Subversion Repositories ALCASAR

Rev

Rev 2474 | Rev 2521 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2474 Rev 2488
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
# $Id: alcasar-conf.sh 2474 2017-12-30 02:00:04Z tom.houdayer $
2
# $Id: alcasar-conf.sh 2488 2018-02-25 14:53:54Z lucas.echard $
3
 
3
 
4
# alcasar-conf.sh
4
# alcasar-conf.sh
5
# by REXY
5
# by REXY
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
 
7
 
Line 123... Line 123...
123
# Retrieve the security certificates (CA and server)
123
# Retrieve the security certificates (CA and server)
124
		cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official
124
		cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official
125
		cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
125
		cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
126
		cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
126
		cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
127
		cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
127
		cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
-
 
128
		cat /etc/pki/tls/private/alcasar.key /etc/pki/tls/certs/alcasar.crt > /etc/pki/tls/private/alcasar.pem
128
		[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
129
		[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
129
		chown -R root:apache /etc/pki
130
		chown -R root:apache /etc/pki
130
		chmod -R 750 /etc/pki
131
		chmod -R 750 /etc/pki
131
# Import of the users database
132
# Import of the users database
132
		gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS
133
		gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS
Line 250... Line 251...
250
 
251
 
251
# Logout everybody
252
# Logout everybody
252
			$DIR_BIN/alcasar-logout.sh all		
253
			$DIR_BIN/alcasar-logout.sh all		
253
# Services stop
254
# Services stop
254
			echo -n "Stop services : "
255
			echo -n "Stop services : "
255
			for i in ntpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist dnsmasq-blackhole chilli network
256
			for i in ntpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist dnsmasq-blackhole chilli network lighttpd
256
			do
257
			do
257
				/usr/bin/systemctl stop $i && echo -n "$i, "
258
				/usr/bin/systemctl stop $i && echo -n "$i, "
258
			done
259
			done
259
			/usr/bin/kill -s SIGSTOP $(pidof httpd)
-
 
260
			echo
260
			echo
261
		fi
261
		fi
262
# EXTIF config
262
# EXTIF config
263
		if [ $PUBLIC_IP_MASK == "dhcp" ]
263
		if [ $PUBLIC_IP_MASK == "dhcp" ]
264
		then
264
		then
Line 322... Line 322...
322
		$SED "s/^uamallowed.*/uamallowed\t${domainNames// /,}/g" /etc/chilli.conf
322
		$SED "s/^uamallowed.*/uamallowed\t${domainNames// /,}/g" /etc/chilli.conf
323
		$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
323
		$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
324
		[ `grep ^HTTPS_LOGIN= $CONF_FILE | cut -d'=' -f2` == "on" ] && chilli_login_protocol="https" || chilli_login_protocol="http"
324
		[ `grep ^HTTPS_LOGIN= $CONF_FILE | cut -d'=' -f2` == "on" ] && chilli_login_protocol="https" || chilli_login_protocol="http"
325
		$SED "s/^uamserver.*/uamserver\t$chilli_login_protocol:\/\/$HOSTNAME.$DOMAIN\/intercept.php/" /etc/chilli.conf
325
		$SED "s/^uamserver.*/uamserver\t$chilli_login_protocol:\/\/$HOSTNAME.$DOMAIN\/intercept.php/" /etc/chilli.conf
326
		$SED "s/^radiusnasid.*/radiusnasid\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
326
		$SED "s/^radiusnasid.*/radiusnasid\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
327
# Set hostname in Apache
327
# Set hostname in Lighttpd
328
		$SED "s/^ServerName.*/ServerName $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/httpd.conf
328
		$SED "s?^server\.bind.*?server\.bind = \"$HOSTNAME.$DOMAIN\"?g" /etc/lighttpd/lighttpd.conf
329
		$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$HOSTNAME.$DOMAIN\//g" /etc/httpd/conf/webapps.d/alcasar.conf
329
		$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$HOSTNAME.$DOMAIN"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf
330
		$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/webapps.d/alcasar.conf
330
		$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$HOSTNAME.$DOMAIN\"/g" /etc/lighttpd/vhosts.d/alcasar.conf
331
		$SED "s/^    ServerName.*/    ServerName $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default
-
 
332
# Alcasar Control Center (ACC)
-
 
333
		$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
-
 
334
		FIC_MOD_SSL=`find /etc/httpd/conf/ -type f -name ssl.conf`
-
 
335
		$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL
-
 
336
		$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf
-
 
337
# FreeRADIUS Web
331
# FreeRADIUS Web
338
		$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
332
		$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
339
		$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
333
		$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
340
# coova
334
# coova
341
		$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf
335
		$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf
Line 382... Line 376...
382
			do
376
			do
383
				sleep 1
377
				sleep 1
384
				/usr/bin/systemctl start $i && echo -n ", $i"
378
				/usr/bin/systemctl start $i && echo -n ", $i"
385
			done
379
			done
386
			$DIR_BIN/alcasar-bl.sh -reload && echo -n ", dnsmasq-blacklist, dnsmasq-whitelist, iptables"
380
			$DIR_BIN/alcasar-bl.sh -reload && echo -n ", dnsmasq-blacklist, dnsmasq-whitelist, iptables"
387
			/usr/bin/kill -s SIGCONT $(pidof httpd)
-
 
388
			/usr/bin/systemctl reload httpd && echo -n ", httpd"
381
			/usr/bin/systemctl restart lighttpd && echo -n ", lighttpd"
389
		fi
382
		fi
390
# Start / Stop SSH Daemon
383
# Start / Stop SSH Daemon
391
		ssh_active=`grep ^SSH= $CONF_FILE|cut -d"=" -f2`
384
		ssh_active=`grep ^SSH= $CONF_FILE|cut -d"=" -f2`
392
		if [ $ssh_active = "on" ]
385
		if [ $ssh_active = "on" ]
393
		then
386
		then