Subversion Repositories ALCASAR

#!/bin/bash

#!/bin/bash

# alcasar.sh

# alcasar.sh

# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 

# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 

# Ce programme est un logiciel libre ; This software is free and open source

# Ce programme est un logiciel libre ; This software is free and open source

# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence. 

# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence. 

# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ; 

# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ; 

# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE. 

# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE. 

# Voir la Licence Publique Générale GNU pour plus de détails. 

# Voir la Licence Publique Générale GNU pour plus de détails. 

#  team@alcasar.net

#  team@alcasar.net

# by Franck BOUIJOUX, Pascal LEVANT and Richard REY

# by Franck BOUIJOUX, Pascal LEVANT and Richard REY

# This script is distributed under the Gnu General Public License (GPL)

# This script is distributed under the Gnu General Public License (GPL)

# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)

# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)

# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :

# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :

# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)

# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)

# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares : 

# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares : 

# Coovachilli, freeradius, mariaDB, apache, netfilter, dansguardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump

# Coovachilli, freeradius, mariaDB, apache, netfilter, dansguardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump

# Options :

# Options :

#       -i or --install

#       -i or --install

#       -u or --uninstall

#       -u or --uninstall

# Functions :

# Functions :

#	testing			: connectivity tests, free space test and mageia version test

#	testing			: connectivity tests, free space test and mageia version test

#	init			: Installation of RPM and scripts

#	init			: Installation of RPM and scripts

#	network			: Network parameters

#	network			: Network parameters

#	ACC			: ALCASAR Control Center installation

#	ACC			: ALCASAR Control Center installation

#	CA			: Certification Authority initialization

#	CA			: Certification Authority initialization

#	init_db			: Initilization of radius database managed with MariaDB

#	init_db			: Initilization of radius database managed with MariaDB

#	radius			: FreeRadius initialisation

#	radius			: FreeRadius initialisation

#	radius_web		: copy ans modifiy original "freeradius web" in ACC

#	radius_web		: copy ans modifiy original "freeradius web" in ACC

#	chilli			: coovachilli initialisation (+authentication page)

#	chilli			: coovachilli initialisation (+authentication page)

#	dansguardian		: DansGuardian filtering HTTP proxy configuration

#	dansguardian		: DansGuardian filtering HTTP proxy configuration

#	antivirus		: HAVP + libclamav configuration

#	antivirus		: HAVP + libclamav configuration

#	tinyproxy		: little proxy for user filtered with "WL + antivirus" and "antivirus"

#	tinyproxy		: little proxy for user filtered with "WL + antivirus" and "antivirus"

#	ulogd			: log system in userland (match NFLOG target of iptables)

#	ulogd			: log system in userland (match NFLOG target of iptables)

#	nfsen		:	: Configuration du grapheur nfsen pour apache 

#	nfsen		:	: Configuration du grapheur nfsen pour apache 

#	dnsmasq			: Name server configuration

#	dnsmasq			: Name server configuration

#	BL			: BlackList of Toulouse configuration : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)

#	BL			: BlackList of Toulouse configuration : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)

#	cron			: Logs export + watchdog + connexion statistics

#	cron			: Logs export + watchdog + connexion statistics

#	fail2ban		: Fail2ban IDS installation and configuration

#	fail2ban		: Fail2ban IDS installation and configuration

#	gammu_smsd		: Autoregister addon via SMS (gammu-smsd)

#	gammu_smsd		: Autoregister addon via SMS (gammu-smsd)

#	post_install		: Security, log rotation, etc.

#	post_install		: Security, log rotation, etc.

DATE=`date '+%d %B %Y - %Hh%M'`

DATE=`date '+%d %B %Y - %Hh%M'`

DATE_SHORT=`date '+%d/%m/%Y'`

DATE_SHORT=`date '+%d/%m/%Y'`

Lang=`echo $LANG|cut -c 1-2`

Lang=`echo $LANG|cut -c 1-2`

mode="install"

mode="install"

# ******* Files parameters - paramètres fichiers *********

# ******* Files parameters - paramètres fichiers *********

DIR_INSTALL=`pwd`				# current directory 

DIR_INSTALL=`pwd`				# current directory 

DIR_CONF="$DIR_INSTALL/conf"			# install directory (with conf files)

DIR_CONF="$DIR_INSTALL/conf"			# install directory (with conf files)

DIR_SCRIPTS="$DIR_INSTALL/scripts"		# install directory (with script files)

DIR_SCRIPTS="$DIR_INSTALL/scripts"		# install directory (with script files)

DIR_SAVE="/var/Save"				# backup directory (system_backup, user_db_backup, logs)

DIR_SAVE="/var/Save"				# backup directory (system_backup, user_db_backup, logs)

DIR_WEB="/var/www/html"				# directory of APACHE

DIR_WEB="/var/www/html"				# directory of APACHE

DIR_DG="/etc/dansguardian"			# directory of DansGuardian

DIR_DG="/etc/dansguardian"			# directory of DansGuardian

DIR_ACC="$DIR_WEB/acc"				# directory of the 'ALCASAR Control Center'

DIR_ACC="$DIR_WEB/acc"				# directory of the 'ALCASAR Control Center'

