Subversion Repositories ALCASAR

Rev

Rev 2519 | Rev 2541 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log

Rev 2519 Rev 2521
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 2519 2018-03-26 19:40:51Z rexy $
2
#  $Id: alcasar.sh 2521 2018-04-02 19:46:16Z armand.ito $
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
#  team@alcasar.net
7
#  team@alcasar.net
Line 16... Line 16...
16
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
16
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
17
# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :
17
# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :
18
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
18
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
19
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
19
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
20
 
20
 
21
# Coovachilli, freeradius, mariaDB, lighttpd, netfilter, dansguardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump
21
# Coovachilli, freeradius, mariaDB, lighttpd, netfilter, e2guardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump
22
 
22
 
23
# Options :
23
# Options :
24
#       -i or --install
24
#       -i or --install
25
#       -u or --uninstall
25
#       -u or --uninstall
26
 
26
 
Line 32... Line 32...
32
#       CA                      : Certification Authority initialization
32
#       CA                      : Certification Authority initialization
33
#       time_server             : NTPd configuration
33
#       time_server             : NTPd configuration
34
#       init_db                 : Initilization of radius database managed with MariaDB
34
#       init_db                 : Initilization of radius database managed with MariaDB
35
#       freeradius              : FreeRadius initialisation
35
#       freeradius              : FreeRadius initialisation
36
#       chilli                  : coovachilli initialisation (+authentication page)
36
#       chilli                  : coovachilli initialisation (+authentication page)
37
#       dansguardian            : DansGuardian filtering HTTP proxy configuration
37
#       e2guardian              : E2Guardian filtering HTTP proxy configuration
38
#       antivirus               : HAVP + libclamav configuration
38
#       antivirus               : HAVP + libclamav configuration
39
#       tinyproxy               : little proxy for user filtered with "WL + antivirus" and "antivirus"
39
#       tinyproxy               : little proxy for user filtered with "WL + antivirus" and "antivirus"
40
#       ulogd                   : log system in userland (match NFLOG target of iptables)
40
#       ulogd                   : log system in userland (match NFLOG target of iptables)
41
#       nfsen                   : Configuration of Nfsen Netflow grapher
41
#       nfsen                   : Configuration of Nfsen Netflow grapher
42
#       dnsmasq                 : Name server configuration
42
#       dnsmasq                 : Name server configuration
43
#       vnstat                  : little network stat daemon
43
#       vnstat                  : little network stat daemon
44
#       BL                      : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
44
#       BL                      : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for e2guardian and for Netfilter)
45
#       cron                    : Logs export + watchdog + connexion statistics
45
#       cron                    : Logs export + watchdog + connexion statistics
46
#       fail2ban                : Fail2ban IDS installation and configuration
46
#       fail2ban                : Fail2ban IDS installation and configuration
47
#       gammu_smsd              : Autoregister addon via SMS (gammu-smsd)
47
#       gammu_smsd              : Autoregister addon via SMS (gammu-smsd)
48
#       msec                    : Mandriva security package configuration
48
#       msec                    : Mandriva security package configuration
49
#       letsencrypt             : Let's Encrypt client
49
#       letsencrypt             : Let's Encrypt client
Line 59... Line 59...
59
DIR_CONF="$DIR_INSTALL/conf"                    # install directory (with conf files)
59
DIR_CONF="$DIR_INSTALL/conf"                    # install directory (with conf files)
60
DIR_SCRIPTS="$DIR_INSTALL/scripts"              # install directory (with script files)
60
DIR_SCRIPTS="$DIR_INSTALL/scripts"              # install directory (with script files)
61
DIR_BLACKLIST="$DIR_INSTALL/blacklist"          # install directory (with blacklist files)
61
DIR_BLACKLIST="$DIR_INSTALL/blacklist"          # install directory (with blacklist files)
62
DIR_SAVE="/var/Save"                            # backup directory (traceability_log, user_db, security_log)
62
DIR_SAVE="/var/Save"                            # backup directory (traceability_log, user_db, security_log)
63
DIR_WEB="/var/www/html"                         # directory of Lighttpd
63
DIR_WEB="/var/www/html"                         # directory of Lighttpd
64
DIR_DG="/etc/dansguardian"                      # directory of DansGuardian
64
DIR_DG="/etc/e2guardian"                        # directory of E2Guardian
65
DIR_ACC="$DIR_WEB/acc"                          # directory of the 'ALCASAR Control Center'
65
DIR_ACC="$DIR_WEB/acc"                          # directory of the 'ALCASAR Control Center'
66
DIR_DEST_BIN="/usr/local/bin"                   # directory of ALCASAR scripts
66
DIR_DEST_BIN="/usr/local/bin"                   # directory of ALCASAR scripts
67
DIR_DEST_ETC="/usr/local/etc"                   # directory of ALCASAR conf files
67
DIR_DEST_ETC="/usr/local/etc"                   # directory of ALCASAR conf files
68
DIR_DEST_SHARE="/usr/local/share"               # directory of share files used by ALCASAR (dnsmasq for instance)
68
DIR_DEST_SHARE="/usr/local/share"               # directory of share files used by ALCASAR (dnsmasq for instance)
69
CONF_FILE="$DIR_DEST_ETC/alcasar.conf"          # central ALCASAR conf file
69
CONF_FILE="$DIR_DEST_ETC/alcasar.conf"          # central ALCASAR conf file
Line 1223... Line 1223...
1223
        groupadd -f chilli
1223
        groupadd -f chilli
1224
        useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
1224
        useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
1225
}  # End of chilli ()
1225
}  # End of chilli ()
1226
 
