WebSVN – ALCASAR – Diff – /alcasar.sh



#!/bin/bash
#  $Id: alcasar.sh 2770 2020-02-11 23:06:07Z rexy $
 
# alcasar.sh
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
# This script is distributed under the Gnu General Public License (GPL)
#  team@alcasar.net

# Write network parameters in the conf file
	echo "HOSTNAME=$HOSTNAME" >> $CONF_FILE
	echo "DOMAIN=$DOMAIN" >> $CONF_FILE
	echo "EXTIF=$EXTIF" >> $CONF_FILE
	echo "INTIF=$INTIF" >> $CONF_FILE
# Retrieve NIC name of other consultation LAN
	INTERFACES=`/usr/sbin/ip link|grep '^[[:digit:]]:'|grep -v "^lo\|$EXTIF\|tun0"|cut -d " " -f2|tr -d ":"`
	for i in $INTERFACES
	do
		SUB=`echo ${i:0:2}`
		if [ $SUB = "wl" ]

	if [ -n "$WIFIF" ]
		then echo "WIFIF=$WIFIF" >> $CONF_FILE
	elif [ -n "$LANIF" ]
		then echo "LANIF=$LANIF" >> $CONF_FILE
	fi
 
	IP_SETTING=`grep BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` # test static or dynamic
	if [ $IP_SETTING == "dhcp" ]
	then
		echo "PUBLIC_IP=dhcp" >> $CONF_FILE
		echo "GW=dhcp" >> $CONF_FILE

IPV6TO4INIT=no
ACCOUNTING=no
USERCTL=no
EOF
	fi
 
# write hosts.allow & hosts.deny
	[ -e /etc/hosts.allow.default ]  || cp /etc/hosts.allow /etc/hosts.allow.default
	cat <<EOF > /etc/hosts.allow
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
sshd: ALL

	[ -d $DIR_WEB ] && rm -rf $DIR_WEB
	mkdir $DIR_WEB
# Copy & adapt ACC files
	cp -rf $DIR_INSTALL/web/* $DIR_WEB/
	$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php
	# Waiting for new phpsysinfo special page
	#$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
	#$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
	#$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
	#chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
	chown -R apache:apache $DIR_WEB/*
# copy & adapt "freeradius-web" files
	cp -rf $DIR_CONF/freeradius-web/ /etc/
	[ -e /etc/freeradius-web/admin.conf.default ] || cp /etc/freeradius-web/admin.conf /etc/freeradius-web/admin.conf.default
	$SED "s?^general_domain:.*?general_domain: $DOMAIN?g" /etc/freeradius-web/admin.conf

	[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default
	$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
	/usr/bin/systemctl daemon-reload
# Allow apache to change some conf files (ie : ldap on/off)
	chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available
	chmod 750 /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available
} # End of freeradius()
 
#############################################################################
##                           Function "chilli"                             ##
## - Creation of the conf file and init file (systemd) for coova-chilli    ##

	echo "ossi-bl" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
	mkdir -p $DIR_DG/lists/blacklists/ossi-wl
	touch $DIR_DG/lists/blacklists/ossi-wl/domains
	echo "ossi-wl" >> $DIR_DEST_ETC/alcasar-wl-categories-enabled
# add additional BL files
 
 
 
	for x in $(ls $DIR_BLACKLIST | grep -v "^blacklists")
	do
		mkdir $DIR_DG/lists/blacklists/ossi-bl-$x
		cp $DIR_BLACKLIST/$x  $DIR_DG/lists/blacklists/ossi-bl-$x/domains
		echo "ossi-bl-$x" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
	done

	echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE
	echo "#WAN2=\"1,$EXTIF:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE
	echo "BL_PUREIP=on" >> $CONF_FILE
	echo "BL_SAFESEARCH=off" >> $CONF_FILE
	echo "WL_SAFESEARCH=off" >> $CONF_FILE
	echo "IOT_CAPTURE=off" >> $CONF_FILE
# Prompt customisation (colors)
	[ -e /etc/bashrc.default ]  || cp /etc/bashrc /etc/bashrc.default
	cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
	$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc
# sudoers configuration for "apache" & "sysadmin"

