WebSVN – ALCASAR – Diff – /alcasar.sh

 #!/bin/bash
-#  $Id: alcasar.sh 2549 2018-05-06 02:27:57Z tom.houdayer $
+#  $Id: alcasar.sh 2552 2018-05-08 22:21:47Z rexy $
 # alcasar.sh
 # ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
 # This script is distributed under the Gnu General Public License (GPL)
 #  team@alcasar.net
 # Functions :
 #	testing			: connectivity tests, free space test and mageia version test
 #	init			: Installation of RPM and scripts
 #	network			: Network parameters
-#	ACC			: ALCASAR Control Center installation
+#	ACC				: ALCASAR Control Center installation
-#	CA			: Certification Authority initialization
+#	CA				: Certification Authority initialization
 #	time_server		: NTPd configuration
 #	init_db			: Initilization of radius database managed with MariaDB
 #	freeradius		: FreeRadius initialisation
 #	chilli			: coovachilli initialisation (+authentication page)
 #	e2guardian		: E2Guardian filtering HTTP proxy configuration
 #	tinyproxy		: little proxy for user filtered with "WL + antivirus" and "antivirus"
 #	ulogd			: log system in userland (match NFLOG target of iptables)
 #	nfsen			: Configuration of Nfsen Netflow grapher
 #	dnsmasq			: Name server configuration
 #	vnstat			: little network stat daemon
-#	BL			: Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for e2guardian and for Netfilter)
+#	BL				: Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for e2guardian and for Netfilter)
 #	cron			: Logs export + watchdog + connexion statistics
 #	fail2ban		: Fail2ban IDS installation and configuration
 #	gammu_smsd		: Autoregister addon via SMS (gammu-smsd)
 #	msec			: Mandriva security package configuration
 #	letsencrypt		: Let's Encrypt client
-#	post_install		: Security, log rotation, etc.
+#	post_install	: Security, log rotation, etc.
 DEBUG_ALCASAR='off'; export DEBUG_ALCASAR	# Debug mode = wait (hit key) after each function
 DATE=`date '+%d %B %Y - %Hh%M'`
 DATE_SHORT=`date '+%d/%m/%Y'`
 Lang=`echo $LANG|cut -c 1-2`
 mode="install"
 # ******* Files parameters - paramètres fichiers *********
-DIR_INSTALL=`pwd`				# current directory
+DIR_INSTALL=`pwd`						# current directory
 DIR_CONF="$DIR_INSTALL/conf"			# install directory (with conf files)
 DIR_SCRIPTS="$DIR_INSTALL/scripts"		# install directory (with script files)
-DIR_BLACKLIST="$DIR_INSTALL/blacklist"		# install directory (with blacklist files)
+DIR_BLACKLIST="$DIR_INSTALL/blacklist"	# install directory (with blacklist files)
-DIR_SAVE="/var/Save"				# backup directory (traceability_log, user_db, security_log)
+DIR_SAVE="/var/Save"					# backup directory (traceability_log, user_db, security_log)
-DIR_WEB="/var/www/html"				# directory of Lighttpd
+DIR_WEB="/var/www/html"					# directory of Lighttpd
-DIR_DG="/etc/e2guardian"			# directory of E2Guardian
+DIR_DG="/etc/e2guardian"				# directory of E2Guardian
-DIR_ACC="$DIR_WEB/acc"				# directory of the 'ALCASAR Control Center'
+DIR_ACC="$DIR_WEB/acc"					# directory of the 'ALCASAR Control Center'
 DIR_DEST_BIN="/usr/local/bin"			# directory of ALCASAR scripts
 DIR_DEST_ETC="/usr/local/etc"			# directory of ALCASAR conf files
 DIR_DEST_SHARE="/usr/local/share"		# directory of share files used by ALCASAR (dnsmasq for instance)
-CONF_FILE="$DIR_DEST_ETC/alcasar.conf"		# central ALCASAR conf file
+CONF_FILE="$DIR_DEST_ETC/alcasar.conf"	# central ALCASAR conf file
 PASSWD_FILE="/root/ALCASAR-passwords.txt"	# text file with the passwords and shared secrets
 # ******* DBMS parameters - paramètres SGBD ********
-DB_RADIUS="radius"				# database name used by FreeRadius server
+DB_RADIUS="radius"						# database name used by FreeRadius server
-DB_USER="radius"				# user name allows to request the users database
+DB_USER="radius"						# user name allows to request the users database
-DB_GAMMU="gammu"				# database name used by Gammu-smsd
+DB_GAMMU="gammu"						# database name used by Gammu-smsd
 # ******* Network parameters - paramètres réseau *******
-HOSTNAME="alcasar"				# default hostname
+HOSTNAME="alcasar"						# default hostname
-DOMAIN="localdomain"				# default local domain
+DOMAIN="localdomain"					# default local domain
