Subversion Repositories ALCASAR

Rev

Rev 1003 | Rev 1007 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1003 Rev 1005
1 
#!/bin/bash
 1 
#!/bin/bash
2 
#  $Id: alcasar.sh 1003 2013-01-03 18:53:02Z richard $
2 
#  $Id: alcasar.sh 1005 2013-01-04 15:11:35Z richard $
3 
 
 3 
 
4 
# alcasar.sh
 4 
# alcasar.sh
5 
 
 5 
 
6 
# ALCASAR - Portail captif d'accès à l'Internet -  Copyright (C) [2005] [ALcasar team - Rexy - 3abtux - ...]
6 
# ALCASAR - Portail captif d'accès à l'Internet -  Copyright (C) [2005] [ALcasar team - Rexy - 3abtux - ...]
7 
# Ce programme est un logiciel libre ; vous pouvez le redistribuer et/ou le modifier au titre des clauses de la Licence Publique Générale GNU,
7 
# Ce programme est un logiciel libre ; vous pouvez le redistribuer et/ou le modifier au titre des clauses de la Licence Publique Générale GNU,
8 
# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence.
8 
# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence.
9 
# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ;
9 
# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ;
10 
# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE.
10 
# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE.
11 
# Voir la Licence Publique Générale GNU pour plus de détails.
11 
# Voir la Licence Publique Générale GNU pour plus de détails.
12 
# Vous devriez avoir reçu un exemplaire de la Licence Publique Générale GNU avec ce programme ;
12 
# Vous devriez avoir reçu un exemplaire de la Licence Publique Générale GNU avec ce programme ;
13 
# si ce n'est pas le cas, consultez :   <http://www.gnu.org/licenses/>.
 13 
# si ce n'est pas le cas, consultez :   <http://www.gnu.org/licenses/>.
14 
 
 14 
 
15 
#  team@alcasar.net
 15 
#  team@alcasar.net
16 
 
 16 
 
17 
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
 17 
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
18 
# This script is distributed under the Gnu General Public License (GPL)
 18 
# This script is distributed under the Gnu General Public License (GPL)
19 
 
 19 
 
20 
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
 20 
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
21 
# ALCASAR est architecturé autour d'une distribution Linux Mandriva minimaliste et les logiciels libres suivants :
 21 
# ALCASAR est architecturé autour d'une distribution Linux Mandriva minimaliste et les logiciels libres suivants :
22 
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
 22 
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
23 
# ALCASAR is based on a stripped Mandriva (LSB) with the following open source softwares :
 23 
# ALCASAR is based on a stripped Mandriva (LSB) with the following open source softwares :
24 
#
 24 
#
25 
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav  and firewalleyes
 25 
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav  and firewalleyes
26 
 
 26 
 
27 
# Options :
 27 
# Options :
28 
#       -i or --install
 28 
#       -i or --install
29 
#       -u or --uninstall
 29 
#       -u or --uninstall
30 
 
 30 
 
31 
# Functions :
 31 
# Functions :
32 
#	testing		: Tests de connectivité et de téléchargement avant installation
 32 
#	testing		: Tests de connectivité et de téléchargement avant installation
33 
#	init		: Installation des RPM et des scripts
 33 
#	init		: Installation des RPM et des scripts
34 
#	network		: Paramètrage du réseau
 34 
#	network		: Paramètrage du réseau
35 
#	gestion		: Installation de l'interface de gestion
 35 
#	gestion		: Installation de l'interface de gestion
36 
#	AC		: Initialisation de l'autorité de certification. Création des certificats
 36 
#	AC		: Initialisation de l'autorité de certification. Création des certificats
37 
#	init_db		: Création de la base 'radius' sur le serveur MySql
 37 
#	init_db		: Création de la base 'radius' sur le serveur MySql
38 
#	param_radius	: Configuration du serveur d'authentification FreeRadius
 38 
#	param_radius	: Configuration du serveur d'authentification FreeRadius
39 
#	param_web_radius: Configuration de l'interface de gestion de FreeRadius (dialupadmin)
 39 
#	param_web_radius: Configuration de l'interface de gestion de FreeRadius (dialupadmin)
40 
#	param_chilli	: Configuration du daemon 'coova-chilli' et de la page d'authentification
 40 
#	param_chilli	: Configuration du daemon 'coova-chilli' et de la page d'authentification
41 
#	param_squid	: Configuration du proxy squid en mode 'cache'
 41 
#	param_squid	: Configuration du proxy squid en mode 'cache'
42 
#	param_dansguardian : Configuration de l'analyseur de contenu DansGuardian
 42 
#	param_dansguardian : Configuration de l'analyseur de contenu DansGuardian
43 
#	antivirus	: Installation havp + libclamav
 43 
#	antivirus	: Installation havp + libclamav
44 
#	param_awstats	: Configuration de l'interface des statistiques de consultation WEB
 44 
#	param_awstats	: Configuration de l'interface des statistiques de consultation WEB
45 
#	dnsmasq		: Configuration du serveur de noms et du serveur dhcp de secours
 45 
#	dnsmasq		: Configuration du serveur de noms et du serveur dhcp de secours
46 
#	BL		: Configuration de la BlackList
 46 
#	BL		: Configuration de la BlackList
47 
#	cron		: Mise en place des exports de logs (+ chiffrement)
 47 
#	cron		: Mise en place des exports de logs (+ chiffrement)
48 
#	post_install	: Finalisation environnement ( sécurité, bannières, rotation logs, ...)
 48 
#	post_install	: Finalisation environnement ( sécurité, bannières, rotation logs, ...)
49 
 
 49 
 
50 
DATE=`date '+%d %B %Y - %Hh%M'`
 50 
DATE=`date '+%d %B %Y - %Hh%M'`
51 
DATE_SHORT=`date '+%d/%m/%Y'`
 51 
DATE_SHORT=`date '+%d/%m/%Y'`
52 
Lang=`echo $LANG|cut -c 1-2`
 52 
Lang=`echo $LANG|cut -c 1-2`
53 
# ******* Files parameters - paramètres fichiers *********
 53 
# ******* Files parameters - paramètres fichiers *********
54 
DIR_INSTALL=`pwd`				# install directory
54 
DIR_INSTALL=`pwd`				# install directory
55 
DIR_CONF="$DIR_INSTALL/conf"			# répertoire d'installation contenant les fichiers de configuration
 55 
DIR_CONF="$DIR_INSTALL/conf"			# répertoire d'installation contenant les fichiers de configuration
56 
DIR_SCRIPTS="$DIR_INSTALL/scripts"		# répertoire d'installation contenant les scripts
 56 
DIR_SCRIPTS="$DIR_INSTALL/scripts"		# répertoire d'installation contenant les scripts
57 
DIR_SAVE="/var/Save"				# répertoire de sauvegarde (system_backup, user_db_backup, logs)
 57 
DIR_SAVE="/var/Save"				# répertoire de sauvegarde (system_backup, user_db_backup, logs)
58 
DIR_WEB="/var/www/html"				# répertoire racine APACHE
 58 
DIR_WEB="/var/www/html"				# répertoire racine APACHE
59 
DIR_DG="/etc/dansguardian"			# répertoire de config de DansGuardian
 59 
DIR_DG="/etc/dansguardian"			# répertoire de config de DansGuardian
60 
DIR_ACC="$DIR_WEB/acc"				# répertoire du centre de gestion 'ALCASAR Control Center'
 60 
DIR_ACC="$DIR_WEB/acc"				# répertoire du centre de gestion 'ALCASAR Control Center'
61 
DIR_DEST_BIN="/usr/local/bin"			# répertoire des scripts
 61 
DIR_DEST_BIN="/usr/local/bin"			# répertoire des scripts
62 
DIR_DEST_SBIN="/usr/local/sbin"			# répertoire des scripts d'admin
 62 
DIR_DEST_SBIN="/usr/local/sbin"			# répertoire des scripts d'admin
63 
DIR_DEST_ETC="/usr/local/etc"			# répertoire des fichiers de conf
 63 
DIR_DEST_ETC="/usr/local/etc"			# répertoire des fichiers de conf
64 
CONF_FILE="$DIR_DEST_ETC/alcasar.conf"		# fichier de conf d'alcasar
 64 
CONF_FILE="$DIR_DEST_ETC/alcasar.conf"		# fichier de conf d'alcasar
65 
PASSWD_FILE="/root/ALCASAR-passwords.txt"	# fichier texte contenant les mots de passe et secrets partagés
65 
PASSWD_FILE="/root/ALCASAR-passwords.txt"	# fichier texte contenant les mots de passe et secrets partagés
66 
# ******* DBMS parameters - paramètres SGBD ********
 66 
# ******* DBMS parameters - paramètres SGBD ********
67 
DB_RADIUS="radius"				# nom de la base de données utilisée par le serveur FreeRadius
 67 
DB_RADIUS="radius"				# nom de la base de données utilisée par le serveur FreeRadius
68 
DB_USER="radius"				# nom de l'utilisateur de la base de données
 68 
DB_USER="radius"				# nom de l'utilisateur de la base de données
69 
# ******* Network parameters - paramètres réseau *******
 69 
# ******* Network parameters - paramètres réseau *******
70 
HOSTNAME="alcasar"				#
70 
HOSTNAME="alcasar"				#
71 
DOMAIN="localdomain"				# domaine local
 71 
DOMAIN="localdomain"				# domaine local
72 
EXTIF="eth0"					# ETH0 est l'interface connectée à Internet (Box FAI)
 72 
EXTIF="eth0"					# ETH0 est l'interface connectée à Internet (Box FAI)
73 
MTU="1500"
 73 
MTU="1500"
74 
ETHTOOL_OPTS="speed 100 duplex full"
 74 
ETHTOOL_OPTS="speed 100 duplex full"
75 
INTIF="eth1"					# ETH1 est l'interface connectée au réseau local de consultation
 75 
INTIF="eth1"					# ETH1 est l'interface connectée au réseau local de consultation
76 
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24"	# adresse d'ALCASAR (+masque) proposée par défaut sur le réseau de consultation
 76 
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24"	# adresse d'ALCASAR (+masque) proposée par défaut sur le réseau de consultation
77 
# ****** Paths - chemin des commandes *******
 77 
# ****** Paths - chemin des commandes *******
78 
SED="/bin/sed -i"
 78 
SED="/bin/sed -i"
79 
# ****************** End of global parameters *********************
 79 
# ****************** End of global parameters *********************
80 
 
 80 
 
81 
license ()
 81 
license ()
82 
{
 82 
{
83 
	if [ $Lang == "fr" ]
 83 
	if [ $Lang == "fr" ]
84 
	then cat $DIR_INSTALL/gpl-3.0.fr.txt | more
 84 
	then cat $DIR_INSTALL/gpl-3.0.fr.txt | more
85 
	else cat $DIR_INSTALL/gpl-3.0.txt | more
 85 
	else cat $DIR_INSTALL/gpl-3.0.txt | more
86 
	fi
 86 
	fi
87 
	echo "Taper sur Entrée pour continuer !"
 87 
	echo "Taper sur Entrée pour continuer !"
88 
	echo "Enter to continue."
 88 
	echo "Enter to continue."
89 
	read a
 89 
	read a
90 
}
 90 
}
91 
 
 91 
 
92 
header_install ()
 92 
header_install ()
93 
{
 93 
{
94 
	clear
 94 
	clear
95 
	echo "-----------------------------------------------------------------------------"
 95 
	echo "-----------------------------------------------------------------------------"
96 
	echo "                     ALCASAR V$VERSION Installation"
 96 
	echo "                     ALCASAR V$VERSION Installation"
97 
	echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
 97 
	echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
98 
	echo "-----------------------------------------------------------------------------"
 98 
	echo "-----------------------------------------------------------------------------"
99 
} # End of header_install ()
 99 
} # End of header_install ()
100 
 
 100 
 
101 
##################################################################
 101 
##################################################################
102 
##			Fonction TESTING			##
 102 
##			Function TESTING			##
103 
## - Test de la connectivité Internet				##
 103 
## - Test of Internet access					##
104 
##################################################################
 104 
##################################################################
105 
testing ()
 105 
testing ()
106 
{
 106 
{
107 
	if [ $Lang == "fr" ]
 107 
	if [ $Lang == "fr" ]
108 
		then echo -n "Tests des paramètres réseau : "
 108 
		then echo -n "Tests des paramètres réseau : "
109 
		else echo -n "Network parameters tests : "
 109 
		else echo -n "Network parameters tests : "
110 
	fi
 110 
	fi
111 
# We test eth0 config files
 111 
# We test eth0 config files
112 
	PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
 112 
	PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
113 
	PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
 113 
	PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
114 
	if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
 114 
	if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
115 
		then
 115 
		then
116 
		if [ $Lang == "fr" ]
 116 
		if [ $Lang == "fr" ]
117 
		then
117 
		then
118 
			echo "Échec"
 118 
			echo "Échec"
119 
			echo "La carte réseau connectée à Internet ($EXTIF) n'est pas correctement configurée."
 119 
			echo "La carte réseau connectée à Internet ($EXTIF) n'est pas correctement configurée."
120 
			echo "Renseignez les champs suivants dans le fichier '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
 120 
			echo "Renseignez les champs suivants dans le fichier '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
121 
			echo "Appliquez les changements : 'service network restart'"
 121 
			echo "Appliquez les changements : 'service network restart'"
122 
		else
 122 
		else
123 
			echo "Failed"
 123 
			echo "Failed"
124 
			echo "The Internet connected network card ($EXTIF) isn't well configured."
 124 
			echo "The Internet connected network card ($EXTIF) isn't well configured."
125 
			echo "The folowing parametres must be set in the file '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
 125 
			echo "The folowing parametres must be set in the file '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
126 
			echo "Apply the new configuration 'service network restart'"
 126 
			echo "Apply the new configuration 'service network restart'"
127 
		fi
 127 
		fi
128 
		echo "DEVICE=$EXTIF"
 128 
		echo "DEVICE=$EXTIF"
129 
		echo "IPADDR="
 129 
		echo "IPADDR="
130 
		echo "NETMASK="
 130 
		echo "NETMASK="
131 
		echo "GATEWAY="
 131 
		echo "GATEWAY="
132 
		echo "DNS1="
 132 
		echo "DNS1="
133 
		echo "DNS2="
 133 
		echo "DNS2="
134 
		echo "ONBOOT=yes"
 134 
		echo "ONBOOT=yes"
135 
		exit 0
 135 
		exit 0
136 
	fi
 136 
	fi
137 
	echo -n "."
 137 
	echo -n "."
138 
# We test the Ethernet links state
 138 
# We test the Ethernet links state
139 
	for i in $EXTIF $INTIF
 139 
	for i in $EXTIF $INTIF
140 
	do
 140 
	do
141 
		/sbin/ip link set $i up
 141 
		/sbin/ip link set $i up
142 
		sleep 3
 142 
		sleep 3
143 
		CMD=`/usr/sbin/ethtool $i |grep Link | awk '{print $NF}'`
 143 
		CMD=`/usr/sbin/ethtool $i |grep Link | awk '{print $NF}'`
144 
		CMD2=`/sbin/mii-tool $i | grep -i link | awk '{print $NF}'`
 144 
		CMD2=`/sbin/mii-tool $i | grep -i link | awk '{print $NF}'`
145 
		if [ $CMD != "yes" ] && [ $CMD2 != "ok" ]
 145 
		if [ $CMD != "yes" ] && [ $CMD2 != "ok" ]
146 
			then
 146 
			then
147 
			if [ $Lang == "fr" ]
 147 
			if [ $Lang == "fr" ]
148 
			then
148 
			then
149 
				echo "Échec"
 149 
				echo "Échec"
150 
				echo "Le lien réseau de la carte $i n'est pas actif."
 150 
				echo "Le lien réseau de la carte $i n'est pas actif."
151 
				echo "Réglez ce problème puis relancez ce script."
 151 
				echo "Réglez ce problème puis relancez ce script."
152 
			else
 152 
			else
153 
				echo "Failed"
 153 
				echo "Failed"
154 
				echo "The link state of $i interface id down."
 154 
				echo "The link state of $i interface id down."
155 
				echo "Resolv this problem, then restart this script."
 155 
				echo "Resolv this problem, then restart this script."
156 
			fi
 156 
			fi
157 
			exit 0
 157 
			exit 0
158 
		fi
 158 
		fi
159 
	echo -n "."
 159 
	echo -n "."
160 
	done
 160 
	done
161 
# On teste la présence d'un routeur par défaut (Box FAI)
 161 
# On teste la présence d'un routeur par défaut (Box FAI)
162 
	if [ `ip route list|grep -c ^default` -ne "1" ] ; then
 162 
	if [ `ip route list|grep -c ^default` -ne "1" ] ; then
163 
		if [ $Lang == "fr" ]
 163 
		if [ $Lang == "fr" ]
164 
		then
164 
		then
165 
			echo "Échec"
 165 
			echo "Échec"
166 
			echo "Vous n'avez pas configuré l'accès à Internet ou le câble réseau n'est pas sur la bonne carte."
 166 
			echo "Vous n'avez pas configuré l'accès à Internet ou le câble réseau n'est pas sur la bonne carte."
167 
			echo "Réglez ce problème puis relancez ce script."
 167 
			echo "Réglez ce problème puis relancez ce script."
168 
		else
 168 
		else
169 
			echo "Failed"
 169 
			echo "Failed"
170 
			echo "You haven't configured Internet access or Internet link is on the wrong Ethernet card"
 170 
			echo "You haven't configured Internet access or Internet link is on the wrong Ethernet card"
171 
			echo "Resolv this problem, then restart this script."
 171 
			echo "Resolv this problem, then restart this script."
172 
		fi
 172 
		fi
173 
		exit 0
 173 
		exit 0
174 
	fi
 174 
	fi
175 
	echo -n "."
 175 
	echo -n "."
176 
# On traite le cas où l'interface configurée lors de l'installation est "eth1" au lieu de "eth0" (mystère sur certaines versions de BIOS et de VirtualBox)
 176 
# On traite le cas où l'interface configurée lors de l'installation est "eth1" au lieu de "eth0" (mystère sur certaines versions de BIOS et de VirtualBox)
177 
	if [ `ip route list|grep ^default|grep -c eth1` -eq "1" ] ; then
 177 
	if [ `ip route list|grep ^default|grep -c eth1` -eq "1" ] ; then
178 
		if [ $Lang == "fr" ]
 178 
		if [ $Lang == "fr" ]
179 
			then echo "La configuration des cartes réseau va être corrigée."
 179 
			then echo "La configuration des cartes réseau va être corrigée."
180 
			else echo "The Ethernet card configuration will be corrected."
 180 
			else echo "The Ethernet card configuration will be corrected."
181 
		fi
 181 
		fi
182 
		/etc/init.d/network stop
 182 
		/etc/init.d/network stop
183 
		mv -f /etc/sysconfig/network-scripts/ifcfg-eth1 /etc/sysconfig/network-scripts/ifcfg-eth0
 183 
		mv -f /etc/sysconfig/network-scripts/ifcfg-eth1 /etc/sysconfig/network-scripts/ifcfg-eth0
184 
		$SED "s?eth1?eth0?g" /etc/sysconfig/network-scripts/ifcfg-eth0
 184 
		$SED "s?eth1?eth0?g" /etc/sysconfig/network-scripts/ifcfg-eth0
185 
		/etc/init.d/network start
 185 
		/etc/init.d/network start
186 
		echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
 186 
		echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
187 
		sleep 2
 187 
		sleep 2
188 
		if [ $Lang == "fr" ]
 188 
		if [ $Lang == "fr" ]
189 
			then echo "Configuration corrigée"
 189 
			then echo "Configuration corrigée"
190 
			else echo "Configuration updated"
 190 
			else echo "Configuration updated"
191 
		fi
 191 
		fi
192 
		sleep 2
 192 
		sleep 2
193 
		if [ $Lang == "fr" ]
 193 
		if [ $Lang == "fr" ]
194 
			then echo "Vous pouvez relancer ce script."
 194 
			then echo "Vous pouvez relancer ce script."
195 
			else echo "You can restart this script."
 195 
			else echo "You can restart this script."
196 
		fi
 196 
		fi
197 
		exit 0
 197 
		exit 0
198 
	fi
 198 
	fi
199 
	echo -n "."
 199 
	echo -n "."
200 
# On teste le lien vers le routeur par defaut
 200 
# On teste le lien vers le routeur par defaut
201 
	IP_GW=`ip route list|grep ^default|cut -d" " -f3`
 201 
	IP_GW=`ip route list|grep ^default|cut -d" " -f3`
202 
	arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $IP_GW|grep response|cut -d" " -f2`
 202 
	arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $IP_GW|grep response|cut -d" " -f2`
203 
	if [ $(expr $arp_reply) -eq 0 ]
 203 
	if [ $(expr $arp_reply) -eq 0 ]
204 
	       	then
 204 
	       	then
205 
		if [ $Lang == "fr" ]
 205 
		if [ $Lang == "fr" ]
206 
		then
206 
		then
207 
			echo "Échec"
 207 
			echo "Échec"
208 
			echo "Le routeur de site ou la Box Internet ($IP_GW) ne répond pas."
 208 
			echo "Le routeur de site ou la Box Internet ($IP_GW) ne répond pas."
209 
			echo "Réglez ce problème puis relancez ce script."
 209 
			echo "Réglez ce problème puis relancez ce script."
210 
		else
 210 
		else
211 
			echo "Failed"
 211 
			echo "Failed"
212 
			echo "The Internet gateway doesn't answered"
 212 
			echo "The Internet gateway doesn't answered"
213 
			echo "Resolv this problem, then restart this script."
 213 
			echo "Resolv this problem, then restart this script."
214 
		fi
 214 
		fi
215 
		exit 0
 215 
		exit 0
216 
	fi
 216 
	fi
217 
	echo -n "."
 217 
	echo -n "."
218 
# On teste la connectivité Internet
 218 
# On teste la connectivité Internet
219 
	rm -rf /tmp/con_ok.html
 219 
	rm -rf /tmp/con_ok.html
220 
	/usr/bin/curl www.google.fr -s -o /tmp/con_ok.html
 220 
	/usr/bin/curl www.google.fr -s -o /tmp/con_ok.html
221 
	if [ ! -e /tmp/con_ok.html ]
 221 
	if [ ! -e /tmp/con_ok.html ]
222 
	then
 222 
	then
223 
		if [ $Lang == "fr" ]
 223 
		if [ $Lang == "fr" ]
224 
		then
224 
		then
225 
			echo "La tentative de connexion vers Internet a échoué (google.fr)."
 225 
			echo "La tentative de connexion vers Internet a échoué (google.fr)."
226 
			echo "Vérifiez que la carte $EXTIF est bien connectée au routeur du FAI."
 226 
			echo "Vérifiez que la carte $EXTIF est bien connectée au routeur du FAI."
227 
			echo "Vérifiez la validité des adresses IP des DNS."
 227 
			echo "Vérifiez la validité des adresses IP des DNS."
228 
		else
 228 
		else
229 
			echo "The Internet connection try failed (google.fr)."
 229 
			echo "The Internet connection try failed (google.fr)."
230 
			echo "Please, verify that the $EXTIF card is connected with the Internet gateway."
 230 
			echo "Please, verify that the $EXTIF card is connected with the Internet gateway."
231 
			echo "Verify the DNS IP addresses"
 231 
			echo "Verify the DNS IP addresses"
232 
		fi
 232 
		fi
233 
		exit 0
 233 
		exit 0
234 
	fi
 234 
	fi
235 
	rm -rf /tmp/con_ok.html
 235 
	rm -rf /tmp/con_ok.html
236 
	echo ". : ok"
 236 
	echo ". : ok"
237 
} # end of testing
 237 
} # end of testing
238 
 
