WebSVN – ALCASAR – Diff – /alcasar.sh



#!/bin/bash
#  $Id: alcasar.sh 1243 2013-10-15 15:34:24Z richard $ 
 
# alcasar.sh
 
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
# Ce programme est un logiciel libre ; This software is free and open source

DIR_DEST_ETC="/usr/local/etc"			# directory of ALCASAR conf files
DIR_DEST_SHARE="/usr/local/share"		# directory of share files used by ALCASAR (dnsmasq for instance)
CONF_FILE="$DIR_DEST_ETC/alcasar.conf"		# central ALCASAR conf file
PASSWD_FILE="/root/ALCASAR-passwords.txt"	# text file with the passwords and shared secrets
# ******* DBMS parameters - paramètres SGBD ********
DB_RADIUS="radius"				# database name used by FreeRadius server
DB_USER="radius"				# user name allows to request the users database
# ******* Network parameters - paramètres réseau *******
HOSTNAME="alcasar"				# 
DOMAIN="localdomain"				# default local domain
EXTIF="eth0"					# ETH0 is connected to the ISP broadband modem/router (In France : Box-FAI )
MTU="1500"
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'
INTIF="eth1"					# ETH1 is connected to the consultation network
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24"	# Default ALCASAR IP address
# ****** Paths - chemin des commandes *******
SED="/bin/sed -i"
# ****************** End of global parameters *********************
 
license ()

	else
		PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf|cut -d"=" -f2` 
		rm -rf conf/etc/alcasar.conf
	fi
# Define LAN side global parameters
	hostname $HOSTNAME.$DOMAIN
	echo $HOSTNAME.$DOMAIN > /etc/hostname
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`						# ALCASAR private ip address (consultation LAN side)
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`					# network prefix (ie. 24)
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX						# ie.: 192.168.182.0/24

	echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
	[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
# config network
	cat <<EOF > /etc/sysconfig/network
NETWORKING=yes
HOSTNAME="$HOSTNAME.$DOMAIN"
FORWARD_IPV4=true
EOF
# config /etc/hosts
	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
	cat <<EOF > /etc/hosts

	echo "$VERSION" > $DIR_WEB/VERSION
	$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php
	$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
	$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
	$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
	$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME.$DOMAIN\";?g" $DIR_WEB/index.php
	chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
	chown -R apache:apache $DIR_WEB/*
	for i in system_backup base logs/firewall logs/httpd logs/squid logs/security;
	do
		[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i

	$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini
	$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini
# Configuration et sécurisation Apache
	rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*
	[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
	$SED "s?^#ServerName.*?ServerName $HOSTNAME.$DOMAIN?g" /etc/httpd/conf/httpd.conf
	$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
	$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
	$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
	$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf
	$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/httpd.conf

		[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
		mkdir -p $DIR_DEST_ETC/digest
		chmod 755 $DIR_DEST_ETC/digest
		until [ -s $DIR_DEST_ETC/digest/key_admin ]
			do
				/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal
			done
		$DIR_DEST_SBIN/alcasar-profil.sh --list
	else   # mise à jour des versions < 2.1
		if [ $MAJ_PREVIOUS_VERSION -lt 2 ] || ([ $MAJ_PREVIOUS_VERSION -eq 2 ] && [ $MIN_PREVIOUS_VERSION -lt 1 ])
			then

			[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
			mkdir -p $DIR_DEST_ETC/digest
			chmod 755 $DIR_DEST_ETC/digest
			until [ -s $DIR_DEST_ETC/digest/key_admin ]
			do
				/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal
			done
			$DIR_DEST_SBIN/alcasar-profil.sh --list
		fi
	fi
# synchronisation horaire

	Allow from 127.0.0.1
	Allow from $PRIVATE_NETWORK_MASK
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
	require valid-user
	AuthType digest
	AuthName $HOSTNAME.$DOMAIN
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
	AuthUserFile $DIR_DEST_ETC/digest/key_all
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
<Directory $DIR_ACC/admin>
	SSLRequireSSL
	AllowOverride None
	Order deny,allow

