| /scripts/sbin/alcasar-uninstall.sh |
|---|
| 0,0 → 1,228 |
| #!/bin/bash |
| # $Id$ |
| # alcasar-uninstall.sh |
| # by Franck BOUIJOUX, Pascal LEVANT and Richard REY |
| # This script is distributed under the Gnu General Public License (GPL) |
| # Désisntallation d'ALCASAR |
| # Uninstall ALCASAR |
| SED="/bin/sed -i" |
| clear |
| echo "-----------------------------------------------------------------------------" |
| echo "** Uninstall/Update ALCASAR **" |
| echo "-----------------------------------------------------------------------------" |
| echo |
| #services_stop |
| for i in squid ntpd iptables ulogd dansguardian chilli httpd radiusd freshclam havp dnsmasq mysqld named dhcpd |
| do |
| [ -e /etc/init.d/$i ] && /sbin/chkconfig --del $i && /etc/init.d/$i stop && killall $i 2>/dev/null |
| done |
| echo "Stop ALCASAR main functions : " |
| #init |
| echo -en "\n- init(1) : " |
| #les fichiers situés dans /usr/local/ seront supprimés à la fin car encore utiles ici |
| rm -f /root/ALCASAR* && echo -n "1" |
| sleep 1 |
| # gestion |
| echo -en "\n- gestion(7) : " |
| [ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, " |
| [ -e /etc/httpd/conf/httpd.conf.default ] && mv /etc/httpd/conf/httpd.conf.default /etc/httpd/conf/httpd.conf && echo -n "2, " |
| [ -e /etc/php.ini.default ] && mv /etc/php.ini.default /etc/php.ini && echo -n "3, " |
| [ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL && echo -n "4, " |
| if [ -d /usr/local/etc/digest ] # v >= 2.0 |
| then rm -rf /usr/local/etc/digest && echo -n "5, " |
| else echo -n "5, " |
| fi |
| [ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf && echo -n "6, " |
| [ -e /var/www/error/include/bottom.html.default ] && mv /var/www/error/include/bottom.html.default /var/www/error/include/bottom.html && echo -n "7" |
| sleep 1 |
| # CA |
| echo -en "\n- AC(4) : " |
| [ -e /etc/pki/CA/alcasar-ca.crt ] && rm -f /etc/pki/CA/alcasar-ca.crt && echo -n "1, " |
| [ -e /etc/pki/CA/private/alcasar-ca.key ] && rm -f /etc/pki/CA/private/alcasar-ca.key && echo -n "2, " |
| [ -e /etc/pki/tls/certs/alcasar.crt ] && rm -f /etc/pki/tls/certs/alcasar.crt && echo -n "3, " |
| [ -e /etc/pki/tls/private/alcasar.key ] && rm -f /etc/pki/tls/private/alcasar.key && echo -n "4" |
| sleep 1 |
| #init_db |
| echo -en "\n- init_db(2) : " |
| [ -e /etc/my.cnf.default ] && mv -f /etc/my.cnf.default /etc/my.cnf && echo -n "1, " |
| [ -e /etc/init.d/mysqld.default ] && mv -f /etc/init.d/mysqld.default /etc/init.d/mysqld && echo -n "2" |
| rm -rf /var/lib/mysql* |
| sleep 1 |
| #param_radius |
| echo -en "\n- param_radius(7) : " |
| [ -e /etc/raddb/radiusd-db-vierge.sql ] && rm -f /etc/raddb/radiusd-db-vierge.sql && echo -n "1, " |
| [ -e /etc/raddb/radiusd.conf.default ] && mv /etc/raddb/radiusd.conf.default /etc/raddb/radiusd.conf && echo -n "2, " |
| [ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar && echo -n "3, " |
| [ -e /etc/raddb/sites-available/alcasar ] && rm /etc/raddb/sites-available/alcasar && echo -n "4, " |
| [ -e /etc/raddb/clients.conf.default ] && mv /etc/raddb/clients.conf.default /etc/raddb/clients.conf && echo -n "5, " |
| [ -e /etc/raddb/sql.conf.default ] && mv /etc/raddb/sql.conf.default /etc/raddb/sql.conf && echo -n "6, " |
| [ -e /etc/raddb/sql/mysql/dialup.conf.default ] && mv /etc/raddb/sql/mysql/dialup.conf.default /etc/raddb/sql/mysql/dialup.conf && echo -n "7" |
| #plugin_ldap |
| [ -e /etc/raddb/ldap.attrmap.default ] && mv /etc/raddb/ldap.attrmap.default /etc/raddb/ldap.attrmap |
| [ -e /etc/raddb/ldap.default ] && mv /etc/raddb/ldap.default /etc/raddb/modules/ldap |
| sleep 1 |
| #param_web_radius |
| echo -en "\n- param_web_radius(3) : " |
| [ -e /etc/freeradius-web/admin.conf.default ] && mv /etc/freeradius-web/admin.conf.default /etc/freeradius-web/admin.conf && echo -n "1, " |
| [ -e /etc/freeradius-web/naslist.conf ] && rm /etc/freeradius-web/naslist.conf && echo -n "2, " |
| [ -e /etc/freeradius-web/user_edit.attrs.default ] && mv /etc/freeradius-web/user_edit.attrs.default /etc/freeradius-web/user_edit.attrs && echo -n "3" |
| sleep 1 |
| #param_chilli |
| [ -e /etc/chilli/alcasar-macallowed ] && rm /etc/chilli/alcasar-macallowed # if 2.7 and later, macallowed is replaced with macauth |
| if [ -e /etc/chilli.conf.default ] # >= V2.0 |
| then |
| echo -en "\n- param_chilli(2) : " |
| [ -e /etc/init.d/chilli.default ] && mv /etc/init.d/chilli.default /etc/init.d/chilli && echo -n "1, " |
| [ -e /etc/chilli.conf.default ] && mv /etc/chilli.conf.default /etc/chilli.conf && echo -n "2" |
| else # < V2.0 |
| echo -en "\n- param_chilli(5) : " |
| [ -e /etc/chilli/functions.default ] && mv /etc/chilli/functions.default /etc/chilli/functions && echo -n "1, " |
| [ -e /etc/chilli/config ] && rm /etc/chilli/config && echo -n "2, " |
| [ -e /etc/chilli/alcasar-uamallowed ] && rm /etc/chilli/alcasar-uamallowed && echo -n "3, " |
| [ -e /etc/chilli/alcasar-uamdomain ] && rm /etc/chilli/alcasar-uamdomain && echo -n "4, " |
| [ -e /etc/init.d/chilli.default ] && mv /etc/init.d/chilli.default /etc/init.d/chilli && echo -n "5" |
| fi |
| sleep 1 |
| #param_squid |
| echo -en "\n- param_squid(2) : " |
| [ -e /etc/squid/squid.conf.default ] && mv /etc/squid/squid.conf.default /etc/squid/squid.conf && echo -n "1, " |
| [ `ls /var/spool/squid/|wc -l` -ne "0" ] && rm -rf /var/spool/squid/* && echo -n "2" |
| #param_dansguardian |
| echo -en "\n- param_dansguardian(8) : " |
| [ -d /var/dansguardian ] && rm -rf /var/dansguardian && echo -n "1, " |
| [ -e /etc/dansguardian/dansguardian.conf.default ] && mv /etc/dansguardian/dansguardian.conf.default /etc/dansguardian/dansguardian.conf && echo -n "2, " |
| [ -e /etc/dansguardian/lists/bannedphraselist.default ] && mv /etc/dansguardian/lists/bannedphraselist.default /etc/dansguardian/lists/bannedphraselist && echo -n "3, " |
| [ -e /etc/dansguardian/dansguardianf1.conf.default ] && mv /etc/dansguardian/dansguardianf1.conf.default /etc/dansguardian/dansguardianf1.conf && echo -n "4, " |
| [ -e /etc/dansguardian/lists/bannedextensionlist.default ] && mv /etc/dansguardian/lists/bannedextensionlist.default /etc/dansguardian/lists/bannedextensionlist && echo -n "5, " |
| [ -e /etc/dansguardian/lists/bannedmimetypelist.default ] && mv /etc/dansguardian/lists/bannedmimetypelist.default /etc/dansguardian/lists/bannedmimetypelist && echo -n "6, " |
| [ -e /etc/dansguardian/lists/exceptioniplist.default ] && mv /etc/dansguardian/lists/exceptioniplist.default /etc/dansguardian/lists/exceptioniplist && echo -n "7, " |
| [ -e /etc/dansguardian/lists/bannedsitelist.default ] && mv /etc/dansguardian/lists/bannedsitelist.default /etc/dansguardian/lists/bannedsitelist && echo -n "8" |
| sleep 1 |
| #antivirus |
| echo -en "\n- antivirus(2) : " |
| if [ -e /etc/init.d/havp ] |
| then |
| [ -e /etc/havp/havp.config.default ] && mv /etc/havp/havp.config.default /etc/havp/havp.config && echo -n "1, " |
| userdel -r havp 2>/dev/null && echo -n "2" |
| [ `grep havp /etc/fstab|wc -l` -ne "0" ] && $SED "/havp/d" /etc/fstab # anciennes versions (mémoire tampon sur disque) |
| else echo -n "uninstalled" |
| fi |
| sleep 1 |
| #param_ulogd |
| echo -en "\n- ulogd(2) : " |
| if [ -e /etc/init.d/ulogd.default ] |
| then |
| mv -f /etc/init.d/ulogd.default /etc/init.d/ulogd && echo -n "1, " |
| rm -f /etc/ulogd-* && echo -n "2" |
| else echo -n "nothing to do" |
| fi |
| sleep 1 |
| #awstats |
| echo -en "\n- awstats(1) : " |
| [ -e /etc/awstats/awstats.conf.default ] && mv /etc/awstats/awstats.conf.default /etc/awstats/awstats.conf && echo -n "1" |
| sleep 1 |
| #DnsMasq |
| echo -en "\n- dnsmasq(4) : " |
| if [ -e /etc/init.d/dnsmasq ] |
| then |
| [ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf && echo -n "1, " |
| [ -e /etc/dnsmasq-blackhole.conf ] && rm -f /etc/dnsmasq-blackhole.conf && echo -n "2, " |
| [ -d /etc/dnsmasq.d ] && rm -rf /etc/dnsmasq.d |
| [ -e /etc/init.d/dnsmasq.default ] && mv /etc/init.d/dnsmasq.default /etc/init.d/dnsmasq && echo -n "3, " |
| [ -e /etc/sysconfig/dnsmasq.default ] && mv /etc/sysconfig/dnsmasq.default /etc/sysconfig/dnsmasq && echo -n "4" |
| else echo -n "uninstalled" |
| fi |
| sleep 1 |
| #Bind |
| echo -en "\n- bind(1) : " |
| if [ -e /etc/init.d/named ] |
| then |
| /usr/sbin/urpme --auto bind --auto-orphans && echo -n "1" |
| else echo -n "uninstalled" |
| fi |
| sleep 1 |
| #dhcpd |
| echo -en "\n- dhcp-server(1) : " |
| if [ -e /etc/init.d/dhcpd ] |
| then |
| /usr/sbin/urpme --auto dhcp-server --auto-orphans && echo -n "1" |
| else echo -n "uninstalled" |
| fi |
