prog: "
915
        	gprintf "Starting \$prog: "
914
		rm -f /var/run/chilli* # cleaning
916
		rm -f /var/run/chilli* # cleaning
915
        	/sbin/modprobe tun >/dev/null 2>&1
917
        	/sbin/modprobe tun >/dev/null 2>&1
916
        	echo 1 > /proc/sys/net/ipv4/ip_forward
918
        	echo 1 > /proc/sys/net/ipv4/ip_forward
917
		[ -e /dev/net/tun ] || {
919
		[ -e /dev/net/tun ] || {
918
	    	(cd /dev; 
920
	    	(cd /dev; 
919
			mkdir net; 
921
			mkdir net; 
920
			cd net; 
922
			cd net; 
921
			mknod tun c 10 200)
923
			mknod tun c 10 200)
922
		}
924
		}
923
		ifconfig eth1 0.0.0.0
925
		ifconfig eth1 0.0.0.0
924
		daemon /usr/sbin/chilli -c \$CONFIG --pidfile=\$pidfile &
926
		daemon /usr/sbin/chilli -c \$CONFIG --pidfile=\$pidfile &
925
        	RETVAL=$?
927
        	RETVAL=$?
926
	fi
928
	fi
927
	;;
929
	;;
928
 
930
 
929
    reload)
931
    reload)
930
	killall -HUP chilli
932
	killall -HUP chilli
931
	;;
933
	;;
932
 
934
 
933
    restart)
935
    restart)
934
	\$0 stop
936
	\$0 stop
935
        sleep 2
937
        sleep 2
936
	\$0 start
938
	\$0 start
937
	;;
939
	;;
938
    
940
    
939
    status)
941
    status)
940
        status chilli
942
        status chilli
941
        RETVAL=0
943
        RETVAL=0
942
        ;;
944
        ;;
943
 
945
 
944
    stop)
946
    stop)
945
	if [ -f \$pidfile ] ; then  
947
	if [ -f \$pidfile ] ; then  
946
        	gprintf "Shutting down \$prog: "
948
        	gprintf "Shutting down \$prog: "
947
		killproc /usr/sbin/chilli
949
		killproc /usr/sbin/chilli
948
		RETVAL=\$?
950
		RETVAL=\$?
949
		[ \$RETVAL = 0 ] && rm -f $pidfile
951
		[ \$RETVAL = 0 ] && rm -f $pidfile
950
	else	
952
	else	
951
        	gprintf "chilli is not running"
953
        	gprintf "chilli is not running"
952
	fi
954
	fi
953
	;;
955
	;;
954
    
956
    
955
    *)
957
    *)
956
        echo "Usage: \$0 {start|stop|restart|reload|status}"
958
        echo "Usage: \$0 {start|stop|restart|reload|status}"
957
        exit 1
959
        exit 1
958
esac
960
esac
959
echo
961
echo
960
EOF
962
EOF
961
 
963
 
962
# conf file creation
964
# conf file creation
963
	[ -e /etc/chilli.conf.default ] || cp /etc/chilli.conf /etc/chilli.conf.default
965
	[ -e /etc/chilli.conf.default ] || cp /etc/chilli.conf /etc/chilli.conf.default
964
	cat <<EOF > /etc/chilli.conf
966
	cat <<EOF > /etc/chilli.conf
965
# coova config for ALCASAR
967
# coova config for ALCASAR
966
cmdsocket	/var/run/chilli.sock
968
cmdsocket	/var/run/chilli.sock
967
unixipc		chilli.eth1.ipc
969
unixipc		chilli.eth1.ipc
968
pidfile		/var/run/chilli.eth1.pid
970
pidfile		/var/run/chilli.eth1.pid
969
net		$PRIVATE_NETWORK_MASK
971
net		$PRIVATE_NETWORK_MASK
970
dhcpif		$INTIF
972
dhcpif		$INTIF
971
ethers		$DIR_DEST_ETC/alcasar-ethers
973
ethers		$DIR_DEST_ETC/alcasar-ethers
972
#nodynip
974
#nodynip
973
#statip
975
#statip
974
dynip		$PRIVATE_NETWORK_MASK
976
dynip		$PRIVATE_NETWORK_MASK
975
domain		localdomain
977
domain		localdomain
976
dns1		$PRIVATE_IP
978
dns1		$PRIVATE_IP
977
dns2		$PRIVATE_IP
979
dns2		$PRIVATE_IP
978
uamlisten	$PRIVATE_IP
980
uamlisten	$PRIVATE_IP
979
uamport		3990
981
uamport		3990
980
macauth
982
macauth
981
macpasswd	password
983
macpasswd	password
982
locationname	$HOSTNAME
984
locationname	$HOSTNAME
983
radiusserver1	127.0.0.1
985
radiusserver1	127.0.0.1
984
radiusserver2	127.0.0.1
986
radiusserver2	127.0.0.1
985
radiussecret	$secretradius
987
radiussecret	$secretradius
986
radiusauthport	1812
988
radiusauthport	1812
987
radiusacctport	1813
989
radiusacctport	1813
988
uamserver	https://$HOSTNAME/intercept.php
990
uamserver	https://$HOSTNAME/intercept.php
989
radiusnasid	$HOSTNAME
991
radiusnasid	$HOSTNAME
990
uamsecret	$secretuam
992
uamsecret	$secretuam
991
uamallowed	alcasar
993
uamallowed	alcasar
992
coaport		3799
994
coaport		3799
993
include		$DIR_DEST_ETC/alcasar-uamallowed
995
include		$DIR_DEST_ETC/alcasar-uamallowed
994
include		$DIR_DEST_ETC/alcasar-uamdomain
996
include		$DIR_DEST_ETC/alcasar-uamdomain
995
#dhcpgateway		
997
#dhcpgateway		
996
#dhcprelayagent
998
#dhcprelayagent
997
#dhcpgatewayport
999
#dhcpgatewayport
998
EOF
1000
EOF
999
# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0)
1001
# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0)
1000
	echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
1002
	echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
1001
# create files for trusted domains and urls
1003
# create files for trusted domains and urls
1002
	touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
1004
	touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
1003
	chown root:apache $DIR_DEST_ETC/alcasar-*
1005
	chown root:apache $DIR_DEST_ETC/alcasar-*
1004
	chmod 660 $DIR_DEST_ETC/alcasar-*
1006
	chmod 660 $DIR_DEST_ETC/alcasar-*
1005
# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli)
1007
# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli)
1006
	$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php
1008
	$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php
1007
	$SED "s?^\$userpassword=1.*?\$userpassword=1;?g" $DIR_WEB/intercept.php
1009
	$SED "s?^\$userpassword=1.*?\$userpassword=1;?g" $DIR_WEB/intercept.php
1008
# user 'chilli' creation (in order to run conup/off and up/down scripts
1010
# user 'chilli' creation (in order to run conup/off and up/down scripts
1009
	chilli_exist=`grep chilli /etc/passwd|wc -l`
1011
	chilli_exist=`grep chilli /etc/passwd|wc -l`
1010
	if [ "$chilli_exist" == "1" ]
1012
	if [ "$chilli_exist" == "1" ]
1011
	then
1013
	then
1012
	      userdel -r chilli 2>/dev/null
1014
	      userdel -r chilli 2>/dev/null
1013
	fi
1015
	fi
1014
	groupadd -f chilli
1016
	groupadd -f chilli
1015
	useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
1017
	useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
1016
}  # End of param_chilli ()
1018
}  # End of param_chilli ()
1017
 
1019
 
1018
##########################################################
1020
##########################################################
1019
##			Fonction param_squid		##
1021
##			Fonction param_squid		##
1020
## - Paramètrage du proxy 'squid' en mode 'cache'	##
1022
## - Paramètrage du proxy 'squid' en mode 'cache'	##
1021
## - Initialisation de la base de données  		##
1023
## - Initialisation de la base de données  		##
1022
##########################################################
1024
##########################################################
1023
param_squid ()
1025
param_squid ()
1024
{
1026
{
1025
# paramètrage de Squid (connecté en série derrière Dansguardian)
1027
# paramètrage de Squid (connecté en série derrière Dansguardian)
1026
	[ -e /etc/squid/squid.conf.default  ] || cp /etc/squid/squid.conf /etc/squid/squid.conf.default
1028
	[ -e /etc/squid/squid.conf.default  ] || cp /etc/squid/squid.conf /etc/squid/squid.conf.default
1027
# suppression des références 'localnet', 'icp', 'htcp' et 'always_direct'
1029
# suppression des références 'localnet', 'icp', 'htcp' et 'always_direct'
1028
	$SED "/^acl localnet/d" /etc/squid/squid.conf
1030
	$SED "/^acl localnet/d" /etc/squid/squid.conf
1029
	$SED "/^icp_access allow localnet/d" /etc/squid/squid.conf
1031
	$SED "/^icp_access allow localnet/d" /etc/squid/squid.conf
1030
	$SED "/^icp_port 3130/d" /etc/squid/squid.conf
1032
	$SED "/^icp_port 3130/d" /etc/squid/squid.conf
1031
	$SED "/^http_access allow localnet/d" /etc/squid/squid.conf
1033
	$SED "/^http_access allow localnet/d" /etc/squid/squid.conf
1032
	$SED "/^htcp_access allow localnet/d" /etc/squid/squid.conf
1034
	$SED "/^htcp_access allow localnet/d" /etc/squid/squid.conf
1033
	$SED "/^always_direct allow localnet/d" /etc/squid/squid.conf
1035
	$SED "/^always_direct allow localnet/d" /etc/squid/squid.conf
1034
# mode 'proxy transparent local'
1036
# mode 'proxy transparent local'
1035
	$SED "s?^http_port.*?http_port 127.0.0.1:3128 transparent?g" /etc/squid/squid.conf
1037
	$SED "s?^http_port.*?http_port 127.0.0.1:3128 transparent?g" /etc/squid/squid.conf
1036
# Configuration du cache local
1038
# Configuration du cache local
1037
	$SED "s?^#cache_dir.*?cache_dir ufs \/var\/spool\/squid 256 16 256?g" /etc/squid/squid.conf
1039
	$SED "s?^#cache_dir.*?cache_dir ufs \/var\/spool\/squid 256 16 256?g" /etc/squid/squid.conf
1038
# emplacement et formatage standard des logs
-
 
1039
	echo '#logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh' >> /etc/squid/squid.conf
-
 
1040
	echo '#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh' >> /etc/squid/squid.conf
-
 
1041
        echo "access_log /var/log/squid/access.log" >> /etc/squid/squid.conf
-
 
1042
# compatibilité des logs avec awstats
1040
# désactivation des "access log"
1043
	echo "emulate_httpd_log on" >> /etc/squid/squid.conf
-
 
1044
	echo "half_closed_clients off" >> /etc/squid/squid.conf
1041
	echo '#Disable access log' >> /etc/squid/squid.conf
1045
	echo "server_persistent_connections off" >> /etc/squid/squid.conf
-
 
1046
	echo "client_persistent_connections on" >> /etc/squid/squid.conf
-
 
1047
	echo "client_lifetime 1440 minutes" >> /etc/squid/squid.conf
-
 
1048
	echo "request_timeout 5 minutes" >> /etc/squid/squid.conf
-
 
1049
	echo "persistent_request_timeout 2 minutes" >> /etc/squid/squid.conf
-
 
1050
	echo "cache_mem 256 MB" >> /etc/squid/squid.conf
1042
        echo "access_log none" >> /etc/squid/squid.conf
1051
	echo "maximum_object_size_in_memory 4096 KB" >> /etc/squid/squid.conf
-
 
