Subversion Repositories ALCASAR

Rev

Rev 2631 | Rev 2643 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2631 Rev 2640
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 2631 2018-09-12 21:16:42Z rexy $
2
#  $Id: alcasar.sh 2640 2018-09-20 21:21:15Z rexy $
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
#  team@alcasar.net
7
#  team@alcasar.net
Line 1673... Line 1673...
1673
##                  Function "cron"                  ##
1673
##                  Function "cron"                  ##
1674
## - write all cron & anacron files                  ##
1674
## - write all cron & anacron files                  ##
1675
#######################################################
1675
#######################################################
1676
cron ()
1676
cron ()
1677
{
1677
{
1678
# Modif du fichier 'crontab' pour passer les cron à minuit au lieu de 04h00
1678
# 'crontab' with standard cron at midnight instead of 4:0 am (default)
1679
	[ -e /etc/crontab.default ] || cp /etc/crontab /etc/crontab.default
1679
	[ -e /etc/crontab.default ] || cp /etc/crontab /etc/crontab.default
1680
	cat <<EOF > /etc/crontab
1680
	cat <<EOF > /etc/crontab
1681
SHELL=/usr/bin/bash
1681
SHELL=/usr/bin/bash
1682
PATH=/usr/sbin:/usr/bin
1682
PATH=/sbin:/bin:/usr/sbin:/usr/bin
1683
MAILTO=root
1683
MAILTO=root
1684
HOME=/
1684
HOME=/
1685
 
1685
 
1686
# run-parts
1686
# run-parts
1687
01 * * * * root nice -n 19 run-parts --report /etc/cron.hourly
1687
01 * * * * root nice -n 19 run-parts --report /etc/cron.hourly
Line 1691... Line 1691...
1691
EOF
1691
EOF
1692
	[ -e /etc/anacrontab.default ] || cp /etc/anacrontab /etc/anacrontab.default
1692
	[ -e /etc/anacrontab.default ] || cp /etc/anacrontab /etc/anacrontab.default
1693
	cat <<EOF >> /etc/anacrontab
1693
	cat <<EOF >> /etc/anacrontab
1694
7	8	cron.MysqlDump		nice /etc/cron.d/alcasar-mysql
1694
7	8	cron.MysqlDump		nice /etc/cron.d/alcasar-mysql
1695
7	10	cron.logExport		nice /etc/cron.d/alcasar-archive
1695
7	10	cron.logExport		nice /etc/cron.d/alcasar-archive
1696
7	20	cron.importClean	nice /etc/cron.d/alcasar-clean_import
-
 
1697
EOF
1696
EOF
1698
 
-
 
1699
	cat <<EOF > /etc/cron.d/alcasar-mysql
1697
	cat <<EOF > /etc/cron.d/alcasar-mysql
1700
# Contrôle, réparation et export de la base des usagers (tous les lundi à 4h45)
1698
# Verify, repair and export users database (every monday at 4:45 am)
1701
45 4 * * 1 root $DIR_DEST_BIN/alcasar-mysql.sh --dump
1699
45 4 * * 1 root $DIR_DEST_BIN/alcasar-mysql.sh --dump
1702
# Nettoyage des utilisateurs dont la date d'expiration du compte est supérieure à 7 jours
1700
# Remove users whose expiration date is exceeded for more more than 7 days (every Monday at 4:40 am)
1703
40 4 * * * root $DIR_DEST_BIN/alcasar-mysql.sh --expire_user 2>&1 >/dev/null
1701
40 4 * * * root $DIR_DEST_BIN/alcasar-mysql.sh --expire_user 2>&1 >/dev/null
1704
EOF
1702
EOF
1705
	cat <<EOF > /etc/cron.d/alcasar-archive
1703
	cat <<EOF > /etc/cron.d/alcasar-archive
1706
# Archive des logs et de la base de données (tous les lundi à 5h35)
1704
# Archiving logs (traceability & users database) (every Monday at 5:35 am)
1707
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
1705
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
1708
EOF
1706
EOF
1709
	cat <<EOF > /etc/cron.d/alcasar-ticket-clean
1707
	cat <<EOF > /etc/cron.d/alcasar-ticket-clean
1710
# suppression des fichiers de mots de passe (imports massifs par fichier) et des ticket PDF d'utilisateur
1708
# Remove password files (created when importing users by CSV files) and user's PDF voucher (every hours at 30')
1711
30 * * * *  root $DIR_DEST_BIN/alcasar-ticket-clean.sh
1709
30 * * * *  root $DIR_DEST_BIN/alcasar-ticket-clean.sh
1712
EOF
1710
EOF
1713
	cat <<EOF > /etc/cron.d/alcasar-distrib-updates
1711
	cat <<EOF > /etc/cron.d/alcasar-distrib-updates
1714
# mise à jour automatique de la distribution tous les jours 3h30
1712
# Update the system (everyday at 3:30 am)
1715
30 3 * * *  root /usr/sbin/urpmi --auto-update --auto 2>&1
1713
30 3 * * *  root /usr/sbin/urpmi --auto-update --auto 2>&1
1716
EOF
1714
EOF
1717
 