| sleep 1 |
| #cron |
| echo -en "\n- cron(10) : " |
| [ -e /etc/crontab.default ] && mv /etc/crontab.default /etc/crontab && echo -n "1, " |
| [ -e /etc/anacrontab.default ] && mv /etc/anacrontab.default /etc/anacrontab && echo -n "2, " |
| [ -e /etc/cron.d/alcasar-mysql ] && rm -f /etc/cron.d/alcasar-mysql && echo -n "3, " |
| [ -e /etc/cron.d/alcasar-export_log ] && rm -f /etc/cron.d/alcasar-export_log && echo -n "4, " |
| [ -e /etc/cron.d/alcasar-clean_log ] && rm -f /etc/cron.d/alcasar-clean_log && echo -n "5, " |
| [ -e /etc/cron.d/alcasar-clean_import ] && rm -f /etc/cron.d/alcasar-clean_import && echo -n "6, " |
| [ -e /etc/cron.d/alcasar-distrib-updates ] && rm -f /etc/cron.d/alcasar-distrib-updates && echo -n "7, " |
| [ -e /etc/cron.d/awstats ] && rm -f /etc/cron.d/awstats && echo -n "8, " |
| [ -e /etc/cron.d/freeradius-web ] && rm -f /etc/cron.d/freeradius-web && echo -n "9, " |
| [ -e /etc/cron.d/alcasar-watchdog ] && rm -f /etc/cron.d/alcasar-watchdog && echo -n "10" |
| rm -f /etc/cron.d/coova /etc/cron.d/alcasar-bl_download |
| sleep 1 |
| # network |
| echo -en "\n- network(9) : " |
| hostname localhost |
| /sbin/ifdown eth0 |
| [ -e /etc/sysconfig/network-scripts/default-ifcfg-eth0 ] && mv /etc/sysconfig/network-scripts/default-ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0 && echo -n "1, " |
| [ -e /etc/sysconfig/network.default ] && mv /etc/sysconfig/network.default /etc/sysconfig/network && echo -n "2, " |
| [ -e /etc/hosts.default ] && mv /etc/hosts.default /etc/hosts && echo -n "3, " |
| [ -e /etc/sysconfig/network-scripts/ifcfg-eth1 ] && rm -f /etc/sysconfig/network-scripts/ifcfg-eth1 && echo -n "4, " |
| [ -e /etc/ntp.conf.default ] && mv /etc/ntp.conf.default /etc/ntp.conf && echo -n "5, " |
| [ -e /etc/hosts.allow.default ] && mv /etc/hosts.allow.default /etc/hosts.allow && echo -n "6, " |
| [ -e /etc/hosts.deny.default ] && mv /etc/hosts.deny.default /etc/hosts.deny && echo -n "7, " |
| [ -e /etc/sysconfig/iptables ] && rm -f /etc/sysconfig/iptables && echo -n "8, " |
| [ -e /etc/modprobe.preload.default ] && mv /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "9" |
| echo |
| /sbin/ifup eth0 |
| sleep 1 |
| #post_install |
| echo -en "\n- post_install(11) : " |
| [ -e /etc/mageia-release.default ] && mv /etc/mageia-release.default /etc/mageia-release && echo -n "1, " |
| [ -e /etc/ssh/alcasar-banner-ssh ] && rm -f /etc/ssh/alcasar-banner-ssh && echo -n "2, " |
| [ -e /etc/ssh/sshd_config.default ] && mv /etc/ssh/sshd_config.default /etc/ssh/sshd_config && echo -n "3, " |
| [ -e /etc/bashrc.default ] && mv /etc/bashrc.default /etc/bashrc && echo -n "4, " |
| [ -e /etc/sudoers.default ] && mv /etc/sudoers.default /etc/sudoers && echo -n "5, " |
| [ -e /etc/logrotate.d/mysqld ] && rm -f /etc/logrotate.d/mysqld && echo -n "6, " |
| [ -e /etc/logrotate.d/httpd ] && rm -f /etc/logrotate.d/httpd && echo -n "7, " |
| [ -e /etc/logrotate.d/squid ] && rm -f /etc/logrotate.d/squid && echo -n "8, " |
| [ -e /etc/logrotate.d/radiusd ] && rm -f /etc/logrotate.d/radiusd && echo -n "9, " |
| [ -e /etc/logrotate.d/ulogd ] && rm -f /etc/logrotate.d/ulogd && echo -n "10, " |
| [ -e /etc/logrotate.d/dnsmasq ] && rm -f /etc/logrotate.d/dnsmasq && echo -n "11" |
| sleep 1 |
| #nettoyage (on retire les services supprimés ou remplacés dans la nouvelle version) |
| echo -en "\n- cleaning() : " |
| for rm_fic in /usr/local/bin /usr/local/sbin /usr/local/etc |
| do |
| rm -rf $rm_fic/alcasar* |
| done |
| echo |
| # suppression des exceptions de mises à jours ( coova-chilli et freeradius) |
| sed -i '/coova.*/d' /etc/urpmi/skip.list |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-dhcp.sh |
|---|
| 0,0 → 1,116 |
| #/bin/bash |
| # $Id$ |
| # alcasar-dhcp.sh |
| # by Rexy |
| # This script is distributed under the Gnu General Public License (GPL) |
| # active ou desactive le service DHCP sur le réseau de consultation |
| # enable or disable the DHCP service on consultation LAN |
| SED="/bin/sed -i" |
| CHILLI_CONF_FILE="/etc/chilli.conf" |
| ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf" |
| DNSMASQ_CONF_FILE="/etc/dnsmasq.conf" |
| # define DHCP parameters (LAN side) |
| PRIVATE_IP_MASK=`grep PRIVATE_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` |
| PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` |
| PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24) |
| PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` |
| PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` |
| PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` |
| PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24 |
| classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # ie.: 2=classe B, 3=classe C |
| PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255) |
| private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address |
| private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast |
| PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1) |
| PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254) |
| PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX |
| tmp_mask=`echo $PRIVATE_NETWORK_MASK|cut -d"/" -f2`; half_mask=`expr $tmp_mask + 1` # masque du 1/2 réseau de consultation (ex.: 25) |
| PRIVATE_STAT_IP=$PRIVATE_NETWORK/$half_mask # plage des adresses statiques (ex.: 192.168.182.0/25) |
| private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # dernier octet de l'@ de réseau |
| private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # dernier octet de l'@ de broadcast |
| private_plage=`expr $private_broadcast_ending - $private_network_ending + 1` |
| private_half_plage=`expr $private_plage / 2` |
| private_dyn=`expr $private_half_plage + $private_network_ending` |
| private_dyn_ip_network=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`"."$private_dyn"."`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup_sup-5` |
| PRIVATE_DYN_IP=`echo $private_dyn_ip_network | cut -d"." -f1-4`/$half_mask # @ réseau (CIDR) de la plage des adresses dynamiques (ex.: 192.168.182.128/25) |
| private_dyn_ip_ending=`echo $private_dyn_ip_network | cut -d"." -f4` |
| PRIVATE_DYN_FIRST_IP=`echo $private_dyn_ip_network | cut -d"." -f1-3`"."`expr $private_dyn_ip_ending + 1` # 1ère adresse de la plage dynamique (ex.: 192.168.182.129) |
| PRIVATE_DYN_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # dernière adresse de la plage dynamique (ex.: 192.168.182.254) |
| EXT_DHCP_IP=`grep EXT_DHCP_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse du serveur DHCP externe |
| RELAY_DHCP_IP=`grep RELAY_DHCP_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse de l'agent Relay : IP interne (défaut 192.168.182.1) dans le cas de DHCP dans le LAN de consultation |
| RELAY_DHCP_IP=${RELAY_DHCP_IP:=$PRIVATE_IP} # IP externe (défaut x.y.z.t) dans le cas de DHCP du côté eth0 ( WAN) |
| RELAY_DHCP_PORT=`grep RELAY_DHCP_PORT $ALCASAR_CONF_FILE|cut -d"=" -f2` # Port de redirection vers le relay DHCP : 67 par défaut |
| RELAY_DHCP_PORT=${RELAY_DHCP_PORT:=67} |
| usage="Usage: alcasar-dhcp.sh {--full | -full} | {--off | -off} | {--half | -half}" |
| nb_args=$# |
| args=$1 |
| if [ $nb_args -eq 0 ] |
| then |
| echo "$usage" |
| exit 1 |
| fi |
| case $args in |
| -\? | -h | --h) |
| echo "$usage" |
| exit 0 |
| ;; |
| --off|-off) # disable DHCP service |
| $SED "s?.*statip.*?statip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
| $SED "s?^#nodynip.*?nodynip?g" $CHILLI_CONF_FILE |
| $SED "s?^dynip.*?#dynip?g" $CHILLI_CONF_FILE |
| $SED "s?^#dynip.*?#dynip?g" $CHILLI_CONF_FILE |
| $SED "s?^DHCP.*?DHCP=off?g" $ALCASAR_CONF_FILE |
| if [ "$EXT_DHCP_IP" != "none" ] |
| then |
| $SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
| $SED "s?.*dhcprelayagent.*?dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
| $SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
| else |
| $SED "s?.*dhcpgateway.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
| $SED "s?.*dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
| $SED "s?.*dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
| fi |
| /etc/init.d/chilli restart |
| ;; |
| --full|-full) # enable DHCP service on all range of IP addresses |
| $SED "s?^.*statip.*?#statip?g" $CHILLI_CONF_FILE |
| $SED "s?^nodynip.*?#nodynip?g" $CHILLI_CONF_FILE |
| $SED "s?^DHCP.*?DHCP=full?g" $ALCASAR_CONF_FILE |
| $SED "s?^dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
| $SED "s?^#dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
| $SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE |
