Subversion Repositories ALCASAR

Rev

Rev 2813 | Rev 2825 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2813 Rev 2824
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
# $Id: alcasar-conf.sh 2813 2020-04-26 21:26:32Z rexy $
2
# $Id: alcasar-conf.sh 2824 2020-05-30 17:39:20Z rexy $
3
 
3
 
4
# alcasar-conf.sh
4
# alcasar-conf.sh
5
# by REXY
5
# by REXY
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
 
7
 
Line 65... Line 65...
65
		[ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE
65
		[ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE
66
		mkdir $DIR_UPDATE
66
		mkdir $DIR_UPDATE
67
# backup the users database  (test to delete in future version)
67
# backup the users database  (test to delete in future version)
68
		$DIR_BIN/alcasar-mysql.sh --dump
68
		$DIR_BIN/alcasar-mysql.sh --dump
69
		cp /var/Save/base/"$(ls -1t /var/Save/base|head -1)" $DIR_UPDATE
69
		cp /var/Save/base/"$(ls -1t /var/Save/base|head -1)" $DIR_UPDATE
70
# backup the logo
70
# backup organism logo
71
		cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
71
		cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
72
# backup BL/WL custom files
72
# backup BL/WL custom files
73
		mkdir $DIR_UPDATE/custom_bl
73
		mkdir $DIR_UPDATE/custom_bl
74
		for i in exceptioniplist urlregexplist exceptionsitelist bannedsitelist exceptionurllist bannedurllist
74
		for i in exceptioniplist urlregexplist exceptionsitelist bannedsitelist exceptionurllist bannedurllist
75
		do
75
		do
Line 79... Line 79...
79
			else
79
			else
80
				cp $DIR_E2G/$i $DIR_UPDATE/custom_bl/ # since V3.3
80
				cp $DIR_E2G/$i $DIR_UPDATE/custom_bl/ # since V3.3
81
				cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
81
				cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
82
			fi
82
			fi
83
		done
83
		done
84
# backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.)
84
# backup conf files (main conf file, filtering, digest, etc.)
85
		mkdir $DIR_UPDATE/etc/
85
		mkdir $DIR_UPDATE/etc/
86
		cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
86
		cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
87
		cp /etc/hosts $DIR_UPDATE/etc/
-
 
88
# backup of the security certificates (server & CA)
87
# backup of the security certificates (server & CA)
89
		cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE
88
		cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE
90
		cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE
89
		cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE
91
		[ -e /etc/pki/tls/private/alcasar.pem ] && cp -f /etc/pki/tls/private/alcasar.pem $DIR_UPDATE # since V3.3
90
		[ -e /etc/pki/tls/private/alcasar.pem ] && cp -f /etc/pki/tls/private/alcasar.pem $DIR_UPDATE # since V3.3
92
		cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
91
		cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
Line 94... Line 93...
94
		if [ -e /etc/pki/tls/certs/server-chain.pem ]; then
93
		if [ -e /etc/pki/tls/certs/server-chain.pem ]; then
95
			cp -f /etc/pki/tls/certs/server-chain.pem $DIR_UPDATE # autosigned and official if exist
94
			cp -f /etc/pki/tls/certs/server-chain.pem $DIR_UPDATE # autosigned and official if exist
96
		else
95
		else
97
			cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.pem
96
			cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.pem
98
		fi
97
		fi
99
# pureip & safesearch status
-
 
100
		[ -d /etc/dansguardian ] && dg_path=/etc/dansguardian || dg_path=/etc/e2guardian
-
 
101
 
-
 
102
		if ! grep -Eq '^WL_SAFESEARCH=' $DIR_UPDATE/etc/alcasar.conf; then
-
 
103
			if [ -f /etc/dnsmasq-whitelist.conf ] && grep -iq "SafeSearch" /etc/dnsmasq-whitelist.conf; then
-
 
104
				echo 'WL_SAFESEARCH=on' >> $DIR_UPDATE/etc/alcasar.conf
-
 
105
			else
-
 
106
				echo 'WL_SAFESEARCH=off' >> $DIR_UPDATE/etc/alcasar.conf
-
 
107
			fi
-
 
108
		fi
-
 
109
 
-
 
110
		if ! grep -Eq '^BL_SAFESEARCH=' $DIR_UPDATE/etc/alcasar.conf; then
-
 
111
			if [ -f /etc/dnsmasq-blacklist.conf ] && grep -iq "SafeSearch" /etc/dnsmasq-blacklist.conf; then
-
 
