411,6 → 411,8 |
logfile /var/log/ntp.log |
EOF |
chown -R ntp:ntp /etc/ntp |
# synchronisation horaire |
ntpd -q -g & |
# Renseignement des fichiers hosts.allow et hosts.deny |
[ -e /etc/hosts.allow.default ] || cp /etc/hosts.allow /etc/hosts.allow.default |
cat <<EOF > /etc/hosts.allow |
460,7 → 462,7 |
# Configuration et sécurisation Apache |
[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default |
$SED "s?^#ServerName.*?ServerName $PRIVATE_IP?g" /etc/httpd/conf/httpd.conf |
$SED "s?^Listen.*?#Listen 127.0.0.1:80?g" /etc/httpd/conf/httpd.conf |
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf |
$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf |
$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf |
$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf |
473,6 → 475,16 |
</html> |
EOF |
echo "- URL d'accès au centre de gestion : https://$PRIVATE_IP" >> $FIC_PARAM |
# On crée le VirtualHost pour l'accès au port 80 (redirection après filtrage) |
FIC_VIRTUAL=`find /etc/httpd/conf -type f -name *default_vhosts*` |
[ -e /etc/httpd/conf/vhosts.default ] || cp $FIC_VIRTUAL /etc/httpd/conf/vhosts.default |
cat <<EOF > $FIC_VIRTUAL |
NameVirtualHost *:80 |
<VirtualHost *:80> |
ServerName $HOSTNAME |
DocumentRoot $DIR_WEB/redirect |
</VirtualHost> |
EOF |
# Définition du premier compte lié au profil 'admin' |
if [ "$mode" = "install" ] |
then |
498,8 → 510,6 |
# Création des fichiers de clés des deux autres profils (backup + manager) contenant ce compte |
$DIR_DEST_SBIN/alcasar-profil.sh -list |
fi |
# synchronisation horaire |
ntpd -q -g & |
# Sécurisation du centre |
rm -f /etc/httpd/conf/webapps.d/* |
cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf |
590,9 → 600,10 |
{ |
$SED "s?ifcfg-eth.?ifcfg-$INTIF?g" $DIR_DEST_BIN/alcasar-CA.sh |
$DIR_DEST_BIN/alcasar-CA.sh $mode |
MOD_SSL=`find /etc/httpd/conf -type f -name *default_ssl*` |
$SED "s?localhost.crt?alcasar.crt?g" $MOD_SSL |
$SED "s?localhost.key?alcasar.key?g" $MOD_SSL |
FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl*` |
[ -e /etc/httpd/conf/vhosts-ssl.default ] || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default |
$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL |
$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL |
chown -R root:apache /etc/pki |
chmod -R 750 /etc/pki |
} # End AC () |