| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-conf.sh 2275 2017-06-06 06:56:56Z richard $
|
2 |
# $Id: alcasar-conf.sh 2309 2017-06-26 14:33:22Z tom.houdayer $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-conf.sh
|
4 |
# alcasar-conf.sh
|
| 5 |
# by REXY
|
5 |
# by REXY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 125... |
Line 125... |
| 125 |
cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official
|
125 |
cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official
|
| 126 |
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
|
126 |
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
|
| 127 |
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
|
127 |
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
|
| 128 |
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
|
128 |
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
|
| 129 |
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
|
129 |
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
|
| 130 |
if [ -e $DIR_UPDATE/alcasar.crt.old ] && [ -e $DIR_UPDATE/alcasar.key.old ] && [ -e $DIR_UPDATE/server-chain.crt.old ]; then
|
- |
|
| 131 |
$DIR_BIN/alcasar-importcert.sh -i $DIR_UPDATE/alcasar.crt -k $DIR_UPDATE/alcasar.key -c $DIR_UPDATE/server-chain.crt
|
- |
|
| 132 |
elif [ -e $DIR_UPDATE/alcasar.crt.old ] && [ -e $DIR_UPDATE/alcasar.key.old ]; then
|
- |
|
| 133 |
$DIR_BIN/alcasar-importcert.sh -i $DIR_UPDATE/alcasar.crt -k $DIR_UPDATE/alcasar.key
|
- |
|
| 134 |
fi
|
- |
|
| 135 |
chown -R root:apache /etc/pki
|
130 |
chown -R root:apache /etc/pki
|
| 136 |
chmod -R 750 /etc/pki
|
131 |
chmod -R 750 /etc/pki
|
| 137 |
# Import of the users database
|
132 |
# Import of the users database
|
| 138 |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$radiuspwd
|
133 |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$radiuspwd
|
| 139 |
# Retrieve local parameters
|
134 |
# Retrieve local parameters
|
| Line 254... |
Line 249... |
| 254 |
/usr/bin/systemctl stop $i && echo -n "$i, "
|
249 |
/usr/bin/systemctl stop $i && echo -n "$i, "
|
| 255 |
done
|
250 |
done
|
| 256 |
/usr/bin/kill -s SIGSTOP $(pidof httpd)
|
251 |
/usr/bin/kill -s SIGSTOP $(pidof httpd)
|
| 257 |
echo
|
252 |
echo
|
| 258 |
fi
|
253 |
fi
|
| 259 |
# /etc/hosts
|
- |
|
| 260 |
if [ "$HOSTNAME" != "alcasar" ] || [ "$DOMAIN" != "localdomain" ]; then
|
- |
|
| 261 |
$SED "/alcasar/s?.*?$PRIVATE_IP\talcasar alcasar.localdomain $HOSTNAME.$DOMAIN?g" /etc/hosts
|
- |
|
| 262 |
else
|
- |
|
| 263 |
$SED "/alcasar/s?.*?$PRIVATE_IP\talcasar alcasar.localdomain?g" /etc/hosts
|
- |
|
| 264 |
fi
|
- |
|
| 265 |
# EXTIF config
|
254 |
# EXTIF config
|
| 266 |
if [ $PUBLIC_IP_MASK == "dhcp" ]
|
255 |
if [ $PUBLIC_IP_MASK == "dhcp" ]
|
| 267 |
then
|
256 |
then
|
| 268 |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
|
257 |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
|
| 269 |
DEVICE=$EXTIF
|
258 |
DEVICE=$EXTIF
|
| Line 310... |
Line 299... |
| 310 |
cat <<EOF > /etc/hosts.allow
|
299 |
cat <<EOF > /etc/hosts.allow
|
| 311 |
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
|
300 |
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
|
| 312 |
sshd: ALL
|
301 |
sshd: ALL
|
| 313 |
ntpd: $PRIVATE_NETWORK_SHORT
|
302 |
ntpd: $PRIVATE_NETWORK_SHORT
|
| 314 |
EOF
|
303 |
EOF
|
| - |
|
304 |
# Set hostname
|
| - |
|
305 |
hostnamectl set-hostname $HOSTNAME.$DOMAIN
|
| - |
|
306 |
# /etc/hosts
|
| - |
|
307 |
domainNames="alcasar.localdomain $HOSTNAME $HOSTNAME.$DOMAIN"
|
| - |
|
308 |
if [ "$HOSTNAME" != "alcasar" ]; then domainNames="alcasar $domainNames"; fi
|
| - |
|
309 |
cat <<EOF > /etc/hosts
|
| - |
|
310 |
127.0.0.1 localhost
|
| - |
|
311 |
$PRIVATE_IP $domainNames
|
| - |
|
312 |
EOF
|
| - |
|
313 |
# Set hostname in CoovaChilli
|
