Subversion Repositories ALCASAR

Rev

Rev 476 | Rev 479 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 476 Rev 478
Line 1... Line 1...
1 
#!/bin/sh
 1 
#!/bin/sh
2 
#  $Id: alcasar.sh 476 2011-02-06 20:31:31Z richard $
2 
#  $Id: alcasar.sh 478 2011-02-07 23:17:10Z richard $
3 
 
 3 
 
4 
# alcasar.sh
 4 
# alcasar.sh
5 
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
 5 
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
6 
# This script is distributed under the Gnu General Public License (GPL)
 6 
# This script is distributed under the Gnu General Public License (GPL)
7 
 
 7 
 
Line 816... Line 816...
816 
radiusauthport	1812
 816 
radiusauthport	1812
817 
radiusacctport	1813
 817 
radiusacctport	1813
818 
uamserver	https://$HOSTNAME/intercept.php
 818 
uamserver	https://$HOSTNAME/intercept.php
819 
radiusnasid	$HOSTNAME
 819 
radiusnasid	$HOSTNAME
820 
papalwaysok
 820 
papalwaysok
821 
#dnsparanoia
 - 
 
822 
uamsecret	$secretuam
 821 
uamsecret	$secretuam
823 
coaport		3799
 822 
coaport		3799
824 
include		/usr/local/etc/alcasar-uamallowed
 823 
include		/usr/local/etc/alcasar-uamallowed
825 
include		/usr/local/etc/alcasar-uamdomain
 824 
include		/usr/local/etc/alcasar-uamdomain
826 
include		/usr/local/etc/alcasar-macallowed
 825 
include		/usr/local/etc/alcasar-macallowed
Line 922... Line 921...
922 
{
 921 
{
923 
# création de l'usager 'havp'
 922 
# création de l'usager 'havp'
924 
	havp_exist=`grep havp /etc/passwd|wc -l`
 923 
	havp_exist=`grep havp /etc/passwd|wc -l`
925 
	if [ "$havp_exist" == "1" ]
 924 
	if [ "$havp_exist" == "1" ]
926 
	then
 925 
	then
927 
	      userdel -r havp
 926 
	      userdel -r havp 2>/dev/null
928 
	fi
 927 
	fi
929 
	groupadd -f havp
 928 
	groupadd -f havp
930 
	useradd -g havp havp
 929 
	useradd -M -g havp havp
931 
# création de la zone de travail temporaire (50Mo) en mémoire
 930 
# création de la zone de travail temporaire (50Mo) en mémoire
932 
	mkdir -p /var/tmp/havp /var/log/havp
 931 
	mkdir -p /var/tmp/havp /var/log/havp
933 
	chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
 932 
	chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
934 
	echo "# Entry for havp tmp files scan partition" >> /etc/fstab
 933 
	echo "# Entry for havp tmp files scan partition" >> /etc/fstab
935 
	echo "tmpfs /var/tmp/havp tmpfs mand,noatime,size=50m,nosuid,noexec 0 0" >> /etc/fstab
 934 
	echo "tmpfs /var/tmp/havp tmpfs mand,noatime,size=50m,nosuid,noexec 0 0" >> /etc/fstab
Line 979... Line 978...
979 
##################################################################################
 978 
##################################################################################
980 
param_ulogd ()
 979 
param_ulogd ()
981 
{
 980 
{
982 
# Three instances of ulogd (three different logfiles)
 981 
# Three instances of ulogd (three different logfiles)
983 
	[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
 982 
	[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
- 
 
 983 
	nl=1
984 
	[ -e /var/log/firewall/tracability.log ] || touch /var/log/firewall/tracability.log
 984 
	for log_type in tracability ssh ext-access
- 
 
