| 2941 |
rexy |
1 |
#!/bin/bash
|
|
|
2 |
|
|
|
3 |
# alcasar-rpm.sh
|
|
|
4 |
# by 3abtux and Rexy
|
|
|
5 |
# This script is distributed under the Gnu General Public License (GPL)
|
|
|
6 |
|
| 2990 |
rexy |
7 |
# script de mise en place des dépots RPM + installation des RPM complémentaires
|
|
|
8 |
# configure the RPM repository + complementary RPM installation
|
| 2941 |
rexy |
9 |
|
|
|
10 |
Lang=`echo $LANG|cut -c 1-2`
|
| 2971 |
rexy |
11 |
SED="/bin/sed -i"
|
| 3190 |
rexy |
12 |
VERSION="9"
|
| 2941 |
rexy |
13 |
ARCH="x86_64"
|
|
|
14 |
# The kernel version we compile netflow for
|
| 3203 |
rexy |
15 |
KERNEL="kernel-server-6.6.28-1.mga9"
|
| 2941 |
rexy |
16 |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
|
|
|
17 |
# (old) perl-Socket6 : needed by nfsen
|
|
|
18 |
# "fonts-dejavu-common" & "fonts-ttf-dejavu" : fonts needed by wkhtmltopdf
|
| 3077 |
rexy |
19 |
# "lsscsi" & nvme-cli" & "php-dom" : needed by phpsysinfo
|
| 2941 |
rexy |
20 |
# "socat" : avoid a warning when run the install script of letsencrypt ("acme.sh")
|
|
|
21 |
# "sudo" : needed after a reinstallation (to be investigated)
|
| 3053 |
rexy |
22 |
# "postfix" + "cyrus-sasl" + "lib64sasl2-plug-plain" : email registration method
|
| 3193 |
rexy |
23 |
# "nmap" : "/usr/share/nmap/nmap-mac-prefixes" is used to display MAC manufacturers in ACC
|
|
|
24 |
|
| 3190 |
rexy |
25 |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-dom php-filter unbound e2guardian postfix mariadb ntpsec bind-utils openssh-server rng-utils rsync fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware kernel-firmware-nonfree dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop"
|
| 2941 |
rexy |
26 |
|
|
|
27 |
rpm_repository_sync ()
|
|
|
28 |
{
|
| 3111 |
rexy |
29 |
cat <<EOF > /etc/urpmi/urpmi.cfg
|
| 2941 |
rexy |
30 |
{
|
|
|
31 |
downloader: wget
|
|
|
32 |
}
|
|
|
33 |
EOF
|
| 3111 |
rexy |
34 |
echo ${!MIRRORLIST}
|
|
|
35 |
urpmi.addmedia core --probe-synthesis --mirrorlist ${!MIRRORLIST} /media/core/release
|
|
|
36 |
urpmi.addmedia core-updates --update --probe-synthesis --mirrorlist ${!MIRRORLIST} /media/core/updates
|
|
|
37 |
urpmi.addmedia nonfree --probe-synthesis --mirrorlist ${!MIRRORLIST} /media/nonfree/release
|
|
|
38 |
urpmi.addmedia nonfree-updates --update --probe-synthesis --mirrorlist ${!MIRRORLIST} /media/nonfree/updates
|
| 2941 |
rexy |
39 |
}
|
|
|
40 |
|
|
|
41 |
rpm_error ()
|
|
|
42 |
{
|
| 3111 |
rexy |
43 |
# restore previous rpm conf file & removed RPMs
|
|
|
44 |
[ -e /etc/urpmi/urpmi.cfg.old ] && mv /etc/urpmi/urpmi.cfg.old /etc/urpmi/urpmi.cfg
|
|
|
45 |
urpmi --no-verify-rpm --auto rpms/$ARCH/wkhtmltopdf*.rpm
|
|
|
46 |
echo
|
|
|
47 |
if [ $Lang == "fr" ]
|
|
|
48 |
then
|
|
|
49 |
echo "Relancez l'installation ultérieurement."
|
|
|
50 |
echo "Si vous rencontrez à nouveau ce problème, modifier les variables MIRRORLIST[1&2] du fichier 'scripts/alcasar-rpm.sh'"
|
|
|
51 |
else
|
|
|
52 |
echo "Try an other install later."