1052
	echo "maximum_object_size     4096 KB" >> /etc/squid/squid.conf
-
 
1053
# anonymisation of squid version
1043
# anonymisation of squid version
1054
	echo "via off" >> /etc/squid/squid.conf
1044
	echo "via off" >> /etc/squid/squid.conf
1055
# remove the 'X_forwarded' http option
1045
# remove the 'X_forwarded' http option
1056
	echo "forwarded_for delete" >> /etc/squid/squid.conf
1046
	echo "forwarded_for delete" >> /etc/squid/squid.conf
1057
# linked squid output in HAVP input
1047
# linked squid output in HAVP input
1058
	echo "cache_peer 127.0.0.1 parent 8090 0 no-query default" >> /etc/squid/squid.conf
1048
	echo "cache_peer 127.0.0.1 parent 8090 0 no-query default" >> /etc/squid/squid.conf
1059
	echo "never_direct allow all" >> /etc/squid/squid.conf
1049
	echo "never_direct allow all" >> /etc/squid/squid.conf
1060
# avoid error messages on network interfaces state changes
1050
# avoid error messages on network interfaces state changes
1061
	$SED "s?^SQUID_AUTO_RELOAD.*?SQUID_AUTO_RELOAD=no?g" /etc/sysconfig/squid
1051
	$SED "s?^SQUID_AUTO_RELOAD.*?SQUID_AUTO_RELOAD=no?g" /etc/sysconfig/squid
1062
# reduce squid shutdown time (100 to 50)
1052
# reduce squid shutdown time (100 to 50)
1063
	$SED "s?^SQUID_SHUTDOWN_TIMEOUT.*?SQUID_SHUTDOWN_TIMEOUT=50?g" /etc/sysconfig/squid
1053
	$SED "s?^SQUID_SHUTDOWN_TIMEOUT.*?SQUID_SHUTDOWN_TIMEOUT=50?g" /etc/sysconfig/squid
1064
 
1054
 
1065
# Squid cache init
1055
# Squid cache init
1066
	/usr/sbin/squid -z
1056
	/usr/sbin/squid -z
1067
}  # End of param_squid ()
1057
}  # End of param_squid ()
1068
	
1058
	
1069
##################################################################
1059
##################################################################
1070
##		Fonction param_dansguardian			##
1060
##		Fonction param_dansguardian			##
1071
## - Paramètrage du gestionnaire de contenu Dansguardian	##
1061
## - Paramètrage du gestionnaire de contenu Dansguardian	##
1072
##################################################################
1062
##################################################################
1073
param_dansguardian ()
1063
param_dansguardian ()
1074
{
1064
{
1075
	mkdir /var/dansguardian
1065
	mkdir /var/dansguardian
1076
	chown dansguardian /var/dansguardian
1066
	chown dansguardian /var/dansguardian
1077
	[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
1067
	[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
1078
# Le filtrage est désactivé par défaut 
1068
# Le filtrage est désactivé par défaut 
1079
	$SED "s/^reportinglevel =.*/reportinglevel = -1/g" $DIR_DG/dansguardian.conf
1069
	$SED "s/^reportinglevel =.*/reportinglevel = -1/g" $DIR_DG/dansguardian.conf
1080
# la page d'interception est en français
1070
# la page d'interception est en français
1081
	$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
1071
	$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
1082
# on limite l'écoute de Dansguardian côté LAN
1072
# on limite l'écoute de Dansguardian côté LAN
1083
	$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
1073
	$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
1084
# on chaîne Dansguardian au proxy cache SQUID
1074
# on chaîne Dansguardian au proxy cache SQUID
1085
	$SED "s?^proxyport.*?proxyport = 3128?g" $DIR_DG/dansguardian.conf
1075
	$SED "s?^proxyport.*?proxyport = 3128?g" $DIR_DG/dansguardian.conf
1086
# on remplace la page d'interception (template)
1076
# on remplace la page d'interception (template)
1087
	cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
1077
	cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
1088
	cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
1078
	cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
1089
# on ne loggue que les deny (pour le reste, on a squid)
1079
# on ne loggue que les deny (pour le reste, on a squid)
1090
	$SED "s?^loglevel =.*?loglevel = 1?g" $DIR_DG/dansguardian.conf
1080
	$SED "s?^loglevel =.*?loglevel = 1?g" $DIR_DG/dansguardian.conf
1091
# lauch of 10 daemons (20 in largest server)
1081
# lauch of 10 daemons (20 in largest server)
1092
	$SED "s?^minchildren =.*?minchildren = 10?g" $DIR_DG/dansguardian.conf
1082
	$SED "s?^minchildren =.*?minchildren = 10?g" $DIR_DG/dansguardian.conf
1093
# on désactive par défaut le controle de contenu des pages html
1083
# on désactive par défaut le controle de contenu des pages html
1094
	$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf
1084
	$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf
1095
	cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
1085
	cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
1096
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
1086
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
1097
# on désactive par défaut le contrôle d'URL par expressions régulières
1087
# on désactive par défaut le contrôle d'URL par expressions régulières
1098
	cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
1088
	cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
1099
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
1089
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
1100
# on désactive par défaut le contrôle de téléchargement de fichiers
1090
# on désactive par défaut le contrôle de téléchargement de fichiers
1101
	[ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
1091
	[ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
1102
	$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
1092
	$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
1103
	[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
1093
	[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
1104
	[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
1094
	[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
1105
	touch $DIR_DG/lists/bannedextensionlist
1095
	touch $DIR_DG/lists/bannedextensionlist
1106
	touch $DIR_DG/lists/bannedmimetypelist
1096
	touch $DIR_DG/lists/bannedmimetypelist
1107
# 'Safesearch' regex actualisation
1097
# 'Safesearch' regex actualisation
1108
	$SED "s?images?search?g" $DIR_DG/lists/urlregexplist
1098
	$SED "s?images?search?g" $DIR_DG/lists/urlregexplist
1109
# empty LAN IP list that won't be WEB filtered
1099
# empty LAN IP list that won't be WEB filtered
1110
	[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
1100
	[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
1111
	touch $DIR_DG/lists/exceptioniplist
1101
	touch $DIR_DG/lists/exceptioniplist
1112
# Keep a copy of URL & domain filter configuration files
1102
# Keep a copy of URL & domain filter configuration files
1113
	[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
1103
	[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
1114
	[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
1104
	[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
1115
} # End of param_dansguardian ()
1105
} # End of param_dansguardian ()
1116
 
1106
 
1117
##################################################################
1107
##################################################################
1118
##			Fonction antivirus			##
1108
##			Fonction antivirus			##
1119
## - configuration havp + libclamav				##
1109
## - configuration havp + libclamav				##
1120
##################################################################
1110
##################################################################
1121
antivirus ()		
1111
antivirus ()		
1122
{
1112
{
1123
# création de l'usager 'havp'
1113
# création de l'usager 'havp'
1124
	havp_exist=`grep havp /etc/passwd|wc -l`
1114
	havp_exist=`grep havp /etc/passwd|wc -l`
1125
	if [ "$havp_exist" == "1" ]
1115
	if [ "$havp_exist" == "1" ]
1126
	then
1116
	then
1127
	      userdel -r havp 2>/dev/null
1117
	      userdel -r havp 2>/dev/null
1128
	      groupdel havp 2>/dev/null
1118
	      groupdel havp 2>/dev/null
1129
	fi
1119
	fi
1130
	groupadd -f havp
1120
	groupadd -f havp
1131
	useradd -r -g havp -s /bin/false -c "system user for havp" havp
1121
	useradd -r -g havp -s /bin/false -c "system user for havp" havp
1132
	mkdir -p /var/tmp/havp /var/log/havp
1122
	mkdir -p /var/tmp/havp /var/log/havp
1133
	chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
1123
	chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
1134
# configuration d'HAVP
1124
# configuration d'HAVP
1135
	[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
1125
	[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
1136
	$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
1126
	$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
1137
	$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config				# datas come on 8090			
1127
	$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config				# datas come on 8090			
1138
	$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config	# we listen only on loopback
1128
	$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config	# we listen only on loopback
1139
	$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config	# Log format
1129
	$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config	# Log format
1140
	$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config		# active libclamav AV
1130
	$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config		# active libclamav AV
1141
	$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config			# log only when malware matches
1131
	$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config			# log only when malware matches
1142
	$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config		# 10 daemons are started simultaneously
1132
	$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config		# 10 daemons are started simultaneously
1143
	$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config		# doesn't scan image files
1133
	$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config		# doesn't scan image files
1144
	$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
1134
	$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
1145
# skip checking of youtube flow (too heavy load / risk too low)
1135
# skip checking of youtube flow (too heavy load / risk too low)
1146
	[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
1136
	[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
1147
	echo "# Whitelist youtube flow" >> /etc/havp/whitelist
1137
	echo "# Whitelist youtube flow" >> /etc/havp/whitelist
1148
	echo "*.youtube.com/*" >> /etc/havp/whitelist
1138
	echo "*.youtube.com/*" >> /etc/havp/whitelist
1149
# remplacement du fichier d'initialisation
1139
# remplacement du fichier d'initialisation
1150
	[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
1140
	[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
1151
# if keep old init file : $SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp
1141
# if keep old init file : $SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp
1152
	cp -f $DIR_CONF/havp-init /etc/init.d/havp
1142
	cp -f $DIR_CONF/havp-init /etc/init.d/havp
1153
# on remplace la page d'interception (template)
1143
# on remplace la page d'interception (template)
1154
	cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
1144
	cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
1155
	cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
1145
	cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
1156
# automatisation de la mise à jour de la base antivirale (toutes les 2 heures)
1146
# automatisation de la mise à jour de la base antivirale (toutes les 2 heures)
1157
	$SED "s?^Checks.*?Checks 12?g" /etc/freshclam.conf
1147
	$SED "s?^Checks.*?Checks 12?g" /etc/freshclam.conf
1158
	$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
1148
	$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
1159
# Virus database update
1149
# Virus database update
1160
	rm -f /var/lib/clamav/*.cld # in case of old database scheme
1150
	rm -f /var/lib/clamav/*.cld # in case of old database scheme
1161
	cp -f $DIR_CONF/clamav-main.cvd /var/lib/clamav/main.cvd
1151
	cp -f $DIR_CONF/clamav-main.cvd /var/lib/clamav/main.cvd
1162
	/usr/bin/freshclam
1152
	/usr/bin/freshclam
1163
}
1153
}
1164
 