Rev 2769	Rev 2770
Line 1...	Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar.sh 2769 2019-11-24 22:31:36Z rexy $`	2	`# $Id: alcasar.sh 2770 2020-02-11 23:06:07Z rexy $`
3		3
4	`# alcasar.sh`	4	`# alcasar.sh`
5	`# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)`	5	`# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)`
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7	`# team@alcasar.net`	7	`# team@alcasar.net`
Line 586...	Line 586...
586	`# Write network parameters in the conf file`	586	`# Write network parameters in the conf file`
587	`echo "HOSTNAME=$HOSTNAME" >> $CONF_FILE`	587	`echo "HOSTNAME=$HOSTNAME" >> $CONF_FILE`
588	`echo "DOMAIN=$DOMAIN" >> $CONF_FILE`	588	`echo "DOMAIN=$DOMAIN" >> $CONF_FILE`
589	`echo "EXTIF=$EXTIF" >> $CONF_FILE`	589	`echo "EXTIF=$EXTIF" >> $CONF_FILE`
590	`echo "INTIF=$INTIF" >> $CONF_FILE`	590	`echo "INTIF=$INTIF" >> $CONF_FILE`
591	`######## Récupération des interfaces du ou des réseaux de consultation supplémentaires #################`	591	`# Retrieve NIC name of other consultation LAN`
592	INTERFACES=`/usr/sbin/ip link\|grep '^[[:digit:]]:'\|grep -v "^lo\\|$EXTIF\\|tun0"\|cut -d " " -f2\|tr -d ":"`	592	INTERFACES=`/usr/sbin/ip link\|grep '^[[:digit:]]:'\|grep -v "^lo\\|$EXTIF\\|tun0"\|cut -d " " -f2\|tr -d ":"`
593	`for i in $INTERFACES`	593	`for i in $INTERFACES`
594	`do`	594	`do`
595	SUB=`echo ${i:0:2}`	595	SUB=`echo ${i:0:2}`
596	`if [ $SUB = "wl" ]`	596	`if [ $SUB = "wl" ]`
Line 602...	Line 602...
602	`if [ -n "$WIFIF" ]`	602	`if [ -n "$WIFIF" ]`
603	`then echo "WIFIF=$WIFIF" >> $CONF_FILE`	603	`then echo "WIFIF=$WIFIF" >> $CONF_FILE`
604	`elif [ -n "$LANIF" ]`	604	`elif [ -n "$LANIF" ]`
605	`then echo "LANIF=$LANIF" >> $CONF_FILE`	605	`then echo "LANIF=$LANIF" >> $CONF_FILE`
606	`fi`	606	`fi`
607	`#########################################################################################################`	-
608	IP_SETTING=`grep BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-$EXTIF\|cut -d"=" -f2` # test static or dynamic	607	IP_SETTING=`grep BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-$EXTIF\|cut -d"=" -f2` # test static or dynamic
609	`if [ $IP_SETTING == "dhcp" ]`	608	`if [ $IP_SETTING == "dhcp" ]`
610	`then`	609	`then`
611	`echo "PUBLIC_IP=dhcp" >> $CONF_FILE`	610	`echo "PUBLIC_IP=dhcp" >> $CONF_FILE`
612	`echo "GW=dhcp" >> $CONF_FILE`	611	`echo "GW=dhcp" >> $CONF_FILE`
Line 731...	Line 730...
731	`IPV6TO4INIT=no`	730	`IPV6TO4INIT=no`
732	`ACCOUNTING=no`	731	`ACCOUNTING=no`
733	`USERCTL=no`	732	`USERCTL=no`
734	`EOF`	733	`EOF`
735	`fi`	734	`fi`
736	`#########################################################################################################`	-
737	`# write hosts.allow & hosts.deny`	735	`# write hosts.allow & hosts.deny`
738	`[ -e /etc/hosts.allow.default ] \|\| cp /etc/hosts.allow /etc/hosts.allow.default`	736	`[ -e /etc/hosts.allow.default ] \|\| cp /etc/hosts.allow /etc/hosts.allow.default`
739	`cat <<EOF > /etc/hosts.allow`	737	`cat <<EOF > /etc/hosts.allow`
740	`ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP`	738	`ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP`
741	`sshd: ALL`	739	`sshd: ALL`
Line 785...	Line 783...
785	`[ -d $DIR_WEB ] && rm -rf $DIR_WEB`	783	`[ -d $DIR_WEB ] && rm -rf $DIR_WEB`
786	`mkdir $DIR_WEB`	784	`mkdir $DIR_WEB`
787	`# Copy & adapt ACC files`	785	`# Copy & adapt ACC files`
788	`cp -rf $DIR_INSTALL/web/* $DIR_WEB/`	786	`cp -rf $DIR_INSTALL/web/* $DIR_WEB/`
789	`$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php`	787	`$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php`
-		788	`# Waiting for new phpsysinfo special page`
790	`$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`	789	`#$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`
791	`$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`	790	`#$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`
792	`$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`	791	`#$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`
793	`chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php`	792	`#chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php`
794	`chown -R apache:apache $DIR_WEB/*`	793	`chown -R apache:apache $DIR_WEB/*`
795	`# copy & adapt "freeradius-web" files`	794	`# copy & adapt "freeradius-web" files`
796	`cp -rf $DIR_CONF/freeradius-web/ /etc/`	795	`cp -rf $DIR_CONF/freeradius-web/ /etc/`