| $SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
| $SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
| $SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
| $SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=none?g" $ALCASAR_CONF_FILE |
| $SED "s?^RELAY_DHCP_IP.*?RELAY_DHCP_IP=none?g" $ALCASAR_CONF_FILE |
| $SED "s?^RELAY_DHCP_PORT.*?RELAY_DHCP_PORT=none?g" $ALCASAR_CONF_FILE |
| /etc/init.d/chilli restart |
| ;; |
| --half|-half) # enable DHCP service on half (upper) range of IP addresses |
| $SED "s?.*statip.*?statip\t\t$PRIVATE_STAT_IP?g" $CHILLI_CONF_FILE |
| $SED "s?^nodynip.*?#nodynip?g" $CHILLI_CONF_FILE |
| $SED "s?^DHCP.*?DHCP=half?g" $ALCASAR_CONF_FILE |
| $SED "s?^dynip.*?dynip\t\t$PRIVATE_DYN_IP?g" $CHILLI_CONF_FILE |
| $SED "s?^#dynip.*?dynip\t\t$PRIVATE_DYN_IP?g" $CHILLI_CONF_FILE |
| $SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_DYN_FIRST_IP,$PRIVATE_DYN_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE |
| $SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
| $SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
| $SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
| $SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=none?g" $ALCASAR_CONF_FILE |
| $SED "s?^RELAY_DHCP_IP.*?RELAY_DHCP_IP=none?g" $ALCASAR_CONF_FILE |
| $SED "s?^RELAY_DHCP_PORT.*?RELAY_DHCP_PORT=none?g" $ALCASAR_CONF_FILE |
| /etc/init.d/chilli restart |
| ;; |
| *) |
| echo "Argument inconnu :$1"; |
| echo "$usage" |
| exit 1 |
| ;; |
| esac |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-load_balancing.sh |
|---|
| 0,0 → 1,406 |
| #!/bin/bash |
| # $Id$ |
| # Generic Load balancer for multiple WAN links - version 1.1 (04 Feb 2011) |
| # (c) 2011 Pau Oliva Fora - http://pof.eslack.org |
| # |
| # Licensed under GPLv3 - for full terms see: |
| # http://www.gnu.org/licenses/gpl-3.0.html |
| # |
| # Adapted and debugged (adr et ping -S) by ALCASAR Team (3abtux@alcasar.net) |
| # (c) 2013 3abtux - http://www.alcasar.net |
| # |
| # Specify each WAN link in a separate column, example: |
| # In this example we have 3 wan links (vlanXXX interfaces) attached to a single |
| # physical interface because we use a vlan-enabled switch between the balancer |
| # machine and the ADSL routers we want to balance. The weight parameter should |
| # be kept to a low integer. |
| # |
| # |
| # Modified by ALCASAR team : |
| prog="alcasar-load_balancing.sh" |
| pidfile="/var/run/alcasar-load_balancing.pid" |
| ############################### |
| # MAIN PARAMETERs Configuration |
| ############################### |
| DIR_ETC="/usr/local/etc" |
| CONF_FILE="$DIR_ETC/alcasar.conf" |
| MULTIWAN=`grep MULTIWAN= $CONF_FILE|cut -d"=" -f2` |
| MULTIWAN=${MULTIWAN:=off} |
| FAILOVER=`grep FAILOVER= $CONF_FILE|cut -d"=" -f2` |
| FAILOVER=${FAILOVER:=30} |
| # space separated list of public IPs to ping in watchdog mode |
| # set this to some public ip addresses pingable and always on. |
| TESTIPS="8.8.8.8 192.0.32.10" |
| # set to 1 when testing, set to 0 when happy with the results |
| VERBOSE=0 |
| # CONFIGURATION ENDS HERE |
| ############################### |
| if [ $(whoami) != "root" ]; then |
| echo "You must be root to run this!" ; echo ; exit 1 |
| fi |
| # Adapter for ALCASAR project |
| CONF_FILE="/usr/local/etc/alcasar.conf" |
| # Virtual interfaces creating |
| function create_eth () { |
| routecmd="ip route replace default scope global" |
| NBIFACE=`grep "^WAN" $CONF_FILE | wc -l` # Nbre interfaces virtuelles |
| i=0 |
| while [ $i -le $NBIFACE ] |
| do |
| INT="WAN$i" |
| echo $INT |
| ACTIVE=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $1}'` # Active |
| WT=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # WEIGHT |
| WT=${WT:-1} |
| IP=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $3}' | cut -d"/" -f1` # @IP |
| if [ $i -ne 0 ]; then |
| [ -e /etc/sysconfig/network-scripts/ifcfg-eth0:$i ] && ifdown eth0:$i && rm -f /etc/sysconfig/network-scripts/ifcfg-eth0:$i |
| IFACE=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $2}'` # IFACE |
| IP_NET=`grep "^$INT=" $CONF_FILE | awk -F'"' '{print $2}' | awk -F, '{ print $3}'` # IP |
| NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`" |
| GW=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW |
| MTU=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $6}'` # MTU |
| # Config eth0:$i (Internet) |
| cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-eth0:$i |
| DEVICE=$IFACE |
| BOOTPROTO=static |
| IPADDR=`echo $IP | cut -d"/" -f1` |
| NETMASK=`ipcalc -m $IP_NET | cut -d= -f2` |
| NETWORK=`ipcalc -n $IP_NET | cut -d= -f2` |
| MTU=$MTU |
| ONBOOT=yes |
| NOZEROCONF=yes |
| MII_NOT_SUPPORTED=yes |
| IPV6INIT=no |
| IPV6TO4INIT=no |
| ACCOUNTING=no |
| USERCTL=no |
| EOF |
| echo "ifup eth0:$i" |
| ifup eth0:$i |
| NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`" |
| else |
| IFACE="eth0" |
| IP_NET=`grep "^PUBLIC_IP=" $CONF_FILE | awk -F'=' '{print $2}'` # IP/MSK |
| IP=`grep "^PUBLIC_IP=" $CONF_FILE | awk -F= '{ print $2 }' | cut -d"/" -f1` # @IP |
| GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW |
| # MTU=`grep "^PUBLIC_MTU=" $CONF_FILE | awk -F= '{print $2}'` # MTU |
| fi # End |
| NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`" |
| if [ "$PARAM" == "add" ]; then |
| set -x |
| table=$(($i + 1)) |
| ip route ${PARAM} ${NET} dev ${IFACE} src ${IP} table $table |
| ip route ${PARAM} default via ${GW} table $table |
| ip rule ${PARAM} from ${IP} table $table |
| set +x |
| fi |
| echo " Iface: ${IFACE}" |
| echo " IP: ${IP}" |
| echo " IP_NET: ${IP_NET}" |
| echo " NET: ${NET}" |
| echo " GW: ${GW}" |
| echo " Weight: ${WT}" |
| echo " MTU : ${MTU}" |
| echo |
| routecmd="${routecmd} nexthop via ${GW} dev ${IFACE} weight ${WT}" |
| i=$(($i + 1)) |
| done # End While |
| if [ "$PARAM" == "add" ]; then |
| echo "[] Balanced routing:" |
| # suppress default route |
| ip route del default scope global |
| set -x |
| ${routecmd} |
| set +x |
| echo |
| fi |
| } # end create_eth |
| ########################### |
| # Fonction virtual Interfaces deleting |
| ########################### |
| delete_eth () { |
| IFACE_COUNT=`ls -l /etc/sysconfig/network-scripts/ifcfg-eth0:* | wc -l` |
| echo $IFACE_COUNT |
| while [ $IFACE_COUNT -ne 0 ] |
| do |
| i=$IFACE_COUNT |
| echo "ifdown eth0:$i" |
| ifdown eth0:$i |
| rm -f /etc/sysconfig/network-scripts/ifcfg-eth0:$i |
| IFACE_COUNT=$(($IFACE_COUNT - 1)) |
| done |
| ip route del default scope global |
| # ip route add default gw 192.168.1.1 |
| } |
| # do not modify below this line unless you know what you're doing :) |
| function getvalue() { |
| index=$1 |
| VAR=$2 |
| n=1 |
| for f in ${VAR} ; do |
| if [ "${n}" == "${index}" ]; then |
| echo "$f" |
| break |
| fi |
| n=$(($n++)) |
| done |
| } |
| ###################### |
| # Fonction de FailOver |
| ###################### |
| function failover () { |
| echo "[] Watchdog started" |
| # 0 == all links ok, 1 == some link down |
| STATE=0 |
| DOWNCOUNT_BAK=0 |
| DOWN_BAK="" |
| NBIFACE=`grep "^WAN" $CONF_FILE | wc -l` # Nbre interfaces virtuelles |
| echo "Nombre interfaces = "$NBIFACE |
| WANIFACE[0]="eth0" # eth0 par défaut |
| c=0 |
| while [ $c -le $NBIFACE ]; do |
| ITH=(`grep "WAN$c=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $2}'`) # IFACE |
| echo $ITH |
| WANIFACE="${WANIFACE} $ITH" |
| echo $WANIFACE |
| c=$(($c + 1)) |
| done |
| echo "Liste des interfaces : "${WANIFACE[*]} |
| # Failover test |
| while : ; do |
| if [ $VERBOSE -eq 1 ]; then |
| echo "[] Sleeping, state=$STATE" |
| fi |
| sleep $FAILOVER |
| IFINDEX=1 |
| DOWN="" # liste des interfaces down |
| DOWNCOUNT=0 # nombre d'interface down |
| for iface in $WANIFACE ; do |
| COUNT=0 # compteur de test |
| FAIL=0 # Nombre de fois down |
| # Recup de l'adresse IP dynamiquement A tester avec le tableau ... ip=${ETH[$i:2]} basé sur iface=${ETH[$i:1]} |
| IP=`ifconfig $iface |grep "inet adr" |cut -f 2 -d ":" |awk '{print $1}'` |
| if [ $i -ne 0 ]; then |
| GW=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW |
| WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @WT |
| else |
| GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW |
| fi |
| for TESTIP in $TESTIPS ; do |
| COUNT=$(($COUNT + 1)) |
| ping -W 3 -I $IP -c 1 $TESTIP > /dev/null 2>&1 |
| # ping -W 3 -I $IP -c 1 $TESTIP |
| # Si ping de la première adresse --> ok --> stop du test pour l'interface testée |
| if [ $? -eq 0 ]; then |
| break |
| else |
| # sinon on compte une erreur |
| FAIL=$(($FAIL + 1)) |
| fi |