1154
 
1165
##################################################################################
1155
##################################################################################
1166
##			param_ulogd function					##
1156
##			param_ulogd function					##
1167
## - Ulog config for multi-log files 						##
1157
## - Ulog config for multi-log files 						##
1168
##################################################################################
1158
##################################################################################
1169
param_ulogd ()
1159
param_ulogd ()
1170
{
1160
{
1171
# Three instances of ulogd (three different logfiles)
1161
# Three instances of ulogd (three different logfiles)
1172
	[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
1162
	[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
1173
	nl=1
1163
	nl=1
1174
	for log_type in tracability ssh ext-access
1164
	for log_type in tracability ssh ext-access
1175
	do
1165
	do
1176
		[ -e /var/log/firewall/$log_type.log ] || touch /var/log/firewall/$log_type.log
1166
		[ -e /var/log/firewall/$log_type.log ] || touch /var/log/firewall/$log_type.log
1177
		cp -f /etc/ulogd.conf /etc/ulogd-$log_type.conf
1167
		cp -f /etc/ulogd.conf /etc/ulogd-$log_type.conf
1178
		$SED "s?^nlgroup=.*?nlgroup=$nl?g" /etc/ulogd-$log_type.conf 
1168
		$SED "s?^nlgroup=.*?nlgroup=$nl?g" /etc/ulogd-$log_type.conf 
1179
		$SED '/OPRINT/,$d' /etc/ulogd-$log_type.conf
1169
		$SED '/OPRINT/,$d' /etc/ulogd-$log_type.conf
1180
		cat << EOF >> /etc/ulogd-$log_type.conf
1170
		cat << EOF >> /etc/ulogd-$log_type.conf
1181
[LOGEMU]
1171
[LOGEMU]
1182
file="/var/log/firewall/$log_type.log"
1172
file="/var/log/firewall/$log_type.log"
1183
sync=1
1173
sync=1
1184
EOF
1174
EOF
1185
		nl=`expr $nl + 1`
1175
		nl=`expr $nl + 1`
1186
	done
1176
	done
1187
	chown -R root:apache /var/log/firewall
1177
	chown -R root:apache /var/log/firewall
1188
	chmod 750 /var/log/firewall
1178
	chmod 750 /var/log/firewall
1189
	chmod 640 /var/log/firewall/*
1179
	chmod 640 /var/log/firewall/*
1190
	[ -e /etc/init.d/ulogd.default ] || cp /etc/init.d/ulogd /etc/init.d/ulogd.default
1180
	[ -e /etc/init.d/ulogd.default ] || cp /etc/init.d/ulogd /etc/init.d/ulogd.default
1191
	cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd
1181
	cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd
1192
}  # End of param_ulogd ()
1182
}  # End of param_ulogd ()
1193
 
1183
 
1194
##################################################################################
-
 
1195
##				Fonction param_awstats				##
-
 
1196
## - configuration de l'interface des logs de consultation WEB (AWSTAT)		##
-
 
1197
##################################################################################
-
 
1198
param_awstats()
-
 
1199
{
-
 
1200
	cp -rf /usr/share/awstats/www/ $DIR_ACC/awstats/
-
 
1201
	chown -R apache:apache $DIR_ACC/awstats
-
 
1202
	cp /etc/awstats/awstats.conf /etc/awstats/awstats.conf.default
-
 
1203
	$SED "s?^LogFile=.*?LogFile=\"/var/log/squid/access.log\"?g" /etc/awstats/awstats.conf
-
 
1204
	$SED "s?^LogFormat=.*?LogFormat=4?g" /etc/awstats/awstats.conf
-
 
1205
	$SED "s?^SiteDomain=.*?SiteDomain=\"$HOSTNAME\"?g" /etc/awstats/awstats.conf
-
 
1206
	$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf
-
 
1207
	$SED "s?^DNSLookup=.*?DNSLookup=0?g" /etc/awstats/awstats.conf
-
 
1208
	$SED "s?^DirData=.*?DirData=\"/var/lib/awstats\"?g" /etc/awstats/awstats.conf
-
 
1209
	$SED "s?^DirIcons=.*?DirIcons=\"/acc/awstats/icon\"?g" /etc/awstats/awstats.conf
-
 
1210
	$SED "s?^StyleSheet=.*?StyleSheet=\"/css/style.css\"?g" /etc/awstats/awstats.conf
-
 
1211
	$SED "s?^BuildReportFormat=.*?BuildReportFormat=xhtml?g" /etc/awstats/awstats.conf
-
 
1212
	$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf
-
 
1213
	$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf
-
 
1214
	$SED "s?^ShowSummary=.*?ShowSummary=VPHB?g" /etc/awstats/awstats.conf
-
 
1215
	$SED "s?^ShowSummary=.*?ShowSummary=VPHB?g" /etc/awstats/awstats.conf
-
 
1216
	$SED "s?^ShowMonthStats=.*?ShowMonthStats=VPHB?g" /etc/awstats/awstats.conf
-
 
1217
	$SED "s?^ShowDaysOfMonthStats=.*?ShowDaysOfMonthStats=PHB?g" /etc/awstats/awstats.conf
-
 
1218
	$SED "s?^ShowDaysOfWeekStats=.*?ShowDaysOfWeekStats=PHB?g" /etc/awstats/awstats.conf
-
 
1219
	$SED "s?^ShowHoursStats=.*?ShowHoursStats=PHB?g" /etc/awstats/awstats.conf
-
 
1220
	$SED "s?^ShowDomainsStats=.*?ShowDomainsStats=0?g" /etc/awstats/awstats.conf
-
 
1221
	$SED "s?^ShowHostsStats=.*?ShowHostsStats=0?g" /etc/awstats/awstats.conf
-
 
1222
	$SED "s?^ShowAuthenticatedUsers=.*?ShowAuthenticatedUsers=0?g" /etc/awstats/awstats.conf
-
 
1223
	$SED "s?^ShowRobotsStats=.*?ShowRobotsStats=0?g" /etc/awstats/awstats.conf
-
 
1224
	$SED "s?^ShowFileTypesStats=.*?ShowFileTypesStats=0?g" /etc/awstats/awstats.conf
-
 
1225
	$SED "s?^ShowFileSizesStats=.*?ShowFileSizesStats=0?g" /etc/awstats/awstats.conf
-
 
1226
	$SED "s?^ShowOSStats=.*?ShowOSStats=0?g" /etc/awstats/awstats.conf
-
 
1227
	$SED "s?^ShowScreenSizeStats=.*?ShowScreenSizeStats=0?g" /etc/awstats/awstats.conf
-
 
1228
 
1184
 
1229
	cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
1185
##########################################################
1230
<Directory $DIR_ACC/awstats>
1186
##              Fonction param_nfsen			##
-
 
1187
##########################################################
1231
	SSLRequireSSL
1188
param_nfsen()
-
 
1189
{
1232
	Options ExecCGI
1190
#Decompression tarball
-
 
1191
tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
1233
	AddHandler cgi-script .pl
1192
#Création groupe et utilisteur
-
 
1193
if grep "^www-data:" /etc/group > /dev/null; then
1234
	DirectoryIndex awstats.pl
1194
	echo "Group already exists !"
-
 
1195
else
1235
	Order deny,allow
1196
	groupadd www-data
-
 
1197
	echo "Group 'www-data' created !"
-
 
1198
fi
-
 
1199
if grep "^nfsen:" /etc/passwd > /dev/null; then
-
 
1200
	echo "User already exists !"
-
 
1201
else
1236
	Deny from all
1202
	useradd -m nfsen
-
 
1203
	echo "User 'nfsen' created !"
-
 
1204
fi
-
 
1205
usermod -G www-data nfsen
-
 
1206
#Ajout du plugin nfsen : PortTracker
-
 
1207
mkdir -p /var/www/nfsen/plugins
-
 
1208
chown -R nfsen:www-data /var/www/nfsen
-
 
1209
#Ajout du plugin PortTracker
-
 
1210
mkdir -p /var/log/netflow/porttracker 
-
 
1211
mkdir -p /usr/share/nfsen/plugins
-
 
1212
chown -R apache:apache /usr/share/nfsen
-
 
1213
cp -f ./conf/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
-
 
1214
chown apache /var/log/netflow/porttracker
-
 
1215
#Copie du fichier de conf modifié de nfsen
-
 
1216
cp ./conf/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
-
 
1217
#Copie du script d'initialisation de nfsen
-
 
1218
cp ./conf/nfsen/nfsen-init /etc/init.d/nfsen
-
 
1219
#Installation de nfsen via le scrip Perl
1237
	Allow from 127.0.0.1
1220
cd /tmp/nfsen-1.3.6p1/
-
 
1221
/usr/bin/perl5 install.pl etc/nfsen.conf #script lancé deux fois pour corriger,
-
 
1222
/usr/bin/perl5 install.pl etc/nfsen.conf #un problème Perl : "Semaphore introuvable"
1238
	Allow from $PRIVATE_NETWORK_MASK
1223
#Création de la DB pour rrdtool
-
 
1224
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
-
 
1225
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
-
 
1226
sudo -u apache nftrack -I -d /var/log/netflow/porttracker
1239
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
1227
chown -R apache:www-data /var/log/netflow/porttracker/
-
 
1228
chmod -R 775 /var/log/netflow/porttracker
-
 
1229
#Configuration du fichier de conf d'apache
-
 
1230
if [ -f /etc/httpd/conf.d/nfsen.conf ];then
-
 
1231
	rm -f /etc/httpd/conf.d/nfsen.conf
-
 
1232
fi
-
 
1233
cat <<EOF >> /etc/httpd/conf.d/nfsen.conf
-
 
1234
Alias /nfsen /var/www/nfsen 
1240
	require valid-user
1235
<Directory /var/www/nfsen/> 
-
 
1236
DirectoryIndex nfsen.php 
1241
	AuthType digest
1237
Options -Indexes 
1242
	AuthName $HOSTNAME
1238
AllowOverride all 
-
 
1239
order allow,deny 
-
 
1240
allow from all 
1243
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
1241
AddType application/x-httpd-php .php 
1244
	AuthUserFile $DIR_DEST_ETC/digest/key_admin
1242
php_flag magic_quotes_gpc on 
1245
	ErrorDocument 404 https://$HOSTNAME/
1243
php_flag track_vars on 
1246
</Directory>
1244
</Directory>
1247
SetEnv PERL5LIB /usr/share/awstats/lib:/usr/share/awstats/plugins
-
 
1248
EOF
1245
EOF
-
 
1246
#Configuration du délais d'expiration des captures du profile "ALCASAR"
-
 
1247
nfsen -m ALCASAR -e 365d
-
 
1248
#Suppression des sources de nfsen
-
 
1249
rm -rf /tmp/nfsen-1.3.6p1/
1249
} # End of param_awstats ()
1250
} # End of param_nfsen
1250
 