	Allow from 127.0.0.1
	Allow from $PRIVATE_NETWORK_MASK
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
	require valid-user
	AuthType digest
	AuthName $HOSTNAME.$DOMAIN
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
	AuthUserFile $DIR_DEST_ETC/digest/key_admin
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
<Directory $DIR_ACC/manager>
	SSLRequireSSL
	AllowOverride None
	Order deny,allow

	Allow from 127.0.0.1
	Allow from $PRIVATE_NETWORK_MASK
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
	require valid-user
	AuthType digest
	AuthName $HOSTNAME.$DOMAIN
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
	AuthUserFile $DIR_DEST_ETC/digest/key_manager
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
<Directory $DIR_ACC/backup>
	SSLRequireSSL
	AllowOverride None
	Order deny,allow

	Allow from 127.0.0.1
	Allow from $PRIVATE_NETWORK_MASK
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
	require valid-user
	AuthType digest
	AuthName $HOSTNAME.$DOMAIN
	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
Alias /save/ "$DIR_SAVE/"
<Directory $DIR_SAVE>
	SSLRequireSSL
	Options Indexes

	Allow from 127.0.0.1
	Allow from $PRIVATE_NETWORK_MASK
#	Allow from AA.BB.CC.DD/32	# Allow from specific @IP
	require valid-user
	AuthType digest
	AuthName $HOSTNAME.$DOMAIN
	AuthUserFile $DIR_DEST_ETC/digest/key_backup
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
EOF
} # End of ACC()
 
##########################################################################################

	AllowOverride None
	Order deny,allow
	Deny from all
	Allow from 127.0.0.1
	Allow from $PRIVATE_NETWORK_MASK
	ErrorDocument 404 https://$HOSTNAME.$DOMAIN
</Directory>
EOF
} # End of param_web_radius ()
 
##################################################################################

dns2		$PRIVATE_IP
uamlisten	$PRIVATE_IP
uamport		3990
macauth
macpasswd	password
locationname	$HOSTNAME.$DOMAIN
radiusserver1	127.0.0.1
radiusserver2	127.0.0.1
radiussecret	$secretradius
radiusauthport	1812
radiusacctport	1813
uamserver	https://$HOSTNAME.$DOMAIN/intercept.php
radiusnasid	$HOSTNAME.$DOMAIN
uamsecret	$secretuam
uamallowed	alcasar
coaport		3799
include		$DIR_DEST_ETC/alcasar-uamallowed
include		$DIR_DEST_ETC/alcasar-uamdomain