| done # End of test sur un serveur Internet |
| # Affichage du nombre de down |
| echo "FAIL=$FAIL" |
| # Si nombre de fois down = nombre de tests --> Iface down --> log dans fichier log avec l'heure |
| if [ $FAIL -eq $COUNT ]; then |
| echo "`date +%F-%Hh%mm%Ss` : [WARN] $iface is down!" |
| # Si etat différent de 1 (déjà tombé) --> changement de l'état général en default |
| if [ $STATE -ne 1 ]; then |
| echo "Switching state $STATE -> 1" |
| STATE=1 |
| fi |
| # Rajout de l'iface dans la liste des interfaces down |
| DOWN="${DOWN} $IFINDEX" |
| echo "DOWN=$DOWN" |
| # Nombre d'interface down |
| DOWNCOUNT=$(($DOWNCOUNT + 1)) |
| echo "DOWNCOUNT=$DOWNCOUNT" |
| fi |
| IFINDEX=$(($IFINDEX + 1)) |
| echo "IFINDEX =$IFINDEX" |
| done # End Test Interface in WANIFACE |
| # 0 Passerelle down et état précédent différent (retour à la normale)) --> mise à la normale des passerelles |
| # if [ $DOWNCOUNT -eq 0 ] && [ $DOWNCOUNT -ne $DOWNCOUNT_BAK ]; then |
| if [ $DOWNCOUNT -eq 0 ] ; then |
| if [ $STATE -eq 1 ]; then |
| echo |
| echo "[] All links up and running :)" |
| set -x |
| ${routecmd} |
| set +x |
| # Changement de l'état en normal |
| STATE=0 |
| echo "Switching state 1 -> 0" |
| fi # End retour etat normal |
| # if no interface is down, go to the next cycle |
| continue |
| # cas ou au moins une passerelle down mais état identique au précédent Test --> rien à changer |
| else |
| if [ "$DOWN_BAK" == "$DOWN" ]; then |
| echo "DOWN_BAK == DOWN = $DOWN" |
| continue # --> état identique test precedent --> boucle suivante |
| # cas ou au moins une passerelle down mais état différent de test précédent --> remplacement par nouvelle règle |
| else |
| cmd="ip route replace default scope global" |
| IFINDEX=1 |
| suffix="" |
| # Pour chaque interface --> traitement et application de la règle de routage |
| for iface in $WANIFACE ; do |
| echo "-------------------------" |
| echo "iface=$iface" |
| echo "Index = " $IFINDEX |
| FAILIF=0 |
| # Pour chaque interface down --> |
| echo "Interfaces DOWN = $DOWN" |
| for lnkdwn in $DOWN ; do |
| echo "LINKDOWN = "$lnkdown |
| if [ $lnkdwn -eq $IFINDEX ]; then |
| FAILIF=1 |
| break |
| else |
| continue |
| fi |
| done # End linkdown in DOWN |
| # Interface en etat normal --> rajout de la règle en mode nexthop |
| if [ $FAILIF -eq 0 ]; then |
| IP=`ifconfig $iface |grep "inet adr" |cut -f 2 -d ":" |awk '{print $1}'` |
| if [ $iface != "eth0" ]; then |
| GW=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW |
| WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @GW |
| else |
| GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW |
| fi |
| echo "GW=$GW" |
| echo "WT=$WT" |
| echo "suffix=$sufix" |
| suffix="${suffix} nexthop via ${GW} dev ${iface} weight ${WT:-1}" |
| fi # End interface = noFAIL |
| IFINDEX=$(($IFINDEX + 1)) |
| done # End iface IN WANIFACE |
| # Commande globale |
| cmd="ip route replace default scope global $suffix" |
| if [ $VERBOSE -eq 1 ]; then |
| set -x |
| # echo "Avec commentaire : " ${cmd} |
| ${cmd} |
| set +x |
| echo |
| else |
| ${cmd} 2>/dev/null |
| echo ${cmd} |
| fi # end Application de la commande de routage globale |
| fi # |
| DOWN_BAK=$DOWN # Enregistrement de l'etat |
| fi # End |
| done |
| } # End of Failover |
| ################# |
| # Main |
| ################# |
| echo "[] Load balancer for multiple WAN interfaces - v2.1" |
| echo "[] (c) 2011 Pau Oliva Fora <pof> @eslack.org" |
| echo "[] (c) 2013 3abtux ALCASAR <3abtux> @alcasar.net" |
| echo |
| case $1 in |
| create) |
| create_eth |
| ;; |
| delete) |
| delete_eth |
| ;; |
| start) |
| if [ "$MULTIWAN" != "on" ] && [ "$MULTIWAN" != "On" ]; then |
| echo "The MultiGateway is not activated !" |
| exit 0 |
| fi |
| PARAM="add" |
| create_eth |
| ip route flush cache |
| if [ $FAILOVER -eq 0 ]; then |
| echo "The MultiWAN Mode is actived but not failover connectivity !" |
| exit 0 |
| fi |
| echo "Starting down $prog: " |
| pid=`pidof -x "alcasar-load_balancing.sh"` |
| if [ $pid != "" ]; then |
| echo $pid > $pidfile |
| fi |
| touch /var/lock/subsys/alcasar-load_balancing |
| failover |
| ;; |
| stop) |
| PARAM="del" |
| echo "Shutting down $prog: " |
| if [ -f $pidfile ]; then |
| pid=`cat $pidfile` |
| kill -9 $pid |
| else |
| echo "$prog is not running." |
| exit 1 |
| fi |
| RETVAL=$? |
| echo |
| [ $RETVAL -eq 0 ] && rm -f $pidfile && rm -f /var/lock/subsys/alcasar-load_balancing |
| echo "Delete of virtual interfaces" |
| delete_eth |
| echo "Network restart" |
| service network restart 2>&1 > /dev/null |
| ip route |
| ;; |
| status) |
| echo "Checking $prog : " |
| if [ -f $pidfile ]; then |
| pid=`cat $pidfile` |
| CHECK=`ps -p $pid --no-heading | awk {'printf $1'}` |
| if [ "$CHECK" = "" ]; then |
| echo "$prog is NOT running." |
| else |
| echo "$prog is running !" |
| fi |
| else |
| echo "$prog is Not running." |
| fi |
| ;; |
| fail) |
| failover |
| ;; |
| *) |
| echo "Usage: $0 [start|stop|status|create|delete]" ; echo ; exit 1 |
| ;; |
| esac |
| exit 0 |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-bl.sh |
|---|
| 0,0 → 1,240 |
| #/bin/bash |
| # $Id$ |
| # alcasar-bl.sh |
| # by Franck BOUIJOUX and Richard REY |
| # This script is distributed under the Gnu General Public License (GPL) |
| # Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian) |
| # Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian) |
| DIR_CONF="/usr/local/etc" |
| CONF_FILE="$DIR_CONF/alcasar.conf" |
| private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2` |
| private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
| PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
| DIR_tmp="/tmp/blacklists" |
| FILE_tmp="/tmp/filesfilter.txt" |
| FILE_ip_tmp="/tmp/filesipfilter.txt" |
| DIR_DG="/etc/dansguardian/lists" |
| DIR_DG_BL="$DIR_DG/blacklists" |
| BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories |
| WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" #' ' WL ' |
| BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" # ' ' BL enabled categories |
| WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled" # ' ' WL enabled categories |
| DIR_SHARE="/usr/local/share" |
| DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl" # all the BL in the DNSMASQ format |
| DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl" # all the WL ' ' ' |
| DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL |
| DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the dnsmasq BL (only enabled categories) |
| DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' ' ' |
| DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories) |
| DNSMASQ_BL_CONF="/etc/dnsmasq-blackhole.conf" # conf file of dnsmasq-blackhole |
| BL_SERVER="dsi.ut-capitole.fr" |
| SED="/bin/sed -i" |
| # enable/disable the BL & WL categories |
| function cat_choice (){ |
| rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED # cleaning for dnsmasq and iptables |
| $SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG |
| $SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines) |
| mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED |
| # process the file $BL_CATEGORIES with the choice of categories |
| for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` |
| do |
| $SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES |
| $SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES |
| ln -s $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE |
| ln -s $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE |
| echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # we let DG filters domain in order to prevent bypass by proxy http vpn ;-) |
| echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist |
| done |
| sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp |
| mv $FILE_tmp $BL_CATEGORIES |
| # process the file $WL_CATEGORIES with the choice of categories |
| for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED` |
| do |
| $SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES |
| $SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES |
| ln -s $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE |
| done |
| sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp |
| mv $FILE_tmp $WL_CATEGORIES |
| } |
| function bl_enable (){ |
| $SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf |
| if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage |
| then |
| service dansguardian restart |
| service dnsmasq restart |
| /usr/local/bin/alcasar-iptables.sh |
| fi |
| } |
| function bl_disable (){ |
