Line 1... |
Line 1... |
1 |
#!/bin/sh
|
1 |
#!/bin/sh
|
2 |
# $Id: alcasar.sh 618 2011-05-26 21:35:31Z richard $
|
2 |
# $Id: alcasar.sh 628 2011-06-08 20:08:32Z richard $
|
3 |
|
3 |
|
4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
7 |
|
7 |
|
Line 47... |
Line 47... |
47 |
DIR_WEB="/var/www/html" # répertoire racine APACHE
|
47 |
DIR_WEB="/var/www/html" # répertoire racine APACHE
|
48 |
DIR_ACC="$DIR_WEB/acc" # répertoire du centre de gestion 'ALCASAR Control Center'
|
48 |
DIR_ACC="$DIR_WEB/acc" # répertoire du centre de gestion 'ALCASAR Control Center'
|
49 |
DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts
|
49 |
DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts
|
50 |
DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin
|
50 |
DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin
|
51 |
DIR_DEST_ETC="/usr/local/etc" # répertoire des fichiers de conf
|
51 |
DIR_DEST_ETC="/usr/local/etc" # répertoire des fichiers de conf
|
52 |
FIC_CONF="$DIR_DEST_ETC/alcasar.conf" # fichier de conf d'alcasar
|
52 |
CONF_FILE="$DIR_DEST_ETC/alcasar.conf" # fichier de conf d'alcasar
|
53 |
FIC_PARAM="/root/ALCASAR-parameters.txt" # fichier texte résumant les paramètres d'installation
|
- |
|
54 |
FIC_PASSWD="/root/ALCASAR-passwords.txt" # fichier texte contenant les mots de passe et secrets partagés
|
53 |
PASSWD_FILE="/root/ALCASAR-passwords.txt" # fichier texte contenant les mots de passe et secrets partagés
|
55 |
# ******* DBMS parameters - paramètres SGBD ********
|
54 |
# ******* DBMS parameters - paramètres SGBD ********
|
56 |
DB_RADIUS="radius" # nom de la base de données utilisée par le serveur FreeRadius
|
55 |
DB_RADIUS="radius" # nom de la base de données utilisée par le serveur FreeRadius
|
57 |
DB_USER="radius" # nom de l'utilisateur de la base de données
|
56 |
DB_USER="radius" # nom de l'utilisateur de la base de données
|
58 |
# ******* Network parameters - paramètres réseau *******
|
57 |
# ******* Network parameters - paramètres réseau *******
|
59 |
HOSTNAME="alcasar" #
|
58 |
HOSTNAME="alcasar" #
|
Line 208... |
Line 207... |
208 |
ORGANISME=!
|
207 |
ORGANISME=!
|
209 |
fi
|
208 |
fi
|
210 |
done
|
209 |
done
|
211 |
fi
|
210 |
fi
|
212 |
# On crée aléatoirement les mots de passe et les secrets partagés
|
211 |
# On crée aléatoirement les mots de passe et les secrets partagés
|
213 |
rm -f $FIC_PASSWD
|
212 |
rm -f $PASSWD_FILE
|
214 |
grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de protection du menu Grub
|
213 |
grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de protection du menu Grub
|
215 |
echo -n "Password to protect the boot menu (GRUB) : " > $FIC_PASSWD
|
214 |
echo -n "Password to protect the boot menu (GRUB) : " > $PASSWD_FILE
|
216 |
echo "$grubpwd" >> $FIC_PASSWD
|
215 |
echo "$grubpwd" >> $PASSWD_FILE
|
217 |
md5_grubpwd=`/usr/bin/md5pass $grubpwd`
|
216 |
md5_grubpwd=`/usr/bin/md5pass $grubpwd`
|
218 |
$SED "/^password.*/d" /boot/grub/menu.lst
|
217 |
$SED "/^password.*/d" /boot/grub/menu.lst
|
219 |
$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
|
218 |
$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
|
220 |
mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de l'administrateur Mysqld
|
219 |
mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de l'administrateur Mysqld
|
221 |
echo -n "Name and password of MYSQL administrator : " >> $FIC_PASSWD
|
220 |
echo -n "Name and password of MYSQL administrator : " >> $PASSWD_FILE
|
222 |
echo "root / $mysqlpwd" >> $FIC_PASSWD
