WebSVN – ALCASAR – Diff – /alcasar.sh



#!/bin/bash
#  $Id: alcasar.sh 1350 2014-05-14 16:14:43Z richard $ 
 
# alcasar.sh
 
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
# Ce programme est un logiciel libre ; This software is free and open source

			fi
		done
	fi
# On crée aléatoirement les mots de passe et les secrets partagés
	rm -f $PASSWD_FILE
	grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
	echo -n "Password to protect the GRUB boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE
	echo "$grubpwd" >> $PASSWD_FILE
	md5_grubpwd=`/usr/bin/openssl passwd -1 $grubpwd`
	$SED "/^password.*/d" /boot/grub/menu.lst
	$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
	mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
	echo -n "Name and password of Mysql/mariadb administrator : " >> $PASSWD_FILE
	echo "root / $mysqlpwd" >> $PASSWD_FILE
	radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
	echo -n "Name and password of Mysql/mariadb user : " >> $PASSWD_FILE
	echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE
	secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
	echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE
	echo "$secretuam" >> $PASSWD_FILE
	secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
	echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
	echo "$secretradius" >> $PASSWD_FILE
	chmod 640 $PASSWD_FILE
# Scripts and conf files copy 
#  - in /usr/local/bin :  alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}

EOF
# config /etc/hosts
	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
	cat <<EOF > /etc/hosts
127.0.0.1	localhost
$PRIVATE_IP	$HOSTNAME.$DOMAIN $HOSTNAME $ORGANISME $ORGANISME.$DOMAIN
EOF
# Config EXTIF (Internet)
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
DEVICE=$EXTIF
BOOTPROTO=static

		[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
		mkdir -p $DIR_DEST_ETC/digest
		chmod 755 $DIR_DEST_ETC/digest
		until [ -s $DIR_DEST_ETC/digest/key_admin ]
			do
				/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal
			done
		$DIR_DEST_SBIN/alcasar-profil.sh --list
	fi
# synchronisation horaire
	ntpd -q -g &

			[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
			mkdir -p $DIR_DEST_ETC/digest
			chmod 755 $DIR_DEST_ETC/digest
			until [ -s $DIR_DEST_ETC/digest/key_admin ]
			do
				/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal
			done
			$DIR_DEST_SBIN/alcasar-profil.sh --list
		fi
	fi
	rm -f /tmp/alcasar-conf*