-EXTIF=`/usr/sbin/ip route|grep default|head -n1|cut -d" " -f5`							# EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)
+EXTIF=`/usr/sbin/ip route|grep default|head -n1|cut -d" " -f5`		# EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)
 INTIF=`/usr/sbin/ip link|grep '^[[:digit:]]:'|grep -v "lo\|$EXTIF\|tun0"|head -n1|cut -d" " -f2|tr -d ":"`	# INTIF is connected to the consultation network
 MTU="1500"
 DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24"	# Default ALCASAR IP address
 # ****** Paths - chemin des commandes *******
 SED="/bin/sed -i"
 	echo "                     ALCASAR V$VERSION Installation"
 	echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
 	echo "-----------------------------------------------------------------------------"
+}
-##################################################################
+########################################################
-##			Function "testing"			##
+##                  Function "testing"                ##
-## - Test of Mageia version					##
+## - Test Mageia version                              ##
-## - Test of ALCASAR version (if already installed)		##
+## - Test ALCASAR version (if already installed)      ##
-## - Test of free space on /var  (>10G)				##
+## - Test free space on /var  (>10G)                  ##
-## - Test of Internet access					##
+## - Test Internet access                             ##
-##################################################################
+########################################################
 testing ()
+{
 # Test of Mageia version
 # extract the current Mageia version and hardware architecture (i586 ou X64)
 	fic=`cat /etc/product.id`
 	fi
 	rm -rf /tmp/con_ok.html
 	echo ". : ok"
 } # end of testing ()
-##################################################################
+#######################################################################
-##			Function "init"				##
+##                    Function "init"                                ##
-## - Création du fichier "/root/ALCASAR_parametres.tx		##
+## - Creation of ALCASAR conf file "/usr/local/etc/alcasar.conf      ##
-## - Installation et modification des scripts du portail	##
+## - Creation of random password for GRUB, mariadb (admin and user)  ##
-##################################################################
+#######################################################################
 init ()
+{
 	if [ "$mode" != "update" ]
 	then
 # On affecte le nom d'organisme
 DOMAIN=$DOMAIN
 EOF
 	chmod o-rwx $CONF_FILE
 } # End of init ()
-##################################################################
+#########################################################
-##			Function "network"			##
+##                    Function "network"               ##
-## - Définition du plan d'adressage du réseau de consultation	##
+## - Define the several network address                ##
-## - Nommage DNS du système 					##
+## - Define the DNS naming                             ##
-## - Configuration de l'interface INTIF (réseau de consultation)##
+## - INTIF parameters (consultation network)           ##
-## - Modification du fichier /etc/hosts				##
+## - Write "/etc/hosts" file                           ##
-## - Renseignement des fichiers hosts.allow et hosts.deny	##
+## - write "hosts.allow" & "hosts.deny" files          ##
-##################################################################
+#########################################################
 network ()
+{
 	header_install
 	if [ "$mode" != "update" ]
 		then
 	DNS1=${DNS1:=208.67.220.220}
 	DNS2=${DNS2:=208.67.222.222}
 	PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
 	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
 	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
-# Wrtie the conf file
+# Write network parameters in the conf file
 	echo "EXTIF=$EXTIF" >> $CONF_FILE
 	echo "INTIF=$INTIF" >> $CONF_FILE
 	######## Récupération des interfaces du ou des réseaux de consultation supplémentaires #################
 	INTERFACES=`/usr/sbin/ip link|grep '^[[:digit:]]:'|grep -v "^lo\|$EXTIF\|tun0"|cut -d " " -f2|tr -d ":"`
 	for i in $INTERFACES
 	do
 		SUB=`echo ${i:0:2}`
 		if [ $SUB = "wl" ]
 			then WIFIF=$i