|
221 |
echo "root / $mysqlpwd" >> $PASSWD_FILE
|
223 |
radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de l'utilisateur Mysqld (utilisé par freeradius)
|
222 |
radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de l'utilisateur Mysqld (utilisé par freeradius)
|
224 |
echo -n "Name and password of MYSQL user : " >> $FIC_PASSWD
|
223 |
echo -n "Name and password of MYSQL user : " >> $PASSWD_FILE
|
225 |
echo "$DB_USER / $radiuspwd" >> $FIC_PASSWD
|
224 |
echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE
|
226 |
secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # secret partagé entre intercept.php et coova-chilli
|
225 |
secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # secret partagé entre intercept.php et coova-chilli
|
227 |
echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $FIC_PASSWD
|
226 |
echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE
|
228 |
echo "$secretuam" >> $FIC_PASSWD
|
227 |
echo "$secretuam" >> $PASSWD_FILE
|
229 |
secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # secret partagé entre coova-chilli et FreeRadius
|
228 |
secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # secret partagé entre coova-chilli et FreeRadius
|
230 |
echo -n "Shared secret between coova-chilli and FreeRadius : " >> $FIC_PASSWD
|
229 |
echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
|
231 |
echo "$secretradius" >> $FIC_PASSWD
|
230 |
echo "$secretradius" >> $PASSWD_FILE
|
232 |
chmod 640 $FIC_PASSWD
|
231 |
chmod 640 $PASSWD_FILE
|
233 |
# On installe les scripts et fichiers de configuration d'ALCASAR
|
232 |
# On installe les scripts et fichiers de configuration d'ALCASAR
|
234 |
# - dans /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log-clean.sh,log-export.sh,mondo.sh,watchdog.sh}
|
233 |
# - dans /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log-clean.sh,log-export.sh,mondo.sh,watchdog.sh}
|
235 |
cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
|
234 |
cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
|
236 |
# - dans /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
|
235 |
# - dans /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
|
237 |
cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
|
236 |
cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
|
Line 239... |
Line 238... |
239 |
cp -f $DIR_SCRIPTS/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
|
238 |
cp -f $DIR_SCRIPTS/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
|
240 |
$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh
|
239 |
$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh
|
241 |
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
|
240 |
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
|
242 |
$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
|
241 |
$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
|
243 |
$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
|
242 |
$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
|
244 |
# generate FIC_PARAM and FIC_CONF
|
243 |
# generate central conf file
|
245 |
cat <<EOF > $FIC_PARAM
|
- |
|
246 |
##########################################
|
- |
|
247 |
## ##
|
- |
|
248 |
## ALCASAR Parameters ##
|
- |
|
249 |
## ##
|
- |
|
250 |
##########################################
|
- |
|
251 |
|
- |
|
252 |
- Install date : $DATE
|
- |
|
253 |
- Version : $VERSION
|
- |
|
254 |
- Organism : $ORGANISME
|
- |
|
255 |
EOF
|
- |
|
256 |
cat <<EOF > $FIC_CONF
|
244 |
cat <<EOF > $CONF_FILE
