Subversion Repositories ALCASAR

Rev

Rev 2195 | Rev 2203 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2195 Rev 2202
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 2195 2017-05-02 14:51:01Z richard $ 
2
#  $Id: alcasar.sh 2202 2017-05-06 13:35:14Z richard $ 
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
 
5
 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
7
# Ce programme est un logiciel libre ; This software is free and open source
7
# Ce programme est un logiciel libre ; This software is free and open source
Line 44... Line 44...
44
#	vnstat			: little network stat daemon
44
#	vnstat			: little network stat daemon
45
#	BL			: Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
45
#	BL			: Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
46
#	cron			: Logs export + watchdog + connexion statistics
46
#	cron			: Logs export + watchdog + connexion statistics
47
#	fail2ban		: Fail2ban IDS installation and configuration
47
#	fail2ban		: Fail2ban IDS installation and configuration
48
#	gammu_smsd		: Autoregister addon via SMS (gammu-smsd)
48
#	gammu_smsd		: Autoregister addon via SMS (gammu-smsd)
-
 
49
#	msec			: Mandriva security package configuration
49
#	post_install		: Security, log rotation, etc.
50
#	post_install		: Security, log rotation, etc.
50
 
51
 
51
DATE=`date '+%d %B %Y - %Hh%M'`
52
DATE=`date '+%d %B %Y - %Hh%M'`
52
DATE_SHORT=`date '+%d/%m/%Y'`
53
DATE_SHORT=`date '+%d/%m/%Y'`
53
Lang=`echo $LANG|cut -c 1-2`
54
Lang=`echo $LANG|cut -c 1-2`
Line 1861... Line 1862...
1861
KERNEL=="ttyUSB0",ATTRS{idVendor}=="12d1",RUN+="$DIR_DEST_BIN/alcasar-sms.sh --mode"
1862
KERNEL=="ttyUSB0",ATTRS{idVendor}=="12d1",RUN+="$DIR_DEST_BIN/alcasar-sms.sh --mode"
1862
EOF
1863
EOF
1863
 
1864
 
1864
} # END gammu_smsd()
1865
} # END gammu_smsd()
1865
 
1866
 
-
 
1867
 
-
 
1868
##################################################################
-
 
1869
##			Fonction "msec"				##
-
 
1870
## - Application du niveau de sécurité fileserver 		##
-
 
1871
## - Désactiver l'autorisation de redémarrage			##
-
 
1872
## - forcer les permissions sur les configurations		##
-
 
1873
## - forcer les permissions sur les log				##
-
 
1874
##################################################################
-
 
1875
msec()
-
 
1876
{
-
 
1877
 
-
 
1878
# Apply fileserver security level
-
 
1879
$SED "s?BASE_LEVEL=.*?BASE_LEVEL=fileserver?g" /etc/security/msec/security.conf
-
 
1880
# Disable Magic SysReq Keys
-
 
1881
$SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver
-
 
1882
 
-
 
1883
 
-
 
1884
# Configure permissions monitoring and enforcement
-
 
1885
cat <<EOF > /etc/security/msec/perm.local
-
 
1886
/var/log/firefwall/                     root.apache     750
-
 
1887
/var/log/firewall/*                     root.apache     640
-
 
1888
/etc/security/msec/perm.local           root.root       640
-
 
1889
/etc/security/msec/level.local          root.root       640
-
 
1890
/etc/freeradius-web                     root.apache     750
-
 
1891
/etc/freeradius-web/admin.conf          root.apache     640
-
 
1892
/etc/raddb/dictionnary                  root.apache     640
-
 
1893
/etc/raddb/ldap.attrmap                 root.radius     640
-
 
1894
/etc/raddb/hints                        root.radius     640
-
 
1895
/etc/raddb/huntgroups                   root.radius     640
-
 
1896
/etc/raddb/attrs.access_reject          root.radius     640
-
 
1897
/etc/raddb/attrs.accounting_response    root.radius     640
-
 
1898
/etc/raddb/acct_users                   root.raidus     640
-
 
1899
/etc/raddb/preproxy_users               root.radius     640
-
 
1900
/etc/raddb/modules/ldap                 radius.apache   660
-
 
1901
/etc/raddb/sites-available/alcasar      radius.apache   660
-
 
1902
/etc/pki/*                              root.apache     750
-
 
1903
/var/log/netflow/porttracker            apache.apache   770
-
 
1904
/var/log/netflow/porttracker/*          apache.apache   770
-
 
1905
 
-
 
1906
EOF
-
 
1907
 
-
 
1908
/usr/sbin/msec
-
 
1909
 
-
 
1910
} # END msec()
-
 
1911
 
1866
##########################################################
1912
##################################################################
1867
##		Fonction "post_install"			##
1913
##		Fonction "post_install"			##
1868
## - Modifying banners (locals et ssh) & prompts	##
1914
## - Modifying banners (locals et ssh) & prompts	##
1869
## - SSH config						##
1915
## - SSH config						##
1870
## - sudoers config & files security			##
1916
## - sudoers config & files security			##
1871
## - log rotate & ANSSI security parameters		##
1917
## - log rotate & ANSSI security parameters		##
Line 2142... Line 2188...
2142
			MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
2188
			MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
2143
			MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
2189
			MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
2144
			UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
2190
			UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
2145
			mode="update"
2191
			mode="update"
2146
		fi
2192
		fi
2147
		for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd post_install
2193
		for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec post_install
2148
		do
2194
		do
2149
			$func
2195
			$func
2150
# echo "*** 'debug' : end of function $func ***"; read a
2196
# echo "*** 'debug' : end of function $func ***"; read a
2151
		done
2197
		done
2152
		;;
2198
		;;