| rm -rf $DIR_DNS_BL_ENABLED/* |
| $SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf |
| $SED "/google/d" $DNSMASQ_BL_CONF # remove nosslsearch server |
| $SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist # remove safe searching |
| $SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist # remove pureip browsing |
| if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage |
| then |
| service dansguardian restart |
| service dnsmasq restart |
| /usr/local/bin/alcasar-iptables.sh |
| fi |
| } |
| usage="Usage: alcasar-bl.sh { -on or --on } | { -off or --off } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload }" |
| nb_args=$# |
| args=$1 |
| if [ $nb_args -eq 0 ] |
| then |
| DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off) |
| DNS_FILTERING=${DNS_FILTERING:=off} |
| echo "Set BlackList Filtering to $DNS_FILTERING" |
| if [ $DNS_FILTERING = on ]; then |
| cat_choice |
| bl_enable |
| else |
| bl_disable |
| fi |
| exit 0 |
| fi |
| case $args in |
| -\? | -h* | --h*) |
| echo "$usage" |
| exit 0 |
| ;; |
| # enable the filtering |
| -on | --on) |
| cat_choice |
| $SED "s?^DNS_FILTERING.*?DNS_FILTERING=on?g" $CONF_FILE |
| bl_enable |
| ;; |
| # disable the filtering |
| -off | --off) |
| $SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE |
| bl_disable |
| ;; |
| # Retrieve Toulouse BL |
| -download | --download) |
| rm -rf /tmp/con_ok.html |
| `/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html` |
| if [ ! -e /tmp/con_ok.html ] |
| then |
| echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable" |
| else |
| rm -rf /tmp/con_ok.html $DIR_tmp |
| mkdir $DIR_tmp |
| wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz |
| md5sum $DIR_tmp/blacklists.tar.gz | cut -d" " -f1 > $DIR_tmp/md5sum |
| chown -R apache:apache $DIR_tmp |
| fi |
| ;; |
| # Adapt Toulouse BL to our structure (dnsmasq + DG) |
| -adapt | --adapt) |
| echo -n "Toulouse BlackList migration process. Please wait : " |
| if [ -f $DIR_tmp/blacklists.tar.gz ] |
| then |
| [ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp |
| rm -rf $DIR_DG_BL |
| mkdir $DIR_DG_BL |
| tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/ |
| [ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/ |
| rm -rf $DIR_tmp |
| fi |
| rm -f $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED |
| rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL |
| touch $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED |
| mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL |
| chown -R dansguardian:apache $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED |
| chmod -R g+w $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED |
| find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist |
| $SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix |
| for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files |
| do |
| categorie=`echo $dir_categorie|cut -d "/" -f6` |
| categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie $DIR_DG_BL/global_usage | grep ^DEFAULT_TYPE | cut -d":" -f2 | tr -d " \t"` |
| if [ "$categorie_type" == "white" ] |
| then |
| echo "$dir_categorie" >> $WL_CATEGORIES |
| echo `basename $dir_categorie` >> $WL_CATEGORIES_ENABLED # by default all WL are enabled |
| else |
| echo "$dir_categorie" >> $BL_CATEGORIES |
| fi |
| done |
| rm -f $FILE_tmp |
| # Verify that the enabled categories are effectively in the BL (need after an update of the BL) |
| for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` |
| do |
| ok=`grep /$ENABLE_CATEGORIE$ $BL_CATEGORIES|wc -l` |
| if [ $ok != "1" ] |
| then |
| $SED "/^$ENABLE_CATEGORIE$/d" $BL_CATEGORIES_ENABLED |
| fi |
| done |
| # Creation of DNSMASQ BL and WL |
| for LIST in $BL_CATEGORIES $WL_CATEGORIES # for each list (bl and wl) |
| do |
| for PATH_FILE in `cat $LIST` # for each category |
| do |
| DOMAINE=`basename $PATH_FILE` |
| echo -n "$DOMAINE, " |
| if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist |
| then |
| touch $PATH_FILE/urls |
| chown dansguardian:apache $PATH_FILE/urls |
| fi |
| $SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors |
| # retrieve the ip addresses for iptables |
| egrep "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > $FILE_ip_tmp |
| # for dnsmask, remove IP addesses, accented characters and commented lines. |
| egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > $FILE_tmp |
| $SED "/[äâëêïîöôüû]/d" $FILE_tmp |
| $SED "/^#.*/d" $FILE_tmp |
| # adapt to the dnsmasq syntax |
| $SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp |
| if [ "$LIST" == "$BL_CATEGORIES" ] |
| then |
| mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf |
| mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE |
| else |
| mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf |
| fi |
| done |
| done |
| rm -f $FILE_tmp $FILE_ip_tmp |
| echo |
| ;; |
| # reload when categories are changed |
| -reload | --reload) |
| # for DG |
| chown -R dansguardian:apache $DIR_DG_BL/ossi |
| chmod -R g+w $DIR_DG_BL/ossi |
| cat_choice |
| # for dnsmasq (rehabited domain names) |
| if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ] |
| then |
| for i in `cat $DIR_DG/exceptionsitelist` |
| do |
| $SED "/$i/d" $DIR_DNS_BL/* |
| done |
| fi |
| cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_BL/ossi.conf |
| $SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_BL/ossi.conf |
| cp -f $DIR_DG_BL/ossi/domains_wl $DIR_DNS_WL/ossi.conf |
| DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off) |
| DNS_FILTERING=${DNS_FILTERING:=off} |
| if [ $DNS_FILTERING = on ]; then |
| bl_enable |
| else |
| bl_disable |
| fi |
| ;; |
| *) |
| echo "Argument inconnu :$1"; |
| echo "$usage" |
| exit 1 |
| ;; |
| esac |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-url_filter.sh |
|---|
| 0,0 → 1,81 |
| #/bin/bash |
| # alcasar-url_filter.sh |
| # by REXY |
| # This script is distributed under the Gnu General Public License (GPL) |
| # Active / désactive : safesearch des moteurs de recherche ainsi que le filtrage Youtube |
| # Enable / disable : search engines safesearch and Youtube filtering |
| # Active / désactive : le filtrage des url contenant une adresse ip à la place d'un nom de domaine |
| # Enable / disable : filter of urls containing ip address instead of domain name |
| DIR_DG="/etc/dansguardian/lists" |
| DNSMASQ_BL_CONF="/etc/dnsmasq-blackhole.conf" |
| CONF_FILE="/usr/local/etc/alcasar.conf" |
| SED="/bin/sed -i" |
| safesearch="Off" |
| pureip="Off" |
| usage="Usage: alcasar-url_filter.sh { -safesearch_on or -safesearch_off } & { -pureip_on or --pureip_off }" |
| nb_args=$# |
| if [ $nb_args -le 1 ] |
| then |
| echo "$usage" |
| nb_args=0 |
| else |
| while [ $nb_args -ge 1 ] |
| do |
| arg=${!nb_args} |
| case $arg in |
| -\? | -h* | --h*) |
| echo "$usage" |
| exit 0 |
| ;; |
| # Safe search activation |
| -safesearch_on | --safesearch_on) |
| safesearch="On" |
| ;; |
| # Safe search desactivation |
| -safesearch_off | --safesearch_off) |
| safesearch="Off" |
| ;; |
| # pure_ip activation |
| -pureip_on | --pureip_on) |
| pureip="On" |
| ;; |
| # pureip desactivation |
| -pureip_off | --pureip_off) |
| pureip="Off" |
| ;; |
| *) |
| echo "Argument inconnu :$arg"; |
| echo "$usage" |
| exit 1 |
| ;; |
| esac |
| nb_args=$(expr $nb_args - 1) |
| done |
| if [ $safesearch == "On" ] |
| then |
| $SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # on décommente les lignes de regles |
| youtube_id=`grep YOUTUBE_ID $CONF_FILE|cut -d"=" -f2` |
| $SED "s?\&edufilter=.*?\&edufilter=$youtube_id\"?g" $DIR_DG/urlregexplist |
| # add 'nosslsearch' redirection for google searching |
| $SED "/google/d" $DNSMASQ_BL_CONF # remove old google declaration |
| nossl_server=`host -ta nosslsearch.google.com|cut -d" " -f4` # retrieve google nosslsearch ip |
| echo "# nosslsearch redirect server for google" >> $DNSMASQ_BL_CONF |
| echo "address=/www.google.com/$nossl_server" >> $DNSMASQ_BL_CONF |
| echo "address=/www.google.fr/$nossl_server" >> $DNSMASQ_BL_CONF |
| else |
| $SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist |
| $SED "/google/d" $DNSMASQ_BL_CONF |
| fi |
| if [ $pureip == "On" ] |
| then |
| $SED "s/^\#\*ip$/*ip/g" $DIR_DG/bannedsitelist |
| else |
| $SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist |
| fi |
| service dansguardian restart |
| service dnsmasq restart |
| fi |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-bypass.sh |
|---|
| 0,0 → 1,61 |
| #!/bin/bash |
| # $Id$ |
| # alcasar-bypass.sh |
| # by Franck BOUIJOUX and Richard REY |
