Subversion Repositories ALCASAR

Rev

Rev 2552 | Rev 2560 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2552 Rev 2558
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 2552 2018-05-08 22:21:47Z rexy $
2
#  $Id: alcasar.sh 2558 2018-06-05 21:56:34Z rexy $
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
#  team@alcasar.net
7
#  team@alcasar.net
Line 579... Line 579...
579
EOF
579
EOF
580
# write "/etc/hosts"
580
# write "/etc/hosts"
581
	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
581
	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
582
	cat <<EOF > /etc/hosts
582
	cat <<EOF > /etc/hosts
583
127.0.0.1	localhost
583
127.0.0.1	localhost
584
$PRIVATE_IP	$HOSTNAME.$DOMAIN $HOSTNAME
584
$PRIVATE_IP	$HOSTNAME
585
EOF
585
EOF
586
# write EXTIF (Internet) config
586
# write EXTIF (Internet) config
587
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
587
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
588
	if [ $IP_SETTING == "dhcp" ]
588
	if [ $IP_SETTING == "dhcp" ]
589
		then
589
		then
Line 1501... Line 1501...
1501
	$SED "s?\$iface_list =.*?\$iface_list = array('$EXTIF');?" $DIR_ACC/manager/stats/config.php
1501
	$SED "s?\$iface_list =.*?\$iface_list = array('$EXTIF');?" $DIR_ACC/manager/stats/config.php
1502
	$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php
1502
	$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php
1503
	/usr/bin/vnstat -u -i $EXTIF
1503
	/usr/bin/vnstat -u -i $EXTIF
1504
} # End of vnstat
1504
} # End of vnstat
1505
 
1505
 
1506
################################################################
1506
##################################################################
1507
##                     Function "dnsmasq"                     ##
1507
##                     Function "dnsmasq"                       ##
1508
## - creation of the conf files of the 4 intances of dnsmasq  ## 
1508
## - creation of the conf files of the 4 intances of dnsmasq    ##
-
 
1509
## - creation of the file managing domain name (local & remote) ##
1509
################################################################
1510
##################################################################
1510
dnsmasq ()
1511
dnsmasq ()
1511
{
1512
{
1512
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
1513
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
1513
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if "alcasar-bypass" is on.
1514
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if "alcasar-bypass" is on.
1514
	[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
1515
	[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
1515
	cat << EOF > /etc/dnsmasq.conf
1516
	cat << EOF > /etc/dnsmasq.conf
1516
# Configuration file for "dnsmasq in forward mode"
1517
# Configuration file for "dnsmasq in forward mode"
1517
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1518
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local & remote DNS domain name resolutions
1518
listen-address=$PRIVATE_IP
1519
listen-address=$PRIVATE_IP
1519
pid-file=/var/run/dnsmasq.pid
1520
pid-file=/var/run/dnsmasq.pid
1520
listen-address=127.0.0.1
1521
listen-address=127.0.0.1
1521
no-dhcp-interface=$INTIF
1522
no-dhcp-interface=$INTIF
1522
no-dhcp-interface=tun0
1523
no-dhcp-interface=tun0
Line 1531... Line 1532...
1531
server=$DNS2
1532
server=$DNS2
1532
# DHCP service is configured. It will be enabled in "bypass" mode
1533
# DHCP service is configured. It will be enabled in "bypass" mode
1533
#dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
1534
#dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
1534
#dhcp-option=option:router,$PRIVATE_IP
1535
#dhcp-option=option:router,$PRIVATE_IP
1535
#dhcp-option=option:ntp-server,$PRIVATE_IP
1536
#dhcp-option=option:ntp-server,$PRIVATE_IP
1536
#domain=$DOMAIN
-
 