 		elif [ "$i" != "$INTIF" ] && [ $SUB != "ww" ]
 			then LANIF=$i
 		fi
 	done
 	if [ -n "$WIFIF" ]
 		then echo "WIFIF=$WIFIF" >> $CONF_FILE
 	elif [ -n "$LANIF" ]
 		then echo "LANIF=$LANIF" >> $CONF_FILE
 	fi
 	#########################################################################################################
-	IP_SETTING=`grep BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`		# IP setting (static or dynamic)
+	IP_SETTING=`grep BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` # test static or dynamic
 	if [ $IP_SETTING == "dhcp" ]
 		then
 		echo "PUBLIC_IP=dhcp" >> $CONF_FILE
 		echo "GW=dhcp" >> $CONF_FILE
 	else
 	[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
 	cat <<EOF > /etc/sysconfig/network
 NETWORKING=yes
 FORWARD_IPV4=true
 EOF
-# /etc/hosts config
+# write "/etc/hosts"
 	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
 	cat <<EOF > /etc/hosts
 .0.0.1	localhost
 $PRIVATE_IP	$HOSTNAME.$DOMAIN $HOSTNAME
 EOF
-# EXTIF (Internet) config
+# write EXTIF (Internet) config
 	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
 	if [ $IP_SETTING == "dhcp" ]
 		then
 		cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
 DEVICE=$EXTIF
 ACCOUNTING=no
 USERCTL=no
 MTU=$MTU
 EOF
 	fi
-# Config INTIF (consultation LAN) in normal mode
+# write INTIF (consultation LAN) in normal mode
 	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
 DEVICE=$INTIF
 BOOTPROTO=static
 ONBOOT=yes
 NOZEROCONF=yes
 IPV6TO4INIT=no
 ACCOUNTING=no
 USERCTL=no
 EOF
 	cp -f /etc/sysconfig/network-scripts/ifcfg-$INTIF /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
-# Config of INTIF in bypass mode (see "alcasar-bypass.sh")
+# write INTIF in bypass mode (see "alcasar-bypass.sh")
 	cat <<EOF > /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF
 DEVICE=$INTIF
 BOOTPROTO=static
 IPADDR=$PRIVATE_IP
 NETMASK=$PRIVATE_NETMASK
 ACCOUNTING=no
 USERCTL=no
 EOF
 	fi
 	#########################################################################################################
-# Renseignement des fichiers hosts.allow et hosts.deny
+# write hosts.allow & hosts.deny
 	[ -e /etc/hosts.allow.default ]  || cp /etc/hosts.allow /etc/hosts.allow.default
 	cat <<EOF > /etc/hosts.allow
 ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
 sshd: ALL
 ntpd: $PRIVATE_NETWORK_SHORT
 $SED "s?\[ -f \$IPTABLES_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test (flush all rules & policies)
+#
 # the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
 } # End of network ()
-##################################################################
+###################################################
-##			Function "ACC"				##
+##                  Function "ACC"               ##
-## - installation of then ALCASAR Control Center (ACC)	)	##
+## - copy ALCASAR Control Center (ACC) files     ##
-## - configuration of the web server (Lighttpd)			##
+## - configuration of the web server (Lighttpd)  ##
-## - creation of the first ACC admin account 			##
+## - creation of the first ACC admin account     ##
-## - secure the access						##
+## - secure the ACC access                       ##
-##################################################################
+###################################################
 ACC ()
+{
 	[ -d $DIR_WEB ] && rm -rf $DIR_WEB
 	mkdir $DIR_WEB
 # Copy & adapt ACC files
 	$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$HOSTNAME.$DOMAIN\"/g" /etc/lighttpd/vhosts.d/alcasar.conf
 	/usr/bin/systemctl start lighttpd
 	/usr/bin/systemctl start php-fpm
-# Définition du premier compte lié au profil 'admin'
+# Creation of the first account (in 'admin' profile)
 	if [ "$mode" = "install" ]
 		then
 			header_install
 # Creation of keys file for the admin account ("admin")
 			[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
 	[ -e /var/Save/security/acc_access.log ] || touch /var/Save/security/acc_access.log
 	chown root:apache /var/Save/security/acc_access.log
 	chmod 664 /var/Save/security/acc_access.log
 } # End of ACC ()
-##########################################################################
+##################################################################