Rev 1229	Rev 1243
Line 1...	Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar.sh 1229 2013-10-01 07:25:03Z crox53 $`	2	`# $Id: alcasar.sh 1243 2013-10-15 15:34:24Z richard $`
3		3
4	`# alcasar.sh`	4	`# alcasar.sh`
5		5
6	`# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]`	6	`# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]`
7	`# Ce programme est un logiciel libre ; This software is free and open source`	7	`# Ce programme est un logiciel libre ; This software is free and open source`
Line 62...	Line 62...
62	`DIR_DEST_ETC="/usr/local/etc" # directory of ALCASAR conf files`	62	`DIR_DEST_ETC="/usr/local/etc" # directory of ALCASAR conf files`
63	`DIR_DEST_SHARE="/usr/local/share" # directory of share files used by ALCASAR (dnsmasq for instance)`	63	`DIR_DEST_SHARE="/usr/local/share" # directory of share files used by ALCASAR (dnsmasq for instance)`
64	`CONF_FILE="$DIR_DEST_ETC/alcasar.conf" # central ALCASAR conf file`	64	`CONF_FILE="$DIR_DEST_ETC/alcasar.conf" # central ALCASAR conf file`
65	`PASSWD_FILE="/root/ALCASAR-passwords.txt" # text file with the passwords and shared secrets`	65	`PASSWD_FILE="/root/ALCASAR-passwords.txt" # text file with the passwords and shared secrets`
66	`# ***** DBMS parameters - paramètres SGBD ******`	66	`# ***** DBMS parameters - paramètres SGBD ******`
67	`DB_RADIUS="radius" # nom de la base de données utilisée par le serveur FreeRadius`	67	`DB_RADIUS="radius" # database name used by FreeRadius server`
68	`DB_USER="radius" # nom de l'utilisateur de la base de données`	68	`DB_USER="radius" # user name allows to request the users database`
69	`# ***** Network parameters - paramètres réseau *****`	69	`# ***** Network parameters - paramètres réseau *****`
70	`HOSTNAME="alcasar" #`	70	`HOSTNAME="alcasar" #`
71	`DOMAIN="localdomain" # domaine local`	71	`DOMAIN="localdomain" # default local domain`
72	`EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI)`	72	`EXTIF="eth0" # ETH0 is connected to the ISP broadband modem/router (In France : Box-FAI )`
73	`MTU="1500"`	73	`MTU="1500"`
74	`ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'`	74	`ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'`
75	`INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation`	75	`INTIF="eth1" # ETH1 is connected to the consultation network`
76	`DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # adresse d'ALCASAR (+masque) proposée par défaut sur le réseau de consultation`	76	`DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # Default ALCASAR IP address`
77	`# **** Paths - chemin des commandes *****`	77	`# **** Paths - chemin des commandes *****`
78	`SED="/bin/sed -i"`	78	`SED="/bin/sed -i"`
79	`# **************** End of global parameters *******************`	79	`# **************** End of global parameters *******************`
80		80
81	`license ()`	81	`license ()`
Line 359...	Line 359...
359	`else`	359	`else`
360	PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf\|cut -d"=" -f2`	360	PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf\|cut -d"=" -f2`
361	`rm -rf conf/etc/alcasar.conf`	361	`rm -rf conf/etc/alcasar.conf`
362	`fi`	362	`fi`
363	`# Define LAN side global parameters`	363	`# Define LAN side global parameters`
364	`hostname $HOSTNAME`	364	`hostname $HOSTNAME.$DOMAIN`
365	`echo $HOSTNAME > /etc/hostname`	365	`echo $HOSTNAME.$DOMAIN > /etc/hostname`
366	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK \| cut -d"=" -f2` # private network address (ie.: 192.168.182.0)	366	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK \| cut -d"=" -f2` # private network address (ie.: 192.168.182.0)
367	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK \| cut -d"=" -f2` # private network mask (ie.: 255.255.255.0)	367	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK \| cut -d"=" -f2` # private network mask (ie.: 255.255.255.0)
368	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1` # ALCASAR private ip address (consultation LAN side)	368	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1` # ALCASAR private ip address (consultation LAN side)
