| Line 1... |
Line 1... |
| 1 |
#!/bin/sh
|
1 |
#!/bin/sh
|
| 2 |
# $Id: alcasar.sh 472 2011-02-02 23:01:55Z richard $
|
2 |
# $Id: alcasar.sh 476 2011-02-06 20:31:31Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 926... |
Line 926... |
| 926 |
then
|
926 |
then
|
| 927 |
userdel -r havp
|
927 |
userdel -r havp
|
| 928 |
fi
|
928 |
fi
|
| 929 |
groupadd -f havp
|
929 |
groupadd -f havp
|
| 930 |
useradd -g havp havp
|
930 |
useradd -g havp havp
|
| 931 |
# création de la partition de stockage temporaire (100Mo)
|
931 |
# création de la zone de travail temporaire (50Mo) en mémoire
|
| 932 |
dd if=/dev/zero of=/tmp/havp-disk bs=1024k count=30
|
932 |
mkdir -p /var/tmp/havp /var/log/havp
|
| 933 |
mkfs.ext4 -qF /tmp/havp-disk
|
933 |
chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
|
| 934 |
echo "# Entry for havp tmp files scan partition" >> /etc/fstab
|
934 |
echo "# Entry for havp tmp files scan partition" >> /etc/fstab
|
| 935 |
echo "/tmp/havp-disk /var/tmp/havp ext4 loop,mand,noatime,async" >> /etc/fstab
|
935 |
echo "tmpfs /var/tmp/havp tmpfs mand,noatime,size=50m,nosuid,noexec 0 0" >> /etc/fstab
|
| 936 |
$SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp
|
936 |
$SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp
|
| 937 |
mkdir -p /var/tmp/havp /var/log/havp
|
- |
|
| 938 |
chown -R havp /var/log/havp /var/run/havp
|
- |
|
| 939 |
# configuration d'HAVP
|
937 |
# configuration d'HAVP
|
| 940 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
|
938 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
|
| 941 |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
|
939 |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
|
| 942 |
$SED "s?^# PARENTPROXY.*?PARENTPROXY 127.0.0.1?g" /etc/havp/havp.config
|
940 |
$SED "s?^# PARENTPROXY.*?PARENTPROXY 127.0.0.1?g" /etc/havp/havp.config
|
| 943 |
$SED "s?^# PARENTPORT.*?PARENTPORT 3128?g" /etc/havp/havp.config
|
941 |
$SED "s?^# PARENTPORT.*?PARENTPORT 3128?g" /etc/havp/havp.config
|
| Line 960... |
Line 958... |
| 960 |
|
958 |
|
| 961 |
##################################################################################
|
959 |
##################################################################################
|
| 962 |
## Fonction firewall ##
|
960 |
## Fonction firewall ##
|
| 963 |
## - adaptation des scripts du parefeu ##
|
961 |
## - adaptation des scripts du parefeu ##
|
| 964 |
## - mise en place des règles et sauvegarde pour un lancement automatique ##
|
962 |
## - mise en place des règles et sauvegarde pour un lancement automatique ##
|
| 965 |
## - configuration Ulogd ##
|
- |
|
| 966 |
##################################################################################
|
963 |
##################################################################################
|
| 967 |
firewall ()
|
964 |
firewall ()
|
| 968 |
{
|
965 |
{
|
| 969 |
$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
|
966 |
$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
|
| 970 |
$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
|
967 |
$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
|
| 971 |
$SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
|
968 |
$SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
|
| 972 |
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
|
969 |
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
|
| 973 |
chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
|
970 |
chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
|
| 974 |
[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
|
- |
|
| 975 |
[ -e /var/log/firewall/firewall.log ] || touch /var/log/firewall/firewall.log
|
- |
|
| 976 |
chown -R root:apache /var/log/firewall
|
- |
|
| 977 |
chmod 750 /var/log/firewall
|
- |
|
| 978 |
chmod 640 /var/log/firewall/firewall.log
|
- |
|
| 979 |
$SED "s?^file=\"/var/log/ulogd.syslogemu\"?file=\"/var/log/firewall/firewall.log\"?g" /etc/ulogd.conf
|
- |
|
| 980 |
# création du fichier d'exception au filtrage
|
971 |