1251
 
1251
##########################################################
1252
##########################################################
1252
##		Fonction param_dnsmasq			##
1253
##		Fonction param_dnsmasq			##
1253
##########################################################
1254
##########################################################
1254
param_dnsmasq ()
1255
param_dnsmasq ()
1255
{
1256
{
1256
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
1257
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
1257
	$SED "s?^DHCP_LEASE=.*?DHCP_LEASE=/var/log/dnsmasq/lease.log?g" /etc/sysconfig/dnsmasq # fichier contenant les baux
1258
	$SED "s?^DHCP_LEASE=.*?DHCP_LEASE=/var/log/dnsmasq/lease.log?g" /etc/sysconfig/dnsmasq # fichier contenant les baux
1258
	[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
1259
	[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
1259
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if bypass is on.
1260
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if bypass is on.
1260
	cat << EOF > /etc/dnsmasq.conf 
1261
	cat << EOF > /etc/dnsmasq.conf 
1261
# Configuration file for "dnsmasq in forward mode"
1262
# Configuration file for "dnsmasq in forward mode"
1262
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux
1263
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux
1263
listen-address=$PRIVATE_IP
1264
listen-address=$PRIVATE_IP
1264
listen-address=127.0.0.1
1265
listen-address=127.0.0.1
1265
no-dhcp-interface=$INTIF
1266
no-dhcp-interface=$INTIF
1266
bind-interfaces
1267
bind-interfaces
1267
cache-size=256
1268
cache-size=256
1268
domain=$DOMAIN
1269
domain=$DOMAIN
1269
domain-needed
1270
domain-needed
1270
expand-hosts
1271
expand-hosts
1271
bogus-priv
1272
bogus-priv
1272
filterwin2k
1273
filterwin2k
1273
server=$DNS1
1274
server=$DNS1
1274
server=$DNS2
1275
server=$DNS2
1275
# le servive DHCP est configuré mais n'est exploité que pour le "bypass"
1276
# le servive DHCP est configuré mais n'est exploité que pour le "bypass"
1276
dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
1277
dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
1277
dhcp-option=option:router,$PRIVATE_IP
1278
dhcp-option=option:router,$PRIVATE_IP
1278
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
1279
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
1279
 
1280
 
1280
# Exemple de configuration statique : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
1281
# Exemple de configuration statique : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
1281
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
1282
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
1282
EOF
1283
EOF
1283
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blackhole")
1284
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blackhole")
1284
	cat << EOF > /etc/dnsmasq-blackhole.conf 
1285
	cat << EOF > /etc/dnsmasq-blackhole.conf 
1285
	# Configuration file for "dnsmasq with blackhole"
1286
	# Configuration file for "dnsmasq with blackhole"
1286
# Inclusion de la blacklist <domains> de Toulouse dans la configuration
1287
# Inclusion de la blacklist <domains> de Toulouse dans la configuration
1287
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
1288
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
1288
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux
1289
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux
1289
listen-address=$PRIVATE_IP
1290
listen-address=$PRIVATE_IP
1290
port=54
1291
port=54
1291
no-dhcp-interface=$INTIF
1292
no-dhcp-interface=$INTIF
1292
bind-interfaces
1293
bind-interfaces
1293
cache-size=256
1294
cache-size=256
1294
domain=$DOMAIN
1295
domain=$DOMAIN
1295
domain-needed
1296
domain-needed
1296
expand-hosts
1297
expand-hosts
1297
bogus-priv
1298
bogus-priv
1298
filterwin2k
1299
filterwin2k
1299
server=$DNS1
1300
server=$DNS1
1300
server=$DNS2
1301
server=$DNS2
1301
EOF
1302
EOF
1302
 
1303
 
1303
# Init file modification
1304
# Init file modification
1304
[ -e /etc/init.d/dnsmasq.default ] || cp /etc/init.d/dnsmasq /etc/init.d/dnsmasq.default
1305
[ -e /etc/init.d/dnsmasq.default ] || cp /etc/init.d/dnsmasq /etc/init.d/dnsmasq.default
1305
# Start and stop a 2nd process for the "DNS blackhole"
1306
# Start and stop a 2nd process for the "DNS blackhole"
1306
$SED "/daemon/a \$dnsmasq -C /etc/dnsmasq-blackhole.conf \$OPTIONS" /etc/init.d/dnsmasq
1307
$SED "/daemon/a \$dnsmasq -C /etc/dnsmasq-blackhole.conf \$OPTIONS" /etc/init.d/dnsmasq
1307
$SED "/killproc \$DAEMON_NAME/a killproc \$DAEMON_NAME" /etc/init.d/dnsmasq
1308
$SED "/killproc \$DAEMON_NAME/a killproc \$DAEMON_NAME" /etc/init.d/dnsmasq
1308
# Start after chilli (65) which create tun0
1309
# Start after chilli (65) which create tun0
1309
$SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq
1310
$SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq
1310
# Optionnellement on pré-active les logs DNS des clients
1311
# Optionnellement on pré-active les logs DNS des clients
1311
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
1312
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
1312
$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g"  /etc/sysconfig/dnsmasq
1313
$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g"  /etc/sysconfig/dnsmasq
1313
# Optionnellement, exemple de paramètre supplémentaire pour le cache memoire
1314
# Optionnellement, exemple de paramètre supplémentaire pour le cache memoire
1314
echo '#OPTIONS="$OPTIONS --cache-size=250"' >> /etc/sysconfig/dnsmasq
1315
echo '#OPTIONS="$OPTIONS --cache-size=250"' >> /etc/sysconfig/dnsmasq
1315
# Optionnellement, exemple de configuration avec un A.D.
1316
# Optionnellement, exemple de configuration avec un A.D.
1316
echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.3"' >> /etc/sysconfig/dnsmasq
1317
echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.3"' >> /etc/sysconfig/dnsmasq
1317
} # End dnsmasq
1318
} # End dnsmasq
1318
 
1319
 
1319
##########################################################
1320
##########################################################
1320
##		Fonction BL (BlackList)			##
1321
##		Fonction BL (BlackList)			##
1321
##########################################################
1322
##########################################################
1322
BL ()
1323
BL ()
1323
{
1324
{
1324
# on copie par défaut la BL de toulouse embarqués dans l'archive d'ALCASAR
1325
# on copie par défaut la BL de toulouse embarqués dans l'archive d'ALCASAR
1325
	rm -rf $DIR_DG/lists/blacklists
1326
	rm -rf $DIR_DG/lists/blacklists
1326
	tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
1327
	tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
1327
# on crée le répertoire ossi (noms de domaine et URLs ajoutés à la BL)
1328
# on crée le répertoire ossi (noms de domaine et URLs ajoutés à la BL)
1328
	mkdir $DIR_DG/lists/blacklists/ossi
1329
	mkdir $DIR_DG/lists/blacklists/ossi
1329
	touch $DIR_DG/lists/blacklists/ossi/domains $DIR_DG/lists/blacklists/ossi/domains_wl
1330
	touch $DIR_DG/lists/blacklists/ossi/domains $DIR_DG/lists/blacklists/ossi/domains_wl
1330
	touch $DIR_DG/lists/blacklists/ossi/urls $DIR_DG/lists/blacklists/ossi/urls_wl
1331
	touch $DIR_DG/lists/blacklists/ossi/urls $DIR_DG/lists/blacklists/ossi/urls_wl
1331
# On crée les fichiers vides de sites ou d'URL réhabilités
1332
# On crée les fichiers vides de sites ou d'URL réhabilités
1332
	[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
1333
	[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
1333
	[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
1334
	[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
1334
	touch $DIR_DG/lists/exceptionsitelist
1335
	touch $DIR_DG/lists/exceptionsitelist
1335
	touch $DIR_DG/lists/exceptionurllist
1336
	touch $DIR_DG/lists/exceptionurllist
1336
# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian
1337
# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian
1337
	cat <<EOF > $DIR_DG/lists/bannedurllist
1338
	cat <<EOF > $DIR_DG/lists/bannedurllist
1338
# Dansguardian filter config for ALCASAR
1339
# Dansguardian filter config for ALCASAR
1339
EOF
1340
EOF
1340
	cat <<EOF > $DIR_DG/lists/bannedsitelist
1341
	cat <<EOF > $DIR_DG/lists/bannedsitelist
1341
# Dansguardian domain filter config for ALCASAR
1342
# Dansguardian domain filter config for ALCASAR
1342
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
1343
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
1343
#**
1344
#**
1344
# block all SSL and CONNECT tunnels
1345
# block all SSL and CONNECT tunnels
1345
**s
1346
**s
1346
# block all SSL and CONNECT tunnels specified only as an IP
1347
# block all SSL and CONNECT tunnels specified only as an IP
1347
*ips
1348
*ips
1348
# block all sites specified only by an IP
1349
# block all sites specified only by an IP
1349
*ip
1350
*ip
1350
EOF
1351
EOF
1351
# Add Bing and Youtube to the safesearch url regext list (parental control)
1352
# Add Bing and Youtube to the safesearch url regext list (parental control)
1352
	cat <<EOF >> $DIR_DG/lists/urlregexplist
1353
	cat <<EOF >> $DIR_DG/lists/urlregexplist
1353
# Bing - add 'adlt=strict'
1354
# Bing - add 'adlt=strict'
1354
#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
1355
#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
1355
# Youtube - add 'edufilter=your_ID' 
1356
# Youtube - add 'edufilter=your_ID' 
1356
#"(^http://[0-9a-z]+\.youtube\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&edufilter=ABCD1234567890abcdef"
1357
#"(^http://[0-9a-z]+\.youtube\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&edufilter=ABCD1234567890abcdef"
1357
EOF
1358
EOF
1358
# change the the google safesearch ("safe=strict" instead of "safe=vss")
1359
# change the the google safesearch ("safe=strict" instead of "safe=vss")
1359
	$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
1360
	$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
1360
	chown -R dansguardian:apache $DIR_DG
1361
	chown -R dansguardian:apache $DIR_DG
1361
	chmod -R g+rw $DIR_DG
1362
	chmod -R g+rw $DIR_DG
1362
# On adapte la BL de Toulouse à notre structure
1363
# On adapte la BL de Toulouse à notre structure
1363
	if [ "$mode" != "update" ]; then
1364
	if [ "$mode" != "update" ]; then
1364
		$DIR_DEST_SBIN/alcasar-bl.sh --adapt
1365
		$DIR_DEST_SBIN/alcasar-bl.sh --adapt
1365
	fi
1366
	fi
1366
}
1367
}
1367
 
1368
 
1368
##########################################################
1369
##########################################################
1369
##		Fonction cron				##
1370
##		Fonction cron				##
1370
## - Mise en place des différents fichiers de cron	##
1371
## - Mise en place des différents fichiers de cron	##
1371
##########################################################
1372
##########################################################
1372
cron ()
1373
cron ()
1373
{
1374
{
1374
# Modif du fichier 'crontab' pour passer les cron à minuit au lieu de 04h00
1375
# Modif du fichier 'crontab' pour passer les cron à minuit au lieu de 04h00
1375
	[ -e /etc/crontab.default ] || cp /etc/crontab /etc/crontab.default
1376
	[ -e /etc/crontab.default ] || cp /etc/crontab /etc/crontab.default
1376
	cat <<EOF > /etc/crontab
1377
	cat <<EOF > /etc/crontab
1377
SHELL=/bin/bash
1378
SHELL=/bin/bash
1378
PATH=/sbin:/bin:/usr/sbin:/usr/bin
1379
PATH=/sbin:/bin:/usr/sbin:/usr/bin
1379
MAILTO=root
1380
MAILTO=root
1380
HOME=/
1381
HOME=/
1381
 