 238 
 
239 
##################################################################
 239 
##################################################################
240 
##			Fonction INIT				##
 240 
##			Fonction INIT				##
241 
## - Création du fichier "/root/ALCASAR_parametres.txt"		##
 241 
## - Création du fichier "/root/ALCASAR_parametres.txt"		##
242 
## - Installation et modification des scripts du portail	##
 242 
## - Installation et modification des scripts du portail	##
243 
##################################################################
 243 
##################################################################
244 
init ()
 244 
init ()
245 
{
 245 
{
246 
	if [ "$mode" != "update" ]
 246 
	if [ "$mode" != "update" ]
247 
	then
 247 
	then
248 
# On affecte le nom d'organisme
 248 
# On affecte le nom d'organisme
249 
		header_install
 249 
		header_install
250 
		ORGANISME=!
 250 
		ORGANISME=!
251 
		PTN='^[a-zA-Z0-9-]*$'
 251 
		PTN='^[a-zA-Z0-9-]*$'
252 
		until [[ $(expr $ORGANISME : $PTN) -gt 0 ]]
 252 
		until [[ $(expr $ORGANISME : $PTN) -gt 0 ]]
253 
                do
 253 
                do
254 
			if [ $Lang == "fr" ]
 254 
			if [ $Lang == "fr" ]
255 
			       	then echo -n "Entrez le nom de votre organisme : "
 255 
			       	then echo -n "Entrez le nom de votre organisme : "
256 
				else echo -n "Enter the name of your organism : "
 256 
				else echo -n "Enter the name of your organism : "
257 
			fi
 257 
			fi
258 
			read ORGANISME
 258 
			read ORGANISME
259 
			if [ "$ORGANISME" == "" ]
 259 
			if [ "$ORGANISME" == "" ]
260 
				then
 260 
				then
261 
				ORGANISME=!
 261 
				ORGANISME=!
262 
			fi
 262 
			fi
263 
		done
 263 
		done
264 
	fi
 264 
	fi
265 
# On crée aléatoirement les mots de passe et les secrets partagés
 265 
# On crée aléatoirement les mots de passe et les secrets partagés
266 
	rm -f $PASSWD_FILE
 266 
	rm -f $PASSWD_FILE
267 
	grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# mot de passe de protection du menu Grub
 267 
	grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# mot de passe de protection du menu Grub
268 
	echo -n "Password to protect the boot menu (GRUB) : " > $PASSWD_FILE
 268 
	echo -n "Password to protect the boot menu (GRUB) : " > $PASSWD_FILE
269 
	echo "$grubpwd" >> $PASSWD_FILE
 269 
	echo "$grubpwd" >> $PASSWD_FILE
270 
	md5_grubpwd=`/usr/bin/md5pass $grubpwd`
 270 
	md5_grubpwd=`/usr/bin/md5pass $grubpwd`
271 
	$SED "/^password.*/d" /boot/grub/menu.lst
 271 
	$SED "/^password.*/d" /boot/grub/menu.lst
272 
	$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
 272 
	$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
273 
	mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# mot de passe de l'administrateur Mysqld
 273 
	mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# mot de passe de l'administrateur Mysqld
274 
	echo -n "Name and password of Mysql/mariadb administrator : " >> $PASSWD_FILE
 274 
	echo -n "Name and password of Mysql/mariadb administrator : " >> $PASSWD_FILE
275 
	echo "root / $mysqlpwd" >> $PASSWD_FILE
 275 
	echo "root / $mysqlpwd" >> $PASSWD_FILE
276 
	radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# mot de passe de l'utilisateur Mysqld (utilisé par freeradius)
 276 
	radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# mot de passe de l'utilisateur Mysqld (utilisé par freeradius)
277 
	echo -n "Name and password of Mysql/mariadb user : " >> $PASSWD_FILE
 277 
	echo -n "Name and password of Mysql/mariadb user : " >> $PASSWD_FILE
278 
	echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE
 278 
	echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE
279 
	secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# secret partagé entre intercept.php et coova-chilli
 279 
	secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# secret partagé entre intercept.php et coova-chilli
280 
	echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE
 280 
	echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE
281 
	echo "$secretuam" >> $PASSWD_FILE
 281 
	echo "$secretuam" >> $PASSWD_FILE
282 
	secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# secret partagé entre coova-chilli et FreeRadius
 282 
	secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# secret partagé entre coova-chilli et FreeRadius
283 
	echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
 283 
	echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
284 
	echo "$secretradius" >> $PASSWD_FILE
 284 
	echo "$secretradius" >> $PASSWD_FILE
285 
	chmod 640 $PASSWD_FILE
 285 
	chmod 640 $PASSWD_FILE
286 
# Scripts and conf files copy
286 
# Scripts and conf files copy
287 
#  - in /usr/local/bin :  alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}
 287 
#  - in /usr/local/bin :  alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}
288 
	cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
 288 
	cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
289 
#  - in /usr/local/sbin :  alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
 289 
#  - in /usr/local/sbin :  alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
290 
	cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
 290 
	cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
291 
#  - in /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,iptables-local.sh,services}
 291 
#  - in /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,iptables-local.sh,services}
292 
	cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
 292 
	cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
293 
	$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh
 293 
	$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh
294 
	$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
 294 
	$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
295 
	$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
 295 
	$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
296 
	$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
 296 
	$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
297 
# generate central conf file
 297 
# generate central conf file
298 
	cat <<EOF > $CONF_FILE
 298 
	cat <<EOF > $CONF_FILE
299 
##########################################
 299 
##########################################
300 
##                                      ##
 300 
##                                      ##
301 
##          ALCASAR Parameters          ##
 301 
##          ALCASAR Parameters          ##
302 
##                                      ##
 302 
##                                      ##
303 
##########################################
 303 
##########################################
304 
 
 304 
 
305 
INSTALL_DATE=$DATE
 305 
INSTALL_DATE=$DATE
306 
VERSION=$VERSION
 306 
VERSION=$VERSION
307 
ORGANISM=$ORGANISME
 307 
ORGANISM=$ORGANISME
308 
DOMAIN=$DOMAIN
 308 
DOMAIN=$DOMAIN
309 
EOF
 309 
EOF
310 
	chmod o-rwx $CONF_FILE
 310 
	chmod o-rwx $CONF_FILE
311 
} # End of init ()
 311 
} # End of init ()
312 
 
 312 
 
313 
##################################################################
 313 
##################################################################
314 
##			Fonction network			##
 314 
##			Fonction network			##
315 
## - Définition du plan d'adressage du réseau de consultation	##
 315 
## - Définition du plan d'adressage du réseau de consultation	##
316 
## - Nommage DNS du système 					##
 316 
## - Nommage DNS du système 					##
317 
## - Configuration de l'interface eth1 (réseau de consultation)	##
 317 
## - Configuration de l'interface eth1 (réseau de consultation)	##
318 
## - Modification du fichier /etc/hosts				##
 318 
## - Modification du fichier /etc/hosts				##
319 
## - Configuration du serveur de temps (NTP)			##
 319 
## - Configuration du serveur de temps (NTP)			##
320 
## - Renseignement des fichiers hosts.allow et hosts.deny	##
 320 
## - Renseignement des fichiers hosts.allow et hosts.deny	##
321 
##################################################################
 321 
##################################################################
322 
network ()
 322 
network ()
323 
{
 323 
{
324 
	header_install
 324 
	header_install
325 
	if [ "$mode" != "update" ]
 325 
	if [ "$mode" != "update" ]
326 
		then
 326 
		then
327 
		if [ $Lang == "fr" ]
 327 
		if [ $Lang == "fr" ]
328 
			then echo "Par défaut, l'adresse IP d'ALCASAR sur le réseau de consultation est : $DEFAULT_PRIVATE_IP_MASK"
 328 
			then echo "Par défaut, l'adresse IP d'ALCASAR sur le réseau de consultation est : $DEFAULT_PRIVATE_IP_MASK"
329 
			else echo "The default ALCASAR IP address on consultation network is : $DEFAULT_PRIVATE_IP_MASK"
 329 
			else echo "The default ALCASAR IP address on consultation network is : $DEFAULT_PRIVATE_IP_MASK"
330 
		fi
 330 
		fi
331 
		response=0
 331 
		response=0
332 
		PTN='^[oOyYnN]$'
 332 
		PTN='^[oOyYnN]$'
333 
		until [[ $(expr $response : $PTN) -gt 0 ]]
 333 
		until [[ $(expr $response : $PTN) -gt 0 ]]
334 
		do
 334 
		do
335 
			if [ $Lang == "fr" ]
 335 
			if [ $Lang == "fr" ]
336 
				then echo -n "Voulez-vous utiliser cette adresse et ce plan d'adressage (recommandé) (O/n)? : "
 336 
				then echo -n "Voulez-vous utiliser cette adresse et ce plan d'adressage (recommandé) (O/n)? : "
337 
				else echo -n "Do you want to use this IP address and this IP addressing plan (recommanded) (Y/n)? : "
 337 
				else echo -n "Do you want to use this IP address and this IP addressing plan (recommanded) (Y/n)? : "
338 
			fi
 338 
			fi
339 
			read response
 339 
			read response
340 
		done
 340 
		done
341 
		if [ "$response" = "n" ] || [ "$response" = "N" ]
 341 
		if [ "$response" = "n" ] || [ "$response" = "N" ]
342 
		then
 342 
		then
343 
			PRIVATE_IP_MASK="0"
 343 
			PRIVATE_IP_MASK="0"
344 
			PTN='^\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\)/[012]\?[[:digit:]]$'
 344 
			PTN='^\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\)/[012]\?[[:digit:]]$'
345 
			until [[ $(expr $PRIVATE_IP_MASK : $PTN) -gt 0 ]]
 345 
			until [[ $(expr $PRIVATE_IP_MASK : $PTN) -gt 0 ]]
346 
			do
 346 
			do
347 
				if [ $Lang == "fr" ]
 347 
				if [ $Lang == "fr" ]
348 
					then echo -n "Entrez l'adresse IP d'ALCASAR au format CIDR (a.b.c.d/xx) : "
 348 
					then echo -n "Entrez l'adresse IP d'ALCASAR au format CIDR (a.b.c.d/xx) : "
349 
					else echo -n "Enter ALCASAR IP address in CIDR format (a.b.c.d/xx) : "
 349 
					else echo -n "Enter ALCASAR IP address in CIDR format (a.b.c.d/xx) : "
350 
				fi
 350 
				fi
351 
				read PRIVATE_IP_MASK
 351 
				read PRIVATE_IP_MASK
352 
			done
 352 
			done
353 
		else
 353 
		else
354 
       			PRIVATE_IP_MASK=$DEFAULT_PRIVATE_IP_MASK
 354 
       			PRIVATE_IP_MASK=$DEFAULT_PRIVATE_IP_MASK
355 
		fi
 355 
		fi
356 
	else
 356 
	else
357 
		PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf|cut -d"=" -f2`
357 
		PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf|cut -d"=" -f2`
358 
		rm -rf conf/etc/alcasar.conf
 358 
		rm -rf conf/etc/alcasar.conf
359 
	fi
 359 
	fi
360 
# Define LAN side global parameters
 360 
# Define LAN side global parameters
361 
	hostname $HOSTNAME
 361 
	hostname $HOSTNAME
362 
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)
 362 
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)
363 
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)
 363 
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)
364 
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`						# ALCASAR private ip address (consultation LAN side)
 364 
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`						# ALCASAR private ip address (consultation LAN side)
365 
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`					# network prefix (ie. 24)
 365 
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`					# network prefix (ie. 24)
366 
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX						# ie.: 192.168.182.0/24
 366 
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX						# ie.: 192.168.182.0/24
367 
	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2`	# ie.: 2=classe B, 3=classe C
 367 
	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2`	# ie.: 2=classe B, 3=classe C
368 
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.				# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
 368 
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.				# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
369 
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`			# private network broadcast (ie.: 192.168.182.255)
 369 
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`			# private network broadcast (ie.: 192.168.182.255)
370 
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`			# last octet of LAN address
 370 
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`			# last octet of LAN address
371 
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`			# last octet of LAN broadcast
 371 
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`			# last octet of LAN broadcast
372 
	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`		# First network address (ex.: 192.168.182.1)
 372 
	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`		# First network address (ex.: 192.168.182.1)
373 
	PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2`	# second network address (ex.: 192.168.182.2)
 373 
	PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2`	# second network address (ex.: 192.168.182.2)
374 
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
 374 
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
375 
	PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6`				# MAC address of INTIF (eth1)
 375 
	PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6`				# MAC address of INTIF (eth1)
376 
# Define Internet parameters
 376 
# Define Internet parameters
377 
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
 377 
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
378 
	DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 1er DNS
 378 
	DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 1er DNS
379 
	DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 2ème DNS
 379 
	DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 2ème DNS
380 
	DNS1=${DNS1:=208.67.220.220}
 380 
	DNS1=${DNS1:=208.67.220.220}
381 
	DNS2=${DNS2:=208.67.222.222}
 381 
	DNS2=${DNS2:=208.67.222.222}
382 
	PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
 382 
	PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
383 
	DEFAULT_PUBLIC_NETMASK=`ipcalc -m 192.168.182.2 | cut -d"=" -f2`
 383 
	DEFAULT_PUBLIC_NETMASK=`ipcalc -m 192.168.182.2 | cut -d"=" -f2`
384 
	PUBLIC_NETMASK=${PUBLIC_NETMASK:=$DEFAULT_PUBLIC_NETMASK}
 384 
	PUBLIC_NETMASK=${PUBLIC_NETMASK:=$DEFAULT_PUBLIC_NETMASK}
385 
	PUBLIC_PREFIX=`/bin/ipcalc -p 192.168.182.2 $PUBLIC_NETMASK|cut -d"=" -f2`
 385 
	PUBLIC_PREFIX=`/bin/ipcalc -p 192.168.182.2 $PUBLIC_NETMASK|cut -d"=" -f2`
386 
 
 386 
 
387 
	echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
 387 
	echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
388 
	echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
 388 
	echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
389 
	echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
389 
	echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
390 
	echo "DNS1=$DNS1" >> $CONF_FILE
 390 
	echo "DNS1=$DNS1" >> $CONF_FILE
391 
	echo "DNS2=$DNS2" >> $CONF_FILE
 391 
	echo "DNS2=$DNS2" >> $CONF_FILE
392 
	echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
 392 
	echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
393 
	echo "DHCP=full" >> $CONF_FILE
 393 
	echo "DHCP=full" >> $CONF_FILE
394 
	echo "EXT_DHCP_IP=none" >> $CONF_FILE
 394 
	echo "EXT_DHCP_IP=none" >> $CONF_FILE
395 
	echo "RELAY_DHCP_IP=none" >> $CONF_FILE
 395 
	echo "RELAY_DHCP_IP=none" >> $CONF_FILE
396 
	echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
 396 
	echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
397 
	[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
 397 
	[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
398 
# config network
 398 
# config network
399 
	cat <<EOF > /etc/sysconfig/network
 399 
	cat <<EOF > /etc/sysconfig/network
400 
NETWORKING=yes
 400 
NETWORKING=yes
401 
HOSTNAME="$HOSTNAME"
 401 
HOSTNAME="$HOSTNAME"
402 
FORWARD_IPV4=true
 402 
FORWARD_IPV4=true
403 
EOF
 403 
EOF
404 
# config /etc/hosts
 404 
# config /etc/hosts
405 
	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
 405 
	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
406 
	cat <<EOF > /etc/hosts
 406 
	cat <<EOF > /etc/hosts
407 
127.0.0.1	localhost
 407 
127.0.0.1	localhost
408 
$PRIVATE_IP	$HOSTNAME $HOSTNAME.$DOMAIN
 408 
$PRIVATE_IP	$HOSTNAME $HOSTNAME.$DOMAIN
409 
EOF
 409 
EOF
410 
# Config eth0 (Internet)
 410 
# Config eth0 (Internet)
411 
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
 411 
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
412 
DEVICE=$EXTIF
 412 
DEVICE=$EXTIF
413 
BOOTPROTO=static
 413 
BOOTPROTO=static
414 
IPADDR=$PUBLIC_IP
 414 
IPADDR=$PUBLIC_IP
415 
NETMASK=$PUBLIC_NETMASK
 415 
NETMASK=$PUBLIC_NETMASK
416 
GATEWAY=$PUBLIC_GATEWAY
 416 
GATEWAY=$PUBLIC_GATEWAY
417 
DNS1=127.0.0.1
 417 
DNS1=127.0.0.1
418 
ONBOOT=yes
 418 
ONBOOT=yes
419 
METRIC=10
 419 
METRIC=10
420 
NOZEROCONF=yes
 420 
NOZEROCONF=yes
421 
MII_NOT_SUPPORTED=yes
 421 
MII_NOT_SUPPORTED=yes
422 
IPV6INIT=no
 422 
IPV6INIT=no
423 
IPV6TO4INIT=no
 423 
IPV6TO4INIT=no
424 
ACCOUNTING=no
 424 
ACCOUNTING=no
425 
USERCTL=no
 425 
USERCTL=no
426 
MTU=$MTU
 426 
MTU=$MTU
427 
#ETHTOOL_OPTS=$ETHTOOL_OPTS
 427 
#ETHTOOL_OPTS=$ETHTOOL_OPTS
428 
EOF
 428 
EOF
429 
# Config eth1 (consultation LAN) in normal mode
 429 
# Config eth1 (consultation LAN) in normal mode
430 
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
 430 
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
431 
DEVICE=$INTIF
 431 
DEVICE=$INTIF
432 
BOOTPROTO=static
 432 
BOOTPROTO=static
433 
ONBOOT=yes
 433 
ONBOOT=yes
434 
NOZEROCONF=yes
 434 
NOZEROCONF=yes
435 
MII_NOT_SUPPORTED=yes
 435 
MII_NOT_SUPPORTED=yes
436 
IPV6INIT=no
 436 
IPV6INIT=no
437 
IPV6TO4INIT=no
 437 
IPV6TO4INIT=no
438 
ACCOUNTING=no
 438 
ACCOUNTING=no
439 
USERCTL=no
 439 
USERCTL=no
440 
EOF
 440 
EOF
441 
# Config of eth1 in bypass mode (see "alcasar-bypass.sh")
 441 
# Config of eth1 in bypass mode (see "alcasar-bypass.sh")
442 
	cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
 442 
	cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
443 
DEVICE=$INTIF
 443 
DEVICE=$INTIF
444 
BOOTPROTO=static
 444 
BOOTPROTO=static
445 
IPADDR=$PRIVATE_IP
 445 
IPADDR=$PRIVATE_IP
446 
NETMASK=$PRIVATE_NETMASK
 446 
NETMASK=$PRIVATE_NETMASK
447 
ONBOOT=yes
 447 
ONBOOT=yes
448 
METRIC=10
 448 
METRIC=10
449 
NOZEROCONF=yes
 449 
NOZEROCONF=yes
450 
MII_NOT_SUPPORTED=yes
 450 
MII_NOT_SUPPORTED=yes
451 
IPV6INIT=no
 451 
IPV6INIT=no
452 
IPV6TO4INIT=no
 452 
IPV6TO4INIT=no
453 
ACCOUNTING=no
 453 
ACCOUNTING=no
454 
USERCTL=no
 454 
USERCTL=no
455 
EOF
 455 
EOF
456 
# Mise à l'heure du serveur
 456 
# Mise à l'heure du serveur
457 
	[ -e /etc/ntp/step-tickers.default ] || cp /etc/ntp/step-tickers /etc/ntp/step-tickers.default
 457 
	[ -e /etc/ntp/step-tickers.default ] || cp /etc/ntp/step-tickers /etc/ntp/step-tickers.default
458 
	cat <<EOF > /etc/ntp/step-tickers
 458 
	cat <<EOF > /etc/ntp/step-tickers
459 
0.fr.pool.ntp.org	# adapt to your country
 459 
0.fr.pool.ntp.org	# adapt to your country
460 
1.fr.pool.ntp.org
 460 
1.fr.pool.ntp.org
461 
2.fr.pool.ntp.org
 461 
2.fr.pool.ntp.org
462 
EOF
 462 
EOF
463 
# Configuration du serveur de temps (sur lui même)
 463 
# Configuration du serveur de temps (sur lui même)
464 
	[ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default
 464 
	[ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default
465 
	cat <<EOF > /etc/ntp.conf
 465 
	cat <<EOF > /etc/ntp.conf
466 
server 0.fr.pool.ntp.org	# adapt to your country
 466 
server 0.fr.pool.ntp.org	# adapt to your country
467 
server 1.fr.pool.ntp.org
 467 
server 1.fr.pool.ntp.org
468 
server 2.fr.pool.ntp.org
 468 
server 2.fr.pool.ntp.org
469 
server 127.127.1.0   		# local clock si NTP internet indisponible ...
 469 
server 127.127.1.0   		# local clock si NTP internet indisponible ...
470 
fudge 127.127.1.0 stratum 10
 470 
fudge 127.127.1.0 stratum 10
471 
restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap
 471 
restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap
472 
restrict 127.0.0.1
 472 
restrict 127.0.0.1
473 
driftfile /var/lib/ntp/drift
 473 
driftfile /var/lib/ntp/drift
474 
logfile /var/log/ntp.log
 474 
logfile /var/log/ntp.log
475 
EOF
 475 
EOF
476 
 
 476 
 
477 
	chown -R ntp:ntp /var/lib/ntp
 477 
	chown -R ntp:ntp /var/lib/ntp
478 
# Renseignement des fichiers hosts.allow et hosts.deny
 478 
# Renseignement des fichiers hosts.allow et hosts.deny
479 
	[ -e /etc/hosts.allow.default ]  || cp /etc/hosts.allow /etc/hosts.allow.default
 479 
	[ -e /etc/hosts.allow.default ]  || cp /etc/hosts.allow /etc/hosts.allow.default
480 
	cat <<EOF > /etc/hosts.allow
 480 
	cat <<EOF > /etc/hosts.allow
481 
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
 481 
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
482 
sshd: ALL
 482 
sshd: ALL
483 
ntpd: $PRIVATE_NETWORK_SHORT
 483 
ntpd: $PRIVATE_NETWORK_SHORT
484 
EOF
 484 
EOF
485 
	[ -e /etc/host.deny.default ]  || cp /etc/hosts.deny /etc/hosts.deny.default
 485 
	[ -e /etc/host.deny.default ]  || cp /etc/hosts.deny /etc/hosts.deny.default
486 
	cat <<EOF > /etc/hosts.deny
 486 
	cat <<EOF > /etc/hosts.deny
487 
ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" | /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &
 487 
ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" | /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &
488 
EOF
 488 
EOF
489 
# Firewall config
 489 
# Firewall config
490 
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
 490 
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
491 
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
 491 
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
492 
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
 492 
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
493 
# create the filter exception file and ip_bloqued file
 493 
# create the filter exception file and ip_bloqued file
494 
	touch $DIR_DEST_ETC/alcasar-filter-exceptions
 494 
	touch $DIR_DEST_ETC/alcasar-filter-exceptions
495 
# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)
 495 
# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)
496 
	echo "#$PUBLIC_IP/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked
 496 
	echo "#$PUBLIC_IP/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked
497 
# load conntrack ftp module
 497 
# load conntrack ftp module
498 
	[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
 498 
	[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
499 
	echo "ip_conntrack_ftp" >>  /etc/modprobe.preload
 499 
	echo "ip_conntrack_ftp" >>  /etc/modprobe.preload
500 
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
 500 
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
501 
} # End of network ()
 501 
} # End of network ()
502 
 