369	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK \|cut -d"=" -f2` # network prefix (ie. 24)	369	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK \|cut -d"=" -f2` # network prefix (ie. 24)
370	`PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24`	370	`PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24`
Line 400...	Line 400...
400	`echo "RELAY_DHCP_PORT=none" >> $CONF_FILE`	400	`echo "RELAY_DHCP_PORT=none" >> $CONF_FILE`
401	`[ -e /etc/sysconfig/network.default ] \|\| cp /etc/sysconfig/network /etc/sysconfig/network.default`	401	`[ -e /etc/sysconfig/network.default ] \|\| cp /etc/sysconfig/network /etc/sysconfig/network.default`
402	`# config network`	402	`# config network`
403	`cat <<EOF > /etc/sysconfig/network`	403	`cat <<EOF > /etc/sysconfig/network`
404	`NETWORKING=yes`	404	`NETWORKING=yes`
405	`HOSTNAME="$HOSTNAME"`	405	`HOSTNAME="$HOSTNAME.$DOMAIN"`
406	`FORWARD_IPV4=true`	406	`FORWARD_IPV4=true`
407	`EOF`	407	`EOF`
408	`# config /etc/hosts`	408	`# config /etc/hosts`
409	`[ -e /etc/hosts.default ] \|\| cp /etc/hosts /etc/hosts.default`	409	`[ -e /etc/hosts.default ] \|\| cp /etc/hosts /etc/hosts.default`
410	`cat <<EOF > /etc/hosts`	410	`cat <<EOF > /etc/hosts`
Line 523...	Line 523...
523	`echo "$VERSION" > $DIR_WEB/VERSION`	523	`echo "$VERSION" > $DIR_WEB/VERSION`
524	`$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php`	524	`$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php`
525	`$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`	525	`$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`
526	`$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`	526	`$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`
527	`$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`	527	`$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`
528	`$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php`	528	`$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME.$DOMAIN\";?g" $DIR_WEB/index.php`
529	`chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php`	529	`chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php`
530	`chown -R apache:apache $DIR_WEB/*`	530	`chown -R apache:apache $DIR_WEB/*`
531	`for i in system_backup base logs/firewall logs/httpd logs/squid logs/security;`	531	`for i in system_backup base logs/firewall logs/httpd logs/squid logs/security;`
532	`do`	532	`do`
533	`[ -d $DIR_SAVE/$i ] \|\| mkdir -p $DIR_SAVE/$i`	533	`[ -d $DIR_SAVE/$i ] \|\| mkdir -p $DIR_SAVE/$i`
Line 542...	Line 542...
542	`$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini`	542	`$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini`
543	`$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini`	543	`$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini`
544	`# Configuration et sécurisation Apache`	544	`# Configuration et sécurisation Apache`
545	`rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*`	545	`rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*`
546	`[ -e /etc/httpd/conf/httpd.conf.default ] \|\| cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default`	546	`[ -e /etc/httpd/conf/httpd.conf.default ] \|\| cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default`
547	`$SED "s?^#ServerName.*?ServerName $HOSTNAME?g" /etc/httpd/conf/httpd.conf`	547	`$SED "s?^#ServerName.*?ServerName $HOSTNAME.$DOMAIN?g" /etc/httpd/conf/httpd.conf`
548	`$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf`	548	`$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf`
549	`$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf`	549	`$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf`
550	`$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf`	550	`$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf`
551	`$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf`	551	`$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf`
552	`$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/httpd.conf`	552	`$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/httpd.conf`
Line 595...	Line 595...
595	`[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest`	595	`[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest`
596	`mkdir -p $DIR_DEST_ETC/digest`	596	`mkdir -p $DIR_DEST_ETC/digest`
