Line 1... |
Line 1... |
1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
2 |
# $Id: alcasar.sh 1005 2013-01-04 15:11:35Z richard $
|
2 |
# $Id: alcasar.sh 1007 2013-01-05 15:14:32Z richard $
|
3 |
|
3 |
|
4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
5 |
|
5 |
|
6 |
# ALCASAR - Portail captif d'accès à l'Internet - Copyright (C) [2005] [ALcasar team - Rexy - 3abtux - ...]
|
6 |
# ALCASAR - Portail captif d'accès à l'Internet - Copyright (C) [2005] [ALcasar team - Rexy - 3abtux - ...]
|
7 |
# Ce programme est un logiciel libre ; vous pouvez le redistribuer et/ou le modifier au titre des clauses de la Licence Publique Générale GNU,
|
7 |
# Ce programme est un logiciel libre ; vous pouvez le redistribuer et/ou le modifier au titre des clauses de la Licence Publique Générale GNU,
|
Line 16... |
Line 16... |
16 |
|
16 |
|
17 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
17 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
18 |
# This script is distributed under the Gnu General Public License (GPL)
|
18 |
# This script is distributed under the Gnu General Public License (GPL)
|
19 |
|
19 |
|
20 |
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
|
20 |
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
|
21 |
# ALCASAR est architecturé autour d'une distribution Linux Mandriva minimaliste et les logiciels libres suivants :
|
21 |
# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :
|
22 |
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
|
22 |
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
|
23 |
# ALCASAR is based on a stripped Mandriva (LSB) with the following open source softwares :
|
23 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
|
24 |
#
|
24 |
#
|
25 |
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes
|
25 |
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes
|
26 |
|
26 |
|
27 |
# Options :
|
27 |
# Options :
|
28 |
# -i or --install
|
28 |
# -i or --install
|
Line 1135... |
Line 1135... |
1135 |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV
|
1135 |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV
|
1136 |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches
|
1136 |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches
|
1137 |
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously
|
1137 |
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously
|
1138 |
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files
|
1138 |
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files
|
1139 |
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
|
1139 |
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
|
- |
|
1140 |
# skip checking of youtube flow (too heavy load / risk too low)
|
- |
|
1141 |
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
|
- |
|
1142 |
echo "# Whitelist youtube flow" >> /etc/havp/whitelist
|
- |
|
1143 |
echo "*.youtube.com/*" >> /etc/havp/whitelist
|
1140 |
# remplacement du fichier d'initialisation
|
1144 |
# remplacement du fichier d'initialisation
|
1141 |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
|
1145 |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
|
1142 |
# if keep old init file : $SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp
|
1146 |
# if keep old init file : $SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp
|
1143 |
cp -f $DIR_CONF/havp-init /etc/init.d/havp
|
1147 |
cp -f $DIR_CONF/havp-init /etc/init.d/havp
|
1144 |
# on remplace la page d'interception (template)
|
1148 |
# on remplace la page d'interception (template)
|
Line 1456... |
Line 1460... |
1456 |
{
|
1460 |
{
|
1457 |
# adaptation du script "chien de garde" (watchdog)
|
1461 |
# adaptation du script "chien de garde" (watchdog)
|
1458 |
$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
|
1462 |
$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
|
1459 |
$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
|
1463 |
$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
|
1460 |
# création de la bannière locale
|
1464 |
# création de la bannière locale
|
1461 |
[ -e /etc/mandriva-release.default ] || cp /etc/mandriva-release /etc/mandriva-release.default
|
1465 |
[ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default
|
1462 |
cp -f $DIR_CONF/banner /etc/mandriva-release
|
1466 |
cp -f $DIR_CONF/banner /etc/mageia-release
|
1463 |
echo " V$VERSION" >> /etc/mandriva-release
|
1467 |
echo " V$VERSION" >> /etc/mageia-release
|
1464 |
# création de la bannière SSH
|
1468 |
# création de la bannière SSH
|
1465 |
cp /etc/mandriva-release /etc/ssh/alcasar-banner-ssh
|
1469 |
cp /etc/mageia-release /etc/ssh/alcasar-banner-ssh
|
1466 |
chmod 644 /etc/ssh/alcasar-banner-ssh ; chown root:root /etc/ssh/alcasar-banner-ssh
|
1470 |
chmod 644 /etc/ssh/alcasar-banner-ssh ; chown root:root /etc/ssh/alcasar-banner-ssh
|
1467 |
[ -e /etc/ssh/sshd_config.default ] || cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default
|
1471 |
[ -e /etc/ssh/sshd_config.default ] || cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default
|
1468 |
$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
|
1472 |
$SED "s?^Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
|
1469 |
$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
|
1473 |
$SED "s?^#Banner.*?Banner /etc/ssh/alcasar-banner-ssh?g" /etc/ssh/sshd_config
|
1470 |
# postfix banner anonymisation
|
1474 |
# postfix banner anonymisation
|
Line 1601... |
Line 1605... |
1601 |
# change display to 1024*768 (vga791)
|
1605 |
# change display to 1024*768 (vga791)
|
1602 |
$SED "s?^timeout.*?timeout 3?g" /boot/grub/menu.lst
|
1606 |
$SED "s?^timeout.*?timeout 3?g" /boot/grub/menu.lst
|
1603 |
$SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst
|
1607 |
$SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst
|
1604 |
$SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst
|
1608 |
$SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst
|
1605 |
$SED "/^kernel/s/vga=.*/vga=791/" /boot/grub/menu.lst
|
1609 |
$SED "/^kernel/s/vga=.*/vga=791/" /boot/grub/menu.lst
|
- |
|
1610 |
$SED "/^gfxmenu/d" /boot/grub/menu.lst
|
1606 |
|
1611 |
|
1607 |
# Remove unused services and users
|
1612 |
# Remove unused services and users
|
1608 |
for svc in alsa sound dm
|
1613 |
for old_svc in alsa sound dm
|
1609 |
do
|
1614 |
do
|
1610 |
/sbin/chkconfig --del $svc
|
1615 |
/sbin/chkconfig --del $old_svc
|
- |
|
1616 |
done
|
- |
|
1617 |
for svc in snmpd
|
- |
|
1618 |
do
|
- |
|
1619 |
/bin/systemctl -q disable $svc
|
1611 |
done
|
1620 |
done
|
1612 |
for rm_users in avahi-autoipd avahi icapd
|
1621 |
for rm_users in avahi-autoipd avahi icapd
|
1613 |
do
|
1622 |
do
|
1614 |
user=`cat /etc/passwd|grep $rm_users|cut -d":" -f1`
|
1623 |
user=`cat /etc/passwd|grep $rm_users|cut -d":" -f1`
|
1615 |
if [ "$user" == "$rm_users" ]
|
1624 |
if [ "$user" == "$rm_users" ]
|
Line 1783... |
Line 1792... |
1783 |
mode="install"
|
1792 |
mode="install"
|
1784 |
fi
|
1793 |
fi
|
1785 |
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_awstats param_dnsmasq BL cron post_install
|
1794 |
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_awstats param_dnsmasq BL cron post_install
|
1786 |
do
|
1795 |
do
|
1787 |
$func
|
1796 |
$func
|
1788 |
echo "*** 'debug' : end of function $func ***"; read a
|
1797 |
# echo "*** 'debug' : end of function $func ***"; read a
|
1789 |
done
|
1798 |
done
|
1790 |
;;
|
1799 |
;;
|
1791 |
-u | --uninstall)
|
1800 |
-u | --uninstall)
|
1792 |
if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]
|
1801 |
if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]
|
1793 |
then
|
1802 |
then
|