Subversion Repositories ALCASAR

Rev

Rev 2560 | Rev 2566 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log

Rev 2560 Rev 2561
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
# $Id: alcasar-conf.sh 2560 2018-06-10 21:04:56Z rexy $
 2 
# $Id: alcasar-conf.sh 2561 2018-06-20 22:03:06Z rexy $
3 
 
 3 
 
4 
# alcasar-conf.sh
 4 
# alcasar-conf.sh
5 
# by REXY
 5 
# by REXY
6 
# This script is distributed under the Gnu General Public License (GPL)
 6 
# This script is distributed under the Gnu General Public License (GPL)
7 
 
 7 
 
Line 33... Line 33...
33 
DOMAIN=`grep ^DOMAIN= $CONF_FILE|cut -d"=" -f2`
 33 
DOMAIN=`grep ^DOMAIN= $CONF_FILE|cut -d"=" -f2`
34 
PASSWD_FILE="/root/ALCASAR-passwords.txt"
 34 
PASSWD_FILE="/root/ALCASAR-passwords.txt"
35 
DB_USER=$(grep '^db_user=' $PASSWD_FILE | cut -d'=' -f 2-)
 35 
DB_USER=$(grep '^db_user=' $PASSWD_FILE | cut -d'=' -f 2-)
36 
DB_PASS=$(grep '^db_password=' $PASSWD_FILE | cut -d'=' -f 2-)
 36 
DB_PASS=$(grep '^db_password=' $PASSWD_FILE | cut -d'=' -f 2-)
37 
SED="/bin/sed -i"
 37 
SED="/bin/sed -i"
38 
RUNNING_VERSION=`grep ^VERSION= $CONF_FILE|cut -d'=' -f2`
 - 
 
39 
MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1`
 - 
 
40 
MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1`
 - 
 
41 
UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3`
 - 
 
42 
DNS1=`grep ^DNS1= $CONF_FILE | cut -d'=' -f2` 			# server DNS1 (for WL domain names)
 38 
DNS1=`grep ^DNS1= $CONF_FILE | cut -d'=' -f2` 			# server DNS1 (for WL domain names)
43 
DOMAIN=${DOMAIN:=localdomain}
 39 
DOMAIN=${DOMAIN:=localdomain}
44 
DATE=`date '+%d %B %Y - %Hh%M'`
 40 
DATE=`date '+%d %B %Y - %Hh%M'`
45 
 
 41 
 
46 
private_network_calc ()
 42 
private_network_calc ()
Line 87... Line 83...
87 
		cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
 83 
		cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
88 
# backup BL/WL custom files
 84 
# backup BL/WL custom files
89 
		mkdir $DIR_UPDATE/custom_bl
 85 
		mkdir $DIR_UPDATE/custom_bl
90 
		for i in exceptioniplist urlregexplist exceptionsitelist bannedsitelist exceptionurllist bannedurllist
 86 
		for i in exceptioniplist urlregexplist exceptionsitelist bannedsitelist exceptionurllist bannedurllist
91 
		do
 87 
		do
92 
			if [ -d /etc/dansguardian ]; then  # remove when no more dansguardian migrations needed
 88 
			if [ -d /etc/dansguardian ]; then  # before V3.3
93 
				cp /etc/dansguardian/lists/$i $DIR_UPDATE/custom_bl/
 89 
				cp /etc/dansguardian/lists/$i $DIR_UPDATE/custom_bl/
94 
			else
 90 
			else
95 
				cp /etc/e2guardian/lists/$i $DIR_UPDATE/custom_bl/
 91 
				cp /etc/e2guardian/lists/$i $DIR_UPDATE/custom_bl/ # since V3.3
96 
			fi
 92 
			fi
97 
		done
 93 
		done
98 
		cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
 94 
		cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
99 
# backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.)
 95 
# backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.)
100 
		mkdir $DIR_UPDATE/etc/
 96 
		mkdir $DIR_UPDATE/etc/
101 
		[ -e $DIR_ETC/alcasar-ethers-info ] || cp $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info # V3.1.2 new info file for dhcp static
 - 
 
102 
		cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
 97 
		cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
103 
		cp /etc/hosts $DIR_UPDATE/etc/
 98 
		cp /etc/hosts $DIR_UPDATE/etc/
104 
# backup of the security certificates (server & CA)
 99 
# backup of the security certificates (server & CA)
105 
		cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist
 100 
		cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE
106 
		cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE # autosigned & official if exist
 101 
		cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE
107 
		cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
 102 
		cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
108 
		cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE
 103 
		cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE
109 
		if [ -e /etc/pki/tls/certs/server-chain.crt ]; then
 104 
		if [ -e /etc/pki/tls/certs/server-chain.crt ]; then
110 
			cp -f /etc/pki/tls/certs/server-chain.crt* $DIR_UPDATE # autosigned and official if exist
 105 
			cp -f /etc/pki/tls/certs/server-chain.crt* $DIR_UPDATE # autosigned and official if exist
111 
		else
 106 
		else
Line 119... Line 114...
119 
		;;
 114 
		;;
120 
 
 115 
 
121 
	--load|-load)
 116 
	--load|-load)
122 
		cd /var/tmp
 117 
		cd /var/tmp
123 
		tar -xf alcasar-conf*.tar.gz
 118 
		tar -xf alcasar-conf*.tar.gz
- 
 