 502 
 
503 
##################################################################
 503 
##################################################################
504 
##			Fonction gestion			##
 504 
##			Fonction gestion			##
505 
## - installation du centre de gestion				##
 505 
## - installation du centre de gestion				##
506 
## - configuration du serveur web (Apache)			##
 506 
## - configuration du serveur web (Apache)			##
507 
## - définition du 1er comptes de gestion 			##
 507 
## - définition du 1er comptes de gestion 			##
508 
## - sécurisation des accès					##
 508 
## - sécurisation des accès					##
509 
##################################################################
 509 
##################################################################
510 
gestion()
 510 
gestion()
511 
{
 511 
{
512 
	[ -d $DIR_WEB ] && rm -rf $DIR_WEB
 512 
	[ -d $DIR_WEB ] && rm -rf $DIR_WEB
513 
	mkdir $DIR_WEB
 513 
	mkdir $DIR_WEB
514 
# Copie et configuration des fichiers du centre de gestion
 514 
# Copie et configuration des fichiers du centre de gestion
515 
	cp -rf $DIR_INSTALL/web/* $DIR_WEB/
 515 
	cp -rf $DIR_INSTALL/web/* $DIR_WEB/
516 
	echo "$VERSION" > $DIR_WEB/VERSION
 516 
	echo "$VERSION" > $DIR_WEB/VERSION
517 
	$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php
 517 
	$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php
518 
	$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
 518 
	$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
519 
	$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
 519 
	$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
520 
	$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
 520 
	$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
521 
	$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php
 521 
	$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php
522 
	chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
 522 
	chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
523 
	chown -R apache:apache $DIR_WEB/*
 523 
	chown -R apache:apache $DIR_WEB/*
524 
	for i in system_backup base logs/firewall logs/httpd logs/squid logs/security;
 524 
	for i in system_backup base logs/firewall logs/httpd logs/squid logs/security;
525 
	do
 525 
	do
526 
		[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
 526 
		[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
527 
	done
 527 
	done
528 
	chown -R root:apache $DIR_SAVE
 528 
	chown -R root:apache $DIR_SAVE
529 
# Configuration et sécurisation php
 529 
# Configuration et sécurisation php
530 
	[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default
 530 
	[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default
531 
	timezone=`cat /etc/sysconfig/clock|grep ZONE|cut -d"=" -f2`
 531 
	timezone=`cat /etc/sysconfig/clock|grep ZONE|cut -d"=" -f2`
532 
	$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.ini
 532 
	$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.ini
533 
	$SED "s?^upload_max_filesize.*?upload_max_filesize = 100M?g" /etc/php.ini
 533 
	$SED "s?^upload_max_filesize.*?upload_max_filesize = 100M?g" /etc/php.ini
534 
	$SED "s?^post_max_size.*?post_max_size = 100M?g" /etc/php.ini
 534 
	$SED "s?^post_max_size.*?post_max_size = 100M?g" /etc/php.ini
535 
	$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini
 535 
	$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini
536 
	$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini
 536 
	$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini
537 
# Configuration et sécurisation Apache
 537 
# Configuration et sécurisation Apache
538 
	rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*
 538 
	rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*
539 
	[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
 539 
	[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
540 
	$SED "s?^#ServerName.*?ServerName $HOSTNAME?g" /etc/httpd/conf/httpd.conf
 540 
	$SED "s?^#ServerName.*?ServerName $HOSTNAME?g" /etc/httpd/conf/httpd.conf
541 
	$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
 541 
	$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
542 
	$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
 542 
	$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
543 
	$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
 543 
	$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
544 
	$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf
 544 
	$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf
545 
	$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/httpd.conf
 545 
	$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/httpd.conf
546 
	$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
 546 
	$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
547 
	$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
 547 
	$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
548 
	$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
 548 
	$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
549 
	$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
 549 
	$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
550 
	$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
 550 
	$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
551 
	$SED "s?LoadModule speling_module.*?LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/httpd.conf
 551 
	$SED "s?LoadModule speling_module.*?LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/httpd.conf
552 
	FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
 552 
	FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
553 
	$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF
 553 
	$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF
554 
	$SED "s?background-color.*?background-color: #EFEFEF; }?g" /var/www/error/include/top.html
 554 
	$SED "s?background-color.*?background-color: #EFEFEF; }?g" /var/www/error/include/top.html
555 
	[ -e /var/www/error/include/bottom.html.default ] || mv /var/www/error/include/bottom.html /var/www/error/include/bottom.html.default
 555 
	[ -e /var/www/error/include/bottom.html.default ] || mv /var/www/error/include/bottom.html /var/www/error/include/bottom.html.default
556 
	cat <<EOF > /var/www/error/include/bottom.html
 556 
	cat <<EOF > /var/www/error/include/bottom.html
557 
</body>
 557 
</body>
558 
</html>
 558 
</html>
559 
EOF
 559 
EOF
560 
# Définition du premier compte lié au profil 'admin'
 560 
# Définition du premier compte lié au profil 'admin'
561 
	header_install
 561 
	header_install
562 
	if [ "$mode" = "install" ]
 562 
	if [ "$mode" = "install" ]
563 
	then
 563 
	then
564 
		admin_portal=!
 564 
		admin_portal=!
565 
		PTN='^[a-zA-Z0-9-]*$'
 565 
		PTN='^[a-zA-Z0-9-]*$'
566 
		until [[ $(expr $admin_portal : $PTN) -gt 0 ]]
 566 
		until [[ $(expr $admin_portal : $PTN) -gt 0 ]]
567 
                	do
 567 
                	do
568 
			header_install
 568 
			header_install
569 
			if [ $Lang == "fr" ]
 569 
			if [ $Lang == "fr" ]
570 
			then
570 
			then
571 
				echo ""
 571 
				echo ""
572 
				echo "Définissez un premier compte d'administration du portail :"
 572 
				echo "Définissez un premier compte d'administration du portail :"
573 
				echo
 573 
				echo
574 
				echo -n "Nom : "
 574 
				echo -n "Nom : "
575 
			else
 575 
			else
576 
				echo ""
 576 
				echo ""
577 
				echo "Define the first account allow to administrate the portal :"
 577 
				echo "Define the first account allow to administrate the portal :"
578 
				echo
 578 
				echo
579 
				echo -n "Account : "
 579 
				echo -n "Account : "
580 
			fi
 580 
			fi
581 
			read admin_portal
 581 
			read admin_portal
582 
			if [ "$admin_portal" == "" ]
 582 
			if [ "$admin_portal" == "" ]
583 
				then
 583 
				then
584 
				admin_portal=!
 584 
				admin_portal=!
585 
			fi
 585 
			fi
586 
			done
 586 
			done
587 
# Création du fichier de clés de ce compte dans le profil "admin"
 587 
# Création du fichier de clés de ce compte dans le profil "admin"
588 
		[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
 588 
		[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
589 
		mkdir -p $DIR_DEST_ETC/digest
 589 
		mkdir -p $DIR_DEST_ETC/digest
590 
		chmod 755 $DIR_DEST_ETC/digest
 590 
		chmod 755 $DIR_DEST_ETC/digest
591 
		until [ -s $DIR_DEST_ETC/digest/key_admin ]
 591 
		until [ -s $DIR_DEST_ETC/digest/key_admin ]
592 
			do
 592 
			do
593 
				/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME $admin_portal
 593 
				/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME $admin_portal
594 
			done
 594 
			done
595 
		$DIR_DEST_SBIN/alcasar-profil.sh --list
 595 
		$DIR_DEST_SBIN/alcasar-profil.sh --list
596 
	else   # mise à jour des versions < 2.1
 596 
	else   # mise à jour des versions < 2.1
597 
		if ([ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 1 ]))
 597 
		if ([ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 1 ]))
598 
			then
 598 
			then
599 
			if [ $Lang == "fr" ]
 599 
			if [ $Lang == "fr" ]
600 
			then
600 
			then
601 
				echo "Cette mise à jour nécessite de redéfinir le premier compte d'administration du portail"
 601 
				echo "Cette mise à jour nécessite de redéfinir le premier compte d'administration du portail"
602 
				echo
 602 
				echo
603 
				echo -n "Nom : "
 603 
				echo -n "Nom : "
604 
			else
 604 
			else
605 
				echo "This update need to redefine the first admin account"
 605 
				echo "This update need to redefine the first admin account"
606 
				echo
 606 
				echo
607 
				echo -n "Account : "
 607 
				echo -n "Account : "
608 
			fi
 608 
			fi
609 
			read admin_portal
 609 
			read admin_portal
610 
			[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
 610 
			[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
611 
			mkdir -p $DIR_DEST_ETC/digest
 611 
			mkdir -p $DIR_DEST_ETC/digest
612 
			chmod 755 $DIR_DEST_ETC/digest
 612 
			chmod 755 $DIR_DEST_ETC/digest
613 
			until [ -s $DIR_DEST_ETC/digest/key_admin ]
 613 
			until [ -s $DIR_DEST_ETC/digest/key_admin ]
614 
			do
 614 
			do
615 
				/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME $admin_portal
 615 
				/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME $admin_portal
616 
			done
 616 
			done
617 
			$DIR_DEST_SBIN/alcasar-profil.sh --list
 617 
			$DIR_DEST_SBIN/alcasar-profil.sh --list
618 
		fi
 618 
		fi
619 
	fi
 619 
	fi
620 
# synchronisation horaire
 620 
# synchronisation horaire
621 
	ntpd -q -g &
 621 
	ntpd -q -g &
622 
# Sécurisation du centre
 622 
# Sécurisation du centre
623 
	rm -f /etc/httpd/conf/webapps.d/alcasar*
 623 
	rm -f /etc/httpd/conf/webapps.d/alcasar*
624 
	cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
 624 
	cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
625 
<Directory $DIR_ACC>
 625 
<Directory $DIR_ACC>
626 
	SSLRequireSSL
 626 
	SSLRequireSSL
627 
	AllowOverride None
 627 
	AllowOverride None
628 
	Order deny,allow
 628 
	Order deny,allow
629 
	Deny from all
 629 
	Deny from all
630 
	Allow from 127.0.0.1
 630 
	Allow from 127.0.0.1
631 
	Allow from $PRIVATE_NETWORK_MASK
 631 
	Allow from $PRIVATE_NETWORK_MASK
632 
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
 632 
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
633 
	require valid-user
 633 
	require valid-user
634 
	AuthType digest
 634 
	AuthType digest
635 
	AuthName $HOSTNAME
 635 
	AuthName $HOSTNAME
636 
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
 636 
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
637 
	AuthUserFile $DIR_DEST_ETC/digest/key_all
 637 
	AuthUserFile $DIR_DEST_ETC/digest/key_all
638 
	ErrorDocument 404 https://$HOSTNAME/
 638 
	ErrorDocument 404 https://$HOSTNAME/
639 
</Directory>
 639 
</Directory>
640 
<Directory $DIR_ACC/admin>
 640 
<Directory $DIR_ACC/admin>
641 
	SSLRequireSSL
 641 
	SSLRequireSSL
642 
	AllowOverride None
 642 
	AllowOverride None
643 
	Order deny,allow
 643 
	Order deny,allow
644 
	Deny from all
 644 
	Deny from all
645 
	Allow from 127.0.0.1
 645 
	Allow from 127.0.0.1
646 
	Allow from $PRIVATE_NETWORK_MASK
 646 
	Allow from $PRIVATE_NETWORK_MASK
647 
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
 647 
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
648 
	require valid-user
 648 
	require valid-user
649 
	AuthType digest
 649 
	AuthType digest
650 
	AuthName $HOSTNAME
 650 
	AuthName $HOSTNAME
651 
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
 651 
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
652 
	AuthUserFile $DIR_DEST_ETC/digest/key_admin
 652 
	AuthUserFile $DIR_DEST_ETC/digest/key_admin
653 
	ErrorDocument 404 https://$HOSTNAME/
 653 
	ErrorDocument 404 https://$HOSTNAME/
654 
</Directory>
 654 
</Directory>
655 
<Directory $DIR_ACC/manager>
 655 
<Directory $DIR_ACC/manager>
656 
	SSLRequireSSL
 656 
	SSLRequireSSL
657 
	AllowOverride None
 657 
	AllowOverride None
658 
	Order deny,allow
 658 
	Order deny,allow
659 
	Deny from all
 659 
	Deny from all
660 
	Allow from 127.0.0.1
 660 
	Allow from 127.0.0.1
661 
	Allow from $PRIVATE_NETWORK_MASK
 661 
	Allow from $PRIVATE_NETWORK_MASK
662 
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
 662 
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
663 
	require valid-user
 663 
	require valid-user
664 
	AuthType digest
 664 
	AuthType digest
665 
	AuthName $HOSTNAME
 665 
	AuthName $HOSTNAME
666 
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
 666 
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
667 
	AuthUserFile $DIR_DEST_ETC/digest/key_manager
 667 
	AuthUserFile $DIR_DEST_ETC/digest/key_manager
668 
	ErrorDocument 404 https://$HOSTNAME/
 668 
	ErrorDocument 404 https://$HOSTNAME/
669 
</Directory>
 669 
</Directory>
670 
<Directory $DIR_ACC/backup>
 670 
<Directory $DIR_ACC/backup>
671 
	SSLRequireSSL
 671 
	SSLRequireSSL
672 
	AllowOverride None
 672 
	AllowOverride None
673 
	Order deny,allow
 673 
	Order deny,allow
674 
	Deny from all
 674 
	Deny from all
675 
	Allow from 127.0.0.1
 675 
	Allow from 127.0.0.1
676 
	Allow from $PRIVATE_NETWORK_MASK
 676 
	Allow from $PRIVATE_NETWORK_MASK
677 
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
 677 
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
678 
	require valid-user
 678 
	require valid-user
679 
	AuthType digest
 679 
	AuthType digest
680 
	AuthName $HOSTNAME
 680 
	AuthName $HOSTNAME
681 
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
 681 
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
682 
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
 682 
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
683 
	ErrorDocument 404 https://$HOSTNAME/
 683 
	ErrorDocument 404 https://$HOSTNAME/
684 
</Directory>
 684 
</Directory>
685 
Alias /save/ "$DIR_SAVE/"
 685 
Alias /save/ "$DIR_SAVE/"
686 
<Directory $DIR_SAVE>
 686 
<Directory $DIR_SAVE>
687 
	SSLRequireSSL
 687 
	SSLRequireSSL
688 
	Options Indexes
 688 
	Options Indexes
689 
	Order deny,allow
 689 
	Order deny,allow
690 
	Deny from all
 690 
	Deny from all
691 
	Allow from 127.0.0.1
 691 
	Allow from 127.0.0.1
692 
	Allow from $PRIVATE_NETWORK_MASK
 692 
	Allow from $PRIVATE_NETWORK_MASK
693 
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
 693 
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
694 
	require valid-user
 694 
	require valid-user
695 
	AuthType digest
 695 
	AuthType digest
696 
	AuthName $HOSTNAME
 696 
	AuthName $HOSTNAME
697 
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
 697 
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
698 
	ErrorDocument 404 https://$HOSTNAME/
 698 
	ErrorDocument 404 https://$HOSTNAME/
699 
</Directory>
 699 
</Directory>
700 
EOF
 700 
EOF
701 
} # End of gestion ()
 701 
} # End of gestion ()
702 
 
 702 
 
703 
##########################################################################################
 703 
##########################################################################################
704 
##				Fonction AC()						##
 704 
##				Fonction AC()						##
705 
## - Création d'une Autorité de Certification et du certificat serveur pour apache 	##
 705 
## - Création d'une Autorité de Certification et du certificat serveur pour apache 	##
706 
##########################################################################################
 706 
##########################################################################################
707 
AC ()
 707 
AC ()
708 
{
 708 
{
709 
	$SED "s?ifcfg-eth.?ifcfg-$INTIF?g" $DIR_DEST_BIN/alcasar-CA.sh
 709 
	$SED "s?ifcfg-eth.?ifcfg-$INTIF?g" $DIR_DEST_BIN/alcasar-CA.sh
710 
	$DIR_DEST_BIN/alcasar-CA.sh
 710 
	$DIR_DEST_BIN/alcasar-CA.sh
711 
	FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf`
 711 
	FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf`
712 
	[ -e /etc/httpd/conf/vhosts-ssl.default ]  || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
 712 
	[ -e /etc/httpd/conf/vhosts-ssl.default ]  || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
713 
	$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
 713 
	$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
714 
	$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL
 714 
	$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL
715 
	$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?" $FIC_VIRTUAL_SSL
 715 
	$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?" $FIC_VIRTUAL_SSL
716 
	chown -R root:apache /etc/pki
 716 
	chown -R root:apache /etc/pki
717 
	chmod -R 750 /etc/pki
 717 
	chmod -R 750 /etc/pki
718 
} # End AC ()
 718 
} # End AC ()
719 
 
 719 
 
720 
##########################################################################################
 720 
##########################################################################################
721 
##			Fonction init_db()						##
 721 
##			Fonction init_db()						##
722 
## - Initialisation de la base Mysql							##
 722 
## - Initialisation de la base Mysql							##
723 
## - Affectation du mot de passe de l'administrateur (root)				##
 723 
## - Affectation du mot de passe de l'administrateur (root)				##
724 
## - Suppression des bases et des utilisateurs superflus				##
 724 
## - Suppression des bases et des utilisateurs superflus				##
725 
## - Création de la base 'radius'							##
 725 
## - Création de la base 'radius'							##
726 
## - Installation du schéma de cette base						##
 726 
## - Installation du schéma de cette base						##
727 
## - Import des tables de comptabilité (mtotacct, totacct) et info_usagers (userinfo)	##
 727 
## - Import des tables de comptabilité (mtotacct, totacct) et info_usagers (userinfo)	##
728 
##       ces table proviennent de 'dialupadmin' (paquetage freeradius-web)		##
 728 
##       ces table proviennent de 'dialupadmin' (paquetage freeradius-web)		##
729 
##########################################################################################
 729 
##########################################################################################
730 
init_db ()
 730 
init_db ()
731 
{
 731 
{
732 
	mkdir -p /var/lib/mysql/.tmp
 732 
	mkdir -p /var/lib/mysql/.tmp
733 
	chown mysql:mysql /var/lib/mysql/.tmp
 733 
	chown mysql:mysql /var/lib/mysql/.tmp
734 
	[ -e /etc/my.cnf.rpmnew ] && mv /etc/my.cnf.rpmnew /etc/my.cnf		# prend en compte les migrations de MySQL
 734 
	[ -e /etc/my.cnf.rpmnew ] && mv /etc/my.cnf.rpmnew /etc/my.cnf		# prend en compte les migrations de MySQL
735 
	[ -e /etc/my.cnf.default ] || cp /etc/my.cnf /etc/my.cnf.default
 735 
	[ -e /etc/my.cnf.default ] || cp /etc/my.cnf /etc/my.cnf.default
736 
	$SED "s?^#bind-address.*?bind-address=127.0.0.1?g" /etc/my.cnf
 736 
	$SED "s?^#bind-address.*?bind-address=127.0.0.1?g" /etc/my.cnf
737 
	/etc/init.d/mysqld start
 737 
	/etc/init.d/mysqld start
738 
	sleep 4
 738 
	sleep 4
739 
	mysqladmin -u root password $mysqlpwd
 739 
	mysqladmin -u root password $mysqlpwd
740 
	MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
 740 
	MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
741 
# Delete exemple databases if exist
 741 
# Delete exemple databases if exist
742 
	$MYSQL="DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;CONNECT mysql;DELETE from user where user='';FLUSH PRIVILEGES;"
742 
	$MYSQL="DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;CONNECT mysql;DELETE from user where user='';FLUSH PRIVILEGES;"
743 
# Create 'radius' database
 743 
# Create 'radius' database
744 
	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES"
 744 
	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES"
745 
# Add an empty radius database structure
 745 
# Add an empty radius database structure
746 
	mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/radiusd-db-vierge.sql
 746 
	mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/radiusd-db-vierge.sql
747 
# modify the start script in order to close accounting connexion when the system is comming down or up
 747 
# modify the start script in order to close accounting connexion when the system is comming down or up
748 
	[ -e /etc/init.d/mysqld.default ] || cp /etc/init.d/mysqld /etc/init.d/mysqld.default
 748 
	[ -e /etc/init.d/mysqld.default ] || cp /etc/init.d/mysqld /etc/init.d/mysqld.default
749 
	$SED "/wait_for_pid created/a echo \"Flush ALCASAR open accounting sessions\"; /usr/local/sbin/alcasar-mysql.sh -acct_stop" /etc/init.d/mysqld
 749 
	$SED "/wait_for_pid created/a echo \"Flush ALCASAR open accounting sessions\"; /usr/local/sbin/alcasar-mysql.sh -acct_stop" /etc/init.d/mysqld
750 
	$SED "/'stop')/a echo \"Flush ALCASAR open accounting sessions\"; /usr/local/sbin/alcasar-mysql.sh -acct_stop" /etc/init.d/mysqld
 750 
	$SED "/'stop')/a echo \"Flush ALCASAR open accounting sessions\"; /usr/local/sbin/alcasar-mysql.sh -acct_stop" /etc/init.d/mysqld
751 
} # End init_db ()
 751 
} # End init_db ()
752 
 
