Subversion Repositories ALCASAR

Rev

Rev 2560 | Rev 2566 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2560 Rev 2561
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
# $Id: alcasar-conf.sh 2560 2018-06-10 21:04:56Z rexy $
2
# $Id: alcasar-conf.sh 2561 2018-06-20 22:03:06Z rexy $
3
 
3
 
4
# alcasar-conf.sh
4
# alcasar-conf.sh
5
# by REXY
5
# by REXY
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
 
7
 
Line 33... Line 33...
33
DOMAIN=`grep ^DOMAIN= $CONF_FILE|cut -d"=" -f2`
33
DOMAIN=`grep ^DOMAIN= $CONF_FILE|cut -d"=" -f2`
34
PASSWD_FILE="/root/ALCASAR-passwords.txt"
34
PASSWD_FILE="/root/ALCASAR-passwords.txt"
35
DB_USER=$(grep '^db_user=' $PASSWD_FILE | cut -d'=' -f 2-)
35
DB_USER=$(grep '^db_user=' $PASSWD_FILE | cut -d'=' -f 2-)
36
DB_PASS=$(grep '^db_password=' $PASSWD_FILE | cut -d'=' -f 2-)
36
DB_PASS=$(grep '^db_password=' $PASSWD_FILE | cut -d'=' -f 2-)
37
SED="/bin/sed -i"
37
SED="/bin/sed -i"
38
RUNNING_VERSION=`grep ^VERSION= $CONF_FILE|cut -d'=' -f2`
-
 
39
MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1`
-
 
40
MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1`
-
 
41
UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3`
-
 
42
DNS1=`grep ^DNS1= $CONF_FILE | cut -d'=' -f2` 			# server DNS1 (for WL domain names)
38
DNS1=`grep ^DNS1= $CONF_FILE | cut -d'=' -f2` 			# server DNS1 (for WL domain names)
43
DOMAIN=${DOMAIN:=localdomain}
39
DOMAIN=${DOMAIN:=localdomain}
44
DATE=`date '+%d %B %Y - %Hh%M'`
40
DATE=`date '+%d %B %Y - %Hh%M'`
45
 
41
 
46
private_network_calc ()
42
private_network_calc ()
47
{
43
{
48
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2`				# prefixe du réseau (ex. 24)
44
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2`				# prefixe du réseau (ex. 24)
49
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2`				# @ réseau de consultation (ex.: 192.168.182.0)
45
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2`			# @ réseau de consultation (ex.: 192.168.182.0)
50
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX							# @ + masque du réseau de consult (192.168.182.0/24)
46
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX									# @ + masque du réseau de consult (192.168.182.0/24)
51
	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2`		# classes de réseau (ex.: 2=classe B, 3=classe C)
47
	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2`		# classes de réseau (ex.: 2=classe B, 3=classe C)
52
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.					# @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.)
48
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.					# @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.)
53
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`				# private network broadcast (ie.: 192.168.182.255)
49
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`				# private network broadcast (ie.: 192.168.182.255)
54
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`				# last octet of LAN address
50
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`				# last octet of LAN address
55
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`				# last octet of LAN broadcast
51
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`			# last octet of LAN broadcast
56
	private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4`                                            # last octet of LAN address
52
	private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4`									# last octet of LAN address
57
	PRIVATE_FIRST_IP=$PRIVATE_IP                                                            # First network address (ex.: 192.168.182.1)
53
	PRIVATE_FIRST_IP=$PRIVATE_IP															# First network address (ex.: 192.168.182.1)
58
	PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1`          # second network address (ex.: 192.168.182.2)
54
	PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1`	# second network address (ex.: 192.168.182.2)
59
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
55
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
60
	PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6| sed 's/:/-/g'| awk '{print toupper($0)}'`	# MAC address of INTIF
56
	PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6| sed 's/:/-/g'| awk '{print toupper($0)}'`	# MAC address of INTIF
61
}
57
}
62
 
