Subversion Repositories ALCASAR

Rev

Rev 597 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 597 Rev 604
Line 6... Line 6...
6 
 
 6 
 
7 
# Install network parameters for ALCASAR
7 
# Install network parameters for ALCASAR
8 
# Installation des paramètres réseau d'ALCASAR
 8 
# Installation des paramètres réseau d'ALCASAR
9 
 
 9 
 
10 
# ******* Global *******
 10 
# ******* Global *******
11 
DIR_DEST_ETC="/usr/local/etc"			# répertoire des fichiers de conf
 11 
DIR_DEST_ETC="/usr/local/etc"			# alcasar conf files folder
- 
 
 12 
DIR_DEST_BIN="/usr/local/bin/"			# alcasar scripts folder
- 
 
 13 
DIR_WEB="/var/www/html"				# alcasar control center
12 
FIC_PARAM="/root/ALCASAR-parameters.txt"
 14 
FIC_PARAM="/root/ALCASAR-parameters.txt"
13 
HOSTNAME="alcasar"
 15 
HOSTNAME="alcasar"
14 
DOMAIN="localdomain"				# domaine local
 16 
DOMAIN="localdomain"				# domaine local
15 
EXTIF="eth0"					# ETH0 est l'interface connectée à Internet (Box FAI)
 17 
EXTIF="eth0"					# ETH0 est l'interface connectée à Internet (Box FAI)
16 
INTIF="eth1"					# ETH1 est l'interface connectée au réseau local de consultation
 18 
INTIF="eth1"					# ETH1 est l'interface connectée au réseau local de consultation
17 
SED="/bin/sed -i"
 19 
SED="/bin/sed -i"
18 
 