| # This script is distributed under the Gnu General Public License (GPL) |
| # activation / désactivation du contournement de l'authentification et du filtrage WEB |
| # enable / disable the bypass of authenticate process and filtering |
| usage="Usage: alcasar-bypass.sh {--on or -on } | {--off or -off}" |
| SED="/bin/sed -i" |
| nb_args=$# |
| args=$1 |
| if [ $nb_args -eq 0 ] |
| then |
| nb_args=1 |
| args="-h" |
| fi |
| case $args in |
| -\? | -h* | --h*) |
| echo "$usage" |
| exit 0 |
| ;; |
| --on | -on) |
| # activation du contournement |
| for i in chilli dansguardian havp mysqld radiusd httpd freshclam dnsmasq squid |
| do |
| if (pgrep $i) > /dev/null ; then /etc/init.d/$i stop ; fi |
| done |
| echo "Configure eth1 ..." |
| cp /etc/sysconfig/network-scripts/default-ifcfg-eth1 /etc/sysconfig/network-scripts/ifcfg-eth1 |
| ifup eth1 |
| sh /usr/local/bin/alcasar-iptables-bypass.sh |
| echo "Configure dnsmasq ..." |
| $SED "s?^conf-dir=.*?#&?g" /etc/dnsmasq-blackhole.conf |
| $SED "s?^no-dhcp-interface=.*?#&?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf |
| /etc/init.d/dnsmasq start |
| echo "Le contournement des modules d'authentification de filtrage est activé" |
| echo "les journaux de connexions continuent néanmoins d'être enregistrés" |
| ;; |
| --off | -off) |
| # désactivation du contournement |
| if (pgrep dnsmasq) > /dev/null ; then /etc/init.d/dnsmasq stop ; fi |
| echo "Configure dnsmasq ..." |
| $SED "s?^#conf-dir=.*?conf-dir=/usr/local/share/dnsmasq-bl-enabled?g" /etc/dnsmasq-blackhole.conf |
| $SED "s?^#no-dhcp-interface=.*?no-dhcp-interface=eth1?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf |
| rm -f /etc/sysconfig/network-scripts/ifcfg-eth1 |
| for i in chilli dansguardian havp mysqld radiusd httpd freshclam dnsmasq squid |
| do |
| if ! (pgrep $i) > /dev/null ; then /etc/init.d/$i start ; fi |
| done |
| sh /usr/local/bin/alcasar-iptables.sh |
| echo "L'authentification et le filtrage sont de nouveau activés" |
| ;; |
| *) |
| echo "Argument inconnu :$1"; |
| echo "$usage" |
| exit 1 |
| ;; |
| esac |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-logout.sh |
|---|
| 0,0 → 1,54 |
| #/bin/bash |
| # $Id$ |
| # alcasar-logout.sh |
| # by Rexy |
| # This script is distributed under the Gnu General Public License (GPL) |
| # Déconnexion d'un ou de tous les usagers |
| # Logout one user (or all users) |
| radiussecret="" |
| OLDIFS=$IFS |
| IFS=$'\n' |
| usage="Usage: alcasar-logout.sh {user_name} | {all}" |
| nb_args=$# |
| args=$1 |
| if [ $nb_args -eq 0 ] |
| then |
| nb_args=1 |
| args="-h" |
| fi |
| case $args in |
| -\? | -h* | --h*) |
| echo "$usage" |
| exit 0 |
| ;; |
| all) |
| # Compute each equipments known by chilli |
| for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"` |
| do |
| logout_users="" |
| active_session=`echo $system |cut -d" " -f5` |
| active_user=`echo $system|cut -d" " -f6` |
| active_mac=`echo $system | cut -d" " -f1` |
| # Logout only authenticated users |
| if [[ $(expr $active_session) -eq 1 ]] |
| then |
| # Don't logout MAC authenticated |
| if [ "$active_mac" != "$active_user" ] |
| then |
| logout_users=$logout_users" $active_user" |
| /usr/sbin/chilli_query logout $active_mac |
| fi |
| fi |
| done |
| echo "All users are now logout : ($logout_users)" |
| ;; |
| *) |
| echo "User-Name = $args" | /usr/bin/radclient 127.0.0.1:3799 40 $radiussecret |
| ;; |
| esac |
| IFS=$OLDIFS |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-dateLog.sh |
|---|
| 0,0 → 1,36 |
| #!/bin/bash |
| # $Id$ |
| # alcasar-dateLog.sh |
| # by Franck BOUIJOUX |
| # This script is distributed under the Gnu General Public License (GPL) |
| # Permet de remettre les fichiers journaux à la date (time systeme) de leur rotation et archive (05h00) |
| # Utile lors de restauration système/copie sur le nouveau serveur pour être pris en compte |
| # par le script de nettoyage des logs |
| DIR="/var/Save/logs" |
| DIR2="/var/log/" |
| REPS="firewall squid dansguardian httpd" |
| heurelog="0500" |
| extension="gz" |
| #extension=${2:=gz} |
| function changeDate { |
| extension="gz" |
| fichier=$1 |
| echo $fichier |
| court=`basename $fichier` |
| fichierdate=${court%.$extension} |
| datelog=${fichierdate#*-} |
| touch -t $datelog$heurelog $fichier |
| chmod 640 $fichier |
| chown root:apache $fichier |
| } |
| for file in $( find $DIR $DIR2 \( -name '*.gz' \) -a \( -name '*access*log*.g*' -o -name 'firewall*.g*' -o -name 'ssl*.g*' \) ) |
| do |
| changeDate $file |
| done |
| exit 0 |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-version.sh |
|---|
| 0,0 → 1,59 |
| #!/bin/bash |
| # $Id$ |
| # alcasar-version-list.sh |
| # by Richard REY |
| # This script is distributed under the Gnu General Public License (GPL) |
| # récupère les versions d'ALCASAR (stable et développement) |
| # download the ALCASAR versions (stable / dev) |
| VERSION="/var/www/html/VERSION" |
| SITE_VERSION="version.alcasar.net" |
| MAJ="False" |
| DNS_VERSION_L=`dig $SITE_VERSION txt | grep ^$SITE_VERSION | cut -d"\"" -f2` |
| DNS_VERSION=`echo $DNS_VERSION_L|cut -d" " -f1` |
| MAJ_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f1` |
| MIN_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f2` |
| UPD_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f3` |
| RUNNING_VERSION=`cat $VERSION|cut -d" " -f1` |
| MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1` |
| MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1` |
| UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3` |
| #compare major number |
| if [ $MAJ_RUNNING_VERSION -lt $MAJ_DNS_VERSION ] |
| then |
| MAJ="True" |
| fi |
| #compare minor number |
| if [ $MAJ_RUNNING_VERSION -eq $MAJ_DNS_VERSION ] |
| then |
| if [ $MIN_RUNNING_VERSION -lt $MIN_DNS_VERSION ] |
| then |
| MAJ="True" |
| fi |
| #compare update number |
| if [ $MIN_DNS_VERSION -eq $MIN_RUNNING_VERSION ] |
| then |
| if [ -n "$UPD_DNS_VERSION" ] |
| then |
| if [ -z "$UPD_RUNNING_VERSION" ] |
| then |
| MAJ="True" |
| else |
| if [ $UPD_RUNNING_VERSION -lt $UPD_DNS_VERSION ] |
| then |
| MAJ="True" |
| fi |
| fi |
| fi |
| fi |
| fi |
| if [ $MAJ = "True" ] |
| then |
| echo "An updated version is available ($DNS_VERSION)" |
| else |
| echo "The Running version ($RUNNING_VERSION) is up to date" |
| fi |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-profil.sh |
|---|
| 0,0 → 1,133 |
| #/bin/bash |
| # $Id$ |
| # alcasar-profil.sh |
| # by Richard REY |
| # This script is distributed under the Gnu General Public License (GPL) |
| # Gestion des comptes liés aux profiles |
| # Manage the profil logins |
| ADM_PROFIL="admin" |
| PROFILS="backup manager" |
| ALL_PROFILS=`echo $ADM_PROFIL $PROFILS` |
| DIR_KEY="/usr/local/etc/digest" |
| SED="/bin/sed -i" |
| HOSTNAME=`uname -n` |
| # liste les comptes de chaque profile |
| function list () { |
| for i in $ALL_PROFILS |
| do |
| echo "Comptes liés au profil '$i' :" |
| cat $DIR_KEY/key_only_$i | cut -d':' -f1|sort |
| done |
| } |
| # ajoute les comptes du profil "admin" aux autres profils |
| # crée le fichier de clés contenant tous les compte (pour l'accès au centre de gestion) |
| function concat () { |
| > $DIR_KEY/key_all |
| for i in $PROFILS |
| do |
| cp -f $DIR_KEY/key_only_$ADM_PROFIL $DIR_KEY/key_$i |
| cat $DIR_KEY/key_only_$i >> $DIR_KEY/key_$i |
| cat $DIR_KEY/key_only_$i >> $DIR_KEY/key_all |
| done |
| cp -f $DIR_KEY/key_only_$ADM_PROFIL $DIR_KEY/key_$ADM_PROFIL |
| cat $DIR_KEY/key_only_$ADM_PROFIL >> $DIR_KEY/key_all |
| chown -R root:apache $DIR_KEY |
| chmod 640 $DIR_KEY/key_* |
| } |
| usage="Usage: alcasar-profil.sh --list | --add | --del | --pass" |
| nb_args=$# |
| args=$1 |
| # on met en place la structure minimale |
| if [ ! -e $DIR_KEY/key_$ADM_PROFIL ] |
| then |
| touch $DIR_KEY/key_$ADM_PROFIL |
| fi |
| cp -f $DIR_KEY/key_$ADM_PROFIL $DIR_KEY/key_only_$ADM_PROFIL |
| for i in $PROFILS |
| do |
| if [ ! -e $DIR_KEY/key_only_$i ] |
| then |
| touch $DIR_KEY/key_only_$i |
| fi |
| done |
| concat |
| if [ $nb_args -eq 0 ] |
| then |
| echo $usage |
| exit 0 |
| fi |
| case $args in |
| -\? | -h* | --h*) |
| echo "$usage" |
| exit 0 |
| ;; |
| --add|-add) |
| # ajout d'un compte |
| list |
| echo -n "Choisissez un profil ($ALL_PROFILS) : " |
| read profil |
| echo -n "Entrez le nom du compte à créer (profil '$profil') : " |
| read account |
| # on teste s'il n'existe pas déjà |
| for i in $ALL_PROFILS |
| do |
| tmp_account=`cat $DIR_KEY/key_only_$i | cut -d':' -f1` |
| for j in $tmp_account |
| do |
| if [ "$j" = "$account" ] |