58
 
63
usage="Usage: alcasar-conf.sh {--create or -create} | {--load or -load} | {--apply or -apply}"
59
usage="Usage: alcasar-conf.sh {--create or -create} | {--load or -load} | {--apply or -apply}"
Line 87... Line 83...
87
		cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
83
		cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
88
# backup BL/WL custom files
84
# backup BL/WL custom files
89
		mkdir $DIR_UPDATE/custom_bl
85
		mkdir $DIR_UPDATE/custom_bl
90
		for i in exceptioniplist urlregexplist exceptionsitelist bannedsitelist exceptionurllist bannedurllist
86
		for i in exceptioniplist urlregexplist exceptionsitelist bannedsitelist exceptionurllist bannedurllist
91
		do
87
		do
92
			if [ -d /etc/dansguardian ]; then  # remove when no more dansguardian migrations needed
88
			if [ -d /etc/dansguardian ]; then  # before V3.3
93
				cp /etc/dansguardian/lists/$i $DIR_UPDATE/custom_bl/
89
				cp /etc/dansguardian/lists/$i $DIR_UPDATE/custom_bl/
94
			else
90
			else
95
				cp /etc/e2guardian/lists/$i $DIR_UPDATE/custom_bl/
91
				cp /etc/e2guardian/lists/$i $DIR_UPDATE/custom_bl/ # since V3.3
96
			fi
92
			fi
97
		done
93
		done
98
		cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
94
		cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
99
# backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.)
95
# backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.)
100
		mkdir $DIR_UPDATE/etc/
96
		mkdir $DIR_UPDATE/etc/
101
		[ -e $DIR_ETC/alcasar-ethers-info ] || cp $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info # V3.1.2 new info file for dhcp static
-
 
102
		cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
97
		cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
103
		cp /etc/hosts $DIR_UPDATE/etc/
98
		cp /etc/hosts $DIR_UPDATE/etc/
104
# backup of the security certificates (server & CA)
99
# backup of the security certificates (server & CA)
105
		cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist
100
		cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE
106
		cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE # autosigned & official if exist
101
		cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE
107
		cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
102
		cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
108
		cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE
103
		cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE
109
		if [ -e /etc/pki/tls/certs/server-chain.crt ]; then
104
		if [ -e /etc/pki/tls/certs/server-chain.crt ]; then
110
			cp -f /etc/pki/tls/certs/server-chain.crt* $DIR_UPDATE # autosigned and official if exist
105
			cp -f /etc/pki/tls/certs/server-chain.crt* $DIR_UPDATE # autosigned and official if exist
111
		else
106
		else
Line 119... Line 114...
119
		;;
114
		;;
120
 
115
 
121
	--load|-load)
116
	--load|-load)
122
		cd /var/tmp
117
		cd /var/tmp
123
		tar -xf alcasar-conf*.tar.gz
118
		tar -xf alcasar-conf*.tar.gz
-
 
119
# Extract the previous version
-
 
120
		PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2`
-
 
121
		MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
-
 
122
		MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2`
-
 
123
		UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1`
124
# Retrieve the logo
124
# Retrieve the logo
125
		[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
125
		[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
126
		chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
126
		chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
127
# Retrieve the security certificates (CA and server)
127
# Retrieve the security certificates (CA and server)
128
		cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official
128
		cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/
129
		cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
129
		cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/
130
		cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
130
		cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
131
		cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
131
		cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
132
		(cat /etc/pki/tls/private/alcasar.key; echo; cat /etc/pki/tls/certs/alcasar.crt) > /etc/pki/tls/private/alcasar.pem
132
		(cat /etc/pki/tls/private/alcasar.key; echo; cat /etc/pki/tls/certs/alcasar.crt) > /etc/pki/tls/private/alcasar.pem
133
		[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
133
		[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
134
		chown -R root:apache /etc/pki
134
		chown -R root:apache /etc/pki
135
		chmod -R 750 /etc/pki
135
		chmod -R 750 /etc/pki
136
# Import of the users database
136
# Import of the users database
137
		gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS
137
		gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS
138
# Retrieve local parameters
138
# Retrieve local parameters
139
		[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
139
		cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
140
		mv -f $DIR_ETC/hosts /etc/hosts
140
		mv -f $DIR_ETC/hosts /etc/hosts
141
# Retrieve BL/WL custom files
141
# Retrieve BL/WL custom files
142
		cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/
142
		cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/
143
		cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/
143
		cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/
144
		cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/e2guardian/lists/
144
		cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/e2guardian/lists/
Line 164... Line 164...
164
			/usr/bin/systemctl -q disable sshd.service
164
			/usr/bin/systemctl -q disable sshd.service
165
		fi
165
		fi
166
# Remove the update folder
166
# Remove the update folder
167
		rm -rf $DIR_UPDATE
167
		rm -rf $DIR_UPDATE
168
#########################   modifications between versions  #######################
168
#########################   modifications between versions  #######################
169
# Extract the curent version
-
 