DIR_DEST_BIN="/usr/local/bin"			# directory of ALCASAR scripts

DIR_DEST_BIN="/usr/local/bin"			# directory of ALCASAR scripts

DIR_DEST_SBIN="/usr/local/sbin"			# directory of ALCASAR admin scripts

DIR_DEST_SBIN="/usr/local/sbin"			# directory of ALCASAR admin scripts

DIR_DEST_ETC="/usr/local/etc"			# directory of ALCASAR conf files

DIR_DEST_ETC="/usr/local/etc"			# directory of ALCASAR conf files

DIR_DEST_SHARE="/usr/local/share"		# directory of share files used by ALCASAR (dnsmasq for instance)

DIR_DEST_SHARE="/usr/local/share"		# directory of share files used by ALCASAR (dnsmasq for instance)

CONF_FILE="$DIR_DEST_ETC/alcasar.conf"		# central ALCASAR conf file

CONF_FILE="$DIR_DEST_ETC/alcasar.conf"		# central ALCASAR conf file

PASSWD_FILE="/root/ALCASAR-passwords.txt"	# text file with the passwords and shared secrets

PASSWD_FILE="/root/ALCASAR-passwords.txt"	# text file with the passwords and shared secrets

# ******* DBMS parameters - paramètres SGBD ********

# ******* DBMS parameters - paramètres SGBD ********

DB_RADIUS="radius"				# database name used by FreeRadius server

DB_RADIUS="radius"				# database name used by FreeRadius server

DB_USER="radius"				# user name allows to request the users database

DB_USER="radius"				# user name allows to request the users database

DB_GAMMU="gammu"				# database name used by Gammu-smsd

DB_GAMMU="gammu"				# database name used by Gammu-smsd

# ******* Network parameters - paramètres réseau *******

# ******* Network parameters - paramètres réseau *******

HOSTNAME="alcasar"				# default hostname

HOSTNAME="alcasar"				# default hostname

DOMAIN="localdomain"				# default local domain

DOMAIN="localdomain"				# default local domain

EXTIF=`/sbin/ip route|grep default|cut -d" " -f5`						# EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)

EXTIF=`/sbin/ip route|grep default|cut -d" " -f5`						# EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)

INTIF=`/sbin/ip	link|grep '^[[:digit:]]:'|grep -v "lo\|$EXTIF\|tun0"|cut -d" " -f2|tr -d ":"`	# INTIF is connected to the consultation network

INTIF=`/sbin/ip	link|grep '^[[:digit:]]:'|grep -v "lo\|$EXTIF\|tun0"|cut -d" " -f2|tr -d ":"`	# INTIF is connected to the consultation network

MTU="1500"

MTU="1500"

DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24"	# Default ALCASAR IP address

DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24"	# Default ALCASAR IP address

# ****** Paths - chemin des commandes *******

# ****** Paths - chemin des commandes *******

SED="/bin/sed -i"

SED="/bin/sed -i"

# ****************** End of global parameters *********************

# ****************** End of global parameters *********************

license ()

license ()

{

{

	if [ $Lang == "fr" ]

	if [ $Lang == "fr" ]

	then cat $DIR_INSTALL/gpl-3.0.fr.txt | more

	then cat $DIR_INSTALL/gpl-3.0.fr.txt | more

	else cat $DIR_INSTALL/gpl-3.0.txt | more

	else cat $DIR_INSTALL/gpl-3.0.txt | more

	fi

	fi

	echo "Taper sur Entrée pour continuer !"

	echo "Taper sur Entrée pour continuer !"

	echo "Enter to continue."

	echo "Enter to continue."

	read a

	read a

}

}

header_install ()

header_install ()

{

{

	clear

	clear

	echo "-----------------------------------------------------------------------------"

	echo "-----------------------------------------------------------------------------"

	echo "                     ALCASAR V$VERSION Installation"

	echo "                     ALCASAR V$VERSION Installation"

	echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"

	echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"

	echo "-----------------------------------------------------------------------------"

	echo "-----------------------------------------------------------------------------"

}

}

##################################################################

##################################################################

##			Function "testing"			##

##			Function "testing"			##

## - Test of Mageia version					##

## - Test of Mageia version					##

## - Test of ALCASAR version (if already installed)		##

## - Test of ALCASAR version (if already installed)		##

## - Test of free space on /var  (>10G)				##

## - Test of free space on /var  (>10G)				##

## - Test of Internet access					##

## - Test of Internet access					##

##################################################################

##################################################################

testing ()

testing ()

{

{

# Test of Mageia version

# Test of Mageia version

# extract the current Mageia version and hardware architecture (i586 ou X64)

# extract the current Mageia version and hardware architecture (i586 ou X64)

	fic=`cat /etc/product.id`

	fic=`cat /etc/product.id`

	unknown_os=0

	unknown_os=0

	old="$IFS"

	old="$IFS"

	IFS=","

