Subversion Repositories ALCASAR

Rev

Rev 2760 | Rev 2764 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2760 Rev 2763
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 2760 2019-11-06 12:26:49Z lucas.echard $
2
#  $Id: alcasar.sh 2763 2019-11-10 18:26:57Z rexy $
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
#  team@alcasar.net
7
#  team@alcasar.net
Line 537... Line 537...
537
		fi
537
		fi
538
	else
538
	else
539
		PRIVATE_IP_MASK=`grep ^PRIVATE_IP= conf/etc/alcasar.conf|cut -d"=" -f2`
539
		PRIVATE_IP_MASK=`grep ^PRIVATE_IP= conf/etc/alcasar.conf|cut -d"=" -f2`
540
		rm -f conf/etc/alcasar.conf
540
		rm -f conf/etc/alcasar.conf
541
	fi
541
	fi
542
	header_install
-
 
543
	if [ "$mode" != "update" ]
-
 
544
		then
-
 
545
		if [ $Lang == "fr" ]
-
 
546
			then echo "Par défaut, le nom d'hôte d'ALCASAR est : $HOSTNAME.$DOMAIN"
-
 
547
			else echo "The default ALCASAR hostname is : $HOSTNAME.$DOMAIN"
-
 
548
		fi
-
 
549
		response=0
-
 
550
		PTN='^[oOyYnN]?$'
-
 
551
		until [[ "$response" =~ $PTN ]]
-
 
552
		do
-
 
553
			if [ $Lang == "fr" ]
-
 
554
				then echo -n "Voulez-vous utiliser ce nom d'hôte (recommandé) (O/n)? : "
-
 
555
				else echo -n "Do you want to use this hostname (recommanded) (Y/n)? : "
-
 
556
			fi
-
 
557
			read response
-
 
558
		done
-
 
559
		if [ "$response" = "n" ] || [ "$response" = "N" ]
-
 
560
		then
-
 
561
			if [ $Lang == "fr" ]
-
 
562
				then echo -n "Entrez le nouveau nom d'hôte pleinement qualifié (hôte.domain) : "
-
 
563
				else echo -n "Enter the new full qualified hostname (host.domain) : "
-
 
564
			fi
-
 
565
			read FQDN
-
 
566
			HOSTNAME=`echo $FQDN|cut -d"." -f1`
-
 
567
			DOMAIN=`echo $FQDN|cut -d"." -f2`
-
 
568
		fi
-
 
569
	fi
-
 
570
# Define LAN side global parameters
542
# Define LAN side global parameters
571
	hostnamectl set-hostname $HOSTNAME.$DOMAIN
543
	hostnamectl set-hostname $HOSTNAME.$DOMAIN
572
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)
544
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)
573
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f4`					# last octet of LAN address
545
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f4`					# last octet of LAN address
574
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)
546
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)
Line 788... Line 760...
788
	$SED "s?\[ -f \$IPTABLES_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test (flush all rules & policies)
760
	$SED "s?\[ -f \$IPTABLES_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test (flush all rules & policies)
789
#
761
#
790
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
762
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
791
} # End of network()
763
} # End of network()
792
 
