64,16 → 64,16 |
CONF_FILE="$DIR_DEST_ETC/alcasar.conf" # central ALCASAR conf file |
PASSWD_FILE="/root/ALCASAR-passwords.txt" # text file with the passwords and shared secrets |
# ******* DBMS parameters - paramètres SGBD ******** |
DB_RADIUS="radius" # nom de la base de données utilisée par le serveur FreeRadius |
DB_USER="radius" # nom de l'utilisateur de la base de données |
DB_RADIUS="radius" # database name used by FreeRadius server |
DB_USER="radius" # user name allows to request the users database |
# ******* Network parameters - paramètres réseau ******* |
HOSTNAME="alcasar" # |
DOMAIN="localdomain" # domaine local |
EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI) |
DOMAIN="localdomain" # default local domain |
EXTIF="eth0" # ETH0 is connected to the ISP broadband modem/router (In France : Box-FAI ) |
MTU="1500" |
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"' |
INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation |
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # adresse d'ALCASAR (+masque) proposée par défaut sur le réseau de consultation |
INTIF="eth1" # ETH1 is connected to the consultation network |
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # Default ALCASAR IP address |
# ****** Paths - chemin des commandes ******* |
SED="/bin/sed -i" |
# ****************** End of global parameters ********************* |
361,8 → 361,8 |
rm -rf conf/etc/alcasar.conf |
fi |
# Define LAN side global parameters |
hostname $HOSTNAME |
echo $HOSTNAME > /etc/hostname |
hostname $HOSTNAME.$DOMAIN |
echo $HOSTNAME.$DOMAIN > /etc/hostname |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # private network address (ie.: 192.168.182.0) |
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # private network mask (ie.: 255.255.255.0) |
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # ALCASAR private ip address (consultation LAN side) |
402,7 → 402,7 |
# config network |
cat <<EOF > /etc/sysconfig/network |
NETWORKING=yes |
HOSTNAME="$HOSTNAME" |
HOSTNAME="$HOSTNAME.$DOMAIN" |
FORWARD_IPV4=true |
EOF |
# config /etc/hosts |
525,7 → 525,7 |
$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php |
$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME.$DOMAIN\";?g" $DIR_WEB/index.php |
chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php |
chown -R apache:apache $DIR_WEB/* |
for i in system_backup base logs/firewall logs/httpd logs/squid logs/security; |
544,7 → 544,7 |
# Configuration et sécurisation Apache |
rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README* |
[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default |
$SED "s?^#ServerName.*?ServerName $HOSTNAME?g" /etc/httpd/conf/httpd.conf |
$SED "s?^#ServerName.*?ServerName $HOSTNAME.$DOMAIN?g" /etc/httpd/conf/httpd.conf |
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf |
$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf |
$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf |
597,7 → 597,7 |
chmod 755 $DIR_DEST_ETC/digest |
until [ -s $DIR_DEST_ETC/digest/key_admin ] |
do |
/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME $admin_portal |
/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal |
done |
$DIR_DEST_SBIN/alcasar-profil.sh --list |
else # mise à jour des versions < 2.1 |
619,7 → 619,7 |
chmod 755 $DIR_DEST_ETC/digest |
until [ -s $DIR_DEST_ETC/digest/key_admin ] |
do |
/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME $admin_portal |
/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal |
done |
$DIR_DEST_SBIN/alcasar-profil.sh --list |
fi |
639,10 → 639,10 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
AuthName $HOSTNAME.$DOMAIN |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_DEST_ETC/digest/key_all |
ErrorDocument 404 https://$HOSTNAME/ |
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/ |
</Directory> |
<Directory $DIR_ACC/admin> |
SSLRequireSSL |
654,10 → 654,10 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
AuthName $HOSTNAME.$DOMAIN |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_DEST_ETC/digest/key_admin |
ErrorDocument 404 https://$HOSTNAME/ |
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/ |
</Directory> |
<Directory $DIR_ACC/manager> |
SSLRequireSSL |
669,10 → 669,10 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
AuthName $HOSTNAME.$DOMAIN |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_DEST_ETC/digest/key_manager |
ErrorDocument 404 https://$HOSTNAME/ |
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/ |
</Directory> |
<Directory $DIR_ACC/backup> |
SSLRequireSSL |
684,10 → 684,10 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
AuthName $HOSTNAME.$DOMAIN |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_DEST_ETC/digest/key_backup |
ErrorDocument 404 https://$HOSTNAME/ |
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/ |
</Directory> |
Alias /save/ "$DIR_SAVE/" |
<Directory $DIR_SAVE> |
700,9 → 700,9 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
AuthName $HOSTNAME.$DOMAIN |
AuthUserFile $DIR_DEST_ETC/digest/key_backup |
ErrorDocument 404 https://$HOSTNAME/ |
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/ |
</Directory> |
EOF |
} # End of ACC() |
868,7 → 868,7 |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
ErrorDocument 404 https://$HOSTNAME |
ErrorDocument 404 https://$HOSTNAME.$DOMAIN |
</Directory> |
EOF |
} # End of param_web_radius () |
984,14 → 984,14 |
uamport 3990 |
macauth |
macpasswd password |
locationname $HOSTNAME |
locationname $HOSTNAME.$DOMAIN |
radiusserver1 127.0.0.1 |
radiusserver2 127.0.0.1 |
radiussecret $secretradius |
radiusauthport 1812 |
radiusacctport 1813 |
uamserver https://$HOSTNAME/intercept.php |
radiusnasid $HOSTNAME |
uamserver https://$HOSTNAME.$DOMAIN/intercept.php |
radiusnasid $HOSTNAME.$DOMAIN |
uamsecret $secretuam |
uamallowed alcasar |
coaport 3799 |