	IFS=","

	set $fic

	set $fic

	for i in $*

	for i in $*

	do

	do

		if [ "`echo $i|grep distribution|cut -d'=' -f1`" == "distribution" ]

		if [ "`echo $i|grep distribution|cut -d'=' -f1`" == "distribution" ]

			then 

			then 

			DISTRIBUTION=`echo $i|cut -d"=" -f2`

			DISTRIBUTION=`echo $i|cut -d"=" -f2`

			unknown_os=`expr $unknown_os + 1`

			unknown_os=`expr $unknown_os + 1`

		fi

		fi

		if [ "`echo $i|grep version|cut -d'=' -f1`" == "version" ]

		if [ "`echo $i|grep version|cut -d'=' -f1`" == "version" ]

			then 

			then 

			CURRENT_VERSION=`echo $i|cut -d"=" -f2`

			CURRENT_VERSION=`echo $i|cut -d"=" -f2`

			unknown_os=`expr $unknown_os + 1`

			unknown_os=`expr $unknown_os + 1`

		fi

		fi

		if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ]

		if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ]

			then 

			then 

			ARCH=`echo $i|cut -d"=" -f2`

			ARCH=`echo $i|cut -d"=" -f2`

			unknown_os=`expr $unknown_os + 1`

			unknown_os=`expr $unknown_os + 1`

		fi

		fi

	done

	done

	IFS="$old"

	IFS="$old"

# Test if ALCASAR is already installed

# Test if ALCASAR is already installed

	if [ -e $CONF_FILE ]

	if [ -e $CONF_FILE ]

	then

	then

		current_version=`cat $CONF_FILE | grep VERSION | cut -d"=" -f2`

		current_version=`cat $CONF_FILE | grep VERSION | cut -d"=" -f2`

		if [ $Lang == "fr" ]

		if [ $Lang == "fr" ]

			then echo -n "La version "; echo -n $current_version ; echo " d'ALCASAR est déjà installée";

			then echo -n "La version "; echo -n $current_version ; echo " d'ALCASAR est déjà installée";

			else echo -n "ALCASAR Version "; echo -n $current_version ; echo " is already installed";

			else echo -n "ALCASAR Version "; echo -n $current_version ; echo " is already installed";

		fi

		fi

		response=0

		response=0

		PTN='^[oOnNyY]$'

		PTN='^[oOnNyY]$'

		until [[ $(expr $response : $PTN) -gt 0 ]]

		until [[ $(expr $response : $PTN) -gt 0 ]]

		do

		do

			if [ $Lang == "fr" ]

			if [ $Lang == "fr" ]

				then echo -n "Voulez-vous effectuer une mise à jour (O/n)? ";

				then echo -n "Voulez-vous effectuer une mise à jour (O/n)? ";

				else echo -n "Do you want to update (Y/n)?";

				else echo -n "Do you want to update (Y/n)?";

			 fi

			 fi

			read response

			read response

		done

		done

		if [ "$response" = "n" ] || [ "$response" = "N" ] 

		if [ "$response" = "n" ] || [ "$response" = "N" ] 

		then

		then

			rm -f /tmp/alcasar-conf*

			rm -f /tmp/alcasar-conf*

		else

		else

# Create a backup of running importants files

# Create a backup of running importants files

			$DIR_SCRIPTS/alcasar-conf.sh --create

			$DIR_SCRIPTS/alcasar-conf.sh --create

			mode="update"

			mode="update"

		fi

		fi

	fi

	fi

	if [[ ( $unknown_os != 3 ) || ("$DISTRIBUTION" != "Mageia" ) || ( "$CURRENT_VERSION" != "4" ) ]]

	if [[ ( $unknown_os != 3 ) || ("$DISTRIBUTION" != "Mageia" ) || ( "$CURRENT_VERSION" != "4" ) ]]

		then

		then

		if [ -e /tmp/alcasar-conf.tar.gz ] # update

		if [ -e /tmp/alcasar-conf.tar.gz ] # update

			then

			then

			echo

			echo

			if [ $Lang == "fr" ]

			if [ $Lang == "fr" ]

				then	

				then	

				echo "La mise à jour automatique d'ALCASAR ne peut pas être réalisée."

				echo "La mise à jour automatique d'ALCASAR ne peut pas être réalisée."

				echo "1 - Récupérez le fichier de configuration actuel (/tmp/alcasar-conf.tar.gz)."

				echo "1 - Récupérez le fichier de configuration actuel (/tmp/alcasar-conf.tar.gz)."

				echo "2 - Installez Linux-Mageia4.1 (cf. doc d'installation)"

				echo "2 - Installez Linux-Mageia4.1 (cf. doc d'installation)"

				echo "3 - recopiez le fichier 'alcasar-conf.tar.gz' dans le répertoire '/tmp' avant de lancer l'installation d'ALCASAR"

				echo "3 - recopiez le fichier 'alcasar-conf.tar.gz' dans le répertoire '/tmp' avant de lancer l'installation d'ALCASAR"

			else

			else

				echo "The automatic update of ALCASAR can't be performed."

				echo "The automatic update of ALCASAR can't be performed."

				echo "1 - Retrieve the configuration file (/tmp/alcasar-conf.tar.gz)"

				echo "1 - Retrieve the configuration file (/tmp/alcasar-conf.tar.gz)"

				echo "2 - Install Linux-Mageia4.1 (cf. installation doc)"

				echo "2 - Install Linux-Mageia4.1 (cf. installation doc)"

				echo "3 - Copy again the file 'alcasar-conf.tar.gz' in the folder '/tmp' before launching the installation of ALCASAR"

				echo "3 - Copy again the file 'alcasar-conf.tar.gz' in the folder '/tmp' before launching the installation of ALCASAR"

			fi

			fi

		else

		else

			if [ $Lang == "fr" ]

			if [ $Lang == "fr" ]

				then	

				then	

				echo "L'installation d'ALCASAR ne peut pas être réalisée."