1537
 
1537
 
1538
# Exemple of static dhcp assignation : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
1538
# Exemple of static dhcp assignation : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
1539
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
1539
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
1540
EOF
1540
EOF
1541
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
1541
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
1542
	cat << EOF > /etc/dnsmasq-blacklist.conf
1542
	cat << EOF > /etc/dnsmasq-blacklist.conf
1543
# Configuration file for "dnsmasq with blacklist"
1543
# Configuration file for "dnsmasq with blacklist"
1544
# Add Toulouse University blacklist domains
1544
# Add Toulouse University blacklist domains
1545
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1545
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local & remote DNS domain name resolutions
1546
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
1546
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
1547
pid-file=/var/run/dnsmasq-blacklist.pid
1547
pid-file=/var/run/dnsmasq-blacklist.pid
1548
listen-address=$PRIVATE_IP
1548
listen-address=$PRIVATE_IP
1549
port=54
1549
port=54
1550
no-dhcp-interface=$INTIF
1550
no-dhcp-interface=$INTIF
Line 1563... Line 1563...
1563
EOF
1563
EOF
1564
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
1564
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
1565
	cat << EOF > /etc/dnsmasq-whitelist.conf
1565
	cat << EOF > /etc/dnsmasq-whitelist.conf
1566
# Configuration file for "dnsmasq with whitelist"
1566
# Configuration file for "dnsmasq with whitelist"
1567
# ADD Toulouse university whitelist domains
1567
# ADD Toulouse university whitelist domains
1568
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1568
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local & remote DNS domain name resolutions
1569
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
1569
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
1570
pid-file=/var/run/dnsmasq-whitelist.pid
1570
pid-file=/var/run/dnsmasq-whitelist.pid
1571
listen-address=$PRIVATE_IP
1571
listen-address=$PRIVATE_IP
1572
port=55
1572
port=55
1573
no-dhcp-interface=$INTIF
1573
no-dhcp-interface=$INTIF
Line 1583... Line 1583...
1583
address=/#/$PRIVATE_IP				# for Domain name without local resolution (WL)
1583
address=/#/$PRIVATE_IP				# for Domain name without local resolution (WL)
1584
EOF
1584
EOF
1585
# 4th dnsmasq listen on udp 56 ("blackhole")
1585
# 4th dnsmasq listen on udp 56 ("blackhole")
1586
	cat << EOF > /etc/dnsmasq-blackhole.conf
1586
	cat << EOF > /etc/dnsmasq-blackhole.conf
1587
# Configuration file for "dnsmasq as a blackhole"
1587
# Configuration file for "dnsmasq as a blackhole"
1588
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1588
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local & remote DNS domain name resolutions
1589
address=/#/$PRIVATE_IP				# redirect all on ALCASAR IP address
1589
address=/#/$PRIVATE_IP				# redirect all on ALCASAR IP address
1590
pid-file=/var/run/dnsmasq-blackhole.pid
1590
pid-file=/var/run/dnsmasq-blackhole.pid
1591
listen-address=$PRIVATE_IP
1591
listen-address=$PRIVATE_IP
1592
port=56
1592
port=56
1593
no-dhcp-interface=$INTIF
1593
no-dhcp-interface=$INTIF
Line 1598... Line 1598...
1598
domain-needed
1598
domain-needed
1599
expand-hosts
1599
expand-hosts
1600
bogus-priv
1600
bogus-priv
1601
filterwin2k
1601
filterwin2k
1602
EOF
1602
EOF
-
 
1603
# file managing domain name resolution (local & remote)
-
 
1604
cat << EOF > $DIR_DEST_ETC/alcasar-dns-name
-
 
1605
# Vous pouvez définir ici votre nom de domain local ('localdomain' par défaut)
-
 
1606
# Here you can define your local domain name ('localdomain' by default)
-
 
1607
local=/$DOMAIN/
-
 
1608
domain=$DOMAIN
-
 
1609
 
-
 
1610
## Ajouter une ligne pour chaque nom de domaine géré par un autre seveur DNS
-
 
1611
## Add one line for each domain name managed by an other DNS server
-
 
1612
## server=/<your_domain>/<@IP_domain_server>
-
 
1613
## Exemple for an A.D. domain :  server=/Your.Domain.AD/110.120.100.100
-
 
1614
## Exemple for an other domain : server=/an_other_domain/10.20.30.40
-
 
1615
 
-
 
1616
## INFO : local hostnames are resolved in /etc/hosts file
-
 
1617
EOF
1603
 
1618
 
1604
# the main instance should start after network and chilli (which create tun0)
1619
# the main instance should start after network and chilli (which create tun0)
1605
	[ -e /lib/systemd/system/dnsmasq.service.default ] || cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default
1620
	[ -e /lib/systemd/system/dnsmasq.service.default ] || cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default
1606
	$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /lib/systemd/system/dnsmasq.service
1621
	$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /lib/systemd/system/dnsmasq.service
1607
# Create dnsmasq-blacklist, dnsmasq-whitelist and dnsmasq-blackhole unit
1622
# Create dnsmasq-blacklist, dnsmasq-whitelist and dnsmasq-blackhole unit