Subversion Repositories ALCASAR

Rev

Rev 854 | Rev 861 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log

Rev 854 Rev 860
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 854 2012-04-09 19:31:46Z richard $ 
2
#  $Id: alcasar.sh 860 2012-04-20 17:51:24Z richard $ 
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
5
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
 
7
 
Line 454... Line 454...
454
EOF
454
EOF
455
# Firewall config
455
# Firewall config
456
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
456
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
457
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
457
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
458
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
458
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
459
# create the filter exxeption file
459
# create the filter exception file and ip_bloqued file
460
	touch $DIR_DEST_ETC/alcasar-filter-exceptions
460
	touch $DIR_DEST_ETC/alcasar-filter-exceptions
-
 
461
# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)
-
 
462
	echo "#$PUBLIC_IP/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked
461
# load conntrack ftp module
463
# load conntrack ftp module
462
	[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
464
	[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
463
	echo "ip_conntrack_ftp" >>  /etc/modprobe.preload
465
	echo "ip_conntrack_ftp" >>  /etc/modprobe.preload
464
# le script $DIR_DEST_BIN/alcasar-iptables.sh est lancé à la fin (pour ne pas perturber une mise à jour via ssh)
466
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
465
} # End of network ()
467
} # End of network ()
466
 
468
 
467
##################################################################
469
##################################################################
468
##			Fonction gestion			##
470
##			Fonction gestion			##
469
## - installation du centre de gestion				##
471
## - installation du centre de gestion				##
Line 1399... Line 1401...
1399
# postfix banner anonymisation
1401
# postfix banner anonymisation
1400
	$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
1402
	$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
1401
# sshd écoute côté LAN et WAN
1403
# sshd écoute côté LAN et WAN
1402
	$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
1404
	$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
1403
	$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config 
1405
	$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config 
1404
	# Put the default value in conf file (sshd, QOS and protocols/dns/ext_LAN filtering are off)(web antivirus is on)
1406
	# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)
1405
	/sbin/chkconfig --del sshd
1407
	/sbin/chkconfig --del sshd
1406
	echo "SSH=off" >> $CONF_FILE
1408
	echo "SSH=off" >> $CONF_FILE
1407
	echo 'Admin_from_IP="0.0.0.0/0.0.0.0"' >> $CONF_FILE
1409
	echo 'Admin_from_IP="0.0.0.0/0.0.0.0"' >> $CONF_FILE
1408
	echo "QOS=off" >> $CONF_FILE
1410
	echo "QOS=off" >> $CONF_FILE
1409
	echo "LDAP=off" >> $CONF_FILE
1411
	echo "LDAP=off" >> $CONF_FILE
1410
	echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
1412
	echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
1411
	echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
1413
	echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
1412
	echo "EXT_LAN_FILTERING=off" >> $CONF_FILE
-
 
1413
	echo "DNS_FILTERING=off" >> $CONF_FILE
1414
	echo "DNS_FILTERING=off" >> $CONF_FILE
1414
	echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
1415
	echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
1415
# Coloration des prompts
1416
# Coloration des prompts
1416
	[ -e /etc/bashrc.default ]  || cp /etc/bashrc /etc/bashrc.default
1417
	[ -e /etc/bashrc.default ]  || cp /etc/bashrc /etc/bashrc.default
1417
	cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
1418
	cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc