Subversion Repositories ALCASAR

Rev

Rev 1489 | Rev 1502 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1489 Rev 1499
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 1489 2014-11-17 17:04:04Z richard $ 
2
#  $Id: alcasar.sh 1499 2014-11-26 23:13:07Z richard $ 
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
 
5
 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
7
# Ce programme est un logiciel libre ; This software is free and open source
7
# Ce programme est un logiciel libre ; This software is free and open source
Line 224... Line 224...
224
		exit 0
224
		exit 0
225
	done
225
	done
226
	echo -n "."
226
	echo -n "."
227
 
227
 
228
# Test EXTIF config files
228
# Test EXTIF config files
229
	PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
229
	PUBLIC_IP_MASK=`ip addr show $EXTIF|grep "inet "|cut -d" " -f6`
-
 
230
	PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1`
230
	PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
231
	PUBLIC_GATEWAY=`ip route list|grep ^default|cut -d" " -f3`
231
	if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
232
	if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
232
	then
233
	then
233
		if [ $Lang == "fr" ]
234
		if [ $Lang == "fr" ]
234
		then 
235
		then 
235
			echo "Échec"
236
			echo "Échec"
Line 267... Line 268...
267
		fi
268
		fi
268
		exit 0
269
		exit 0
269
	fi
270
	fi
270
	echo -n "."
271
	echo -n "."
271
# On teste le lien vers le routeur par defaut
272
# On teste le lien vers le routeur par defaut
272
	IP_GW=`ip route list|grep ^default|cut -d" " -f3`
-
 
273
	arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $IP_GW|grep response|cut -d" " -f2`
273
	arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $PUBLIC_GATEWAY|grep response|cut -d" " -f2`
274
	if [ $(expr $arp_reply) -eq 0 ]
274
	if [ $(expr $arp_reply) -eq 0 ]
275
	       	then
275
	       	then
276
		if [ $Lang == "fr" ]
276
		if [ $Lang == "fr" ]
277
		then 
277
		then 
278
			echo "Échec"
278
			echo "Échec"
279
			echo "Le routeur de site ou la Box Internet ($IP_GW) ne répond pas."
279
			echo "Le routeur de site ou la Box Internet ($PUBLIC_GATEWAY) ne répond pas."
280
			echo "Réglez ce problème puis relancez ce script."
280
			echo "Réglez ce problème puis relancez ce script."
281
		else
281
		else
282
			echo "Failed"
282
			echo "Failed"
283
			echo "The Internet gateway doesn't answered"
283
			echo "The Internet gateway doesn't answered"
284
			echo "Resolv this problem, then restart this script."
284
			echo "Resolv this problem, then restart this script."
Line 430... Line 430...
430
	fi
430
	fi
431
# Define LAN side global parameters
431
# Define LAN side global parameters
432
	hostname $HOSTNAME.$DOMAIN
432
	hostname $HOSTNAME.$DOMAIN
433
	echo $HOSTNAME.$DOMAIN > /etc/hostname
433
	echo $HOSTNAME.$DOMAIN > /etc/hostname
434
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)
434
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)
-
 
435
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f4`					# last octet of LAN address
435
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)
436
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)
436
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`						# ALCASAR private ip address (consultation LAN side)
-
 
437
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`					# network prefix (ie. 24)
437
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`					# network prefix (ie. 24)
-
 
438
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`						# ALCASAR private ip address (consultation LAN side)
-
 
439
	if [ $PRIVATE_IP == $PRIVATE_NETWORK ]								# when entering network address instead of ip address
-
 
440
		then
-
 
441
		PRIVATE_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`	
-
 
442
		PRIVATE_IP_MASK=`echo $PRIVATE_IP/$PRIVATE_PREFIX`
-
 
443
	fi	
-
 
444
	private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4`						# last octet of LAN address
-
 
