| Line 1... |
Line 1... |
| 1 |
#!/bin/sh
|
1 |
#!/bin/sh
|
| 2 |
# $Id: alcasar.sh 114 2010-05-12 21:46:27Z richard $
|
2 |
# $Id: alcasar.sh 120 2010-05-20 20:14:03Z franck $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 403... |
Line 403... |
| 403 |
restrict 127.0.0.1
|
403 |
restrict 127.0.0.1
|
| 404 |
driftfile /etc/ntp/drift
|
404 |
driftfile /etc/ntp/drift
|
| 405 |
logfile /var/log/ntp.log
|
405 |
logfile /var/log/ntp.log
|
| 406 |
EOF
|
406 |
EOF
|
| 407 |
chown -R ntp:ntp /etc/ntp
|
407 |
chown -R ntp:ntp /etc/ntp
|
| 408 |
# Configuration du serveur dhcpd de secours (mode bypass)
|
408 |
# Configuration du serveur dhcpd
|
| 409 |
[ -e /etc/dhcpd.conf.default ] || cp /etc/dhcpd.conf /etc/dhcpd.conf.default 2> /dev/null
|
409 |
[ -e /etc/dhcpd.conf.default ] || cp /etc/dhcpd.conf /etc/dhcpd.conf.default 2> /dev/null
|
| 410 |
cat <<EOF > /etc/dhcpd.conf
|
410 |
cat <<EOF > /etc/dhcpd.conf
|
| 411 |
ddns-update-style interim;
|
411 |
ddns-update-style interim;
|
| 412 |
subnet $PRIVATE_NETWORK netmask $PRIVATE_MASK {
|
412 |
subnet $PRIVATE_NETWORK netmask $PRIVATE_MASK {
|
| 413 |
option routers $PRIVATE_IP;
|
413 |
option routers $PRIVATE_IP;
|
| 414 |
option subnet-mask $PRIVATE_MASK;
|
414 |
option subnet-mask $PRIVATE_MASK;
|
| 415 |
option domain-name-servers $DNS1;
|
415 |
option domain-name-servers $PRIVATE_IP;
|
| 416 |
range dynamic-bootp $PRIVATE_DYN_LAST_IP $PRIVATE_DYN_FIRST_IP;
|
416 |
range dynamic-bootp $PRIVATE_DYN_LAST_IP $PRIVATE_DYN_FIRST_IP;
|
| 417 |
default-lease-time 21600;
|
417 |
default-lease-time 21600;
|
| 418 |
max-lease-time 43200;
|
418 |
max-lease-time 43200;
|
| 419 |
}
|
419 |
}
|
| 420 |
EOF
|
420 |
EOF
|
| 421 |
# écoute côté LAN seulement
|
421 |
# écoute côté LAN seulement
|
| 422 |
[ -e /etc/sysconfig/dhcpd.default ] || cp /etc/sysconfig/dhcpd /etc/sysconfig/dhcpd.default 2> /dev/null
|
422 |
[ -e /etc/sysconfig/dhcpd.default ] || cp /etc/sysconfig/dhcpd /etc/sysconfig/dhcpd.default 2> /dev/null
|
| 423 |
$SED "s?^#INTERFACES=.*?INTERFACES=\"$INTIF\"?g" /etc/sysconfig/dhcpd
|
423 |
$SED "s?^#INTERFACES=.*?INTERFACES=\"$INTIF\"?g" /etc/sysconfig/dhcpd
|
| 424 |
/sbin/chkconfig --level 345 dhcpd off
|
424 |
/sbin/chkconfig --level 345 dhcpd on
|
| 425 |
# Renseignement des fichiers hosts.allow et hosts.deny
|
425 |
# Renseignement des fichiers hosts.allow et hosts.deny
|
| 426 |
[ -e /etc/hosts.allow.default ] || cp /etc/hosts.allow /etc/hosts.allow.default
|
426 |
[ -e /etc/hosts.allow.default ] || cp /etc/hosts.allow /etc/hosts.allow.default
|
| 427 |
cat <<EOF > /etc/hosts.allow
|
427 |
cat <<EOF > /etc/hosts.allow
|
| 428 |
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
|
428 |
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
|
| 429 |
sshd: $PRIVATE_NETWORK_SHORT
|
429 |
sshd: $PRIVATE_NETWORK_SHORT
|
| Line 816... |
Line 816... |
| 816 |
$SED "s?^HS_WWWDIR.*?# HS_WWWDIR?g" /etc/chilli/config
|
816 |
$SED "s?^HS_WWWDIR.*?# HS_WWWDIR?g" /etc/chilli/config
|
| 817 |
