Subversion Repositories ALCASAR

Rev

Rev 472 | Rev 478 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log

Rev 472 Rev 476
Line 1... Line 1...
1
#!/bin/sh
1
#!/bin/sh
2
#  $Id: alcasar.sh 472 2011-02-02 23:01:55Z richard $ 
2
#  $Id: alcasar.sh 476 2011-02-06 20:31:31Z richard $ 
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
5
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
 
7
 
Line 926... Line 926...
926
	then
926
	then
927
	      userdel -r havp
927
	      userdel -r havp
928
	fi
928
	fi
929
	groupadd -f havp
929
	groupadd -f havp
930
	useradd -g havp havp
930
	useradd -g havp havp
931
# création de la partition de stockage temporaire (100Mo)
931
# création de la zone de travail temporaire (50Mo) en mémoire
932
	dd if=/dev/zero of=/tmp/havp-disk bs=1024k count=30
932
	mkdir -p /var/tmp/havp /var/log/havp
933
	mkfs.ext4 -qF /tmp/havp-disk
933
	chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
934
	echo "# Entry for havp tmp files scan partition" >> /etc/fstab
934
	echo "# Entry for havp tmp files scan partition" >> /etc/fstab
935
	echo "/tmp/havp-disk /var/tmp/havp ext4 loop,mand,noatime,async" >> /etc/fstab
935
	echo "tmpfs /var/tmp/havp tmpfs mand,noatime,size=50m,nosuid,noexec 0 0" >> /etc/fstab
936
	$SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp
936
	$SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp
937
	mkdir -p /var/tmp/havp /var/log/havp
-
 
938
	chown -R havp /var/log/havp /var/run/havp
-
 
939
# configuration d'HAVP
937
# configuration d'HAVP
940
	[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
938
	[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
941
	$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
939
	$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
942
	$SED "s?^# PARENTPROXY.*?PARENTPROXY 127.0.0.1?g" /etc/havp/havp.config
940
	$SED "s?^# PARENTPROXY.*?PARENTPROXY 127.0.0.1?g" /etc/havp/havp.config
943
	$SED "s?^# PARENTPORT.*?PARENTPORT 3128?g" /etc/havp/havp.config
941
	$SED "s?^# PARENTPORT.*?PARENTPORT 3128?g" /etc/havp/havp.config
Line 960... Line 958...
960
 
958
 
961
##################################################################################
959
##################################################################################
962
##				Fonction firewall				##
960
##				Fonction firewall				##
963
## - adaptation des scripts du parefeu						##
961
## - adaptation des scripts du parefeu						##
964
## - mise en place des règles et sauvegarde pour un lancement automatique	##
962
## - mise en place des règles et sauvegarde pour un lancement automatique	##
965
## - configuration Ulogd							##
-
 
966
##################################################################################
963
##################################################################################
967
firewall ()
964
firewall ()
968
{
965
{
969
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
966
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
970
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
967
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
971
	$SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
968
	$SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
972
	$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
969
	$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
973
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
970
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
974
	[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
-
 
975
	[ -e /var/log/firewall/firewall.log ] || touch /var/log/firewall/firewall.log
-
 
976
	chown -R root:apache /var/log/firewall
-
 
977
	chmod 750 /var/log/firewall
-
 
978
	chmod 640 /var/log/firewall/firewall.log
-
 
979
 	$SED "s?^file=\"/var/log/ulogd.syslogemu\"?file=\"/var/log/firewall/firewall.log\"?g" /etc/ulogd.conf
-
 
980
# création du fichier d'exception au filtrage
971
# création du fichier d'exception au filtrage
981
	touch /usr/local/etc/alcasar-filter-exceptions
972
	touch /usr/local/etc/alcasar-filter-exceptions
982
	sh $DIR_DEST_BIN/alcasar-iptables.sh
973
	sh $DIR_DEST_BIN/alcasar-iptables.sh
983
}  # End of firewall ()
974
}  # End of firewall ()
984
 