|
|
|
53 |
echo "If this problem occurs again, change the MIRRORLIST[1&2] variables in the file 'scripts/alcasar-rpm.sh'"
|
|
|
54 |
fi
|
| 2941 |
rexy |
55 |
}
|
|
|
56 |
|
|
|
57 |
# We prefer wget than curl
|
|
|
58 |
urpmi --no-verify-rpm --auto rpms/$ARCH/wget*.rpm
|
|
|
59 |
|
|
|
60 |
# Set the RPM repository (if not already set)
|
| 3111 |
rexy |
61 |
cp /etc/urpmi/urpmi.cfg /etc/urpmi/urpmi.cfg.old
|
| 2941 |
rexy |
62 |
ACTIVE_REPO=`cat /etc/urpmi/urpmi.cfg|grep "mageia.org"|wc -l`
|
| 2990 |
rexy |
63 |
MIRROR_NBR=3
|
|
|
64 |
# For French
|
|
|
65 |
MIRRORLIST1="http://ftp.free.fr/mirrors/mageia.org/distrib/$VERSION/$ARCH"
|
| 2941 |
rexy |
66 |
# For Europeans
|
| 2990 |
rexy |
67 |
MIRRORLIST2="https://www.mirrorservice.org/pub/mageia/distrib/$VERSION/$ARCH"
|
|
|
68 |
# For everybody
|
|
|
69 |
MIRRORLIST3="https://mirrors.mageia.org/api/mageia.$VERSION.$ARCH.list"
|
| 2941 |
rexy |
70 |
try_nb="0"; nb_repository="0"
|
|
|
71 |
while [ "$nb_repository" != "4" ]
|
|
|
72 |
do
|
|
|
73 |
try_nb=`expr $try_nb + 1`
|
|
|
74 |
MIRRORLIST="MIRRORLIST$try_nb"
|
|
|
75 |
rpm_repository_sync
|
|
|
76 |
nb_repository=`cat /etc/urpmi/urpmi.cfg|grep mirrorlist|wc -l`
|
|
|
77 |
if [ "$nb_repository" != "4" ]
|
|
|
78 |
then
|
|
|
79 |
if [ $Lang == "fr" ]
|
|
|
80 |
then
|
|
|
81 |
echo "Une erreur a été détectée lors de la synchronisation avec le dépot N°$try_nb."
|
|
|
82 |
else
|
|
|
83 |
echo "An error occurs when synchronising the repositories N°$try_nb"
|
|
|
84 |
fi
|
|
|
85 |
if [ $(expr $try_nb) -eq $MIRROR_NBR ]
|
|
|
86 |
then
|
|
|
87 |
rpm_error
|
|
|
88 |
exit 1
|
|
|
89 |
fi
|
|
|
90 |
if [ $Lang == "fr" ]
|
|
|
91 |
then
|
|
|
92 |
echo "Voulez-vous tenter une synchronisation avec un autre dépôt ? (O/n)"
|
|
|
93 |
else
|
|
|
94 |
echo "Do you want to try a synchronisation with an other repository? (Y/n)"
|
|
|
95 |
fi
|
|
|
96 |
response=0
|
|
|
97 |
PTN='^[oOnNyY]?$'
|
|
|
98 |
until [[ "$response" =~ $PTN ]]
|
|
|
99 |
do
|
|
|
100 |
read response
|
|
|
101 |
done
|
|
|
102 |
if [ "$response" = "n" ] || [ "$response" = "N" ]
|
|
|
103 |
then
|
| 3111 |
rexy |
104 |
[ -e /etc/urpmi/urpmi.cfg.old ] && mv /etc/urpmi/urpmi.cfg.old /etc/urpmi/urpmi.cfg # restore previous rpm conf file
|
| 2941 |
rexy |
105 |
exit 1
|
|
|
106 |
fi
|
|
|
107 |
fi
|
|
|
108 |
done
|
| 3093 |
rexy |
109 |
|
| 3200 |
rexy |
110 |
# Clean the RPM cache
|
|
|
111 |
urpmi --clean
|
|
|
112 |
|
| 3093 |
rexy |
113 |
# At this time, we only skip Kernel update
|
|
|
114 |
echo "/^kernel/" > /etc/urpmi/skip.list
|
| 3190 |
rexy |
115 |
if [ `grep -E '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
|
| 3093 |
rexy |
116 |
$SED "s?^exclude=.*?exclude=kernel\*?g" /etc/dnf/dnf.conf
|
|
|
117 |
else
|
|
|
118 |
echo "exclude=kernel*" >> /etc/dnf/dnf.conf
|
|
|
119 |
fi
|
|
|
120 |
|
| 2941 |
rexy |
121 |
# download the kernel used by ALCASAR
|
|
|
122 |
if [ $Lang == "fr" ]
|
|
|
123 |
then
|
|
|
124 |
echo "Récupération du noyau Linux exploité par ALCASAR. Veuillez patienter ..."