 20 
 
19 
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/[012]?[0-9]\b"
 21 
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/[012]?[0-9]\b"
20 
PRIVATE_IP_MASK=`cat $DIR_DEST_ETC/alcasar-network|grep PRIVATE_IP|cut -d"=" -f2`
 22 
PRIVATE_IP_MASK=`grep PRIVATE_IP $DIR_DEST_ETC/alcasar-network|cut -d"=" -f2`
21 
check=$(echo $PRIVATE_IP_MASK | egrep $PTN)
 23 
check=$(echo $PRIVATE_IP_MASK | egrep $PTN)
22 
if [[ "$?" -ne 0 ]]
 24 
if [[ "$?" -ne 0 ]]
23 
then
25 
then
24 
	echo "Syntax error for PRIVATE_IP ($PRIVATE_IP)"
 26 
	echo "Syntax error for PRIVATE_IP_MASK ($PRIVATE_IP_MASK)"
25 
	exit 0
 27 
	exit 0
26 
fi
 28 
fi
27 
PUBLIC_IP_MASK=`cat $DIR_DEST_ETC/alcasar-network|grep PUBLIC_IP|cut -d"=" -f2`
 29 
PUBLIC_IP_MASK=`grep PUBLIC_IP $DIR_DEST_ETC/alcasar-network|cut -d"=" -f2`
28 
check=$(echo $PUBLIC_IP_MASK | egrep $PTN)
 30 
check=$(echo $PUBLIC_IP_MASK | egrep $PTN)
29 
if [[ "$?" -ne 0 ]]
 31 
if [[ "$?" -ne 0 ]]
30 
then
32 
then
31 
	echo "Syntax error for PUBLIC_IP ($PUBLIC_IP)"
 33 
	echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"
32 
	exit 0
 34 
	exit 0
33 
fi
 35 
fi
34 
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
 36 
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
35 
PUBLIC_GATEWAY=`cat $DIR_DEST_ETC/alcasar-network|grep GW|cut -d"=" -f2`
 37 
PUBLIC_GATEWAY=`grep GW $DIR_DEST_ETC/alcasar-network|cut -d"=" -f2`
36 
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
 38 
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
37 
if [[ "$?" -ne 0 ]]
 39 
if [[ "$?" -ne 0 ]]
38 
then
40 
then
39 
	echo "Syntax error for the Gateway IP ($PUBLIC_GATEWAY)"
 41 
	echo "Syntax error for the Gateway IP ($PUBLIC_GATEWAY)"
40 
	exit 0
 42 
	exit 0
41 
fi
 43 
fi
42 
DNS1=`cat $DIR_DEST_ETC/alcasar-network|grep DNS1|cut -d"=" -f2`
 44 
DNS1=`grep DNS1 $DIR_DEST_ETC/alcasar-network|cut -d"=" -f2`
43 
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
 45 
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
44 
if [[ "$?" -ne 0 ]]
 46 
if [[ "$?" -ne 0 ]]
45 
then
47 
then
46 
	echo "Syntax error for the IP address of the first DNS server ($EXT_GATEWAY)"
 48 
	echo "Syntax error for the IP address of the first DNS server ($DNS1)"
47 
	exit 0
 49 
	exit 0
48 
fi
 50 
fi
49 
DNS2=`cat $DIR_DEST_ETC/alcasar-network|grep DNS2|cut -d"=" -f2`
 51 
DNS2=`grep DNS2 $DIR_DEST_ETC/alcasar-network|cut -d"=" -f2`
50 
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
 52 
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
51 
if [[ "$?" -ne 0 ]]
 53 
if [[ "$?" -ne 0 ]]
52 
then
54 
then
53 
	echo "Syntax error for the IP address of the second DNS server ($EXT_GATEWAY)"
 55 
	echo "Syntax error for the IP address of the second DNS server ($DNS2)"
54 
	exit 0
 56 
	exit 0
55 
fi
 57 
fi
56 
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`	# @ réseau de consultation (ex.: 192.168.182.0)
 58 
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`	# @ réseau de consultation (ex.: 192.168.182.0)
57 
	private_prefix=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`		# prefixe du réseau (ex. 24)
 59 
	private_prefix=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`		# prefixe du réseau (ex. 24)
58 
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$private_prefix			# @ + masque du réseau de consult (192.168.182.0/24)
 60 
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$private_prefix			# @ + masque du réseau de consult (192.168.182.0/24)
59 
	classe=$((private_prefix/8));						# classe de réseau (ex.: 2=classe B, 3=classe C)
 61 
	classe=$((private_prefix/8));						# classe de réseau (ex.: 2=classe B, 3=classe C)
60 
	classe_sup=`expr $classe + 1`
 62 
	classe_sup=`expr $classe + 1`
61 
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`	# dernier octet de l'@ de réseau
 63 
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`	# dernier octet de l'@ de réseau
62 
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.		# @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.)
 64 
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.		# @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.)
63 
	PRIVATE_MASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`		# masque réseau de consultation (ex.: 255.255.255.0)
 65 
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`		# masque réseau de consultation (ex.: 255.255.255.0)
64 
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_IP_MASK | cut -d"=" -f2`	# @ broadcast réseau de consultation (ex.: 192.168.182.255)
 66 
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_IP_MASK | cut -d"=" -f2`	# @ broadcast réseau de consultation (ex.: 192.168.182.255)
65 
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`	# dernier octet de l'@ de broadcast
 67 
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`	# dernier octet de l'@ de broadcast
66 
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`			# @ip du portail (côté réseau de consultation)
 68 
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`			# @ip du portail (côté réseau de consultation)
67 
	PRIVATE_DYN_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2`	# @ip du portail (côté réseau de consultation)
 69 
	PRIVATE_DYN_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2`	# @ip du portail (côté réseau de consultation)
68 
	PRIVATE_DYN_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# @ip du portail (côté réseau de consultation)
 70 
	PRIVATE_DYN_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# @ip du portail (côté réseau de consultation)
- 
 