112
				echo 'BL_SAFESEARCH=on' >> $DIR_UPDATE/etc/alcasar.conf
-
 
113
			else
-
 
114
				echo 'BL_SAFESEARCH=off' >> $DIR_UPDATE/etc/alcasar.conf
-
 
115
			fi
-
 
116
		fi
-
 
117
 
-
 
118
		if ! grep -Eq '^BL_PUREIP=' $DIR_UPDATE/etc/alcasar.conf; then
-
 
119
			if grep -Eq "^\*ip" $dg_path/lists/bannedsitelist; then
-
 
120
				echo 'BL_PUREIP=on' >> $DIR_UPDATE/etc/alcasar.conf
-
 
121
			else
-
 
122
				echo 'BL_PUREIP=off' >> $DIR_UPDATE/etc/alcasar.conf
-
 
123
			fi
-
 
124
		fi
-
 
125
 
-
 
126
# archive file creation
98
# archive file creation
127
		cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
99
		cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
128
		tar -cf alcasar-conf.tar conf/
100
		tar -cf alcasar-conf.tar conf/
129
		gzip -f alcasar-conf.tar
101
		gzip -f alcasar-conf.tar
130
		rm -rf $DIR_UPDATE
102
		rm -rf $DIR_UPDATE
131
		;;
103
		;;
132
 
104
 
133
	--load|-load)
105
	--load|-load)
134
		cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
106
		cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
135
		tar -xf alcasar-conf*.tar.gz
107
		tar -xf alcasar-conf*.tar.gz
136
#########################   modifications between versions  #######################
-
 
137
# Retrieve the previous version
108
# copy alcasar.conf parameters
138
		PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2`
109
		PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2`
139
		MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
110
		MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
140
		MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2`
111
		MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2`
141
		UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1`
112
		UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1`
142
##  From 3.2.0 & 3.2.1  ##
-
 
143
	## rewrite /etc/hosts file managing hostname resolution
-
 
144
		PRIVATE_IP=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2|cut -d"/" -f1`
-
 
145
		HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2-`
-
 
146
		domainNames="$HOSTNAME $HOSTNAME.$DOMAIN"
-
 
147
		[ "$HOSTNAME" != 'alcasar' ] && domainNames="alcasar $domainNames"
-
 
148
		if [ "$(grep -c "$PRIVATE_IP\s$domainNames" $DIR_UPDATE/etc/hosts )" -eq 0 ]; then
113
		for line in `cat $DIR_UPDATE/etc/alcasar.conf | grep "=" | grep -v "^#" | grep -v " "| grep -v "VERSION"`
149
			cat << EOF > $DIR_UPDATE/etc/hosts
-
 
150
127.0.0.1	localhost
-
 
151
$PRIVATE_IP	$domainNames
-
 
152
EOF
-
 
153
		fi
114
		do
154
	## apache & dansguardian are replaced with lighttpd & EĀ²guardian
-
 
155
		if [ "$(rpm -qa | grep '^\(apache\|apache-mod_php\|apache-mod_ssl\|dansguardian\)-' | wc -l)" -ne 0 ]; then
-
 
156
			rm_rpm="apache apache-mod_php apache-mod_ssl dansguardian"
-
 
157
			/usr/sbin/urpme --auto -a $rm_rpm 2>/dev/null
-
 
158
			/usr/sbin/urpme --auto --auto-orphans
115
			key=`echo $line | cut -d"=" -f1`
159
			rm -rf /etc/httpd/ /var/log/httpd/ /var/dansguardian/ /etc/dansguardian/
-
 
160
		fi
116
			key=$key=
161
	## lighttpd need a .pem certificate (aggregation with private key & server crt)
-
 
162
		[ ! -f $DIR_UPDATE/alcasar.pem ] && (cat $DIR_UPDATE/alcasar.key; echo; cat $DIR_UPDATE/alcasar.crt) > $DIR_UPDATE/alcasar.pem
-
 
163
##  From 3.3.0  ##
-
 
164
	# add "SMS=off" in conf file
117
			value=`echo $line|cut -d"=" -f2-`
165
		if [ "$(grep -c '^SMS=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
-
 
