Line 1... |
Line 1... |
1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
2 |
# $Id: alcasar.sh 2195 2017-05-02 14:51:01Z richard $
|
2 |
# $Id: alcasar.sh 2202 2017-05-06 13:35:14Z richard $
|
3 |
|
3 |
|
4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
5 |
|
5 |
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
Line 44... |
Line 44... |
44 |
# vnstat : little network stat daemon
|
44 |
# vnstat : little network stat daemon
|
45 |
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
|
45 |
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
|
46 |
# cron : Logs export + watchdog + connexion statistics
|
46 |
# cron : Logs export + watchdog + connexion statistics
|
47 |
# fail2ban : Fail2ban IDS installation and configuration
|
47 |
# fail2ban : Fail2ban IDS installation and configuration
|
48 |
# gammu_smsd : Autoregister addon via SMS (gammu-smsd)
|
48 |
# gammu_smsd : Autoregister addon via SMS (gammu-smsd)
|
- |
|
49 |
# msec : Mandriva security package configuration
|
49 |
# post_install : Security, log rotation, etc.
|
50 |
# post_install : Security, log rotation, etc.
|
50 |
|
51 |
|
51 |
DATE=`date '+%d %B %Y - %Hh%M'`
|
52 |
DATE=`date '+%d %B %Y - %Hh%M'`
|
52 |
DATE_SHORT=`date '+%d/%m/%Y'`
|
53 |
DATE_SHORT=`date '+%d/%m/%Y'`
|
53 |
Lang=`echo $LANG|cut -c 1-2`
|
54 |
Lang=`echo $LANG|cut -c 1-2`
|
Line 1861... |
Line 1862... |
1861 |
KERNEL=="ttyUSB0",ATTRS{idVendor}=="12d1",RUN+="$DIR_DEST_BIN/alcasar-sms.sh --mode"
|
1862 |
KERNEL=="ttyUSB0",ATTRS{idVendor}=="12d1",RUN+="$DIR_DEST_BIN/alcasar-sms.sh --mode"
|
1862 |
EOF
|
1863 |
EOF
|
1863 |
|
1864 |
|
1864 |
} # END gammu_smsd()
|
1865 |
} # END gammu_smsd()
|
1865 |
|
1866 |
|
- |
|
1867 |
|
- |
|
1868 |
##################################################################
|
- |
|
1869 |
## Fonction "msec" ##
|
- |
|
1870 |
## - Application du niveau de sécurité fileserver ##
|
- |
|
1871 |
## - Désactiver l'autorisation de redémarrage ##
|
- |
|
1872 |
## - forcer les permissions sur les configurations ##
|
- |
|
1873 |
## - forcer les permissions sur les log ##
|
- |
|
1874 |
##################################################################
|
- |
|
1875 |
msec()
|
- |
|
1876 |
{
|
- |
|
1877 |
|
- |
|
1878 |
# Apply fileserver security level
|
- |
|
1879 |
$SED "s?BASE_LEVEL=.*?BASE_LEVEL=fileserver?g" /etc/security/msec/security.conf
|
- |
|
1880 |
# Disable Magic SysReq Keys
|
- |
|
1881 |
$SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver
|
- |
|
1882 |
|
- |
|
1883 |
|
- |
|
1884 |
# Configure permissions monitoring and enforcement
|
- |
|
1885 |
cat <<EOF > /etc/security/msec/perm.local
|
- |
|
1886 |
/var/log/firefwall/ root.apache 750
|
- |
|
1887 |
/var/log/firewall/* root.apache 640
|
- |
|
1888 |
/etc/security/msec/perm.local root.root 640
|
- |
|
1889 |
/etc/security/msec/level.local root.root 640
|
- |
|
1890 |
/etc/freeradius-web root.apache 750
|
- |
|
1891 |
/etc/freeradius-web/admin.conf root.apache 640
|
- |
|
1892 |
/etc/raddb/dictionnary root.apache 640
|
- |
|
1893 |
/etc/raddb/ldap.attrmap root.radius 640
|
- |
|
1894 |
/etc/raddb/hints root.radius 640
|
- |
|
1895 |
/etc/raddb/huntgroups root.radius 640
|
- |
|
1896 |
/etc/raddb/attrs.access_reject root.radius 640
|
- |
|
1897 |
/etc/raddb/attrs.accounting_response root.radius 640
|
- |
|
1898 |
/etc/raddb/acct_users root.raidus 640
|
- |
|
1899 |
/etc/raddb/preproxy_users root.radius 640
|
- |
|
1900 |
/etc/raddb/modules/ldap radius.apache 660
|
- |
|
1901 |
/etc/raddb/sites-available/alcasar radius.apache 660
|
- |
|
1902 |
/etc/pki/* root.apache 750
|
- |
|
1903 |
/var/log/netflow/porttracker apache.apache 770
|
- |
|
1904 |
/var/log/netflow/porttracker/* apache.apache 770
|
- |
|
1905 |
|
- |
|
1906 |
EOF
|
- |
|
1907 |
|
- |
|
1908 |
/usr/sbin/msec
|
- |
|
1909 |
|
- |
|
1910 |
} # END msec()
|
- |
|
1911 |
|
1866 |
##########################################################
|
1912 |
##################################################################
|
1867 |
## Fonction "post_install" ##
|
1913 |
## Fonction "post_install" ##
|
1868 |
## - Modifying banners (locals et ssh) & prompts ##
|
1914 |
## - Modifying banners (locals et ssh) & prompts ##
|
1869 |
## - SSH config ##
|
1915 |
## - SSH config ##
|
1870 |
## - sudoers config & files security ##
|
1916 |
## - sudoers config & files security ##
|
1871 |
## - log rotate & ANSSI security parameters ##
|
1917 |
## - log rotate & ANSSI security parameters ##
|
Line 2142... |
Line 2188... |
2142 |
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
|
2188 |
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
|
2143 |
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
|
2189 |
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
|
2144 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
|
2190 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
|
2145 |
mode="update"
|
2191 |
mode="update"
|
2146 |
fi
|
2192 |
fi
|
2147 |
for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd post_install
|
2193 |
for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec post_install
|
2148 |
do
|
2194 |
do
|
2149 |
$func
|
2195 |
$func
|
2150 |
# echo "*** 'debug' : end of function $func ***"; read a
|
2196 |
# echo "*** 'debug' : end of function $func ***"; read a
|
2151 |
done
|
2197 |
done
|
2152 |
;;
|
2198 |
;;
|