				echo "L'installation d'ALCASAR ne peut pas être réalisée."

			else

			else

				echo "The installation of ALCASAR can't be performed."

				echo "The installation of ALCASAR can't be performed."

			fi

			fi

		fi

		fi

		echo

		echo

		if [ $Lang == "fr" ]

		if [ $Lang == "fr" ]

			then	

			then	

			echo "Le système d'exploitation doit être remplacé (Mageia4.1)"

			echo "Le système d'exploitation doit être remplacé (Mageia4.1)"

		else

		else

			echo "The OS must be replaced (Mageia4.1)"

			echo "The OS must be replaced (Mageia4.1)"

		fi

		fi

		exit 0

		exit 0

	fi

	fi

	if [ ! -d /var/log/netflow/porttracker ]

	if [ ! -d /var/log/netflow/porttracker ]

		then

		then

# Test of free space on /var

# Test of free space on /var

		free_space=`df -BG --output=avail /var|tail -1|tr -d [:space:]G`

		free_space=`df -BG --output=avail /var|tail -1|tr -d [:space:]G`

		if [ $free_space -lt 10 ]

		if [ $free_space -lt 10 ]

			then

			then

			if [ $Lang == "fr" ]

			if [ $Lang == "fr" ]

				then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)"

				then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)"

				else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"

				else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"

			fi

			fi

		exit 0

		exit 0

		fi

		fi

	fi

	fi

	if [ $Lang == "fr" ]

	if [ $Lang == "fr" ]

		then echo -n "Tests des paramètres réseau : "

		then echo -n "Tests des paramètres réseau : "

		else echo -n "Network parameters tests : "

		else echo -n "Network parameters tests : "

	fi

	fi

# Test of Ethernet links state

# Test of Ethernet links state

	DOWN_IF=`/sbin/ip link|grep "NO-CARRIER"|cut -d":" -f2|tr -d " "`

	DOWN_IF=`/sbin/ip link|grep "NO-CARRIER"|cut -d":" -f2|tr -d " "`

	for i in $DOWN_IF

	for i in $DOWN_IF

	do

	do

		if [ $Lang == "fr" ]

		if [ $Lang == "fr" ]

		then 

		then 

			echo "Échec"

			echo "Échec"

			echo "Le lien réseau de la carte $i n'est pas actif."

			echo "Le lien réseau de la carte $i n'est pas actif."

			echo "Assurez-vous que cette carte est bien connectée à un équipement (commutateur, A.P., etc.)"

			echo "Assurez-vous que cette carte est bien connectée à un équipement (commutateur, A.P., etc.)"

		else

		else

			echo "Failed"

			echo "Failed"

			echo "The link state of $i interface is down."

			echo "The link state of $i interface is down."

			echo "Make sure that this network card is connected to a switch or an A.P."

			echo "Make sure that this network card is connected to a switch or an A.P."

		fi

		fi

		exit 0

		exit 0

	done

	done

	echo -n "."

	echo -n "."

# Test EXTIF config files

# Test EXTIF config files

	PUBLIC_IP_MASK=`ip addr show $EXTIF|grep "inet "|cut -d" " -f6`

	PUBLIC_IP_MASK=`ip addr show $EXTIF|grep "inet "|cut -d" " -f6`

	PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1`

	PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1`

	PUBLIC_GATEWAY=`ip route list|grep ^default|cut -d" " -f3`

	PUBLIC_GATEWAY=`ip route list|grep ^default|cut -d" " -f3`

	if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]

	if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]

	then

	then

		if [ $Lang == "fr" ]

		if [ $Lang == "fr" ]

		then 

		then 

			echo "Échec"

			echo "Échec"

			echo "La carte réseau connectée à Internet ($EXTIF) n'est pas correctement configurée."

			echo "La carte réseau connectée à Internet ($EXTIF) n'est pas correctement configurée."

			echo "Renseignez les champs suivants dans le fichier '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"

			echo "Renseignez les champs suivants dans le fichier '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"

			echo "Appliquez les changements : 'systemctl restart network'"

			echo "Appliquez les changements : 'systemctl restart network'"

		else

		else

			echo "Failed"

			echo "Failed"

			echo "The Internet connected network card ($EXTIF) isn't well configured."

			echo "The Internet connected network card ($EXTIF) isn't well configured."

			echo "The folowing parametres must be set in the file '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"

			echo "The folowing parametres must be set in the file '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"

			echo "Apply the new configuration 'systemctl restart network'"

			echo "Apply the new configuration 'systemctl restart network'"

		fi

		fi

		echo "DEVICE=$EXTIF"

		echo "DEVICE=$EXTIF"

		echo "IPADDR="

		echo "IPADDR="

		echo "NETMASK="

		echo "NETMASK="

		echo "GATEWAY="

		echo "GATEWAY="

		echo "DNS1="

		echo "DNS1="

		echo "DNS2="

		echo "DNS2="

		echo "ONBOOT=yes"

		echo "ONBOOT=yes"

		exit 0

		exit 0

	fi

	fi

	echo -n "."

	echo -n "."