| then echo "Ce compte existe déjà" |
| exit 0 |
| fi |
| done |
| done |
| /usr/sbin/htdigest $DIR_KEY/key_only_$profil $HOSTNAME $account |
| concat |
| list |
| ;; |
| --del|-del) |
| # suppression d'un compte |
| list |
| echo -n "entrez le nom du compte à supprimer : " |
| read account |
| for i in $ALL_PROFILS |
| do |
| $SED "/^$account:/d" $DIR_KEY/key_only_$i |
| done |
| concat |
| list |
| ;; |
| --pass|-pass) |
| # changement du mot de passe d'un compte |
| list |
| echo "Changement de mot de passe" |
| echo -n "Entrez le nom du compte : " |
| read account |
| for i in $ALL_PROFILS |
| do |
| tmp_account=`cat $DIR_KEY/key_only_$i | cut -d':' -f1` |
| for j in $tmp_account |
| do |
| if [ "$j" = "$account" ] |
| then |
| /usr/sbin/htdigest $DIR_KEY/key_only_$i $HOSTNAME $account |
| fi |
| done |
| done |
| concat |
| ;; |
| --list|-list) |
| # liste des comptes par profile |
| list |
| ;; |
| *) |
| echo "Argument inconnu :$1"; |
| echo "$usage" |
| exit 1 |
| ;; |
| esac |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-havp.sh |
|---|
| 0,0 → 1,63 |
| #/bin/bash |
| # $Id$ |
| # alcasar-havp.sh |
| # by Rexy |
| # This script is distributed under the Gnu General Public License (GPL) |
| # Activation / désactivation antivirus de flux WEB (Havp + LibClamav) |
| # Enable / disable of WEB flow antivirus (HAVP + LibClamav) |
| CONF_FILE="/usr/local/etc/alcasar.conf" |
| SED="/bin/sed -i" |
| function av_disable (){ |
| $SED "s/^cache_peer.*/#cache_peer 127\.0\.0\.1 parent 8090 0 no-query default/g" /etc/squid/squid.conf |
| $SED "s/^never_direct.*/#never_direct allow all/g" /etc/squid/squid.conf |
| $SED "s/^WEB_ANTIVIRUS=.*/WEB_ANTIVIRUS=off/g" /usr/local/etc/alcasar.conf |
| service squid reload |
| service havp stop |
| } |
| function av_enable (){ |
| $SED "s/^#cache_peer.*/cache_peer 127\.0\.0\.1 parent 8090 0 no-query default/g" /etc/squid/squid.conf |
| $SED "s/^#never_direct.*/never_direct allow all/g" /etc/squid/squid.conf |
| $SED "s/^WEB_ANTIVIRUS=.*/WEB_ANTIVIRUS=on/g" /usr/local/etc/alcasar.conf |
| service squid reload |
| service havp start |
| } |
| usage="Usage: alcasar-havp.sh {--on or -on} | {--off or -off} | {--update or -update}" |
| nb_args=$# |
| args=$1 |
| if [ $nb_args -eq 0 ] |
| then |
| AV_FILTERING=`grep WEB_ANTIVIRUS $CONF_FILE|cut -d"=" -f2` # WEB-antivir (on/off) |
| AV_FILTERING=${AV_FILTERING:=on} |
| echo "Set antivirus Filtering to $AV_FILTERING" |
| if [ $AV_FILTERING = on ]; then |
| av_enable |
| else |
| av_disable |
| fi |
| exit 0 |
| fi |
| case $args in |
| -\? | -h* | --h*) |
| echo "$usage" |
| exit 0 |
| ;; |
| --on|-on) |
| av_enable |
| ;; |
| --off|-off) |
| av_disable |
| ;; |
| --update|-update) |
| #mise à jour de la base de signature |
| freshclam |
| ;; |
| *) |
| echo "Argument inconnu :$1"; |
| echo "$usage" |
| exit 1 |
| ;; |
| esac |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-https.sh |
|---|
| 0,0 → 1,44 |
| #/bin/bash |
| # $Id$ |
| # alcasar-dhcp.sh |
| # by Rexy |
| # This script is distributed under the Gnu General Public License (GPL) |
| # active ou désactive le chiffrement sur les flux d'authentification |
| # enable or disable encryption on authentication flows |
| SED="/bin/sed -i" |
| CHILLI_CONF_FILE="/etc/chilli.conf" |
| INTERCEPT_FILE="/var/www/html/intercept.php" |
| usage="Usage: alcasar-https.sh {--on | -on} | {--off | -off}" |
| nb_args=$# |
| args=$1 |
| if [ $nb_args -eq 0 ] |
| then |
| echo "$usage" |
| exit 1 |
| fi |
| case $args in |
| -\? | -h* | --h*) |
| echo "$usage" |
| exit 0 |
| ;; |
| --off|-off) # disable HTTPS |
| $SED "/# If https not use/,/}/s?^?#?" $INTERCEPT_FILE |
| $SED "s?uamserver.*?uamserver\thttp://alcasar/intercept.php?" $CHILLI_CONF_FILE |
| /etc/init.d/chilli restart |
| ;; |
| --on|-on) # enable HTTPS |
| $SED "/## If https not use/,/#}/s?^#??" $INTERCEPT_FILE |
| $SED "s?uamserver.*?uamserver\thttps://alcasar/intercept.php?" $CHILLI_CONF_FILE |
| /etc/init.d/chilli restart |
| ;; |
| *) |
| echo "Argument inconnu :$1"; |
| echo "$usage" |
| exit 1 |
| ;; |
| esac |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-qos.sh |
|---|
| 0,0 → 1,47 |
| #/bin/bash |
| # $Id$ |
| # alcasar-CA.sh |
| # by Franck BOUIJOUX |
| # This script is distributed under the Gnu General Public License (GPL) |
| # Active / désactive la qualite de service réseau |
| # Enable / disable QOS |
| SED="/bin/sed -i" |
| FIC_QOS="/usr/local/etc/alcasar-iptables-qos.sh" |
| usage="Usage: alcasar-qos.sh {--on or -on} | {--off | -off} " |
| nb_args=$# |
| args=$1 |
| if [ $nb_args -eq 0 ] |
| then |
| nb_args=1 |
| args="-h" |
| fi |
| case $args in |
| -\? | -h* | --h*) |
| echo "$usage" |
| exit 0 |
| ;; |
| --on|-on) |
| # activation du filtrage réseau |
| if [ -e $FIC_QOS ] then |
| $SED "s?^QOS.*?QOS=\"yes\"?g" /usr/local/bin/alcasar-iptables.sh |
| /usr/local/bin/alcasar-iptables.sh |
| else |
| exit 2 |
| fi |
| ;; |
| --off|-off) |
| # désactivation du filtrage réseau |
| $SED "s?^QOS.*?QOS=\"no\"?g" /usr/local/bin/alcasar-iptables.sh |
| /usr/local/bin/alcasar-iptables.sh |
| ;; |
| *) |
| echo "Argument inconnu :$1"; |
| echo "$usage" |
| exit 1 |
| ;; |
| esac |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-nf.sh |
|---|
| 0,0 → 1,41 |
| #/bin/bash |
| # $Id$ |
| # alcasar-nf.sh |
| # by Rexy |
| # This script is distributed under the Gnu General Public License (GPL) |
| # active ou desactive le filtrage de protocoles réseau |
| # enable or disable the network protocols filter |
| SED="/bin/sed -i" |
| FIC_CONF="/usr/local/etc/alcasar.conf" |
| usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off}" |
| nb_args=$# |
| args=$1 |
| if [ $nb_args -eq 0 ] |
| then |
| echo $usage |
| exit 1 |
| fi |
| case $args in |
| -\? | -h* | --h*) |
| echo "$usage" |
| exit 0 |
| ;; |
| -on|-on) # enable protocols filter |
| $SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF |
| /usr/local/bin/alcasar-iptables.sh |
| ;; |
| --off|-off) # disable protocols filter |
| $SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $FIC_CONF |
| /usr/local/bin/alcasar-iptables.sh |
| ;; |
| *) |
| echo "Argument inconnu :$1"; |
| echo "$usage" |
| exit 1 |
| ;; |
| esac |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-rpm-download.sh |
|---|
| 0,0 → 1,141 |
| #!/bin/bash |
| # $Id$ |
| # alcasar-urpmi.sh |
| # by Franck BOUIJOUX and Richard REY |
| # This script is distributed under the Gnu General Public License (GPL) |
| # récupération des RPM nécessaire dans un fichier tarball |
| # retrieve needed RPM in a tarball file |
| VERSION="2" |
| ARCH="i586" |
| # ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
| PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb logwatch ntp awstats bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy" |
| rpm_repository_sync () |
| { |
| cat <<EOF > /etc/urpmi/urpmi.cfg |
| { |
| downloader: wget |
| } |
| EOF |
| urpmi.addmedia --probe-synthesis --mirrorlist ${!MIRRORLIST} core /media/core/release |
| urpmi.addmedia --update --probe-synthesis --mirrorlist ${!MIRRORLIST} core_updates /media/core/updates |
| } |
| rpm_error () |
| { |
| echo |
| echo "Relancez l'installation ultérieurement." |
| echo "Si vous rencontrez à nouveau ce problème, modifier les variables MIRRORLIST[1&2] du fichier 'scripts/alcasar-urpmi.sh'" |
| echo "Try an other install later." |
| echo "If this problem occurs again, change the MIRRORLIST[1&2] variables in the file 'scripts/alcasar-urpmi.sh'" |
| } |
| # extract the current architecture (i586 ou X64) |
| fic=`cat /etc/product.id` |
| old="$IFS" |
| IFS="," |
| set $fic |
| for i in $* |
| do |
| if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ] |
| then |
| ARCH=`echo $i|cut -d"=" -f2` |
| fi |
| done |
| IFS="$old" |
| # We prefer wget than curl |
| urpmi --no-verify-rpm --auto ../../conf/rpms/$ARCH/wget*.rpm |
| # Set the RPM repository |
| MIRROR_NBR=2 |
| # For french ALCASARistes |
| MIRRORLIST1="http://www.mirrorservice.org/sites/mageia.org/pub/mageia/distrib/$VERSION/$ARCH" |
| # For International install |
| MIRRORLIST2="http://mirrors.mageia.org/api/mageia.$VERSION.$ARCH.list" |
| try_nb="0"; nb_repository="0" |
| while [ "$nb_repository" != "2" ] |
| do |
| try_nb=`expr $try_nb + 1` |
| MIRRORLIST="MIRRORLIST$try_nb" |
| rpm_repository_sync |
| nb_repository=`cat /etc/urpmi/urpmi.cfg|grep mirrorlist|wc -l` |
| if [ "$nb_repository" != "2" ] |
| then |
| echo "Une erreur a été détectée lors de la synchronisation avec le dépot N°$try_nb." |
| echo "An error occurs when synchronising the repositories N°$try_nb" |