|
|
|
125 |
else
|
|
|
126 |
echo "Download the Linux kernel used by ALCASAR. Please wait ..."
|
|
|
127 |
fi
|
|
|
128 |
urpmi --auto --quiet $KERNEL
|
| 3093 |
rexy |
129 |
|
| 2941 |
rexy |
130 |
# download updated RPM in cache
|
|
|
131 |
if [ $Lang == "fr" ]
|
|
|
132 |
then
|
|
|
133 |
echo "Récupération des paquetages de mise à jour. Veuillez patienter ..."
|
|
|
134 |
echo "Il est temps d'aller prendre un café (ou une bonne bière) ;-)"
|
|
|
135 |
else
|
|
|
136 |
echo "Updated RPM download. Please wait ..."
|
|
|
137 |
echo "You should now take a coffe (or a good beer) ;-)"
|
|
|
138 |
fi
|
| 3206 |
rexy |
139 |
urpme freeradius-ldap # Avoid an update error due to the file "rlm.ldap.so" embedded in "lib64radius1" & "freeradius-ldap" RPMs. This issue has been reported to Mga bugzilla (awaiting a fix...)
|
| 2941 |
rexy |
140 |
urpmi --auto --auto-update --quiet --test --retry 2
|
|
|
141 |
if [ "$?" != "0" ]
|
|
|
142 |
then
|
|
|
143 |
echo
|
|
|
144 |
if [ $Lang == "fr" ]
|
|
|
145 |
then
|
|
|
146 |
echo "Une erreur a été détectée lors de la récupération des paquetages."
|
|
|
147 |
else
|
|
|
148 |
echo "An error occurs when downloading RPMS"
|
|
|
149 |
fi
|
|
|
150 |
rpm_error
|
|
|
151 |
exit 1
|
|
|
152 |
fi
|
|
|
153 |
|
|
|
154 |
# update with cached RPM
|
|
|
155 |
urpmi --auto --auto-update
|
|
|
156 |
if [ "$?" != "0" ]
|
|
|
157 |
then
|
|
|
158 |
echo
|
|
|
159 |
if [ $Lang == "fr" ]
|
|
|
160 |
then
|
|
|
161 |
echo "Une erreur a été détectée lors de la mise à jour des paquetages."
|
|
|
162 |
else
|
|
|
163 |
echo "An error occurs when updating packages"
|
|
|
164 |
fi
|
|
|
165 |
rpm_error
|
|
|
166 |
exit 1
|
|
|
167 |
fi
|
|
|
168 |
|
|
|
169 |
# Download of ALCASAR specifics RPM in cache (and test)
|
|
|
170 |
if [ $Lang == "fr" ]
|
|
|
171 |
then
|
|
|
172 |
echo "Récupération des paquetages complémentaires. Veuillez patienter ..."
|
|
|
173 |
else
|
|
|
174 |
echo "Download of complementary packages. Please wait ..."
|
|
|
175 |
fi
|
|
|
176 |
urpmi --auto --no-recommends $PACKAGES --quiet --test --retry 2
|
|
|
177 |
if [ "$?" != "0" ]
|
|
|
178 |
then
|
|
|
179 |
echo
|
|
|
180 |
if [ $Lang == "fr" ]
|
|
|
181 |
then
|
|
|
182 |
echo "Une erreur a été détectée lors de la récupération des paquetages complémentaires."