 119 
# Extract the previous version
- 
 
 120 
		PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2`
- 
 
 121 
		MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
- 
 
 122 
		MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2`
- 
 
 123 
		UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1`
124 
# Retrieve the logo
 124 
# Retrieve the logo
125 
		[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
 125 
		[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
126 
		chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
 126 
		chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
127 
# Retrieve the security certificates (CA and server)
 127 
# Retrieve the security certificates (CA and server)
128 
		cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official
 128 
		cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/
129 
		cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
 129 
		cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/
130 
		cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
 130 
		cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
131 
		cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
 131 
		cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
132 
		(cat /etc/pki/tls/private/alcasar.key; echo; cat /etc/pki/tls/certs/alcasar.crt) > /etc/pki/tls/private/alcasar.pem
 132 
		(cat /etc/pki/tls/private/alcasar.key; echo; cat /etc/pki/tls/certs/alcasar.crt) > /etc/pki/tls/private/alcasar.pem
133 
		[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
 133 
		[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
134 
		chown -R root:apache /etc/pki
 134 
		chown -R root:apache /etc/pki
135 
		chmod -R 750 /etc/pki
 135 
		chmod -R 750 /etc/pki
136 
# Import of the users database
 136 
# Import of the users database
137 
		gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS
 137 
		gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS
138 
# Retrieve local parameters
 138 
# Retrieve local parameters
139 
		[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
 139 
		cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
140 
		mv -f $DIR_ETC/hosts /etc/hosts
 140 
		mv -f $DIR_ETC/hosts /etc/hosts
141 
# Retrieve BL/WL custom files
 141 
# Retrieve BL/WL custom files
142 
		cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/
 142 
		cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/
143 
		cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/
 143 
		cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/
144 
		cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/e2guardian/lists/
 144 
		cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/e2guardian/lists/
Line 164... Line 164...
164 
			/usr/bin/systemctl -q disable sshd.service
 164 
			/usr/bin/systemctl -q disable sshd.service
165 
		fi
 165 
		fi
166 
# Remove the update folder
 166 
# Remove the update folder
167 
		rm -rf $DIR_UPDATE
 167 
		rm -rf $DIR_UPDATE
168 
#########################   modifications between versions  #######################
 168 
#########################   modifications between versions  #######################
169 
# Extract the curent version
 - 
 
170 
		CURRENT_VERSION=`grep ^VERSION= $CONF_FILE|cut -d"=" -f2`
 - 
 
171 
		MAJ_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f1`
 - 
 
172 
		MIN_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f2`
 - 
 
173 
		UPD_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f3|cut -c1`
 - 
 
174 
##  From 3.2.0 & 3.2.1  ##
 169 
##  From 3.2.0 & 3.2.1  ##
175 
		if [ [ $MAJ_CURRENT_VERSION == "3" ] && [ $MIN_CURRENT_VERSION == "2" ] ]
 170 
		if [ $MAJ_PREVIOUS_VERSION == "3" ] && [ $MIN_PREVIOUS_VERSION == "2" ]
176 
		then
 171 
		then
177 
			## rewrite the file managing domain name resolution (local & remote). Hostnames resolutions are now in /etc/hosts
 172 
			## rewrite the file managing domain name resolution (local & remote). Hostnames resolutions are now in /etc/hosts
178 
			cat << EOF > $DIR_ETC/alcasar-dns-name
 173 
			cat << EOF > $DIR_ETC/alcasar-dns-name
179 
# Vous pouvez définir ici votre nom de domain local ('localdomain' par défaut)
 174 
# Vous pouvez définir ici votre nom de domain local ('localdomain' par défaut)
180 
# Here you can define your local domain name ('localdomain' by default)
 175 
# Here you can define your local domain name ('localdomain' by default)
Line 194... Line 189...
194 
			HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2`
 189 
			HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2`
195 
			cat << EOF > /etc/hosts
 190 
			cat << EOF > /etc/hosts
196 
127.0.0.1	localhost
 191 
127.0.0.1	localhost
197 
$PRIVATE_IP	$HOSTNAME
 192 
$PRIVATE_IP	$HOSTNAME
198 
EOF
 193 
EOF
199 
			# apache is removed (lighttpd instead)
 194 
			# apache & dansguardian are replaced with lighttpd & E²guardian
200 
			rm -rf /etc/httpd/
 - 
 
201 
			rm -rf /var/log/httpd/
 195 
			rm_rpm="apache apache-mod_php apache-mod_ssl dansguardian"
202 
			# dansguardian is removed (E²guardian instead)
 196 
			/usr/sbin/urpme --auto -a $rm_rpm
203 
			rm -rf /var/dansguardian/
 197 
			/usr/sbin/urpme --auto --auto-orphans
204 
			rm -rf /etc/dansguardian/
 198 
			rm -rf /etc/httpd/ /var/log/httpd/ /var/dansguardian/ /etc/dansguardian/
205 
		fi
 199 
		fi
206 
		;;
 200 
		;;
207 
 
 201 
 
208 
	--apply|-apply)
 202 
	--apply|-apply)
209 
		PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
 203 
		PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"