1226
 
1227
##################################################################
1227
##################################################################
1228
##                   Function "dansguardian"                    ##
1228
##                   Function "e2guardian"                    ##
1229
## - Set the parameters of this HTML proxy (as controler)       ##
1229
## - Set the parameters of this HTML proxy (as controler)       ##
1230
##################################################################
1230
##################################################################
1231
dansguardian ()
1231
e2guardian ()
1232
{
1232
{
1233
        mkdir -p /var/dansguardian /var/log/dansguardian
1233
        mkdir -p /var/e2guardian /var/log/e2guardian
1234
        chown -R dansguardian /var/dansguardian /var/log/dansguardian
1234
        chown -R e2guardian /var/e2guardian /var/log/e2guardian
1235
        $SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dansguardian -c /etc/dansguardian/dansguardian.conf?g" /lib/systemd/system/dansguardian.service
1235
        $SED "s?^ExecStart=.*?ExecStart=/usr/sbin/e2guardian -c /etc/e2guardian/e2guardian.conf?g" /lib/systemd/system/e2guardian.service
1236
        $SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/dansguardian.service
1236
        $SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/e2guardian.service
1237
        [ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
1237
        [ -e $DIR_DG/e2guardian.conf.default ] || cp $DIR_DG/e2guardian.conf $DIR_DG/e2guardian.conf.default
1238
# By default the filter is off
1238
# By default the filter is off
1239
        $SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/dansguardian.conf
1239
        $SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/e2guardian.conf
1240
# French deny HTML page
1240
# French deny HTML page
1241
        $SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
1241
        $SED "s?^language =.*?language = french?g" $DIR_DG/e2guardian.conf
1242
# Listen only on LAN side
1242
# Listen only on LAN side
1243
        $SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
1243
        $SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/e2guardian.conf
1244
# DG send its flow to HAVP
1244
# DG send its flow to HAVP
1245
        $SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf
1245
        $SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/e2guardian.conf
1246
# replace the default deny HTML page
1246
# replace the default deny HTML page
1247
        cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
1247
        cp -f $DIR_CONF/template.html /usr/share/e2guardian/languages/ukenglish/
1248
        cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
1248
        cp -f $DIR_CONF/template-fr.html /usr/share/e2guardian/languages/french/template.html
1249
# Don't log
1249
# Don't log
1250
        $SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/dansguardian.conf
1250
        $SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/e2guardian.conf
1251
# # Change the default report page
1251
# # Change the default report page
1252
        $SED "s?^accessdeniedaddress =.*?accessdeniedaddress = http://$HOSTNAME.$DOMAIN?g" $DIR_DG/dansguardian.conf
1252
        $SED "s?^accessdeniedaddress =.*?accessdeniedaddress = http://$HOSTNAME.$DOMAIN?g" $DIR_DG/e2guardian.conf
1253
# Disable HTML content control
1253
# Disable HTML content control
1254
        $SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf
1254
        $SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/e2guardian.conf
1255
        cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
1255
        cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
1256
        $SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
1256
        $SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
1257
# Disable URL control with regex
1257
# Disable URL control with regex
1258
        cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
1258
        cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
1259
        $SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
1259
        $SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
1260
# Configure Dansguardian for large site
1260
# Configure E2guardian for large site
1261
# Minimum number of processus to handle connections
1261
# Minimum number of processus to handle connections
1262
        $SED "s?^minchildren =.*?minchildren = 15?g" $DIR_DG/dansguardian.conf
1262
        $SED "s?^minchildren =.*?minchildren = 15?g" $DIR_DG/e2guardian.conf
1263
# Maximum number of processus to handle connections
1263
# Maximum number of processus to handle connections
1264
        $SED "s?^maxchildren =.*?maxchildren = 200?g" $DIR_DG/dansguardian.conf
1264
        $SED "s?^maxchildren =.*?maxchildren = 200?g" $DIR_DG/e2guardian.conf
1265
# Run at least 8 daemons
1265
# Run at least 8 daemons
1266
        $SED "s?^minsparechildren =.*?minsparechildren = 8?g" $DIR_DG/dansguardian.conf
1266
        $SED "s?^minsparechildren =.*?minsparechildren = 8?g" $DIR_DG/e2guardian.conf
1267
# minimum number of processes to spawn
1267
# minimum number of processes to spawn
1268
        $SED "s?^preforkchildren =.*?preforkchildren = 10?g" $DIR_DG/dansguardian.conf
1268
        $SED "s?^preforkchildren =.*?preforkchildren = 10?g" $DIR_DG/e2guardian.conf
1269
# maximum age of a child process before it croaks it
1269
# maximum age of a child process before it croaks it
1270
        $SED "s?^maxagechildren =.*?maxagechildren = 1000?g" $DIR_DG/dansguardian.conf
1270
        $SED "s?^maxagechildren =.*?maxagechildren = 1000?g" $DIR_DG/e2guardian.conf
1271
# Disable download files control
1271
# Disable download files control
1272
        [ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
1272
        [ -e $DIR_DG/e2guardianf1.conf.default ] || cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf1.conf.default
1273
        $SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
1273
        $SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/e2guardianf1.conf
1274
        [ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
1274
        [ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
1275
        [ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
1275
        [ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
1276
        touch $DIR_DG/lists/bannedextensionlist
1276
        touch $DIR_DG/lists/bannedextensionlist
1277
        touch $DIR_DG/lists/bannedmimetypelist
1277
        touch $DIR_DG/lists/bannedmimetypelist
1278
# 'Safesearch' regex actualisation
1278
# 'Safesearch' regex actualisation
Line 1281... Line 1281...
1281
        [ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
1281
        [ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
1282
        touch $DIR_DG/lists/exceptioniplist
1282
        touch $DIR_DG/lists/exceptioniplist
1283
# Keep a copy of URL & domain filter configuration files
1283
# Keep a copy of URL & domain filter configuration files
1284
        [ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
1284
        [ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
1285
        [ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
1285
        [ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
1286
} # End of dansguardian ()
1286
} # End of e2guardian ()
1287
 