# Test if router is alive (Box FAI)

# Test if router is alive (Box FAI)

	if [ `ip route list|grep -c ^default` -ne "1" ] ; then

	if [ `ip route list|grep -c ^default` -ne "1" ] ; then

		if [ $Lang == "fr" ]

		if [ $Lang == "fr" ]

		then 

		then 

			echo "Échec"

			echo "Échec"

			echo "Vous n'avez pas configuré l'accès à Internet ou le câble réseau n'est pas sur la bonne carte."

			echo "Vous n'avez pas configuré l'accès à Internet ou le câble réseau n'est pas sur la bonne carte."

			echo "Réglez ce problème puis relancez ce script."

			echo "Réglez ce problème puis relancez ce script."

		else

		else

			echo "Failed"

			echo "Failed"

			echo "You haven't configured Internet access or Internet link is on the wrong Ethernet card"

			echo "You haven't configured Internet access or Internet link is on the wrong Ethernet card"

			echo "Resolv this problem, then restart this script."

			echo "Resolv this problem, then restart this script."

		fi

		fi

		exit 0

		exit 0

	fi

	fi

	echo -n "."

	echo -n "."

# On teste le lien vers le routeur par defaut

# On teste le lien vers le routeur par defaut

	arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $PUBLIC_GATEWAY|grep response|cut -d" " -f2`

	arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $PUBLIC_GATEWAY|grep response|cut -d" " -f2`

	if [ $(expr $arp_reply) -eq 0 ]

	if [ $(expr $arp_reply) -eq 0 ]

	       	then

	       	then

		if [ $Lang == "fr" ]

		if [ $Lang == "fr" ]

		then 

		then 

			echo "Échec"

			echo "Échec"

			echo "Le routeur de site ou la Box Internet ($PUBLIC_GATEWAY) ne répond pas."

			echo "Le routeur de site ou la Box Internet ($PUBLIC_GATEWAY) ne répond pas."

			echo "Réglez ce problème puis relancez ce script."

			echo "Réglez ce problème puis relancez ce script."

		else

		else

			echo "Failed"

			echo "Failed"

			echo "The Internet gateway doesn't answered"

			echo "The Internet gateway doesn't answered"

			echo "Resolv this problem, then restart this script."

			echo "Resolv this problem, then restart this script."

		fi

		fi

		exit 0

		exit 0

	fi

	fi

	echo -n "."

	echo -n "."

# On teste la connectivité Internet

# On teste la connectivité Internet

	rm -rf /tmp/con_ok.html

	rm -rf /tmp/con_ok.html

	/usr/bin/curl www.google.fr -s -o /tmp/con_ok.html

	/usr/bin/curl www.google.fr -s -o /tmp/con_ok.html

	if [ ! -e /tmp/con_ok.html ]

	if [ ! -e /tmp/con_ok.html ]

	then

	then

		if [ $Lang == "fr" ]

		if [ $Lang == "fr" ]

		then 

		then 

			echo "La tentative de connexion vers Internet a échoué (google.fr)."

			echo "La tentative de connexion vers Internet a échoué (google.fr)."

			echo "Vérifiez que la carte $EXTIF est bien connectée au routeur du FAI."

			echo "Vérifiez que la carte $EXTIF est bien connectée au routeur du FAI."

			echo "Vérifiez la validité des adresses IP des DNS."

			echo "Vérifiez la validité des adresses IP des DNS."

		else

		else

			echo "The Internet connection try failed (google.fr)."

			echo "The Internet connection try failed (google.fr)."

			echo "Please, verify that the $EXTIF card is connected with the Internet gateway."

			echo "Please, verify that the $EXTIF card is connected with the Internet gateway."

			echo "Verify the DNS IP addresses"

			echo "Verify the DNS IP addresses"

		fi

		fi

		exit 0

		exit 0

	fi

	fi

	rm -rf /tmp/con_ok.html

	rm -rf /tmp/con_ok.html

	echo ". : ok"

	echo ". : ok"

} # end of testing ()

} # end of testing ()

##################################################################

##################################################################

##			Function "init"				##

##			Function "init"				##

## - Création du fichier "/root/ALCASAR_parametres.txt"		##

## - Création du fichier "/root/ALCASAR_parametres.txt"		##

## - Installation et modification des scripts du portail	##

## - Installation et modification des scripts du portail	##

##################################################################

##################################################################

init ()

init ()

{

{

	if [ "$mode" != "update" ]

	if [ "$mode" != "update" ]

	then

	then

# On affecte le nom d'organisme

# On affecte le nom d'organisme

		header_install

		header_install

		ORGANISME=!

		ORGANISME=!

		PTN='^[a-zA-Z0-9-]*$'

		PTN='^[a-zA-Z0-9-]*$'

		until [[ $(expr $ORGANISME : $PTN) -gt 0 ]]

		until [[ $(expr $ORGANISME : $PTN) -gt 0 ]]

                do

                do

			if [ $Lang == "fr" ]

			if [ $Lang == "fr" ]

			       	then echo -n "Entrez le nom de votre organisme : "

			       	then echo -n "Entrez le nom de votre organisme : "

				else echo -n "Enter the name of your organism : "

				else echo -n "Enter the name of your organism : "

			fi

			fi

			read ORGANISME

			read ORGANISME

			if [ "$ORGANISME" == "" ]

			if [ "$ORGANISME" == "" ]

				then

				then

				ORGANISME=!