|
257 |
##########################################
|
245 |
##########################################
|
258 |
## ##
|
246 |
## ##
|
259 |
## ALCASAR Parameters ##
|
247 |
## ALCASAR Parameters ##
|
260 |
## ##
|
248 |
## ##
|
261 |
##########################################
|
249 |
##########################################
|
262 |
|
250 |
|
263 |
INSTALL_DATE=$DATE
|
251 |
INSTALL_DATE=$DATE
|
264 |
VERSION=$VERSION
|
252 |
VERSION=$VERSION
|
265 |
ORGANISM=$ORGANISME
|
253 |
ORGANISM=$ORGANISME
|
266 |
EOF
|
254 |
EOF
|
267 |
chmod o-rwx $FIC_PARAM $FIC_CONF
|
255 |
chmod o-rwx $CONF_FILE
|
268 |
} # End of init ()
|
256 |
} # End of init ()
|
269 |
|
257 |
|
270 |
##################################################################
|
258 |
##################################################################
|
271 |
## Fonction network ##
|
259 |
## Fonction network ##
|
272 |
## - Définition du plan d'adressage du réseau de consultation ##
|
260 |
## - Définition du plan d'adressage du réseau de consultation ##
|
Line 309... |
Line 297... |
309 |
else
|
297 |
else
|
310 |
PRIVATE_IP_MASK=$DEFAULT_PRIVATE_IP_MASK
|
298 |
PRIVATE_IP_MASK=$DEFAULT_PRIVATE_IP_MASK
|
311 |
fi
|
299 |
fi
|
312 |
# Définition de la config réseau côté "LAN de consultation"
|
300 |
# Définition de la config réseau côté "LAN de consultation"
|
313 |
hostname $HOSTNAME
|
301 |
hostname $HOSTNAME
|
314 |
echo "- Hostname : $HOSTNAME" >> $FIC_PARAM
|
- |
|
315 |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0)
|
302 |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0)
|
316 |
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # masque réseau de consultation (ex.: 255.255.255.0)
|
303 |
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # masque réseau de consultation (ex.: 255.255.255.0)
|
317 |
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # @ip du portail (côté réseau de consultation)
|
304 |
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # @ip du portail (côté réseau de consultation)
|
318 |
private_prefix=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
|
305 |
private_prefix=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
|
319 |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$private_prefix # @ + masque du réseau de consult (192.168.182.0/24)
|
306 |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$private_prefix # @ + masque du réseau de consult (192.168.182.0/24)
|
Line 340... |
Line 327... |
340 |
DNS1=${DNS1:=208.67.220.220}
|
327 |
DNS1=${DNS1:=208.67.220.220}
|
341 |
DNS2=${DNS2:=208.67.222.222}
|
328 |
DNS2=${DNS2:=208.67.222.222}
|
342 |
PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
|
329 |
PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
|
343 |
PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
|
330 |
PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
|
344 |
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
|
331 |
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
|
345 |
echo -e "- WAN IP address ($EXTIF) :\t$PUBLIC_IP/$PUBLIC_PREFIX" >> $FIC_PARAM
|
- |
|
346 |
echo -e "- Gateway IP address :\t\t$PUBLIC_GATEWAY" >> $FIC_PARAM
|
- |
|
347 |
echo -e "- DNS servers :\t\t\t$DNS1 and $DNS2" >> $FIC_PARAM
|
- |
|
348 |
echo -e "- LAN IP address ($INTIF) :\t$PRIVATE_IP_MASK" >> $FIC_PARAM
|
- |
|
349 |
echo -e "- Dynamic IP addresses (DHCP) :\tfrom $PRIVATE_DYN_FIRST_IP to $PRIVATE_DYN_LAST_IP" >> $FIC_PARAM
|
- |
|
350 |
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $FIC_CONF
