WebSVN – ALCASAR – Diff – /alcasar.sh

 #!/bin/bash
-#  $Id: alcasar.sh 2412 2017-09-17 12:11:23Z tom.houdayer $
+#  $Id: alcasar.sh 2416 2017-09-17 21:01:15Z richard $
 # alcasar.sh
 # ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
 # Ce programme est un logiciel libre ; This software is free and open source
 # Create the current conf file
 			$DIR_SCRIPTS/alcasar-conf.sh --create
 			mode="update"
 		fi
 	fi
-	if [[ ( $unknown_os != 3 ) || ("$DISTRIBUTION" != "Mageia" ) || ( "$CURRENT_VERSION" != "5" ) ]]
+	if [[ ( $unknown_os != 3 ) || ("$DISTRIBUTION" != "Mageia" ) || ( "$CURRENT_VERSION" != "6" ) ]]
 		then
 		if [ -e /tmp/alcasar-conf.tar.gz ] # update
 			then
 			echo
 			if [ $Lang == "fr" ]
 				then
 				echo "La mise à jour automatique d'ALCASAR ne peut pas être réalisée."
 				echo "1 - Effectuez une sauvegarde des fichiers de traçabilité et de la base des usagers via l'ACC"
-				echo "2 - Installez Linux-Mageia 5.1-64bits et ALCASAR (cf. doc d'installation)"
+				echo "2 - Installez Linux-Mageia 6.0 (64bits) et ALCASAR (cf. doc d'installation)"
 				echo "3 - Importez votre base des usagers"
 			else
 				echo "The automatic update of ALCASAR can't be performed."
 				echo "1 - Save your traceability files and the user database"
-				echo "2 - Install Linux-Mageia 5.1-64bits & ALCASAR (cf. installation doc)"
+				echo "2 - Install Linux-Mageia 6 (64bits) & ALCASAR (cf. installation doc)"
 				echo "3 - Import your users database"
 			fi
 		else
 			if [ $Lang == "fr" ]
 				then
 			fi
 		fi
 		echo
 		if [ $Lang == "fr" ]
 			then
-			echo "Le système d'exploitation doit être remplacé (Mageia5.1-64bits)"
+			echo "Le système d'exploitation doit être remplacé (Mageia6-64bits)"
 		else
-			echo "The OS must be replaced (Mageia5.1-64bits)"
+			echo "The OS must be replaced (Mageia6-64bits)"
 		fi
 		exit 0
 	fi
 	if [ ! -d /var/log/netflow/porttracker ]
 		then
 			fi
 		done
 	fi
 # On crée aléatoirement les mots de passe et les secrets partagés
 	rm -f $PASSWD_FILE
-	grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16`
-	echo "# Password to protect the GRUB boot menu (/!\\ qwerty keyboard):" > $PASSWD_FILE
-	echo "grub=$grubpwd" >> $PASSWD_FILE
-	md5_grubpwd=`/usr/bin/openssl passwd -1 $grubpwd`
-	$SED "/^password.*/d" /boot/grub/menu.lst
-	$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
 	mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16`
 	echo "# Password of MariaDB administrator:" >> $PASSWD_FILE
 	echo "db_root=$mysqlpwd" >> $PASSWD_FILE
 	radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16`
 	echo "# Name and password of MariaDB user:" >> $PASSWD_FILE
 	if [ `systemctl is-active mysqld` == "active" ]
 	then
 		systemctl stop mysqld
 	fi
 	rm -rf /var/lib/mysql # to be sure that there is no former installation
-	/usr/sbin/mysqld-prepare-db-dir > /dev/null 2>&1
 	[ -e /etc/my.cnf.default ] || cp /etc/my.cnf /etc/my.cnf.default
 	$SED "s?^tmpdir.*?tmpdir=/tmp?g" /etc/my.cnf
 	$SED "s?^port.*?#&?g" /etc/my.cnf # we use unix socket only
 	$SED "s?^;collation_server =.*?collation_server = utf8_unicode_ci?g" /etc/my.cnf
 	$SED "s?^;character_set_server =.*?character_set_server = utf8?g" /etc/my.cnf  # accentuated user names are allowed
 	$SED "s?^plugin-load.*?#&?g" /etc/my.cnf.d/feedback.cnf # remove the feedback plugin (ALCASAR doesn't report anything !)
+	/usr/sbin/mysqld-prepare-db-dir > /dev/null 2>&1
+	/usr/bin/systemctl set-environment MYSQLD_OPTS="--skip-grant-tables --skip-networking"
-	/usr/bin/systemctl start mysqld.service
+	/usr/bin/systemctl start mysqld
 	nb_round=1
 	while [ ! -S /var/lib/mysql/mysql.sock ] && [ $nb_round -lt 10 ] # we wait until mariadb is on
 	do
 		nb_round=`expr $nb_round + 1`
 		sleep 2
 	if [ ! -S /var/lib/mysql/mysql.sock ]
 	then
 		echo "Problème : la base données 'MariaDB' ne s'est pas lancée !"
 		exit
 	fi
-	mysqladmin -u root password $mysqlpwd
-	MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
+	MYSQL="/usr/bin/mysql --execute"
 # Secure the server
+	$MYSQL="GRANT ALL PRIVILEGES ON *.* TO root@'localhost' IDENTIFIED BY '$mysqlpwd';"
+	MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --execute"
 	$MYSQL="DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;"
 	$MYSQL="CONNECT mysql;DELETE from user where User='';DELETE FROM user WHERE User='root' AND Host NOT IN ('localhost','127.0.0.1','::1');FLUSH PRIVILEGES;"
 # Create 'radius' database
 	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES;"
 # Add an empty radius database structure
 	mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/empty-radiusd-db.sql
 # modify the start script in order to close accounting connexion when the system is comming down or up
 	[ -e /lib/systemd/system/mysqld.service.default ] || cp /lib/systemd/system/mysqld.service /lib/systemd/system/mysqld.service.default
-	$SED "/ExecStartPost=/a ExecStop=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
+	$SED "/^ExecStart=/a ExecStop=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
-	$SED "/ExecStartPost=/a ExecStartPost=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service
+	$SED "/^ExecStop=/a ExecStartPost=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service
+	/usr/bin/systemctl unset-environment MYSQLD_OPTS
 	/usr/bin/systemctl daemon-reload
 } # End of init_db ()
 ##########################################################################
 ##			Fonction "radius"				##
 	do
 		/usr/bin/systemctl -q enable $i.service
 	done
 # disable processes at boot time (Systemctl)
-	for i in ulogd
+	for i in ulogd gpm
 	do
 		/usr/bin/systemctl -q disable $i.service
 	done
 # Apply French Security Agency (ANSSI) rules

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2681 – Rev 2412 → 2416