$SED "s?^HS_WWWBIN.*?# HS_WWWBIN?g" /etc/chilli/config
|
817 |
$SED "s?^HS_WWWBIN.*?# HS_WWWBIN?g" /etc/chilli/config
|
| 818 |
$SED "s?^HS_PROVIDER_LINK.*?HS_PROVIDER_LINK=https://\$HS_UAMSERVER/?g" /etc/chilli/config
|
818 |
$SED "s?^HS_PROVIDER_LINK.*?HS_PROVIDER_LINK=https://\$HS_UAMSERVER/?g" /etc/chilli/config
|
| 819 |
echo "HS_COAPORT=3799" >> /etc/chilli/config
|
819 |
echo "HS_COAPORT=3799" >> /etc/chilli/config
|
| 820 |
echo "HS_ADMINTERVAL=0" >> /etc/chilli/config
|
820 |
echo "HS_ADMINTERVAL=0" >> /etc/chilli/config
|
| - |
|
821 |
cat <<EOF > /etc/chilli/config
|
| - |
|
822 |
# Usage d'un DHCPD externe a coova (dhcpd local ou extérieur)
|
| - |
|
823 |
HS_USE_DHCPD_EXT="on"
|
| - |
|
824 |
HS_DHCP_GATEWAY_IP=127.0.0.1
|
| - |
|
825 |
HS_DHCP_GATEWAY_PORT=67
|
| - |
|
826 |
HS_DHCP_RELAY_AGENT_IP=127.0.0.1
|
| - |
|
827 |
HS_USE_DHCP_RADIUS="no"
|
| - |
|
828 |
EOF
|
| 821 |
# création des fichiers de sites, d'urls et d'adresses MAC de confiance
|
829 |
# création des fichiers de sites, d'urls et d'adresses MAC de confiance
|
| 822 |
echo -e "HS_UAMALLOW=\"\"" > /etc/chilli/alcasar-uamallowed
|
830 |
echo -e "HS_UAMALLOW=\"\"" > /etc/chilli/alcasar-uamallowed
|
| 823 |
echo -e "HS_UAMDOMAINS=\"\"" > /etc/chilli/alcasar-uamdomain
|
831 |
echo -e "HS_UAMDOMAINS=\"\"" > /etc/chilli/alcasar-uamdomain
|
| 824 |
$SED "s?^# HS_MACAUTHMODE=.*?HS_MACAUTHMODE=local?g" /etc/chilli/config
|
832 |
$SED "s?^# HS_MACAUTHMODE=.*?HS_MACAUTHMODE=local?g" /etc/chilli/config
|
| 825 |
echo -e "HS_MACALLOW=\"\"" >> /etc/chilli/alcasar-macallowed
|
833 |
echo -e "HS_MACALLOW=\"\"" >> /etc/chilli/alcasar-macallowed
|
| Line 1173... |
Line 1181... |
| 1173 |
cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
|
1181 |
cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
|
| 1174 |
chmod 644 /etc/logrotate.d/*
|
1182 |
chmod 644 /etc/logrotate.d/*
|
| 1175 |
# processus lancés par défaut au démarrage
|
1183 |
# processus lancés par défaut au démarrage
|
| 1176 |
$SED "s?^# Default-Start.*?# Default-Start: 3 4 5?g" /etc/init.d/mysqld
|
1184 |
$SED "s?^# Default-Start.*?# Default-Start: 3 4 5?g" /etc/init.d/mysqld
|
| 1177 |
$SED "s?^# Default-Stop.*?# Default-Stop: 0 1 2?g" /etc/init.d/mysqld # pour éviter les alertes de dépendance de services (netfs)
|
1185 |
$SED "s?^# Default-Stop.*?# Default-Stop: 0 1 2?g" /etc/init.d/mysqld # pour éviter les alertes de dépendance de services (netfs)
|
| 1178 |
for i in netfs ntpd iptables ulogd squid chilli httpd radiusd mysqld dansguardian named havp freshclam
|
1186 |
for i in netfs ntpd iptables ulogd dhcpd squid named chilli httpd radiusd mysqld dansguardian havp freshclam
|
| 1179 |
do
|
1187 |
do
|
| 1180 |
/sbin/chkconfig --add $i
|
1188 |
/sbin/chkconfig --add $i
|
| 1181 |
done
|
1189 |
done
|
| 1182 |
# On mets en place la sécurité sur les fichiers
|
1190 |
# On mets en place la sécurité sur les fichiers
|
| 1183 |
# des modif par rapport à radius update
|
1191 |
# des modif par rapport à radius update
|