				ORGANISME=!

			fi

			fi

		done

		done

	fi

	fi

# On crée aléatoirement les mots de passe et les secrets partagés

# On crée aléatoirement les mots de passe et les secrets partagés

	rm -f $PASSWD_FILE

	rm -f $PASSWD_FILE

	grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`

	grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`

	echo -n "Password to protect the GRUB boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE

	echo -n "Password to protect the GRUB boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE

	echo "$grubpwd" >> $PASSWD_FILE

	echo "$grubpwd" >> $PASSWD_FILE

	md5_grubpwd=`/usr/bin/openssl passwd -1 $grubpwd`

	md5_grubpwd=`/usr/bin/openssl passwd -1 $grubpwd`

	$SED "/^password.*/d" /boot/grub/menu.lst

	$SED "/^password.*/d" /boot/grub/menu.lst

	$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst

	$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst

	mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`

	mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`

	echo -n "Name and password of Mysql/mariadb administrator : " >> $PASSWD_FILE

	echo -n "Name and password of Mysql/mariadb administrator : " >> $PASSWD_FILE

	echo "root / $mysqlpwd" >> $PASSWD_FILE

	echo "root / $mysqlpwd" >> $PASSWD_FILE

	radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`

	radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`

	echo -n "Name and password of Mysql/mariadb user : " >> $PASSWD_FILE

	echo -n "Name and password of Mysql/mariadb user : " >> $PASSWD_FILE

	echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE

	echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE

	secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`

	secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`

	echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE

	echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE

	echo "$secretuam" >> $PASSWD_FILE

	echo "$secretuam" >> $PASSWD_FILE

	secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`

	secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`

	echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE

	echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE

	echo "$secretradius" >> $PASSWD_FILE

	echo "$secretradius" >> $PASSWD_FILE

	chmod 640 $PASSWD_FILE

	chmod 640 $PASSWD_FILE

# Scripts and conf files copy 

# Scripts and conf files copy 

#  - in /usr/local/bin :  alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}

#  - in /usr/local/bin :  alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}

	cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*

	cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*

#  - in /usr/local/sbin :  alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}

#  - in /usr/local/sbin :  alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}

	cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*

	cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*

#  - in /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,iptables-local.sh,services}

#  - in /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,iptables-local.sh,services}

	cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*

	cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*

	$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh

	$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh

	$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh

	$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh

	$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh

	$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh

	$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh

	$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh

# generate central conf file

# generate central conf file

	cat <<EOF > $CONF_FILE

	cat <<EOF > $CONF_FILE

##########################################

##########################################

##                                      ##

##                                      ##

##          ALCASAR Parameters          ##

##          ALCASAR Parameters          ##

##                                      ##

##                                      ##

##########################################

##########################################

INSTALL_DATE=$DATE

INSTALL_DATE=$DATE

VERSION=$VERSION

VERSION=$VERSION

ORGANISM=$ORGANISME

ORGANISM=$ORGANISME

DOMAIN=$DOMAIN

DOMAIN=$DOMAIN

EOF

EOF

	chmod o-rwx $CONF_FILE

	chmod o-rwx $CONF_FILE

} # End of init ()

} # End of init ()

##################################################################

##################################################################

##			Function "network"			##

##			Function "network"			##

## - Définition du plan d'adressage du réseau de consultation	##

## - Définition du plan d'adressage du réseau de consultation	##

## - Nommage DNS du système 					##

## - Nommage DNS du système 					##

## - Configuration de l'interface INTIF (réseau de consultation)##

## - Configuration de l'interface INTIF (réseau de consultation)##

## - Modification du fichier /etc/hosts				##

## - Modification du fichier /etc/hosts				##

## - Configuration du serveur de temps (NTP)			##

## - Configuration du serveur de temps (NTP)			##

## - Renseignement des fichiers hosts.allow et hosts.deny	##

## - Renseignement des fichiers hosts.allow et hosts.deny	##

##################################################################

##################################################################

network ()

network ()

{

{

	header_install

	header_install

	if [ "$mode" != "update" ]

	if [ "$mode" != "update" ]

		then

		then

		if [ $Lang == "fr" ]

		if [ $Lang == "fr" ]

			then echo "Par défaut, l'adresse IP d'ALCASAR sur le réseau de consultation est : $DEFAULT_PRIVATE_IP_MASK"

			then echo "Par défaut, l'adresse IP d'ALCASAR sur le réseau de consultation est : $DEFAULT_PRIVATE_IP_MASK"

			else echo "The default ALCASAR IP address on consultation network is : $DEFAULT_PRIVATE_IP_MASK"

			else echo "The default ALCASAR IP address on consultation network is : $DEFAULT_PRIVATE_IP_MASK"

		fi

		fi

		response=0

		response=0

		PTN='^[oOyYnN]$'