|
332 |
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
|
351 |
echo "GW=$PUBLIC_GATEWAY" >> $FIC_CONF
|
333 |
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
|
352 |
echo "DNS1=$DNS1" >> $FIC_CONF
|
334 |
echo "DNS1=$DNS1" >> $CONF_FILE
|
353 |
echo "DNS2=$DNS2" >> $FIC_CONF
|
335 |
echo "DNS2=$DNS2" >> $CONF_FILE
|
354 |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $FIC_CONF
|
336 |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
|
355 |
echo "DHCP=on" >> $FIC_CONF
|
337 |
echo "DHCP=on" >> $CONF_FILE
|
356 |
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $FIC_CONF
|
338 |
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $CONF_FILE
|
357 |
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $FIC_CONF
|
339 |
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $CONF_FILE
|
358 |
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
|
340 |
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
|
359 |
# Configuration réseau
|
341 |
# Configuration réseau
|
360 |
cat <<EOF > /etc/sysconfig/network
|
342 |
cat <<EOF > /etc/sysconfig/network
|
361 |
NETWORKING=yes
|
343 |
NETWORKING=yes
|
362 |
HOSTNAME="$HOSTNAME"
|
344 |
HOSTNAME="$HOSTNAME"
|
Line 460... |
Line 442... |
460 |
echo "$VERSION du $DATE" > $DIR_WEB/VERSION
|
442 |
echo "$VERSION du $DATE" > $DIR_WEB/VERSION
|
461 |
$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php
|
443 |
$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php
|
462 |
$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
|
444 |
$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
|
463 |
$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
|
445 |
$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
|
464 |
$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
|
446 |
$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
|
465 |
$SED "s?^\$private_ip =.*?\$private_ip = \"$PRIVATE_IP\";?g" $DIR_WEB/index.php
|
- |
|
466 |
$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php
|
447 |
$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php
|
467 |
chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
|
448 |
chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
|
468 |
chown -R apache:apache $DIR_WEB/*
|
449 |
chown -R apache:apache $DIR_WEB/*
|
469 |
for i in ISO base logs/firewall logs/httpd logs/squid ;
|
450 |
for i in ISO base logs/firewall logs/httpd logs/squid ;
|
470 |
do
|
451 |
do
|
Line 492... |
Line 473... |
492 |
[ -e /var/www/error/include/bottom.html.default ] || mv /var/www/error/include/bottom.html /var/www/error/include/bottom.html.default
|
473 |
[ -e /var/www/error/include/bottom.html.default ] || mv /var/www/error/include/bottom.html /var/www/error/include/bottom.html.default
|
493 |
cat <<EOF > /var/www/error/include/bottom.html
|
474 |
cat <<EOF > /var/www/error/include/bottom.html
|
494 |
</body>
|
475 |
</body>
|
495 |
</html>
|
476 |
</html>
|
496 |
EOF
|
477 |
EOF
|
497 |
echo "- ALCASAR Control Center URL : http://$HOSTNAME" >> $FIC_PARAM
|
- |
|
498 |
# Définition du premier compte lié au profil 'admin'
|
478 |
# Définition du premier compte lié au profil 'admin'
|
499 |
header_install
|
479 |
header_install
|
500 |
if [ "$mode" = "install" ]
|
480 |
if [ "$mode" = "install" ]
|
501 |
then
|
481 |
then
|
502 |
admin_portal=!
|
482 |
admin_portal=!
|
Line 520... |
Line 500... |
520 |
if [ "$admin_portal" == "" ]
|
500 |
if [ "$admin_portal" == "" ]
|
521 |
then
|
501 |
then
|
522 |
admin_portal=!
|
502 |
admin_portal=!
