Subversion Repositories ALCASAR

Rev

Rev 1832 | Rev 1834 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log

Rev 1832 Rev 1833
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 1832 2016-04-24 14:19:20Z richard $ 
2
#  $Id: alcasar.sh 1833 2016-04-24 15:32:42Z richard $ 
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
 
5
 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
7
# Ce programme est un logiciel libre ; This software is free and open source
7
# Ce programme est un logiciel libre ; This software is free and open source
Line 27... Line 27...
27
 
27
 
28
# Functions :
28
# Functions :
29
#	testing			: connectivity tests, free space test and mageia version test
29
#	testing			: connectivity tests, free space test and mageia version test
30
#	init			: Installation of RPM and scripts
30
#	init			: Installation of RPM and scripts
31
#	network			: Network parameters
31
#	network			: Network parameters
-
 
32
#	time			: NTPd configuration
32
#	ACC			: ALCASAR Control Center installation
33
#	ACC			: ALCASAR Control Center installation
33
#	CA			: Certification Authority initialization
34
#	CA			: Certification Authority initialization
34
#	init_db			: Initilization of radius database managed with MariaDB
35
#	init_db			: Initilization of radius database managed with MariaDB
35
#	radius			: FreeRadius initialisation
36
#	radius			: FreeRadius initialisation
36
#	radius_web		: copy ans modifiy original "freeradius web" in ACC
-
 
37
#	chilli			: coovachilli initialisation (+authentication page)
37
#	chilli			: coovachilli initialisation (+authentication page)
38
#	dansguardian		: DansGuardian filtering HTTP proxy configuration
38
#	dansguardian		: DansGuardian filtering HTTP proxy configuration
39
#	antivirus		: HAVP + libclamav configuration
39
#	antivirus		: HAVP + libclamav configuration
40
#	tinyproxy		: little proxy for user filtered with "WL + antivirus" and "antivirus"
40
#	tinyproxy		: little proxy for user filtered with "WL + antivirus" and "antivirus"
41
#	ulogd			: log system in userland (match NFLOG target of iptables)
41
#	ulogd			: log system in userland (match NFLOG target of iptables)
Line 405... Line 405...
405
##			Function "network"			##
405
##			Function "network"			##
406
## - Définition du plan d'adressage du réseau de consultation	##
406
## - Définition du plan d'adressage du réseau de consultation	##
407
## - Nommage DNS du système 					##
407
## - Nommage DNS du système 					##
408
## - Configuration de l'interface INTIF (réseau de consultation)##
408
## - Configuration de l'interface INTIF (réseau de consultation)##
409
## - Modification du fichier /etc/hosts				##
409
## - Modification du fichier /etc/hosts				##
410
## - Configuration du serveur de temps (NTP)			##
-
 
411
## - Renseignement des fichiers hosts.allow et hosts.deny	##
410
## - Renseignement des fichiers hosts.allow et hosts.deny	##
412
##################################################################
411
##################################################################
413
network ()
412
network ()
414
{
413
{
415
	header_install
414
	header_install
Line 584... Line 583...
584
IPV6INIT=no
583
IPV6INIT=no
585
IPV6TO4INIT=no
584
IPV6TO4INIT=no
586
ACCOUNTING=no
585
ACCOUNTING=no
587
USERCTL=no
586
USERCTL=no
588
EOF
587
EOF
589
# Mise à l'heure du serveur
-
 
590
	[ -e /etc/ntp/step-tickers.default ] || cp /etc/ntp/step-tickers /etc/ntp/step-tickers.default
-
 
