WebSVN – ALCASAR – Diff – /alcasar.sh



#!/bin/bash
#  $Id: alcasar.sh 1841 2016-04-25 22:02:19Z richard $ 
 
# alcasar.sh
 
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
# Ce programme est un logiciel libre ; This software is free and open source

##		Fonction "dansguardian"				##
## - Paramètrage du gestionnaire de contenu Dansguardian	##
##################################################################
dansguardian ()
{
	mkdir -p /var/dansguardian /var/log/dansguardian
	chown -R dansguardian /var/dansguardian /var/log/dansguardian
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dansguardian -c /etc/dansguardian/dansguardian.conf?g" /lib/systemd/system/dansguardian.service
	$SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/dansguardian.service
	[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
# By default the filter is off 
	$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/dansguardian.conf

	      userdel -r havp 2>/dev/null
	      groupdel havp 2>/dev/null
	fi
	groupadd -f havp
	useradd -r -g havp -s /bin/false -c "system user for havp (antivirus proxy)" havp
	mkdir -p /var/tmp/havp /var/log/havp /var/run/havp /var/log/clamav /var/lib/clamav
	chown -R havp:havp /var/tmp/havp /var/log/havp /var/run/havp
	chown -R clamav:clamav /var/log/clamav /var/lib/clamav
	[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
	$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
	$SED "s?^# PIDFILE.*?PIDFILE /var/run/havp/havp.pid?g" /etc/havp/havp.config	# pidfile
	$SED "s?^# TRANSPARENT.*?TRANSPARENT false?g" /etc/havp/havp.config		# transparent mode
	$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config	# we listen only on loopback

	[ -e /etc/ssh/sshd_config.default ] || cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default
	$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
	$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
# postfix banner anonymisation
	$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
	chown -R postfix:postfix /var/lib/postfix
# sshd écoute côté LAN et WAN
	$SED "s?^#ListenAddress 0\.0\.0\.0.*?ListenAddress 0\.0\.0\.0?g" /etc/ssh/sshd_config
# sshd autorise les connections root par certificat
	$SED "s?^PermitRootLogin.*?PermitRootLogin without-password?g" /etc/ssh/sshd_config
	# Put the default values in conf file

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2681 – Rev 1839 → 1841

Rev 1839		Rev 1841
Line 1...		Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar.sh 1839 2016-04-25 13:43:22Z richard $`	2	`# $Id: alcasar.sh 1841 2016-04-25 22:02:19Z richard $`
3		3
4	`# alcasar.sh`	4	`# alcasar.sh`
5		5
6	`# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]`	6	`# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]`
7	`# Ce programme est un logiciel libre ; This software is free and open source`	7	`# Ce programme est un logiciel libre ; This software is free and open source`
Line 1199...		Line 1199...
1199	`## Fonction "dansguardian" ##`	1199	`## Fonction "dansguardian" ##`
1200	`## - Paramètrage du gestionnaire de contenu Dansguardian ##`	1200	`## - Paramètrage du gestionnaire de contenu Dansguardian ##`
1201	`##################################################################`	1201	`##################################################################`
1202	`dansguardian ()`	1202	`dansguardian ()`
1203	`{`	1203	`{`
1204	`mkdir /var/dansguardian`	1204	`mkdir -p /var/dansguardian /var/log/dansguardian`
1205	`chown dansguardian /var/dansguardian`	1205	`chown -R dansguardian /var/dansguardian /var/log/dansguardian`
1206	`$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dansguardian -c /etc/dansguardian/dansguardian.conf?g" /lib/systemd/system/dansguardian.service`	1206	`$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dansguardian -c /etc/dansguardian/dansguardian.conf?g" /lib/systemd/system/dansguardian.service`
1207	`$SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/dansguardian.service`	1207	`$SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/dansguardian.service`
1208	`[ -e $DIR_DG/dansguardian.conf.default ] \|\| cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default`	1208	`[ -e $DIR_DG/dansguardian.conf.default ] \|\| cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default`
1209	`# By default the filter is off`	1209	`# By default the filter is off`
1210	`$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/dansguardian.conf`	1210	`$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/dansguardian.conf`
Line 1269...		Line 1269...
1269	`userdel -r havp 2>/dev/null`	1269	`userdel -r havp 2>/dev/null`
1270	`groupdel havp 2>/dev/null`	1270	`groupdel havp 2>/dev/null`
1271	`fi`	1271	`fi`
1272	`groupadd -f havp`	1272	`groupadd -f havp`
1273	`useradd -r -g havp -s /bin/false -c "system user for havp (antivirus proxy)" havp`	1273	`useradd -r -g havp -s /bin/false -c "system user for havp (antivirus proxy)" havp`
1274	`mkdir -p /var/tmp/havp /var/log/havp /var/run/havp`	1274	`mkdir -p /var/tmp/havp /var/log/havp /var/run/havp /var/log/clamav /var/lib/clamav`
1275	`chown -R havp:havp /var/tmp/havp /var/log/havp /var/run/havp`	1275	`chown -R havp:havp /var/tmp/havp /var/log/havp /var/run/havp`
-		1276	`chown -R clamav:clamav /var/log/clamav /var/lib/clamav`
1276	`[ -e /etc/havp/havp.config.default ] \|\| cp /etc/havp/havp.config /etc/havp/havp.config.default`	1277	`[ -e /etc/havp/havp.config.default ] \|\| cp /etc/havp/havp.config /etc/havp/havp.config.default`
1277	`$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config`	1278	`$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config`
1278	`$SED "s?^# PIDFILE.*?PIDFILE /var/run/havp/havp.pid?g" /etc/havp/havp.config # pidfile`	1279	`$SED "s?^# PIDFILE.*?PIDFILE /var/run/havp/havp.pid?g" /etc/havp/havp.config # pidfile`
1279	`$SED "s?^# TRANSPARENT.*?TRANSPARENT false?g" /etc/havp/havp.config # transparent mode`	1280	`$SED "s?^# TRANSPARENT.*?TRANSPARENT false?g" /etc/havp/havp.config # transparent mode`
1280	`$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback`	1281	`$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback`
Line 1817...		Line 1818...
1817	`[ -e /etc/ssh/sshd_config.default ] \|\| cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default`	1818	`[ -e /etc/ssh/sshd_config.default ] \|\| cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default`
1818	`$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config`	1819	`$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config`
1819	`$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config`	1820	`$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config`
1820	`# postfix banner anonymisation`	1821	`# postfix banner anonymisation`
1821	`$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf`	1822	`$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf`
-		1823	`chown -R postfix:postfix /var/lib/postfix`
1822	`# sshd écoute côté LAN et WAN`	1824	`# sshd écoute côté LAN et WAN`
1823	`$SED "s?^#ListenAddress 0\.0\.0\.0.*?ListenAddress 0\.0\.0\.0?g" /etc/ssh/sshd_config`	1825	`$SED "s?^#ListenAddress 0\.0\.0\.0.*?ListenAddress 0\.0\.0\.0?g" /etc/ssh/sshd_config`
1824	`# sshd autorise les connections root par certificat`	1826	`# sshd autorise les connections root par certificat`
1825	`$SED "s?^PermitRootLogin.*?PermitRootLogin without-password?g" /etc/ssh/sshd_config`	1827	`$SED "s?^PermitRootLogin.*?PermitRootLogin without-password?g" /etc/ssh/sshd_config`
1826	`# Put the default values in conf file`	1828	`# Put the default values in conf file`