5,14 → 5,14 |
# by REXY |
# This script is distributed under the Gnu General Public License (GPL) |
|
# Ce script permet de mettre à jour d'ALCASAR |
# - création de l'archive des fichiers de configuration "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
# - chargement de l'archive de fichiers de configuration lors de la mise à jour d'un alcasar (alcasar-conf -load). Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions |
# - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" à chaud (alcasar-conf -apply) |
# Ce script permet la mise à jour d'un ALCASAR |
# - (alcasar-conf.sh -create) : création de l'archive des fichiers de configuration (/var/tmp/alcasar-conf.tar.gz) |
# - (alcasar-conf.sh -load) : chargement de l'archive des fichiers de configuration. Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions |
# - (alcasar-conf.sh -apply) : application des directives du fichier de conf central "/usr/local/etc/alcasar.conf". Peut aussi être exploité à chaud après avoir changé des valeurs du fichier de conf. |
# This script allows ALCASAR update |
# - create the configuration files backup "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
# - load the backup of configuration files during the update process (alcasar-conf -load). If needed, it's here we update files between versions |
# - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification are needed (alcasar-conf -apply) |
# - (alcasar-conf.sh -create) : create the configuration files backup (/var/tmp/alcasar-conf.tar.gz) |
# - (alcasar-conf.sh -load) : load the backup of configuration files. If needed, it's here we update files between versions |
# - (alcasar-conf.sh -load) : apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf". Can be use after changes of conf file values. |
|
DIR_UPDATE="/var/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour |
DIR_WEB="/var/www/html" # répertoire du centre de gestion |
241,7 → 241,6 |
if [[ "$PUBLIC_IP_MASK" == "dhcp" ]] |
then |
PUBLIC_GATEWAY="dhcp" |
|
else |
if ! echo $PUBLIC_IP_MASK | egrep -q $PTN |
then |
286,7 → 285,6 |
else |
$DIR_BIN/alcasar-dhcp.sh --on |
fi |
|
# Set the local DNS (or not) |
if [ "$INT_DNS_mode" = "on" ] || [ "$INT_DNS_mode" = "On" ] || [ "$INT_DNS_mode" = "ON" ] |
then |
294,7 → 292,6 |
else |
$DIR_BIN/alcasar-dns-local.sh --off |
fi |
|
# Set the pure ip option (or not) |
if [ "$BL_PUREIP" = "off" ] || [ "$BL_PUREIP" = "Off" ] || [ "$BL_PUREIP" = "OFF" ] |
then |
302,7 → 299,6 |
else |
bl_filter_param+="--pureip_on" |
fi |
|
# Set the safesearch options (or not) |
bl_filter_param="" |
if [ "$BL_SAFESEARCH" = "on" ] || [ "$BL_SAFESEARCH" = "On" ] || [ "$BL_SAFESEARCH" = "ON" ] |
311,9 → 307,7 |
else |
bl_filter_param+="--safesearch_off " |
fi |
|
$DIR_BIN/alcasar-url_filter_bl.sh $bl_filter_param |
|
if [ "$WL_SAFESEARCH" = "on" ] || [ "$WL_SAFESEARCH" = "On" ] || [ "$WL_SAFESEARCH" = "ON" ] |
then |
$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_on |
320,10 → 314,8 |
else |
$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_off |
fi |
|
# Reload the local dns configuration |
$DIR_BIN/alcasar-dns-local.sh --reload |
|
# Logout everybody |
$DIR_BIN/alcasar-logout.sh all |
# Services stop |
399,7 → 391,7 |
$SED "s?^server\.bind.*?server\.bind = \"$PRIVATE_IP\"?g" /etc/lighttpd/lighttpd.conf |
$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$PRIVATE_IP"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf |
$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$PRIVATE_IP\"/g" /etc/lighttpd/vhosts.d/alcasar.conf |
# FreeRADIUS Web |
# FreeRADIUS |
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf |
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf |
# CoovaChilli |
424,7 → 416,6 |
rm -f /etc/unbound/conf.d/{forward,blacklist,whitelist,blackhole}/iface.* |
rm -f /etc/unbound/conf.d/common/forward-zone.conf |
find /etc/unbound/conf.d/common/local-dns/ ! -name "global.conf" -type f -delete |
|
# Configuration file for the dns servers forward-zone |
cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf |
forward-zone: |
432,7 → 423,6 |
forward-addr: $DNS1 |
forward-addr: $DNS2 |
EOF |
|
# Configuration file of ALCASAR main domains for $INTIF |
cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf |
server: |
441,13 → 431,11 |
local-zone: "$HOSTNAME" static |
local-data: "$HOSTNAME A $PRIVATE_IP" |
EOF |
|
# Configuration file for lo of forward unbound |
cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf |
server: |
interface: 127.0.0.1@53 |
access-control-view: 127.0.0.1/8 lo |
|
view: |
name: "lo" |
view-first: yes |
458,7 → 446,6 |
local-zone: "$DOMAIN." static |
local-data: "$DOMAIN. A" |
EOF |
|
if [ "$HOSTNAME" != 'alcasar' ] |
then |
echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf |
466,7 → 453,6 |
echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf |
echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf |
fi |
|
# Configuration file for $INTIF of forward unbound |
cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf |
server: |
477,7 → 463,6 |
name: "$INTIF" |
view-first: yes |
EOF |
|
# Configuration file for $INTIF of blacklist unbound |
cat << EOF > /etc/unbound/conf.d/blacklist/iface.${INTIF}.conf |
server: |
487,7 → 472,6 |
access-control-tag-action: $PRIVATE_IP_MASK "blacklist" redirect |
access-control-tag-data: $PRIVATE_IP_MASK "blacklist" "A $PRIVATE_IP" |
EOF |
|
# Configuration file for $INTIF of whitelist unbound |
cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf |
server: |
497,19 → 481,16 |
access-control-tag-action: $PRIVATE_IP_MASK "whitelist" redirect |
access-control-tag-data: $PRIVATE_IP_MASK "whitelist" "A $PRIVATE_IP" |
EOF |
|
# Configuration file for $INTIF of blackhole unbound |
cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf |
server: |
interface: ${PRIVATE_IP}@56 |
access-control-view: $PRIVATE_NETWORK_MASK $INTIF |
|
view: |
name: "$INTIF" |
local-zone: "." redirect |
local-data: ". A $PRIVATE_IP" |
EOF |
|
# dhcpd |
cat <<EOF > /etc/dhcpd.conf |
ddns-update-style none; |
517,7 → 498,6 |
option routers $PRIVATE_IP; |
option subnet-mask $PRIVATE_NETMASK; |
option domain-name-servers $PRIVATE_IP; |
|
range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP; |
default-lease-time 21600; |
max-lease-time 43200; |