|
523 |
fi
|
503 |
fi
|
524 |
done
|
504 |
done
|
525 |
echo "- Name of the first account of the admin profile : $admin_portal" >> $FIC_PARAM
|
- |
|
526 |
# Création du fichier de clés de ce compte dans le profil "admin"
|
505 |
# Création du fichier de clés de ce compte dans le profil "admin"
|
527 |
[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
|
506 |
[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
|
528 |
mkdir -p $DIR_DEST_ETC/digest
|
507 |
mkdir -p $DIR_DEST_ETC/digest
|
529 |
chmod 755 $DIR_DEST_ETC/digest
|
508 |
chmod 755 $DIR_DEST_ETC/digest
|
530 |
until [ -s $DIR_DEST_ETC/digest/key_admin ]
|
509 |
until [ -s $DIR_DEST_ETC/digest/key_admin ]
|
Line 544... |
Line 523... |
544 |
echo "This update need to redefine the first admin account"
|
523 |
echo "This update need to redefine the first admin account"
|
545 |
echo
|
524 |
echo
|
546 |
echo -n "Account : "
|
525 |
echo -n "Account : "
|
547 |
fi
|
526 |
fi
|
548 |
read admin_portal
|
527 |
read admin_portal
|
549 |
echo "- Name of the first account of the admin profile : $admin_portal" >> $FIC_PARAM
|
- |
|
550 |
[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
|
528 |
[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
|
551 |
mkdir -p $DIR_DEST_ETC/digest
|
529 |
mkdir -p $DIR_DEST_ETC/digest
|
552 |
chmod 755 $DIR_DEST_ETC/digest
|
530 |
chmod 755 $DIR_DEST_ETC/digest
|
553 |
until [ -s $DIR_DEST_ETC/digest/key_admin ]
|
531 |
until [ -s $DIR_DEST_ETC/digest/key_admin ]
|
554 |
do
|
532 |
do
|
Line 792... |
Line 770... |
792 |
Allow from 127.0.0.1
|
770 |
Allow from 127.0.0.1
|
793 |
Allow from $PRIVATE_NETWORK_MASK
|
771 |
Allow from $PRIVATE_NETWORK_MASK
|
794 |
ErrorDocument 404 https://$HOSTNAME
|
772 |
ErrorDocument 404 https://$HOSTNAME
|
795 |
</Directory>
|
773 |
</Directory>
|
796 |
EOF
|
774 |
EOF
|
797 |
echo "- User change password URL : https://$HOSTNAME/pass/" >> $FIC_PARAM
|
- |
|
798 |
} # End of param_web_radius ()
|
775 |
} # End of param_web_radius ()
|
799 |
|
776 |
|
800 |
##########################################################################################
|
777 |
##########################################################################################
|
801 |
## Fonction param_chilli ##
|
778 |
## Fonction param_chilli ##
|
802 |
## - Paramètrage du fichier d'initialisation et de configuration de coova-chilli ##
|
779 |
## - Paramètrage du fichier d'initialisation et de configuration de coova-chilli ##
|
Line 855... |
Line 832... |
855 |
touch $DIR_DEST_ETC/alcasar-ethers
|
832 |
touch $DIR_DEST_ETC/alcasar-ethers
|
856 |
# création des fichiers de sites, d'urls et d'adresses MAC de confiance
|
833 |
# création des fichiers de sites, d'urls et d'adresses MAC de confiance
|
857 |
touch $DIR_DEST_ETC/alcasar-macallowed $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
|
834 |
touch $DIR_DEST_ETC/alcasar-macallowed $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
|
858 |
chown root:apache $DIR_DEST_ETC/alcasar-*
|
835 |
chown root:apache $DIR_DEST_ETC/alcasar-*
|
859 |
chmod 660 $DIR_DEST_ETC/alcasar-*
|
836 |
chmod 660 $DIR_DEST_ETC/alcasar-*
|
860 |
echo "- User disconnect URL : http://alcasar:3990/logoff" >> $FIC_PARAM
|
- |
|
861 |
# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli et nom d'organisme)
|
837 |
# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli et nom d'organisme)
|
862 |
$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php
|
838 |
$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php