		PTN='^[oOyYnN]$'

		until [[ $(expr $response : $PTN) -gt 0 ]]

		until [[ $(expr $response : $PTN) -gt 0 ]]

		do

		do

			if [ $Lang == "fr" ]

			if [ $Lang == "fr" ]

				then echo -n "Voulez-vous utiliser cette adresse et ce plan d'adressage (recommandé) (O/n)? : "

				then echo -n "Voulez-vous utiliser cette adresse et ce plan d'adressage (recommandé) (O/n)? : "

				else echo -n "Do you want to use this IP address and this IP addressing plan (recommanded) (Y/n)? : "

				else echo -n "Do you want to use this IP address and this IP addressing plan (recommanded) (Y/n)? : "

			fi

			fi

			read response

			read response

		done

		done

		if [ "$response" = "n" ] || [ "$response" = "N" ]

		if [ "$response" = "n" ] || [ "$response" = "N" ]

		then

		then

			PRIVATE_IP_MASK="0"

			PRIVATE_IP_MASK="0"

			PTN='^\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\)/[012]\?[[:digit:]]$'

			PTN='^\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\).\([01]\?[[:digit:]][[:digit:]]\?\|2[0-4][[:digit:]]\|25[0-5]\)/[012]\?[[:digit:]]$'

			until [[ $(expr $PRIVATE_IP_MASK : $PTN) -gt 0 ]]

			until [[ $(expr $PRIVATE_IP_MASK : $PTN) -gt 0 ]]

			do

			do

				if [ $Lang == "fr" ]

				if [ $Lang == "fr" ]

					then echo -n "Entrez l'adresse IP d'ALCASAR au format CIDR (a.b.c.d/xx) : "

					then echo -n "Entrez l'adresse IP d'ALCASAR au format CIDR (a.b.c.d/xx) : "

					else echo -n "Enter ALCASAR IP address in CIDR format (a.b.c.d/xx) : "

					else echo -n "Enter ALCASAR IP address in CIDR format (a.b.c.d/xx) : "

				fi

				fi

				read PRIVATE_IP_MASK

				read PRIVATE_IP_MASK

			done

			done

		else

		else

       			PRIVATE_IP_MASK=$DEFAULT_PRIVATE_IP_MASK

       			PRIVATE_IP_MASK=$DEFAULT_PRIVATE_IP_MASK

		fi

		fi

	else

	else

		PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf|cut -d"=" -f2` 

		PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf|cut -d"=" -f2` 

		rm -rf conf/etc/alcasar.conf

		rm -rf conf/etc/alcasar.conf

	fi

	fi

# Define LAN side global parameters

# Define LAN side global parameters

	hostname $HOSTNAME.$DOMAIN

	hostname $HOSTNAME.$DOMAIN

	echo $HOSTNAME.$DOMAIN > /etc/hostname

	echo $HOSTNAME.$DOMAIN > /etc/hostname

	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)

	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)

	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f4`					# last octet of LAN address

	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f4`					# last octet of LAN address

	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)

	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)

	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`					# network prefix (ie. 24)

	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`					# network prefix (ie. 24)

	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`						# ALCASAR private ip address (consultation LAN side)

	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`						# ALCASAR private ip address (consultation LAN side)

	if [ $PRIVATE_IP == $PRIVATE_NETWORK ]								# when entering network address instead of ip address

	if [ $PRIVATE_IP == $PRIVATE_NETWORK ]								# when entering network address instead of ip address

		then

		then

		PRIVATE_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`	

		PRIVATE_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`	

		PRIVATE_IP_MASK=`echo $PRIVATE_IP/$PRIVATE_PREFIX`

		PRIVATE_IP_MASK=`echo $PRIVATE_IP/$PRIVATE_PREFIX`

	fi	

	fi	

	private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4`						# last octet of LAN address

	private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4`						# last octet of LAN address

	PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1`		# second network address (ex.: 192.168.182.2)

	PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1`		# second network address (ex.: 192.168.182.2)

	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX						# ie.: 192.168.182.0/24

	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX						# ie.: 192.168.182.0/24

	classe=$((PRIVATE_PREFIX/8))									# ie.: 2=classe B, 3=classe C

	classe=$((PRIVATE_PREFIX/8))									# ie.: 2=classe B, 3=classe C

	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.				# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)

	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.				# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)

	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`			# private network broadcast (ie.: 192.168.182.255)

	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`			# private network broadcast (ie.: 192.168.182.255)

	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f4`				# last octet of LAN broadcast

	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f4`				# last octet of LAN broadcast

	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`	# First network address (ex.: 192.168.182.1)

	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`	# First network address (ex.: 192.168.182.1)

	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)

	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)

	PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6`				# MAC address of INTIF

	PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6`				# MAC address of INTIF

# Define Internet parameters

# Define Internet parameters

	DNS1=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|head -n 1`				# 1st DNS server

	DNS1=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|head -n 1`				# 1st DNS server

	nb_dns=`grep ^nameserver /etc/resolv.conf|wc -l`

	nb_dns=`grep ^nameserver /etc/resolv.conf|wc -l`

	if [ $nb_dns == 2 ]

	if [ $nb_dns == 2 ]

		then

		then

		DNS2=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|tail -n 1`			# 2nd DNS server (if exist)