# création du fichier d'exception au filtrage
|
| 981 |
touch /usr/local/etc/alcasar-filter-exceptions
|
972 |
touch /usr/local/etc/alcasar-filter-exceptions
|
| 982 |
sh $DIR_DEST_BIN/alcasar-iptables.sh
|
973 |
sh $DIR_DEST_BIN/alcasar-iptables.sh
|
| 983 |
} # End of firewall ()
|
974 |
} # End of firewall ()
|
| 984 |
|
975 |
|
| 985 |
##################################################################################
|
976 |
##################################################################################
|
| - |
|
977 |
## param_ulogd function ##
|
| - |
|
978 |
## - Ulog config for multi-log files ##
|
| - |
|
979 |
##################################################################################
|
| - |
|
980 |
param_ulogd ()
|
| - |
|
981 |
{
|
| - |
|
982 |
# Three instances of ulogd (three different logfiles)
|
| - |
|
983 |
[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
|
| - |
|
984 |
[ -e /var/log/firewall/tracability.log ] || touch /var/log/firewall/tracability.log
|
| - |
|
985 |
[ -e /var/log/firewall/ssh.log ] || touch /var/log/firewall/ssh.log
|
| - |
|
986 |
[ -e /var/log/firewall/ext-access.log ] || touch /var/log/firewall/ext-access.log
|
| - |
|
987 |
chown -R root:apache /var/log/firewall
|
| - |
|
988 |
chmod 750 /var/log/firewall
|
| - |
|
989 |
chmod 640 /var/log/firewall/*
|
| - |
|
990 |
cat <<EOF > /etc/ulogd-tracability.conf
|
| - |
|
991 |
# ulogd configuration for ALCASAR
|
| - |
|
992 |
[global]
|
| - |
|
993 |
nlgroup=1
|
| - |
|
994 |
logfile="/var/log/ulogd.log"
|
| - |
|
995 |
loglevel=5
|
| - |
|
996 |
rmem=131071
|
| - |
|
997 |
bufsize=150000
|
| - |
|
998 |
plugin="/usr/lib/ulogd/ulogd_BASE.so"
|
| - |
|
999 |
plugin="/usr/lib/ulogd/ulogd_LOGEMU.so"
|
| - |
|
1000 |
[LOGEMU]
|
| - |
|
1001 |
file="/var/log/firewall/tracability.log"
|
| - |
|
1002 |
sync=1
|
| - |
|
1003 |
EOF
|
| - |
|
1004 |
cp -f /etc/ulogd-tracability.conf /etc/ulogd-ssh.conf
|
| - |
|
1005 |
$SED "s?^nlgroup=.*?nlgroup=2?g" /etc/ulogd-ssh.conf
|
| - |
|
1006 |
$SED "s?^file=\"/var/log/firewall/.*?file=\"/var/log/firewall/ssh.log\"?g" /etc/ulogd-ssh.conf
|
| - |
|
1007 |
cp -f /etc/ulogd-tracability.conf /etc/ulogd-ext-access.conf
|
| - |
|
1008 |
$SED "s?^nlgroup=.*?nlgroup=3?g" /etc/ulogd-ext-access.conf
|
| - |
|
1009 |
$SED "s?^file=\"/var/log/firewall/.*?file=\"/var/log/firewall/ext-access.log\"?g" /etc/ulogd-ext-access.conf
|
| - |
|
1010 |
[ -e /etc/init.d/ulogd.default ] || cp /etc/init.d/ulogd /etc/init.d/ulogd.default
|
| - |
|
1011 |
cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd
|
| - |
|
1012 |
} # End of param_ulogd ()
|
| - |
|
1013 |
|
| - |
|
1014 |
##################################################################################
|
| 986 |
## Fonction param_awstats ##
|
1015 |
## Fonction param_awstats ##
|
| 987 |
## - configuration de l'interface des logs de consultation WEB (AWSTAT) ##
|
1016 |
## - configuration de l'interface des logs de consultation WEB (AWSTAT) ##
|
| 988 |
##################################################################################
|
1017 |
##################################################################################
|
| 989 |
param_awstats()
|
1018 |
param_awstats()
|
| 990 |
{
|
1019 |
{
|
| Line 1353... |
Line 1382... |
| 1353 |
hostname `cat $DIR_CONF/hostname`
|
1382 |
hostname `cat $DIR_CONF/hostname`
|
| 1354 |
mode="update"
|
1383 |
mode="update"
|
| 1355 |
else
|
1384 |
else
|
| 1356 |
mode="install"
|
1385 |
mode="install"
|
| 1357 |
fi
|
1386 |
fi
|
| 1358 |
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus firewall param_awstats param_dnsmasq BL cron post_install
|
1387 |
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus firewall param_ulogd param_awstats param_dnsmasq BL cron post_install
|
| 1359 |
|
1388 |
|
| 1360 |
do
|
1389 |
do
|
| 1361 |
$func
|
1390 |
$func
|
| 1362 |
# echo "*** 'debug' : end of function $func ***"; read a
|
1391 |
# echo "*** 'debug' : end of function $func ***"; read a
|
| 1363 |
done
|
1392 |
done
|