445
	PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1`		# second network address (ex.: 192.168.182.2)
438
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX						# ie.: 192.168.182.0/24
446
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX						# ie.: 192.168.182.0/24
439
	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2`	# ie.: 2=classe B, 3=classe C
447
	classe=$((PRIVATE_PREFIX/8))									# ie.: 2=classe B, 3=classe C
440
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.				# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
448
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.				# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
441
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`			# private network broadcast (ie.: 192.168.182.255)
449
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`			# private network broadcast (ie.: 192.168.182.255)
442
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`			# last octet of LAN address
-
 
443
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`			# last octet of LAN broadcast
450
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f4`				# last octet of LAN broadcast
444
	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`		# First network address (ex.: 192.168.182.1)
451
	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`	# First network address (ex.: 192.168.182.1)
445
	PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2`	# second network address (ex.: 192.168.182.2)
-
 
446
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
452
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
447
	PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6`				# MAC address of INTIF
453
	PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6`				# MAC address of INTIF
448
# Define Internet parameters
454
# Define Internet parameters
449
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
455
	DNS1=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|head -n 1`				# 1st DNS server
450
	DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 1er DNS
456
	nb_dns=`grep ^nameserver /etc/resolv.conf|wc -l`
-
 
457
	if [ $nb_dns == 2 ]
-
 
458
		then
451
	DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 2ème DNS
459
		DNS2=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|tail -n 1`			# 2nd DNS server (if exist)
-
 
460
	fi
452
	DNS1=${DNS1:=208.67.220.220}
461
	DNS1=${DNS1:=208.67.220.220}
453
	DNS2=${DNS2:=208.67.222.222}
462
	DNS2=${DNS2:=208.67.222.222}
454
	PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
-
 
455
	DEFAULT_PUBLIC_NETMASK=`ipcalc -m $PUBLIC_IP | cut -d"=" -f2`
463
	PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
456
	PUBLIC_NETMASK=${PUBLIC_NETMASK:=$DEFAULT_PUBLIC_NETMASK}
-
 
457
	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
464
	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
458
	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
465
	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
-
 
466
# Wrtie the conf file
459
	echo "EXTIF=$EXTIF" >> $CONF_FILE
467
	echo "EXTIF=$EXTIF" >> $CONF_FILE
460
	echo "INTIF=$INTIF" >> $CONF_FILE
468
	echo "INTIF=$INTIF" >> $CONF_FILE
-
 
469
	IP_SETTING=`grep BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`		# IP setting (static or dynamic)
-
 
470
	if [ $IP_SETTING == "dhcp" ]
-
 
471
		then
-
 
472
		echo "PUBLIC_IP=dhcp" >> $CONF_FILE
-
 
473
		echo "GW=dhcp" >> $CONF_FILE 
-
 
474
	else
461
	echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
475
		echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
-
 
476
		echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE 
-
 
477
	fi
462
	echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
478
	echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
463
	echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE 
-
 
464
	echo "DNS1=$DNS1" >> $CONF_FILE
479
	echo "DNS1=$DNS1" >> $CONF_FILE
465
	echo "DNS2=$DNS2" >> $CONF_FILE
480
	echo "DNS2=$DNS2" >> $CONF_FILE
466
	echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
481
	echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
467
	echo "DHCP=on" >> $CONF_FILE
482
	echo "DHCP=on" >> $CONF_FILE
468
	echo "EXT_DHCP_IP=none" >> $CONF_FILE
483
	echo "EXT_DHCP_IP=none" >> $CONF_FILE
469
	echo "RELAY_DHCP_IP=none" >> $CONF_FILE
484
	echo "RELAY_DHCP_IP=none" >> $CONF_FILE
470
	echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
485
	echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
471
	echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
486
	echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
-
 
487
# network default
472
	[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
488
	[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
473
# config network
-
 