Rev 1349	Rev 1350
Line 1...	Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar.sh 1349 2014-05-14 14:52:19Z richard $`	2	`# $Id: alcasar.sh 1350 2014-05-14 16:14:43Z richard $`
3		3
4	`# alcasar.sh`	4	`# alcasar.sh`
5		5
6	`# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]`	6	`# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]`
7	`# Ce programme est un logiciel libre ; This software is free and open source`	7	`# Ce programme est un logiciel libre ; This software is free and open source`
Line 251...	Line 251...
251	`fi`	251	`fi`
252	`done`	252	`done`
253	`fi`	253	`fi`
254	`# On crée aléatoirement les mots de passe et les secrets partagés`	254	`# On crée aléatoirement les mots de passe et les secrets partagés`
255	`rm -f $PASSWD_FILE`	255	`rm -f $PASSWD_FILE`
256	grubpwd=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8` # mot de passe de protection du menu Grub	256	grubpwd=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8`
257	`echo -n "Password to protect the boot menu (GRUB) : " > $PASSWD_FILE`	257	`echo -n "Password to protect the GRUB boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE`
258	`echo "$grubpwd" >> $PASSWD_FILE`	258	`echo "$grubpwd" >> $PASSWD_FILE`
259	md5_grubpwd=`/usr/bin/openssl passwd -1 $grubpwd`	259	md5_grubpwd=`/usr/bin/openssl passwd -1 $grubpwd`
260	`$SED "/^password.*/d" /boot/grub/menu.lst`	260	`$SED "/^password.*/d" /boot/grub/menu.lst`
261	`$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst`	261	`$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst`
262	mysqlpwd=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8` # mot de passe de l'administrateur Mysqld	262	mysqlpwd=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8`
263	`echo -n "Name and password of Mysql/mariadb administrator : " >> $PASSWD_FILE`	263	`echo -n "Name and password of Mysql/mariadb administrator : " >> $PASSWD_FILE`
264	`echo "root / $mysqlpwd" >> $PASSWD_FILE`	264	`echo "root / $mysqlpwd" >> $PASSWD_FILE`
265	radiuspwd=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8` # mot de passe de l'utilisateur Mysqld (utilisé par freeradius)	265	radiuspwd=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8`
266	`echo -n "Name and password of Mysql/mariadb user : " >> $PASSWD_FILE`	266	`echo -n "Name and password of Mysql/mariadb user : " >> $PASSWD_FILE`
267	`echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE`	267	`echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE`
268	secretuam=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8` # secret partagé entre intercept.php et coova-chilli	268	secretuam=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8`
269	`echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE`	269	`echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE`
270	`echo "$secretuam" >> $PASSWD_FILE`	270	`echo "$secretuam" >> $PASSWD_FILE`
271	secretradius=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8` # secret partagé entre coova-chilli et FreeRadius	271	secretradius=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8`
272	`echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE`	272	`echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE`
273	`echo "$secretradius" >> $PASSWD_FILE`	273	`echo "$secretradius" >> $PASSWD_FILE`
274	`chmod 640 $PASSWD_FILE`	274	`chmod 640 $PASSWD_FILE`
275	`# Scripts and conf files copy`	275	`# Scripts and conf files copy`
276	`# - in /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}`	276	`# - in /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}`
Line 393...	Line 393...
393	`EOF`	393	`EOF`
394	`# config /etc/hosts`	394	`# config /etc/hosts`
395	`[ -e /etc/hosts.default ] \|\| cp /etc/hosts /etc/hosts.default`	395	`[ -e /etc/hosts.default ] \|\| cp /etc/hosts /etc/hosts.default`
396	`cat <<EOF > /etc/hosts`	396	`cat <<EOF > /etc/hosts`
397	`127.0.0.1 localhost`	397	`127.0.0.1 localhost`
398	`$PRIVATE_IP $HOSTNAME.$DOMAIN`	398	`$PRIVATE_IP $HOSTNAME.$DOMAIN $HOSTNAME $ORGANISME $ORGANISME.$DOMAIN`
399	`EOF`	399	`EOF`
400	`# Config EXTIF (Internet)`	400	`# Config EXTIF (Internet)`
401	`cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF`	401	`cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF`
402	`DEVICE=$EXTIF`	402	`DEVICE=$EXTIF`
403	`BOOTPROTO=static`	403	`BOOTPROTO=static`
Line 580...	Line 580...
580	`[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest`	580	`[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest`
581	`mkdir -p $DIR_DEST_ETC/digest`	581	`mkdir -p $DIR_DEST_ETC/digest`
582	`chmod 755 $DIR_DEST_ETC/digest`	582	`chmod 755 $DIR_DEST_ETC/digest`
583	`until [ -s $DIR_DEST_ETC/digest/key_admin ]`	583	`until [ -s $DIR_DEST_ETC/digest/key_admin ]`
584	`do`	584	`do`
585	`/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal`	585	`/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal`
586	`done`	586	`done`
587	`$DIR_DEST_SBIN/alcasar-profil.sh --list`	587	`$DIR_DEST_SBIN/alcasar-profil.sh --list`
588	`fi`	588	`fi`
589	`# synchronisation horaire`	589	`# synchronisation horaire`
590	`ntpd -q -g &`	590	`ntpd -q -g &`
Line 1601...	Line 1601...
1601	`[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest`	1601	`[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest`
1602	`mkdir -p $DIR_DEST_ETC/digest`	1602	`mkdir -p $DIR_DEST_ETC/digest`
1603	`chmod 755 $DIR_DEST_ETC/digest`	1603	`chmod 755 $DIR_DEST_ETC/digest`
1604	`until [ -s $DIR_DEST_ETC/digest/key_admin ]`	1604	`until [ -s $DIR_DEST_ETC/digest/key_admin ]`
1605	`do`	1605	`do`
1606	`/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal`	1606	`/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal`
1607	`done`	1607	`done`
1608	`$DIR_DEST_SBIN/alcasar-profil.sh --list`	1608	`$DIR_DEST_SBIN/alcasar-profil.sh --list`
1609	`fi`	1609	`fi`
1610	`fi`	1610	`fi`
1611	`rm -f /tmp/alcasar-conf*`	1611	`rm -f /tmp/alcasar-conf*`

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2681 – Rev 1349 → 1350