Line 1... |
Line 1... |
1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
2 |
# $Id: alcasar.sh 1532 2014-12-21 21:39:52Z richard $
|
2 |
# $Id: alcasar.sh 1534 2014-12-21 22:11:15Z richard $
|
3 |
|
3 |
|
4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
5 |
|
5 |
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
Line 16... |
Line 16... |
16 |
# This script is distributed under the Gnu General Public License (GPL)
|
16 |
# This script is distributed under the Gnu General Public License (GPL)
|
17 |
|
17 |
|
18 |
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
|
18 |
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
|
19 |
# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :
|
19 |
# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :
|
20 |
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
|
20 |
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
|
21 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
|
21 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
|
22 |
#
|
- |
|
23 |
# Coovachilli, freeradius, mariaDB, apache, netfilter, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav, Ulog, fail2ban, NFsen and NFdump
|
22 |
# Coovachilli, freeradius, mariaDB, apache, netfilter, dansguardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump
|
24 |
|
23 |
|
25 |
# Options :
|
24 |
# Options :
|
26 |
# -i or --install
|
25 |
# -i or --install
|
27 |
# -u or --uninstall
|
26 |
# -u or --uninstall
|
28 |
|
27 |
|
Line 662... |
Line 661... |
662 |
$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/modules.d/00_base.conf
|
661 |
$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/modules.d/00_base.conf
|
663 |
$SED "s?^LoadModule speling_module.*?#LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/modules.d/00_base.conf
|
662 |
$SED "s?^LoadModule speling_module.*?#LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/modules.d/00_base.conf
|
664 |
[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] || cp /etc/httpd/conf/conf.d/ssl.conf /etc/httpd/conf/conf.d/ssl.conf.default
|
663 |
[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] || cp /etc/httpd/conf/conf.d/ssl.conf /etc/httpd/conf/conf.d/ssl.conf.default
|
665 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" /etc/httpd/conf/conf.d/ssl.conf # Listen only on INTIF
|
664 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" /etc/httpd/conf/conf.d/ssl.conf # Listen only on INTIF
|
666 |
# Error page management
|
665 |
# Error page management
|
667 |
FIC_ERROR_DOC=`find /etc/httpd/conf -type f -name multilang-errordoc.conf`
|
666 |
[ -e /etc/httpd/conf/conf.d/multilang-errordoc.conf.default ] || cp /etc/httpd/conf/conf.d/multilang-errordoc.conf /etc/httpd/conf/conf.d/multilang-errordoc.conf.default
|
668 |
[ -e $FIC_ERROR_DOC ] || cp $FIC_ERROR_DOC $FIC_ERROR_DOC.default
|
667 |
cat <<EOF > /etc/httpd/conf/conf.d/multilang-errordoc.conf
|
669 |
cat <<EOF > $FIC_ERROR_DOC
|
- |
|
670 |
Alias /error/ "/var/www/html/"
|
668 |
Alias /error/ "/var/www/html/"
|
671 |
<Directory "/usr/share/httpd/error">
|
669 |
<Directory "/usr/share/httpd/error">
|
672 |
AllowOverride None
|
670 |
AllowOverride None
|
673 |
Options IncludesNoExec
|
671 |
Options IncludesNoExec
|
674 |
AddOutputFilter Includes html
|
672 |
AddOutputFilter Includes html
|
Line 1382... |
Line 1380... |
1382 |
##########################################################
|
1380 |
##########################################################
|
1383 |
nfsen()
|
1381 |
nfsen()
|
1384 |
{
|
1382 |
{
|
1385 |
tar xzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
|
1383 |
tar xzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
|
1386 |
# Add PortTracker plugin
|
1384 |
# Add PortTracker plugin
|
1387 |
for i in /var/www/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
|
1385 |
for i in /var/www/html/acc/manager/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
|
1388 |
do
|
1386 |
do
|
1389 |
[ ! -d $i ] && mkdir $i && chown -R apache:apache $i
|
1387 |
[ ! -d $i ] && mkdir $i && chown -R apache:apache $i
|
1390 |
done
|
1388 |
done
|
1391 |
$SED "s?^my \$PORTSDBDIR =.*?my \$PORTSDBDIR = \"/var/log/netflow/porttracker\";?g" /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm
|
1389 |
$SED "s?^my \$PORTSDBDIR =.*?my \$PORTSDBDIR = \"/var/log/netflow/porttracker\";?g" /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm
|
1392 |
# use of our conf file and init unit
|
1390 |
# use of our conf file and init unit
|
Line 1396... |
Line 1394... |
1396 |
cd /tmp/nfsen-1.3.6p1/
|
1394 |
cd /tmp/nfsen-1.3.6p1/
|
1397 |
/usr/bin/perl5 install.pl etc/nfsen.conf
|
1395 |
/usr/bin/perl5 install.pl etc/nfsen.conf
|
1398 |
/usr/bin/perl5 install.pl etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable"
|
1396 |
/usr/bin/perl5 install.pl etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable"
|
1399 |
# Create RRD DB for porttracker (only in it still doesn't exist)
|
1397 |
# Create RRD DB for porttracker (only in it still doesn't exist)
|
1400 |
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
|
1398 |
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
|
1401 |
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
|
1399 |
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/html/acc/manager/nfsen/plugins/
|
1402 |
if [ "$(ls -A "/var/log/netflow/porttracker" 2>&1)" = "" ]; then sudo -u apache nftrack -I -d /var/log/netflow/porttracker; else echo "RRD DB already exists"; fi
|
1400 |
if [ "$(ls -A "/var/log/netflow/porttracker" 2>&1)" = "" ]; then sudo -u apache nftrack -I -d /var/log/netflow/porttracker; else echo "RRD DB already exists"; fi
|
1403 |
chmod -R 770 /var/log/netflow/porttracker
|
1401 |
chmod -R 770 /var/log/netflow/porttracker
|
1404 |
# Apache conf file
|
1402 |
# Apache conf file
|
1405 |
cat << EOF > /etc/httpd/conf/conf.d/nfsen.conf
|
1403 |
cat << EOF > /etc/httpd/conf/conf.d/nfsen.conf
|
1406 |
Alias /nfsen /var/www/nfsen
|
1404 |
Alias /nfsen /var/www/html/acc/manager/nfsen
|
1407 |
<Directory /var/www/nfsen/>
|
1405 |
<Directory /var/www/html/acc/manager/nfsen/>
|
1408 |
DirectoryIndex nfsen.php
|
1406 |
DirectoryIndex nfsen.php
|
1409 |
Options -Indexes
|
1407 |
Options -Indexes
|
1410 |
AllowOverride all
|
1408 |
AllowOverride all
|
1411 |
order allow,deny
|
1409 |
order allow,deny
|
1412 |
allow from all
|
1410 |
allow from all
|