		DNS2=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|tail -n 1`			# 2nd DNS server (if exist)

	fi

	fi

	DNS1=${DNS1:=208.67.220.220}

	DNS1=${DNS1:=208.67.220.220}

	DNS2=${DNS2:=208.67.222.222}

	DNS2=${DNS2:=208.67.222.222}

	PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`

	PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`

	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`

	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`

	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`

	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`

# Wrtie the conf file

# Wrtie the conf file

	echo "EXTIF=$EXTIF" >> $CONF_FILE

	echo "EXTIF=$EXTIF" >> $CONF_FILE

	echo "INTIF=$INTIF" >> $CONF_FILE

	echo "INTIF=$INTIF" >> $CONF_FILE

	IP_SETTING=`grep BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`		# IP setting (static or dynamic)

	IP_SETTING=`grep BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`		# IP setting (static or dynamic)

	if [ $IP_SETTING == "dhcp" ]

	if [ $IP_SETTING == "dhcp" ]

		then

		then

		echo "PUBLIC_IP=dhcp" >> $CONF_FILE

		echo "PUBLIC_IP=dhcp" >> $CONF_FILE

		echo "GW=dhcp" >> $CONF_FILE 

		echo "GW=dhcp" >> $CONF_FILE 

	else

	else

		echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE

		echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE

		echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE 

		echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE 

	fi

	fi

	echo "PUBLIC_MTU=$MTU" >> $CONF_FILE

	echo "PUBLIC_MTU=$MTU" >> $CONF_FILE

	echo "DNS1=$DNS1" >> $CONF_FILE

	echo "DNS1=$DNS1" >> $CONF_FILE

	echo "DNS2=$DNS2" >> $CONF_FILE

	echo "DNS2=$DNS2" >> $CONF_FILE

	echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE

	echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE

	echo "DHCP=on" >> $CONF_FILE

	echo "DHCP=on" >> $CONF_FILE

	echo "EXT_DHCP_IP=none" >> $CONF_FILE

	echo "EXT_DHCP_IP=none" >> $CONF_FILE

	echo "RELAY_DHCP_IP=none" >> $CONF_FILE

	echo "RELAY_DHCP_IP=none" >> $CONF_FILE

	echo "RELAY_DHCP_PORT=none" >> $CONF_FILE

	echo "RELAY_DHCP_PORT=none" >> $CONF_FILE

	echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE

	echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE

# network default

# network default

	[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default

	[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default

	cat <<EOF > /etc/sysconfig/network

	cat <<EOF > /etc/sysconfig/network

NETWORKING=yes

NETWORKING=yes

HOSTNAME="$HOSTNAME.$DOMAIN"

HOSTNAME="$HOSTNAME.$DOMAIN"

FORWARD_IPV4=true

FORWARD_IPV4=true

EOF

EOF

# /etc/hosts config

# /etc/hosts config

	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default

	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default

	cat <<EOF > /etc/hosts

	cat <<EOF > /etc/hosts

127.0.0.1	localhost

127.0.0.1	localhost

$PRIVATE_IP	$HOSTNAME.$DOMAIN $HOSTNAME $ORGANISME.$DOMAIN $ORGANISME

$PRIVATE_IP	$HOSTNAME.$DOMAIN $HOSTNAME $ORGANISME.$DOMAIN $ORGANISME

EOF

EOF

# EXTIF (Internet) config

# EXTIF (Internet) config

	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF

	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF

	if [ $IP_SETTING == "dhcp" ]

	if [ $IP_SETTING == "dhcp" ]

		then

		then

		$SED "s?^RESOLV_MODS=.*?RESOLV_MODS=yes?g" /etc/sysconfig/network-scripts/ifcfg-$EXTIF

		$SED "s?^RESOLV_MODS=.*?RESOLV_MODS=yes?g" /etc/sysconfig/network-scripts/ifcfg-$EXTIF

		$SED "s?^PEERDNS=.*?PEERDNS=no?g" /etc/sysconfig/network-scripts/ifcfg-$EXTIF

		$SED "s?^PEERDNS=.*?PEERDNS=no?g" /etc/sysconfig/network-scripts/ifcfg-$EXTIF

		echo "DNS1=127.0.0.1" >> /etc/sysconfig/network-scripts/ifcfg-$EXTIF

		echo "DNS1=127.0.0.1" >> /etc/sysconfig/network-scripts/ifcfg-$EXTIF

	else	

	else	

		cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF

		cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF

DEVICE=$EXTIF

DEVICE=$EXTIF

BOOTPROTO=static

BOOTPROTO=static

IPADDR=$PUBLIC_IP

IPADDR=$PUBLIC_IP

NETMASK=$PUBLIC_NETMASK

NETMASK=$PUBLIC_NETMASK

GATEWAY=$PUBLIC_GATEWAY

GATEWAY=$PUBLIC_GATEWAY

DNS1=127.0.0.1

DNS1=127.0.0.1

RESOLV_MODS=yes

RESOLV_MODS=yes

ONBOOT=yes

ONBOOT=yes

METRIC=10

METRIC=10

MII_NOT_SUPPORTED=yes

MII_NOT_SUPPORTED=yes

IPV6INIT=no

IPV6INIT=no

IPV6TO4INIT=no

IPV6TO4INIT=no

ACCOUNTING=no

ACCOUNTING=no

USERCTL=no

USERCTL=no

MTU=$MTU

MTU=$MTU