Subversion Repositories ALCASAR

Rev

Rev 1375 | Rev 1378 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1375 Rev 1376
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
#  $Id: alcasar.sh 1375 2014-06-04 21:06:52Z richard $
2 
#  $Id: alcasar.sh 1376 2014-06-04 21:55:31Z richard $
3 
 
 3 
 
4 
# alcasar.sh
 4 
# alcasar.sh
5 
 
 5 
 
6 
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
6 
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
7 
# Ce programme est un logiciel libre ; This software is free and open source
 7 
# Ce programme est un logiciel libre ; This software is free and open source
Line 42... Line 42...
42 
#	dnsmasq			: Name server configuration
 42 
#	dnsmasq			: Name server configuration
43 
#	BL			: BlackList of Toulouse configuration : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
 43 
#	BL			: BlackList of Toulouse configuration : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
44 
#	cron			: Logs export + watchdog + connexion statistics
 44 
#	cron			: Logs export + watchdog + connexion statistics
45 
#	fail2ban		: Fail2ban installation and configuration
 45 
#	fail2ban		: Fail2ban installation and configuration
46 
#	post_install		: Security, log rotation, etc.
 46 
#	post_install		: Security, log rotation, etc.
47 
#	gammu_smsd			: Autoregister addon (gammu-smsd)
 47 
#	gammu_smsd		: Autoregister addon via SMS (gammu-smsd)
48 
 
 48 
 
49 
DATE=`date '+%d %B %Y - %Hh%M'`
 49 
DATE=`date '+%d %B %Y - %Hh%M'`
50 
DATE_SHORT=`date '+%d/%m/%Y'`
 50 
DATE_SHORT=`date '+%d/%m/%Y'`
51 
Lang=`echo $LANG|cut -c 1-2`
 51 
Lang=`echo $LANG|cut -c 1-2`
52 
mode="install"
 52 
mode="install"
Line 1179... Line 1179...
1179 
param_nfsen()
 1179 
param_nfsen()
1180 
{
 1180 
{
1181 
	tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
 1181 
	tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
1182 
# Create a specific user and group
 1182 
# Create a specific user and group
1183 
	[ `grep "^www-data:" /etc/group | wc -l` == 1 ] || groupadd www-data
 1183 
	[ `grep "^www-data:" /etc/group | wc -l` == 1 ] || groupadd www-data
1184 
	[ `grep "^nfsen:" /etc/passwd | wc -l` == 1 ] || useradd -m nfsen
 1184 
	[ `grep "^nfsen:" /etc/passwd | wc -l` == 1 ] || useradd -r -g nfsen -s /bin/false -c "system user for the grapher nfsen" nfsen
1185 
	usermod -G www-data nfsen
 1185 
	groupadd -f chilli
1186 
# Add PortTracker plugin
 1186 
# Add PortTracker plugin
1187 
	mkdir -p /var/www/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
 1187 
	mkdir -p /var/www/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
1188 
	chown -R nfsen:www-data /var/www/nfsen
 1188 
	chown -R nfsen:www-data /var/www/nfsen
1189 
	chown -R apache:apache /usr/share/nfsen
 1189 
	chown -R apache:apache /usr/share/nfsen
1190 
	cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
 1190 
	cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
Line 1479... Line 1479...
1479 
	chmod 644 /var/log/fail2ban.log
 1479 
	chmod 644 /var/log/fail2ban.log
1480 
	chmod 644 /var/Save/logs/security/watchdog.log
 1480 
	chmod 644 /var/Save/logs/security/watchdog.log
1481 
} #Fin de fail2ban_install()
 1481 
} #Fin de fail2ban_install()
1482 
 
 1482 
 
1483 
##################################################################
 1483 
##################################################################
- 
 
 1484 
## 			Fonction "gammu_smsd"			##
- 
 
 1485 
## - Creation de la base de donnée Gammu			##
- 
 
 1486 
## - Creation du fichier de config: gammu_smsd_conf		##
- 
 
 1487 
##								##
- 
 
 1488 
##################################################################
- 
 
 1489 
gammu_smsd()
- 
 
 1490 
{
- 
 
 1491 
# Create 'gammu' databse
- 
 
 1492 
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
- 
 
 1493 
	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_GAMMU;GRANT ALL ON $DB_GAMMU.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES"
- 
 
 1494 
# Add a gammu database structure
- 
 
 1495 
	mysql -u$DB_USER -p$radiuspwd $DB_GAMMU < $DIR_CONF/gammu-smsd-db-vierge.sql
- 
 