-##				Fonction "CA"				##
+##                               Fonction "CA"                  ##
-## - Creating the CA and the server certificate (lighttpd)	 	##
+## - Creating the CA and the server certificate (lighttpd)      ##
-##########################################################################
+##################################################################
 CA ()
+{
 	$DIR_DEST_BIN/alcasar-CA.sh
 	chown -R root:apache /etc/pki
 	chmod -R 750 /etc/pki
 } # End of CA ()
-##################################################################
+#############################################################
-##                    Function "time_server"                    ##
+##               Function "time_server"                    ##
-## - Configuring NTP server                                     ##
+## - Configuring NTP server                                ##
-##################################################################
+#############################################################
 time_server ()
+{
 # Set the Internet time server
 	[ -e /etc/ntp/step-tickers.default ] || cp /etc/ntp/step-tickers /etc/ntp/step-tickers.default
 	cat <<EOF > /etc/ntp/step-tickers
  chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available
 } # End freeradius ()
 #############################################################################
-##                              Function "chilli"                          ##
+##                           Function "chilli"                             ##
 ## - Creation of the conf file and init file (systemd) for coova-chilli    ##
 ## - Adapt the authentication web page (intercept.php)                     ##
 #############################################################################
 chilli ()
+{
 	/usr/bin/freshclam --no-warnings
 } # End of antivirus ()
 ################################################################################
 ##                           Function "tinyproxy"                             ##
-## - Set the parameters of tinyproxy (proxy between filterde users and havp)  ##
+## - Set the parameters of tinyproxy (proxy between filtered users and havp)  ##
 ################################################################################
 tinyproxy ()
+{
 	tinyproxy_exist=`grep -c ^tinyproxy: /etc/passwd`
 	if [ "$tinyproxy_exist" == "1" ]
 	cd $DirTmp
 	rm -rf /tmp/nfsen-*
 	rm -rf /tmp/SURFmap*
 } # End of nfsen ()
-##################################################
+###########################################################
-##               Function "vnstat"              ##
+##                     Function "vnstat"                 ##
-## - Initialization of Vnstat and vnstat phpFE  ##
+## - Initialization of Vnstat and vnstat phpFrontEnd     ##
-##################################################
+###########################################################
 vnstat ()
+{
 	[ -e /etc/vnstat.conf.default ] || cp /etc/vnstat.conf /etc/vnstat.conf.default
 	$SED "s?Interface.*?Interface \"$EXTIF\"?g" /etc/vnstat.conf
 	[ -e $DIR_ACC/manager/stats/config.php.default ] || cp $DIR_ACC/manager/stats/config.php $DIR_ACC/manager/stats/config.php.default
 	$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php
 	/usr/bin/vnstat -u -i $EXTIF
 } # End of vnstat
 ################################################################
-##            Function "dnsmasq"                              ##
+##                     Function "dnsmasq"                     ##
 ## - creation of the conf files of the 4 intances of dnsmasq  ##
 ################################################################
 dnsmasq ()
+{
 	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
 		$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-$list.conf?g" /lib/systemd/system/dnsmasq-$list.service
 		$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-$list.pid?g" /lib/systemd/system/dnsmasq-$list.service
 	done
 } # End dnsmasq
-#######################################################
+##########################################################
-##                   Function "BL"                   ##
+##                      Function "BL"                   ##