-
 
1718
	cat <<EOF > /etc/cron.d/alcasar-connections-stats
1715
	cat <<EOF > /etc/cron.d/alcasar-connections-stats
1719
# Connection stats update (accounting). These Perl scripts are from "dialup_admin" (cf. wiki.freeradius.org/Dialup_admin).
1716
# Connection stats update (accounting). These Perl scripts are from "dialup_admin" (cf. wiki.freeradius.org/Dialup_admin).
1720
# 'alcasar-tot_stats' (everyday at 01h01 pm) : aggregating the daily connections of users (write in the table 'totacct')
1717
# 'alcasar-tot_stats' : aggregate the daily connections of users and write it in the table 'totacct' (everyday at 1:01 pm)
1721
# 'alcasar-monthly_tot_stat' (everyday at 01h05 pm) : aggregating the monthly connections of users (write in table 'mtotacct')
1718
# 'alcasar-monthly_tot_stat' : aggregate the monthly connections of users and write it in table 'mtotacct' (everyday at 1h05 pm)
1722
# 'alcasar-truncate_raddact' (every month, the first at 01h10 pm) : removing the log sessions of users older than 365 days
1719
# 'alcasar-truncate_raddact' : remove the user' session log older than 365 days (applying French law : "LCEN") (every month, the first at 01:10 pm)
1723
# 'alcasar-clean_radacct' (every month, the first at 01h15 pm) : closing the sessions openned for more than 30 days
1720
# 'alcasar-clean_radacct' : close the sessions openned for more than 30 days (every month, the first at 01:15 pm)
1724
# 'alcasar-activity_report.sh' (every sunday at 5h35 pm) : generate an activity report in PDF
1721
# 'alcasar-activity_report.sh' : generate an activity report in PDF (every sunday at 5:35 pm)
1725
1 1 * * * root $DIR_DEST_BIN/alcasar-tot_stats > /dev/null 2>&1
1722
1 1 * * * root $DIR_DEST_BIN/alcasar-tot_stats > /dev/null 2>&1
1726
5 1 * * * root $DIR_DEST_BIN/alcasar-monthly_tot_stats > /dev/null 2>&1
1723
5 1 * * * root $DIR_DEST_BIN/alcasar-monthly_tot_stats > /dev/null 2>&1
1727
10 1 1 * * root $DIR_DEST_BIN/alcasar-truncate_radacct > /dev/null 2>&1
1724
10 1 1 * * root $DIR_DEST_BIN/alcasar-truncate_radacct > /dev/null 2>&1
1728
15 1 1 * * root $DIR_DEST_BIN/alcasar-clean_radacct > /dev/null 2>&1
1725
15 1 1 * * root $DIR_DEST_BIN/alcasar-clean_radacct > /dev/null 2>&1
1729
35 5 * * 0 root $DIR_DEST_BIN/alcasar-activity_report.sh > /dev/null 2>&1
1726
35 5 * * 0 root $DIR_DEST_BIN/alcasar-activity_report.sh > /dev/null 2>&1
1730
EOF
1727
EOF
1731
	cat <<EOF > /etc/cron.d/alcasar-watchdog
1728
	cat <<EOF > /etc/cron.d/alcasar-watchdog
1732
# run the "watchdog" every 3'
1729
# 'alcasar-watchdog.sh' : run the "watchdog" (every 10')
1733
# empty the IPSET of the whitelisted IP (loaded dynamically with dnsmasq-whitelist) when every whitelisted users are logged out (every sunday at 0h05
1730
# 'alcasar-flush_ipset_wl.sh' : empty the IPSET of the whitelisted IP loaded dynamically with dnsmasq-whitelist hook (every sunday at 0:05 am)
-
 