 752 
 
753 
##########################################################################
 753 
##########################################################################
754 
##			Fonction param_radius				##
 754 
##			Fonction param_radius				##
755 
## - Paramètrage des fichiers de configuration FreeRadius		##
 755 
## - Paramètrage des fichiers de configuration FreeRadius		##
756 
## - Affectation du secret partagé entre coova-chilli et freeradius	##
 756 
## - Affectation du secret partagé entre coova-chilli et freeradius	##
757 
## - Modification de fichier de conf pour l'accès à Mysql		##
 757 
## - Modification de fichier de conf pour l'accès à Mysql		##
758 
##########################################################################
 758 
##########################################################################
759 
param_radius ()
 759 
param_radius ()
760 
{
 760 
{
761 
	cp -f $DIR_CONF/radiusd-db-vierge.sql /etc/raddb/
 761 
	cp -f $DIR_CONF/radiusd-db-vierge.sql /etc/raddb/
762 
	chown -R radius:radius /etc/raddb
 762 
	chown -R radius:radius /etc/raddb
763 
	[ -e /etc/raddb/radiusd.conf.default ] || cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
 763 
	[ -e /etc/raddb/radiusd.conf.default ] || cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
764 
# paramètrage radius.conf
 764 
# paramètrage radius.conf
765 
	$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
 765 
	$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
766 
	$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
 766 
	$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
767 
	$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
 767 
	$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
768 
# suppression de la fonction proxy
 768 
# suppression de la fonction proxy
769 
	$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf
 769 
	$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf
770 
	$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf
 770 
	$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf
771 
# suppression du module EAP
 771 
# suppression du module EAP
772 
	$SED "s?^[\t ]*\$INCLUDE eap.conf.*?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf
 772 
	$SED "s?^[\t ]*\$INCLUDE eap.conf.*?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf
773 
# écoute sur loopback uniquement (à modifier plus tard pour l'EAP)
 773 
# écoute sur loopback uniquement (à modifier plus tard pour l'EAP)
774 
	$SED "s?^[\t ]*ipaddr =.*?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf
 774 
	$SED "s?^[\t ]*ipaddr =.*?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf
775 
# prise en compte du module SQL et des compteurs SQL
 775 
# prise en compte du module SQL et des compteurs SQL
776 
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql.conf.*?\$INCLUDE sql.conf?g" /etc/raddb/radiusd.conf
 776 
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql.conf.*?\$INCLUDE sql.conf?g" /etc/raddb/radiusd.conf
777 
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
 777 
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
778 
	$SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
 778 
	$SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
779 
# purge du répertoire des serveurs virtuels et copie du fichier de configuration d'Alcasar
 779 
# purge du répertoire des serveurs virtuels et copie du fichier de configuration d'Alcasar
780 
	rm -f /etc/raddb/sites-enabled/*
 780 
	rm -f /etc/raddb/sites-enabled/*
781 
       	cp $DIR_CONF/alcasar-radius /etc/raddb/sites-available/alcasar
 781 
       	cp $DIR_CONF/alcasar-radius /etc/raddb/sites-available/alcasar
782 
	chown radius:apache /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap # droits rw pour apache (module ldap)
 782 
	chown radius:apache /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap # droits rw pour apache (module ldap)
783 
	chmod 660 /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap
 783 
	chmod 660 /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap
784 
	chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/modules
 784 
	chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/modules
785 
	ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
 785 
	ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
786 
# Inutile dans notre fonctionnement mais les liens sont recréés par un update de radius ... donc forcé en tant que fichier à 'vide'
 786 
# Inutile dans notre fonctionnement mais les liens sont recréés par un update de radius ... donc forcé en tant que fichier à 'vide'
787 
	touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default}
 787 
	touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default}
788 
# configuration du fichier client.conf (127.0.0.1 suffit mais on laisse le deuxième client pour la future gestion de l'EAP)
 788 
# configuration du fichier client.conf (127.0.0.1 suffit mais on laisse le deuxième client pour la future gestion de l'EAP)
789 
	[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
 789 
	[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
790 
	cat << EOF > /etc/raddb/clients.conf
 790 
	cat << EOF > /etc/raddb/clients.conf
791 
client 127.0.0.1 {
 791 
client 127.0.0.1 {
792 
	secret = $secretradius
 792 
	secret = $secretradius
793 
	shortname = localhost
 793 
	shortname = localhost
794 
}
 794 
}
795 
EOF
 795 
EOF
796 
# modif sql.conf
 796 
# modif sql.conf
797 
	[ -e /etc/raddb/sql.conf.default ] || cp /etc/raddb/sql.conf /etc/raddb/sql.conf.default
 797 
	[ -e /etc/raddb/sql.conf.default ] || cp /etc/raddb/sql.conf /etc/raddb/sql.conf.default
798 
	$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/sql.conf
 798 
	$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/sql.conf
799 
	$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/sql.conf
 799 
	$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/sql.conf
800 
	$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/sql.conf
 800 
	$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/sql.conf
801 
	$SED "s?^[\t ]*sqltrace =.*?sqltrace = no?g" /etc/raddb/sql.conf
 801 
	$SED "s?^[\t ]*sqltrace =.*?sqltrace = no?g" /etc/raddb/sql.conf
802 
# modif dialup.conf
 802 
# modif dialup.conf
803 
	[ -e /etc/raddb/sql/mysql/dialup.conf.default ] || cp /etc/raddb/sql/mysql/dialup.conf /etc/raddb/sql/mysql/dialup.conf.default
 803 
	[ -e /etc/raddb/sql/mysql/dialup.conf.default ] || cp /etc/raddb/sql/mysql/dialup.conf /etc/raddb/sql/mysql/dialup.conf.default
804 
	cp -f $DIR_CONF/dialup.conf /etc/raddb/sql/mysql/dialup.conf
 804 
	cp -f $DIR_CONF/dialup.conf /etc/raddb/sql/mysql/dialup.conf
805 
} # End param_radius ()
 805 
} # End param_radius ()
806 
 
 806 
 
807 
##########################################################################
 807 
##########################################################################
808 
##			Fonction param_web_radius			##
 808 
##			Fonction param_web_radius			##
809 
## - Import, modification et paramètrage de l'interface "dialupadmin"	##
 809 
## - Import, modification et paramètrage de l'interface "dialupadmin"	##
810 
## - Création du lien vers la page de changement de mot de passe        ##
 810 
## - Création du lien vers la page de changement de mot de passe        ##
811 
##########################################################################
 811 
##########################################################################
812 
param_web_radius ()
 812 
param_web_radius ()
813 
{
 813 
{
814 
# copie de l'interface d'origine dans la structure Alcasar
 814 
# copie de l'interface d'origine dans la structure Alcasar
815 
	[ -d /usr/share/freeradius-web ] && cp -rf /usr/share/freeradius-web/* $DIR_ACC/manager/
 815 
	[ -d /usr/share/freeradius-web ] && cp -rf /usr/share/freeradius-web/* $DIR_ACC/manager/
816 
	rm -f $DIR_ACC/manager/index.html $DIR_ACC/manager/readme
816 
	rm -f $DIR_ACC/manager/index.html $DIR_ACC/manager/readme
817 
	rm -f $DIR_ACC/manager/htdocs/about.html $DIR_ACC/manager/htdocs/index.html $DIR_ACC/manager/htdocs/content.html
 817 
	rm -f $DIR_ACC/manager/htdocs/about.html $DIR_ACC/manager/htdocs/index.html $DIR_ACC/manager/htdocs/content.html
818 
# copie des fichiers modifiés
 818 
# copie des fichiers modifiés
819 
	cp -rf $DIR_INSTALL/web/acc/manager/* $DIR_ACC/manager/
 819 
	cp -rf $DIR_INSTALL/web/acc/manager/* $DIR_ACC/manager/
820 
	chown -R apache:apache $DIR_ACC/manager/
 820 
	chown -R apache:apache $DIR_ACC/manager/
821 
# Modification des fichiers de configuration
 821 
# Modification des fichiers de configuration
822 
	[ -e /etc/freeradius-web/admin.conf.default ] || cp /etc/freeradius-web/admin.conf /etc/freeradius-web/admin.conf.default
 822 
	[ -e /etc/freeradius-web/admin.conf.default ] || cp /etc/freeradius-web/admin.conf /etc/freeradius-web/admin.conf.default
823 
	$SED "s?^general_domain:.*?general_domain: $DOMAIN?g" /etc/freeradius-web/admin.conf
 823 
	$SED "s?^general_domain:.*?general_domain: $DOMAIN?g" /etc/freeradius-web/admin.conf
824 
	$SED "s?^sql_username:.*?sql_username: $DB_USER?g" /etc/freeradius-web/admin.conf
 824 
	$SED "s?^sql_username:.*?sql_username: $DB_USER?g" /etc/freeradius-web/admin.conf
825 
	$SED "s?^sql_password:.*?sql_password: $radiuspwd?g" /etc/freeradius-web/admin.conf
 825 
	$SED "s?^sql_password:.*?sql_password: $radiuspwd?g" /etc/freeradius-web/admin.conf
826 
	$SED "s?^sql_debug:.*?sql_debug: false?g" /etc/freeradius-web/admin.conf
 826 
	$SED "s?^sql_debug:.*?sql_debug: false?g" /etc/freeradius-web/admin.conf
827 
	$SED "s?^sql_usergroup_table: .*?sql_usergroup_table: radusergroup?g" /etc/freeradius-web/admin.conf
 827 
	$SED "s?^sql_usergroup_table: .*?sql_usergroup_table: radusergroup?g" /etc/freeradius-web/admin.conf
828 
	$SED "s?^sql_password_attribute:.*?sql_password_attribute: Crypt-Password?g" /etc/freeradius-web/admin.conf
 828 
	$SED "s?^sql_password_attribute:.*?sql_password_attribute: Crypt-Password?g" /etc/freeradius-web/admin.conf
829 
	$SED "s?^general_finger_type.*?# general_finger_type: snmp?g" /etc/freeradius-web/admin.conf
 829 
	$SED "s?^general_finger_type.*?# general_finger_type: snmp?g" /etc/freeradius-web/admin.conf
830 
	$SED "s?^general_stats_use_totacct.*?general_stats_use_totacct: yes?g" /etc/freeradius-web/admin.conf
 830 
	$SED "s?^general_stats_use_totacct.*?general_stats_use_totacct: yes?g" /etc/freeradius-web/admin.conf
831 
	$SED "s?^general_charset.*?general_charset: utf-8?g" /etc/freeradius-web/admin.conf
 831 
	$SED "s?^general_charset.*?general_charset: utf-8?g" /etc/freeradius-web/admin.conf
832 
	[ -e /etc/freeradius-web/config.php.default ] || cp /etc/freeradius-web/config.php /etc/freeradius-web/config.php.default
 832 
	[ -e /etc/freeradius-web/config.php.default ] || cp /etc/freeradius-web/config.php /etc/freeradius-web/config.php.default
833 
	cp -f $DIR_CONF/freeradiusweb-config.php /etc/freeradius-web/config.php
 833 
	cp -f $DIR_CONF/freeradiusweb-config.php /etc/freeradius-web/config.php
834 
	cat <<EOF > /etc/freeradius-web/naslist.conf
 834 
	cat <<EOF > /etc/freeradius-web/naslist.conf
835 
nas1_name: alcasar-$ORGANISME
 835 
nas1_name: alcasar-$ORGANISME
836 
nas1_model: Portail captif
 836 
nas1_model: Portail captif
837 
nas1_ip: $PRIVATE_IP
 837 
nas1_ip: $PRIVATE_IP
838 
nas1_port_num: 0
 838 
nas1_port_num: 0
839 
nas1_community: public
 839 
nas1_community: public
840 
EOF
 840 
EOF
841 
# Modification des attributs visibles lors de la création d'un usager ou d'un groupe
 841 
# Modification des attributs visibles lors de la création d'un usager ou d'un groupe
842 
	[ -e /etc/freeradius-web/user_edit.attrs.default ] || mv /etc/freeradius-web/user_edit.attrs /etc/freeradius-web/user_edit.attrs.default
 842 
	[ -e /etc/freeradius-web/user_edit.attrs.default ] || mv /etc/freeradius-web/user_edit.attrs /etc/freeradius-web/user_edit.attrs.default
843 
	cp -f $DIR_CONF/user_edit.attrs /etc/freeradius-web/user_edit.attrs
 843 
	cp -f $DIR_CONF/user_edit.attrs /etc/freeradius-web/user_edit.attrs
844 
# Ajout du mappage des attributs chillispot
 844 
# Ajout du mappage des attributs chillispot
845 
	[ -e /etc/freeradius-web/sql.attrmap.default ] || mv /etc/freeradius-web/sql.attrmap /etc/freeradius-web/sql.attrmap.default
 845 
	[ -e /etc/freeradius-web/sql.attrmap.default ] || mv /etc/freeradius-web/sql.attrmap /etc/freeradius-web/sql.attrmap.default
846 
	cp -f $DIR_CONF/sql.attrmap /etc/freeradius-web/sql.attrmap
 846 
	cp -f $DIR_CONF/sql.attrmap /etc/freeradius-web/sql.attrmap
847 
# Modification des attributs visibles sur les pages des statistiques (suppression NAS_IP et NAS_port)
 847 
# Modification des attributs visibles sur les pages des statistiques (suppression NAS_IP et NAS_port)
848 
	[ -e /etc/freeradius-web/sql.attrs.default ] || cp /etc/freeradius-web/sql.attrs /etc/freeradius-web/user_edit.attrs.default
 848 
	[ -e /etc/freeradius-web/sql.attrs.default ] || cp /etc/freeradius-web/sql.attrs /etc/freeradius-web/user_edit.attrs.default
849 
	$SED "s?^NASIPAddress.*?NASIPAddress\tNas IP Address\tno?g" /etc/freeradius-web/sql.attrs
 849 
	$SED "s?^NASIPAddress.*?NASIPAddress\tNas IP Address\tno?g" /etc/freeradius-web/sql.attrs
850 
	$SED "s?^NASPortId.*?NASPortId\tNas Port\tno?g" /etc/freeradius-web/sql.attrs
 850 
	$SED "s?^NASPortId.*?NASPortId\tNas Port\tno?g" /etc/freeradius-web/sql.attrs
851 
	chown -R apache:apache /etc/freeradius-web
 851 
	chown -R apache:apache /etc/freeradius-web
852 
# Ajout de l'alias vers la page de "changement de mot de passe usager"
 852 
# Ajout de l'alias vers la page de "changement de mot de passe usager"
853 
	cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
 853 
	cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
854 
<Directory $DIR_WEB/pass>
 854 
<Directory $DIR_WEB/pass>
855 
	SSLRequireSSL
 855 
	SSLRequireSSL
856 
	AllowOverride None
 856 
	AllowOverride None
857 
	Order deny,allow
 857 
	Order deny,allow
858 
	Deny from all
 858 
	Deny from all
859 
	Allow from 127.0.0.1
 859 
	Allow from 127.0.0.1
860 
	Allow from $PRIVATE_NETWORK_MASK
 860 
	Allow from $PRIVATE_NETWORK_MASK
861 
	ErrorDocument 404 https://$HOSTNAME
 861 
	ErrorDocument 404 https://$HOSTNAME
862 
</Directory>
 862 
</Directory>
863 
EOF
 863 
EOF
864 
} # End of param_web_radius ()
 864 
} # End of param_web_radius ()
865 
 
 865 
 
866 
##################################################################################
 866 
##################################################################################
867 
##			Fonction param_chilli					##
 867 
##			Fonction param_chilli					##
868 
## - Création du fichier d'initialisation et de configuration de coova-chilli	##
 868 
## - Création du fichier d'initialisation et de configuration de coova-chilli	##
869 
## - Paramètrage de la page d'authentification (intercept.php)			##
 869 
## - Paramètrage de la page d'authentification (intercept.php)			##
870 
##################################################################################
 870 
##################################################################################
871 
param_chilli ()
 871 
param_chilli ()
872 
{
 872 
{
873 
# init file creation
 873 
# init file creation
874 
	[ -e /etc/init.d/chilli.default ] || cp /etc/init.d/chilli /etc/init.d/chilli.default
 874 
	[ -e /etc/init.d/chilli.default ] || cp /etc/init.d/chilli /etc/init.d/chilli.default
875 
	cat <<EOF > /etc/init.d/chilli
 875 
	cat <<EOF > /etc/init.d/chilli
876 
#!/bin/sh
 876 
#!/bin/sh
877 
#
 877 
#
878 
# chilli CoovaChilli init
 878 
# chilli CoovaChilli init
879 
#
 879 
#
880 
# chkconfig: 2345 65 35
 880 
# chkconfig: 2345 65 35
881 
# description: CoovaChilli
 881 
# description: CoovaChilli
882 
### BEGIN INIT INFO
 882 
### BEGIN INIT INFO
883 
# Provides:       chilli
 883 
# Provides:       chilli
884 
# Required-Start: network
884 
# Required-Start: network
885 
# Should-Start:
885 
# Should-Start:
886 
# Required-Stop:  network
 886 
# Required-Stop:  network
887 
# Should-Stop:
887 
# Should-Stop:
888 
# Default-Start:  2 3 5
 888 
# Default-Start:  2 3 5
889 
# Default-Stop:
 889 
# Default-Stop:
890 
# Description:    CoovaChilli access controller
 890 
# Description:    CoovaChilli access controller
891 
### END INIT INFO
 891 
### END INIT INFO
892 
 
 892 
 
893 
[ -f /usr/sbin/chilli ] || exit 0
 893 
[ -f /usr/sbin/chilli ] || exit 0
894 
. /etc/init.d/functions
 894 
. /etc/init.d/functions
895 
CONFIG=/etc/chilli.conf
 895 
CONFIG=/etc/chilli.conf
896 
pidfile=/var/run/chilli.pid
 896 
pidfile=/var/run/chilli.pid
897 
[ -f \$CONFIG ] || {
 897 
[ -f \$CONFIG ] || {
898 
    echo "\$CONFIG Not found"
 898 
    echo "\$CONFIG Not found"
899 
    exit 0
 899 
    exit 0
900 
}
 900 
}
901 
RETVAL=0
 901 
RETVAL=0
902 
prog="chilli"
 902 
prog="chilli"
903 
case \$1 in
 903 
case \$1 in
904 
    start)
 904 
    start)
905 
	if [ -f \$pidfile ] ; then
905 
	if [ -f \$pidfile ] ; then
906 
		gprintf "chilli is already running"
 906 
		gprintf "chilli is already running"
907 
	else
 907 
	else
908 
        	gprintf "Starting \$prog: "
 908 
        	gprintf "Starting \$prog: "
909 
		rm -f /var/run/chilli* # cleaning
 909 
		rm -f /var/run/chilli* # cleaning
910 
        	/sbin/modprobe tun >/dev/null 2>&1
 910 
        	/sbin/modprobe tun >/dev/null 2>&1
911 
        	echo 1 > /proc/sys/net/ipv4/ip_forward
 911 
        	echo 1 > /proc/sys/net/ipv4/ip_forward
912 
		[ -e /dev/net/tun ] || {
 912 
		[ -e /dev/net/tun ] || {
913 
	    	(cd /dev;
913 
	    	(cd /dev;
914 
			mkdir net;
914 
			mkdir net;
915 
			cd net;
915 
			cd net;
916 
			mknod tun c 10 200)
 916 
			mknod tun c 10 200)
917 
		}
 917 
		}
918 
		ifconfig eth1 0.0.0.0
 918 
		ifconfig eth1 0.0.0.0
919 
		daemon /usr/sbin/chilli -c \$CONFIG --pidfile=\$pidfile &
 919 
		daemon /usr/sbin/chilli -c \$CONFIG --pidfile=\$pidfile &
920 
        	RETVAL=$?
 920 
        	RETVAL=$?
921 
	fi
 921 
	fi
922 
	;;
 922 
	;;
923 
 
 923 
 
924 
    reload)
 924 
    reload)
925 
	killall -HUP chilli
 925 
	killall -HUP chilli
926 
	;;
 926 
	;;
927 
 
 927 
 
928 
    restart)
 928 
    restart)
929 
	\$0 stop
 929 
	\$0 stop
930 
        sleep 2
 930 
        sleep 2
931 
	\$0 start
 931 
	\$0 start
932 
	;;
 932 
	;;
933
933
934 
    status)
 934 
    status)
935 
        status chilli
 935 
        status chilli
936 
        RETVAL=0
 936 
        RETVAL=0
937 
        ;;
 937 
        ;;
938 
 
 938 
 
939 
    stop)
 939 
    stop)
940 
	if [ -f \$pidfile ] ; then
940 
	if [ -f \$pidfile ] ; then
941 
        	gprintf "Shutting down \$prog: "
 941 
        	gprintf "Shutting down \$prog: "
942 
		killproc /usr/sbin/chilli
 942 
		killproc /usr/sbin/chilli
943 
		RETVAL=\$?
 943 
		RETVAL=\$?
944 
		[ \$RETVAL = 0 ] && rm -f $pidfile
 944 
		[ \$RETVAL = 0 ] && rm -f $pidfile
945 
	else
945 
	else
946 
        	gprintf "chilli is not running"
 946 
        	gprintf "chilli is not running"
947 
	fi
 947 
	fi
948 
	;;
 948 
	;;
949
949
950 
    *)
 950 
    *)
951 
        echo "Usage: \$0 {start|stop|restart|reload|status}"
 951 
        echo "Usage: \$0 {start|stop|restart|reload|status}"
952 
        exit 1
 952 
        exit 1
953 
esac
 953 
esac
954 
echo
 954 
echo
955 
EOF
 955 
EOF
956 
 
 956 
 
957 
# conf file creation
 957 
# conf file creation
958 
	[ -e /etc/chilli.conf.default ] || cp /etc/chilli.conf /etc/chilli.conf.default
 958 
	[ -e /etc/chilli.conf.default ] || cp /etc/chilli.conf /etc/chilli.conf.default
959 
	cat <<EOF > /etc/chilli.conf
 959 
	cat <<EOF > /etc/chilli.conf
960 
# coova config for ALCASAR
 960 
# coova config for ALCASAR
961 
cmdsocket	/var/run/chilli.sock
 961 
cmdsocket	/var/run/chilli.sock
962 
unixipc		chilli.eth1.ipc
 962 
unixipc		chilli.eth1.ipc
963 
pidfile		/var/run/chilli.eth1.pid
 963 
pidfile		/var/run/chilli.eth1.pid
964 
net		$PRIVATE_NETWORK_MASK
 964 
net		$PRIVATE_NETWORK_MASK
965 
dhcpif		$INTIF
 965 
dhcpif		$INTIF
966 
ethers		$DIR_DEST_ETC/alcasar-ethers
 966 
ethers		$DIR_DEST_ETC/alcasar-ethers
967 
#nodynip
 967 
#nodynip
968 
#statip
 968 
#statip
969 
dynip		$PRIVATE_NETWORK_MASK
 969 
dynip		$PRIVATE_NETWORK_MASK
970 
domain		localdomain
 970 
domain		localdomain
971 
dns1		$PRIVATE_IP
 971 
dns1		$PRIVATE_IP
972 
dns2		$PRIVATE_IP
 972 
dns2		$PRIVATE_IP
973 
uamlisten	$PRIVATE_IP
 973 
uamlisten	$PRIVATE_IP
974 
uamport		3990
 974 
uamport		3990
975 
macauth
 975 
macauth
976 
macpasswd	password
 976 
macpasswd	password
977 
locationname	$HOSTNAME
 977 
locationname	$HOSTNAME
978 
radiusserver1	127.0.0.1
 978 
radiusserver1	127.0.0.1
979 
radiusserver2	127.0.0.1
 979 
radiusserver2	127.0.0.1
980 
radiussecret	$secretradius
 980 
radiussecret	$secretradius
981 
radiusauthport	1812
 981 
radiusauthport	1812
982 
radiusacctport	1813
 982 
radiusacctport	1813
983 
uamserver	https://$HOSTNAME/intercept.php
 983 
uamserver	https://$HOSTNAME/intercept.php
984 
radiusnasid	$HOSTNAME
 984 
radiusnasid	$HOSTNAME
985 
uamsecret	$secretuam
 985 
uamsecret	$secretuam
986 
uamallowed	alcasar
 986 
uamallowed	alcasar
987 
coaport		3799
 987 
coaport		3799
988 
include		$DIR_DEST_ETC/alcasar-uamallowed
 988 
include		$DIR_DEST_ETC/alcasar-uamallowed
989 
include		$DIR_DEST_ETC/alcasar-uamdomain
 989 
include		$DIR_DEST_ETC/alcasar-uamdomain
990 
#dhcpgateway
 990 
#dhcpgateway
991 
#dhcprelayagent
 991 
#dhcprelayagent
992 
#dhcpgatewayport
 992 
#dhcpgatewayport
993 
EOF
 993 
EOF
994 
# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0)
 994 
# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0)
995 
	echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
 995 
	echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
996 
# create files for trusted domains and urls
 996 
# create files for trusted domains and urls
997 
	touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
 997 
	touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
998 
	chown root:apache $DIR_DEST_ETC/alcasar-*
 998 
	chown root:apache $DIR_DEST_ETC/alcasar-*
999 
	chmod 660 $DIR_DEST_ETC/alcasar-*
 999 
	chmod 660 $DIR_DEST_ETC/alcasar-*
1000 
# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli)
 1000 
# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli)
1001 
	$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php
 1001 
	$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php
1002 
	$SED "s?^\$userpassword=1.*?\$userpassword=1;?g" $DIR_WEB/intercept.php
 1002 
	$SED "s?^\$userpassword=1.*?\$userpassword=1;?g" $DIR_WEB/intercept.php
1003 
# user 'chilli' creation (in order to run conup/off and up/down scripts
 1003 
# user 'chilli' creation (in order to run conup/off and up/down scripts
1004 
	chilli_exist=`grep chilli /etc/passwd|wc -l`
 1004 
	chilli_exist=`grep chilli /etc/passwd|wc -l`
1005 
	if [ "$chilli_exist" == "1" ]
 1005 
	if [ "$chilli_exist" == "1" ]
1006 
	then
 1006 
	then
1007 
	      userdel -r chilli 2>/dev/null
 1007 
	      userdel -r chilli 2>/dev/null
1008 
	fi
 1008 
	fi
1009 
	groupadd -f chilli
 1009 
	groupadd -f chilli
1010 
	useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
 1010 
	useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
1011 
}  # End of param_chilli ()
 1011 
}  # End of param_chilli ()
1012 
 