1382
 
1382
# run-parts
1383
# run-parts
1383
01 * * * * root nice -n 19 run-parts --report /etc/cron.hourly
1384
01 * * * * root nice -n 19 run-parts --report /etc/cron.hourly
1384
02 0 * * * root nice -n 19 run-parts --report /etc/cron.daily
1385
02 0 * * * root nice -n 19 run-parts --report /etc/cron.daily
1385
22 0 * * 0 root nice -n 19 run-parts --report /etc/cron.weekly
1386
22 0 * * 0 root nice -n 19 run-parts --report /etc/cron.weekly
1386
42 0 1 * * root nice -n 19 run-parts --report /etc/cron.monthly
1387
42 0 1 * * root nice -n 19 run-parts --report /etc/cron.monthly
1387
EOF
1388
EOF
1388
	[ -e /etc/anacrontab.default ] || cp /etc/anacrontab /etc/anacrontab.default
1389
	[ -e /etc/anacrontab.default ] || cp /etc/anacrontab /etc/anacrontab.default
1389
	cat <<EOF >> /etc/anacrontab
1390
	cat <<EOF >> /etc/anacrontab
1390
7       8       cron.MysqlDump          nice /etc/cron.d/alcasar-mysql
1391
7       8       cron.MysqlDump          nice /etc/cron.d/alcasar-mysql
1391
7       10      cron.logExport          nice /etc/cron.d/alcasar-export_log
1392
7       10      cron.logExport          nice /etc/cron.d/alcasar-export_log
1392
7       15      cron.logClean           nice /etc/cron.d/alcasar-clean_log
1393
7       15      cron.logClean           nice /etc/cron.d/alcasar-clean_log
1393
7	20	cron.importClean	nice /etc/cron.d/alcasar-clean_import
1394
7	20	cron.importClean	nice /etc/cron.d/alcasar-clean_import
1394
EOF
1395
EOF
1395
	cat <<EOF > /etc/cron.d/alcasar-clean_log
1396
	cat <<EOF > /etc/cron.d/alcasar-clean_log
1396
# suppression des fichiers de logs de plus d'un an (tous les lundi à 4h30)
1397
# suppression des fichiers de logs de plus d'un an (tous les lundi à 4h30)
1397
30 4 * * 1 root $DIR_DEST_BIN/alcasar-log.sh --clean
1398
30 4 * * 1 root $DIR_DEST_BIN/alcasar-log.sh --clean
1398
EOF
1399
EOF
1399
	cat <<EOF > /etc/cron.d/alcasar-mysql
1400
	cat <<EOF > /etc/cron.d/alcasar-mysql
1400
# Contrôle, réparation et export de la base des usagers (tous les lundi à 4h45)
1401
# Contrôle, réparation et export de la base des usagers (tous les lundi à 4h45)
1401
45 4 * * 1 root $DIR_DEST_SBIN/alcasar-mysql.sh --dump
1402
45 4 * * 1 root $DIR_DEST_SBIN/alcasar-mysql.sh --dump
1402
# Nettoyage des utilisateurs dont la date d'expiration du compte est supérieure à 7 jours
1403
# Nettoyage des utilisateurs dont la date d'expiration du compte est supérieure à 7 jours
1403
40 4 * * * root /usr/local/sbin/alcasar-mysql.sh --expire_user 2>&1 >/dev/null
1404
40 4 * * * root /usr/local/sbin/alcasar-mysql.sh --expire_user 2>&1 >/dev/null
1404
EOF
1405
EOF
1405
	cat <<EOF > /etc/cron.d/alcasar-export_log
1406
	cat <<EOF > /etc/cron.d/alcasar-export_log
1406
# export des log squid, firewall et apache (tous les lundi à 5h00)
1407
# export des log squid, firewall et apache (tous les lundi à 5h00)
1407
00 5 * * 1 root $DIR_DEST_BIN/alcasar-log.sh --export
1408
00 5 * * 1 root $DIR_DEST_BIN/alcasar-log.sh --export
1408
EOF
1409
EOF
1409
	cat <<EOF > /etc/cron.d/alcasar-archive
1410
	cat <<EOF > /etc/cron.d/alcasar-archive
1410
# Archive des logs et de la base de données (tous les lundi à 5h35)
1411
# Archive des logs et de la base de données (tous les lundi à 5h35)
1411
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
1412
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
1412
EOF
1413
EOF
1413
	cat << EOF > /etc/cron.d/awstats
-
 
1414
# mise à jour des stats de consultation WEB toutes les 30'
-
 
1415
*/30 * * * * root $DIR_ACC/awstats/awstats.pl -config=localhost -update >/dev/null 2>&1
-
 
1416
EOF
-
 
1417
	cat << EOF > /etc/cron.d/alcasar-clean_import
1414
	cat << EOF > /etc/cron.d/alcasar-clean_import
1418
# suppression des fichiers de mots de passe lors d'imports massifs par fichier de plus de 24h
1415
# suppression des fichiers de mots de passe lors d'imports massifs par fichier de plus de 24h
1419
30 * * * *  root $DIR_DEST_BIN/alcasar-import-clean.sh
1416
30 * * * *  root $DIR_DEST_BIN/alcasar-import-clean.sh
1420
EOF
1417
EOF
1421
	cat << EOF > /etc/cron.d/alcasar-distrib-updates
1418
	cat << EOF > /etc/cron.d/alcasar-distrib-updates
1422
# mise à jour automatique de la distribution tous les jours 3h30
1419
# mise à jour automatique de la distribution tous les jours 3h30
1423
30 3 * * *  root /usr/sbin/urpmi --auto-update --auto 2>&1
1420
30 3 * * *  root /usr/sbin/urpmi --auto-update --auto 2>&1
1424
EOF
1421
EOF
-
 
1422
	cat << EOF > /etc/cron.d/alcasar-netflow
-
 
1423
# mise à jour automatique du délais d'expiration des log Nertflow (tous les vendredi à 0h05)
-
 
1424
05 0 * * 5  root /usr/bin/nfexpire -e /var/log/nfsen/profiles-data/ALCASAR/ipt_netflow/ -t 1y -w 90
-
 
1425
EOF
-
 
1426
 
1425
# mise à jour des stats de connexion (accounting). Scripts provenant de "dialupadmin" (rpm freeradius-web) (cf. wiki.freeradius.org/Dialup_admin).
1427
# mise à jour des stats de connexion (accounting). Scripts provenant de "dialupadmin" (rpm freeradius-web) (cf. wiki.freeradius.org/Dialup_admin).
1426
# on écrase le crontab d'origine installé par le RPM "freeradius-web" (bug remonté à qa.mandriva.com : 46739).
1428
# on écrase le crontab d'origine installé par le RPM "freeradius-web" (bug remonté à qa.mandriva.com : 46739).
1427
# 'tot_stats' (tout les jours à 01h01) : aggrégat des connexions journalières par usager (renseigne la table 'totacct') 
1429
# 'tot_stats' (tout les jours à 01h01) : aggrégat des connexions journalières par usager (renseigne la table 'totacct') 
1428
# 'monthly_tot_stat' (tous les jours à 01h05) : aggrégat des connexions mensuelles par usager (renseigne la table 'mtotacct')
1430
# 'monthly_tot_stat' (tous les jours à 01h05) : aggrégat des connexions mensuelles par usager (renseigne la table 'mtotacct')
1429
# 'truncate_raddact' (tous les 1er du mois à 01h10) : supprime les entrées journalisées plus vieilles que '$back_days' jours (défini ci-après)
1431
# 'truncate_raddact' (tous les 1er du mois à 01h10) : supprime les entrées journalisées plus vieilles que '$back_days' jours (défini ci-après)
1430
# 'clean_radacct' (tous les 1er du mois à 01h15) : ferme les session ouvertes de plus de '$back_days' jours (défini ci-après)
1432
# 'clean_radacct' (tous les 1er du mois à 01h15) : ferme les session ouvertes de plus de '$back_days' jours (défini ci-après)
1431
	$SED "s?^\$back_days.*?\$back_days = 365;?g" /usr/bin/truncate_radacct
1433
	$SED "s?^\$back_days.*?\$back_days = 365;?g" /usr/bin/truncate_radacct
1432
	$SED "s?^\$back_days.*?\$back_days = 30;?g" /usr/bin/clean_radacct
1434
	$SED "s?^\$back_days.*?\$back_days = 30;?g" /usr/bin/clean_radacct
1433
	rm -f /etc/cron.daily/freeradius-web
1435
	rm -f /etc/cron.daily/freeradius-web
1434
	rm -f /etc/cron.monthly/freeradius-web
1436
	rm -f /etc/cron.monthly/freeradius-web
1435
	cat << EOF > /etc/cron.d/freeradius-web
1437
	cat << EOF > /etc/cron.d/freeradius-web
1436
1 1 * * * root /usr/bin/tot_stats > /dev/null 2>&1
1438
1 1 * * * root /usr/bin/tot_stats > /dev/null 2>&1
1437
5 1 * * * root /usr/bin/monthly_tot_stats > /dev/null 2>&1
1439
5 1 * * * root /usr/bin/monthly_tot_stats > /dev/null 2>&1
1438
10 1 1 * * root /usr/bin/truncate_radacct > /dev/null 2>&1
1440
10 1 1 * * root /usr/bin/truncate_radacct > /dev/null 2>&1
1439
15 1 1 * * root /usr/bin/clean_radacct > /dev/null 2>&1
1441
15 1 1 * * root /usr/bin/clean_radacct > /dev/null 2>&1
1440
EOF
1442
EOF
1441
	cat << EOF > /etc/cron.d/alcasar-watchdog
1443
	cat << EOF > /etc/cron.d/alcasar-watchdog
1442
# activation du "chien de garde" (watchdog) toutes les 3'
1444
# activation du "chien de garde" (watchdog) toutes les 3'
1443
*/3 * * * * root $DIR_DEST_BIN/alcasar-watchdog.sh > /dev/null 2>&1
1445
*/3 * * * * root $DIR_DEST_BIN/alcasar-watchdog.sh > /dev/null 2>&1
1444
EOF
1446
EOF
1445
# activation du "chien de garde des services" (watchdog) toutes les 18'
1447
# activation du "chien de garde des services" (watchdog) toutes les 18'
1446
	cat << EOF > /etc/cron.d/alcasar-daemon-watchdog
1448
	cat << EOF > /etc/cron.d/alcasar-daemon-watchdog
1447
# activation du "chien de garde" (daemon-watchdog) toutes les 18'
1449
# activation du "chien de garde" (daemon-watchdog) toutes les 18'
1448
*/18 * * * * root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
1450
*/18 * * * * root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
1449
EOF
1451
EOF
1450
# suppression des crons usagers
1452
# suppression des crons usagers
1451
	rm -f /var/spool/cron/*
1453
	rm -f /var/spool/cron/*
1452
} # End cron
1454
} # End cron
1453
 