1731
# 'alcasar-watchdog-hl.sh' : (optionnaly) remove the IP 0.0.0.0 from chilli cache memory
1734
*/10 * * * * root $DIR_DEST_BIN/alcasar-watchdog.sh > /dev/null 2>&1
1732
*/10 * * * * root $DIR_DEST_BIN/alcasar-watchdog.sh > /dev/null 2>&1
1735
0 5 * * 0 root $DIR_DEST_BIN/alcasar-flush_ipset_wl.sh > /dev/null 2>&1
1733
0 5 * * 0 root $DIR_DEST_BIN/alcasar-flush_ipset_wl.sh > /dev/null 2>&1
1736
#* * * * * root $DIR_DEST_BIN/alcasar-watchdog-hl.sh > /dev/null 2>&1
1734
#* * * * * root $DIR_DEST_BIN/alcasar-watchdog-hl.sh > /dev/null 2>&1
1737
EOF
1735
EOF
1738
# Enabling the watchdog every 18'
-
 
1739
	cat <<EOF > /etc/cron.d/alcasar-daemon-watchdog
1736
	cat <<EOF > /etc/cron.d/alcasar-daemon-watchdog
1740
# activate  the daemon-watchdog after boot process
1737
# start dead daemons (after boot process and every 18')
1741
@reboot root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
1738
@reboot root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
1742
# activate the daemon-watchdog every 18'
-
 
1743
*/18 * * * * root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
1739
*/18 * * * * root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
1744
EOF
1740
EOF
1745
 
-
 
1746
# Enabling category update from rsync
-
 
1747
	cat <<EOF > /etc/cron.d/alcasar-rsync-bl
1741
	cat <<EOF > /etc/cron.d/alcasar-rsync-bl
1748
# Automatic update of BL via rsync every 12 hours. The categories are listed in the file '/usr/local/etc/update_cat.conf' (no sync if empty).
1742
# Automatic update the BL via rsync (every 12 hours). The enabled categories are listed in '/usr/local/etc/update_cat.conf' (no sync if empty).
1749
0 */12 * * * root $DIR_DEST_BIN/alcasar-bl.sh --update_cat > /dev/null 2>&1
1743
0 */12 * * * root $DIR_DEST_BIN/alcasar-bl.sh --update_cat > /dev/null 2>&1
1750
EOF
1744
EOF
1751
 
-
 
1752
# Renew the Let's Encrypt certificate
-
 
1753
	cat <<EOF > /etc/cron.d/alcasar-letsencrypt
1745
	cat <<EOF > /etc/cron.d/alcasar-letsencrypt
1754
# Automatic renew of the Let's Encrypt certificate
1746
# Automatic renew the Let's Encrypt certificate (daily --> see "cron.daily")
1755
@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1
1747
@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1
1756
EOF
1748
EOF
1757
 
1749
 
1758
# removing the users crons
1750
# removing the users crons
1759
	rm -f /var/spool/cron/*
1751
	rm -f /var/spool/cron/*