| Line 1... |
Line 1... |
| 1 |
#!/bin/sh
|
1 |
#!/bin/sh
|
| 2 |
# $Id: alcasar.sh 302 2010-10-09 13:34:31Z richard $
|
2 |
# $Id: alcasar.sh 303 2010-10-09 16:41:23Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 409... |
Line 409... |
| 409 |
restrict 127.0.0.1
|
409 |
restrict 127.0.0.1
|
| 410 |
driftfile /etc/ntp/drift
|
410 |
driftfile /etc/ntp/drift
|
| 411 |
logfile /var/log/ntp.log
|
411 |
logfile /var/log/ntp.log
|
| 412 |
EOF
|
412 |
EOF
|
| 413 |
chown -R ntp:ntp /etc/ntp
|
413 |
chown -R ntp:ntp /etc/ntp
|
| - |
|
414 |
# synchronisation horaire
|
| - |
|
415 |
ntpd -q -g &
|
| 414 |
# Renseignement des fichiers hosts.allow et hosts.deny
|
416 |
# Renseignement des fichiers hosts.allow et hosts.deny
|
| 415 |
[ -e /etc/hosts.allow.default ] || cp /etc/hosts.allow /etc/hosts.allow.default
|
417 |
[ -e /etc/hosts.allow.default ] || cp /etc/hosts.allow /etc/hosts.allow.default
|
| 416 |
cat <<EOF > /etc/hosts.allow
|
418 |
cat <<EOF > /etc/hosts.allow
|
| 417 |
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
|
419 |
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
|
| 418 |
sshd: $PRIVATE_NETWORK_SHORT
|
420 |
sshd: $PRIVATE_NETWORK_SHORT
|
| Line 458... |
Line 460... |
| 458 |
$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini
|
460 |
$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini
|
| 459 |
$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini
|
461 |
$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini
|
| 460 |
# Configuration et sécurisation Apache
|
462 |
# Configuration et sécurisation Apache
|
| 461 |
[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
|
463 |
[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
|
| 462 |
$SED "s?^#ServerName.*?ServerName $PRIVATE_IP?g" /etc/httpd/conf/httpd.conf
|
464 |
$SED "s?^#ServerName.*?ServerName $PRIVATE_IP?g" /etc/httpd/conf/httpd.conf
|
| 463 |
$SED "s?^Listen.*?#Listen 127.0.0.1:80?g" /etc/httpd/conf/httpd.conf
|
465 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
|
| 464 |
$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
|
466 |
$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
|
| 465 |
$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
|
467 |
$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
|
| 466 |
$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf
|
468 |
$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf
|
| 467 |
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
|
469 |
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
|
| 468 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF
|
470 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF
|
| Line 471... |
Line 473... |
| 471 |
cat <<EOF > /var/www/error/include/bottom.html
|
473 |
cat <<EOF > /var/www/error/include/bottom.html
|
| 472 |
</body>
|
474 |
</body>
|
| 473 |
</html>
|
475 |
</html>
|
| 474 |
EOF
|
476 |
EOF
|
| 475 |
echo "- URL d'accès au centre de gestion : https://$PRIVATE_IP" >> $FIC_PARAM
|
477 |
echo "- URL d'accès au centre de gestion : https://$PRIVATE_IP" >> $FIC_PARAM
|
| - |
|
478 |
# On crée le VirtualHost pour l'accès au port 80 (redirection après filtrage)
|
| - |
|
479 |
FIC_VIRTUAL=`find /etc/httpd/conf -type f -name *default_vhosts*`
|
| - |
|
480 |
[ -e /etc/httpd/conf/vhosts.default ] || cp $FIC_VIRTUAL /etc/httpd/conf/vhosts.default
|
| - |
|
481 |
cat <<EOF > $FIC_VIRTUAL
|
| - |
|
482 |
NameVirtualHost *:80
|
| - |
|
483 |
<VirtualHost *:80>
|
| - |
|
484 |
ServerName $HOSTNAME
|
| - |
|
485 |
DocumentRoot $DIR_WEB/redirect
|
| - |
|
486 |
</VirtualHost>
|
| - |
|
487 |
EOF
|
| 476 |
# Définition du premier compte lié au profil 'admin'
|
488 |
# Définition du premier compte lié au profil 'admin'
|
| 477 |
if [ "$mode" = "install" ]
|
489 |
if [ "$mode" = "install" ]
|
| 478 |
then
|
490 |
then
|
| 479 |
header_install
|
491 |
header_install
|
| 480 |
echo "Pour administrer Alcasar via le centre de gestion WEB, trois profils de comptes ont été définis :"
|
492 |
echo "Pour administrer Alcasar via le centre de gestion WEB, trois profils de comptes ont été définis :"
|
| Line 496... |
Line 508... |
| 496 |
/usr/sbin/htdigest -c $DIR_WEB/digest/key_admin $HOSTNAME $admin_portail
|
508 |
/usr/sbin/htdigest -c $DIR_WEB/digest/key_admin $HOSTNAME $admin_portail
|
| 497 |
done
|
509 |
done
|
| 498 |
# Création des fichiers de clés des deux autres profils (backup + manager) contenant ce compte
|
510 |
# Création des fichiers de clés des deux autres profils (backup + manager) contenant ce compte
|
| 499 |
$DIR_DEST_SBIN/alcasar-profil.sh -list
|
511 |
$DIR_DEST_SBIN/alcasar-profil.sh -list
|
| 500 |
fi
|
512 |
fi
|
| 501 |
# synchronisation horaire
|
- |
|
| 502 |
ntpd -q -g &
|
- |
|
| 503 |
# Sécurisation du centre
|
513 |
# Sécurisation du centre
|
| 504 |
rm -f /etc/httpd/conf/webapps.d/*
|
514 |
rm -f /etc/httpd/conf/webapps.d/*
|
| 505 |
cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
|
515 |
cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
|
| 506 |
<Directory $DIR_WEB/digest>
|
516 |
<Directory $DIR_WEB/digest>
|
| 507 |
AllowOverride none
|
517 |
AllowOverride none
|
| Line 588... |
Line 598... |
| 588 |
##########################################################################################
|
598 |
##########################################################################################
|
| 589 |
AC ()
|
599 |
AC ()
|
| 590 |
{
|
600 |
{
|
| 591 |
$SED "s?ifcfg-eth.?ifcfg-$INTIF?g" $DIR_DEST_BIN/alcasar-CA.sh
|
601 |
$SED "s?ifcfg-eth.?ifcfg-$INTIF?g" $DIR_DEST_BIN/alcasar-CA.sh
|
| 592 |
$DIR_DEST_BIN/alcasar-CA.sh $mode
|
602 |
$DIR_DEST_BIN/alcasar-CA.sh $mode
|
| 593 |
MOD_SSL=`find /etc/httpd/conf -type f -name *default_ssl*`
|
603 |
FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl*`
|
| - |
|
604 |
[ -e /etc/httpd/conf/vhosts-ssl.default ] || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
|
| 594 |
$SED "s?localhost.crt?alcasar.crt?g" $MOD_SSL
|
605 |
$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
|
| 595 |
$SED "s?localhost.key?alcasar.key?g" $MOD_SSL
|
606 |
$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL
|
| 596 |
chown -R root:apache /etc/pki
|
607 |
chown -R root:apache /etc/pki
|
| 597 |
chmod -R 750 /etc/pki
|
608 |
chmod -R 750 /etc/pki
|
| 598 |
} # End AC ()
|
609 |
} # End AC ()
|
| 599 |
|
610 |
|
| 600 |
##########################################################################################
|
611 |
##########################################################################################
|