1455
 
1454
##################################################################
1456
##################################################################
1455
##			Fonction post_install			##
1457
##			Fonction post_install			##
1456
## - Modification des bannières (locales et ssh) et des prompts ##
1458
## - Modification des bannières (locales et ssh) et des prompts ##
1457
## - Installation de la structure de chiffrement pour root	##
1459
## - Installation de la structure de chiffrement pour root	##
1458
## - Mise en place du sudoers et de la sécurité sur les fichiers##
1460
## - Mise en place du sudoers et de la sécurité sur les fichiers##
1459
## - Mise en place du la rotation des logs			##
1461
## - Mise en place du la rotation des logs			##
1460
## - Configuration dans le cas d'une mise à jour		##
1462
## - Configuration dans le cas d'une mise à jour		##
1461
##################################################################
1463
##################################################################
1462
post_install()
1464
post_install()
1463
{
1465
{
1464
# adaptation du script "chien de garde" (watchdog)
1466
# adaptation du script "chien de garde" (watchdog)
1465
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
1467
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
1466
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
1468
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
1467
# création de la bannière locale
1469
# création de la bannière locale
1468
	[ -e /etc/mageia-release.default ]  || cp /etc/mageia-release /etc/mageia-release.default
1470
	[ -e /etc/mageia-release.default ]  || cp /etc/mageia-release /etc/mageia-release.default
1469
	cp -f $DIR_CONF/banner /etc/mageia-release
1471
	cp -f $DIR_CONF/banner /etc/mageia-release
1470
	echo " V$VERSION" >> /etc/mageia-release
1472
	echo " V$VERSION" >> /etc/mageia-release
1471
# création de la bannière SSH
1473
# création de la bannière SSH
1472
	cp /etc/mageia-release /etc/ssh/alcasar-banner-ssh
1474
	cp /etc/mageia-release /etc/ssh/alcasar-banner-ssh
1473
	chmod 644 /etc/ssh/alcasar-banner-ssh ; chown root:root /etc/ssh/alcasar-banner-ssh
1475
	chmod 644 /etc/ssh/alcasar-banner-ssh ; chown root:root /etc/ssh/alcasar-banner-ssh
1474
	[ -e /etc/ssh/sshd_config.default ] || cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default
1476
	[ -e /etc/ssh/sshd_config.default ] || cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default
1475
	$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1477
	$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1476
	$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1478
	$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1477
# postfix banner anonymisation
1479
# postfix banner anonymisation
1478
	$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
1480
	$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
1479
# sshd écoute côté LAN et WAN
1481
# sshd écoute côté LAN et WAN
1480
	$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
1482
	$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
1481
	$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config 
1483
	$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config 
1482
	# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)
1484
	# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)
1483
	echo "SSH=off" >> $CONF_FILE
1485
	echo "SSH=off" >> $CONF_FILE
1484
	echo 'SSH_ADMIN_FROM=0.0.0.0/0.0.0.0' >> $CONF_FILE
1486
	echo 'SSH_ADMIN_FROM=0.0.0.0/0.0.0.0' >> $CONF_FILE
1485
	echo "QOS=off" >> $CONF_FILE
1487
	echo "QOS=off" >> $CONF_FILE
1486
	echo "LDAP=off" >> $CONF_FILE
1488
	echo "LDAP=off" >> $CONF_FILE
1487
	echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
1489
	echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
1488
	echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
1490
	echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
1489
	echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
1491
	echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
1490
	echo "DNS_FILTERING=off" >> $CONF_FILE
1492
	echo "DNS_FILTERING=off" >> $CONF_FILE
1491
	echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE
1493
	echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE
1492
	echo "MULTIWAN=off" >> $CONF_FILE
1494
	echo "MULTIWAN=off" >> $CONF_FILE
1493
	echo "FAILOVER=30" >> $CONF_FILE
1495
	echo "FAILOVER=30" >> $CONF_FILE
1494
	echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE
1496
	echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE
1495
	echo "#WAN1=\"1,eth0:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE
1497
	echo "#WAN1=\"1,eth0:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE
1496
	echo "#WAN2=\"1,eth0:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE
1498
	echo "#WAN2=\"1,eth0:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE
1497
# Coloration des prompts
1499
# Coloration des prompts
1498
	[ -e /etc/bashrc.default ]  || cp /etc/bashrc /etc/bashrc.default
1500
	[ -e /etc/bashrc.default ]  || cp /etc/bashrc /etc/bashrc.default
1499
	cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
1501
	cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
1500
	$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc
1502
	$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc
1501
# Droits d'exécution pour utilisateur apache et sysadmin
1503
# Droits d'exécution pour utilisateur apache et sysadmin
1502
	[ -e /etc/sudoers.default ]  || cp /etc/sudoers /etc/sudoers.default
1504
	[ -e /etc/sudoers.default ]  || cp /etc/sudoers /etc/sudoers.default
1503
	cp -f $DIR_CONF/sudoers /etc/. ; chmod 440 /etc/sudoers ; chown root:root /etc/sudoers
1505
	cp -f $DIR_CONF/sudoers /etc/. ; chmod 440 /etc/sudoers ; chown root:root /etc/sudoers
1504
	$SED "s?^Host_Alias.*?Host_Alias	LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost		#réseau de l'organisme?g" /etc/sudoers
1506
	$SED "s?^Host_Alias.*?Host_Alias	LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost		#réseau de l'organisme?g" /etc/sudoers
1505
# prise en compte de la rotation des logs sur 1 an (concerne mysql, httpd, dansguardian, squid, radiusd, ulogd)
1507
# prise en compte de la rotation des logs sur 1 an (concerne mysql, httpd, dansguardian, squid, radiusd, ulogd)
1506
	cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
1508
	cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
1507
	chmod 644 /etc/logrotate.d/*
1509
	chmod 644 /etc/logrotate.d/*
1508
# rectification sur versions précédentes de la compression des logs
1510
# rectification sur versions précédentes de la compression des logs
1509
	$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
1511
	$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
1510
# actualisation des fichiers logs compressés
1512
# actualisation des fichiers logs compressés
1511
	for dir in firewall squid dansguardian httpd
1513
	for dir in firewall squid dansguardian httpd
1512
	do
1514
	do
1513
	      find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
1515
	      find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
1514
	done
1516
	done
1515
# export des logs en 'retard' dans /var/Save/logs
1517
# export des logs en 'retard' dans /var/Save/logs
1516
	/usr/local/bin/alcasar-log.sh --export
1518
	/usr/local/bin/alcasar-log.sh --export
1517
# processus lancés par défaut au démarrage
1519
# processus lancés par défaut au démarrage
1518
	for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam
1520
	for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam nfsen
1519
	do
1521
	do
1520
		/sbin/chkconfig --add $i
1522
		/sbin/chkconfig --add $i
1521
	done
1523
	done
1522
 
1524
 
1523
	cat << EOF > /etc/rc.local
1525
	cat << EOF > /etc/rc.local
1524
/usr/local/sbin/alcasar-load_balancing.sh start &
1526
/usr/local/sbin/alcasar-load_balancing.sh start &
1525
sleep 3
1527
sleep 3
1526
service radiusd restart
1528
service radiusd restart
1527
EOF
1529
EOF
1528
 
1530
 
1529
# On applique les préconisations ANSSI
1531
# On applique les préconisations ANSSI
1530
# Apply French Security Agency rules
1532
# Apply French Security Agency rules
1531
# ignorer les broadcast ICMP. (attaque smurf) 
1533
# ignorer les broadcast ICMP. (attaque smurf) 
1532
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
1534
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
1533
# ignorer les erreurs ICMP bogus
1535
# ignorer les erreurs ICMP bogus
1534
sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
1536
sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
1535
# désactiver l'envoi et la réponse aux ICMP redirects
1537
# désactiver l'envoi et la réponse aux ICMP redirects
1536
sysctl -w net.ipv4.conf.all.accept_redirects=0
1538
sysctl -w net.ipv4.conf.all.accept_redirects=0
1537
accept_redirect=`grep accept_redirect /etc/sysctl.conf|wc -l`
1539
accept_redirect=`grep accept_redirect /etc/sysctl.conf|wc -l`
1538
	if [ "$accept_redirect" == "0" ]
1540
	if [ "$accept_redirect" == "0" ]
1539
	then
1541
	then
1540
		echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
1542
		echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
1541
	else
1543
	else
1542
		$SED "s?accept_redirects.*?accept_redirects = 0?g" /etc/sysctl.conf
1544
		$SED "s?accept_redirects.*?accept_redirects = 0?g" /etc/sysctl.conf
1543
	fi
1545
	fi
1544
sysctl -w net.ipv4.conf.all.send_redirects=0
1546
sysctl -w net.ipv4.conf.all.send_redirects=0
1545
send_redirect=`grep send_redirect /etc/sysctl.conf|wc -l`
1547
send_redirect=`grep send_redirect /etc/sysctl.conf|wc -l`
1546
	if [ "$send_redirect" == "0" ]
1548
	if [ "$send_redirect" == "0" ]
1547
	then
1549
	then
1548
		echo "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.conf
1550
		echo "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.conf
1549
	else
1551
	else
1550
		$SED "s?send_redirects.*?send_redirects = 0?g" /etc/sysctl.conf
1552
		$SED "s?send_redirects.*?send_redirects = 0?g" /etc/sysctl.conf
1551
	fi
1553
	fi
1552
# activer les SYN Cookies (attaque syn flood)
1554
# activer les SYN Cookies (attaque syn flood)
1553
sysctl -w net.ipv4.tcp_syncookies=1
1555
sysctl -w net.ipv4.tcp_syncookies=1
1554
tcp_syncookies=`grep tcp_syncookies /etc/sysctl.conf|wc -l`
1556
tcp_syncookies=`grep tcp_syncookies /etc/sysctl.conf|wc -l`
1555
	if [ "$tcp_syncookies" == "0" ]
1557
	if [ "$tcp_syncookies" == "0" ]
1556
	then
1558
	then
1557
		echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
1559
		echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
1558
	else
1560
	else
1559
		$SED "s?tcp_syncookies.*?tcp_syncookies = 1?g" /etc/sysctl.conf
1561
		$SED "s?tcp_syncookies.*?tcp_syncookies = 1?g" /etc/sysctl.conf
1560
	fi
1562
	fi
1561
# activer l'antispoofing niveau Noyau
1563
# activer l'antispoofing niveau Noyau
1562
sysctl -w net.ipv4.conf.all.rp_filter=1
1564
sysctl -w net.ipv4.conf.all.rp_filter=1
1563
# ignorer le source routing
1565
# ignorer le source routing
1564
sysctl -w net.ipv4.conf.all.accept_source_route=0
1566
sysctl -w net.ipv4.conf.all.accept_source_route=0
1565
accept_source_route=`grep accept_source_route /etc/sysctl.conf|wc -l`
1567
accept_source_route=`grep accept_source_route /etc/sysctl.conf|wc -l`
1566
	if [ "$accept_source_route" == "0" ]
1568
	if [ "$accept_source_route" == "0" ]
1567
	then
1569
	then
1568
		echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
1570
		echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
1569
	else
1571
	else
1570
		$SED "s?accept_source_route.*?accept_source_route = 0?g" /etc/sysctl.conf
1572
		$SED "s?accept_source_route.*?accept_source_route = 0?g" /etc/sysctl.conf
1571
	fi
1573
	fi
1572
# réglage du timer de maintien de suivi de session à 1h (3600s) au lieu de 5 semaines
1574
# réglage du timer de maintien de suivi de session à 1h (3600s) au lieu de 5 semaines
1573
sysctl -w net.netfilter.nf_conntrack_tcp_timeout_established=3600
1575
sysctl -w net.netfilter.nf_conntrack_tcp_timeout_established=3600
1574
timeout_established=`grep timeout_established /etc/sysctl.conf|wc -l`
1576
timeout_established=`grep timeout_established /etc/sysctl.conf|wc -l`
1575
	if [ "$timeout_established" == "0" ]
1577
	if [ "$timeout_established" == "0" ]
1576
	then
1578
	then
1577
		echo "net.netfilter.nf_conntrack_tcp_timeout_established = 3600" >> /etc/sysctl.conf
1579
		echo "net.netfilter.nf_conntrack_tcp_timeout_established = 3600" >> /etc/sysctl.conf
1578
	else
1580
	else
1579
		$SED "s?timeout_established.*?timeout_established = 3600?g" /etc/sysctl.conf
1581
		$SED "s?timeout_established.*?timeout_established = 3600?g" /etc/sysctl.conf
1580
	fi
1582
	fi
1581
# disable log_martians (ALCASAR is often installed between two private network addresses) 
1583
# disable log_martians (ALCASAR is often installed between two private network addresses) 
1582
sysctl -w net.ipv4.conf.all.log_martians=0
1584
sysctl -w net.ipv4.conf.all.log_martians=0
1583
# On supprime la gestion du <CTRL>+<ALT>+<SUPPR> et des Magic SysReq Keys
1585
# On supprime la gestion du <CTRL>+<ALT>+<SUPPR> et des Magic SysReq Keys
1584
# ???	$SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver
1586
# ???	$SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver
1585
# modification /etc/inittab
1587
# modification /etc/inittab
1586
	[ -e /etc/inittab.default ] || cp /etc/inittab /etc/inittab.default
1588
	[ -e /etc/inittab.default ] || cp /etc/inittab /etc/inittab.default
1587
# We keep only 3 TTYs
1589
# We keep only 3 TTYs
1588
	$SED "s?^4.*?#&?g" /etc/inittab
1590
	$SED "s?^4.*?#&?g" /etc/inittab
1589
	$SED "s?^5.*?#&?g" /etc/inittab
1591
	$SED "s?^5.*?#&?g" /etc/inittab
1590
	$SED "s?^6.*?#&?g" /etc/inittab
1592
	$SED "s?^6.*?#&?g" /etc/inittab
1591
# switch to multi-users runlevel (instead of x11)
1593
# switch to multi-users runlevel (instead of x11)
1592
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
1594
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
1593
$SED "s?^id.*?id:3:initdefault:?g" /etc/inittab
1595
$SED "s?^id.*?id:3:initdefault:?g" /etc/inittab
1594
#	GRUB modifications
1596
#	GRUB modifications
1595
# limit wait time to 3s
1597
# limit wait time to 3s
1596
# create an alcasar entry instead of linux-nonfb
1598
# create an alcasar entry instead of linux-nonfb
1597
# change display to 1024*768 (vga791)
1599
# change display to 1024*768 (vga791)
1598
$SED "s?^timeout.*?timeout 3?g" /boot/grub/menu.lst
1600
$SED "s?^timeout.*?timeout 3?g" /boot/grub/menu.lst
1599
$SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst
1601
$SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst
1600
$SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst
1602
$SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst
1601
$SED "/^kernel/s/vga=.*/vga=791/" /boot/grub/menu.lst
1603
$SED "/^kernel/s/vga=.*/vga=791/" /boot/grub/menu.lst
1602
$SED "/^kernel/s/BOOT_IMAGE=linux /BOOT_IMAGE=linux-nonfb /" /boot/grub/menu.lst
1604
$SED "/^kernel/s/BOOT_IMAGE=linux /BOOT_IMAGE=linux-nonfb /" /boot/grub/menu.lst
1603
$SED "/^gfxmenu/d" /boot/grub/menu.lst
1605
$SED "/^gfxmenu/d" /boot/grub/menu.lst
1604
 
