WebSVN – ALCASAR – Diff – /alcasar.sh



#!/bin/bash
#  $Id: alcasar.sh 1379 2014-06-11 07:40:34Z richard $ 
 
# alcasar.sh
 
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
# Ce programme est un logiciel libre ; This software is free and open source

EOF
# Firewall config
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
 
 
# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)
	echo "#$PUBLIC_NETWORK/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked
# load conntrack ftp module
	[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
	echo "ip_conntrack_ftp" >>  /etc/modprobe.preload

[Unit]
Description=chilli is a captive portal daemon
After=network.target
 
[Service]
Type=forking
ExecStart=/usr/libexec/chilli start
ExecStop=/usr/libexec/chilli stop
ExecReload=/usr/libexec/chilli reload
PIDFile=/var/run/chilli.pid
 

uamserver	https://$HOSTNAME.$DOMAIN/intercept.php
radiusnasid	$HOSTNAME.$DOMAIN
uamsecret	$secretuam
uamallowed	$HOSTNAME,$HOSTNAME.$DOMAIN
coaport		3799
conup		$DIR_DEST_BIN/alcasar-conup.sh
condown		$DIR_DEST_BIN/alcasar-condown.sh
include		$DIR_DEST_ETC/alcasar-uamallowed
include		$DIR_DEST_ETC/alcasar-uamdomain
#dhcpgateway
#dhcprelayagent
#dhcpgatewayport

bogus-priv
filterwin2k
server=$DNS1
server=$DNS2
EOF
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
	cat << EOF > /etc/dnsmasq-whitelist.conf 
	# Configuration file for "dnsmasq with whitelist"
# Inclusion de la whitelist <domains> de Toulouse dans la configuration
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux

Rev 1378	Rev 1379
Line 1...	Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar.sh 1378 2014-06-11 07:18:42Z richard $`	2	`# $Id: alcasar.sh 1379 2014-06-11 07:40:34Z richard $`
3		3
4	`# alcasar.sh`	4	`# alcasar.sh`
5		5
6	`# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]`	6	`# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]`
7	`# Ce programme est un logiciel libre ; This software is free and open source`	7	`# Ce programme est un logiciel libre ; This software is free and open source`
Line 563...	Line 563...
563	`EOF`	563	`EOF`
564	`# Firewall config`	564	`# Firewall config`
565	`$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`	565	`$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`
566	`$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`	566	`$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`
567	`chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)`	567	`chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)`
568	`# create the filter exception file and ip_bloqued file`	-
569	`touch $DIR_DEST_ETC/alcasar-filter-exceptions`	-
570	`# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)`	568	`# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)`
571	`echo "#$PUBLIC_NETWORK/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked`	569	`echo "#$PUBLIC_NETWORK/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked`
572	`# load conntrack ftp module`	570	`# load conntrack ftp module`
573	`[ -e /etc/modprobe.preload.default ] \|\| cp /etc/modprobe.preload /etc/modprobe.preload.default`	571	`[ -e /etc/modprobe.preload.default ] \|\| cp /etc/modprobe.preload /etc/modprobe.preload.default`
574	`echo "ip_conntrack_ftp" >> /etc/modprobe.preload`	572	`echo "ip_conntrack_ftp" >> /etc/modprobe.preload`
Line 947...	Line 945...
947	`[Unit]`	945	`[Unit]`
948	`Description=chilli is a captive portal daemon`	946	`Description=chilli is a captive portal daemon`
949	`After=network.target`	947	`After=network.target`
950		948
951	`[Service]`	949	`[Service]`
952	`Type=oneshot`	950	`Type=forking`
953	`ExecStart=/usr/libexec/chilli start`	951	`ExecStart=/usr/libexec/chilli start`
954	`ExecStop=/usr/libexec/chilli stop`	952	`ExecStop=/usr/libexec/chilli stop`
955	`ExecReload=/usr/libexec/chilli reload`	953	`ExecReload=/usr/libexec/chilli reload`
956	`PIDFile=/var/run/chilli.pid`	954	`PIDFile=/var/run/chilli.pid`
957		955
Line 1071...	Line 1069...
1071	`uamserver https://$HOSTNAME.$DOMAIN/intercept.php`	1069	`uamserver https://$HOSTNAME.$DOMAIN/intercept.php`
1072	`radiusnasid $HOSTNAME.$DOMAIN`	1070	`radiusnasid $HOSTNAME.$DOMAIN`
1073	`uamsecret $secretuam`	1071	`uamsecret $secretuam`
1074	`uamallowed $HOSTNAME,$HOSTNAME.$DOMAIN`	1072	`uamallowed $HOSTNAME,$HOSTNAME.$DOMAIN`
1075	`coaport 3799`	1073	`coaport 3799`
1076	`#conup $DIR_DEST_BIN/alcasar-conup.sh`	1074	`conup $DIR_DEST_BIN/alcasar-conup.sh`
1077	`#condown $DIR_DEST_BIN/alcasar-condown.sh`	1075	`condown $DIR_DEST_BIN/alcasar-condown.sh`
1078	`include $DIR_DEST_ETC/alcasar-uamallowed`	1076	`include $DIR_DEST_ETC/alcasar-uamallowed`
1079	`include $DIR_DEST_ETC/alcasar-uamdomain`	1077	`include $DIR_DEST_ETC/alcasar-uamdomain`
1080	`#dhcpgateway`	1078	`#dhcpgateway`
1081	`#dhcprelayagent`	1079	`#dhcprelayagent`
1082	`#dhcpgatewayport`	1080	`#dhcpgatewayport`
Line 1362...	Line 1360...
1362	`bogus-priv`	1360	`bogus-priv`
1363	`filterwin2k`	1361	`filterwin2k`
1364	`server=$DNS1`	1362	`server=$DNS1`
1365	`server=$DNS2`	1363	`server=$DNS2`
1366	`EOF`	1364	`EOF`
1367	`# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelis")`	1365	`# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")`
1368	`cat << EOF > /etc/dnsmasq-whitelist.conf`	1366	`cat << EOF > /etc/dnsmasq-whitelist.conf`
1369	`# Configuration file for "dnsmasq with whitelist"`	1367	`# Configuration file for "dnsmasq with whitelist"`
1370	`# Inclusion de la whitelist <domains> de Toulouse dans la configuration`	1368	`# Inclusion de la whitelist <domains> de Toulouse dans la configuration`
1371	`conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled`	1369	`conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled`
1372	`conf-file=$DIR_DEST_ETC/alcasar-dns-name # zone de definition de noms DNS locaux`	1370	`conf-file=$DIR_DEST_ETC/alcasar-dns-name # zone de definition de noms DNS locaux`

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2691 – Rev 1378 → 1379