975
 
985
##################################################################################
976
##################################################################################
-
 
977
##			param_ulogd function					##
-
 
978
## - Ulog config for multi-log files 						##
-
 
979
##################################################################################
-
 
980
param_ulogd ()
-
 
981
{
-
 
982
# Three instances of ulogd (three different logfiles)
-
 
983
	[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
-
 
984
	[ -e /var/log/firewall/tracability.log ] || touch /var/log/firewall/tracability.log
-
 
985
	[ -e /var/log/firewall/ssh.log ] || touch /var/log/firewall/ssh.log
-
 
986
	[ -e /var/log/firewall/ext-access.log ] || touch /var/log/firewall/ext-access.log
-
 
987
	chown -R root:apache /var/log/firewall
-
 
988
	chmod 750 /var/log/firewall
-
 
989
	chmod 640 /var/log/firewall/*
-
 
990
	cat <<EOF > /etc/ulogd-tracability.conf
-
 
991
# ulogd configuration for ALCASAR
-
 
992
[global]
-
 
993
nlgroup=1
-
 
994
logfile="/var/log/ulogd.log"
-
 
995
loglevel=5
-
 
996
rmem=131071
-
 
997
bufsize=150000
-
 
998
plugin="/usr/lib/ulogd/ulogd_BASE.so"
-
 
999
plugin="/usr/lib/ulogd/ulogd_LOGEMU.so"
-
 
1000
[LOGEMU]
-
 
1001
file="/var/log/firewall/tracability.log"
-
 
1002
sync=1
-
 
1003
EOF
-
 
1004
 	cp -f /etc/ulogd-tracability.conf /etc/ulogd-ssh.conf
-
 
1005
	$SED "s?^nlgroup=.*?nlgroup=2?g" /etc/ulogd-ssh.conf 
-
 
1006
	$SED "s?^file=\"/var/log/firewall/.*?file=\"/var/log/firewall/ssh.log\"?g" /etc/ulogd-ssh.conf 
-
 
1007
 	cp -f /etc/ulogd-tracability.conf /etc/ulogd-ext-access.conf
-
 
1008
	$SED "s?^nlgroup=.*?nlgroup=3?g" /etc/ulogd-ext-access.conf 
-
 
1009
	$SED "s?^file=\"/var/log/firewall/.*?file=\"/var/log/firewall/ext-access.log\"?g" /etc/ulogd-ext-access.conf
-
 
1010
	[ -e /etc/init.d/ulogd.default ] || cp /etc/init.d/ulogd /etc/init.d/ulogd.default
-
 
1011
	cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd
-
 
1012
}  # End of param_ulogd ()
-
 
1013
 
-
 
1014
##################################################################################
986
##				Fonction param_awstats				##
1015
##				Fonction param_awstats				##
987
## - configuration de l'interface des logs de consultation WEB (AWSTAT)		##
1016
## - configuration de l'interface des logs de consultation WEB (AWSTAT)		##
988
##################################################################################
1017
##################################################################################
989
param_awstats()
1018
param_awstats()
990
{
1019
{
Line 1353... Line 1382...
1353
			hostname `cat $DIR_CONF/hostname`
1382
			hostname `cat $DIR_CONF/hostname`
1354
			mode="update"
1383
			mode="update"
1355
		else
1384
		else
1356
			mode="install"
1385
			mode="install"
1357
		fi
1386
		fi
1358
		for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus firewall param_awstats param_dnsmasq BL cron post_install
1387
		for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus firewall param_ulogd param_awstats param_dnsmasq BL cron post_install
1359
 
1388
 
1360
		do
1389
		do
1361
			$func
1390
			$func
1362
 # echo "*** 'debug' : end of function $func ***"; read a
1391
 # echo "*** 'debug' : end of function $func ***"; read a
1363
		done
1392
		done