WebSVN – ALCASAR – Diff – /alcasar.sh



#!/bin/bash
#  $Id: alcasar.sh 860 2012-04-20 17:51:24Z richard $ 
 
# alcasar.sh
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
 

EOF
# Firewall config
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
# create the filter exception file and ip_bloqued file
	touch $DIR_DEST_ETC/alcasar-filter-exceptions
# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)
	echo "#$PUBLIC_IP/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked
# load conntrack ftp module
	[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
	echo "ip_conntrack_ftp" >>  /etc/modprobe.preload
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
} # End of network ()
 
##################################################################
##			Fonction gestion			##
## - installation du centre de gestion				##

# postfix banner anonymisation
	$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
# sshd écoute côté LAN et WAN
	$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
	$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config 
	# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)
	/sbin/chkconfig --del sshd
	echo "SSH=off" >> $CONF_FILE
	echo 'Admin_from_IP="0.0.0.0/0.0.0.0"' >> $CONF_FILE
	echo "QOS=off" >> $CONF_FILE
	echo "LDAP=off" >> $CONF_FILE
	echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
	echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
 
	echo "DNS_FILTERING=off" >> $CONF_FILE
	echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
# Coloration des prompts
	[ -e /etc/bashrc.default ]  || cp /etc/bashrc /etc/bashrc.default
	cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc

Rev 854	Rev 860
Line 1...	Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar.sh 854 2012-04-09 19:31:46Z richard $`	2	`# $Id: alcasar.sh 860 2012-04-20 17:51:24Z richard $`
3		3
4	`# alcasar.sh`	4	`# alcasar.sh`
5	`# by Franck BOUIJOUX, Pascal LEVANT and Richard REY`	5	`# by Franck BOUIJOUX, Pascal LEVANT and Richard REY`
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7		7
Line 454...	Line 454...
454	`EOF`	454	`EOF`
455	`# Firewall config`	455	`# Firewall config`
456	`$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`	456	`$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`
457	`$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`	457	`$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`
458	`chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)`	458	`chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)`
459	`# create the filter exxeption file`	459	`# create the filter exception file and ip_bloqued file`
460	`touch $DIR_DEST_ETC/alcasar-filter-exceptions`	460	`touch $DIR_DEST_ETC/alcasar-filter-exceptions`
-		461	`# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)`
-		462	`echo "#$PUBLIC_IP/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked`
461	`# load conntrack ftp module`	463	`# load conntrack ftp module`
462	`[ -e /etc/modprobe.preload.default ] \|\| cp /etc/modprobe.preload /etc/modprobe.preload.default`	464	`[ -e /etc/modprobe.preload.default ] \|\| cp /etc/modprobe.preload /etc/modprobe.preload.default`
463	`echo "ip_conntrack_ftp" >> /etc/modprobe.preload`	465	`echo "ip_conntrack_ftp" >> /etc/modprobe.preload`
464	`# le script $DIR_DEST_BIN/alcasar-iptables.sh est lancé à la fin (pour ne pas perturber une mise à jour via ssh)`	466	`# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh`
465	`} # End of network ()`	467	`} # End of network ()`
466		468
467	`##################################################################`	469	`##################################################################`
468	`## Fonction gestion ##`	470	`## Fonction gestion ##`
469	`## - installation du centre de gestion ##`	471	`## - installation du centre de gestion ##`
Line 1399...	Line 1401...
1399	`# postfix banner anonymisation`	1401	`# postfix banner anonymisation`
1400	`$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf`	1402	`$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf`
1401	`# sshd écoute côté LAN et WAN`	1403	`# sshd écoute côté LAN et WAN`
1402	`$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config`	1404	`$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config`
1403	`$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config`	1405	`$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config`
1404	`# Put the default value in conf file (sshd, QOS and protocols/dns/ext_LAN filtering are off)(web antivirus is on)`	1406	`# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)`
1405	`/sbin/chkconfig --del sshd`	1407	`/sbin/chkconfig --del sshd`
1406	`echo "SSH=off" >> $CONF_FILE`	1408	`echo "SSH=off" >> $CONF_FILE`
1407	`echo 'Admin_from_IP="0.0.0.0/0.0.0.0"' >> $CONF_FILE`	1409	`echo 'Admin_from_IP="0.0.0.0/0.0.0.0"' >> $CONF_FILE`
1408	`echo "QOS=off" >> $CONF_FILE`	1410	`echo "QOS=off" >> $CONF_FILE`
1409	`echo "LDAP=off" >> $CONF_FILE`	1411	`echo "LDAP=off" >> $CONF_FILE`
1410	`echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE`	1412	`echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE`
1411	`echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE`	1413	`echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE`
1412	`echo "EXT_LAN_FILTERING=off" >> $CONF_FILE`	-
1413	`echo "DNS_FILTERING=off" >> $CONF_FILE`	1414	`echo "DNS_FILTERING=off" >> $CONF_FILE`
1414	`echo "WEB_ANTIVIRUS=on" >> $CONF_FILE`	1415	`echo "WEB_ANTIVIRUS=on" >> $CONF_FILE`
1415	`# Coloration des prompts`	1416	`# Coloration des prompts`
1416	`[ -e /etc/bashrc.default ] \|\| cp /etc/bashrc /etc/bashrc.default`	1417	`[ -e /etc/bashrc.default ] \|\| cp /etc/bashrc /etc/bashrc.default`
1417	`cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc`	1418	`cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc`

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2681 – Rev 854 → 860