WebSVN – ALCASAR – Diff – /alcasar.sh

 #!/bin/bash
-#  $Id: alcasar.sh 1530 2014-12-21 19:59:20Z richard $
+#  $Id: alcasar.sh 1532 2014-12-21 21:39:52Z richard $
 # alcasar.sh
 # ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
 # Ce programme est un logiciel libre ; This software is free and open source
 # Configuration et sécurisation Apache
 	rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*
 	[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
 	$SED "s?^#ServerName.*?ServerName $HOSTNAME.$DOMAIN?g" /etc/httpd/conf/httpd.conf
 	$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
-	$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
+	$SED "s?Options Indexes.*?Options -Indexes?g" /etc/httpd/conf/httpd.conf
+	echo "ServerTokens Prod" >> /etc/httpd/conf/httpd.conf
-	$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
+	echo "ServerSignature Off" >> /etc/httpd/conf/httpd.conf
-	$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf
+	[ -e /etc/httpd/conf/modules.d/00_base.conf.default ] || cp /etc/httpd/conf/modules.d/00_base.conf /etc/httpd/conf/modules.d/00_base.conf.default
-	$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/httpd.conf
+	$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/modules.d/00_base.conf
-	$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
+	$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/modules.d/00_base.conf
-	$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
+	$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/modules.d/00_base.conf
-	$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
+	$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/modules.d/00_base.conf
-	$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
+	$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/modules.d/00_base.conf
-	$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
+	$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/modules.d/00_base.conf
-	$SED "s?LoadModule speling_module.*?LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/httpd.conf
+	$SED "s?^LoadModule speling_module.*?#LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/modules.d/00_base.conf
 	[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] || cp /etc/httpd/conf/conf.d/ssl.conf /etc/httpd/conf/conf.d/ssl.conf.default
 	$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" /etc/httpd/conf/conf.d/ssl.conf # Listen only on INTIF
+# Error page management
+FIC_ERROR_DOC=`find /etc/httpd/conf -type f -name multilang-errordoc.conf`
+[ -e $FIC_ERROR_DOC ]  || cp $FIC_ERROR_DOC $FIC_ERROR_DOC.default
+cat <<EOF > $FIC_ERROR_DOC
+Alias /error/ "/var/www/html/"
+<Directory "/usr/share/httpd/error">
+    AllowOverride None
+    Options IncludesNoExec
+    AddOutputFilter Includes html
+    AddHandler type-map var
+    Require all granted
+    LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
+    ForceLanguagePriority Prefer Fallback
+</Directory>
+ErrorDocument 400 /error/error.php?error=400
+ErrorDocument 401 /error/error.php?error=401
+ErrorDocument 403 /error/error.php?error=403
+ErrorDocument 404 /error/error.php?error=404
+ErrorDocument 405 /error/error.php?error=405
+ErrorDocument 408 /error/error.php?error=408
+ErrorDocument 410 /error/error.php?error=410
+ErrorDocument 411 /error/error.php?error=411
+ErrorDocument 412 /error/error.php?error=412
+ErrorDocument 413 /error/error.php?error=413
+ErrorDocument 414 /error/error.php?error=414
+ErrorDocument 415 /error/error.php?error=415
+ErrorDocument 500 /error/error.php?error=500
+ErrorDocument 501 /error/error.php?error=501
+ErrorDocument 502 /error/error.php?error=502
+ErrorDocument 503 /error/error.php?error=503
+ErrorDocument 506 /error/error.php?error=506
+EOF
 	[ -e /usr/share/httpd/error/include/top.html.default ] || cp /usr/share/httpd/error/include/top.html /usr/share/httpd/error/include/top.html.default
 	$SED "s?background-color.*?background-color: #EFEFEF; }?g" /usr/share/httpd/error/include/top.html
 	[ -e /usr/share/httpd/error/include/bottom.html.default ] || cp /usr/share/httpd/error/include/bottom.html /usr/share/httpd/error/include/bottom.html.default
 	cat <<EOF > /usr/share/httpd/error/include/bottom.html
 </body>
 	AuthType digest
 	AuthName $HOSTNAME.$DOMAIN
 	AuthUserFile $DIR_DEST_ETC/digest/key_backup
 	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
 </Directory>
-<Directory $DIR_ACC/stats>
-	SSLRequireSSL
-	AllowOverride None
-	Order deny,allow
-	Deny from all
-	Allow from 127.0.0.1
-	Allow from $PRIVATE_NETWORK_MASK
-#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
-	require valid-user
-	AuthType digest
-	AuthName $HOSTNAME.$DOMAIN
-	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
-	AuthUserFile $DIR_DEST_ETC/digest/key_manager
-	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
-</Directory>
 EOF
 # Launch after coova
 $SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/httpd.service
-# Error page management
-FIC_ERROR_DOC=`find /etc/httpd/conf -type f -name multilang-errordoc.conf`
-[ -e $FIC_ERROR_DOC ]  || cp $FIC_ERROR_DOC $FIC_ERROR_DOC.default
-cat <<EOF > $FIC_ERROR_DOC
-Alias /error/ "/var/www/html/"
-<Directory "/usr/share/httpd/error">
-    AllowOverride None
-    Options IncludesNoExec
-    AddOutputFilter Includes html
-    AddHandler type-map var
-    Require all granted
-    LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
-    ForceLanguagePriority Prefer Fallback
-</Directory>
-ErrorDocument 400 /error/error.php?error=400
-ErrorDocument 401 /error/error.php?error=401
-ErrorDocument 403 /error/error.php?error=403
-ErrorDocument 404 /error/error.php?error=404
-ErrorDocument 405 /error/error.php?error=405
-ErrorDocument 408 /error/error.php?error=408
-ErrorDocument 410 /error/error.php?error=410
-ErrorDocument 411 /error/error.php?error=411
-ErrorDocument 412 /error/error.php?error=412
-ErrorDocument 413 /error/error.php?error=413
-ErrorDocument 414 /error/error.php?error=414
-ErrorDocument 415 /error/error.php?error=415
-ErrorDocument 500 /error/error.php?error=500
-ErrorDocument 501 /error/error.php?error=501
-ErrorDocument 502 /error/error.php?error=502
-ErrorDocument 503 /error/error.php?error=503
-ErrorDocument 506 /error/error.php?error=506
-EOF
 # Initialization of Vnstat
 	 [ -e /etc/vnstat.conf.default ]  || cp /etc/vnstat.conf /etc/vnstat.conf.default
 	 $SED "s?Interface.*?Interface \"$EXTIF\"?g" /etc/vnstat.conf
 	/usr/bin/vnstat -u -i $EXTIF
 } # End of ACC ()
 ##########################################################################################
 ##				Fonction "CA"						##
 ## - Création d'une Autorité de Certification et du certificat serveur pour apache 	##
 CA ()
+{
 	$DIR_DEST_BIN/alcasar-CA.sh
 	FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf`
 	[ -e /etc/httpd/conf/vhosts-ssl.default ]  || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
-	#$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
-	#$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL
-	#$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?" $FIC_VIRTUAL_SSL
 	cat <<EOF > $FIC_VIRTUAL_SSL
 # default SSL virtual host, used for all HTTPS requests that do not
 # match a ServerName or ServerAlias in any <VirtualHost> block.
 <VirtualHost _default_:443>

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2681 – Rev 1530 → 1532