Subversion Repositories ALCASAR

Rev

Rev 862 | Rev 868 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 862 Rev 865
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
#  $Id: alcasar.sh 862 2012-04-22 19:50:30Z richard $
2 
#  $Id: alcasar.sh 865 2012-05-01 17:48:31Z richard $
3 
 
 3 
 
4 
# alcasar.sh
 4 
# alcasar.sh
5 
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
 5 
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
6 
# This script is distributed under the Gnu General Public License (GPL)
 6 
# This script is distributed under the Gnu General Public License (GPL)
7 
 
 7 
 
Line 257... Line 257...
257 
	secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# secret partagé entre coova-chilli et FreeRadius
 257 
	secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# secret partagé entre coova-chilli et FreeRadius
258 
	echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
 258 
	echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
259 
	echo "$secretradius" >> $PASSWD_FILE
 259 
	echo "$secretradius" >> $PASSWD_FILE
260 
	chmod 640 $PASSWD_FILE
 260 
	chmod 640 $PASSWD_FILE
261 
# On installe les scripts et fichiers de configuration d'ALCASAR
261 
# On installe les scripts et fichiers de configuration d'ALCASAR
262 
#  - dans /usr/local/bin :  alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log-clean.sh,log-export.sh,watchdog.sh}
 262 
#  - dans /usr/local/bin :  alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log.sh,watchdog.sh}
263 
	cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
 263 
	cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
264 
#  - dans /usr/local/sbin :  alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
 264 
#  - dans /usr/local/sbin :  alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
265 
	cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
 265 
	cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
266 
#  - des fichiers de conf dans /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,ethers,iptables-local.sh,services}
 266 
#  - des fichiers de conf dans /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,ethers,iptables-local.sh,services}
267 
	cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
 267 
	cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
Line 344... Line 344...
344 
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`		# last octet of LAN address
 344 
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`		# last octet of LAN address
345 
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`		# last octet of LAN broadcast
 345 
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`		# last octet of LAN broadcast
346 
	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`		# First network address (ex.: 192.168.182.1)
 346 
	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`		# First network address (ex.: 192.168.182.1)
347 
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
 347 
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
348 
 
 348 
 
349 
# Predefine DHCP parameters (LAN side)
 - 
 
350 
	tmp_mask=`echo $PRIVATE_NETWORK_MASK|cut -d"/" -f2`; half_mask=`expr $tmp_mask + 1`	# masque du 1/2 réseau de consultation (ex.: 25)
 - 
 
351 
	PRIVATE_STAT_IP=$PRIVATE_NETWORK/$half_mask						# plage des adresses statiques (ex.: 192.168.182.0/25)
 - 
 
352 
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`		# dernier octet de l'@ de réseau
 - 
 
353 
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`		# dernier octet de l'@ de broadcast
 - 
 
354 
	private_plage=`expr $private_broadcast_ending - $private_network_ending + 1`
 - 
 
355 
	private_half_plage=`expr $private_plage / 2`
 - 
 
356 
	private_dyn=`expr $private_half_plage + $private_network_ending`
 - 
 
357 
	private_dyn_ip_network=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`"."$private_dyn"."`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup_sup-5`
 - 
 
358 
	PRIVATE_DYN_IP=`echo $private_dyn_ip_network | cut -d"." -f1-4`/$half_mask					# @ réseau (CIDR) de la plage des adresses dynamiques (ex.: 192.168.182.128/25)
 - 
 
359 
	private_dyn_ip_ending=`echo $private_dyn_ip_network | cut -d"." -f4`
 - 
 
360 
	PRIVATE_DYN_FIRST_IP=`echo $private_dyn_ip_network | cut -d"." -f1-3`"."`expr $private_dyn_ip_ending + 1`	# 1ère adresse de la plage dynamique (ex.: 192.168.182.129)
 - 
 
361 
	PRIVATE_DYN_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`		# dernière adresse de la plage dynamique (ex.: 192.168.182.254)
 - 
 