|
|
|
183 |
else
|
|
|
184 |
echo "An error occurs when downloading complementary packages"
|
|
|
185 |
fi
|
|
|
186 |
rpm_error
|
|
|
187 |
exit 1
|
|
|
188 |
fi
|
|
|
189 |
|
|
|
190 |
# update with cached RPM
|
|
|
191 |
urpmi --auto --no-recommends $PACKAGES
|
|
|
192 |
if [ "$?" != "0" ]
|
|
|
193 |
then
|
|
|
194 |
echo
|
|
|
195 |
if [ $Lang == "fr" ]
|
|
|
196 |
then
|
|
|
197 |
echo "Une erreur a été détectée lors de l'installation des paquetages complémentaires."
|
|
|
198 |
else
|
|
|
199 |
echo "An error occurs when installing complementary packages"
|
|
|
200 |
fi
|
|
|
201 |
rpm_error
|
|
|
202 |
exit 1
|
|
|
203 |
fi
|
|
|
204 |
|
|
|
205 |
# Keep only the kernel version we compil netflow with, and remove all others
|
|
|
206 |
kernelVersion=$(rpm -qa | grep -e ^kernel-server -e ^kernel-desktop)
|
|
|
207 |
for i in $kernelVersion
|
|
|
208 |
do
|
|
|
209 |
if [ $i != $KERNEL ];then
|
|
|
210 |
urpme --auto $i
|
|
|
211 |
fi
|
|
|
212 |
done
|
| 3093 |
rexy |
213 |
|
| 2941 |
rexy |
214 |
# delete unused RPMs
|
|
|
215 |
if [ $Lang == "fr" ]
|
|
|
216 |
then
|
|
|
217 |
echo "Cleaning the system : "
|
|
|
218 |
else
|
|
|
219 |
echo "Nettoyage du système : "
|
|
|
220 |
fi
|
| 3170 |
rexy |
221 |
unused_rpm="shorewall mandi plymouth squid polkit pm-utils dnsmasq clamav clamd clamav-db"
|
| 2988 |
rexy |
222 |
/usr/sbin/urpme --auto -a $unused_rpm
|
| 3093 |
rexy |
223 |
for rpm in `rpm -qa|grep mga7`; do urpme --auto $rpm; done
|
| 2941 |
rexy |
224 |
/usr/sbin/urpme --auto --auto-orphans
|
|
|
225 |
|
|
|
226 |
# Save chilli launch script (erase with new rpm one)
|
|
|
227 |
[ -e /etc/chilli.conf ] && cp /etc/chilli.conf /tmp/
|
|
|
228 |
# Install home made RPMs
|
|
|
229 |
for pkg in `ls rpms/$ARCH/*.rpm`
|
|
|
230 |
do
|
|
|
231 |
urpmi --no-verify --auto $pkg
|
|
|
232 |
done
|
|
|
233 |
# restore chilli launch script
|
|
|
234 |
[ -e /tmp/chilli.conf ] && mv /tmp/chilli.conf /etc/
|
| 3093 |
rexy |
235 |
|
| 2941 |
rexy |
236 |
# Clean the RPM cache
|
|
|
237 |
urpmi --clean
|
|
|
238 |
# the ipt-netflow RPM add the kernel module ipt_NETFLOW (the modules dependance tree need to be updated). "2>/dev/null" in order not to display a error (the running kernel is not the ALCASAR one during the installation process)
|
|
|
239 |
/sbin/depmod -a 2>/dev/null
|
|
|
240 |
# test if all needed rpms are correctly installed
|
|
|
241 |
count_pkg=0; nb_pkg=0;
|
|
|
242 |
for pkg in $PACKAGES
|
|
|
243 |
do
|
|
|
244 |
nb_pkg=`expr $nb_pkg + 1`
|
|
|
245 |
if rpm -q --quiet $pkg ; then
|
|
|
246 |
count_pkg=`expr $count_pkg + 1`
|
|
|
247 |
else
|
|
|
248 |
echo "error installing $pkg"
|
|
|
249 |
fi
|
|
|
250 |
done
|
|
|
251 |
if [ $count_pkg -ne $nb_pkg ]
|
|
|
252 |
then
|
|
|
253 |
exit 1
|
|
|
254 |
fi
|
| 3093 |
rexy |
255 |
|
| 2941 |
rexy |
256 |
# test if all custom rpms are correctly installed
|
|
|
257 |
count_pkg=0; nb_pkg=0;
|
|
|
258 |
for pkg in `ls rpms/$ARCH/|sed 's/.x86_64.rpm//'`
|
|
|
259 |
do
|
|
|
260 |
nb_pkg=`expr $nb_pkg + 1`
|
|
|
261 |
if rpm -q --quiet $pkg ; then
|
|
|
262 |
count_pkg=`expr $count_pkg + 1`
|
|
|
263 |
else
|
|
|
264 |
echo "error installing $pkg"
|
|
|
265 |
fi
|
|
|
266 |
done
|
|
|
267 |
if [ $count_pkg -ne $nb_pkg ]
|
|
|
268 |
then
|
|
|
269 |
exit 1
|
|
|
270 |
fi
|
| 3104 |
rexy |
271 |
|
|
|
272 |
# .rpmnew handling (unused with ALCASAR)
|
|
|
273 |
[ -e /etc/shadow.rpmnew ] && rm -f /etc/shadow.rpmnew
|
|
|
274 |
[ -e /etc/sysconfig/system.rpmnew ] && rm -f /etc/sysconfig/system.rpmnew
|
|
|
275 |
[ -e /etc/rpm/macros.rpmnew ] && rm -f /etc/rpm/macros.rpmnew
|
|
|
276 |
[ -e /etc/fstab.rpmnew ] && rm -f /etc/fstab.rpmnew
|
|
|
277 |
[ -e /etc/shells.rpmnew ] && rm -f /etc/shells.rpmnew
|
|
|
278 |
[ -e /etc/hosts.rpmnew ] && rm -f /etc/hosts.rpmnew
|
|
|
279 |
[ -e /etc/systemd/journald.conf.rpmnew ] && rm -f /etc/systemd/journald.conf.rpmnew
|
|
|
280 |
[ -e /etc/raddb/certs/dh.rpmnew ] && rm -f /etc/raddb/certs/dh.rpmnew
|
|
|
281 |
|
|
|
282 |
# .rpmnew handling (used with ALCASAR)
|
|
|
283 |
[ -e /etc/php.ini.rpmnew ] && mv -f /etc/php.ini.rpmnew /etc/php.ini.default
|
|
|
284 |
[ -e /etc/lighttpd/lighttpd.conf.rpmnew ] && mv -f /etc/lighttpd/lighttpd.conf.rpmnew /etc/lighttpd/lighttpd.conf.default
|
|
|
285 |
[ -e /etc/lighttpd/modules.conf.rpmnew ] && mv -f /etc/lighttpd/modules.conf.rpmnew /etc/lighttpd/modules.conf.default
|
|
|
286 |
[ -e /etc/e2guardian/e2guardian.conf.rpmnew ] && mv -f /etc/e2guardian/e2guardian.conf.rpmnew /etc/e2guardian/e2guardian.conf.default
|
|
|
287 |
[ -e /etc/e2guardian/e2guardianf1.conf.rpmnew ] && mv -f /etc/e2guardian/e2guardianf1.conf.rpmnew /etc/e2guardian/e2guardianf1.conf.default
|
|
|
288 |
[ -e /etc/e2guardian/lists/urlregexplist.rpmnew ] && mv -f /etc/e2guardian/lists/urlregexplist.rpmnew /etc/e2guardian/lists/urlregexplist.default
|
|
|
289 |
[ -e /etc/e2guardian/lists/bannedregexpurllist.rpmnew ] && mv -f /etc/e2guardian/lists/bannedregexpurllist.rpmnew /etc/e2guardian/lists/bannedregexpurllist.default
|
|
|
290 |
[ -e /etc/vnstat.conf.rpmnew ] && mv -f /etc/vnstat.conf.rpmnew /etc/vnstat.conf.default
|
|
|
291 |
[ -e /etc/fail2ban/jail.conf.rpmnew ] && mv -f /etc/fail2ban/jail.conf.rpmnew /etc/fail2ban/jail.conf.default
|
|
|
292 |
[ -e /etc/ssh/sshd_config.rpmnew ] && mv -f /etc/ssh/sshd_config.rpmnew /etc/ssh/sshd_config.default
|
|
|
293 |
|
| 2941 |
rexy |
294 |
exit 0
|