591
	cat <<EOF > /etc/ntp/step-tickers
-
 
592
0.fr.pool.ntp.org	# adapt to your country
-
 
593
1.fr.pool.ntp.org
-
 
594
2.fr.pool.ntp.org
-
 
595
EOF
-
 
596
# Configuration du serveur de temps (sur lui même)
-
 
597
	[ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default
-
 
598
	cat <<EOF > /etc/ntp.conf
-
 
599
server 0.fr.pool.ntp.org	# adapt to your country
-
 
600
server 1.fr.pool.ntp.org
-
 
601
server 2.fr.pool.ntp.org
-
 
602
server 127.127.1.0   		# local clock si NTP internet indisponible ...
-
 
603
fudge 127.127.1.0 stratum 10
-
 
604
restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap
-
 
605
restrict 127.0.0.1
-
 
606
driftfile /var/lib/ntp/drift
-
 
607
logfile /var/log/ntp.log
-
 
608
disable monitor
-
 
609
EOF
-
 
610
 
-
 
611
	chown -R ntp:ntp /var/lib/ntp
-
 
612
# Renseignement des fichiers hosts.allow et hosts.deny
588
# Renseignement des fichiers hosts.allow et hosts.deny
613
	[ -e /etc/hosts.allow.default ]  || cp /etc/hosts.allow /etc/hosts.allow.default
589
	[ -e /etc/hosts.allow.default ]  || cp /etc/hosts.allow /etc/hosts.allow.default
614
	cat <<EOF > /etc/hosts.allow
590
	cat <<EOF > /etc/hosts.allow
615
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
591
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
616
sshd: ALL
592
sshd: ALL
Line 630... Line 606...
630
	echo "ipt_NETFLOW" >>  /etc/modprobe.preload
606
	echo "ipt_NETFLOW" >>  /etc/modprobe.preload
631
# modify iptables service files (start with "alcasar-iptables.sh" and stop with flush)
607
# modify iptables service files (start with "alcasar-iptables.sh" and stop with flush)
632
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default
608
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default
633
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
609
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
634
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default
610
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default
635
$SED "s?\[ -f \$IPTABLES_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test in order the stop function run (fluxh all rules & policies)
611
$SED "s?\[ -f \$IPTABLES_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test (flush all rules & policies)
636
# 
612
# 
637
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
613
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
638
} # End of network ()
614
} # End of network ()
639
 
615
 
640
##################################################################
616
##################################################################
-
 
617
##			Function "time"				##
-
 
618
## - Configuring NTP server					##
-
 
619
##################################################################
-
 
620
time ()
-
 
621
{
-
 
622
# Set the Internet time server
-
 
623
	[ -e /etc/ntp/step-tickers.default ] || cp /etc/ntp/step-tickers /etc/ntp/step-tickers.default
-
 
624
	cat <<EOF > /etc/ntp/step-tickers
-
 
625
0.fr.pool.ntp.org	# adapt to your country
-
 
626
1.fr.pool.ntp.org
-
 
627
2.fr.pool.ntp.org
-
 
628
EOF
-
 
629
	[ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default
-
 
630
	cat <<EOF > /etc/ntp.conf
-
 
631
server 0.fr.pool.ntp.org	# adapt to your country
-
 
632
server 1.fr.pool.ntp.org
-
 
633
server 2.fr.pool.ntp.org
-
 
634
server 127.127.1.0   		# local clock si NTP internet indisponible ...
-
 
635
fudge 127.127.1.0 stratum 10
-
 
636
restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap
-
 
637
restrict 127.0.0.1
-
 
638
driftfile /var/lib/ntp/drift
-
 
639
logfile /var/log/ntp.log
-
 
640
disable monitor
-
 
641
EOF
-
 
642
	chown -R ntp:ntp /var/lib/ntp
-
 
643
# Synchronize now
-
 
644
	ntpd -q -g &
-
 
645
} # End of time ()
-
 
646
##################################################################
641
##			Function "ACC"				##
647
##			Function "ACC"				##
642
## - installation du centre de gestion (ALCASAR Control Center)	##
648
## - installation du centre de gestion (ALCASAR Control Center)	##
643
## - configuration du serveur web (Apache)			##
649
## - configuration du serveur web (Apache)			##
644
## - définition du 1er comptes de gestion 			##
650
## - définition du 1er comptes de gestion 			##
645
## - sécurisation des accès					##
651
## - sécurisation des accès					##
646
##################################################################
652
##################################################################
647
ACC ()
653
ACC ()
648
{
654
{
649
	[ -d $DIR_WEB ] && rm -rf $DIR_WEB
655
	[ -d $DIR_WEB ] && rm -rf $DIR_WEB
650
	mkdir $DIR_WEB
656
	mkdir $DIR_WEB
651
# Copie et configuration des fichiers du centre de gestion
657
# Copy & adapt ACC files
652
	cp -rf $DIR_INSTALL/web/* $DIR_WEB/
658
	cp -rf $DIR_INSTALL/web/* $DIR_WEB/
653
	echo "$VERSION" > $DIR_WEB/VERSION
659
	echo "$VERSION" > $DIR_WEB/VERSION
654
	$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php
660
	$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php
655
	$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
661
	$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
656
	$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
662
	$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
657
	$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
663
	$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
658
	chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
664
	chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
659
	chown -R apache:apache $DIR_WEB/*
665
	chown -R apache:apache $DIR_WEB/*
-
 