764
 
-
 
765
##################################################################
-
 
766
##                      Fonction "CA"                           ##
-
 
767
## - Creating the CA and the server certificate (lighttpd)      ##
-
 
768
##################################################################
-
 
769
CA()
-
 
770
{
-
 
771
	$DIR_DEST_BIN/alcasar-CA.sh
-
 
772
	chown -R root:apache /etc/pki
-
 
773
	chmod -R 750 /etc/pki
-
 
774
} # End of CA()
-
 
775
 
793
###################################################
776
###################################################
794
##                  Function "ACC"               ##
777
##                  Function "ACC"               ##
795
## - copy ALCASAR Control Center (ACC) files     ##
778
## - copy ALCASAR Control Center (ACC) files     ##
796
## - configuration of the web server (Lighttpd)  ##
779
## - configuration of the web server (Lighttpd)  ##
797
## - creation of the first ACC admin account     ##
780
## - creation of the first ACC admin account     ##
Line 906... Line 889...
906
	[ -e /var/Save/security/acc_access.log ] || touch /var/Save/security/acc_access.log
889
	[ -e /var/Save/security/acc_access.log ] || touch /var/Save/security/acc_access.log
907
	chown root:apache /var/Save/security/acc_access.log
890
	chown root:apache /var/Save/security/acc_access.log
908
	chmod 664 /var/Save/security/acc_access.log
891
	chmod 664 /var/Save/security/acc_access.log
909
} # End of ACC()
892
} # End of ACC()
910
 
893
 
911
##################################################################
-
 
912
##                      Fonction "CA"                           ##
-
 
913
## - Creating the CA and the server certificate (lighttpd)      ##
-
 
914
##################################################################
-
 
915
CA()
-
 
916
{
-
 
917
	$DIR_DEST_BIN/alcasar-CA.sh
-
 
918
	chown -R root:apache /etc/pki
-
 
919
	chmod -R 750 /etc/pki
-
 
920
} # End of CA()
-
 
921
 
-
 
922
#############################################################
894
#############################################################
923
##               Function "time_server"                    ##
895
##               Function "time_server"                    ##
924
## - Configuring NTP server                                ##
896
## - Configuring NTP server                                ##
925
#############################################################
897
#############################################################
926
time_server()
898
time_server()
Line 1064... Line 1036...
1064
	$SED "s?^#[\t ]*server =.*?server = \"localhost\"?g" /etc/raddb/mods-available/sql
1036
	$SED "s?^#[\t ]*server =.*?server = \"localhost\"?g" /etc/raddb/mods-available/sql
1065
	$SED "s?^#[\t ]*port =.*?port = \"3306\"?g" /etc/raddb/mods-available/sql
1037
	$SED "s?^#[\t ]*port =.*?port = \"3306\"?g" /etc/raddb/mods-available/sql
1066
	$SED "s?^#[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/mods-available/sql
1038
	$SED "s?^#[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/mods-available/sql
1067
	$SED "s?^#[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/mods-available/sql
1039
	$SED "s?^#[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/mods-available/sql
1068
	# no TLS encryption on 127.0.0.1
1040
	# no TLS encryption on 127.0.0.1
1069
	$SED "s?^[\t] ]*ca_file =.*?#&?g" /etc/raddb/mods-available/sql
1041
	$SED "s?^[\t ]*ca_file =.*?#&?g" /etc/raddb/mods-available/sql
1070
	$SED "s?^[\t] ]*ca_path =.*?#&?g" /etc/raddb/mods-available/sql
1042
	$SED "s?^[\t ]*ca_path =.*?#&?g" /etc/raddb/mods-available/sql
1071
	$SED "s?^[\t] ]*certificate_file =.*?#&?g" /etc/raddb/mods-available/sql
1043
	$SED "s?^[\t ]*certificate_file =.*?#&?g" /etc/raddb/mods-available/sql
1072
	$SED "s?^[\t] ]*private_key_file =.*?#&?g" /etc/raddb/mods-available/sql
1044
	$SED "s?^[\t ]*private_key_file =.*?#&?g" /etc/raddb/mods-available/sql
1073
	$SED "s?^[\t] ]*cipher =.*?#&?g" /etc/raddb/mods-available/sql
1045
	$SED "s?^[\t ]*cipher =.*?#&?g" /etc/raddb/mods-available/sql
1074
	$SED "s?^[\t] ]*tls_required =.*?tls_required = no?g" /etc/raddb/mods-available/sql
1046
	$SED "s?^[\t ]*tls_required =.*?tls_required = no?g" /etc/raddb/mods-available/sql
1075
# queries.conf modifications : case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.
1047
# queries.conf modifications : case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.
1076
	[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] || cp /etc/raddb/mods-config/sql/main/mysql/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf.default
1048
	[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] || cp /etc/raddb/mods-config/sql/main/mysql/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf.default
1077
	cp -f $DIR_CONF/radius/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf
1049
	cp -f $DIR_CONF/radius/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf
1078
	chown -R radius:radius /etc/raddb/mods-config/sql/main/mysql/queries.conf
1050
	chown -R radius:radius /etc/raddb/mods-config/sql/main/mysql/queries.conf
1079
# sqlcounter modifications
1051
# sqlcounter modifications
Line 1303... Line 1275...
1303
# Adapt the main conf file
1275
# Adapt the main conf file
1304
# French deny HTML page
1276
# French deny HTML page
1305
	$SED "s?^language =.*?language = french?g" $DIR_DG/e2guardian.conf
1277
	$SED "s?^language =.*?language = french?g" $DIR_DG/e2guardian.conf
1306
# Listen only on LAN side
1278
# Listen only on LAN side
1307
	$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/e2guardian.conf
1279
	$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/e2guardian.conf
1308
# The port that E2guardian listens to
1280
# The port that E2guardian listens to HTTP
1309
	$SED "s?^filterports =*?filteports = 8080?g" $DIR_DG/e2guardian.conf
1281
	$SED "s?^filterports =*?filterports = 8080?g" $DIR_DG/e2guardian.conf
-
 