170
		CURRENT_VERSION=`grep ^VERSION= $CONF_FILE|cut -d"=" -f2`
-
 
171
		MAJ_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f1`
-
 
172
		MIN_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f2`
-
 
173
		UPD_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f3|cut -c1`
-
 
174
##  From 3.2.0 & 3.2.1  ##
169
##  From 3.2.0 & 3.2.1  ##
175
		if [ [ $MAJ_CURRENT_VERSION == "3" ] && [ $MIN_CURRENT_VERSION == "2" ] ]
170
		if [ $MAJ_PREVIOUS_VERSION == "3" ] && [ $MIN_PREVIOUS_VERSION == "2" ]
176
		then
171
		then
177
			## rewrite the file managing domain name resolution (local & remote). Hostnames resolutions are now in /etc/hosts
172
			## rewrite the file managing domain name resolution (local & remote). Hostnames resolutions are now in /etc/hosts
178
			cat << EOF > $DIR_ETC/alcasar-dns-name
173
			cat << EOF > $DIR_ETC/alcasar-dns-name
179
# Vous pouvez définir ici votre nom de domain local ('localdomain' par défaut)
174
# Vous pouvez définir ici votre nom de domain local ('localdomain' par défaut)
180
# Here you can define your local domain name ('localdomain' by default)
175
# Here you can define your local domain name ('localdomain' by default)
Line 194... Line 189...
194
			HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2`
189
			HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2`
195
			cat << EOF > /etc/hosts
190
			cat << EOF > /etc/hosts
196
127.0.0.1	localhost
191
127.0.0.1	localhost
197
$PRIVATE_IP	$HOSTNAME
192
$PRIVATE_IP	$HOSTNAME
198
EOF
193
EOF
199
			# apache is removed (lighttpd instead)
194
			# apache & dansguardian are replaced with lighttpd & E²guardian
200
			rm -rf /etc/httpd/
-
 
201
			rm -rf /var/log/httpd/
195
			rm_rpm="apache apache-mod_php apache-mod_ssl dansguardian"
202
			# dansguardian is removed (E²guardian instead)
196
			/usr/sbin/urpme --auto -a $rm_rpm
203
			rm -rf /var/dansguardian/
197
			/usr/sbin/urpme --auto --auto-orphans
204
			rm -rf /etc/dansguardian/
198
			rm -rf /etc/httpd/ /var/log/httpd/ /var/dansguardian/ /etc/dansguardian/
205
		fi
199
		fi
206
		;;
200
		;;
207
 
201
 
208
	--apply|-apply)
202
	--apply|-apply)
209
		PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
203
		PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
Line 424... Line 418...
424
			if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
418
			if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
425
			then
419
			then
426
				/usr/bin/systemctl stop sshd.service
420
				/usr/bin/systemctl stop sshd.service
427
			fi
421
			fi
428
		fi
422
		fi
429
		echo
423
echo
430
		;;
424
		;;
431
	*)
425
	*)
432
		echo "Argument inconnu :$1";
426
		echo "Argument inconnu :$1";
433
		echo "$usage"
427
		echo "$usage"
434
		exit 1
428
		exit 1