 1012 
 
1013 
##########################################################
 1013 
##########################################################
1014 
##			Fonction param_squid		##
 1014 
##			Fonction param_squid		##
1015 
## - Paramètrage du proxy 'squid' en mode 'cache'	##
 1015 
## - Paramètrage du proxy 'squid' en mode 'cache'	##
1016 
## - Initialisation de la base de données  		##
 1016 
## - Initialisation de la base de données  		##
1017 
##########################################################
 1017 
##########################################################
1018 
param_squid ()
 1018 
param_squid ()
1019 
{
 1019 
{
1020 
# paramètrage de Squid (connecté en série derrière Dansguardian)
 1020 
# paramètrage de Squid (connecté en série derrière Dansguardian)
1021 
	[ -e /etc/squid/squid.conf.default  ] || cp /etc/squid/squid.conf /etc/squid/squid.conf.default
 1021 
	[ -e /etc/squid/squid.conf.default  ] || cp /etc/squid/squid.conf /etc/squid/squid.conf.default
1022 
# suppression des références 'localnet', 'icp', 'htcp' et 'always_direct'
 1022 
# suppression des références 'localnet', 'icp', 'htcp' et 'always_direct'
1023 
	$SED "/^acl localnet/d" /etc/squid/squid.conf
 1023 
	$SED "/^acl localnet/d" /etc/squid/squid.conf
1024 
	$SED "/^icp_access allow localnet/d" /etc/squid/squid.conf
 1024 
	$SED "/^icp_access allow localnet/d" /etc/squid/squid.conf
1025 
	$SED "/^icp_port 3130/d" /etc/squid/squid.conf
 1025 
	$SED "/^icp_port 3130/d" /etc/squid/squid.conf
1026 
	$SED "/^http_access allow localnet/d" /etc/squid/squid.conf
 1026 
	$SED "/^http_access allow localnet/d" /etc/squid/squid.conf
1027 
	$SED "/^htcp_access allow localnet/d" /etc/squid/squid.conf
 1027 
	$SED "/^htcp_access allow localnet/d" /etc/squid/squid.conf
1028 
	$SED "/^always_direct allow localnet/d" /etc/squid/squid.conf
 1028 
	$SED "/^always_direct allow localnet/d" /etc/squid/squid.conf
1029 
# mode 'proxy transparent local'
 1029 
# mode 'proxy transparent local'
1030 
	$SED "s?^http_port.*?http_port 127.0.0.1:3128 transparent?g" /etc/squid/squid.conf
 1030 
	$SED "s?^http_port.*?http_port 127.0.0.1:3128 transparent?g" /etc/squid/squid.conf
1031 
# Configuration du cache local
 1031 
# Configuration du cache local
1032 
	$SED "s?^#cache_dir.*?cache_dir ufs \/var\/spool\/squid 256 16 256?g" /etc/squid/squid.conf
 1032 
	$SED "s?^#cache_dir.*?cache_dir ufs \/var\/spool\/squid 256 16 256?g" /etc/squid/squid.conf
1033 
# emplacement et formatage standard des logs
 1033 
# emplacement et formatage standard des logs
1034 
	echo '#logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh' >> /etc/squid/squid.conf
 1034 
	echo '#logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh' >> /etc/squid/squid.conf
1035 
	echo '#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh' >> /etc/squid/squid.conf
 1035 
	echo '#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh' >> /etc/squid/squid.conf
1036 
        echo "access_log /var/log/squid/access.log" >> /etc/squid/squid.conf
 1036 
        echo "access_log /var/log/squid/access.log" >> /etc/squid/squid.conf
1037 
# compatibilité des logs avec awstats
 1037 
# compatibilité des logs avec awstats
1038 
	echo "emulate_httpd_log on" >> /etc/squid/squid.conf
 1038 
	echo "emulate_httpd_log on" >> /etc/squid/squid.conf
1039 
	echo "half_closed_clients off" >> /etc/squid/squid.conf
 1039 
	echo "half_closed_clients off" >> /etc/squid/squid.conf
1040 
	echo "server_persistent_connections off" >> /etc/squid/squid.conf
 1040 
	echo "server_persistent_connections off" >> /etc/squid/squid.conf
1041 
	echo "client_persistent_connections on" >> /etc/squid/squid.conf
 1041 
	echo "client_persistent_connections on" >> /etc/squid/squid.conf
1042 
	echo "client_lifetime 1440 minutes" >> /etc/squid/squid.conf
 1042 
	echo "client_lifetime 1440 minutes" >> /etc/squid/squid.conf
1043 
	echo "request_timeout 5 minutes" >> /etc/squid/squid.conf
 1043 
	echo "request_timeout 5 minutes" >> /etc/squid/squid.conf
1044 
	echo "persistent_request_timeout 2 minutes" >> /etc/squid/squid.conf
 1044 
	echo "persistent_request_timeout 2 minutes" >> /etc/squid/squid.conf
1045 
	echo "cache_mem 256 MB" >> /etc/squid/squid.conf
 1045 
	echo "cache_mem 256 MB" >> /etc/squid/squid.conf
1046 
	echo "maximum_object_size_in_memory 4096 KB" >> /etc/squid/squid.conf
 1046 
	echo "maximum_object_size_in_memory 4096 KB" >> /etc/squid/squid.conf
1047 
	echo "maximum_object_size     4096 KB" >> /etc/squid/squid.conf
 1047 
	echo "maximum_object_size     4096 KB" >> /etc/squid/squid.conf
1048 
# anonymisation of squid version
 1048 
# anonymisation of squid version
1049 
	echo "via off" >> /etc/squid/squid.conf
 1049 
	echo "via off" >> /etc/squid/squid.conf
1050 
# remove the 'X_forwarded' http option
 1050 
# remove the 'X_forwarded' http option
1051 
	echo "forwarded_for delete" >> /etc/squid/squid.conf
 1051 
	echo "forwarded_for delete" >> /etc/squid/squid.conf
1052 
# linked squid output in HAVP input
 1052 
# linked squid output in HAVP input
1053 
	echo "cache_peer 127.0.0.1 parent 8090 0 no-query default" >> /etc/squid/squid.conf
 1053 
	echo "cache_peer 127.0.0.1 parent 8090 0 no-query default" >> /etc/squid/squid.conf
1054 
	echo "never_direct allow all" >> /etc/squid/squid.conf
 1054 
	echo "never_direct allow all" >> /etc/squid/squid.conf
1055 
# avoid error messages on network interfaces state changes
 1055 
# avoid error messages on network interfaces state changes
1056 
	$SED "s?^SQUID_AUTO_RELOAD.*?SQUID_AUTO_RELOAD=no?g" /etc/sysconfig/squid
 1056 
	$SED "s?^SQUID_AUTO_RELOAD.*?SQUID_AUTO_RELOAD=no?g" /etc/sysconfig/squid
1057 
# reduce squid shutdown time (100 to 50)
 1057 
# reduce squid shutdown time (100 to 50)
1058 
	$SED "s?^SQUID_SHUTDOWN_TIMEOUT.*?SQUID_SHUTDOWN_TIMEOUT=50?g" /etc/sysconfig/squid
 1058 
	$SED "s?^SQUID_SHUTDOWN_TIMEOUT.*?SQUID_SHUTDOWN_TIMEOUT=50?g" /etc/sysconfig/squid
1059 
 
 1059 
 
1060 
# Squid cache init
 1060 
# Squid cache init
1061 
	/usr/sbin/squid -z
 1061 
	/usr/sbin/squid -z
1062 
}  # End of param_squid ()
 1062 
}  # End of param_squid ()
1063
1063
1064 
##################################################################
 1064 
##################################################################
1065 
##		Fonction param_dansguardian			##
 1065 
##		Fonction param_dansguardian			##
1066 
## - Paramètrage du gestionnaire de contenu Dansguardian	##
 1066 
## - Paramètrage du gestionnaire de contenu Dansguardian	##
1067 
##################################################################
 1067 
##################################################################
1068 
param_dansguardian ()
 1068 
param_dansguardian ()
1069 
{
 1069 
{
1070 
	mkdir /var/dansguardian
 1070 
	mkdir /var/dansguardian
1071 
	chown dansguardian /var/dansguardian
 1071 
	chown dansguardian /var/dansguardian
1072 
	[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
 1072 
	[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
1073 
# Le filtrage est désactivé par défaut
1073 
# Le filtrage est désactivé par défaut
1074 
	$SED "s/^reportinglevel =.*/reportinglevel = -1/g" $DIR_DG/dansguardian.conf
 1074 
	$SED "s/^reportinglevel =.*/reportinglevel = -1/g" $DIR_DG/dansguardian.conf
1075 
# la page d'interception est en français
 1075 
# la page d'interception est en français
1076 
	$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
 1076 
	$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
1077 
# on limite l'écoute de Dansguardian côté LAN
 1077 
# on limite l'écoute de Dansguardian côté LAN
1078 
	$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
 1078 
	$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
1079 
# on chaîne Dansguardian au proxy cache SQUID
 1079 
# on chaîne Dansguardian au proxy cache SQUID
1080 
	$SED "s?^proxyport.*?proxyport = 3128?g" $DIR_DG/dansguardian.conf
 1080 
	$SED "s?^proxyport.*?proxyport = 3128?g" $DIR_DG/dansguardian.conf
1081 
# on remplace la page d'interception (template)
 1081 
# on remplace la page d'interception (template)
1082 
	cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
 1082 
	cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
1083 
	cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
 1083 
	cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
1084 
# on ne loggue que les deny (pour le reste, on a squid)
 1084 
# on ne loggue que les deny (pour le reste, on a squid)
1085 
	$SED "s?^loglevel =.*?loglevel = 1?g" $DIR_DG/dansguardian.conf
 1085 
	$SED "s?^loglevel =.*?loglevel = 1?g" $DIR_DG/dansguardian.conf
1086 
# lauch of 10 daemons (20 in largest server)
 1086 
# lauch of 10 daemons (20 in largest server)
1087 
	$SED "s?^minchildren =.*?minchildren = 10?g" $DIR_DG/dansguardian.conf
 1087 
	$SED "s?^minchildren =.*?minchildren = 10?g" $DIR_DG/dansguardian.conf
1088 
# on désactive par défaut le controle de contenu des pages html
 1088 
# on désactive par défaut le controle de contenu des pages html
1089 
	$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf
 1089 
	$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf
1090 
	cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
 1090 
	cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
1091 
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
 1091 
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
1092 
# on désactive par défaut le contrôle d'URL par expressions régulières
 1092 
# on désactive par défaut le contrôle d'URL par expressions régulières
1093 
	cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
 1093 
	cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
1094 
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
 1094 
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
1095 
# on désactive par défaut le contrôle de téléchargement de fichiers
 1095 
# on désactive par défaut le contrôle de téléchargement de fichiers
1096 
	[ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
 1096 
	[ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
1097 
	$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
 1097 
	$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
1098 
	[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
 1098 
	[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
1099 
	[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
 1099 
	[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
1100 
	touch $DIR_DG/lists/bannedextensionlist
 1100 
	touch $DIR_DG/lists/bannedextensionlist
1101 
	touch $DIR_DG/lists/bannedmimetypelist
 1101 
	touch $DIR_DG/lists/bannedmimetypelist
1102 
# 'Safesearch' regex actualisation
 1102 
# 'Safesearch' regex actualisation
1103 
	$SED "s?images?search?g" $DIR_DG/lists/urlregexplist
 1103 
	$SED "s?images?search?g" $DIR_DG/lists/urlregexplist
1104 
# empty LAN IP list that won't be WEB filtered
 1104 
# empty LAN IP list that won't be WEB filtered
1105 
	[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
 1105 
	[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
1106 
	touch $DIR_DG/lists/exceptioniplist
 1106 
	touch $DIR_DG/lists/exceptioniplist
1107 
# Keep a copy of URL & domain filter configuration files
 1107 
# Keep a copy of URL & domain filter configuration files
1108 
	[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
 1108 
	[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
1109 
	[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
 1109 
	[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
1110 
} # End of param_dansguardian ()
 1110 
} # End of param_dansguardian ()
1111 
 
 1111 
 
1112 
##################################################################
 1112 
##################################################################
1113 
##			Fonction antivirus			##
 1113 
##			Fonction antivirus			##
1114 
## - configuration havp + libclamav				##
 1114 
## - configuration havp + libclamav				##
1115 
##################################################################
 1115 
##################################################################
1116 
antivirus ()
1116 
antivirus ()
1117 
{
 1117 
{
1118 
# création de l'usager 'havp'
 1118 
# création de l'usager 'havp'
1119 
	havp_exist=`grep havp /etc/passwd|wc -l`
 1119 
	havp_exist=`grep havp /etc/passwd|wc -l`
1120 
	if [ "$havp_exist" == "1" ]
 1120 
	if [ "$havp_exist" == "1" ]
1121 
	then
 1121 
	then
1122 
	      userdel -r havp 2>/dev/null
 1122 
	      userdel -r havp 2>/dev/null
1123 
	      groupdel havp 2>/dev/null
 1123 
	      groupdel havp 2>/dev/null
1124 
	fi
 1124 
	fi
1125 
	groupadd -f havp
 1125 
	groupadd -f havp
1126 
	useradd -r -g havp -s /bin/false -c "system user for havp" havp
 1126 
	useradd -r -g havp -s /bin/false -c "system user for havp" havp
1127 
	mkdir -p /var/tmp/havp /var/log/havp
 1127 
	mkdir -p /var/tmp/havp /var/log/havp
1128 
	chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
 1128 
	chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
1129 
	$SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp
 - 
 
1130 
# configuration d'HAVP
 1129 
# configuration d'HAVP
1131 
	[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
 1130 
	[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
1132 
	$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
 1131 
	$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
1133 
	$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config				# datas come on 8090
1132 
	$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config				# datas come on 8090
1134 
	$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config	# we listen only on loopback
 1133 
	$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config	# we listen only on loopback
1135 
	$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config	# Log format
 1134 
	$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config	# Log format
1136 
	$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config		# active libclamav AV
 1135 
	$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config		# active libclamav AV
1137 
	$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config			# log only when malware matches
 1136 
	$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config			# log only when malware matches
1138 
	$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config		# 10 daemons are started simultaneously
 1137 
	$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config		# 10 daemons are started simultaneously
1139 
	$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config		# doesn't scan image files
 1138 
	$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config		# doesn't scan image files
1140 
	$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
 1139 
	$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
1141 
# remplacement du fichier d'initialisation
 1140 
# remplacement du fichier d'initialisation
1142 
	[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
 1141 
	[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
- 
 
 1142 
# if keep old init file : $SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp
1143 
	cp -f $DIR_CONF/havp-init /etc/init.d/havp
 1143 
	cp -f $DIR_CONF/havp-init /etc/init.d/havp
1144 
# on remplace la page d'interception (template)
 1144 
# on remplace la page d'interception (template)
1145 
	cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
 1145 
	cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
1146 
	cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
 1146 
	cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
1147 
# automatisation de la mise à jour de la base antivirale (toutes les 2 heures)
 1147 
# automatisation de la mise à jour de la base antivirale (toutes les 2 heures)
1148 
	$SED "s?^Checks.*?Checks 12?g" /etc/freshclam.conf
 1148 
	$SED "s?^Checks.*?Checks 12?g" /etc/freshclam.conf
1149 
	$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
 1149 
	$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
1150 
# Virus database update
 1150 
# Virus database update
1151 
	rm -f /var/lib/clamav/*.cld # in case of old database scheme
 1151 
	rm -f /var/lib/clamav/*.cld # in case of old database scheme
1152 
	[ -e /var/lib/clamav/main.cvd ] || /usr/bin/freshclam
 1152 
	cp -f $DIR_CONF/clamav-main.cvd /var/lib/clamav/main.cvd
- 
 
 1153 
	/usr/bin/freshclam
1153 
}
 1154 
}
1154 
 
 1155 
 
1155 
##################################################################################
 1156 
##################################################################################
1156 
##			param_ulogd function					##
 1157 
##			param_ulogd function					##
1157 
## - Ulog config for multi-log files 						##
 1158 
## - Ulog config for multi-log files 						##
1158 
##################################################################################
 1159 
##################################################################################
1159 
param_ulogd ()
 1160 
param_ulogd ()
1160 
{
 1161 
{
1161 
# Three instances of ulogd (three different logfiles)
 1162 
# Three instances of ulogd (three different logfiles)
1162 
	[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
 1163 
	[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
1163 
	nl=1
 1164 
	nl=1
1164 
	for log_type in tracability ssh ext-access
 1165 
	for log_type in tracability ssh ext-access
1165 
	do
 1166 
	do
1166 
		[ -e /var/log/firewall/$log_type.log ] || touch /var/log/firewall/$log_type.log
 1167 
		[ -e /var/log/firewall/$log_type.log ] || touch /var/log/firewall/$log_type.log
1167 
		cp -f /etc/ulogd.conf /etc/ulogd-$log_type.conf
 1168 
		cp -f /etc/ulogd.conf /etc/ulogd-$log_type.conf
1168 
		$SED "s?^nlgroup=.*?nlgroup=$nl?g" /etc/ulogd-$log_type.conf
1169 
		$SED "s?^nlgroup=.*?nlgroup=$nl?g" /etc/ulogd-$log_type.conf
1169 
		$SED '/OPRINT/,$d' /etc/ulogd-$log_type.conf
 1170 
		$SED '/OPRINT/,$d' /etc/ulogd-$log_type.conf
1170 
		cat << EOF >> /etc/ulogd-$log_type.conf
 1171 
		cat << EOF >> /etc/ulogd-$log_type.conf
1171 
[LOGEMU]
 1172 
[LOGEMU]
1172 
file="/var/log/firewall/$log_type.log"
 1173 
file="/var/log/firewall/$log_type.log"
1173 
sync=1
 1174 
sync=1
1174 
EOF
 1175 
EOF
1175 
		nl=`expr $nl + 1`
 1176 
		nl=`expr $nl + 1`
1176 
	done
 1177 
	done
1177 
	chown -R root:apache /var/log/firewall
 1178 
	chown -R root:apache /var/log/firewall
1178 
	chmod 750 /var/log/firewall
 1179 
	chmod 750 /var/log/firewall
1179 
	chmod 640 /var/log/firewall/*
 1180 
	chmod 640 /var/log/firewall/*
1180 
	[ -e /etc/init.d/ulogd.default ] || cp /etc/init.d/ulogd /etc/init.d/ulogd.default
 1181 
	[ -e /etc/init.d/ulogd.default ] || cp /etc/init.d/ulogd /etc/init.d/ulogd.default
1181 
	cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd
 1182 
	cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd
1182 
}  # End of param_ulogd ()
 1183 
}  # End of param_ulogd ()
1183 
 
