797,15 → 797,16 |
# - archive = tarball of "base + http firewall + netflow" |
# - security = watchdog log |
# - conf_file = archive conf file (usefull in updating process) |
for i in base archive security activity_report conf_file; |
for i in base archive security activity_report iot_captures; |
do |
[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i |
done |
chown -R root:apache $DIR_SAVE |
# Configuring & securing php |
[ -e /etc/php.d/05_date.ini ] || cp /etc/php.d/05_date.ini /etc/php.d/05_date.ini.default |
timezone=`timedatectl show --property=Timezone|cut -d"=" -f2` |
$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.d/05_date.ini |
[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default |
timezone=`cat /etc/sysconfig/clock|grep ZONE|cut -d"=" -f2` |
$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.ini |
$SED "s?^upload_max_filesize.*?upload_max_filesize = 100M?g" /etc/php.ini |
$SED "s?^post_max_size.*?post_max_size = 100M?g" /etc/php.ini |
$SED "s?^display_errors.*?display_errors = Off?" /etc/php.ini |
874,9 → 875,9 |
# Run lighttpd after coova (in order waiting tun0 to be up) |
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/lighttpd.service |
# Log file for ACC access imputability |
[ -e /var/Save/security/acc_access.log ] || touch /var/Save/security/acc_access.log |
chown root:apache /var/Save/security/acc_access.log |
chmod 664 /var/Save/security/acc_access.log |
[ -e $DIR_SAVE/security/acc_access.log ] || touch $DIR_SAVE/security/acc_access.log |
chown root:apache $DIR_SAVE/security/acc_access.log |
chmod 664 $DIR_SAVE/security/acc_access.log |
} # End of ACC() |
|
############################################################# |
1931,9 → 1932,9 |
|
# allow reading of 2 log files (fail2ban & watchdog). |
[ -e /var/log/fail2ban.log ] || /usr/bin/touch /var/log/fail2ban.log |
[ -e /var/Save/security/watchdog.log ] || /usr/bin/touch /var/Save/security/watchdog.log |
[ -e $DIR_SAVE/security/watchdog.log ] || /usr/bin/touch $DIR_SAVE/security/watchdog.log |
chmod 644 /var/log/fail2ban.log |
chmod 644 /var/Save/security/watchdog.log |
chmod 644 $DIR_SAVE/security/watchdog.log |
/usr/bin/touch /var/log/auth.log |
# fail2ban unit |
[ -e /lib/systemd/system/fail2ban.service.default ] || cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default |
2279,7 → 2280,7 |
# Load and apply the previous conf file |
if [ "$mode" = "update" ] |
then |
$DIR_DEST_BIN/alcasar-archive.sh --now # exports current logs in /var/Save/archive |
$DIR_DEST_BIN/alcasar-archive.sh --now # exports current logs in $DIR_SAVE/archive |
$DIR_DEST_BIN/alcasar-conf.sh --load |
PARENT_SCRIPT=`basename $0` |
export PARENT_SCRIPT # to avoid stop&start process during the installation process |