WebSVN – ALCASAR – Diff – /alcasar.sh

 #!/bin/sh
-#  $Id: alcasar.sh 70 2010-04-14 20:01:09Z franck $
+#  $Id: alcasar.sh 71 2010-04-14 22:57:42Z richard $
 # alcasar.sh
 # by Franck BOUIJOUX, Pascal LEVANT and Richard REY
 # This script is distributed under the Gnu General Public License (GPL)
 #	param_radius	: Configuration du serveur d'authentification FreeRadius
 #	param_web_radius: Configuration de l'interface de gestion de FreeRadius (dialupadmin)
 #	param_chilli	: Configuration du daemon 'coova-chilli' et de la page d'authentification
 #	param_squid	: Configuration du proxy squid en mode 'cache'
 #	param_dansguardian : Configuration de l'analyseur de contenu DansGuardian
+#	antivius	: Installation havp + clamav
 #	firewall	: Mise en place des règles du parefeu et de l'interface WEB FirewallEyes
 #	param_awstats	: Configuration de l'interface des statistiques de consultation WEB
 #	bind		: Configuration du serveur de noms
 #	cron		: Mise en place des exports de logs (+ chiffrement)
 	for i in ISO base logs/firewall logs/httpd logs/squid ;
 	do
 		[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
 	done
 	chown -R root:apache $DIR_SAVE
-# Configuration php
+# Configuration et sécurisation php
+	[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default
 	$SED "s?^upload_max_filesize.*?upload_max_filesize = 20M?g" /etc/php.ini
 	$SED "s?^post_max_size.*?post_max_size = 20M?g" /etc/php.ini
+	$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini
+	$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini
-# Configuration Apache
+# Configuration et sécurisation Apache
 	[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
 	$SED "s?^#ServerName.*?ServerName $PRIVATE_IP?g" /etc/httpd/conf/httpd.conf
 	$SED "s?^Listen.*?#Listen 127.0.0.1:80?g" /etc/httpd/conf/httpd.conf
 	$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
 	$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
 	cat $DIR_CONF/bannedurllist >> /etc/dansguardian/lists/bannedurllist
 	chown -R dansguardian:apache /etc/dansguardian/
 	chmod -R g+rw /etc/dansguardian
 } # End of param_dansguardian ()
+##################################################################
+##			Fonction antivirus			##
+## - mise en place havp + clamav				##
+##################################################################
+antivirus ()
+{
+# création de la partition de stockage temporaire (100Mo)
+useradd -r havp
+dd if=/dev/zero of=/tmp/havp-disk bs=1024k count=30
+mkfs.ext4 -qF /tmp/havp-disk
+mkdir /var/tmp/havp
+chown havp:havp /var/tmp/havp
+echo "# Entry for havp tmp files scan partition" >> /etc/fstab
+echo "/tmp/havp-disk /var/tmp/havp ext4 loop,mand,noatime,async" >> /etc/fstab
+cp $DIR_CONF/havp/havp $DIR_DEST_SBIN
+cp -r $DIR_CONF/havp/etc/havp $DIR_DEST_ETC
+cp $DIR_CONF/havp/etc/init.d/havp /etc/init.d/
+chkconfig --level 345 havp on
+chkconfig --level 01267 havp off
+}
 ##################################################################################
 ##				Fonction firewall				##
 ## - adaptation des scripts du parefeu						##
 ## - mise en place des règles et sauvegarde pour un lancement automatique	##
 ## - configuration Ulogd							##
 			hostname `cat $DIR_CONF/hostname`
 			mode="update"
 		else
 			mode="install"
 		fi
-		for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian firewall param_awstats param_bind cron post_install
+		for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus firewall param_awstats param_bind cron post_install
 		do
 			$func
 # echo "*** 'debug' : end of function $func ***"; read a
 		done
 		;;

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2681 – Rev 70 → 71