+## - copy Toulouse BL                                   ##
+## - adapt this BL to ALCASAR architecture              ##
+##     - domain names for dnsmasq-bl & dnasmasq-wl      ##
+##     - URLs for E²guardian                            ##
+##     - IPs for NetFilter                              ##
-#######################################################
+##########################################################
 BL ()
+{
 	# copy the Toulouse university BL in order to be adapted to ALCASAR architecture (alcasar-bl.sh -adapt)
 	rm -rf $DIR_DG/lists/blacklists
 	mkdir -p /tmp/blacklists
 	$DIR_DEST_BIN/alcasar-bl.sh --adapt
 # enable the default categories
 	$DIR_DEST_BIN/alcasar-bl.sh --cat_choice
 } # End BL()
-##########################################################
+#######################################################
-##                     Function "cron"                  ##
+##                  Function "cron"                  ##
+## - write all cron & anacron files                  ##
-##########################################################
+#######################################################
 cron ()
+{
 # Modif du fichier 'crontab' pour passer les cron à minuit au lieu de 04h00
 	[ -e /etc/crontab.default ] || cp /etc/crontab /etc/crontab.default
 	cat <<EOF > /etc/crontab
 # removing the users crons
 	rm -f /var/spool/cron/*
 } # End cron()
-##################################################################
+######################################################################
-## 			Fonction "Fail2Ban"			##
+##                      Fonction "Fail2Ban"                         ##
-##- Modification de la configuration de fail2ban		##
+##- Adapt conf file to ALCASAR                                      ##
-##- Sécurisation DDOS, SSH-Brute-Force, Intercept.php ...	##
+##- Secure items : DDOS, SSH-Brute-Force, Intercept.php Brute-Force ##
-##################################################################
+######################################################################
 fail2ban()
+{
 	/usr/bin/sh $DIR_CONF/fail2ban.sh
 # Autorise la lecture seule 2 des 3 fichiers de log concernés, havp est traité dans le script d'init de havp
 	[ -e /var/log/fail2ban.log ] || touch /var/log/fail2ban.log
 $SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /usr/lib/systemd/system/fail2ban.service
 $SED '/Type=/a\PIDFile=/var/run/fail2ban/fail2ban.pid' /usr/lib/systemd/system/fail2ban.service
 $SED '/After=*/c After=syslog.target network.target lighttpd.service' /usr/lib/systemd/system/fail2ban.service
 } # End fail2ban()
-##################################################################
+#########################################################
-## 			Fonction "gammu_smsd"			##
+##                   Fonction "gammu_smsd"             ##
-## - Creation de la base de donnée Gammu			##
+## - Creating of SMS management database               ##
-## - Creation du fichier de config: gammu_smsd_conf		##
+## - Write the gammu a gammu_smsd conf files           ##
-##################################################################
+#########################################################
 gammu_smsd()
+{
 # Create 'gammu' databse
 MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --execute"
 	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_GAMMU;GRANT ALL ON $DB_GAMMU.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES"
 # Add a gammu database structure
 	mysql -u$DB_USER -p$radiuspwd $DB_GAMMU < $DIR_CONF/empty-gammu-smsd-db.sql
+# Config file for the gammu_smsd daemon & gammu (ttyUSB0 as default com port)
-# Config file for the daemon
+cat << EOF > /etc/gammurc
+[gammu]
+device = /dev/ttyUSB0
+connection = at115200
+EOF
 cat << EOF > /etc/gammu_smsd_conf
 [gammu]
 port = /dev/ttyUSB0
 connection = at115200
-;########################################################
 [smsd]
 PIN = 1234
 logfile = /var/log/gammu-smsd/gammu-smsd.log
 logformat = textall
 debuglevel = 0
 service = sql
 CheckSecurity = 1
 CheckSignal = 1
 CheckBattery = 0
 EOF
-chmod 755 /etc/gammu_smsd_conf
+chmod 755 /etc/gammu_smsd_conf /etc/gammurc
 # Log folder for gammu-smsd
 [ -e /var/log/gammu-smsd ] || mkdir /var/log/gammu-smsd