797	`[ -e /etc/freeradius-web/admin.conf.default ] \|\| cp /etc/freeradius-web/admin.conf /etc/freeradius-web/admin.conf.default`	796	`[ -e /etc/freeradius-web/admin.conf.default ] \|\| cp /etc/freeradius-web/admin.conf /etc/freeradius-web/admin.conf.default`
798	`$SED "s?^general_domain:.*?general_domain: $DOMAIN?g" /etc/freeradius-web/admin.conf`	797	`$SED "s?^general_domain:.*?general_domain: $DOMAIN?g" /etc/freeradius-web/admin.conf`
Line 1056...	Line 1055...
1056	`[ -e /lib/systemd/system/radiusd.service.default ] \|\| cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default`	1055	`[ -e /lib/systemd/system/radiusd.service.default ] \|\| cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default`
1057	`$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service`	1056	`$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service`
1058	`/usr/bin/systemctl daemon-reload`	1057	`/usr/bin/systemctl daemon-reload`
1059	`# Allow apache to change some conf files (ie : ldap on/off)`	1058	`# Allow apache to change some conf files (ie : ldap on/off)`
1060	`chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available`	1059	`chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available`
-		1060	`chmod 750 /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available`
1061	`} # End of freeradius()`	1061	`} # End of freeradius()`
1062		1062
1063	`#############################################################################`	1063	`#############################################################################`
1064	`## Function "chilli" ##`	1064	`## Function "chilli" ##`
1065	`## - Creation of the conf file and init file (systemd) for coova-chilli ##`	1065	`## - Creation of the conf file and init file (systemd) for coova-chilli ##`
Line 1838...	Line 1838...
1838	`echo "ossi-bl" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled`	1838	`echo "ossi-bl" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled`
1839	`mkdir -p $DIR_DG/lists/blacklists/ossi-wl`	1839	`mkdir -p $DIR_DG/lists/blacklists/ossi-wl`
1840	`touch $DIR_DG/lists/blacklists/ossi-wl/domains`	1840	`touch $DIR_DG/lists/blacklists/ossi-wl/domains`
1841	`echo "ossi-wl" >> $DIR_DEST_ETC/alcasar-wl-categories-enabled`	1841	`echo "ossi-wl" >> $DIR_DEST_ETC/alcasar-wl-categories-enabled`
1842	`# add additional BL files`	1842	`# add additional BL files`
1843	`# download C&C BL, install it and enable it by default`	-
1844	`$DIR_DEST_BIN/alcasar-bl.sh --install_ossi_candc`	-
1845	`# copy all other additional BL`	-
1846	`for x in $(ls $DIR_BLACKLIST \| grep -v "^blacklist")`	1843	`for x in $(ls $DIR_BLACKLIST \| grep -v "^blacklists")`
1847	`do`	1844	`do`
1848	`mkdir $DIR_DG/lists/blacklists/ossi-bl-$x`	1845	`mkdir $DIR_DG/lists/blacklists/ossi-bl-$x`
1849	`cp $DIR_BLACKLIST/$x $DIR_DG/lists/blacklists/ossi-bl-$x/domains`	1846	`cp $DIR_BLACKLIST/$x $DIR_DG/lists/blacklists/ossi-bl-$x/domains`
1850	`echo "ossi-bl-$x" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled`	1847	`echo "ossi-bl-$x" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled`
1851	`done`	1848	`done`
Line 2189...	Line 2186...
2189	`echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE`	2186	`echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE`
2190	`echo "#WAN2=\"1,$EXTIF:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE`	2187	`echo "#WAN2=\"1,$EXTIF:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE`
2191	`echo "BL_PUREIP=on" >> $CONF_FILE`	2188	`echo "BL_PUREIP=on" >> $CONF_FILE`
2192	`echo "BL_SAFESEARCH=off" >> $CONF_FILE`	2189	`echo "BL_SAFESEARCH=off" >> $CONF_FILE`
2193	`echo "WL_SAFESEARCH=off" >> $CONF_FILE`	2190	`echo "WL_SAFESEARCH=off" >> $CONF_FILE`
-		2191	`echo "IOT_CAPTURE=off" >> $CONF_FILE`
2194	`# Prompt customisation (colors)`	2192	`# Prompt customisation (colors)`
2195	`[ -e /etc/bashrc.default ] \|\| cp /etc/bashrc /etc/bashrc.default`	2193	`[ -e /etc/bashrc.default ] \|\| cp /etc/bashrc /etc/bashrc.default`
2196	`cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc`	2194	`cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc`
2197	`$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc`	2195	`$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc`
2198	`# sudoers configuration for "apache" & "sysadmin"`	2196	`# sudoers configuration for "apache" & "sysadmin"`

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2818 – Rev 2769 → 2770