 1496 
 
- 
 
 1497 
# config file for the daemon
- 
 
 1498 
cat << EOF > /etc/gammu_smsd_conf
- 
 
 1499 
[gammu]
- 
 
 1500 
port = /dev/ttyUSB0
- 
 
 1501 
connection = at115200
- 
 
 1502 
 
- 
 
 1503 
;########################################################
- 
 
 1504 
 
- 
 
 1505 
[smsd]
- 
 
 1506 
 
- 
 
 1507 
PIN = 1234
- 
 
 1508 
 
- 
 
 1509 
logfile = /var/log/gammu-smsd/gammu-smsd.log
- 
 
 1510 
logformat = textall
- 
 
 1511 
debuglevel = 0
- 
 
 1512 
 
- 
 
 1513 
service = sql
- 
 
 1514 
driver = native_mysql
- 
 
 1515 
user = $DB_USER
- 
 
 1516 
password = $radiuspwd
- 
 
 1517 
pc = localhost
- 
 
 1518 
database = $DB_GAMMU
- 
 
 1519 
 
- 
 
 1520 
RunOnReceive = /usr/local/bin/alcasar-sms.sh --new_sms
- 
 
 1521 
 
- 
 
 1522 
StatusFrequency = 30
- 
 
 1523 
LoopSleep = 2
- 
 
 1524 
 
- 
 
 1525 
;ResetFrequency = 300
- 
 
 1526 
;HardResetFrequency = 120
- 
 
 1527 
 
- 
 
 1528 
CheckSecurity = 1
- 
 
 1529 
CheckSignal = 1
- 
 
 1530 
CheckBattery = 0
- 
 
 1531 
EOF
- 
 
 1532 
 
- 
 
 1533 
chmod 755 /etc/gammu_smsd_conf
- 
 
 1534 
 
- 
 
 1535 
#Creation dossier de log Gammu-smsd
- 
 
 1536 
mkdir /var/log/gammu-smsd
- 
 
 1537 
chmod 755 /var/log/gammu-smsd
- 
 
 1538 
 
- 
 
 1539 
#Edition du script sql gammu <-> radius
- 
 
 1540 
$SED "10c u_db=\"$DB_USER\"" $DIR_DEST_BIN/alcasar-sms.sh
- 
 
 1541 
$SED "11c p_db=\"$radiuspwd\"" $DIR_DEST_BIN/alcasar-sms.sh
- 
 
 1542 
 
- 
 
 1543 
} # END gammu_smsd()
- 
 
 1544 
 
- 
 
 1545 
##################################################################
1484 
##			Fonction "post_install"			##
 1546 
##			Fonction "post_install"			##
1485 
## - Modification des bannières (locales et ssh) et des prompts ##
 1547 
## - Modification des bannières (locales et ssh) et des prompts ##
1486 
## - Installation de la structure de chiffrement pour root	##
 1548 
## - Installation de la structure de chiffrement pour root	##
1487 
## - Mise en place du sudoers et de la sécurité sur les fichiers##
 1549 
## - Mise en place du sudoers et de la sécurité sur les fichiers##
1488 
## - Mise en place du la rotation des logs			##
 1550 
## - Mise en place du la rotation des logs			##
Line 1608... Line 1670...
1608 
# Remove unused services and users
 1670 
# Remove unused services and users
1609 
	for svc in sshd.service alsa-state
 1671 
	for svc in sshd.service alsa-state
1610 
	do
 1672 
	do
1611 
		/bin/systemctl -q disable $svc
 1673 
		/bin/systemctl -q disable $svc
1612 
	done
 1674 
	done
1613 
	for rm_users in sysqdin
 1675 
	for rm_users in games
1614 
	do
 1676 
	do
1615 
		user=`cat /etc/passwd|grep $rm_users|cut -d":" -f1`
 1677 
		user=`cat /etc/passwd|grep $rm_users|cut -d":" -f1`
1616 
		if [ "$user" == "$rm_users" ]
 1678 
		if [ "$user" == "$rm_users" ]
1617 
		then
 1679 
		then
1618 
			/usr/sbin/userdel -f $rm_users
 1680 
			/usr/sbin/userdel -f $rm_users
Line 1702... Line 1764...
1702 
	fi
 1764 
	fi
1703 
	clear
 1765 
	clear
1704 
	reboot
 1766 
	reboot
1705 
} # End post_install ()
 1767 
} # End post_install ()
1706 
 
