Line 1... |
Line 1... |
1 |
#!/bin/sh
|
1 |
#!/bin/sh
|
2 |
# $Id: alcasar.sh 95 2010-05-02 06:56:09Z franck $
|
2 |
# $Id: alcasar.sh 109 2010-05-10 19:46:20Z richard $
|
3 |
|
3 |
|
4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
7 |
|
7 |
|
Line 391... |
Line 391... |
391 |
IPV6TO4INIT=no
|
391 |
IPV6TO4INIT=no
|
392 |
ACCOUNTING=no
|
392 |
ACCOUNTING=no
|
393 |
USERCTL=no
|
393 |
USERCTL=no
|
394 |
EOF
|
394 |
EOF
|
395 |
# Configuration du serveur de temps
|
395 |
# Configuration du serveur de temps
|
396 |
echo "synchronisation horaire ..."
|
- |
|
397 |
[ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default
|
396 |
[ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default
|
398 |
cat <<EOF > /etc/ntp.conf
|
397 |
cat <<EOF > /etc/ntp.conf
|
399 |
server 0.fr.pool.ntp.org
|
398 |
server 0.fr.pool.ntp.org
|
400 |
server 1.fr.pool.ntp.org
|
399 |
server 1.fr.pool.ntp.org
|
401 |
server 2.fr.pool.ntp.org
|
400 |
server 2.fr.pool.ntp.org
|
Line 404... |
Line 403... |
404 |
restrict 127.0.0.1
|
403 |
restrict 127.0.0.1
|
405 |
driftfile /etc/ntp/drift
|
404 |
driftfile /etc/ntp/drift
|
406 |
logfile /var/log/ntp.log
|
405 |
logfile /var/log/ntp.log
|
407 |
EOF
|
406 |
EOF
|
408 |
chown -R ntp:ntp /etc/ntp
|
407 |
chown -R ntp:ntp /etc/ntp
|
409 |
ntpd -q -g &
|
- |
|
410 |
# Configuration du serveur dhcpd de secours (mode bypass)
|
408 |
# Configuration du serveur dhcpd de secours (mode bypass)
|
411 |
[ -e /etc/dhcpd.conf.default ] || cp /etc/dhcpd.conf /etc/dhcpd.conf.default 2> /dev/null
|
409 |
[ -e /etc/dhcpd.conf.default ] || cp /etc/dhcpd.conf /etc/dhcpd.conf.default 2> /dev/null
|
412 |
cat <<EOF > /etc/dhcpd.conf
|
410 |
cat <<EOF > /etc/dhcpd.conf
|
413 |
ddns-update-style interim;
|
411 |
ddns-update-style interim;
|
414 |
subnet $PRIVATE_NETWORK netmask $PRIVATE_MASK {
|
412 |
subnet $PRIVATE_NETWORK netmask $PRIVATE_MASK {
|
Line 509... |
Line 507... |
509 |
/usr/sbin/htdigest -c $DIR_WEB/digest/key_admin $HOSTNAME $admin_portail
|
507 |
/usr/sbin/htdigest -c $DIR_WEB/digest/key_admin $HOSTNAME $admin_portail
|
510 |
done
|
508 |
done
|
511 |
# Création des fichiers de clés des deux autres profils (backup + manager) contenant ce compte
|
509 |
# Création des fichiers de clés des deux autres profils (backup + manager) contenant ce compte
|
512 |
$DIR_DEST_SBIN/alcasar-profil.sh -list
|
510 |
$DIR_DEST_SBIN/alcasar-profil.sh -list
|
513 |
fi
|
511 |
fi
|
- |
|
512 |
# synchronisation horaire
|
- |
|
513 |
ntpd -q -g &
|
514 |
# Sécurisation du centre
|
514 |
# Sécurisation du centre
|
515 |
rm -f /etc/httpd/conf/webapps.d/*
|
515 |
rm -f /etc/httpd/conf/webapps.d/*
|
516 |
cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
|
516 |
cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
|
517 |
<Directory $DIR_WEB/digest>
|
517 |
<Directory $DIR_WEB/digest>
|
518 |
AllowOverride none
|
518 |
AllowOverride none
|
Line 931... |
Line 931... |
931 |
chmod -R g+rw /etc/dansguardian
|
931 |
chmod -R g+rw /etc/dansguardian
|
932 |
} # End of param_dansguardian ()
|
932 |
} # End of param_dansguardian ()
|
933 |
|
933 |
|
934 |
##################################################################
|
934 |
##################################################################
|
935 |
## Fonction antivirus ##
|
935 |
## Fonction antivirus ##
|
936 |
## - mise en place havp + clamav ##
|
936 |
## - configuration havp + clamav ##
|
937 |
##################################################################
|
937 |
##################################################################
|
938 |
antivirus ()
|
938 |
antivirus ()
|
939 |
{
|
939 |
{
|
940 |
# création de la partition de stockage temporaire (100Mo)
|
940 |
