Line 1... |
Line 1... |
1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
2 |
# $Id: alcasar.sh 1489 2014-11-17 17:04:04Z richard $
|
2 |
# $Id: alcasar.sh 1499 2014-11-26 23:13:07Z richard $
|
3 |
|
3 |
|
4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
5 |
|
5 |
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
Line 224... |
Line 224... |
224 |
exit 0
|
224 |
exit 0
|
225 |
done
|
225 |
done
|
226 |
echo -n "."
|
226 |
echo -n "."
|
227 |
|
227 |
|
228 |
# Test EXTIF config files
|
228 |
# Test EXTIF config files
|
229 |
PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
|
229 |
PUBLIC_IP_MASK=`ip addr show $EXTIF|grep "inet "|cut -d" " -f6`
|
- |
|
230 |
PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1`
|
230 |
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
|
231 |
PUBLIC_GATEWAY=`ip route list|grep ^default|cut -d" " -f3`
|
231 |
if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
|
232 |
if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
|
232 |
then
|
233 |
then
|
233 |
if [ $Lang == "fr" ]
|
234 |
if [ $Lang == "fr" ]
|
234 |
then
|
235 |
then
|
235 |
echo "Échec"
|
236 |
echo "Échec"
|
Line 267... |
Line 268... |
267 |
fi
|
268 |
fi
|
268 |
exit 0
|
269 |
exit 0
|
269 |
fi
|
270 |
fi
|
270 |
echo -n "."
|
271 |
echo -n "."
|
271 |
# On teste le lien vers le routeur par defaut
|
272 |
# On teste le lien vers le routeur par defaut
|
272 |
IP_GW=`ip route list|grep ^default|cut -d" " -f3`
|
- |
|
273 |
arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $IP_GW|grep response|cut -d" " -f2`
|
273 |
arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $PUBLIC_GATEWAY|grep response|cut -d" " -f2`
|
274 |
if [ $(expr $arp_reply) -eq 0 ]
|
274 |
if [ $(expr $arp_reply) -eq 0 ]
|
275 |
then
|
275 |
then
|
276 |
if [ $Lang == "fr" ]
|
276 |
if [ $Lang == "fr" ]
|
277 |
then
|
277 |
then
|
278 |
echo "Échec"
|
278 |
echo "Échec"
|
279 |
echo "Le routeur de site ou la Box Internet ($IP_GW) ne répond pas."
|
279 |
echo "Le routeur de site ou la Box Internet ($PUBLIC_GATEWAY) ne répond pas."
|
280 |
echo "Réglez ce problème puis relancez ce script."
|
280 |
echo "Réglez ce problème puis relancez ce script."
|
281 |
else
|
281 |
else
|
282 |
echo "Failed"
|
282 |
echo "Failed"
|
283 |
echo "The Internet gateway doesn't answered"
|
283 |
echo "The Internet gateway doesn't answered"
|
284 |
echo "Resolv this problem, then restart this script."
|
284 |
echo "Resolv this problem, then restart this script."
|
Line 430... |
Line 430... |
430 |
fi
|
430 |
fi
|
431 |
# Define LAN side global parameters
|
431 |
# Define LAN side global parameters
|
432 |
hostname $HOSTNAME.$DOMAIN
|
432 |
hostname $HOSTNAME.$DOMAIN
|
433 |
echo $HOSTNAME.$DOMAIN > /etc/hostname
|
433 |
echo $HOSTNAME.$DOMAIN > /etc/hostname
|
434 |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # private network address (ie.: 192.168.182.0)
|
434 |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # private network address (ie.: 192.168.182.0)
|
- |
|
435 |
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f4` # last octet of LAN address
|
435 |
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # private network mask (ie.: 255.255.255.0)
|
436 |
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # private network mask (ie.: 255.255.255.0)
|
436 |
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # ALCASAR private ip address (consultation LAN side)
|
- |
|
437 |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24)
|
437 |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24)
|
- |
|
438 |
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # ALCASAR private ip address (consultation LAN side)
|
- |
|
439 |
if [ $PRIVATE_IP == $PRIVATE_NETWORK ] # when entering network address instead of ip address
|
- |
|
440 |
then
|
- |
|
441 |
PRIVATE_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`
|
- |
|
442 |
PRIVATE_IP_MASK=`echo $PRIVATE_IP/$PRIVATE_PREFIX`
|
- |
|
443 |
fi
|
- |
|
444 |
private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4` # last octet of LAN address
|
- |
|
445 |
PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1` # second network address (ex.: 192.168.182.2)
