WebSVN – ALCASAR – Diff – /alcasar.sh



#!/bin/bash
#  $Id: alcasar.sh 1150 2013-07-09 21:15:03Z richard $ 
 
# alcasar.sh
 
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
# Ce programme est un logiciel libre ; This software is free and open source

EOF
	[ -e /etc/host.deny.default ]  || cp /etc/hosts.deny /etc/hosts.deny.default
	cat <<EOF > /etc/hosts.deny
ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" | /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &
EOF
 
 
# Firewall config
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
# create the filter exception file and ip_bloqued file

#dhcpgatewayport
EOF
# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0)
	echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
# create files for trusted domains and urls
 
	touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
	chown root:apache $DIR_DEST_ETC/alcasar-*
	chmod 660 $DIR_DEST_ETC/alcasar-*
# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli)
	$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php

rm -f /tmp/alcasar-conf*
chown -R root:apache $DIR_DEST_ETC/*
chmod -R 660 $DIR_DEST_ETC/*
chmod ug+x $DIR_DEST_ETC/digest
 
# Fix the Mageia bug in function "/etc/sysconfig/network-scripts/network-functions"
[ -e /sbin/ethtool ]  || ln -s /usr/sbin/ethtool /sbin/ethtool
 
# Apply and save the firewall rules
 	sh $DIR_DEST_BIN/alcasar-iptables.sh
	sleep 2

Rev 1149	Rev 1150
Line 1...	Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar.sh 1149 2013-07-08 21:43:36Z richard $`	2	`# $Id: alcasar.sh 1150 2013-07-09 21:15:03Z richard $`
3		3
4	`# alcasar.sh`	4	`# alcasar.sh`
5		5
6	`# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]`	6	`# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]`
7	`# Ce programme est un logiciel libre ; This software is free and open source`	7	`# Ce programme est un logiciel libre ; This software is free and open source`
Line 484...	Line 484...
484	`EOF`	484	`EOF`
485	`[ -e /etc/host.deny.default ] \|\| cp /etc/hosts.deny /etc/hosts.deny.default`	485	`[ -e /etc/host.deny.default ] \|\| cp /etc/hosts.deny /etc/hosts.deny.default`
486	`cat <<EOF > /etc/hosts.deny`	486	`cat <<EOF > /etc/hosts.deny`
487	`ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" \| /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &`	487	`ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" \| /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &`
488	`EOF`	488	`EOF`
489	`# modify "network-functions" Mageia script (waiting for bug fix bugzilla:10623)`	-
490	`$SED "s?/sbin/ethtool?/usr/sbin/ethtool?g" /etc/sysconfig/network-scripts/network-functions`	-
491	`# Firewall config`	489	`# Firewall config`
492	`$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`	490	`$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`
493	`$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`	491	`$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`
494	`chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)`	492	`chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)`
495	`# create the filter exception file and ip_bloqued file`	493	`# create the filter exception file and ip_bloqued file`
Line 999...	Line 997...
999	`#dhcpgatewayport`	997	`#dhcpgatewayport`
1000	`EOF`	998	`EOF`
1001	`# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0)`	999	`# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0)`
1002	`echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers`	1000	`echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers`
1003	`# create files for trusted domains and urls`	1001	`# create files for trusted domains and urls`
1004	`# cp -f $DIR_CONF/etc/alcasar-uam* $DIR_DEST_ETC/.`	-
1005	`touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain`	1002	`touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain`
1006	`chown root:apache $DIR_DEST_ETC/alcasar-*`	1003	`chown root:apache $DIR_DEST_ETC/alcasar-*`
1007	`chmod 660 $DIR_DEST_ETC/alcasar-*`	1004	`chmod 660 $DIR_DEST_ETC/alcasar-*`
1008	`# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli)`	1005	`# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli)`
1009	`$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php`	1006	`$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php`
Line 1635...	Line 1632...
1635	`rm -f /tmp/alcasar-conf*`	1632	`rm -f /tmp/alcasar-conf*`
1636	`chown -R root:apache $DIR_DEST_ETC/*`	1633	`chown -R root:apache $DIR_DEST_ETC/*`
1637	`chmod -R 660 $DIR_DEST_ETC/*`	1634	`chmod -R 660 $DIR_DEST_ETC/*`
1638	`chmod ug+x $DIR_DEST_ETC/digest`	1635	`chmod ug+x $DIR_DEST_ETC/digest`
1639		1636
1640	`# correction temporaire du bug du paquet ethtool`	1637	`# Fix the Mageia bug in function "/etc/sysconfig/network-scripts/network-functions"`
1641	`[ -e /sbin/ethtool ] \|\| ln -s /usr/sbin/ethtool /sbin/ethtool`	1638	`[ -e /sbin/ethtool ] \|\| ln -s /usr/sbin/ethtool /sbin/ethtool`
1642		1639
1643	`# Apply and save the firewall rules`	1640	`# Apply and save the firewall rules`
1644	`sh $DIR_DEST_BIN/alcasar-iptables.sh`	1641	`sh $DIR_DEST_BIN/alcasar-iptables.sh`
1645	`sleep 2`	1642	`sleep 2`

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 1154 – Rev 1149 → 1150