 71 
	PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1`			# @IP du portail (côté Internet)
- 
 
 72 
	PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`		# masque réseau côté Internet (ex.: 255.255.255.0)
69 
 
 73 
 
70 
# Change in ALCASAR-parameters
 74 
# Change in ALCASAR-parameters
71 
$SED "s?^- WAN IP.*?- WAN IP address ($EXTIF) :\t$PUBLIC_IP_MASK?g" $FIC_PARAM
 75 
$SED "s?^- WAN IP.*?- WAN IP address ($EXTIF) :\t$PUBLIC_IP_MASK?g" $FIC_PARAM
72 
$SED "s?^- Gateway.*?- Gateway IP addess :\t$PUBLIC_GATEWAY?g" $FIC_PARAM
 76 
$SED "s?^- Gateway.*?- Gateway IP addess :\t\t$PUBLIC_GATEWAY?g" $FIC_PARAM
73 
$SED "s?^- DNS servers.*?- DNS servers :\t$DNS1 and $DNS2?g" $FIC_PARAM
 77 
$SED "s?^- DNS servers.*?- DNS servers :\t\t\t$DNS1 and $DNS2?g" $FIC_PARAM
74 
$SED "s?^- LAN IP.*?- LAN IP address ($INTIF) :\t$PRIVATE_IP_MASK?g" $FIC_PARAM
 78 
$SED "s?^- LAN IP.*?- LAN IP address ($INTIF) :\t$PRIVATE_IP_MASK?g" $FIC_PARAM
75 
$SED "s?^- Dynamic.*?- Dynamic IP addresses (DHCP) :\tfrom $PRIVATE_DYN_FIRST_IP to $PRIVATE_DYN_LAST_IP?g" $FIC_PARAM
 79 
$SED "s?^- Dynamic.*?- Dynamic IP addresses (DHCP) :\tfrom $PRIVATE_DYN_FIRST_IP to $PRIVATE_DYN_LAST_IP?g" $FIC_PARAM
- 
 
 80 
 
- 
 
 81 
# Networt Cards config
- 
 
 82 
$SED "s?^IPADDR=.*?IPADDR=$PUBLIC_IP?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
- 
 
 83 
$SED "s?^NETMASK=.*?NETMASK=$PUBLIC_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
- 
 
 84 
$SED "s?^GATEWAY=.*?GATEWAY=$PUBLIC_GATEWAY?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
- 
 
 85 
$SED "s?^IPADDR=.*?IPADDR=$PRIVATE_IP?" /etc/sysconfig/network-scripts/ifcfg-$INTIF
- 
 
 86 
$SED "s?^NETMASK=.*?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$INTIF
- 
 
 87 
 
76 
# Change in ...
 88 
# NTP server
- 
 
 89 
$SED "s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap\nrestrict 127.0.0.1?" /etc/ntp.conf
- 
 
 90 
$SED "s?^ntpd:.*?ntpd: $PRIVATE_NETWORK_SHORT?" /etc/hosts.allow
- 
 
 91 
 
- 
 
 92 
# Alcasar control center
- 
 
 93 
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
- 
 
 94 
$SED "s?^\$private_ip =.*?\$private_ip = \"$PRIVATE_IP\";?g" $DIR_WEB/index.php
- 
 
 95 
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
- 
 
 96 
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL
- 
 
 97 
#...
- 
 
 98 
 
- 
 
 99 
 
- 
 
 100 
# Start / Stop SSH Daemon
- 
 
 101 
ssh_active=`grep SSH $DIR_DEST_ETC/alcasar-network|cut -d"=" -f2`
- 
 
 102 
if [ $ssh_active = "on" ]
- 
 
 103 
	then
- 
 
 104 
/sbin/chkconfig --add sshd
- 
 
 105 
else
- 
 
 106 
/sbin/chkconfig --del sshd
- 
 
 107 
fi
- 
 
 108 
 
- 
 
 109 
 
- 
 
 110 
$DIR_DEST_BIN/alcasar-iptables.sh
- 
 
 111