# création de la partition de stockage temporaire (100Mo)
|
941 |
useradd -r havp
|
- |
|
942 |
dd if=/dev/zero of=/tmp/havp-disk bs=1024k count=30
|
941 |
dd if=/dev/zero of=/tmp/havp-disk bs=1024k count=30
|
943 |
mkfs.ext4 -qF /tmp/havp-disk
|
942 |
mkfs.ext4 -qF /tmp/havp-disk
|
944 |
mkdir /var/tmp/havp /var/log/havp /var/run/havp
|
943 |
mkdir /var/tmp/havp
|
945 |
echo "# Entry for havp tmp files scan partition" >> /etc/fstab
|
944 |
echo "# Entry for havp tmp files scan partition" >> /etc/fstab
|
946 |
echo "/tmp/havp-disk /var/tmp/havp ext4 loop,mand,noatime,async" >> /etc/fstab
|
945 |
echo "/tmp/havp-disk /var/tmp/havp ext4 loop,mand,noatime,async" >> /etc/fstab
|
947 |
mount /var/tmp/havp
|
946 |
mount /var/tmp/havp
|
- |
|
947 |
chown -R havp /var/tmp/havp
|
948 |
# copie et configuration d'HAVP
|
948 |
# configuration d'HAVP
|
949 |
cp $DIR_CONF/havp/havp $DIR_DEST_SBIN
|
949 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
|
950 |
cp -r $DIR_CONF/havp/etc/havp $DIR_DEST_ETC
|
950 |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
|
951 |
cp $DIR_CONF/havp/etc/init.d/havp /etc/init.d/
|
951 |
$SED "s?^# PARENTPROXY.*?PARENTPROXY 127.0.0.1?g" /etc/havp/havp.config
|
952 |
chkconfig --level 345 havp on
|
952 |
$SED "s?^# PARENTPORT.*?PARENTPORT 3128?g" /etc/havp/havp.config
|
953 |
chkconfig --level 01267 havp off
|
953 |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config
|
- |
|
954 |
$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config
|
954 |
chown -R havp.havp /var/tmp/havp /var/log/havp /var/run/havp
|
955 |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config
|
955 |
chown -R havp.apache $DIR_DEST_ETC/havp
|
956 |
# mise à jour de la base antivirale de clamav toutes les 2 heures
|
956 |
chmod 770 $DIR_DEST_ETC/havp
|
957 |
$SED "s?^Checks.*?Checks 12?g" /etc/freshclam.conf
|
- |
|
958 |
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
|
957 |
}
|
959 |
}
|
958 |
|
960 |
|
959 |
##################################################################################
|
961 |
##################################################################################
|
960 |
## Fonction firewall ##
|
962 |
## Fonction firewall ##
|
961 |
## - adaptation des scripts du parefeu ##
|
963 |
## - adaptation des scripts du parefeu ##
|
Line 1166... |
Line 1168... |
1166 |
# prise en compte de la rotation des logs sur 1 an (concerne mysql, htttpd, dansguardian, squid, radiusd, ulogd)
|
1168 |
# prise en compte de la rotation des logs sur 1 an (concerne mysql, htttpd, dansguardian, squid, radiusd, ulogd)
|
1167 |
cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
|
1169 |
cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
|
1168 |
chmod 644 /etc/logrotate.d/*
|
1170 |
chmod 644 /etc/logrotate.d/*
|
1169 |
# processus lancés par défaut au démarrage
|
1171 |
# processus lancés par défaut au démarrage
|
1170 |
$SED "s?^# chkconfig:.*?# chkconfig: 345 11 90?g" /etc/init.d/mysqld # pour éviter les alertes de dépendance de services (netfs)
|
1172 |
$SED "s?^# chkconfig:.*?# chkconfig: 345 11 90?g" /etc/init.d/mysqld # pour éviter les alertes de dépendance de services (netfs)
|
1171 |
for i in netfs ntpd iptables ulogd squid chilli httpd radiusd mysqld dansguardian named
|
1173 |
for i in netfs ntpd iptables ulogd squid chilli httpd radiusd mysqld dansguardian named havp freshclam
|
1172 |
do
|
1174 |
do
|
1173 |
/sbin/chkconfig --add $i
|
1175 |
/sbin/chkconfig --add $i
|
1174 |
done
|
1176 |
done
|
1175 |
# On mets en place la sécurité sur les fichiers
|
1177 |
# On mets en place la sécurité sur les fichiers
|
1176 |
# des modif par rapport à radius update
|
1178 |
# des modif par rapport à radius update
|