1606
 
1605
# Remove unused services and users
1607
# Remove unused services and users
1606
for old_svc in alsa sound dm
1608
for old_svc in alsa sound dm
1607
do
1609
do
1608
	/sbin/chkconfig --del $old_svc
1610
	/sbin/chkconfig --del $old_svc
1609
done
1611
done
1610
for svc in snmpd.service sshd.service
1612
for svc in snmpd.service sshd.service
1611
do
1613
do
1612
	/bin/systemctl disable $svc
1614
	/bin/systemctl disable $svc
1613
done
1615
done
1614
for rm_users in avahi-autoipd avahi icapd
1616
for rm_users in avahi-autoipd avahi icapd
1615
do
1617
do
1616
	user=`cat /etc/passwd|grep $rm_users|cut -d":" -f1`
1618
	user=`cat /etc/passwd|grep $rm_users|cut -d":" -f1`
1617
	if [ "$user" == "$rm_users" ]
1619
	if [ "$user" == "$rm_users" ]
1618
	then
1620
	then
1619
		/usr/sbin/userdel -f $rm_users
1621
		/usr/sbin/userdel -f $rm_users
1620
	fi
1622
	fi
1621
done
1623
done
1622
# Load and apply the previous conf file
1624
# Load and apply the previous conf file
1623
if [ "$mode" = "update" ]
1625
if [ "$mode" = "update" ]
1624
then
1626
then
1625
	$DIR_DEST_BIN/alcasar-conf.sh --load
1627
	$DIR_DEST_BIN/alcasar-conf.sh --load
1626
	PARENT_SCRIPT=`basename $0`
1628
	PARENT_SCRIPT=`basename $0`
1627
	export PARENT_SCRIPT # to avoid stop&start process during the installation process
1629
	export PARENT_SCRIPT # to avoid stop&start process during the installation process
1628
	$DIR_DEST_BIN/alcasar-conf.sh --apply
1630
	$DIR_DEST_BIN/alcasar-conf.sh --apply
1629
	$SED "s?^INSTALL_DATE=.*?INSTALL_DATE=$DATE?g" $CONF_FILE
1631
	$SED "s?^INSTALL_DATE=.*?INSTALL_DATE=$DATE?g" $CONF_FILE
1630
	$SED "s?^VERSION=.*?VERSION=$VERSION?g" $CONF_FILE
1632
	$SED "s?^VERSION=.*?VERSION=$VERSION?g" $CONF_FILE
1631
fi
1633
fi
1632
rm -f /tmp/alcasar-conf*
1634
rm -f /tmp/alcasar-conf*
1633
chown -R root:apache $DIR_DEST_ETC/*
1635
chown -R root:apache $DIR_DEST_ETC/*
1634
chmod -R 660 $DIR_DEST_ETC/*
1636
chmod -R 660 $DIR_DEST_ETC/*
1635
chmod ug+x $DIR_DEST_ETC/digest
1637
chmod ug+x $DIR_DEST_ETC/digest
1636
 
1638
 
1637
# Fix the Mageia bug in function "/etc/sysconfig/network-scripts/network-functions"
1639
# Fix the Mageia bug in function "/etc/sysconfig/network-scripts/network-functions"
1638
[ -e /sbin/ethtool ]  || ln -s /usr/sbin/ethtool /sbin/ethtool
1640
[ -e /sbin/ethtool ]  || ln -s /usr/sbin/ethtool /sbin/ethtool
1639
 
1641
 
1640
# Apply and save the firewall rules
1642
# Apply and save the firewall rules
1641
 	sh $DIR_DEST_BIN/alcasar-iptables.sh
1643
 	sh $DIR_DEST_BIN/alcasar-iptables.sh
1642
	sleep 2
1644
	sleep 2
1643
	cd $DIR_INSTALL
1645
	cd $DIR_INSTALL
1644
	echo ""
1646
	echo ""
1645
	echo "#############################################################################"
1647
	echo "#############################################################################"
1646
	if [ $Lang == "fr" ]
1648
	if [ $Lang == "fr" ]
1647
		then
1649
		then
1648
		echo "#                        Fin d'installation d'ALCASAR                       #"
1650
		echo "#                        Fin d'installation d'ALCASAR                       #"
1649
		echo "#                                                                           #"
1651
		echo "#                                                                           #"
1650
		echo "#         Application Libre pour le Contrôle Authentifié et Sécurisé        #"
1652
		echo "#         Application Libre pour le Contrôle Authentifié et Sécurisé        #"
1651
		echo "#                     des Accès au Réseau ( ALCASAR )                       #"
1653
		echo "#                     des Accès au Réseau ( ALCASAR )                       #"
1652
		echo "#                                                                           #"
1654
		echo "#                                                                           #"
1653
		echo "#############################################################################"
1655
		echo "#############################################################################"
1654
		echo
1656
		echo
1655
		echo "- ALCASAR sera fonctionnel après redémarrage du système"
1657
		echo "- ALCASAR sera fonctionnel après redémarrage du système"
1656
		echo
1658
		echo
1657
		echo "- Lisez attentivement la documentation d'exploitation"
1659
		echo "- Lisez attentivement la documentation d'exploitation"
1658
		echo
1660
		echo
1659
		echo "- Le centre de controle d'ALCASAR (ACC) est à l'adresse http://alcasar"
1661
		echo "- Le centre de controle d'ALCASAR (ACC) est à l'adresse http://alcasar"
1660
		echo
1662
		echo
1661
		echo "                   Appuyez sur 'Entrée' pour continuer"
1663
		echo "                   Appuyez sur 'Entrée' pour continuer"
1662
	else	
1664
	else	
1663
		echo "#                        Enf of ALCASAR install process                     #"
1665
		echo "#                        Enf of ALCASAR install process                     #"
1664
		echo "#                                                                           #"
1666
		echo "#                                                                           #"
1665
		echo "#         Application Libre pour le Contrôle Authentifié et Sécurisé        #"
1667
		echo "#         Application Libre pour le Contrôle Authentifié et Sécurisé        #"
1666
		echo "#                     des Accès au Réseau ( ALCASAR )                       #"
1668
		echo "#                     des Accès au Réseau ( ALCASAR )                       #"
1667
		echo "#                                                                           #"
1669
		echo "#                                                                           #"
1668
		echo "#############################################################################"
1670
		echo "#############################################################################"
1669
		echo
1671
		echo
1670
		echo "- The system will be rebooted in order to operate ALCASAR"
1672
		echo "- The system will be rebooted in order to operate ALCASAR"
1671
		echo
1673
		echo
1672
		echo "- Read the exploitation documentation"
1674
		echo "- Read the exploitation documentation"
1673
		echo
1675
		echo
1674
		echo "- The ALCASAR Control Center (ACC) is at http://alcasar"
1676
		echo "- The ALCASAR Control Center (ACC) is at http://alcasar"
1675
		echo
1677
		echo
1676
		echo "                   Hit 'Enter' to continue"
1678
		echo "                   Hit 'Enter' to continue"
1677
	fi
1679
	fi
1678
	sleep 2
1680
	sleep 2
1679
	if [ "$mode" != "update" ]
1681
	if [ "$mode" != "update" ]
1680
	then
1682
	then
1681
		read a
1683
		read a
1682
	fi
1684
	fi
1683
	clear
1685
	clear
1684
 
1686
 
1685
	reboot
1687
	reboot
1686
} # End post_install ()
1688
} # End post_install ()
1687
 