| - |
|
314 |
$SED "s/^uamallowed.*/uamallowed\t${domainNames// /,}/g" /etc/chilli.conf
|
| - |
|
315 |
$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
|
| - |
|
316 |
$SED "s/^uamserver.*/uamserver\thttps:\/\/$HOSTNAME.$DOMAIN\/intercept.php/g" /etc/chilli.conf
|
| - |
|
317 |
$SED "s/^radiusnasid.*/radiusnasid\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
|
| - |
|
318 |
# Set hostname in Apache
|
| - |
|
319 |
$SED "s/^ServerName.*/ServerName $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/httpd.conf
|
| - |
|
320 |
$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$HOSTNAME.$DOMAIN\//g" /etc/httpd/conf/webapps.d/alcasar.conf
|
| - |
|
321 |
$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/webapps.d/alcasar.conf
|
| - |
|
322 |
$SED "s/^ ServerName.*/ ServerName $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default
|
| 315 |
# Alcasar Control Center
|
323 |
# Alcasar Control Center (ACC)
|
| 316 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
|
324 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
|
| 317 |
FIC_MOD_SSL=`find /etc/httpd/conf/ -type f -name ssl.conf`
|
325 |
FIC_MOD_SSL=`find /etc/httpd/conf/ -type f -name ssl.conf`
|
| 318 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL
|
326 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL
|
| 319 |
$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf
|
327 |
$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf
|
| 320 |
# ACC
|
328 |
# FreeRADIUS Web
|
| 321 |
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
|
329 |
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
|
| 322 |
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
|
330 |
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
|
| 323 |
# coova
|
331 |
# coova
|
| 324 |
$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf
|
332 |
$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf
|
| 325 |
$SED "s?^dns1.*?dns1\t\t$PRIVATE_IP?g" /etc/chilli.conf
|
333 |
$SED "s?^dns1.*?dns1\t\t$PRIVATE_IP?g" /etc/chilli.conf
|
| Line 358... |
Line 366... |
| 358 |
$SED "s?^Host_Alias.*?Host_Alias LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost #réseau de l'organisme?g" /etc/sudoers
|
366 |
$SED "s?^Host_Alias.*?Host_Alias LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost #réseau de l'organisme?g" /etc/sudoers
|
| 359 |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
|
367 |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
|
| 360 |
then
|
368 |
then
|
| 361 |
# Services start
|
369 |
# Services start
|
| 362 |
/usr/bin/systemctl start network && echo -n "Start service : network" && sleep 1
|
370 |
/usr/bin/systemctl start network && echo -n "Start service : network" && sleep 1
|
| 363 |
$DIR_BIN/alcasar-dhcp.sh -$DHCP_mode && echo -n ", coova" # apply DHCP mode and start coova
|
371 |
$DIR_BIN/alcasar-dhcp.sh -$DHCP_mode && echo -n ", chilli" # apply DHCP mode and start CoovaChilli
|
| 364 |
for i in dnsmasq tinyproxy ntpd
|
372 |
for i in dnsmasq dnsmasq-blackhole tinyproxy ntpd
|
| 365 |
do
|
373 |
do
|
| 366 |
sleep 1
|
374 |
sleep 1
|
| 367 |
/usr/bin/systemctl start $i && echo -n ", $i"
|
375 |
/usr/bin/systemctl start $i && echo -n ", $i"
|
| 368 |
done
|
376 |
done
|
| 369 |
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", dnsmasq-blacklist, dnsmasq-whitelist, iptables"
|
377 |
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", dnsmasq-blacklist, dnsmasq-whitelist, iptables"
|
| 370 |
/usr/bin/kill -s SIGCONT $(pidof httpd)
|
378 |
/usr/bin/kill -s SIGCONT $(pidof httpd)
|
| 371 |
/usr/bin/systemctl reload httpd && echo -n ", httpd"
|
379 |
/usr/bin/systemctl reload httpd && echo -n ", httpd"
|
| 372 |
fi
|
380 |
fi
|
| 373 |
# Start / Stop SSH Daemon
|
381 |
# Start / Stop SSH Daemon
|