666
# copy & adapt "freeradius-web" files
-
 
667
	cp -rf $DIR_CONF/freeradius-web/ /etc/
-
 
668
	[ -e /etc/freeradius-web/admin.conf.default ] || cp /etc/freeradius-web/admin.conf /etc/freeradius-web/admin.conf.default
-
 
669
	$SED "s?^general_domain:.*?general_domain: $DOMAIN?g" /etc/freeradius-web/admin.conf
-
 
670
	$SED "s?^sql_username:.*?sql_username: $DB_USER?g" /etc/freeradius-web/admin.conf
-
 
671
	$SED "s?^sql_password:.*?sql_password: $radiuspwd?g" /etc/freeradius-web/admin.conf
-
 
672
	cat <<EOF > /etc/freeradius-web/naslist.conf
-
 
673
nas1_name: alcasar-$ORGANISME
-
 
674
nas1_model: Network Access Controler
-
 
675
nas1_ip: $PRIVATE_IP
-
 
676
nas1_port_num: 0
-
 
677
nas1_community: public
-
 
678
EOF
-
 
679
	chown -R apache:apache /etc/freeradius-web/
660
# create the backup structure :
680
# create the log & backup structure :
661
# - base = users database
681
# - base = users database
662
# - archive = tarball of "base + http firewall + netflow"
682
# - archive = tarball of "base + http firewall + netflow"
663
# - security = watchdog disconnection)
683
# - security = watchdog log
664
	for i in base archive security;
684
	for i in base archive security;
665
	do
685
	do
666
		[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
686
		[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
667
	done
687
	done
668
	chown -R root:apache $DIR_SAVE
688
	chown -R root:apache $DIR_SAVE
669
# Configuration et sécurisation php
689
# Configuring & securing php
670
	[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default
690
	[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default
671
	timezone=`cat /etc/sysconfig/clock|grep ZONE|cut -d"=" -f2`
691
	timezone=`cat /etc/sysconfig/clock|grep ZONE|cut -d"=" -f2`
672
	$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.ini
692
	$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.ini
673
	$SED "s?^upload_max_filesize.*?upload_max_filesize = 100M?g" /etc/php.ini
693
	$SED "s?^upload_max_filesize.*?upload_max_filesize = 100M?g" /etc/php.ini
674
	$SED "s?^post_max_size.*?post_max_size = 100M?g" /etc/php.ini
694
	$SED "s?^post_max_size.*?post_max_size = 100M?g" /etc/php.ini
675
	$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini
695
	$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini
676
	$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini
696
	$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini
677
# Configuration et sécurisation Apache
697
# Configuring & sécuring Apache
678
	rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*
698
	rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*
679
	[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
699
	[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
680
	$SED "s?^#ServerName.*?ServerName $HOSTNAME.$DOMAIN?g" /etc/httpd/conf/httpd.conf
700
	$SED "s?^#ServerName.*?ServerName $HOSTNAME.$DOMAIN?g" /etc/httpd/conf/httpd.conf
681
	$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
701
	$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
682
	$SED "s?Options Indexes.*?Options -Indexes?g" /etc/httpd/conf/httpd.conf
702
	$SED "s?Options Indexes.*?Options -Indexes?g" /etc/httpd/conf/httpd.conf
Line 734... Line 754...
734
	cat <<EOF > /usr/share/httpd/error/include/bottom.html
754
	cat <<EOF > /usr/share/httpd/error/include/bottom.html
735
</body>
755
</body>
736
</html>
756
</html>
737
EOF
757
EOF
738
# Définition du premier compte lié au profil 'admin'
758
# Définition du premier compte lié au profil 'admin'
739
 
-
 
740
# !! remove when > V2.9.2 (we need to create new accounts)
-
 
741
# if [ "$mode" = "install" ]
759
if [ "$mode" = "install" ]
742
#	then
760
	then
743
		header_install
761
		header_install
744
		admin_portal=!
762
		admin_portal=!
745
		PTN='^[a-zA-Z0-9-]*$'
763
		PTN='^[a-zA-Z0-9-]*$'
746
		until [[ $(expr $admin_portal : $PTN) -gt 0 ]]
764
		until [[ $(expr $admin_portal : $PTN) -gt 0 ]]
747
                	do
765
                	do
Line 771... Line 789...
771
		until [ -s $DIR_DEST_ETC/digest/key_admin ]
789
		until [ -s $DIR_DEST_ETC/digest/key_admin ]
772
			do
790
			do
773
				/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin "ALCASAR Control Center (ACC)" $admin_portal
791
				/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin "ALCASAR Control Center (ACC)" $admin_portal
774
			done
792
			done
775
		$DIR_DEST_BIN/alcasar-profil.sh --list
793
		$DIR_DEST_BIN/alcasar-profil.sh --list
776
# !! remove if > V2.9.2
-
 