|
438 |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24
|
446 |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24
|
439 |
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # ie.: 2=classe B, 3=classe C
|
447 |
classe=$((PRIVATE_PREFIX/8)) # ie.: 2=classe B, 3=classe C
|
440 |
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
|
448 |
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
|
441 |
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255)
|
449 |
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255)
|
442 |
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address
|
- |
|
443 |
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast
|
450 |
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f4` # last octet of LAN broadcast
|
444 |
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1)
|
451 |
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1)
|
445 |
PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2` # second network address (ex.: 192.168.182.2)
|
- |
|
446 |
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254)
|
452 |
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254)
|
447 |
PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6` # MAC address of INTIF
|
453 |
PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6` # MAC address of INTIF
|
448 |
# Define Internet parameters
|
454 |
# Define Internet parameters
|
449 |
[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
|
455 |
DNS1=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|head -n 1` # 1st DNS server
|
450 |
DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 1er DNS
|
456 |
nb_dns=`grep ^nameserver /etc/resolv.conf|wc -l`
|
- |
|
457 |
if [ $nb_dns == 2 ]
|
- |
|
458 |
then
|
451 |
DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 2ème DNS
|
459 |
DNS2=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|tail -n 1` # 2nd DNS server (if exist)
|
- |
|
460 |
fi
|
452 |
DNS1=${DNS1:=208.67.220.220}
|
461 |
DNS1=${DNS1:=208.67.220.220}
|
453 |
DNS2=${DNS2:=208.67.222.222}
|
462 |
DNS2=${DNS2:=208.67.222.222}
|
454 |
PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
|
- |
|
455 |
DEFAULT_PUBLIC_NETMASK=`ipcalc -m $PUBLIC_IP | cut -d"=" -f2`
|
463 |
PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
|
456 |
PUBLIC_NETMASK=${PUBLIC_NETMASK:=$DEFAULT_PUBLIC_NETMASK}
|
- |
|
457 |
PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
|
464 |
PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
|
458 |
PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
|
465 |
PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
|
- |
|
466 |
# Wrtie the conf file
|
459 |
echo "EXTIF=$EXTIF" >> $CONF_FILE
|
467 |
echo "EXTIF=$EXTIF" >> $CONF_FILE
|
460 |
echo "INTIF=$INTIF" >> $CONF_FILE
|
468 |
echo "INTIF=$INTIF" >> $CONF_FILE
|
- |
|
469 |
IP_SETTING=`grep BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` # IP setting (static or dynamic)
|
- |
|
470 |
if [ $IP_SETTING == "dhcp" ]
|
- |
|
471 |
then
|
- |
|
472 |
echo "PUBLIC_IP=dhcp" >> $CONF_FILE
|
- |
|
473 |
echo "GW=dhcp" >> $CONF_FILE
|
- |
|
474 |
else
|
461 |
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
|
475 |
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
|
- |
|
476 |
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
|
- |
|
477 |
fi
|
462 |
echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
|
478 |
echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
|
463 |
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
|
- |
|
464 |
echo "DNS1=$DNS1" >> $CONF_FILE
|
479 |
echo "DNS1=$DNS1" >> $CONF_FILE
|
465 |
echo "DNS2=$DNS2" >> $CONF_FILE
|
480 |
echo "DNS2=$DNS2" >> $CONF_FILE
|
466 |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
|
481 |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
|
467 |
echo "DHCP=on" >> $CONF_FILE
|
482 |
echo "DHCP=on" >> $CONF_FILE
|
468 |
echo "EXT_DHCP_IP=none" >> $CONF_FILE
|
483 |
echo "EXT_DHCP_IP=none" >> $CONF_FILE
|
469 |
echo "RELAY_DHCP_IP=none" >> $CONF_FILE
|
484 |
echo "RELAY_DHCP_IP=none" >> $CONF_FILE
|
470 |
echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
|
485 |
echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
|
471 |
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
|
486 |
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
|
- |
|
487 |
# network default
|
472 |
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
|
488 |
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
|
473 |
# config network
|
- |
|
474 |
cat <<EOF > /etc/sysconfig/network
|
489 |
cat <<EOF > /etc/sysconfig/network
|
475 |
NETWORKING=yes
|
490 |
NETWORKING=yes
|
476 |
HOSTNAME="$HOSTNAME.$DOMAIN"
|
491 |
HOSTNAME="$HOSTNAME.$DOMAIN"
|
477 |
FORWARD_IPV4=true
|
492 |
FORWARD_IPV4=true
|
478 |
EOF
|
493 |
EOF
|
479 |
# config /etc/hosts
|
494 |
# /etc/hosts config
|
480 |
[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
|
495 |
[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
|
481 |
cat <<EOF > /etc/hosts
|
496 |
cat <<EOF > /etc/hosts
|
482 |
127.0.0.1 localhost
|
497 |
127.0.0.1 localhost
|
483 |
$PRIVATE_IP $HOSTNAME.$DOMAIN $HOSTNAME $ORGANISME.$DOMAIN $ORGANISME
|
498 |
$PRIVATE_IP $HOSTNAME.$DOMAIN $HOSTNAME $ORGANISME.$DOMAIN $ORGANISME
|
484 |
EOF
|
499 |
EOF
|
485 |
# Config EXTIF (Internet)
|
500 |
# EXTIF (Internet) config
|
- |
|
501 |
[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
|
- |
|
502 |
if [ $IP_SETTING == "dhcp" ]
|
- |
|
503 |
then
|
- |
|
504 |
$SED "s?^RESOLV_MODS=.*?RESOLV_MODS=yes?g" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
|
- |
|
505 |
$SED "s?^PEERDNS=.*?PEERDNS=no?g" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
|
- |
|
506 |
echo "DNS1=127.0.0.1" >> /etc/sysconfig/network-scripts/ifcfg-$EXTIF
|
- |
|
507 |
else
|
486 |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
|
508 |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
|
487 |
DEVICE=$EXTIF
|
509 |
DEVICE=$EXTIF
|
488 |
BOOTPROTO=static
|
510 |
BOOTPROTO=static
|
489 |
IPADDR=$PUBLIC_IP
|
511 |
IPADDR=$PUBLIC_IP
|
490 |
NETMASK=$PUBLIC_NETMASK
|
512 |
NETMASK=$PUBLIC_NETMASK
|
491 |
GATEWAY=$PUBLIC_GATEWAY
|
513 |
GATEWAY=$PUBLIC_GATEWAY
|
492 |
DNS1=127.0.0.1
|
514 |
DNS1=127.0.0.1
|
- |
|
515 |
RESOLV_MODS=yes
|
493 |
ONBOOT=yes
|
516 |
ONBOOT=yes
|
494 |
METRIC=10
|
517 |
METRIC=10
|
495 |
NOZEROCONF=yes
|
- |
|
496 |
MII_NOT_SUPPORTED=yes
|
518 |
MII_NOT_SUPPORTED=yes
|
497 |
IPV6INIT=no
|
519 |
IPV6INIT=no
|
498 |
IPV6TO4INIT=no
|
520 |
IPV6TO4INIT=no
|
499 |
ACCOUNTING=no
|
521 |
ACCOUNTING=no
|
500 |
USERCTL=no
|
522 |
USERCTL=no
|
501 |
MTU=$MTU
|
523 |
MTU=$MTU
|
502 |
EOF
|
524 |
EOF
|
- |
|
525 |
fi
|
503 |
# Config INTIF (consultation LAN) in normal mode
|
526 |
# Config INTIF (consultation LAN) in normal mode
|
504 |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
|
527 |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
|
505 |
DEVICE=$INTIF
|
528 |
DEVICE=$INTIF
|
506 |
BOOTPROTO=static
|
529 |
BOOTPROTO=static
|
507 |
ONBOOT=yes
|
530 |
ONBOOT=yes
|
Line 1759... |
Line 1782... |
1759 |
$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
|
1782 |
$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
|
1760 |
$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
|
1783 |
$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
|
1761 |
# postfix banner anonymisation
|
1784 |
# postfix banner anonymisation
|
1762 |
$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
|
1785 |
$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
|
1763 |
# sshd écoute côté LAN et WAN
|
1786 |
# sshd écoute côté LAN et WAN
|
1764 |
$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
|
1787 |
$SED "s?^#ListenAddress.*?ListenAddress 0\.0\.0\.0?g" /etc/ssh/sshd_config
|
1765 |
$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
|
- |
|
1766 |
# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)
|
1788 |
# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)
|
1767 |
echo "SSH=off" >> $CONF_FILE
|
1789 |
echo "SSH=off" >> $CONF_FILE
|
1768 |
echo 'SSH_ADMIN_FROM=0.0.0.0/0.0.0.0' >> $CONF_FILE
|
1790 |
echo 'SSH_ADMIN_FROM=0.0.0.0/0.0.0.0' >> $CONF_FILE
|
1769 |
echo "QOS=off" >> $CONF_FILE
|
1791 |
echo "QOS=off" >> $CONF_FILE
|
1770 |
echo "LDAP=off" >> $CONF_FILE
|
1792 |
echo "LDAP=off" >> $CONF_FILE
|