Subversion Repositories ALCASAR

Rev

Rev 988 | Rev 994 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 988 Rev 990
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 988 2012-08-20 21:33:01Z franck $ 
2
#  $Id: alcasar.sh 990 2012-08-24 22:47:27Z franck $ 
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
 
5
 
6
# ALCASAR - Portail captif d'accès à l'Internet -  Copyright (C) [2005] [ALcasar team - Rexy - 3abtux - ...] 
6
# ALCASAR - Portail captif d'accès à l'Internet -  Copyright (C) [2005] [ALcasar team - Rexy - 3abtux - ...] 
7
# Ce programme est un logiciel libre ; vous pouvez le redistribuer et/ou le modifier au titre des clauses de la Licence Publique Générale GNU, 
7
# Ce programme est un logiciel libre ; vous pouvez le redistribuer et/ou le modifier au titre des clauses de la Licence Publique Générale GNU, 
Line 542... Line 542...
542
	$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
542
	$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
543
	$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
543
	$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
544
	$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
544
	$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
545
	$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
545
	$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
546
	$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
546
	$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
-
 
547
	$SED "s?LoadModule speling_module.*?LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/httpd.conf
547
	FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
548
	FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
548
	$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF
549
	$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF
549
	$SED "s?background-color.*?background-color: #EFEFEF; }?g" /var/www/error/include/top.html
550
	$SED "s?background-color.*?background-color: #EFEFEF; }?g" /var/www/error/include/top.html
550
	[ -e /var/www/error/include/bottom.html.default ] || mv /var/www/error/include/bottom.html /var/www/error/include/bottom.html.default
551
	[ -e /var/www/error/include/bottom.html.default ] || mv /var/www/error/include/bottom.html /var/www/error/include/bottom.html.default
551
	cat <<EOF > /var/www/error/include/bottom.html
552
	cat <<EOF > /var/www/error/include/bottom.html
Line 622... Line 623...
622
	AllowOverride None
623
	AllowOverride None
623
	Order deny,allow
624
	Order deny,allow
624
	Deny from all
625
	Deny from all
625
	Allow from 127.0.0.1
626
	Allow from 127.0.0.1
626
	Allow from $PRIVATE_NETWORK_MASK
627
	Allow from $PRIVATE_NETWORK_MASK
-
 
628
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
627
	require valid-user
629
	require valid-user
628
	AuthType digest
630
	AuthType digest
629
	AuthName $HOSTNAME
631
	AuthName $HOSTNAME
630
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
632
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
631
	AuthUserFile $DIR_DEST_ETC/digest/key_all
633
	AuthUserFile $DIR_DEST_ETC/digest/key_all
Line 636... Line 638...
636
	AllowOverride None
638
	AllowOverride None
637
	Order deny,allow
639
	Order deny,allow
638
	Deny from all
640
	Deny from all
639
	Allow from 127.0.0.1
641
	Allow from 127.0.0.1
640
	Allow from $PRIVATE_NETWORK_MASK
642
	Allow from $PRIVATE_NETWORK_MASK
-
 
643
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
641
	require valid-user
644
	require valid-user
642
	AuthType digest
645
	AuthType digest
643
	AuthName $HOSTNAME
646
	AuthName $HOSTNAME
644
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
647
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
645
	AuthUserFile $DIR_DEST_ETC/digest/key_admin
648
	AuthUserFile $DIR_DEST_ETC/digest/key_admin
Line 650... Line 653...
650
	AllowOverride None
653
	AllowOverride None
651
	Order deny,allow
654
	Order deny,allow
652
	Deny from all
655
	Deny from all
653
	Allow from 127.0.0.1
656
	Allow from 127.0.0.1
654
	Allow from $PRIVATE_NETWORK_MASK
657
	Allow from $PRIVATE_NETWORK_MASK
-
 
658
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
655
	require valid-user
659
	require valid-user
656
	AuthType digest
660
	AuthType digest
657
	AuthName $HOSTNAME
661
	AuthName $HOSTNAME
658
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
662
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
659
	AuthUserFile $DIR_DEST_ETC/digest/key_manager
663
	AuthUserFile $DIR_DEST_ETC/digest/key_manager
Line 664... Line 668...
664
	AllowOverride None
668
	AllowOverride None
665
	Order deny,allow
669
	Order deny,allow
666
	Deny from all
670
	Deny from all
667
	Allow from 127.0.0.1
671
	Allow from 127.0.0.1
668
	Allow from $PRIVATE_NETWORK_MASK
672
	Allow from $PRIVATE_NETWORK_MASK
-
 
673
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
669
	require valid-user
674
	require valid-user
670
	AuthType digest
675
	AuthType digest
671
	AuthName $HOSTNAME
676
	AuthName $HOSTNAME
672
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
677
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
673
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
678
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
Line 679... Line 684...
679
	Options Indexes
684
	Options Indexes
680
	Order deny,allow
685
	Order deny,allow
681
	Deny from all
686
	Deny from all
682
	Allow from 127.0.0.1
687
	Allow from 127.0.0.1
683
	Allow from $PRIVATE_NETWORK_MASK
688
	Allow from $PRIVATE_NETWORK_MASK
-
 
689
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
684
	require valid-user
690
	require valid-user
685
	AuthType digest
691
	AuthType digest
686
	AuthName $HOSTNAME
692
	AuthName $HOSTNAME
687
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
693
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
688
	ErrorDocument 404 https://$HOSTNAME/
694
	ErrorDocument 404 https://$HOSTNAME/
Line 1120... Line 1126...
1120
# configuration d'HAVP
1126
# configuration d'HAVP
1121
	[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
1127
	[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
1122
	$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
1128
	$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
1123
	$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config				# datas come on 8090			
1129
	$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config				# datas come on 8090			
1124
	$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config	# we listen only on loopback
1130
	$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config	# we listen only on loopback
-
 
1131
	$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config	# Log format
1125
	$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config		# active libclamav AV
1132
	$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config		# active libclamav AV
1126
	$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config			# log only when malware matches
1133
	$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config			# log only when malware matches
1127
	$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config		# 10 daemons are started simultaneously
1134
	$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config		# 10 daemons are started simultaneously
1128
	$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config		# doesn't scan image files
1135
	$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config		# doesn't scan image files
1129
	$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
1136
	$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
Line 1213... Line 1220...
1213
	DirectoryIndex awstats.pl
1220
	DirectoryIndex awstats.pl
1214
	Order deny,allow
1221
	Order deny,allow
1215
	Deny from all
1222
	Deny from all
1216
	Allow from 127.0.0.1
1223
	Allow from 127.0.0.1
1217
	Allow from $PRIVATE_NETWORK_MASK
1224
	Allow from $PRIVATE_NETWORK_MASK
-
 
1225
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
1218
	require valid-user
1226
	require valid-user
1219
	AuthType digest
1227
	AuthType digest
1220
	AuthName $HOSTNAME
1228
	AuthName $HOSTNAME
1221
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
1229
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
1222
	AuthUserFile $DIR_DEST_ETC/digest/key_admin
1230
	AuthUserFile $DIR_DEST_ETC/digest/key_admin