 1184 
 
1184 
##################################################################################
 1185 
##################################################################################
1185 
##				Fonction param_awstats				##
 1186 
##				Fonction param_awstats				##
1186 
## - configuration de l'interface des logs de consultation WEB (AWSTAT)		##
 1187 
## - configuration de l'interface des logs de consultation WEB (AWSTAT)		##
1187 
##################################################################################
 1188 
##################################################################################
1188 
param_awstats()
 1189 
param_awstats()
1189 
{
 1190 
{
1190 
	cp -rf /usr/share/awstats/www/ $DIR_ACC/awstats/
 1191 
	cp -rf /usr/share/awstats/www/ $DIR_ACC/awstats/
1191 
	chown -R apache:apache $DIR_ACC/awstats
 1192 
	chown -R apache:apache $DIR_ACC/awstats
1192 
	cp /etc/awstats/awstats.conf /etc/awstats/awstats.conf.default
 1193 
	cp /etc/awstats/awstats.conf /etc/awstats/awstats.conf.default
1193 
	$SED "s?^LogFile=.*?LogFile=\"/var/log/squid/access.log\"?g" /etc/awstats/awstats.conf
 1194 
	$SED "s?^LogFile=.*?LogFile=\"/var/log/squid/access.log\"?g" /etc/awstats/awstats.conf
1194 
	$SED "s?^LogFormat=.*?LogFormat=4?g" /etc/awstats/awstats.conf
 1195 
	$SED "s?^LogFormat=.*?LogFormat=4?g" /etc/awstats/awstats.conf
1195 
	$SED "s?^SiteDomain=.*?SiteDomain=\"$HOSTNAME\"?g" /etc/awstats/awstats.conf
 1196 
	$SED "s?^SiteDomain=.*?SiteDomain=\"$HOSTNAME\"?g" /etc/awstats/awstats.conf
1196 
	$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf
 1197 
	$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf
1197 
	$SED "s?^DNSLookup=.*?DNSLookup=0?g" /etc/awstats/awstats.conf
 1198 
	$SED "s?^DNSLookup=.*?DNSLookup=0?g" /etc/awstats/awstats.conf
1198 
	$SED "s?^DirData=.*?DirData=\"/var/lib/awstats\"?g" /etc/awstats/awstats.conf
 1199 
	$SED "s?^DirData=.*?DirData=\"/var/lib/awstats\"?g" /etc/awstats/awstats.conf
1199 
	$SED "s?^DirIcons=.*?DirIcons=\"/acc/awstats/icon\"?g" /etc/awstats/awstats.conf
 1200 
	$SED "s?^DirIcons=.*?DirIcons=\"/acc/awstats/icon\"?g" /etc/awstats/awstats.conf
1200 
	$SED "s?^StyleSheet=.*?StyleSheet=\"/css/style.css\"?g" /etc/awstats/awstats.conf
 1201 
	$SED "s?^StyleSheet=.*?StyleSheet=\"/css/style.css\"?g" /etc/awstats/awstats.conf
1201 
	$SED "s?^BuildReportFormat=.*?BuildReportFormat=xhtml?g" /etc/awstats/awstats.conf
 1202 
	$SED "s?^BuildReportFormat=.*?BuildReportFormat=xhtml?g" /etc/awstats/awstats.conf
1202 
	$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf
 1203 
	$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf
1203 
	$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf
 1204 
	$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf
1204 
	$SED "s?^ShowSummary=.*?ShowSummary=VPHB?g" /etc/awstats/awstats.conf
 1205 
	$SED "s?^ShowSummary=.*?ShowSummary=VPHB?g" /etc/awstats/awstats.conf
1205 
	$SED "s?^ShowSummary=.*?ShowSummary=VPHB?g" /etc/awstats/awstats.conf
 1206 
	$SED "s?^ShowSummary=.*?ShowSummary=VPHB?g" /etc/awstats/awstats.conf
1206 
	$SED "s?^ShowMonthStats=.*?ShowMonthStats=VPHB?g" /etc/awstats/awstats.conf
 1207 
	$SED "s?^ShowMonthStats=.*?ShowMonthStats=VPHB?g" /etc/awstats/awstats.conf
1207 
	$SED "s?^ShowDaysOfMonthStats=.*?ShowDaysOfMonthStats=PHB?g" /etc/awstats/awstats.conf
 1208 
	$SED "s?^ShowDaysOfMonthStats=.*?ShowDaysOfMonthStats=PHB?g" /etc/awstats/awstats.conf
1208 
	$SED "s?^ShowDaysOfWeekStats=.*?ShowDaysOfWeekStats=PHB?g" /etc/awstats/awstats.conf
 1209 
	$SED "s?^ShowDaysOfWeekStats=.*?ShowDaysOfWeekStats=PHB?g" /etc/awstats/awstats.conf
1209 
	$SED "s?^ShowHoursStats=.*?ShowHoursStats=PHB?g" /etc/awstats/awstats.conf
 1210 
	$SED "s?^ShowHoursStats=.*?ShowHoursStats=PHB?g" /etc/awstats/awstats.conf
1210 
	$SED "s?^ShowDomainsStats=.*?ShowDomainsStats=0?g" /etc/awstats/awstats.conf
 1211 
	$SED "s?^ShowDomainsStats=.*?ShowDomainsStats=0?g" /etc/awstats/awstats.conf
1211 
	$SED "s?^ShowHostsStats=.*?ShowHostsStats=0?g" /etc/awstats/awstats.conf
 1212 
	$SED "s?^ShowHostsStats=.*?ShowHostsStats=0?g" /etc/awstats/awstats.conf
1212 
	$SED "s?^ShowAuthenticatedUsers=.*?ShowAuthenticatedUsers=0?g" /etc/awstats/awstats.conf
 1213 
	$SED "s?^ShowAuthenticatedUsers=.*?ShowAuthenticatedUsers=0?g" /etc/awstats/awstats.conf
1213 
	$SED "s?^ShowRobotsStats=.*?ShowRobotsStats=0?g" /etc/awstats/awstats.conf
 1214 
	$SED "s?^ShowRobotsStats=.*?ShowRobotsStats=0?g" /etc/awstats/awstats.conf
1214 
	$SED "s?^ShowFileTypesStats=.*?ShowFileTypesStats=0?g" /etc/awstats/awstats.conf
 1215 
	$SED "s?^ShowFileTypesStats=.*?ShowFileTypesStats=0?g" /etc/awstats/awstats.conf
1215 
	$SED "s?^ShowFileSizesStats=.*?ShowFileSizesStats=0?g" /etc/awstats/awstats.conf
 1216 
	$SED "s?^ShowFileSizesStats=.*?ShowFileSizesStats=0?g" /etc/awstats/awstats.conf
1216 
	$SED "s?^ShowOSStats=.*?ShowOSStats=0?g" /etc/awstats/awstats.conf
 1217 
	$SED "s?^ShowOSStats=.*?ShowOSStats=0?g" /etc/awstats/awstats.conf
1217 
	$SED "s?^ShowScreenSizeStats=.*?ShowScreenSizeStats=0?g" /etc/awstats/awstats.conf
 1218 
	$SED "s?^ShowScreenSizeStats=.*?ShowScreenSizeStats=0?g" /etc/awstats/awstats.conf
1218 
 
 1219 
 
1219 
	cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
 1220 
	cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
1220 
<Directory $DIR_ACC/awstats>
 1221 
<Directory $DIR_ACC/awstats>
1221 
	SSLRequireSSL
 1222 
	SSLRequireSSL
1222 
	Options ExecCGI
 1223 
	Options ExecCGI
1223 
	AddHandler cgi-script .pl
 1224 
	AddHandler cgi-script .pl
1224 
	DirectoryIndex awstats.pl
 1225 
	DirectoryIndex awstats.pl
1225 
	Order deny,allow
 1226 
	Order deny,allow
1226 
	Deny from all
 1227 
	Deny from all
1227 
	Allow from 127.0.0.1
 1228 
	Allow from 127.0.0.1
1228 
	Allow from $PRIVATE_NETWORK_MASK
 1229 
	Allow from $PRIVATE_NETWORK_MASK
1229 
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
 1230 
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
1230 
	require valid-user
 1231 
	require valid-user
1231 
	AuthType digest
 1232 
	AuthType digest
1232 
	AuthName $HOSTNAME
 1233 
	AuthName $HOSTNAME
1233 
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
 1234 
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
1234 
	AuthUserFile $DIR_DEST_ETC/digest/key_admin
 1235 
	AuthUserFile $DIR_DEST_ETC/digest/key_admin
1235 
	ErrorDocument 404 https://$HOSTNAME/
 1236 
	ErrorDocument 404 https://$HOSTNAME/
1236 
</Directory>
 1237 
</Directory>
1237 
SetEnv PERL5LIB /usr/share/awstats/lib:/usr/share/awstats/plugins
 1238 
SetEnv PERL5LIB /usr/share/awstats/lib:/usr/share/awstats/plugins
1238 
EOF
 1239 
EOF
1239 
} # End of param_awstats ()
 1240 
} # End of param_awstats ()
1240 
 
 1241 
 
1241 
##########################################################
 1242 
##########################################################
1242 
##		Fonction param_dnsmasq			##
 1243 
##		Fonction param_dnsmasq			##
1243 
##########################################################
 1244 
##########################################################
1244 
param_dnsmasq ()
 1245 
param_dnsmasq ()
1245 
{
 1246 
{
1246 
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
 1247 
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
1247 
	$SED "s?^DHCP_LEASE=.*?DHCP_LEASE=/var/log/dnsmasq/lease.log?g" /etc/sysconfig/dnsmasq # fichier contenant les baux
 1248 
	$SED "s?^DHCP_LEASE=.*?DHCP_LEASE=/var/log/dnsmasq/lease.log?g" /etc/sysconfig/dnsmasq # fichier contenant les baux
1248 
	[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
 1249 
	[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
1249 
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if bypass is on.
 1250 
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if bypass is on.
1250 
	cat << EOF > /etc/dnsmasq.conf
1251 
	cat << EOF > /etc/dnsmasq.conf
1251 
# Configuration file for "dnsmasq in forward mode"
 1252 
# Configuration file for "dnsmasq in forward mode"
1252 
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux
 1253 
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux
1253 
listen-address=$PRIVATE_IP
 1254 
listen-address=$PRIVATE_IP
1254 
listen-address=127.0.0.1
 1255 
listen-address=127.0.0.1
1255 
no-dhcp-interface=$INTIF
 1256 
no-dhcp-interface=$INTIF
1256 
bind-interfaces
 1257 
bind-interfaces
1257 
cache-size=256
 1258 
cache-size=256
1258 
domain=$DOMAIN
 1259 
domain=$DOMAIN
1259 
domain-needed
 1260 
domain-needed
1260 
expand-hosts
 1261 
expand-hosts
1261 
bogus-priv
 1262 
bogus-priv
1262 
filterwin2k
 1263 
filterwin2k
1263 
server=$DNS1
 1264 
server=$DNS1
1264 
server=$DNS2
 1265 
server=$DNS2
1265 
# le servive DHCP est configuré mais n'est exploité que pour le "bypass"
 1266 
# le servive DHCP est configuré mais n'est exploité que pour le "bypass"
1266 
dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
 1267 
dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
1267 
dhcp-option=option:router,$PRIVATE_IP
 1268 
dhcp-option=option:router,$PRIVATE_IP
1268 
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
 1269 
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
1269 
 
 1270 
 
1270 
# Exemple de configuration statique : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
 1271 
# Exemple de configuration statique : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
1271 
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
 1272 
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
1272 
EOF
 1273 
EOF
1273 
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blackhole")
 1274 
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blackhole")
1274 
	cat << EOF > /etc/dnsmasq-blackhole.conf
1275 
	cat << EOF > /etc/dnsmasq-blackhole.conf
1275 
	# Configuration file for "dnsmasq with blackhole"
 1276 
	# Configuration file for "dnsmasq with blackhole"
1276 
# Inclusion de la blacklist <domains> de Toulouse dans la configuration
 1277 
# Inclusion de la blacklist <domains> de Toulouse dans la configuration
1277 
conf-dir=$DIR_DEST_ETC/alcasar-dnsfilter-enabled
 1278 
conf-dir=$DIR_DEST_ETC/alcasar-dnsfilter-enabled
1278 
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux
 1279 
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux
1279 
listen-address=$PRIVATE_IP
 1280 
listen-address=$PRIVATE_IP
1280 
port=54
 1281 
port=54
1281 
no-dhcp-interface=$INTIF
 1282 
no-dhcp-interface=$INTIF
1282 
bind-interfaces
 1283 
bind-interfaces
1283 
cache-size=256
 1284 
cache-size=256
1284 
domain=$DOMAIN
 1285 
domain=$DOMAIN
1285 
domain-needed
 1286 
domain-needed
1286 
expand-hosts
 1287 
expand-hosts
1287 
bogus-priv
 1288 
bogus-priv
1288 
filterwin2k
 1289 
filterwin2k
1289 
server=$DNS1
 1290 
server=$DNS1
1290 
server=$DNS2
 1291 
server=$DNS2
1291 
EOF
 1292 
EOF
1292 
 
 1293 
 
1293 
# Init file modification
 1294 
# Init file modification
1294 
[ -e /etc/init.d/dnsmasq.default ] || cp /etc/init.d/dnsmasq /etc/init.d/dnsmasq.default
 1295 
[ -e /etc/init.d/dnsmasq.default ] || cp /etc/init.d/dnsmasq /etc/init.d/dnsmasq.default
1295 
# Start and stop a 2nd process for the "DNS blackhole"
 1296 
# Start and stop a 2nd process for the "DNS blackhole"
1296 
$SED "/daemon/a \$dnsmasq -C /etc/dnsmasq-blackhole.conf \$OPTIONS" /etc/init.d/dnsmasq
 1297 
$SED "/daemon/a \$dnsmasq -C /etc/dnsmasq-blackhole.conf \$OPTIONS" /etc/init.d/dnsmasq
1297 
$SED "/killproc \$DAEMON_NAME/a killproc \$DAEMON_NAME" /etc/init.d/dnsmasq
 1298 
$SED "/killproc \$DAEMON_NAME/a killproc \$DAEMON_NAME" /etc/init.d/dnsmasq
1298 
# Start after chilli (65) which create tun0
 1299 
# Start after chilli (65) which create tun0
1299 
$SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq
 1300 
$SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq
1300 
# Optionnellement on pré-active les logs DNS des clients
 1301 
# Optionnellement on pré-active les logs DNS des clients
1301 
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
 1302 
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
1302 
$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g"  /etc/sysconfig/dnsmasq
 1303 
$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g"  /etc/sysconfig/dnsmasq
1303 
# Optionnellement, exemple de configuration avec un A.D.
 1304 
# Optionnellement, exemple de configuration avec un A.D.
1304 
echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.2"' >> /etc/sysconfig/dnsmasq
 1305 
echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.2"' >> /etc/sysconfig/dnsmasq
1305 
} # End dnsmasq
 1306 
} # End dnsmasq
1306 
 
 1307 
 
1307 
##########################################################
 1308 
##########################################################
1308 
##		Fonction BL (BlackList)			##
 1309 
##		Fonction BL (BlackList)			##
1309 
##########################################################
 1310 
##########################################################
1310 
BL ()
 1311 
BL ()
1311 
{
 1312 
{
1312 
# on copie par défaut la BL de toulouse embarqués dans l'archive d'ALCASAR
 1313 
# on copie par défaut la BL de toulouse embarqués dans l'archive d'ALCASAR
1313 
	rm -rf $DIR_DG/lists/blacklists
 1314 
	rm -rf $DIR_DG/lists/blacklists
1314 
	tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
 1315 
	tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
1315 
# on crée le répertoire ossi (noms de domaine et URLs ajoutés à la BL)
 1316 
# on crée le répertoire ossi (noms de domaine et URLs ajoutés à la BL)
1316 
	mkdir $DIR_DG/lists/blacklists/ossi
 1317 
	mkdir $DIR_DG/lists/blacklists/ossi
1317 
	touch $DIR_DG/lists/blacklists/ossi/domains
 1318 
	touch $DIR_DG/lists/blacklists/ossi/domains
1318 
	touch $DIR_DG/lists/blacklists/ossi/urls
 1319 
	touch $DIR_DG/lists/blacklists/ossi/urls
1319 
# On crée les fichiers vides de sites ou d'URL réhabilités
 1320 
# On crée les fichiers vides de sites ou d'URL réhabilités
1320 
	[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
 1321 
	[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
1321 
	[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
 1322 
	[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
1322 
	touch $DIR_DG/lists/exceptionsitelist
 1323 
	touch $DIR_DG/lists/exceptionsitelist
1323 
	touch $DIR_DG/lists/exceptionurllist
 1324 
	touch $DIR_DG/lists/exceptionurllist
1324 
# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian
 1325 
# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian
1325 
	cat <<EOF > $DIR_DG/lists/bannedurllist
 1326 
	cat <<EOF > $DIR_DG/lists/bannedurllist
1326 
# Dansguardian filter config for ALCASAR
 1327 
# Dansguardian filter config for ALCASAR
1327 
EOF
 1328 
EOF
1328 
	cat <<EOF > $DIR_DG/lists/bannedsitelist
 1329 
	cat <<EOF > $DIR_DG/lists/bannedsitelist
1329 
# Dansguardian domain filter config for ALCASAR
 1330 
# Dansguardian domain filter config for ALCASAR
1330 
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
 1331 
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
1331 
#**
 1332 
#**
1332 
# block all SSL and CONNECT tunnels
 1333 
# block all SSL and CONNECT tunnels
1333 
**s
 1334 
**s
1334 
# block all SSL and CONNECT tunnels specified only as an IP
 1335 
# block all SSL and CONNECT tunnels specified only as an IP
1335 
*ips
 1336 
*ips
1336 
# block all sites specified only by an IP
 1337 
# block all sites specified only by an IP
1337 
*ip
 1338 
*ip
1338 
EOF
 1339 
EOF
1339 
# Add Bing and Youtube to the safesearch url regext list (parental control)
 1340 
# Add Bing and Youtube to the safesearch url regext list (parental control)
1340 
	cat <<EOF >> $DIR_DG/lists/urlregexplist
 1341 
	cat <<EOF >> $DIR_DG/lists/urlregexplist
1341 
# Bing - add 'adlt=strict'
 1342 
# Bing - add 'adlt=strict'
1342 
#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
 1343 
#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
1343 
# Youtube - add 'edufilter=your_ID'
1344 
# Youtube - add 'edufilter=your_ID'
1344 
#"(^http://[0-9a-z]+\.youtube\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&edufilter=ABCD1234567890abcdef"
 1345 
#"(^http://[0-9a-z]+\.youtube\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&edufilter=ABCD1234567890abcdef"
1345 
EOF
 1346 
EOF
1346 
# change the the google safesearch ("safe=strict" instead of "safe=vss")
 1347 
# change the the google safesearch ("safe=strict" instead of "safe=vss")
1347 
	$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
 1348 
	$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
1348 
	chown -R dansguardian:apache $DIR_DG
 1349 
	chown -R dansguardian:apache $DIR_DG
1349 
	chmod -R g+rw $DIR_DG
 1350 
	chmod -R g+rw $DIR_DG
1350 
# On crée la structure du DNS-blackhole :
 1351 
# On crée la structure du DNS-blackhole :
1351 
  	mkdir $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
 1352 
  	mkdir $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
1352 
	chown -R 770 $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
 1353 
	chown -R 770 $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
1353 
	chown -R root:apache $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
 1354 
	chown -R root:apache $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
1354 
# On adapte la BL de Toulouse à notre structure
 1355 
# On adapte la BL de Toulouse à notre structure
1355 
	if [ "$mode" != "update" ]; then
 1356 
	if [ "$mode" != "update" ]; then
1356 
		$DIR_DEST_SBIN/alcasar-bl.sh --adapt
 1357 
		$DIR_DEST_SBIN/alcasar-bl.sh --adapt
1357 
	fi
 1358 
	fi
1358 
}
 1359 
}
1359 
 
 1360 
 
1360 
##########################################################
 1361 
##########################################################
1361 
##		Fonction cron				##
 1362 
##		Fonction cron				##
1362 
## - Mise en place des différents fichiers de cron	##
 1363 
## - Mise en place des différents fichiers de cron	##
1363 
##########################################################
 1364 
##########################################################
1364 
cron ()
 1365 
cron ()
1365 
{
 1366 
{
1366 
# Modif du fichier 'crontab' pour passer les cron à minuit au lieu de 04h00
 1367 
# Modif du fichier 'crontab' pour passer les cron à minuit au lieu de 04h00
1367 
	[ -e /etc/crontab.default ] || cp /etc/crontab /etc/crontab.default
 1368 
	[ -e /etc/crontab.default ] || cp /etc/crontab /etc/crontab.default
1368 
	cat <<EOF > /etc/crontab
 1369 
	cat <<EOF > /etc/crontab
1369 
SHELL=/bin/bash
 1370 
SHELL=/bin/bash
1370 
PATH=/sbin:/bin:/usr/sbin:/usr/bin
 1371 
PATH=/sbin:/bin:/usr/sbin:/usr/bin
1371 
MAILTO=root
 1372 
MAILTO=root
1372 
HOME=/
 1373 
HOME=/
1373 
 