166
				echo "SMS=off" >> $DIR_UPDATE/etc/alcasar.conf
118
			if [ "$value" != "" ]
167
		fi
119
				then
168
		if [ "$(grep -c '^SMS_NUM=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
120
				echo "key = $key ; value = $value"
169
				echo "SMS_NUM=" >> $DIR_UPDATE/etc/alcasar.conf
121
				sed -i "s?^$key.*?$key$value?g" /usr/local/etc/alcasar.conf
170
		fi
122
			fi
171
##  From 3.4.0  ##
-
 
172
	# Fix subdomain dot position (.domain.org to domain.org.) for Unbound
-
 
173
		for file in $DIR_E2G/exceptionsitelist $DIR_BLACKLIST/ossi-bl*/domains $DIR_BLACKLIST/ossi-wl*/domains; do
-
 
174
			[ -f $file ] && $SED "s/^\.\(.*\)$/\1./g" $file
-
 
175
		done
123
		done
176
	# Add LDAPS parameters to config file
-
 
177
		if [ "$(grep -c '^LDAP_SSL=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
-
 
178
				echo "LDAP_SSL=on" >> $DIR_UPDATE/etc/alcasar.conf
-
 
179
		fi
-
 
180
		if [ "$(grep -c '^LDAP_CERT_REQUIRED=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
-
 
181
				echo "LDAP_CERT_REQUIRED=" >> $DIR_UPDATE/etc/alcasar.conf
-
 
182
		fi
-
 
183
    # remove DNSMASQ primary service (keep only one instance for whitelist on port 55)
124
## lighttpd need a .pem certificate (aggregation with private key & server crt)
184
        [ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf
-
 
185
		[ -e /lib/systemd/system/dnsmasq.service.default ] && rm /lib/systemd/system/dnsmasq.service.default
125
		[ ! -f $DIR_UPDATE/alcasar.pem ] && (cat $DIR_UPDATE/alcasar.key; echo; cat $DIR_UPDATE/alcasar.crt) > $DIR_UPDATE/alcasar.pem
186
		[ -e /lib/systemd/system/dnsmasq.service ] && rm /lib/systemd/system/dnsmasq.service
-
 
187
######################   End of modifications between versions  #######################
-
 
188
# Retrieve the logo
126
# Retrieve organism logo
189
		[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
127
		[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
190
		chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
128
		chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
191
# Retrieve the security certificates (CA and server)
129
# Retrieve the security certificates (CA and server)
192
		cp -f $DIR_UPDATE/alcasar-ca.crt /etc/pki/CA/
130
		cp -f $DIR_UPDATE/alcasar-ca.crt /etc/pki/CA/
193
		cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/
131
		cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/
Line 202... Line 140...
202
		chown -R root:apache /etc/pki/tls/private; chmod 750 /etc/pki/tls/private
140
		chown -R root:apache /etc/pki/tls/private; chmod 750 /etc/pki/tls/private
203
		chmod 640 /etc/pki/tls/private/*
141
		chmod 640 /etc/pki/tls/private/*
204
# Import of the users database
142
# Import of the users database
205
		$DIR_BIN/alcasar-mysql.sh --import "$(ls $DIR_UPDATE/alcasar-users-database*)"
143
		$DIR_BIN/alcasar-mysql.sh --import "$(ls $DIR_UPDATE/alcasar-users-database*)"
206
# Retrieve local parameters
144
# Retrieve local parameters
207
		cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
145
		#TODO cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
208
		mv -f $DIR_UPDATE/etc/hosts /etc/hosts
-
 
209
		chmod 755 /etc/hosts
-
 
210
# Retrieve BL/WL custom files
146
# Retrieve BL/WL custom files
211
		cp -f $DIR_UPDATE/custom_bl/exceptioniplist $DIR_E2G/
147
		cp -f $DIR_UPDATE/custom_bl/exceptioniplist $DIR_E2G/
212
		cp -f $DIR_UPDATE/custom_bl/exceptionsitelist $DIR_E2G/
148
		cp -f $DIR_UPDATE/custom_bl/exceptionsitelist $DIR_E2G/
213
		cp -f $DIR_UPDATE/custom_bl/urlregexplist $DIR_E2G/
149
		cp -f $DIR_UPDATE/custom_bl/urlregexplist $DIR_E2G/
214
		cp -f $DIR_UPDATE/custom_bl/bannedsitelist $DIR_E2G/
150
		cp -f $DIR_UPDATE/custom_bl/bannedsitelist $DIR_E2G/