| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 1214 2013-09-18 16:01:28Z crox53 $
|
2 |
# $Id: alcasar.sh 1215 2013-09-18 22:08:14Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
|
5 |
|
| 6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
| 7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
| Line 1208... |
Line 1208... |
| 1208 |
usermod -G www-data nfsen
|
1208 |
usermod -G www-data nfsen
|
| 1209 |
#Ajout du plugin nfsen : PortTracker
|
1209 |
#Ajout du plugin nfsen : PortTracker
|
| 1210 |
mkdir -p /var/www/nfsen/plugins
|
1210 |
mkdir -p /var/www/nfsen/plugins
|
| 1211 |
chown -R nfsen:www-data /var/www/nfsen
|
1211 |
chown -R nfsen:www-data /var/www/nfsen
|
| 1212 |
#Ajout du plugin PortTracker
|
1212 |
#Ajout du plugin PortTracker
|
| 1213 |
mkdir -p /var/log/netflow/porttracker
|
1213 |
mkdir -p /var/log/netflow/porttracker /usr/share/nfsen/plugins
|
| 1214 |
mkdir -p /usr/share/nfsen/plugins
|
- |
|
| 1215 |
chown -R apache:apache /usr/share/nfsen
|
1214 |
chown -R apache:apache /var/log/netflow/porttracker /usr/share/nfsen
|
| 1216 |
cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
|
1215 |
cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
|
| 1217 |
chown apache /var/log/netflow/porttracker
|
- |
|
| 1218 |
#Copie du fichier de conf modifié de nfsen
|
1216 |
#Copie du fichier de conf modifié de nfsen
|
| 1219 |
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
|
1217 |
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
|
| 1220 |
#Copie du script d'initialisation de nfsen
|
1218 |
#Copie du script d'initialisation de nfsen
|
| 1221 |
cp $DIR_CONF/nfsen/nfsen.service /lib/systemd/system/
|
1219 |
cp $DIR_CONF/nfsen/nfsen.service /lib/systemd/system/
|
| 1222 |
systemctl enable nfsen.service
|
- |
|
| 1223 |
#Installation de nfsen via le scrip Perl
|
1220 |
#Installation de nfsen via le scrip Perl
|
| 1224 |
DirTmp=$(pwd)
|
1221 |
DirTmp=$(pwd)
|
| 1225 |
cd /tmp/nfsen-1.3.6p1/
|
1222 |
cd /tmp/nfsen-1.3.6p1/
|
| 1226 |
/usr/bin/perl5 install.pl etc/nfsen.conf #script lancé deux fois pour corriger,
|
1223 |
/usr/bin/perl5 install.pl etc/nfsen.conf #script lancé deux fois pour corriger,
|
| 1227 |
/usr/bin/perl5 install.pl etc/nfsen.conf #un problème Perl : "Semaphore introuvable"
|
1224 |
/usr/bin/perl5 install.pl etc/nfsen.conf #un problème Perl : "Semaphore introuvable"
|
| Line 1534... |
Line 1531... |
| 1534 |
do
|
1531 |
do
|
| 1535 |
find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
|
1532 |
find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
|
| 1536 |
done
|
1533 |
done
|
| 1537 |
# export des logs en 'retard' dans /var/Save/logs
|
1534 |
# export des logs en 'retard' dans /var/Save/logs
|
| 1538 |
/usr/local/bin/alcasar-log.sh --export
|
1535 |
/usr/local/bin/alcasar-log.sh --export
|
| 1539 |
# processus lancés par défaut au démarrage
|
1536 |
# creation of the unit of alcasar-load_balancing
|
| 1540 |
for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam nfsen
|
- |
|
| 1541 |
do
|
- |
|
| 1542 |
/sbin/chkconfig --add $i
|
- |
|
| 1543 |
done
|
- |
|
| 1544 |
|
- |
|
| 1545 |
cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
|
1537 |
cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
|
| 1546 |
# This file is part of systemd.
|
1538 |
# This file is part of systemd.
|
| 1547 |
#
|
1539 |
#
|
| 1548 |
# systemd is free software; you can redistribute it and/or modify it
|
1540 |
# systemd is free software; you can redistribute it and/or modify it
|
| 1549 |
# under the terms of the GNU General Public License as published by
|
1541 |
# under the terms of the GNU General Public License as published by
|
| Line 1564... |
Line 1556... |
| 1564 |
SysVStartPriority=99
|
1556 |
SysVStartPriority=99
|
| 1565 |
|
1557 |
|
| 1566 |
[Install]
|
1558 |
[Install]
|
| 1567 |
WantedBy=multi-user.target
|
1559 |
WantedBy=multi-user.target
|
| 1568 |
EOF
|
1560 |
EOF
|
| - |
|
1561 |
|
| - |
|
1562 |
# process launch at boot time
|
| - |
|
1563 |
for service in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam
|
| - |
|
1564 |
do
|
| - |
|
1565 |
/sbin/chkconfig --add $service
|
| - |
|
1566 |
done
|
| 1569 |
systemctl enable alcasar-load_balancing.service
|
1567 |
for service in alcasar-load_balancing.service nfsen.service
|
| - |
|
1568 |
|
| - |
|
1569 |
do
|
| - |
|
1570 |
/bin/systemctl enable $service
|
| - |
|
1571 |
done
|
| 1570 |
|
1572 |
|
| 1571 |
# On applique les préconisations ANSSI
|
1573 |
# On applique les préconisations ANSSI
|
| 1572 |
# Apply French Security Agency rules
|
1574 |
# Apply French Security Agency rules
|
| 1573 |
# ignorer les broadcast ICMP. (attaque smurf)
|
1575 |
# ignorer les broadcast ICMP. (attaque smurf)
|
| 1574 |
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
|
1576 |
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
|