777
# fi
794
fi
778
 
-
 
779
# synchronisation horaire
795
# ACC partitioning
780
	ntpd -q -g &
-
 
781
# Sécurisation du centre
-
 
782
	rm -f /etc/httpd/conf/webapps.d/alcasar*
796
	rm -f /etc/httpd/conf/webapps.d/alcasar*
783
	cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
797
	cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
784
<Directory $DIR_ACC>
798
<Directory $DIR_ACC>
785
	SSLRequireSSL
799
	SSLRequireSSL
786
	AllowOverride None
800
	AllowOverride None
Line 854... Line 868...
854
	AuthName "ALCASAR Control Center (ACC)" 
868
	AuthName "ALCASAR Control Center (ACC)" 
855
	AuthDigestDomain $HOSTNAME.$DOMAIN
869
	AuthDigestDomain $HOSTNAME.$DOMAIN
856
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
870
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
857
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
871
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
858
</Directory>
872
</Directory>
-
 
873
<Directory $DIR_WEB/pass>
-
 
874
	SSLRequireSSL
-
 
875
	AllowOverride None
-
 
876
	Order deny,allow
-
 
877
	Deny from all
-
 
878
	Allow from 127.0.0.1
-
 
879
	Allow from $PRIVATE_NETWORK_MASK
-
 
880
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN
-
 
881
</Directory>
859
EOF
882
EOF
860
# Launch after coova
883
# Launch after coova (in order to wait tun0 to be up)
861
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/httpd.service
884
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/httpd.service
862
} # End of ACC ()
885
} # End of ACC ()
863
 
886
 
864
##########################################################################################
887
##########################################################################################
865
##				Fonction "CA"						##
888
##				Fonction "CA"						##
Line 888... Line 911...
888
	"%t %{SSL_PROTOCOL}x %{SSL_CIPHER}x [%h] \"%r\" %b"
911
	"%t %{SSL_PROTOCOL}x %{SSL_CIPHER}x [%h] \"%r\" %b"
889
    ErrorLog logs/ssl_error_log
912
    ErrorLog logs/ssl_error_log
890
    ErrorLogFormat "[%t] [%m:%l] [client %a] %M"
913
    ErrorLogFormat "[%t] [%m:%l] [client %a] %M"
891
</VirtualHost>
914
</VirtualHost>
892
EOF
915
EOF
893
 
-
 
894
	chown -R root:apache /etc/pki
916
	chown -R root:apache /etc/pki
895
	chmod -R 750 /etc/pki
917
	chmod -R 750 /etc/pki
896
} # End of CA ()
918
} # End of CA ()
897
 
919
 
898
##########################################################################################
920
##########################################################################################
Line 996... Line 1018...
996
	[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default
1018
	[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default
997
	$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
1019
	$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
998
	/usr/bin/systemctl daemon-reload
1020
	/usr/bin/systemctl daemon-reload
999
} # End radius ()
1021
} # End radius ()
1000
 
1022
 
1001
##########################################################################
-
 
1002
##			Function "radius_web"				##
-
 
1003
## - Import, modification et paramètrage de l'interface "freeradius-WEB ##
-
 
1004
## - Création du lien vers la page de changement de mot de passe        ##
-
 
1005
##########################################################################
-
 
1006
radius_web ()
-
 
1007
{
-
 
1008
# copy "freeradius-web" files and conf files in the manager arae of ACC
-
 
1009
	cp -rf $DIR_INSTALL/web/acc/manager/* $DIR_ACC/manager/
-
 
1010
	cp -rf $DIR_CONF/freeradius-web/ /etc/
-
 
1011
	chown -R apache:apache $DIR_ACC/manager/
-
 
1012
# adapt the main conf file to Alcasar behaviour
-
 
1013
	[ -e /etc/freeradius-web/admin.conf.default ] || cp /etc/freeradius-web/admin.conf /etc/freeradius-web/admin.conf.default
-
 
1014
	$SED "s?^general_domain:.*?general_domain: $DOMAIN?g" /etc/freeradius-web/admin.conf
-
 
1015
	$SED "s?^sql_username:.*?sql_username: $DB_USER?g" /etc/freeradius-web/admin.conf
-
 