1282
# The port that E2guardian listens to HTTPS
-
 
1283
	$SED "s?^transparenthttpsport =*?transparenthttpsport = 8443?g" $DIR_DG/e2guardian.conf
1310
# DG send its flow to HAVP (127.0.0.1:8090)
1284
# DG send its flow to HAVP (127.0.0.1:8090)
1311
	$SED "s?^#proxyip.*?proxyip = 127.0.0.1?g" $DIR_DG/e2guardian.conf
1285
	$SED "s?^#proxyip.*?proxyip = 127.0.0.1?g" $DIR_DG/e2guardian.conf
1312
	$SED "s?^#proxyport.*?proxyport = 8090?g" $DIR_DG/e2guardian.conf
1286
	$SED "s?^#proxyport.*?proxyport = 8090?g" $DIR_DG/e2guardian.conf
1313
# Don't log
1287
# Don't log
1314
	$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/e2guardian.conf
1288
	$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/e2guardian.conf
Line 1593... Line 1567...
1593
	$SED "s?^Interface.*?Interface \"$EXTIF\"?g" /etc/vnstat.conf
1567
	$SED "s?^Interface.*?Interface \"$EXTIF\"?g" /etc/vnstat.conf
1594
	$SED "s?^DatabaseDir.*?DatabaseDir /var/log/vnstat?g" /etc/vnstat.conf
1568
	$SED "s?^DatabaseDir.*?DatabaseDir /var/log/vnstat?g" /etc/vnstat.conf
1595
	[ -e $DIR_ACC/manager/stats/config.php.default ] || cp $DIR_ACC/manager/stats/config.php $DIR_ACC/manager/stats/config.php.default
1569
	[ -e $DIR_ACC/manager/stats/config.php.default ] || cp $DIR_ACC/manager/stats/config.php $DIR_ACC/manager/stats/config.php.default
1596
	$SED "s?\$iface_list =.*?\$iface_list = array('$EXTIF');?" $DIR_ACC/manager/stats/config.php
1570
	$SED "s?\$iface_list =.*?\$iface_list = array('$EXTIF');?" $DIR_ACC/manager/stats/config.php
1597
	$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php
1571
	$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php
1598
	/usr/bin/vnstat -i $EXTIF -u --force
-
 
1599
} # End of vnstat()
1572
} # End of vnstat()
1600
 
1573
 
1601
###################################################################
1574
###################################################################
1602
##                     Function "dnsmasq"                        ##
1575
##                     Function "dnsmasq"                        ##
1603
## - creation of the conf files of dnsmasq (whitelist for ipset )##
1576
## - creation of the conf files of dnsmasq (whitelist for ipset )##