|
863 |
$SED "s?^\$userpassword=1.*?\$userpassword=1;?g" $DIR_WEB/intercept.php
|
839 |
$SED "s?^\$userpassword=1.*?\$userpassword=1;?g" $DIR_WEB/intercept.php
|
864 |
$SED "s?^\$organisme = .*?\$organisme = \"$ORGANISME\";?g" $DIR_WEB/intercept.php $DIR_WEB/status.php
|
840 |
$SED "s?^\$organisme = .*?\$organisme = \"$ORGANISME\";?g" $DIR_WEB/intercept.php $DIR_WEB/status.php
|
865 |
} # End of param_chilli ()
|
841 |
} # End of param_chilli ()
|
Line 1275... |
Line 1251... |
1275 |
# sshd écoute côté LAN et WAN
|
1251 |
# sshd écoute côté LAN et WAN
|
1276 |
$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
|
1252 |
$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
|
1277 |
$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
|
1253 |
$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
|
1278 |
# Put the default value in conf file (sshd, QOS, protocols filter and dns filter are off)(web antivirus is on)
|
1254 |
# Put the default value in conf file (sshd, QOS, protocols filter and dns filter are off)(web antivirus is on)
|
1279 |
/sbin/chkconfig --del sshd
|
1255 |
/sbin/chkconfig --del sshd
|
1280 |
echo "SSH=off" >> $FIC_CONF
|
1256 |
echo "SSH=off" >> $CONF_FILE
|
1281 |
echo "QOS=off" >> $FIC_CONF
|
1257 |
echo "QOS=off" >> $CONF_FILE
|
1282 |
echo "LDAP=off" >> $FIC_CONF
|
1258 |
echo "LDAP=off" >> $CONF_FILE
|
1283 |
echo "PROTOCOLS_FILTERING=off" >> $FIC_CONF
|
1259 |
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
|
1284 |
echo "DNS_FILTERING=off" >> $FIC_CONF
|
1260 |
echo "DNS_FILTERING=off" >> $CONF_FILE
|
1285 |
echo "WEB_ANTIVIRUS=on" >> $FIC_CONF
|
1261 |
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
|
1286 |
# Coloration des prompts
|
1262 |
# Coloration des prompts
|
1287 |
[ -e /etc/bashrc.default ] || cp /etc/bashrc /etc/bashrc.default
|
1263 |
[ -e /etc/bashrc.default ] || cp /etc/bashrc /etc/bashrc.default
|
1288 |
cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
|
1264 |
cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
|
1289 |
# Droits d'exécution pour utilisateur apache et sysadmin
|
1265 |
# Droits d'exécution pour utilisateur apache et sysadmin
|
1290 |
[ -e /etc/sudoers.default ] || cp /etc/sudoers /etc/sudoers.default
|
1266 |
[ -e /etc/sudoers.default ] || cp /etc/sudoers /etc/sudoers.default
|
Line 1399... |
Line 1375... |
1399 |
if [ "$user" == "$rm_users" ]
|
1375 |
if [ "$user" == "$rm_users" ]
|
1400 |
then
|
1376 |
then
|
1401 |
/usr/sbin/userdel -f $rm_users
|
1377 |
/usr/sbin/userdel -f $rm_users
|
1402 |
fi
|
1378 |
fi
|
1403 |
done
|
1379 |
done
|
1404 |
# Load the previous conf file
|
1380 |
# Load and update the previous conf file
|
1405 |
if [ "$mode" = "update" ]
|
1381 |
if [ "$mode" = "update" ]
|
1406 |
then
|
1382 |
then
|
1407 |
$DIR_DEST_BIN/alcasar-conf.sh --load
|
1383 |
$DIR_DEST_BIN/alcasar-conf.sh --load
|
- |
|
1384 |
$SED "s?^INSTALL_DATE=.*?INSTALL_DATE=$DATE?g" $CONF_FILE
|
- |
|
1385 |
$SED "s?^VERSION=.*?VERSION=$VERSION?g" $CONF_FILE
|
- |
|
1386 |
$SED "s?^ORGANISM=.*?ORGANISM=$ORGANISM?g" $CONF_FILE
|
1408 |
fi
|
1387 |
fi
|
1409 |
rm -f /tmp/alcasar-conf*
|
1388 |
rm -f /tmp/alcasar-conf*
|
1410 |
chown -R root:apache $DIR_DEST_ETC/*
|
1389 |
chown -R root:apache $DIR_DEST_ETC/*
|
1411 |
chmod -R 660 $DIR_DEST_ETC/*
|
1390 |
chmod -R 660 $DIR_DEST_ETC/*
|
1412 |
chmod ug+x $DIR_DEST_ETC/digest $DIR_DEST_ETC/alcasar-dnsfilter*
|
1391 |
chmod ug+x $DIR_DEST_ETC/digest $DIR_DEST_ETC/alcasar-dnsfilter*
|