362 
 
 - 
 
363 
# Define Internet parameters
 349 
# Define Internet parameters
364 
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
 350 
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
365 
	DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 1er DNS
 351 
	DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 1er DNS
366 
	DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 2ème DNS
 352 
	DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 2ème DNS
367 
	DNS1=${DNS1:=208.67.220.220}
 353 
	DNS1=${DNS1:=208.67.220.220}
Line 939... Line 925...
939 
pidfile		/var/run/chilli.eth1.pid
 925 
pidfile		/var/run/chilli.eth1.pid
940 
net		$PRIVATE_NETWORK_MASK
 926 
net		$PRIVATE_NETWORK_MASK
941 
dhcpif		$INTIF
 927 
dhcpif		$INTIF
942 
ethers		$DIR_DEST_ETC/alcasar-ethers
 928 
ethers		$DIR_DEST_ETC/alcasar-ethers
943 
#nodynip
 929 
#nodynip
944 
statip		$PRIVATE_STAT_IP
 930 
#statip
945 
dynip		$PRIVATE_DYN_IP
 931 
dynip		$PRIVATE_NETWORK_MASK
946 
domain		localdomain
 932 
domain		localdomain
947 
dns1		$PRIVATE_IP
 933 
dns1		$PRIVATE_IP
948 
dns2		$PRIVATE_IP
 934 
dns2		$PRIVATE_IP
949 
uamlisten	$PRIVATE_IP
 935 
uamlisten	$PRIVATE_IP
950 
uamport		3990
 936 
uamport		3990
Line 1228... Line 1214...
1228 
bogus-priv
 1214 
bogus-priv
1229 
filterwin2k
 1215 
filterwin2k
1230 
server=$DNS1
 1216 
server=$DNS1
1231 
server=$DNS2
 1217 
server=$DNS2
1232 
# le servive DHCP est configuré mais n'est exploité que pour le "bypass"
 1218 
# le servive DHCP est configuré mais n'est exploité que pour le "bypass"
1233 
dhcp-range=$PRIVATE_DYN_FIRST_IP,$PRIVATE_DYN_LAST_IP,$PRIVATE_NETMASK,12h
 1219 
dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
1234 
dhcp-option=option:router,$PRIVATE_IP
 1220 
dhcp-option=option:router,$PRIVATE_IP
1235 
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
 1221 
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
1236 
 
 1222 
 
1237 
# Exemple de configuration statique : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
 1223 
# Exemple de configuration statique : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
1238 
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
 1224 
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
Line 1340... Line 1326...
1340 
7       15      cron.logClean           nice /etc/cron.d/alcasar-clean_log
 1326 
7       15      cron.logClean           nice /etc/cron.d/alcasar-clean_log
1341 
7	20	cron.importClean	nice /etc/cron.d/alcasar-clean_import
 1327 
7	20	cron.importClean	nice /etc/cron.d/alcasar-clean_import
1342 
EOF
 1328 
EOF
1343 
	cat <<EOF > /etc/cron.d/alcasar-clean_log
 1329 
	cat <<EOF > /etc/cron.d/alcasar-clean_log
1344 
# suppression des fichiers de logs de plus d'un an (tous les lundi à 4h30)
 1330 
# suppression des fichiers de logs de plus d'un an (tous les lundi à 4h30)
1345 
30 4 * * 1 root $DIR_DEST_BIN/alcasar-log-clean.sh
 1331 
30 4 * * 1 root $DIR_DEST_BIN/alcasar-log.sh --clean
1346 
EOF
 1332 
EOF
1347 
	cat <<EOF > /etc/cron.d/alcasar-mysql
 1333 
	cat <<EOF > /etc/cron.d/alcasar-mysql
1348 
# export de la base des usagers (tous les lundi à 4h45)
 1334 
# export de la base des usagers (tous les lundi à 4h45)
1349 
45 4 * * 1 root $DIR_DEST_SBIN/alcasar-mysql.sh --dump
 1335 
45 4 * * 1 root $DIR_DEST_SBIN/alcasar-mysql.sh --dump
1350 
EOF
 1336 
EOF
1351 
	cat <<EOF > /etc/cron.d/alcasar-export_log
 1337 
	cat <<EOF > /etc/cron.d/alcasar-export_log
1352 
# export des log squid, firewall et apache (tous les lundi à 5h00)
 1338 
# export des log squid, firewall et apache (tous les lundi à 5h00)
1353 
00 5 * * 1 root $DIR_DEST_BIN/alcasar-log-export.sh
 1339 
00 5 * * 1 root $DIR_DEST_BIN/alcasar-log.sh --export
1354 
EOF
 1340 
EOF
1355 
	cat << EOF > /etc/cron.d/awstats
 1341 
	cat << EOF > /etc/cron.d/awstats
1356 
# mise à jour des stats de consultation WEB toutes les 30'
 1342 
# mise à jour des stats de consultation WEB toutes les 30'
1357 
*/30 * * * * root $DIR_ACC/awstats/awstats.pl -config=localhost -update >/dev/null 2>&1
 1343 
*/30 * * * * root $DIR_ACC/awstats/awstats.pl -config=localhost -update >/dev/null 2>&1
1358 
EOF
 1344 
EOF
Line 1448... Line 1434...
1448 
	for dir in firewall squid dansguardian httpd
 1434 
	for dir in firewall squid dansguardian httpd
1449 
	do
 1435 
	do
1450 
	      find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
 1436 
	      find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
1451 
	done
 1437 
	done
1452 
# export des logs en 'retard' dans /var/Save/logs
 1438 
# export des logs en 'retard' dans /var/Save/logs
1453 
	/usr/local/bin/alcasar-log-export.sh
 1439 
	/usr/local/bin/alcasar-log.sh --export
1454 
# processus lancés par défaut au démarrage
 1440 
# processus lancés par défaut au démarrage
1455 
	for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam
 1441 
	for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam
1456 
	do
 1442 
	do
1457 
		/sbin/chkconfig --add $i
 1443 
		/sbin/chkconfig --add $i
1458 
	done
 1444 
	done