474
	cat <<EOF > /etc/sysconfig/network
489
	cat <<EOF > /etc/sysconfig/network
475
NETWORKING=yes
490
NETWORKING=yes
476
HOSTNAME="$HOSTNAME.$DOMAIN"
491
HOSTNAME="$HOSTNAME.$DOMAIN"
477
FORWARD_IPV4=true
492
FORWARD_IPV4=true
478
EOF
493
EOF
479
# config /etc/hosts
494
# /etc/hosts config
480
	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
495
	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
481
	cat <<EOF > /etc/hosts
496
	cat <<EOF > /etc/hosts
482
127.0.0.1	localhost
497
127.0.0.1	localhost
483
$PRIVATE_IP	$HOSTNAME.$DOMAIN $HOSTNAME $ORGANISME.$DOMAIN $ORGANISME
498
$PRIVATE_IP	$HOSTNAME.$DOMAIN $HOSTNAME $ORGANISME.$DOMAIN $ORGANISME
484
EOF
499
EOF
485
# Config EXTIF (Internet)
500
# EXTIF (Internet) config
-
 
501
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
-
 
502
	if [ $IP_SETTING == "dhcp" ]
-
 
503
		then
-
 
504
		$SED "s?^RESOLV_MODS=.*?RESOLV_MODS=yes?g" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
-
 
505
		$SED "s?^PEERDNS=.*?PEERDNS=no?g" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
-
 
506
		echo "DNS1=127.0.0.1" >> /etc/sysconfig/network-scripts/ifcfg-$EXTIF
-
 
507
	else	
486
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
508
		cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
487
DEVICE=$EXTIF
509
DEVICE=$EXTIF
488
BOOTPROTO=static
510
BOOTPROTO=static
489
IPADDR=$PUBLIC_IP
511
IPADDR=$PUBLIC_IP
490
NETMASK=$PUBLIC_NETMASK
512
NETMASK=$PUBLIC_NETMASK
491
GATEWAY=$PUBLIC_GATEWAY
513
GATEWAY=$PUBLIC_GATEWAY
492
DNS1=127.0.0.1
514
DNS1=127.0.0.1
-
 
515
RESOLV_MODS=yes
493
ONBOOT=yes
516
ONBOOT=yes
494
METRIC=10
517
METRIC=10
495
NOZEROCONF=yes
-
 
496
MII_NOT_SUPPORTED=yes
518
MII_NOT_SUPPORTED=yes
497
IPV6INIT=no
519
IPV6INIT=no
498
IPV6TO4INIT=no
520
IPV6TO4INIT=no
499
ACCOUNTING=no
521
ACCOUNTING=no
500
USERCTL=no
522
USERCTL=no
501
MTU=$MTU
523
MTU=$MTU
502
EOF
524
EOF
-
 
525
	fi
503
# Config INTIF (consultation LAN) in normal mode
526
# Config INTIF (consultation LAN) in normal mode
504
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
527
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
505
DEVICE=$INTIF
528
DEVICE=$INTIF
506
BOOTPROTO=static
529
BOOTPROTO=static
507
ONBOOT=yes
530
ONBOOT=yes
Line 1759... Line 1782...
1759
	$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1782
	$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1760
	$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1783
	$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1761
# postfix banner anonymisation
1784
# postfix banner anonymisation
1762
	$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
1785
	$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
1763
# sshd écoute côté LAN et WAN
1786
# sshd écoute côté LAN et WAN
1764
	$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
1787
	$SED "s?^#ListenAddress.*?ListenAddress 0\.0\.0\.0?g" /etc/ssh/sshd_config
1765
	$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config 
-
 
1766
	# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)
1788
	# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)
1767
	echo "SSH=off" >> $CONF_FILE
1789
	echo "SSH=off" >> $CONF_FILE
1768
	echo 'SSH_ADMIN_FROM=0.0.0.0/0.0.0.0' >> $CONF_FILE
1790
	echo 'SSH_ADMIN_FROM=0.0.0.0/0.0.0.0' >> $CONF_FILE
1769
	echo "QOS=off" >> $CONF_FILE
1791
	echo "QOS=off" >> $CONF_FILE
1770
	echo "LDAP=off" >> $CONF_FILE
1792
	echo "LDAP=off" >> $CONF_FILE