1016
	$SED "s?^sql_password:.*?sql_password: $radiuspwd?g" /etc/freeradius-web/admin.conf
-
 
1017
	$SED "s?^sql_debug:.*?sql_debug: false?g" /etc/freeradius-web/admin.conf
-
 
1018
	$SED "s?^sql_usergroup_table: .*?sql_usergroup_table: radusergroup?g" /etc/freeradius-web/admin.conf
-
 
1019
	$SED "s?^sql_password_attribute:.*?sql_password_attribute: Crypt-Password?g" /etc/freeradius-web/admin.conf
-
 
1020
	$SED "s?^general_finger_type.*?# general_finger_type: snmp?g" /etc/freeradius-web/admin.conf
-
 
1021
	$SED "s?^general_stats_use_totacct.*?general_stats_use_totacct: yes?g" /etc/freeradius-web/admin.conf
-
 
1022
	$SED "s?^general_charset.*?general_charset: utf-8?g" /etc/freeradius-web/admin.conf
-
 
1023
	cat <<EOF > /etc/freeradius-web/naslist.conf
-
 
1024
nas1_name: alcasar-$ORGANISME
-
 
1025
nas1_model: Portail captif
-
 
1026
nas1_ip: $PRIVATE_IP
-
 
1027
nas1_port_num: 0
-
 
1028
nas1_community: public
-
 
1029
EOF
-
 
1030
# Modification des attributs visibles lors de la création d'un usager ou d'un groupe
-
 
1031
	[ -e /etc/freeradius-web/user_edit.attrs.default ] || mv /etc/freeradius-web/user_edit.attrs /etc/freeradius-web/user_edit.attrs.default
-
 
1032
	cp -f $DIR_CONF/radius/user_edit.attrs /etc/freeradius-web/user_edit.attrs
-
 
1033
# Ajout du mappage des attributs chillispot
-
 
1034
	[ -e /etc/freeradius-web/sql.attrmap.default ] || mv /etc/freeradius-web/sql.attrmap /etc/freeradius-web/sql.attrmap.default
-
 
1035
	cp -f $DIR_CONF/radius/sql.attrmap /etc/freeradius-web/sql.attrmap
-
 
1036
# Modification des attributs visibles sur les pages des statistiques (suppression NAS_IP et NAS_port)
-
 
1037
	[ -e /etc/freeradius-web/sql.attrs.default ] || cp /etc/freeradius-web/sql.attrs /etc/freeradius-web/sql.attrs.default
-
 
1038
	$SED "s?^NASIPAddress.*?NASIPAddress\tNas IP Address\tno?g" /etc/freeradius-web/sql.attrs
-
 
1039
	$SED "s?^NASPortId.*?NASPortId\tNas Port\tno?g" /etc/freeradius-web/sql.attrs
-
 
1040
	chown -R apache:apache /etc/freeradius-web
-
 
1041
# Ajout de l'alias vers la page de "changement de mot de passe usager"
-
 
1042
	cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
-
 
1043
<Directory $DIR_WEB/pass>
-
 
1044
	SSLRequireSSL
-
 
1045
	AllowOverride None
-
 
1046
	Order deny,allow
-
 
1047
	Deny from all
-
 
1048
	Allow from 127.0.0.1
-
 
1049
	Allow from $PRIVATE_NETWORK_MASK
-
 
1050
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN
-
 
1051
</Directory>
-
 
1052
EOF
-
 
1053
} # End of radius_web ()
-
 
1054
 
-
 
1055
##################################################################################
1023
##################################################################################
1056
##			Fonction "chilli"					##
1024
##			Fonction "chilli"					##
1057
## - Création du fichier d'initialisation et de configuration de coova-chilli	##
1025
## - Création du fichier d'initialisation et de configuration de coova-chilli	##
1058
## - Paramètrage de la page d'authentification (intercept.php)			##
1026
## - Paramètrage de la page d'authentification (intercept.php)			##
1059
##################################################################################
1027
##################################################################################
Line 2101... Line 2069...
2101
			MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
2069
			MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
2102
			MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
2070
			MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
2103
			UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
2071
			UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
2104
			mode="update"
2072
			mode="update"
2105
		fi
2073
		fi
2106
		for func in init network ACC CA init_db radius radius_web chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd post_install
2074
		for func in init network time ACC CA init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd post_install
2107
		do
2075
		do
2108
			$func
2076
			$func
2109
# echo "*** 'debug' : end of function $func ***"; read a
2077
# echo "*** 'debug' : end of function $func ***"; read a
2110
		done
2078
		done
2111
		;;
2079
		;;