1689
 
1688
#################################
1690
#################################
1689
#  	Main Install loop  	#
1691
#  	Main Install loop  	#
1690
#################################
1692
#################################
1691
dir_exec=`dirname "$0"`
1693
dir_exec=`dirname "$0"`
1692
if [ $dir_exec != "." ]
1694
if [ $dir_exec != "." ]
1693
then
1695
then
1694
	echo "Lancez ce programme depuis le répertoire de l'archive d'ALCASAR"
1696
	echo "Lancez ce programme depuis le répertoire de l'archive d'ALCASAR"
1695
	echo "Launch this program from the ALCASAR archive directory"
1697
	echo "Launch this program from the ALCASAR archive directory"
1696
	exit 0
1698
	exit 0
1697
fi
1699
fi
1698
VERSION=`cat $DIR_INSTALL/VERSION`
1700
VERSION=`cat $DIR_INSTALL/VERSION`
1699
usage="Usage: alcasar.sh {-i or --install} | {-u or --uninstall}"
1701
usage="Usage: alcasar.sh {-i or --install} | {-u or --uninstall}"
1700
nb_args=$#
1702
nb_args=$#
1701
args=$1
1703
args=$1
1702
if [ $nb_args -eq 0 ]
1704
if [ $nb_args -eq 0 ]
1703
then
1705
then
1704
	nb_args=1
1706
	nb_args=1
1705
	args="-h"
1707
	args="-h"
1706
fi
1708
fi
1707
chmod -R u+x $DIR_SCRIPTS/*
1709
chmod -R u+x $DIR_SCRIPTS/*
1708
case $args in
1710
case $args in
1709
	-\? | -h* | --h*)
1711
	-\? | -h* | --h*)
1710
		echo "$usage"
1712
		echo "$usage"
1711
		exit 0
1713
		exit 0
1712
		;;
1714
		;;
1713
	-i | --install)
1715
	-i | --install)
1714
		license
1716
		license
1715
		header_install
1717
		header_install
1716
		testing
1718
		testing
1717
# Test if ALCASAR is already installed
1719
# Test if ALCASAR is already installed
1718
		if [ -e $DIR_WEB/VERSION ]
1720
		if [ -e $DIR_WEB/VERSION ]
1719
		then
1721
		then
1720
			actual_version=`cat $DIR_WEB/VERSION`
1722
			actual_version=`cat $DIR_WEB/VERSION`
1721
			if [ $Lang == "fr" ]
1723
			if [ $Lang == "fr" ]
1722
				then echo -n "La version "; echo -n $actual_version ; echo " d'ALCASAR est déjà installée";
1724
				then echo -n "La version "; echo -n $actual_version ; echo " d'ALCASAR est déjà installée";
1723
				else echo -n "ALCASAR Version "; echo -n $actual_version ; echo " is already installed";
1725
				else echo -n "ALCASAR Version "; echo -n $actual_version ; echo " is already installed";
1724
			fi
1726
			fi
1725
			response=0
1727
			response=0
1726
			PTN='^[oOnNyY]$'
1728
			PTN='^[oOnNyY]$'
1727
			until [[ $(expr $response : $PTN) -gt 0 ]]
1729
			until [[ $(expr $response : $PTN) -gt 0 ]]
1728
			do
1730
			do
1729
				if [ $Lang == "fr" ]
1731
				if [ $Lang == "fr" ]
1730
					then echo -n "Voulez-vous effectuer une mise à jour (O/n)? ";
1732
					then echo -n "Voulez-vous effectuer une mise à jour (O/n)? ";
1731
					else echo -n "Do you want to update (Y/n)?";
1733
					else echo -n "Do you want to update (Y/n)?";
1732
				 fi
1734
				 fi
1733
				read response
1735
				read response
1734
			done
1736
			done
1735
			if [ "$response" = "n" ] || [ "$response" = "N" ] 
1737
			if [ "$response" = "n" ] || [ "$response" = "N" ] 
1736
			then
1738
			then
1737
				rm -f /tmp/alcasar-conf*
1739
				rm -f /tmp/alcasar-conf*
1738
			else
1740
			else
1739
# Create a backup of running version importants files
1741
# Create a backup of running version importants files
1740
				$DIR_SCRIPTS/alcasar-conf.sh --create
1742
				$DIR_SCRIPTS/alcasar-conf.sh --create
1741
				mode="update"
1743
				mode="update"
1742
			fi
1744
			fi
1743
		fi
1745
		fi
1744
# RPMs install
1746
# RPMs install
1745
		$DIR_SCRIPTS/alcasar-urpmi.sh
1747
		$DIR_SCRIPTS/alcasar-urpmi.sh
-
 
1748
		echo "Mise à jour des modules noyau installés"		
-
 
1749
		#depmod -a
1746
		if [ "$?" != "0" ]
1750
		if [ "$?" != "0" ]
1747
		then
1751
		then
1748
			exit 0
1752
			exit 0
1749
		fi
1753
		fi
1750
		if [ -e $DIR_WEB/VERSION ]
1754
		if [ -e $DIR_WEB/VERSION ]
1751
		then
1755
		then
1752
# Uninstall the running version
1756
# Uninstall the running version
1753
			$DIR_SCRIPTS/sbin/alcasar-uninstall.sh
1757
			$DIR_SCRIPTS/sbin/alcasar-uninstall.sh
1754
		fi
1758
		fi
1755
# Test if manual update	
1759
# Test if manual update	
1756
		if [ -e /tmp/alcasar-conf*.tar.gz ] && [ "$mode" != "update" ]
1760
		if [ -e /tmp/alcasar-conf*.tar.gz ] && [ "$mode" != "update" ]
1757
		then
1761
		then
1758
			header_install
1762
			header_install
1759
			if [ $Lang == "fr" ]
1763
			if [ $Lang == "fr" ]
1760
				then echo "Le fichier de configuration d'une ancienne version a été trouvé";
1764
				then echo "Le fichier de configuration d'une ancienne version a été trouvé";
1761
				else echo "The configuration file of an old version has been found";
1765
				else echo "The configuration file of an old version has been found";
1762
			fi
1766
			fi
1763
			response=0
1767
			response=0
1764
			PTN='^[oOnNyY]$'
1768
			PTN='^[oOnNyY]$'
1765
			until [[ $(expr $response : $PTN) -gt 0 ]]
1769
			until [[ $(expr $response : $PTN) -gt 0 ]]
1766
			do
1770
			do
1767
				if [ $Lang == "fr" ]
1771
				if [ $Lang == "fr" ]
1768
					then echo -n "Voulez-vous l'utiliser (O/n)? ";
1772
					then echo -n "Voulez-vous l'utiliser (O/n)? ";
1769
					else echo -n "Do you want to use it (Y/n)?";
1773
					else echo -n "Do you want to use it (Y/n)?";
1770
				 fi
1774
				 fi
1771
				read response
1775
				read response
1772
				if [ "$response" = "n" ] || [ "$response" = "N" ] 
1776
				if [ "$response" = "n" ] || [ "$response" = "N" ] 
1773
				then rm -f /tmp/alcasar-conf*
1777
				then rm -f /tmp/alcasar-conf*
1774
				fi
1778
				fi
1775
			done
1779
			done
1776
		fi
1780
		fi
1777
# Test if update
1781
# Test if update
1778
		if [ -e /tmp/alcasar-conf* ] 
1782
		if [ -e /tmp/alcasar-conf* ] 
1779
		then
1783
		then
1780
			if [ $Lang == "fr" ]
1784
			if [ $Lang == "fr" ]
1781
				then echo "#### Installation avec mise à jour ####";
1785
				then echo "#### Installation avec mise à jour ####";
1782
				else echo "#### Installation with update     ####";
1786
				else echo "#### Installation with update     ####";
1783
			fi
1787
			fi
1784
# Extract the central configuration file
1788
# Extract the central configuration file
1785
			tar -xf /tmp/alcasar-conf* conf/etc/alcasar.conf 
1789
			tar -xf /tmp/alcasar-conf* conf/etc/alcasar.conf 
1786
			ORGANISME=`grep ORGANISM conf/etc/alcasar.conf|cut -d"=" -f2`
1790
			ORGANISME=`grep ORGANISM conf/etc/alcasar.conf|cut -d"=" -f2`
1787
			PREVIOUS_VERSION=`grep VERSION conf/etc/alcasar.conf|cut -d"=" -f2`
1791
			PREVIOUS_VERSION=`grep VERSION conf/etc/alcasar.conf|cut -d"=" -f2`
1788
			MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
1792
			MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
1789
			MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
1793
			MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
1790
			UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
1794
			UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
1791
			mode="update"
1795
			mode="update"
1792
		else
1796
		else
1793
			mode="install"
1797
			mode="install"
1794
		fi
1798
		fi
1795
		for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_awstats param_dnsmasq BL cron post_install
1799
		for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron post_install
1796
		do
1800
		do
1797
			$func
1801
			$func
1798
# echo "*** 'debug' : end of function $func ***"; read a
1802
# echo "*** 'debug' : end of function $func ***"; read a
1799
		done
1803
		done
1800
		;;
1804
		;;
1801
	-u | --uninstall)
1805
	-u | --uninstall)
1802
		if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]
1806
		if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]
1803
		then
1807
		then
1804
			if [ $Lang == "fr" ]
1808
			if [ $Lang == "fr" ]
1805
				then echo "ALCASAR n'est pas installé!";
1809
				then echo "ALCASAR n'est pas installé!";
1806
				else echo "ALCASAR isn't installed!";
1810
				else echo "ALCASAR isn't installed!";
1807
			fi
1811
			fi
1808
			exit 0
1812
			exit 0
1809
		fi
1813
		fi
1810
		response=0
1814
		response=0
1811
		PTN='^[oOnN]$'
1815
		PTN='^[oOnN]$'
1812
		until [[ $(expr $response : $PTN) -gt 0 ]]
1816
		until [[ $(expr $response : $PTN) -gt 0 ]]
1813
		do
1817
		do
1814
			if [ $Lang == "fr" ]
1818
			if [ $Lang == "fr" ]
1815
				then echo -n "Voulez-vous créer le fichier de configuration de la version actuelle (0/n)? ";
1819
				then echo -n "Voulez-vous créer le fichier de configuration de la version actuelle (0/n)? ";
1816
				else echo -n "Do you want to create the running version configuration file (Y/n)? ";
1820
				else echo -n "Do you want to create the running version configuration file (Y/n)? ";
1817
			fi
1821
			fi
1818
			read response
1822
			read response
1819
		done
1823
		done
1820
		if [ "$response" = "o" ] || [ "$response" = "O" ] || [ "$response" = "Y" ] || [ "$response" = "y" ]
1824
		if [ "$response" = "o" ] || [ "$response" = "O" ] || [ "$response" = "Y" ] || [ "$response" = "y" ]
1821
		then
1825
		then
1822
			$DIR_SCRIPTS/alcasar-conf.sh --create
1826
			$DIR_SCRIPTS/alcasar-conf.sh --create
1823
		else	
1827
		else	
1824
			rm -f /tmp/alcasar-conf*
1828
			rm -f /tmp/alcasar-conf*
1825
		fi
1829
		fi
1826
# Uninstall the running version
1830
# Uninstall the running version
1827
		$DIR_SCRIPTS/sbin/alcasar-uninstall.sh
1831
		$DIR_SCRIPTS/sbin/alcasar-uninstall.sh
1828
		;;
1832
		;;
1829
	*)
1833
	*)
1830
		echo "Argument inconnu :$1";
1834
		echo "Argument inconnu :$1";
1831
		echo "Unknown argument :$1";
1835
		echo "Unknown argument :$1";
1832
		echo "$usage"
1836
		echo "$usage"
1833
		exit 1
1837
		exit 1
1834
		;;
1838
		;;
1835
esac
1839
esac
1836
# end of script
1840
# end of script
1837
 
1841
 
1838
 
1842