 985 
	do
985 
	[ -e /var/log/firewall/ssh.log ] || touch /var/log/firewall/ssh.log
 986 
		[ -e /var/log/firewall/$log_type.log ] || touch /var/log/firewall/$log_type.log
986 
	[ -e /var/log/firewall/ext-access.log ] || touch /var/log/firewall/ext-access.log
 987 
		cp -f /etc/ulogd.conf /etc/ulogd-$log_type.conf
987 
	chown -R root:apache /var/log/firewall
 988 
		$SED "s?^nlgroup=.*?nlgroup=$nl?g" /etc/ulogd-$log_type.conf
988 
	chmod 750 /var/log/firewall
 989 
		$SED '/OPRINT/,$d' /etc/ulogd-$log_type.conf
989 
	chmod 640 /var/log/firewall/*
 - 
 
990 
	cat <<EOF > /etc/ulogd-tracability.conf
 990 
		cat << EOF >> /etc/ulogd-$log_type.conf
991 
# ulogd configuration for ALCASAR
 - 
 
992 
[global]
 - 
 
993 
nlgroup=1
 - 
 
994 
logfile="/var/log/ulogd.log"
 - 
 
995 
loglevel=5
 - 
 
996 
rmem=131071
 - 
 
997 
bufsize=150000
 - 
 
998 
plugin="/usr/lib/ulogd/ulogd_BASE.so"
 - 
 
999 
plugin="/usr/lib/ulogd/ulogd_LOGEMU.so"
 - 
 
1000 
[LOGEMU]
 991 
[LOGEMU]
1001 
file="/var/log/firewall/tracability.log"
 992 
file="/var/log/firewall/$log_type.log"
1002 
sync=1
 993 
sync=1
1003 
EOF
 994 
EOF
1004 
 	cp -f /etc/ulogd-tracability.conf /etc/ulogd-ssh.conf
 995 
		nl=`expr $nl + 1`
- 
 
 996 
	done
1005 
	$SED "s?^nlgroup=.*?nlgroup=2?g" /etc/ulogd-ssh.conf
997 
	chown -R root:apache /var/log/firewall
1006 
	$SED "s?^file=\"/var/log/firewall/.*?file=\"/var/log/firewall/ssh.log\"?g" /etc/ulogd-ssh.conf
- 
 
1007 
 	cp -f /etc/ulogd-tracability.conf /etc/ulogd-ext-access.conf
 998 
	chmod 750 /var/log/firewall
1008 
	$SED "s?^nlgroup=.*?nlgroup=3?g" /etc/ulogd-ext-access.conf
999 
	chmod 640 /var/log/firewall/*
1009 
	$SED "s?^file=\"/var/log/firewall/.*?file=\"/var/log/firewall/ext-access.log\"?g" /etc/ulogd-ext-access.conf
 - 
 
1010 
	[ -e /etc/init.d/ulogd.default ] || cp /etc/init.d/ulogd /etc/init.d/ulogd.default
 1000 
	[ -e /etc/init.d/ulogd.default ] || cp /etc/init.d/ulogd /etc/init.d/ulogd.default
1011 
	cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd
 1001 
	cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd
1012 
}  # End of param_ulogd ()
 1002 
}  # End of param_ulogd ()
1013 
 
 1003 
 
1014 
##################################################################################
 1004 
##################################################################################
Line 1386... Line 1376...
1386 
		fi
 1376 
		fi
1387 
		for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus firewall param_ulogd param_awstats param_dnsmasq BL cron post_install
 1377 
		for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus firewall param_ulogd param_awstats param_dnsmasq BL cron post_install
1388 
 
 1378 
 
1389 
		do
 1379 
		do
1390 
			$func
 1380 
			$func
1391 
 # echo "*** 'debug' : end of function $func ***"; read a
 1381 
# echo "*** 'debug' : end of function $func ***"; read a
1392 
		done
 1382 
		done
1393 
		;;
 1383 
		;;
1394 
	-u | --uninstall)
 1384 
	-u | --uninstall)
1395 
		if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]
 1385 
		if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]
1396 
		then
 1386 
		then