| if [ $(expr $try_nb) -eq $MIRROR_NBR ] |
| then |
| rpm_error |
| exit 1 |
| fi |
| echo "Voulez-vous tenter une synchronisation avec un autre dépôt?" |
| echo "Do you wan't to try a synchronisation with an other repository?" |
| response=0 |
| PTN='^[oOnNyY]$' |
| until [[ $(expr $response : $PTN) -gt 0 ]] |
| do |
| read response |
| done |
| if [ "$response" = "n" ] || [ "$response" = "N" ] |
| then |
| exit 1 |
| fi |
| fi |
| done |
| # delete unused RPMs |
| echo "Cleaning the system : " |
| for rm_rpm in shorewall dhcp-server cyrus-sasl distcache-server avahi mandi radeontool mondo mindi |
| do |
| /usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null |
| echo -n "." |
| done |
| urpmi --clean |
| # download RPM in cache |
| echo "Récupération des paquetages de mise à jour. Veuillez patienter ..." |
| echo "Updated RPM download. Please wait ..." |
| echo "Il est temps d'aller prendre un café :-) " |
| echo "You should now take a Beer ;-) " |
| urpmi --auto --auto-update --quiet --test --retry 2 |
| if [ "$?" != "0" ] |
| then |
| echo |
| echo "Une erreur a été détectée lors de la récupération des paquetages." |
| echo "An error occurs when downloading RPMS" |
| rpm_error |
| exit 1 |
| fi |
| # update with cached RPM |
| urpmi --auto --auto-update --noclean |
| if [ "$?" != "0" ] |
| then |
| echo |
| echo "Une erreur a été détectée lors de la mise à jour des paquetages." |
| echo "An error occurs when updating packages" |
| rpm_error |
| exit 1 |
| fi |
| # Download of ALCASAR specifics RPM in cache (and test) |
| echo "Récupération des paquetages complémentaires. Veuillez patienter ..." |
| echo "Download of complementary packages. Please wait ..." |
| urpmi --auto $PACKAGES --quiet --test --retry 2 |
| if [ "$?" != "0" ] |
| then |
| echo |
| echo "Une erreur a été détectée lors de la récupération des paquetages complémentaires." |
| echo "An error occurs when downloading complementary packages" |
| rpm_error |
| exit 1 |
| fi |
| echo "archive creation. Please wait..." |
| cd /var/cache/urpmi |
| tar -czf rpms-$ARCH.tar.gz rpms/ |
| # Clean the RPM cache |
| urpmi --clean |
| mv rpms-$ARCH.tar.gz /root/ |
| cd |
| echo "Your RPM archive file is /root/rpms-$ARCH.tar.gz" |
| exit 0 |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |
| /scripts/sbin/alcasar-certificates.sh |
|---|
| 0,0 → 1,115 |
| #!/bin/sh |
| # Id: $Id$ |
| # alcasar-certificates.sh |
| # by Franck BOUIJOUX and REXY |
| # This script is distributed under the Gnu General Public License (GPL) |
| # Script permettant |
| # - d'exporter les certificats d'un serveur pour les transposer sur un autre. |
| # This script allows |
| # - export certificates server to move them. |
| DIR_EXPORT="/root/Certificats" |
| DIR_PKI="/etc/pki" |
| DIR_SAVE="/root/PKI_SAVE" |
| DIR_IMPORT="/root/Certificats" |
| usage="Usage: alcasar-certificates.sh {--export or -x} | {--import or -i <FileOfCertificate.tar.gz>} " |
| nb_args=$# |
| args=$1 |
| if [ $nb_args -eq 0 ] |
| then |
| nb_args=1 |
| args="-h" |
| fi |
| NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment |
| FILE="certificates-$NOW" |
| DIR_SAVE=$DIR_SAVE-$NOW |
| # Function of export |
| function certs_export() { |
| # Export of CA Certificate |
| cd /root |
| tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key} |
| # Export of server Certificate |
| tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt} |
| gzip $FILE.tar |
| echo "Le ficher des certificats exportés est : $FILE.tar.gz" |
| } # end function export |
| function archive() { |
| # Sauvegarde de la pki actuelle |
| [ -d $DIR_SAVE ] || mkdir $DIR_SAVE |
| # Save of CA Certificate |
| cd $DIR_PKI/CA/ |
| cp alcasar-ca.crt $DIR_SAVE/. |
| cp private/alcasar-ca.key $DIR_SAVE/. |
| # Save of server Certificate |
| cd $DIR_PKI/tls |
| cp certs/alcasar.crt $DIR_SAVE/. |
| cp private/alcasar.key $DIR_SAVE/. |
| cp certs/server-chain.crt $DIR_SAVE/. |
| } # end function archive |
| function import() { |
| echo "Would you like to Import New Certificates in ALCASAR ?" |
| read response |
| if [ $response = "y" ] || [ $response = "o" ] || [ $response = "Y" ] || [ $response = "O" ] |
| then |
| [ -d $DIR_IMPORT ] || mkdir $DIR_IMPORT |
| rm -rf $DIR_IMPORT/* |
| # Import of CA Certificate |
| tar xzvf $1 --directory=$DIR_IMPORT |
| echo "Import new certificates in ALCASAR !!!" |
| cp -r $DIR_IMPORT/* /. |
| chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key} |
| chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt} |
| # Service apache restart |
| service httpd restart |
| else |
| echo "You are not import new certificates !!!" |
| exit 0 |
| fi |
| } # end import |
| # Core script |
| case $args in |
| -\? | -h* | --h*) |
| echo "$usage" |
| exit 0 |
| ;; |
| --export | -x) |
| archive |
| certs_export |
| ;; |
| --import | -i) |
| nb_args=$# |
| if [ $nb_args -eq 1 ] |
| then |
| echo "Il faut passer un fichier de certificat en paramètre !!!" |
| exit 0 |
| fi |
| import $2 |
| ;; |
| *) |
| echo "Unknown argument :$1"; |
| echo "$usage" |
| exit 1 |
| ;; |
| esac |
| exit 0 |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| /scripts/sbin/alcasar-mysql.sh |
|---|
| 0,0 → 1,97 |
| #! /bin/bash |
| # $Id$ |
| # alcasar-mysql.sh |
| # by Franck BOUIJOUX, Pascal LEVANT and Richard REY |
| # This script is distributed under the Gnu General Public License (GPL) |
| # Gestion (sauvegarde / import / RAZ) de la base MySQL 'radius'. Fermeture des sessions de comptabilité ouvertes |
| # Management of mysql 'radius' database (save / import / RAZ). Close the accounting open sessions |
| rep_tr="/var/Save/base" # répertoire d'accueil des sauvegardes |
| ext="sql" # extension des fichiers de sauvegarde |
| DB_RADIUS="radius" |
| DB_USER="radius" |
| radiuspwd="iDTxxBGa" |
| new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers |
| fichier="$DB_RADIUS-$new.$ext" # nom du fichier de sauvegarde |
| stop_acct () |
| { |
| date_now=`date "+%F %X"` |
| echo "UPDATE radacct SET acctstoptime = '$date_now', acctterminatecause = 'Admin-Reset' WHERE acctstoptime IS NULL" | mysql -u$DB_USER -p$radiuspwd $DB_RADIUS |
| } |
| check () |
| { |
| echo "check (and repair if needed) the database :" |
| mysqlcheck --databases $DB_RADIUS -u $DB_USER -p$radiuspwd --auto-repair |
| } |
| expire_user () |
| { |
| del_date=`date +%F` |
| MYSQL=`/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS -ss --exec "SELECT username FROM radcheck WHERE ( DATE_SUB(CURDATE(),INTERVAL 7 DAY) > STR_TO_DATE(value,'%d %M %Y')) AND attribute='Expiration';"` |
| for u in $MYSQL |
| do |
| /usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS --exec "DELETE FROM radusergroup WHERE username = '$u'; DELETE FROM radreply WHERE username = '$u'; DELETE FROM userinfo WHERE UserName = '$u'; DELETE FROM radcheck WHERE username = '$u'" |
| if [ $? = 0 ] |
| then |
| echo "User $u was deleted $del_date" >> /var/log/mysqld/delete_user.log |
| else |
| echo "Delete User $u : Error $del_date" >> /var/log/mysqld/delete_user.log |
| fi |
| done |
| } |
| usage="Usage: alcasar-mysql.sh { -d or --dump } | { -c or --check } | { -i or --import } | { -r or --raz } | { -acct_stop } | [ --expire_user ]" |
| nb_args=$# |
| args=$1 |
| if [ $nb_args -eq 0 ] |
| then |
| nb_args=1 |
| args="-h" |
| fi |
| case $args in |
| -\? | -h* | --h*) |
| echo "$usage" |
| exit 0 |
| ;; |
| -d | --dump | -dump) |
| [ -d $rep_tr ] || mkdir -p $rep_tr |
| if [ -e $fichier ]; |
| then rm -f $fichier |
| fi |
| check |
| echo "Export the database in file : $fichier" |
| mysqldump -u $DB_USER -p$radiuspwd --opt -BcQC $DB_RADIUS > $rep_tr/$fichier |
| echo "End of export $( date "+%Hh %Mmn" )" |
| ;; |
| -c | --check | -check) |
| check |
| ;; |
| -i | --import | -import) |
| if [ $nb_args -ne 2 ] |
| then |
| echo "Enter a SQL file name (.sql)" |
| exit 0 |
| else |
| mysql -u $DB_USER -p$radiuspwd < $2 |
| stop_acct |
| fi |
| ;; |
| -r | --raz | -raz) |
| mysqldump -u $DB_USER -p$radiuspwd --opt -BcQC $DB_RADIUS > $rep_tr/$fichier && \ |
| mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < /etc/raddb/radiusd-db-vierge.sql |
| ;; |
| -acct_stop) |
| stop_acct |
| ;; |
| --expire_user) |
| expire_user |
| ;; |
| *) |
| echo "Unknown argument :$1"; |
| echo "$usage" |
| exit 1 |
| ;; |
| esac |
| Property changes: |
| Added: svn:eol-style |
| +LF |
| \ No newline at end of property |
| Added: svn:executable |
| +* |
| \ No newline at end of property |
| Added: svn:keywords |
| +Id Author Date |
| \ No newline at end of property |