 1374 
 
1374 
# run-parts
 1375 
# run-parts
1375 
01 * * * * root nice -n 19 run-parts --report /etc/cron.hourly
 1376 
01 * * * * root nice -n 19 run-parts --report /etc/cron.hourly
1376 
02 0 * * * root nice -n 19 run-parts --report /etc/cron.daily
 1377 
02 0 * * * root nice -n 19 run-parts --report /etc/cron.daily
1377 
22 0 * * 0 root nice -n 19 run-parts --report /etc/cron.weekly
 1378 
22 0 * * 0 root nice -n 19 run-parts --report /etc/cron.weekly
1378 
42 0 1 * * root nice -n 19 run-parts --report /etc/cron.monthly
 1379 
42 0 1 * * root nice -n 19 run-parts --report /etc/cron.monthly
1379 
EOF
 1380 
EOF
1380 
	[ -e /etc/anacrontab.default ] || cp /etc/anacrontab /etc/anacrontab.default
 1381 
	[ -e /etc/anacrontab.default ] || cp /etc/anacrontab /etc/anacrontab.default
1381 
	cat <<EOF >> /etc/anacrontab
 1382 
	cat <<EOF >> /etc/anacrontab
1382 
7       8       cron.MysqlDump          nice /etc/cron.d/alcasar-mysql
 1383 
7       8       cron.MysqlDump          nice /etc/cron.d/alcasar-mysql
1383 
7       10      cron.logExport          nice /etc/cron.d/alcasar-export_log
 1384 
7       10      cron.logExport          nice /etc/cron.d/alcasar-export_log
1384 
7       15      cron.logClean           nice /etc/cron.d/alcasar-clean_log
 1385 
7       15      cron.logClean           nice /etc/cron.d/alcasar-clean_log
1385 
7	20	cron.importClean	nice /etc/cron.d/alcasar-clean_import
 1386 
7	20	cron.importClean	nice /etc/cron.d/alcasar-clean_import
1386 
EOF
 1387 
EOF
1387 
	cat <<EOF > /etc/cron.d/alcasar-clean_log
 1388 
	cat <<EOF > /etc/cron.d/alcasar-clean_log
1388 
# suppression des fichiers de logs de plus d'un an (tous les lundi à 4h30)
 1389 
# suppression des fichiers de logs de plus d'un an (tous les lundi à 4h30)
1389 
30 4 * * 1 root $DIR_DEST_BIN/alcasar-log.sh --clean
 1390 
30 4 * * 1 root $DIR_DEST_BIN/alcasar-log.sh --clean
1390 
EOF
 1391 
EOF
1391 
	cat <<EOF > /etc/cron.d/alcasar-mysql
 1392 
	cat <<EOF > /etc/cron.d/alcasar-mysql
1392 
# Contrôle, réparation et export de la base des usagers (tous les lundi à 4h45)
 1393 
# Contrôle, réparation et export de la base des usagers (tous les lundi à 4h45)
1393 
45 4 * * 1 root $DIR_DEST_SBIN/alcasar-mysql.sh --dump
 1394 
45 4 * * 1 root $DIR_DEST_SBIN/alcasar-mysql.sh --dump
1394 
# Nettoyage des utilisateurs dont la date d'expiration du compte est supérieure à 7 jours
 1395 
# Nettoyage des utilisateurs dont la date d'expiration du compte est supérieure à 7 jours
1395 
40 4 * * * root /usr/local/sbin/alcasar-mysql.sh --expire_user 2>&1 >/dev/null
 1396 
40 4 * * * root /usr/local/sbin/alcasar-mysql.sh --expire_user 2>&1 >/dev/null
1396 
EOF
 1397 
EOF
1397 
	cat <<EOF > /etc/cron.d/alcasar-export_log
 1398 
	cat <<EOF > /etc/cron.d/alcasar-export_log
1398 
# export des log squid, firewall et apache (tous les lundi à 5h00)
 1399 
# export des log squid, firewall et apache (tous les lundi à 5h00)
1399 
00 5 * * 1 root $DIR_DEST_BIN/alcasar-log.sh --export
 1400 
00 5 * * 1 root $DIR_DEST_BIN/alcasar-log.sh --export
1400 
EOF
 1401 
EOF
1401 
	cat <<EOF > /etc/cron.d/alcasar-archive
 1402 
	cat <<EOF > /etc/cron.d/alcasar-archive
1402 
# Archive des logs et de la base de données (tous les lundi à 5h35)
 1403 
# Archive des logs et de la base de données (tous les lundi à 5h35)
1403 
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
 1404 
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
1404 
EOF
 1405 
EOF
1405 
	cat << EOF > /etc/cron.d/awstats
 1406 
	cat << EOF > /etc/cron.d/awstats
1406 
# mise à jour des stats de consultation WEB toutes les 30'
 1407 
# mise à jour des stats de consultation WEB toutes les 30'
1407 
*/30 * * * * root $DIR_ACC/awstats/awstats.pl -config=localhost -update >/dev/null 2>&1
 1408 
*/30 * * * * root $DIR_ACC/awstats/awstats.pl -config=localhost -update >/dev/null 2>&1
1408 
EOF
 1409 
EOF
1409 
	cat << EOF > /etc/cron.d/alcasar-clean_import
 1410 
	cat << EOF > /etc/cron.d/alcasar-clean_import
1410 
# suppression des fichiers de mots de passe lors d'imports massifs par fichier de plus de 24h
 1411 
# suppression des fichiers de mots de passe lors d'imports massifs par fichier de plus de 24h
1411 
30 * * * *  root $DIR_DEST_BIN/alcasar-import-clean.sh
 1412 
30 * * * *  root $DIR_DEST_BIN/alcasar-import-clean.sh
1412 
EOF
 1413 
EOF
1413 
	cat << EOF > /etc/cron.d/alcasar-distrib-updates
 1414 
	cat << EOF > /etc/cron.d/alcasar-distrib-updates
1414 
# mise à jour automatique de la distribution tous les jours 3h30
 1415 
# mise à jour automatique de la distribution tous les jours 3h30
1415 
30 3 * * *  root /usr/sbin/urpmi --auto-update --auto 2>&1
 1416 
30 3 * * *  root /usr/sbin/urpmi --auto-update --auto 2>&1
1416 
EOF
 1417 
EOF
1417 
# mise à jour des stats de connexion (accounting). Scripts provenant de "dialupadmin" (rpm freeradius-web) (cf. wiki.freeradius.org/Dialup_admin).
 1418 
# mise à jour des stats de connexion (accounting). Scripts provenant de "dialupadmin" (rpm freeradius-web) (cf. wiki.freeradius.org/Dialup_admin).
1418 
# on écrase le crontab d'origine installé par le RPM "freeradius-web" (bug remonté à qa.mandriva.com : 46739).
 1419 
# on écrase le crontab d'origine installé par le RPM "freeradius-web" (bug remonté à qa.mandriva.com : 46739).
1419 
# 'tot_stats' (tout les jours à 01h01) : aggrégat des connexions journalières par usager (renseigne la table 'totacct')
1420 
# 'tot_stats' (tout les jours à 01h01) : aggrégat des connexions journalières par usager (renseigne la table 'totacct')
1420 
# 'monthly_tot_stat' (tous les jours à 01h05) : aggrégat des connexions mensuelles par usager (renseigne la table 'mtotacct')
 1421 
# 'monthly_tot_stat' (tous les jours à 01h05) : aggrégat des connexions mensuelles par usager (renseigne la table 'mtotacct')
1421 
# 'truncate_raddact' (tous les 1er du mois à 01h10) : supprime les entrées journalisées plus vieilles que '$back_days' jours (défini ci-après)
 1422 
# 'truncate_raddact' (tous les 1er du mois à 01h10) : supprime les entrées journalisées plus vieilles que '$back_days' jours (défini ci-après)
1422 
# 'clean_radacct' (tous les 1er du mois à 01h15) : ferme les session ouvertes de plus de '$back_days' jours (défini ci-après)
 1423 
# 'clean_radacct' (tous les 1er du mois à 01h15) : ferme les session ouvertes de plus de '$back_days' jours (défini ci-après)
1423 
	$SED "s?^\$back_days.*?\$back_days = 365;?g" /usr/bin/truncate_radacct
 1424 
	$SED "s?^\$back_days.*?\$back_days = 365;?g" /usr/bin/truncate_radacct
1424 
	$SED "s?^\$back_days.*?\$back_days = 30;?g" /usr/bin/clean_radacct
 1425 
	$SED "s?^\$back_days.*?\$back_days = 30;?g" /usr/bin/clean_radacct
1425 
	rm -f /etc/cron.daily/freeradius-web
 1426 
	rm -f /etc/cron.daily/freeradius-web
1426 
	rm -f /etc/cron.monthly/freeradius-web
 1427 
	rm -f /etc/cron.monthly/freeradius-web
1427 
	cat << EOF > /etc/cron.d/freeradius-web
 1428 
	cat << EOF > /etc/cron.d/freeradius-web
1428 
1 1 * * * root /usr/bin/tot_stats > /dev/null 2>&1
 1429 
1 1 * * * root /usr/bin/tot_stats > /dev/null 2>&1
1429 
5 1 * * * root /usr/bin/monthly_tot_stats > /dev/null 2>&1
 1430 
5 1 * * * root /usr/bin/monthly_tot_stats > /dev/null 2>&1
1430 
10 1 1 * * root /usr/bin/truncate_radacct > /dev/null 2>&1
 1431 
10 1 1 * * root /usr/bin/truncate_radacct > /dev/null 2>&1
1431 
15 1 1 * * root /usr/bin/clean_radacct > /dev/null 2>&1
 1432 
15 1 1 * * root /usr/bin/clean_radacct > /dev/null 2>&1
1432 
EOF
 1433 
EOF
1433 
	cat << EOF > /etc/cron.d/alcasar-watchdog
 1434 
	cat << EOF > /etc/cron.d/alcasar-watchdog
1434 
# activation du "chien de garde" (watchdog) toutes les 3'
 1435 
# activation du "chien de garde" (watchdog) toutes les 3'
1435 
*/3 * * * * root $DIR_DEST_BIN/alcasar-watchdog.sh > /dev/null 2>&1
 1436 
*/3 * * * * root $DIR_DEST_BIN/alcasar-watchdog.sh > /dev/null 2>&1
1436 
EOF
 1437 
EOF
1437 
# activation du "chien de garde des services" (watchdog) toutes les 18'
 1438 
# activation du "chien de garde des services" (watchdog) toutes les 18'
1438 
	cat << EOF > /etc/cron.d/alcasar-daemon-watchdog
 1439 
	cat << EOF > /etc/cron.d/alcasar-daemon-watchdog
1439 
# activation du "chien de garde" (daemon-watchdog) toutes les 18'
 1440 
# activation du "chien de garde" (daemon-watchdog) toutes les 18'
1440 
*/18 * * * * root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
 1441 
*/18 * * * * root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
1441 
EOF
 1442 
EOF
1442 
# suppression des crons usagers
 1443 
# suppression des crons usagers
1443 
	rm -f /var/spool/cron/*
 1444 
	rm -f /var/spool/cron/*
1444 
} # End cron
 1445 
} # End cron
1445 
 
 1446 
 
1446 
##################################################################
 1447 
##################################################################
1447 
##			Fonction post_install			##
 1448 
##			Fonction post_install			##
1448 
## - Modification des bannières (locales et ssh) et des prompts ##
 1449 
## - Modification des bannières (locales et ssh) et des prompts ##
1449 
## - Installation de la structure de chiffrement pour root	##
 1450 
## - Installation de la structure de chiffrement pour root	##
1450 
## - Mise en place du sudoers et de la sécurité sur les fichiers##
 1451 
## - Mise en place du sudoers et de la sécurité sur les fichiers##
1451 
## - Mise en place du la rotation des logs			##
 1452 
## - Mise en place du la rotation des logs			##
1452 
## - Configuration dans le cas d'une mise à jour		##
 1453 
## - Configuration dans le cas d'une mise à jour		##
1453 
##################################################################
 1454 
##################################################################
1454 
post_install()
 1455 
post_install()
1455 
{
 1456 
{
1456 
# adaptation du script "chien de garde" (watchdog)
 1457 
# adaptation du script "chien de garde" (watchdog)
1457 
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
 1458 
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
1458 
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
 1459 
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
1459 
# création de la bannière locale
 1460 
# création de la bannière locale
1460 
	[ -e /etc/mandriva-release.default ]  || cp /etc/mandriva-release /etc/mandriva-release.default
 1461 
	[ -e /etc/mandriva-release.default ]  || cp /etc/mandriva-release /etc/mandriva-release.default
1461 
	cp -f $DIR_CONF/banner /etc/mandriva-release
 1462 
	cp -f $DIR_CONF/banner /etc/mandriva-release
1462 
	echo " V$VERSION" >> /etc/mandriva-release
 1463 
	echo " V$VERSION" >> /etc/mandriva-release
1463 
# création de la bannière SSH
 1464 
# création de la bannière SSH
1464 
	cp /etc/mandriva-release /etc/ssh/alcasar-banner-ssh
 1465 
	cp /etc/mandriva-release /etc/ssh/alcasar-banner-ssh
1465 
	chmod 644 /etc/ssh/alcasar-banner-ssh ; chown root:root /etc/ssh/alcasar-banner-ssh
 1466 
	chmod 644 /etc/ssh/alcasar-banner-ssh ; chown root:root /etc/ssh/alcasar-banner-ssh
1466 
	[ -e /etc/ssh/sshd_config.default ] || cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default
 1467 
	[ -e /etc/ssh/sshd_config.default ] || cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default
1467 
	$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
 1468 
	$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1468 
	$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
 1469 
	$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
1469 
# postfix banner anonymisation
 1470 
# postfix banner anonymisation
1470 
	$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
 1471 
	$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
1471 
# sshd écoute côté LAN et WAN
 1472 
# sshd écoute côté LAN et WAN
1472 
	$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
 1473 
	$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
1473 
	$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
1474 
	$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
1474 
	# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)
 1475 
	# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)
1475 
	/sbin/chkconfig --del sshd
 1476 
	/sbin/chkconfig --del sshd
1476 
	echo "SSH=off" >> $CONF_FILE
 1477 
	echo "SSH=off" >> $CONF_FILE
1477 
	echo 'Admin_from_IP="0.0.0.0/0.0.0.0"' >> $CONF_FILE
 1478 
	echo 'Admin_from_IP="0.0.0.0/0.0.0.0"' >> $CONF_FILE
1478 
	echo "QOS=off" >> $CONF_FILE
 1479 
	echo "QOS=off" >> $CONF_FILE
1479 
	echo "LDAP=off" >> $CONF_FILE
 1480 
	echo "LDAP=off" >> $CONF_FILE
1480 
	echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
 1481 
	echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
1481 
	echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
 1482 
	echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
1482 
	echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
 1483 
	echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
1483 
	echo "DNS_FILTERING=off" >> $CONF_FILE
 1484 
	echo "DNS_FILTERING=off" >> $CONF_FILE
1484 
	echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE
 1485 
	echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE
1485 
# Coloration des prompts
 1486 
# Coloration des prompts
1486 
	[ -e /etc/bashrc.default ]  || cp /etc/bashrc /etc/bashrc.default
 1487 
	[ -e /etc/bashrc.default ]  || cp /etc/bashrc /etc/bashrc.default
1487 
	cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
 1488 
	cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
1488 
	$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc
 1489 
	$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc
1489 
# Droits d'exécution pour utilisateur apache et sysadmin
 1490 
# Droits d'exécution pour utilisateur apache et sysadmin
1490 
	[ -e /etc/sudoers.default ]  || cp /etc/sudoers /etc/sudoers.default
 1491 
	[ -e /etc/sudoers.default ]  || cp /etc/sudoers /etc/sudoers.default
1491 
	cp -f $DIR_CONF/sudoers /etc/. ; chmod 440 /etc/sudoers ; chown root:root /etc/sudoers
 1492 
	cp -f $DIR_CONF/sudoers /etc/. ; chmod 440 /etc/sudoers ; chown root:root /etc/sudoers
1492 
	$SED "s?^Host_Alias.*?Host_Alias	LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost		#réseau de l'organisme?g" /etc/sudoers
 1493 
	$SED "s?^Host_Alias.*?Host_Alias	LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost		#réseau de l'organisme?g" /etc/sudoers
1493 
# prise en compte de la rotation des logs sur 1 an (concerne mysql, httpd, dansguardian, squid, radiusd, ulogd)
 1494 
# prise en compte de la rotation des logs sur 1 an (concerne mysql, httpd, dansguardian, squid, radiusd, ulogd)
1494 
	cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
 1495 
	cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
1495 
	chmod 644 /etc/logrotate.d/*
 1496 
	chmod 644 /etc/logrotate.d/*
1496 
# rectification sur versions précédentes de la compression des logs
 1497 
# rectification sur versions précédentes de la compression des logs
1497 
	$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
 1498 
	$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
1498 
# actualisation des fichiers logs compressés
 1499 
# actualisation des fichiers logs compressés
1499 
	for dir in firewall squid dansguardian httpd
 1500 
	for dir in firewall squid dansguardian httpd
1500 
	do
 1501 
	do
1501 
	      find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
 1502 
	      find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
1502 
	done
 1503 
	done
1503 
# export des logs en 'retard' dans /var/Save/logs
 1504 
# export des logs en 'retard' dans /var/Save/logs
1504 
	/usr/local/bin/alcasar-log.sh --export
 1505 
	/usr/local/bin/alcasar-log.sh --export
1505 
# processus lancés par défaut au démarrage
 1506 
# processus lancés par défaut au démarrage
1506 
	for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam
 1507 
	for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam
1507 
	do
 1508 
	do
1508 
		/sbin/chkconfig --add $i
 1509 
		/sbin/chkconfig --add $i
1509 
	done
 1510 
	done
- 
 
 1511 
 
1510 
# On rajoute une tempo pour relancer radius après le redémarrage de mysqld (bug en cours d'analyse)
 1512 
	# On rajoute une tempo pour relancer radius après le redémarrage de mysqld (bug en cours d'analyse)
1511 
	cat << EOF > /etc/rc.local
 1513 
#	cat << EOF > /etc/rc.local
1512 
#!/bin/sh
 1514 
#!/bin/sh
1513 
#
 1515 
#
1514 
### BEGIN INIT INFO
 1516 
### BEGIN INIT INFO
1515 
# Provides: rc.local
 1517 
# Provides: rc.local
1516 
# X-Mandriva-Compat-Mode
 1518 
# X-Mandriva-Compat-Mode
1517 
# Default-Start: 2 3 4 5
 1519 
# Default-Start: 2 3 4 5
1518 
# Short-Description: Local initialization script
 1520 
# Short-Description: Local initialization script
1519 
# Description: This script will be executed *after* all the other init scripts.
 1521 
# Description: This script will be executed *after* all the other init scripts.
1520 
#              You can put your own initialization stuff in here if you don't
 1522 
#              You can put your own initialization stuff in here if you don't
1521 
#              want to do the full Sys V style init stuff.
 1523 
#              want to do the full Sys V style init stuff.
1522 
### END INIT INFO
 1524 
### END INIT INFO
- 
 
 1525 
#
- 
 
 1526 
#/etc/init.d/mysqld restart
- 
 
 1527 
#sleep 1
- 
 
 1528 
#/etc/init.d/radiusd restart
- 
 
 1529 
#
- 
 
 1530 
#touch /var/lock/subsys/local
- 
 
 1531 
#EOF
1523 
 
 1532 
 
1524 
/etc/init.d/mysqld restart
 - 
 
1525 
sleep 1
 - 
 
1526 
/etc/init.d/radiusd restart
 - 
 
1527 
 
 - 
 
1528 
touch /var/lock/subsys/local
 - 
 
1529 
EOF
 - 
 
1530 
# pour éviter les alertes de dépendance entre service.
 - 
 
1531 
	$SED "s?^# Required-Start.*?# Required-Start: \$local_fs \$network?g" /etc/init.d/mysqld
 - 
 
1532 
	$SED "s?^# Required-Stop.*?# Required-Stop: \$local_fs \$network?g" /etc/init.d/mysqld
 - 
 
1533 
	$SED "s?^# Should-Start.*?# Should-Start: radiusd ldap?g" /etc/init.d/httpd
 - 
 
1534 
	$SED "s?^# Should-Stop.*?# Should-Stop: radiusd ldap?g" /etc/init.d/httpd
 - 
 
1535 
# On affecte le niveau de sécurité du système : type "fileserver"
 - 
 
1536 
	$SED "s?BASE_LEVEL=.*?BASE_LEVEL=fileserver?g" /etc/security/msec/security.conf
 - 
 
1537 
# On supprime la vérification du mode promiscious des interfaces réseaux ( nombreuses alertes sur eth1 dûes à Tun0 )
 - 
 
1538 
	$SED "s?CHECK_PROMISC=.*?CHECK_PROMISC=no?g" /etc/security/msec/level.fileserver
 - 
 
1539 
# On applique les préconisations ANSSI (sysctl + msec quand c'est possible)
 1533 
# On applique les préconisations ANSSI
1540 
# Apply French Security Agency rules (sysctl + msec when possible)
 1534 
# Apply French Security Agency rules
1541 
# ignorer les broadcast ICMP. (attaque smurf)
1535 
# ignorer les broadcast ICMP. (attaque smurf)
1542 
$SED "s?^ACCEPT_BROADCASTED_ICMP_ECHO=.*?ACCEPT_BROADCASTED_ICMP_ECHO=no?g" /etc/security/msec/level.fileserver
 - 
 
1543 
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
 1536 
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
1544 
# ignorer les erreurs ICMP bogus
 1537 
# ignorer les erreurs ICMP bogus
1545 
$SED "s?^ACCEPT_BOGUS_ERROR_RESPONSES=.*?ACCEPT_BOGUS_ERROR_RESPONSES=no?g" /etc/security/msec/level.fileserver
 - 
 
1546 
sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
 1538 
sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
1547 
# désactiver l'envoi et la réponse aux ICMP redirects
 1539 
# désactiver l'envoi et la réponse aux ICMP redirects
1548 
sysctl -w net.ipv4.conf.all.accept_redirects=0
 1540 
sysctl -w net.ipv4.conf.all.accept_redirects=0
1549 
accept_redirect=`grep accept_redirect /etc/sysctl.conf|wc -l`
 1541 
accept_redirect=`grep accept_redirect /etc/sysctl.conf|wc -l`
1550 
	if [ "$accept_redirect" == "0" ]
 1542 
	if [ "$accept_redirect" == "0" ]
1551 
	then
 1543 
	then
1552 
		echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
 1544 
		echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
1553 
	else
 1545 
	else
1554 
		$SED "s?accept_redirects.*?accept_redirects = 0?g" /etc/sysctl.conf
 1546 
		$SED "s?accept_redirects.*?accept_redirects = 0?g" /etc/sysctl.conf
1555 
	fi
 1547 
	fi
1556 
sysctl -w net.ipv4.conf.all.send_redirects=0
 1548 
sysctl -w net.ipv4.conf.all.send_redirects=0
1557 
send_redirect=`grep send_redirect /etc/sysctl.conf|wc -l`
 1549 
send_redirect=`grep send_redirect /etc/sysctl.conf|wc -l`
1558 
	if [ "$send_redirect" == "0" ]
 1550 
	if [ "$send_redirect" == "0" ]
1559 
	then
 1551 
	then
1560 
		echo "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.conf
 1552 
		echo "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.conf
1561 
	else
 1553 
	else
1562 
		$SED "s?send_redirects.*?send_redirects = 0?g" /etc/sysctl.conf
 1554 
		$SED "s?send_redirects.*?send_redirects = 0?g" /etc/sysctl.conf
1563 
	fi
 1555 
	fi
1564 
# activer les SYN Cookies (attaque syn flood)
 1556 
# activer les SYN Cookies (attaque syn flood)
1565 
sysctl -w net.ipv4.tcp_syncookies=1
 1557 
sysctl -w net.ipv4.tcp_syncookies=1
1566 
tcp_syncookies=`grep tcp_syncookies /etc/sysctl.conf|wc -l`
 1558 
tcp_syncookies=`grep tcp_syncookies /etc/sysctl.conf|wc -l`
1567 
	if [ "$tcp_syncookies" == "0" ]
 1559 
	if [ "$tcp_syncookies" == "0" ]
1568 
	then
 1560 
	then
1569 
		echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
 1561 
		echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
1570 
	else
 1562 
	else
1571 
		$SED "s?tcp_syncookies.*?tcp_syncookies = 1?g" /etc/sysctl.conf
 1563 
		$SED "s?tcp_syncookies.*?tcp_syncookies = 1?g" /etc/sysctl.conf
1572 
	fi
 1564 
	fi
1573 
# activer l'antispoofing niveau Noyau
 1565 
# activer l'antispoofing niveau Noyau
1574 
$SED "s?^ENABLE_IP_SPOOFING_PROTECTION.*?ENABLE_IP_SPOOFING_PROTECTION=yes?g" /etc/security/msec/level.fileserver
 - 
 
1575 
sysctl -w net.ipv4.conf.all.rp_filter=1
 1566 
sysctl -w net.ipv4.conf.all.rp_filter=1
1576 
# ignorer le source routing
 1567 
# ignorer le source routing
1577 
sysctl -w net.ipv4.conf.all.accept_source_route=0
 1568 
sysctl -w net.ipv4.conf.all.accept_source_route=0
1578 
accept_source_route=`grep accept_source_route /etc/sysctl.conf|wc -l`
 1569 
accept_source_route=`grep accept_source_route /etc/sysctl.conf|wc -l`
1579 
	if [ "$accept_source_route" == "0" ]
 1570 
	if [ "$accept_source_route" == "0" ]
1580 
	then
 1571 
	then
1581 
		echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
 1572 
		echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
1582 
	else
 1573 
	else
1583 
		$SED "s?accept_source_route.*?accept_source_route = 0?g" /etc/sysctl.conf
 1574 
		$SED "s?accept_source_route.*?accept_source_route = 0?g" /etc/sysctl.conf
1584 
	fi
 1575 
	fi
1585 
# réglage du timer de maintien de suivi de session à 1h (3600s) au lieu de 5 semaines
 1576 
# réglage du timer de maintien de suivi de session à 1h (3600s) au lieu de 5 semaines
1586 
sysctl -w net.netfilter.nf_conntrack_tcp_timeout_established=3600
 1577 
sysctl -w net.netfilter.nf_conntrack_tcp_timeout_established=3600
1587 
timeout_established=`grep timeout_established /etc/sysctl.conf|wc -l`
 1578 
timeout_established=`grep timeout_established /etc/sysctl.conf|wc -l`
1588 
	if [ "$timeout_established" == "0" ]
 1579 
	if [ "$timeout_established" == "0" ]
1589 
	then
 1580 
	then
1590 
		echo "net.netfilter.nf_conntrack_tcp_timeout_established = 3600" >> /etc/sysctl.conf
 1581 
		echo "net.netfilter.nf_conntrack_tcp_timeout_established = 3600" >> /etc/sysctl.conf
1591 
	else
 1582 
	else
1592 
		$SED "s?timeout_established.*?timeout_established = 3600?g" /etc/sysctl.conf
 1583 
		$SED "s?timeout_established.*?timeout_established = 3600?g" /etc/sysctl.conf
1593 
	fi
 1584 
	fi
1594 
# suppression des log_martians (ALCASAR est souvent entre deux réseaux en adressage privée)
1585 
# suppression des log_martians (ALCASAR est souvent entre deux réseaux en adressage privée)
1595 
sysctl -w net.ipv4.conf.all.log_martians=0
 1586 
sysctl -w net.ipv4.conf.all.log_martians=0
1596 
$SED "s?^ENABLE_LOG_STRANGE_PACKETS=.*?ENABLE_LOG_STRANGE_PACKETS=no?g" /etc/security/msec/level.fileserver
 - 
 
1597 
 
 - 
 
1598 
 
 - 
 
1599 
# On supprime la gestion du <CTRL>+<ALT>+<SUPPR> et des Magic SysReq Keys
 1587 
# On supprime la gestion du <CTRL>+<ALT>+<SUPPR> et des Magic SysReq Keys
1600 
	$SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver
 1588 
# ???	$SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver
1601 
# On mets en place la sécurité sur les fichiers
 - 
 
