| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 3219 2024-07-05 14:54:19Z rexy $
|
2 |
# $Id: alcasar.sh 3222 2024-07-17 09:56:42Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
4 |
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
| 5 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, lighttpd, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
|
5 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, lighttpd, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
|
| 6 |
# contact : info@alcasar.net
|
6 |
# contact : info@alcasar.net
|
| 7 |
|
7 |
|
| Line 448... |
Line 448... |
| 448 |
grub2pwd=`cat /dev/urandom | tr -dc '[:alnum:]' | head -c8`
|
448 |
grub2pwd=`cat /dev/urandom | tr -dc '[:alnum:]' | head -c8`
|
| 449 |
pbkdf2=`( echo $grub2pwd ; echo $grub2pwd ) | \
|
449 |
pbkdf2=`( echo $grub2pwd ; echo $grub2pwd ) | \
|
| 450 |
LC_ALL=C /usr/bin/grub2-mkpasswd-pbkdf2 | \
|
450 |
LC_ALL=C /usr/bin/grub2-mkpasswd-pbkdf2 | \
|
| 451 |
grep -v '[eE]nter password:' | \
|
451 |
grep -v '[eE]nter password:' | \
|
| 452 |
sed -e "s/PBKDF2 hash of your password is //"`
|
452 |
sed -e "s/PBKDF2 hash of your password is //"`
|
| - |
|
453 |
[ -e /etc/grub.d/default-40_custom ] || cp /etc/grub.d/40_custom /etc/grub.d/default-40_custom
|
| 453 |
echo "GRUB2_PASSWORD=$pbkdf2" > /boot/grub2/user.cfg
|
454 |
echo "set superusers=\"root\"" >> /etc/grub.d/40_custom
|
| 454 |
chmod 0600 /boot/grub2/user.cfg
|
455 |
echo "password_pbkdf2 root $pbkdf2" >> /etc/grub.d/40_custom
|
| 455 |
echo "# Login name and password to protect GRUB2 boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE
|
456 |
echo "# Login name and password to protect GRUB2 boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE
|
| 456 |
echo "GRUB2_user=root" >> $PASSWD_FILE
|
457 |
echo "GRUB2_user=root" >> $PASSWD_FILE
|
| 457 |
echo "GRUB2_password=$grub2pwd" >> $PASSWD_FILE
|
458 |
echo "GRUB2_password=$grub2pwd" >> $PASSWD_FILE
|
| 458 |
mysqlpwd=`cat /dev/urandom | tr -dc '[:alnum:]' | head -c16`
|
459 |
mysqlpwd=`cat /dev/urandom | tr -dc '[:alnum:]' | head -c16`
|
| 459 |
echo "# Login name and Password of MariaDB administrator:" >> $PASSWD_FILE
|
460 |
echo "# Login name and Password of MariaDB administrator:" >> $PASSWD_FILE
|
| Line 475... |
Line 476... |
| 475 |
# copy scripts in in /usr/local/bin
|
476 |
# copy scripts in in /usr/local/bin
|
| 476 |
cp -fr $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown -R root:root $DIR_DEST_BIN/alcasar* ; chmod -R 740 $DIR_DEST_BIN/alcasar*
|
477 |
cp -fr $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown -R root:root $DIR_DEST_BIN/alcasar* ; chmod -R 740 $DIR_DEST_BIN/alcasar*
|
| 477 |
# copy conf files in /usr/local/etc
|
478 |
# copy conf files in /usr/local/etc
|
| 478 |
cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown -R root:apache $DIR_DEST_ETC ; chmod 770 $DIR_DEST_ETC ; chmod 660 $DIR_DEST_ETC/alcasar*
|
479 |
cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown -R root:apache $DIR_DEST_ETC ; chmod 770 $DIR_DEST_ETC ; chmod 660 $DIR_DEST_ETC/alcasar*
|
| 479 |
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_BIN/alcasar-mysql.sh
|
480 |
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_BIN/alcasar-mysql.sh
|
| 480 |
# generate central conf file
|
481 |
# generate main conf file
|
| 481 |
cat <<EOF > $CONF_FILE
|
482 |
cat <<EOF > $CONF_FILE
|
| 482 |
##########################################
|
483 |
##########################################
|
| 483 |
## ##
|
484 |
## ##
|
| 484 |
## ALCASAR Parameters ##
|
485 |
## ALCASAR Parameters ##
|
| 485 |
## ##
|
486 |
## ##
|
| Line 2199... |
Line 2200... |
| 2199 |
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
2200 |
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
| 2200 |
# disable Core dump file
|
2201 |
# disable Core dump file
|
| 2201 |
[ -e /etc/security/limits.conf.default ] || cp /etc/security/limits.conf /etc/security/limits.conf.default
|
2202 |
[ -e /etc/security/limits.conf.default ] || cp /etc/security/limits.conf /etc/security/limits.conf.default
|
| 2202 |
$SED "/^# End of file.*/i*\tsoft\tcore\t0\n*\thard\tcore\t0" /etc/security/limits.conf
|
2203 |
$SED "/^# End of file.*/i*\tsoft\tcore\t0\n*\thard\tcore\t0" /etc/security/limits.conf
|
| 2203 |
# GRUB2 modifications (Wait time : 3s - ALCASAR entry - VGA=791 - Change the default banner
|
2204 |
# GRUB2 modifications (Wait time : 3s - ALCASAR entry - VGA=791 - Change the default banner
|
| 2204 |
[ -e /etc/default/grub.default ] || cp /etc/default/grub /etc/default/grub.default
|
2205 |
[ -e /etc/default/grub.default ] || cp /etc/default/grub /etc/default/grub.default
|
| 2205 |
$SED "s?^GRUB_TIMEOUT=.*?GRUB_TIMEOUT=3?g" /etc/default/grub
|
2206 |
$SED "s?^GRUB_TIMEOUT=.*?GRUB_TIMEOUT=3?g" /etc/default/grub
|
| 2206 |
$SED "s?^GRUB_DISTRIBUTOR=.*?GRUB_DISTRIBUTOR=ALCASAR?g" /etc/default/grub
|
2207 |
$SED "s?^GRUB_DISTRIBUTOR=.*?GRUB_DISTRIBUTOR=ALCASAR?g" /etc/default/grub
|
| 2207 |
[ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default
|
2208 |
[ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default
|
| 2208 |
vm_vga=`lsmod | grep -c -E "virtio|vmwgfx"` # test if in VM
|
2209 |
vm_vga=`lsmod | grep -c -E "virtio|vmwgfx"` # test if in VM
|
| 2209 |
if [ $vm_vga == 0 ] # is not a VM
|
2210 |
if [ $vm_vga == 0 ] # is not a VM
|