 chmod 755 /var/log/gammu-smsd
 # Write radius credentials in the gammu script
 $SED "s/^u_db=\".*/u_db=\"$DB_USER\"/g" $DIR_DEST_BIN/alcasar-sms.sh
 $SED "s/^p_db=\".*/p_db=\"$radiuspwd\"/g" $DIR_DEST_BIN/alcasar-sms.sh
-# Udev rule for Huawei GSM MODEM (idVendor: 12d1) --> run "modeswitch" to switch from "mass_storage" mode to "ttyUSB" (modem) mode
+# Udev rule for Modeswitch (switch from "mass_storage" mode to "ttyUSB" modem) needed with some Huawei MODEM (idVendor: 12d1)
-# normally not needed now since modeswitch is managed by udev (see RPM)
+# normally not needed now since modeswitch is managed by udev (see Mageia RPM)
 #cat << EOF > /lib/udev/rules.d/66-huawei.rules
 #KERNEL=="ttyUSB0",ATTRS{idVendor}=="12d1",RUN+="$DIR_DEST_BIN/alcasar-sms.sh --mode"
 #EOF
+# Udev rule for fixing the enumeration of ttyUSB port on some MODEM (when they switch randomly the order of their ports at boot time)
-} # End gammu_smsd()
+# example : http://hintshop.ludvig.co.nz/show/persistent-names-usb-serial-devices/
+} # End gammu_smsd()
-##################################################################
+############################################################
-##			Fonction "msec"				##
+##                 Fonction "msec"                        ##
-## - Apply the "fileserver" security level			##
+## - Apply the "fileserver" security level                ##
-## - remove the "system request" for rebboting			##
+## - remove the "system request" for rebboting            ##
-## - Fix several file permissions				##
+## - Fix several file permissions                         ##
-##################################################################
+############################################################
 msec()
+{
 # Apply fileserver security level
 [ -e /etc/security/msec/security.conf.default ] || cp /etc/security/msec/security.conf /etc/security/msec/security.conf.default
 } # End msec()
 ##################################################################
-##			Fonction "letsencrypt"			##
+##                   Fonction "letsencrypt"                     ##
-## - Install Let's Encrypt client				##
+## - Install Let's Encrypt client                               ##
-## - Prepare Let's Encrypt ALCASAR configuration file		##
+## - Prepare Let's Encrypt ALCASAR configuration file           ##
 ##################################################################
 letsencrypt()
+{
 	echo "Installing Let's Encrypt client..."
 	rm -rf /tmp/acme.sh-*
 } # END letsencrypt()
 ##################################################################
-##		Fonction "post_install"			##
+##                    Fonction "post_install"                   ##
-## - Modifying banners (locals et ssh) & prompts	##
+## - Modifying banners (locals et ssh) & prompts                ##
-## - SSH config						##
+## - SSH config                                                 ##
-## - sudoers config & files security			##
+## - sudoers config & files security                            ##
-## - log rotate & ANSSI security parameters		##
+## - log rotate & ANSSI security parameters                     ##
-## - Apply former conf in case of an update		##
+## - Apply former conf in case of an update                     ##
-##########################################################
+##################################################################
 post_install()
+{
 # change the SSH banner
 	cp -f $DIR_CONF/banner /etc/ssh/alcasar-banner-ssh
 	echo " V$VERSION" >> /etc/ssh/alcasar-banner-ssh
 	fi
 	clear
 	reboot
 } # End post_install ()
-#################################
+#####################################################################################
-#  	Main Install loop  	#
+#                                   Main Install loop                               #
-#################################
+#####################################################################################
 dir_exec=`dirname "$0"`
 if [ $dir_exec != "." ]
 then
 	echo "Lancez ce programme depuis le répertoire de l'archive d'ALCASAR"
 	echo "Launch this program from the ALCASAR archive directory"

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2665 – Rev 2549 → 2552