1602 
# des modif par rapport à radius update
 - 
 
1603 
	cat <<EOF > /etc/security/msec/perm.local
 - 
 
1604 
/var/log/firewall/			root.apache	750
 - 
 
1605 
/var/log/firewall/*			root.apache	640
 - 
 
1606 
/etc/security/msec/perm.local		root.root	640
 - 
 
1607 
/etc/security/msec/level.local		root.root	640
 - 
 
1608 
/etc/freeradius-web			root.apache	750
 - 
 
1609 
/etc/freeradius-web/admin.conf		root.apache	640
 - 
 
1610 
/etc/freeradius-web/config.php		root.apache	640
 - 
 
1611 
/etc/raddb/dictionnary			root.radius	640
 - 
 
1612 
/etc/raddb/ldap.attrmap			root.radius	640
 - 
 
1613 
/etc/raddb/hints			root.radius	640
 - 
 
1614 
/etc/raddb/huntgroups			root.radius	640
 - 
 
1615 
/etc/raddb/attrs.access_reject		root.radius	640
 - 
 
1616 
/etc/raddb/attrs.accounting_response	root.radius	640
 - 
 
1617 
/etc/raddb/acct_users			root.radius	640
 - 
 
1618 
/etc/raddb/preproxy_users		root.radius	640
 - 
 
1619 
/etc/raddb/modules/ldap			radius.apache	660
 - 
 
1620 
/etc/raddb/sites-available/alcasar	radius.apache	660
 - 
 
1621 
/etc/pki/*				root.apache	750
 - 
 
1622 
EOF
 - 
 
1623 
	/usr/sbin/msec
 - 
 
1624 
# modification /etc/inittab
 1589 
# modification /etc/inittab
1625 
	[ -e /etc/inittab.default ] || cp /etc/inittab /etc/inittab.default
 1590 
	[ -e /etc/inittab.default ] || cp /etc/inittab /etc/inittab.default
1626 
# We keep only 3 TTYs
 1591 
# We keep only 3 TTYs
1627 
	$SED "s?^4.*?#&?g" /etc/inittab
 1592 
	$SED "s?^4.*?#&?g" /etc/inittab
1628 
	$SED "s?^5.*?#&?g" /etc/inittab
 1593 
	$SED "s?^5.*?#&?g" /etc/inittab
1629 
	$SED "s?^6.*?#&?g" /etc/inittab
 1594 
	$SED "s?^6.*?#&?g" /etc/inittab
1630 
# switch to multi-users runlevel (instead of x11)
 1595 
# switch to multi-users runlevel (instead of x11)
1631 
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
 1596 
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
1632 
$SED "s?^id.*?id:3:initdefault:?g" /etc/inittab
 1597 
$SED "s?^id.*?id:3:initdefault:?g" /etc/inittab
- 
 
 1598 
#	GRUB modifications
- 
 
 1599 
# limit wait time to 3s
1633 
# On limite le temps d'attente de grub (3s) et on change la résolution d'écran
 1600 
# create an alcasar entry instead of linux-nonfb
- 
 
 1601 
# change display to 1024*768 (vga791)
1634 
$SED "s?^timeout.*?timeout 3?g" /boot/grub/menu.lst
 1602 
$SED "s?^timeout.*?timeout 3?g" /boot/grub/menu.lst
- 
 
 1603 
$SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst
1635 
$SED "s?^kernel.*?& vga=791?g" /boot/grub/menu.lst
 1604 
$SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst
1636 
$SED "s? vga=791??2g" /boot/grub/menu.lst
 1605 
$SED "/^kernel/s/vga=.*/vga=791/" /boot/grub/menu.lst
- 
 
 1606 
 
1637 
# Remove unused services and users
 1607 
# Remove unused services and users
1638 
for svc in alsa sound dm atd bootlogd stop-bootlogd
 1608 
for svc in alsa sound dm
1639 
do
 1609 
do
1640 
	/sbin/chkconfig --del $svc
 1610 
	/sbin/chkconfig --del $svc
1641 
done
 1611 
done
1642 
for rm_users in avahi-autoipd avahi icapd
 1612 
for rm_users in avahi-autoipd avahi icapd
1643 
do
 1613 
do
1644 
	user=`cat /etc/passwd|grep $rm_users|cut -d":" -f1`
 1614 
	user=`cat /etc/passwd|grep $rm_users|cut -d":" -f1`
1645 
	if [ "$user" == "$rm_users" ]
 1615 
	if [ "$user" == "$rm_users" ]
1646 
	then
 1616 
	then
1647 
		/usr/sbin/userdel -f $rm_users
 1617 
		/usr/sbin/userdel -f $rm_users
1648 
	fi
 1618 
	fi
1649 
done
 1619 
done
1650 
# Load and update the previous conf file
 1620 
# Load and update the previous conf file
1651 
if [ "$mode" = "update" ]
 1621 
if [ "$mode" = "update" ]
1652 
then
 1622 
then
1653 
	$DIR_DEST_BIN/alcasar-conf.sh --load
 1623 
	$DIR_DEST_BIN/alcasar-conf.sh --load
1654 
	$SED "s?^INSTALL_DATE=.*?INSTALL_DATE=$DATE?g" $CONF_FILE
 1624 
	$SED "s?^INSTALL_DATE=.*?INSTALL_DATE=$DATE?g" $CONF_FILE
1655 
	$SED "s?^VERSION=.*?VERSION=$VERSION?g" $CONF_FILE
 1625 
	$SED "s?^VERSION=.*?VERSION=$VERSION?g" $CONF_FILE
1656 
fi
 1626 
fi
1657 
rm -f /tmp/alcasar-conf*
 1627 
rm -f /tmp/alcasar-conf*
1658 
chown -R root:apache $DIR_DEST_ETC/*
 1628 
chown -R root:apache $DIR_DEST_ETC/*
1659 
chmod -R 660 $DIR_DEST_ETC/*
 1629 
chmod -R 660 $DIR_DEST_ETC/*
1660 
chmod ug+x $DIR_DEST_ETC/digest $DIR_DEST_ETC/alcasar-dnsfilter*
 1630 
chmod ug+x $DIR_DEST_ETC/digest $DIR_DEST_ETC/alcasar-dnsfilter*
1661 
	cd $DIR_INSTALL
 1631 
	cd $DIR_INSTALL
1662 
	echo ""
 1632 
	echo ""
1663 
	echo "#############################################################################"
 1633 
	echo "#############################################################################"
1664 
	if [ $Lang == "fr" ]
 1634 
	if [ $Lang == "fr" ]
1665 
		then
 1635 
		then
1666 
		echo "#                        Fin d'installation d'ALCASAR                       #"
 1636 
		echo "#                        Fin d'installation d'ALCASAR                       #"
1667 
		echo "#                                                                           #"
 1637 
		echo "#                                                                           #"
1668 
		echo "#         Application Libre pour le Contrôle Authentifié et Sécurisé        #"
 1638 
		echo "#         Application Libre pour le Contrôle Authentifié et Sécurisé        #"
1669 
		echo "#                     des Accès au Réseau ( ALCASAR )                       #"
 1639 
		echo "#                     des Accès au Réseau ( ALCASAR )                       #"
1670 
		echo "#                                                                           #"
 1640 
		echo "#                                                                           #"
1671 
		echo "#############################################################################"
 1641 
		echo "#############################################################################"
1672 
		echo
 1642 
		echo
1673 
		echo "- ALCASAR sera fonctionnel après redémarrage du système"
 1643 
		echo "- ALCASAR sera fonctionnel après redémarrage du système"
1674 
		echo
 1644 
		echo
1675 
		echo "- Lisez attentivement la documentation d'exploitation"
 1645 
		echo "- Lisez attentivement la documentation d'exploitation"
1676 
		echo
 1646 
		echo
1677 
		echo "- Le centre de controle d'ALCASAR (ACC) est à l'adresse http://alcasar"
 1647 
		echo "- Le centre de controle d'ALCASAR (ACC) est à l'adresse http://alcasar"
1678 
		echo
 1648 
		echo
1679 
		echo "                   Appuyez sur 'Entrée' pour continuer"
 1649 
		echo "                   Appuyez sur 'Entrée' pour continuer"
1680 
	else
1650 
	else
1681 
		echo "#                        Enf of ALCASAR install process                     #"
 1651 
		echo "#                        Enf of ALCASAR install process                     #"
1682 
		echo "#                                                                           #"
 1652 
		echo "#                                                                           #"
1683 
		echo "#         Application Libre pour le Contrôle Authentifié et Sécurisé        #"
 1653 
		echo "#         Application Libre pour le Contrôle Authentifié et Sécurisé        #"
1684 
		echo "#                     des Accès au Réseau ( ALCASAR )                       #"
 1654 
		echo "#                     des Accès au Réseau ( ALCASAR )                       #"
1685 
		echo "#                                                                           #"
 1655 
		echo "#                                                                           #"
1686 
		echo "#############################################################################"
 1656 
		echo "#############################################################################"
1687 
		echo
 1657 
		echo
1688 
		echo "- The system will be rebooted in order to operate ALCASAR"
 1658 
		echo "- The system will be rebooted in order to operate ALCASAR"
1689 
		echo
 1659 
		echo
1690 
		echo "- Read the exploitation documentation"
 1660 
		echo "- Read the exploitation documentation"
1691 
		echo
 1661 
		echo
1692 
		echo "- The ALCASAR Control Center (ACC) is at http://alcasar"
 1662 
		echo "- The ALCASAR Control Center (ACC) is at http://alcasar"
1693 
		echo
 1663 
		echo
1694 
		echo "                   Hit 'Enter' to continue"
 1664 
		echo "                   Hit 'Enter' to continue"
1695 
	fi
 1665 
	fi
1696 
	sleep 2
 1666 
	sleep 2
1697 
	if [ "$mode" != "update" ]
 1667 
	if [ "$mode" != "update" ]
1698 
	then
 1668 
	then
1699 
		read a
 1669 
		read a
1700 
	fi
 1670 
	fi
1701 
	clear
 1671 
	clear
1702 
# Apply and save the firewall rules
 1672 
# Apply and save the firewall rules
1703 
 	sh $DIR_DEST_BIN/alcasar-iptables.sh
 1673 
 	sh $DIR_DEST_BIN/alcasar-iptables.sh
1704 
	sleep 2
 1674 
	sleep 2
1705 
	reboot
 1675 
	reboot
1706 
} # End post_install ()
 1676 
} # End post_install ()
1707 
 
 1677 
 
1708 
#################################
 1678 
#################################
1709 
#  Boucle principale du script  #
 1679 
#  	Main Install loop  	#
1710 
#################################
 1680 
#################################
1711 
dir_exec=`dirname "$0"`
 1681 
dir_exec=`dirname "$0"`
1712 
if [ $dir_exec != "." ]
 1682 
if [ $dir_exec != "." ]
1713 
then
 1683 
then
1714 
	echo "Lancez ce programme depuis le répertoire de l'archive d'ALCASAR"
 1684 
	echo "Lancez ce programme depuis le répertoire de l'archive d'ALCASAR"
1715 
	echo "Launch this program from the ALCASAR archive directory"
 1685 
	echo "Launch this program from the ALCASAR archive directory"
1716 
	exit 0
 1686 
	exit 0
1717 
fi
 1687 
fi
1718 
VERSION=`cat $DIR_INSTALL/VERSION`
 1688 
VERSION=`cat $DIR_INSTALL/VERSION`
1719 
usage="Usage: alcasar.sh {-i or --install} | {-u or --uninstall}"
 1689 
usage="Usage: alcasar.sh {-i or --install} | {-u or --uninstall}"
1720 
nb_args=$#
 1690 
nb_args=$#
1721 
args=$1
 1691 
args=$1
1722 
if [ $nb_args -eq 0 ]
 1692 
if [ $nb_args -eq 0 ]
1723 
then
 1693 
then
1724 
	nb_args=1
 1694 
	nb_args=1
1725 
	args="-h"
 1695 
	args="-h"
1726 
fi
 1696 
fi
1727 
case $args in
 1697 
case $args in
1728 
	-\? | -h* | --h*)
 1698 
	-\? | -h* | --h*)
1729 
		echo "$usage"
 1699 
		echo "$usage"
1730 
		exit 0
 1700 
		exit 0
1731 
		;;
 1701 
		;;
1732 
	-i | --install)
 1702 
	-i | --install)
1733 
		license
 1703 
		license
1734 
		header_install
 1704 
		header_install
1735 
		testing
 1705 
		testing
1736 
# Test if ALCASAR is already installed
 1706 
# Test if ALCASAR is already installed
1737 
		if [ -e $DIR_WEB/VERSION ]
 1707 
		if [ -e $DIR_WEB/VERSION ]
1738 
		then
 1708 
		then
1739 
			actual_version=`cat $DIR_WEB/VERSION`
 1709 
			actual_version=`cat $DIR_WEB/VERSION`
1740 
			if [ $Lang == "fr" ]
 1710 
			if [ $Lang == "fr" ]
1741 
				then echo -n "La version "; echo -n $actual_version ; echo " d'ALCASAR est déjà installée";
 1711 
				then echo -n "La version "; echo -n $actual_version ; echo " d'ALCASAR est déjà installée";
1742 
				else echo -n "ALCASAR Version "; echo -n $actual_version ; echo " is already installed";
 1712 
				else echo -n "ALCASAR Version "; echo -n $actual_version ; echo " is already installed";
1743 
			fi
 1713 
			fi
1744 
			response=0
 1714 
			response=0
1745 
			PTN='^[oOnNyY]$'
 1715 
			PTN='^[oOnNyY]$'
1746 
			until [[ $(expr $response : $PTN) -gt 0 ]]
 1716 
			until [[ $(expr $response : $PTN) -gt 0 ]]
1747 
			do
 1717 
			do
1748 
				if [ $Lang == "fr" ]
 1718 
				if [ $Lang == "fr" ]
1749 
					then echo -n "Voulez-vous effectuer une mise à jour (O/n)? ";
 1719 
					then echo -n "Voulez-vous effectuer une mise à jour (O/n)? ";
1750 
					else echo -n "Do you want to update (Y/n)?";
 1720 
					else echo -n "Do you want to update (Y/n)?";
1751 
				 fi
 1721 
				 fi
1752 
				read response
 1722 
				read response
1753 
			done
 1723 
			done
1754 
			if [ "$response" = "n" ] || [ "$response" = "N" ]
1724 
			if [ "$response" = "n" ] || [ "$response" = "N" ]
1755 
			then
 1725 
			then
1756 
				rm -f /tmp/alcasar-conf*
 1726 
				rm -f /tmp/alcasar-conf*
1757 
			else
 1727 
			else
1758 
				RUNNING_VERSION=`cat $DIR_WEB/VERSION|cut -d" " -f1`
 1728 
				RUNNING_VERSION=`cat $DIR_WEB/VERSION|cut -d" " -f1`
1759 
				MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1`
 1729 
				MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1`
1760 
				MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1`
 1730 
				MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1`
1761 
				UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3`
 1731 
				UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3`
1762 
# Create a backup of running version importants files
 1732 
# Create a backup of running version importants files
1763 
				chmod u+x $DIR_SCRIPTS/alcasar-conf.sh
 1733 
				chmod u+x $DIR_SCRIPTS/alcasar-conf.sh
1764 
				$DIR_SCRIPTS/alcasar-conf.sh --create
 1734 
				$DIR_SCRIPTS/alcasar-conf.sh --create
1765 
				mode="update"
 1735 
				mode="update"
1766 
			fi
 1736 
			fi
1767 
		fi
 1737 
		fi
1768 
# RPMs install
 1738 
# RPMs install
1769 
		$DIR_SCRIPTS/alcasar-urpmi.sh
 1739 
		$DIR_SCRIPTS/alcasar-urpmi.sh
1770 
		if [ "$?" != "0" ]
 1740 
		if [ "$?" != "0" ]
1771 
		then
 1741 
		then
1772 
			exit 0
 1742 
			exit 0
1773 
		fi
 1743 
		fi
1774 
		if [ -e $DIR_WEB/VERSION ]
 1744 
		if [ -e $DIR_WEB/VERSION ]
1775 
		then
 1745 
		then
1776 
# Uninstall the running version
 1746 
# Uninstall the running version
1777 
			$DIR_SCRIPTS/sbin/alcasar-uninstall.sh
 1747 
			$DIR_SCRIPTS/sbin/alcasar-uninstall.sh
1778 
		fi
 1748 
		fi
1779 
# Test if manual update
1749 
# Test if manual update
1780 
		if [ -e /tmp/alcasar-conf.tar.gz ] && [ "$mode" != "update" ]
 1750 
		if [ -e /tmp/alcasar-conf.tar.gz ] && [ "$mode" != "update" ]
1781 
		then
 1751 
		then
1782 
			header_install
 1752 
			header_install
1783 
			if [ $Lang == "fr" ]
 1753 
			if [ $Lang == "fr" ]
1784 
				then echo "Le fichier de configuration d'une ancienne version a été trouvé";
 1754 
				then echo "Le fichier de configuration d'une ancienne version a été trouvé";
1785 
				else echo "The configuration file of an old version has been found";
 1755 
				else echo "The configuration file of an old version has been found";
1786 
			fi
 1756 
			fi
1787 
			response=0
 1757 
			response=0
1788 
			PTN='^[oOnNyY]$'
 1758 
			PTN='^[oOnNyY]$'
1789 
			until [[ $(expr $response : $PTN) -gt 0 ]]
 1759 
			until [[ $(expr $response : $PTN) -gt 0 ]]
1790 
			do
 1760 
			do
1791 
				if [ $Lang == "fr" ]
 1761 
				if [ $Lang == "fr" ]
1792 
					then echo -n "Voulez-vous l'utiliser (O/n)? ";
 1762 
					then echo -n "Voulez-vous l'utiliser (O/n)? ";
1793 
					else echo -n "Do you want to use it (Y/n)?";
 1763 
					else echo -n "Do you want to use it (Y/n)?";
1794 
				 fi
 1764 
				 fi
1795 
				read response
 1765 
				read response
1796 
				if [ "$response" = "n" ] || [ "$response" = "N" ]
1766 
				if [ "$response" = "n" ] || [ "$response" = "N" ]
1797 
				then rm -f /tmp/alcasar-conf*
 1767 
				then rm -f /tmp/alcasar-conf*
1798 
				fi
 1768 
				fi
1799 
			done
 1769 
			done
1800 
		fi
 1770 
		fi
1801 
# Test if update
 1771 
# Test if update
1802 
		if [ -e /tmp/alcasar-conf.tar.gz ]
1772 
		if [ -e /tmp/alcasar-conf.tar.gz ]
1803 
		then
 1773 
		then
1804 
			if [ $Lang == "fr" ]
 1774 
			if [ $Lang == "fr" ]
1805 
				then echo "#### Installation avec mise à jour ####";
 1775 
				then echo "#### Installation avec mise à jour ####";
1806 
				else echo "#### Installation with update     ####";
 1776 
				else echo "#### Installation with update     ####";
1807 
			fi
 1777 
			fi
1808 
# Extract the central configuration file
 1778 
# Extract the central configuration file
1809 
			tar -xf /tmp/alcasar-conf.tar.gz conf/etc/alcasar.conf
1779 
			tar -xf /tmp/alcasar-conf.tar.gz conf/etc/alcasar.conf
1810 
			ORGANISME=`grep ORGANISM conf/etc/alcasar.conf|cut -d"=" -f2`
 1780 
			ORGANISME=`grep ORGANISM conf/etc/alcasar.conf|cut -d"=" -f2`
1811 
			mode="update"
 1781 
			mode="update"
1812 
		else
 1782 
		else
1813 
			mode="install"
 1783 
			mode="install"
1814 
		fi
 1784 
		fi
1815 
		for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_awstats param_dnsmasq BL cron post_install
 1785 
		for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_awstats param_dnsmasq BL cron post_install
1816 
		do
 1786 
		do
1817 
			$func
 1787 
			$func
1818 
 echo "*** 'debug' : end of function $func ***"; read a
 1788 
 echo "*** 'debug' : end of function $func ***"; read a
1819 
		done
 1789 
		done
1820 
		;;
 1790 
		;;
1821 
	-u | --uninstall)
 1791 
	-u | --uninstall)
1822 
		if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]
 1792 
		if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]
1823 
		then
 1793 
		then
1824 
			if [ $Lang == "fr" ]
 1794 
			if [ $Lang == "fr" ]
1825 
				then echo "ALCASAR n'est pas installé!";
 1795 
				then echo "ALCASAR n'est pas installé!";
1826 
				else echo "ALCASAR isn't installed!";
 1796 
				else echo "ALCASAR isn't installed!";
1827 
			fi
 1797 
			fi
1828 
			exit 0
 1798 
			exit 0
1829 
		fi
 1799 
		fi
1830 
		response=0
 1800 
		response=0
1831 
		PTN='^[oOnN]$'
 1801 
		PTN='^[oOnN]$'
1832 
		until [[ $(expr $response : $PTN) -gt 0 ]]
 1802 
		until [[ $(expr $response : $PTN) -gt 0 ]]
1833 
		do
 1803 
		do
1834 
			if [ $Lang == "fr" ]
 1804 
			if [ $Lang == "fr" ]
1835 
				then echo -n "Voulez-vous créer le fichier de configuration de la version actuelle (0/n)? ";
 1805 
				then echo -n "Voulez-vous créer le fichier de configuration de la version actuelle (0/n)? ";
1836 
				else echo -n "Do you want to create the running version configuration file (Y/n)? ";
 1806 
				else echo -n "Do you want to create the running version configuration file (Y/n)? ";
1837 
			fi
 1807 
			fi
1838 
			read response
 1808 
			read response
1839 
		done
 1809 
		done
1840 
		if [ "$reponse" = "o" ] || [ "$reponse" = "O" ] || [ "$response" = "Y" ] || [ "$response" = "y" ]
 1810 
		if [ "$reponse" = "o" ] || [ "$reponse" = "O" ] || [ "$response" = "Y" ] || [ "$response" = "y" ]
1841 
		then
 1811 
		then
1842 
			$DIR_SCRIPT/alcasar-conf.sh --create
 1812 
			$DIR_SCRIPT/alcasar-conf.sh --create
1843 
		else
1813 
		else
1844 
			rm -f /tmp/alcasar-conf*
 1814 
			rm -f /tmp/alcasar-conf*
1845 
		fi
 1815 
		fi
1846 
# Uninstall the running version
 1816 
# Uninstall the running version
1847 
		$DIR_SCRIPTS/sbin/alcasar-uninstall.sh
 1817 
		$DIR_SCRIPTS/sbin/alcasar-uninstall.sh
1848 
		;;
 1818 
		;;
1849 
	*)
 1819 
	*)
1850 
		echo "Argument inconnu :$1";
 1820 
		echo "Argument inconnu :$1";
1851 
		echo "Unknown argument :$1";
 1821 
		echo "Unknown argument :$1";
1852 
		echo "$usage"
 1822 
		echo "$usage"
1853 
		exit 1
 1823 
		exit 1
1854 
		;;
 1824 
		;;
1855 
esac
 1825 
esac
1856 
# end of script
 1826 
# end of script
1857 
 
 1827 
 
1858 
 
 1828