1287
 
1288
##################################################################
1288
##################################################################
1289
##                     Function "antivirus"                     ##
1289
##                     Function "antivirus"                     ##
1290
## - Set the parameters of havp, libclamav and freshclam        ##
1290
## - Set the parameters of havp, libclamav and freshclam        ##
1291
##################################################################
1291
##################################################################
Line 1629... Line 1629...
1629
# creation of file for the rehabilited domains and urls
1629
# creation of file for the rehabilited domains and urls
1630
        [ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
1630
        [ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
1631
        [ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
1631
        [ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
1632
        touch $DIR_DG/lists/exceptionsitelist
1632
        touch $DIR_DG/lists/exceptionsitelist
1633
        touch $DIR_DG/lists/exceptionurllist
1633
        touch $DIR_DG/lists/exceptionurllist
1634
# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian
1634
# On crée la configuration de base du filtrage de domaine et d'URL pour E2guardian
1635
        cat <<EOF > $DIR_DG/lists/bannedurllist
1635
        cat <<EOF > $DIR_DG/lists/bannedurllist
1636
# Dansguardian filter config for ALCASAR
1636
# E2guardian filter config for ALCASAR
1637
EOF
1637
EOF
1638
        cat <<EOF > $DIR_DG/lists/bannedsitelist
1638
        cat <<EOF > $DIR_DG/lists/bannedsitelist
1639
# Dansguardian domain filter config for ALCASAR
1639
# E2guardian domain filter config for ALCASAR
1640
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
1640
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
1641
#**
1641
#**
1642
# block all SSL and CONNECT tunnels
1642
# block all SSL and CONNECT tunnels
1643
**s
1643
**s
1644
# block all SSL and CONNECT tunnels specified only as an IP
1644
# block all SSL and CONNECT tunnels specified only as an IP
Line 1665... Line 1665...
1665
        do
1665
        do
1666
                mkdir $DIR_DG/lists/blacklists/ossi-bl-$x
1666
                mkdir $DIR_DG/lists/blacklists/ossi-bl-$x
1667
                cp $DIR_BLACKLIST/$x  $DIR_DG/lists/blacklists/ossi-bl-$x/domains
1667
                cp $DIR_BLACKLIST/$x  $DIR_DG/lists/blacklists/ossi-bl-$x/domains
1668
                echo "ossi-bl-$x" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
1668
                echo "ossi-bl-$x" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
1669
        done
1669
        done
1670
        chown -R dansguardian:apache $DIR_DG
1670
        chown -R e2guardian:apache $DIR_DG
1671
        chown -R root:apache $DIR_DEST_SHARE
1671
        chown -R root:apache $DIR_DEST_SHARE
1672
        chmod -R g+rw $DIR_DG $DIR_DEST_SHARE
1672
        chmod -R g+rw $DIR_DG $DIR_DEST_SHARE
1673
# adapt the Toulouse BL to ALCASAR architecture
1673
# adapt the Toulouse BL to ALCASAR architecture
1674
        $DIR_DEST_BIN/alcasar-bl.sh --adapt
1674
        $DIR_DEST_BIN/alcasar-bl.sh --adapt
1675
# enable the default categories
1675
# enable the default categories
Line 1993... Line 1993...
1993
        cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
1993
        cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
1994
        chmod 644 /etc/logrotate.d/*
1994
        chmod 644 /etc/logrotate.d/*
1995
# Log compression
1995
# Log compression
1996
        $SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
1996
        $SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
1997
# actualisation des fichiers logs compressés
1997
# actualisation des fichiers logs compressés
1998
        for dir in firewall dansguardian lighttpd
1998
        for dir in firewall e2guardian lighttpd
1999
        do
1999
        do
2000
                find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
2000
                find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
2001
        done
2001
        done
2002
# create the alcasar-load_balancing unit
2002
# create the alcasar-load_balancing unit
2003
        cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
2003
        cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
Line 2023... Line 2023...
2023
 
2023
 
2024
[Install]
2024
[Install]
2025
WantedBy=multi-user.target
2025
WantedBy=multi-user.target
2026
EOF
2026
EOF
2027
# processes launched at boot time (Systemctl)
2027
# processes launched at boot time (Systemctl)
2028
        for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd
2028
        for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd
2029
        do
2029
        do
2030
                /usr/bin/systemctl -q enable $i.service
2030
                /usr/bin/systemctl -q enable $i.service
2031
        done
2031
        done
2032
 
2032
 
2033
# disable processes at boot time (Systemctl)
2033
# disable processes at boot time (Systemctl)
Line 2239... Line 2239...
2239
                        MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
2239
                        MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
2240
                        MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
2240
                        MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
2241
                        UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
2241
                        UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
2242
                        mode="update"
2242
                        mode="update"
2243
                fi
2243
                fi
2244
                for func in init network ACC CA time_server init_db freeradius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install
2244
                for func in init network ACC CA time_server init_db freeradius chilli e2guardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install
2245
                do
2245
                do
2246
                        $func
2246
                        $func
2247
                        if [ $DEBUG_ALCASAR == "on" ]
2247
                        if [ $DEBUG_ALCASAR == "on" ]
2248
                                then
2248
                                then
2249
                                echo "*** 'debug' : end of install '$func' ***"
2249
                                echo "*** 'debug' : end of install '$func' ***"