Subversion Repositories ALCASAR

Rev

Rev 2724 | Rev 2730 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2724 Rev 2728
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 2724 2019-05-05 19:05:53Z rexy $
2
#  $Id: alcasar.sh 2728 2019-05-20 20:55:06Z rexy $
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
#  team@alcasar.net
7
#  team@alcasar.net
Line 987... Line 987...
987
	$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
987
	$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
988
	$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
988
	$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
989
	$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
989
	$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
990
	$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf # remove the proxy function
990
	$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf # remove the proxy function
991
	$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf # remove the proxy function
991
	$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf # remove the proxy function
992
 
-
 
993
# Add ALCASAR dictionary
992
# Add ALCASAR & Coovachilli dictionaries
-
 
993
	[ -e /etc/raddb/dictionary.default ] || cp /etc/raddb/dictionary /etc/raddb/dictionary.default
994
	cp $DIR_CONF/radius/dictionary.alcasar /usr/share/freeradius/dictionary.alcasar
994
	cp $DIR_CONF/radius/dictionary.alcasar /usr/share/freeradius/dictionary.alcasar
995
	echo -e '\n$INCLUDE dictionary.alcasar' >> /usr/share/freeradius/dictionary
995
	echo -e '\n$INCLUDE dictionary.alcasar' > /etc/raddb/dictionary
996
# Add CoovaChilli dictionary
-
 
997
	cp /usr/share/doc/coova-chilli/dictionary.coovachilli /usr/share/freeradius/dictionary.coovachilli
996
	cp /usr/share/doc/coova-chilli/dictionary.coovachilli /usr/share/freeradius/dictionary.coovachilli
998
	echo -e '\n$INCLUDE dictionary.coovachilli' >> /usr/share/freeradius/dictionary
997
	echo -e '\n$INCLUDE dictionary.coovachilli' >> /etc/raddb/dictionary
999
# Set "client.conf" to describe radius clients (coova on 127.0.0.1)
998
# Set "client.conf" to describe radius clients (coova on 127.0.0.1)
1000
	[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
999
	[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
1001
	cat << EOF > /etc/raddb/clients.conf
1000
	cat << EOF > /etc/raddb/clients.conf
1002
client localhost {
1001
client localhost {
1003
	ipaddr = 127.0.0.1
1002
	ipaddr = 127.0.0.1
Line 1011... Line 1010...
1011
	cp $DIR_CONF/radius/alcasar /etc/raddb/sites-available/alcasar
1010
	cp $DIR_CONF/radius/alcasar /etc/raddb/sites-available/alcasar
1012
	cp $DIR_CONF/radius/alcasar-with-ldap /etc/raddb/sites-available/alcasar-with-ldap
1011
	cp $DIR_CONF/radius/alcasar-with-ldap /etc/raddb/sites-available/alcasar-with-ldap
1013
	chown radius:apache /etc/raddb/sites-available/alcasar*
1012
	chown radius:apache /etc/raddb/sites-available/alcasar*
1014
	chmod 660 /etc/raddb/sites-available/alcasar*
1013
	chmod 660 /etc/raddb/sites-available/alcasar*
1015
	ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
1014
	ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
1016
# INFO : To connect from outside (EAP), add the EAP virtual server (link in sites-enabled) and inner-tunnel modules (link in mods-enabled)
1015
	# INFO : To connect from outside (EAP), add the EAP virtual server (link in sites-enabled) and inner-tunnel modules (link in mods-enabled)
1017
 
-
 
1018
# Set modules
1016
# Set modules
1019
# Add custom LDAP "available module"
1017
	# Add custom LDAP "available module"
1020
	cp -f $DIR_CONF/radius/ldap-alcasar /etc/raddb/mods-available/
1018
	cp -f $DIR_CONF/radius/ldap-alcasar /etc/raddb/mods-available/
1021
	chown -R radius:radius /etc/raddb/mods-available/ldap-alcasar
1019
	chown -R radius:radius /etc/raddb/mods-available/ldap-alcasar
1022
# Set only usefull modules for ALCASAR (ldap is enabled only via ACC)
1020
	# Set only usefull modules for ALCASAR (! the module 'ldap-alcasar' is enabled only via ACC)
1023
	rm -rf  /etc/raddb/mods-enabled/*
1021
	rm -rf  /etc/raddb/mods-enabled/*
1024
	for mods in sql sqlcounter attr_filter expiration logintime pap expr always
1022
	for mods in sql sqlcounter attr_filter expiration logintime pap expr always
1025
	do
1023
	do
1026
		ln -s /etc/raddb/mods-available/$mods /etc/raddb/mods-enabled/$mods
1024
		ln -s /etc/raddb/mods-available/$mods /etc/raddb/mods-enabled/$mods
1027
	done
1025
	done
-
 
1026
	# INFO : To connect from outside (EAP), add the EAP module (and right accesses to the keys (/etc/pki/tls/private/radius.pem)
1028
# Configure SQL mod
1027
# Configure SQL mod
1029
	[ -e /etc/raddb/mods-available/sql.default ] || cp /etc/raddb/mods-available/sql /etc/raddb/mods-available/sql.default
1028
	[ -e /etc/raddb/mods-available/sql.default ] || cp /etc/raddb/mods-available/sql /etc/raddb/mods-available/sql.default
1030
	$SED "s?^[\t ]*driver =.*?driver = \"rlm_sql_mysql\"?g" /etc/raddb/mods-available/sql
1029
	$SED "s?^[\t ]*driver =.*?driver = \"rlm_sql_mysql\"?g" /etc/raddb/mods-available/sql
1031
	$SED "s?^[\t ]*dialect =.*?dialect = \"mysql\"?g" /etc/raddb/mods-available/sql
1030
	$SED "s?^[\t ]*dialect =.*?dialect = \"mysql\"?g" /etc/raddb/mods-available/sql
1032
	$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/mods-available/sql
1031
	$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/mods-available/sql