 1768 
 
1707 
 
 - 
 
1708 
##################################################################
 - 
 
1709 
## 			Fonction "gammu_smsd"			##
 - 
 
1710 
## - Creation de la base de donnée Gammu			##
 - 
 
1711 
## - Creation du fichier de config: gammu_smsd_conf		##
 - 
 
1712 
##								##
 - 
 
1713 
##################################################################
 - 
 
1714 
gammu_smsd()
 - 
 
1715 
{
 - 
 
1716 
# Create 'gammu' databse
 - 
 
1717 
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
 - 
 
1718 
	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_GAMMU;GRANT ALL ON $DB_GAMMU.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES"
 - 
 
1719 
# Add a gammu database structure
 - 
 
1720 
	mysql -u$DB_USER -p$radiuspwd $DB_GAMMU < $DIR_CONF/gammu-smsd-db-vierge.sql
 - 
 
1721 
 
 - 
 
1722 
 
 - 
 
1723 
# Creation du fichier de config gammu_smsd_conf
 - 
 
1724 
cat << EOF > /etc/gammu_smsd_conf
 - 
 
1725 
[gammu]
 - 
 
1726 
port = /dev/ttyUSB0
 - 
 
1727 
connection = at115200
 - 
 
1728 
 
 - 
 
1729 
;########################################################
 - 
 
1730 
 
 - 
 
1731 
[smsd]
 - 
 
1732 
 
 - 
 
1733 
PIN = 1234
 - 
 
1734 
 
 - 
 
1735 
logfile = /var/log/gammu-smsd/gammu-smsd.log
 - 
 
1736 
logformat = textall
 - 
 
1737 
debuglevel = 0
 - 
 
1738 
 
 - 
 
1739 
service = sql
 - 
 
1740 
driver = native_mysql
 - 
 
1741 
user = $DB_USER
 - 
 
1742 
password = $radiuspwd
 - 
 
1743 
pc = localhost
 - 
 
1744 
database = $DB_GAMMU
 - 
 
1745 
 
 - 
 
1746 
RunOnReceive = /usr/local/bin/alcasar-sms.sh --new_sms
 - 
 
1747 
 
 - 
 
1748 
StatusFrequency = 30
 - 
 
1749 
LoopSleep = 2
 - 
 
1750 
 
 - 
 
1751 
;ResetFrequency = 300
 - 
 
1752 
;HardResetFrequency = 120
 - 
 
1753 
 
 - 
 
1754 
CheckSecurity = 1
- 
 
1755 
CheckSignal = 1
 - 
 
1756 
CheckBattery = 0
 - 
 
1757 
EOF
 - 
 
1758 
 
 - 
 
1759 
chmod 755 /etc/gammu_smsd_conf
 - 
 
1760 
 
 - 
 
1761 
#Creation dossier de log Gammu-smsd
 - 
 
1762 
mkdir /var/log/gammu-smsd
 - 
 
1763 
chmod 755 /var/log/gammu-smsd
 - 
 
1764 
 
 - 
 
1765 
#Edition du script sql gammu <-> radius
 - 
 
1766 
$SED "10c u_db=\"$DB_USER\"" $DIR_DEST_BIN/alcasar-sms.sh
 - 
 
1767 
$SED "11c p_db=\"$radiuspwd\"" $DIR_DEST_BIN/alcasar-sms.sh
 - 
 
1768 
 
 - 
 
1769 
} # END gammu_smsd()
 - 
 
1770 
 
 - 
 
1771 
 
 - 
 
1772 
 
 - 
 
1773 
 
 - 
 
1774 
#################################
 1769 
#################################
1775 
#  	Main Install loop  	#
 1770 
#  	Main Install loop  	#
1776 
#################################
 1771 
#################################
1777 
dir_exec=`dirname "$0"`
 1772 
dir_exec=`dirname "$0"`
1778 
if [ $dir_exec != "." ]
 1773 
if [ $dir_exec != "." ]
Line 1847... Line 1842...
1847 
			MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
 1842 
			MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
1848 
			MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
 1843 
			MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
1849 
			UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
 1844 
			UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
1850 
			mode="update"
 1845 
			mode="update"
1851 
		fi
 1846 
		fi
1852 
		for func in init network ACC CA init_db param_radius param_web_radius param_chilli param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron fail2ban post_install
 1847 
		for func in init network ACC CA init_db param_radius param_web_radius param_chilli param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron fail2ban gammu_smsd post_install
1853 
		do
 1848 
		do
1854 
			$func
 1849 
			$func
1855 
# echo "*** 'debug' : end of function $func ***"; read a
 1850 
# echo "*** 'debug' : end of function $func ***"; read a
1856 
		done
 1851 
		done
1857 
		;;
 1852 
		;;