| Line 1... |
Line 1... |
| 1 |
#!/bin/sh
|
1 |
#!/bin/sh
|
| 2 |
# $Id: alcasar.sh 481 2011-02-08 23:24:15Z franck $
|
2 |
# $Id: alcasar.sh 489 2011-02-13 17:32:07Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 62... |
Line 62... |
| 62 |
SQUID_PORT="3128" # Port d'écoute du proxy Squid
|
62 |
SQUID_PORT="3128" # Port d'écoute du proxy Squid
|
| 63 |
UAMPORT="3990"
|
63 |
UAMPORT="3990"
|
| 64 |
# ****** Paths - chemin des commandes *******
|
64 |
# ****** Paths - chemin des commandes *******
|
| 65 |
SED="/bin/sed -i"
|
65 |
SED="/bin/sed -i"
|
| 66 |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
|
66 |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
|
| 67 |
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php squid dansguardian postfix MySQL logwatch ntp awstats mondo cdrecord buffer vim-enhanced bind-utils wget arpscan ulogd openssh-server php-xml pam_ccreds rng-utils lsb-release dnsmasq sudo cronie-anacron pciutils pm-fallback-policy"
|
67 |
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php squid dansguardian postfix MySQL logwatch ntp awstats mondo cdrecord buffer vim-enhanced bind-utils wget arpscan ulogd openssh-server php-xml pam_ccreds rng-utils lsb-release dnsmasq sudo cronie-anacron pciutils clamav pm-fallback-policy"
|
| 68 |
# ****************** End of global parameters *********************
|
68 |
# ****************** End of global parameters *********************
|
| 69 |
|
69 |
|
| 70 |
header_install ()
|
70 |
header_install ()
|
| 71 |
{
|
71 |
{
|
| 72 |
clear
|
72 |
clear
|
| Line 193... |
Line 193... |
| 193 |
exit 0
|
193 |
exit 0
|
| 194 |
fi
|
194 |
fi
|
| 195 |
# Download of ALCASAR specifics RPM in cache (and test)
|
195 |
# Download of ALCASAR specifics RPM in cache (and test)
|
| 196 |
echo "Récupération des paquetages complémentaires. Veuillez patienter ..."
|
196 |
echo "Récupération des paquetages complémentaires. Veuillez patienter ..."
|
| 197 |
echo "Download of complementary packages. Please wait ..."
|
197 |
echo "Download of complementary packages. Please wait ..."
|
| 198 |
urpmi --auto $PACKAGES --quiet --test --retry 2
|
198 |
urpmi --wget --auto $PACKAGES --quiet --test --retry 2
|
| 199 |
if [ "$?" != "0" ]
|
199 |
if [ "$?" != "0" ]
|
| 200 |
then
|
200 |
then
|
| 201 |
echo
|
201 |
echo
|
| 202 |
echo "Une erreur a été détectée lors de la récupération des paquetages complémentaires."
|
202 |
echo "Une erreur a été détectée lors de la récupération des paquetages complémentaires."
|
| 203 |
echo "Relancez l'installation ultérieurement."
|
203 |
echo "Relancez l'installation ultérieurement."
|
| Line 208... |
Line 208... |
| 208 |
exit 0
|
208 |
exit 0
|
| 209 |
fi
|
209 |
fi
|
| 210 |
# update with cached RPM
|
210 |
# update with cached RPM
|
| 211 |
urpmi --auto $PACKAGES
|
211 |
urpmi --auto $PACKAGES
|
| 212 |
# On supprime les paquetages, les services et les utilisateurs inutiles
|
212 |
# On supprime les paquetages, les services et les utilisateurs inutiles
|
| 213 |
for rm_rpm in shorewall dhcp-server c-icap-server cyrus-sasl distcache-server avahi mandi radeontool bind clamav
|
213 |
for rm_rpm in shorewall dhcp-server c-icap-server cyrus-sasl distcache-server avahi mandi radeontool bind
|
| 214 |
do
|
214 |
do
|
| 215 |
/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null
|
215 |
/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null
|
| 216 |
done
|
216 |
done
|
| 217 |
for svc in alsa sound dm atd netfs bootlogd stop-bootlogd
|
217 |
for svc in alsa sound dm atd netfs bootlogd stop-bootlogd
|
| 218 |
do
|
218 |
do
|
| Line 925... |
Line 925... |
| 925 |
then
|
925 |
then
|
| 926 |
userdel -r havp 2>/dev/null
|
926 |
userdel -r havp 2>/dev/null
|
| 927 |
fi
|
927 |
fi
|
| 928 |
groupadd -f havp
|
928 |
groupadd -f havp
|
| 929 |
useradd -M -g havp havp
|
929 |
useradd -M -g havp havp
|
| 930 |
# création de la zone de travail temporaire (50Mo) en mémoire
|
- |
|
| 931 |
mkdir -p /var/tmp/havp /var/log/havp
|
930 |
mkdir -p /var/tmp/havp /var/log/havp
|
| 932 |
chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
|
931 |
chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
|
| 933 |
# echo "# Entry for havp tmp files scan partition" >> /etc/fstab
|
- |
|
| 934 |
# echo "tmpfs /var/tmp/havp tmpfs mand,noatime,size=50m,nosuid,noexec 0 0" >> /etc/fstab
|
- |
|
| 935 |
$SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp
|
932 |
$SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp
|
| 936 |
# configuration d'HAVP
|
933 |
# configuration d'HAVP
|
| 937 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
|
934 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
|
| 938 |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
|
935 |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
|
| 939 |
$SED "s?^# PARENTPROXY.*?PARENTPROXY 127.0.0.1?g" /etc/havp/havp.config
|
936 |
$SED "s?^# PARENTPROXY.*?PARENTPROXY 127.0.0.1?g" /etc/havp/havp.config
|
| Line 943... |
Line 940... |
| 943 |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config
|
940 |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config
|
| 944 |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config
|
941 |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config
|
| 945 |
# remplacement du fichier d'initialisation
|
942 |
# remplacement du fichier d'initialisation
|
| 946 |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
|
943 |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
|
| 947 |
cp -f $DIR_CONF/havp-init /etc/init.d/havp
|
944 |
cp -f $DIR_CONF/havp-init /etc/init.d/havp
|
| 948 |
# ajout de la fonction 'status' (utile pour la gestion du process)
|
- |
|
| 949 |
# $SED "/^HAVP_BIN=/i. /etc/init.d/functions" /etc/init.d/havp
|
- |
|
| 950 |
# $SED "s?^[\t ]*echo \"Checking for.*?status havp?g" /etc/init.d/havp
|
- |
|
| 951 |
# on remplace la page d'interception (template)
|
945 |
# on remplace la page d'interception (template)
|
| 952 |
cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
|
946 |
cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
|
| 953 |
cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
|
947 |
cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
|
| - |
|
948 |
# automatisation de la mise à jour de la base antivirale (toutes les 2 heures)
|
| - |
|
949 |
$SED "s?^Checks.*?Checks 12?g" /etc/freshclam.conf
|
| - |
|
950 |
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
|
| 954 |
}
|
951 |
}
|
| 955 |
|
952 |
|
| 956 |
##################################################################################
|
953 |
##################################################################################
|
| 957 |
## Fonction firewall ##
|
954 |
## Fonction firewall ##
|
| 958 |
## - adaptation des scripts du parefeu ##
|
955 |
## - adaptation des scripts du parefeu ##
|