597	`chmod 755 $DIR_DEST_ETC/digest`	597	`chmod 755 $DIR_DEST_ETC/digest`
598	`until [ -s $DIR_DEST_ETC/digest/key_admin ]`	598	`until [ -s $DIR_DEST_ETC/digest/key_admin ]`
599	`do`	599	`do`
600	`/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME $admin_portal`	600	`/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal`
601	`done`	601	`done`
602	`$DIR_DEST_SBIN/alcasar-profil.sh --list`	602	`$DIR_DEST_SBIN/alcasar-profil.sh --list`
603	`else # mise à jour des versions < 2.1`	603	`else # mise à jour des versions < 2.1`
604	`if [ $MAJ_PREVIOUS_VERSION -lt 2 ] \|\| ([ $MAJ_PREVIOUS_VERSION -eq 2 ] && [ $MIN_PREVIOUS_VERSION -lt 1 ])`	604	`if [ $MAJ_PREVIOUS_VERSION -lt 2 ] \|\| ([ $MAJ_PREVIOUS_VERSION -eq 2 ] && [ $MIN_PREVIOUS_VERSION -lt 1 ])`
605	`then`	605	`then`
Line 617...	Line 617...
617	`[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest`	617	`[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest`
618	`mkdir -p $DIR_DEST_ETC/digest`	618	`mkdir -p $DIR_DEST_ETC/digest`
619	`chmod 755 $DIR_DEST_ETC/digest`	619	`chmod 755 $DIR_DEST_ETC/digest`
620	`until [ -s $DIR_DEST_ETC/digest/key_admin ]`	620	`until [ -s $DIR_DEST_ETC/digest/key_admin ]`
621	`do`	621	`do`
622	`/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME $admin_portal`	622	`/usr/sbin/htdigest -c $DIR_DEST_ETC/digest/key_admin $HOSTNAME.$DOMAIN $admin_portal`
623	`done`	623	`done`
624	`$DIR_DEST_SBIN/alcasar-profil.sh --list`	624	`$DIR_DEST_SBIN/alcasar-profil.sh --list`
625	`fi`	625	`fi`
626	`fi`	626	`fi`
627	`# synchronisation horaire`	627	`# synchronisation horaire`
Line 637...	Line 637...
637	`Allow from 127.0.0.1`	637	`Allow from 127.0.0.1`
638	`Allow from $PRIVATE_NETWORK_MASK`	638	`Allow from $PRIVATE_NETWORK_MASK`
639	`# Allow from AA.BB.CC.DD/32 # Allow from specific @IP`	639	`# Allow from AA.BB.CC.DD/32 # Allow from specific @IP`
640	`require valid-user`	640	`require valid-user`
641	`AuthType digest`	641	`AuthType digest`
642	`AuthName $HOSTNAME`	642	`AuthName $HOSTNAME.$DOMAIN`
643	`BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On`	643	`BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On`
644	`AuthUserFile $DIR_DEST_ETC/digest/key_all`	644	`AuthUserFile $DIR_DEST_ETC/digest/key_all`
645	`ErrorDocument 404 https://$HOSTNAME/`	645	`ErrorDocument 404 https://$HOSTNAME.$DOMAIN/`
646	`</Directory>`	646	`</Directory>`
647	`<Directory $DIR_ACC/admin>`	647	`<Directory $DIR_ACC/admin>`
648	`SSLRequireSSL`	648	`SSLRequireSSL`
649	`AllowOverride None`	649	`AllowOverride None`
650	`Order deny,allow`	650	`Order deny,allow`
Line 652...	Line 652...
652	`Allow from 127.0.0.1`	652	`Allow from 127.0.0.1`
653	`Allow from $PRIVATE_NETWORK_MASK`	653	`Allow from $PRIVATE_NETWORK_MASK`
654	`# Allow from AA.BB.CC.DD/32 # Allow from specific @IP`	654	`# Allow from AA.BB.CC.DD/32 # Allow from specific @IP`
655	`require valid-user`	655	`require valid-user`
656	`AuthType digest`	656	`AuthType digest`
657	`AuthName $HOSTNAME`	657	`AuthName $HOSTNAME.$DOMAIN`
658	`BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On`	658	`BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On`
659	`AuthUserFile $DIR_DEST_ETC/digest/key_admin`	659	`AuthUserFile $DIR_DEST_ETC/digest/key_admin`
660	`ErrorDocument 404 https://$HOSTNAME/`	660	`ErrorDocument 404 https://$HOSTNAME.$DOMAIN/`
661	`</Directory>`	661	`</Directory>`
662	`<Directory $DIR_ACC/manager>`	662	`<Directory $DIR_ACC/manager>`
663	`SSLRequireSSL`	663	`SSLRequireSSL`
664	`AllowOverride None`	664	`AllowOverride None`
665	`Order deny,allow`	665	`Order deny,allow`
Line 667...	Line 667...
667	`Allow from 127.0.0.1`	667	`Allow from 127.0.0.1`
668	`Allow from $PRIVATE_NETWORK_MASK`	668	`Allow from $PRIVATE_NETWORK_MASK`
669	`# Allow from AA.BB.CC.DD/32 # Allow from specific @IP`	669	`# Allow from AA.BB.CC.DD/32 # Allow from specific @IP`
670	`require valid-user`	670	`require valid-user`
671	`AuthType digest`	671	`AuthType digest`
672	`AuthName $HOSTNAME`	672	`AuthName $HOSTNAME.$DOMAIN`
673	`BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On`	673	`BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On`
674	`AuthUserFile $DIR_DEST_ETC/digest/key_manager`	674	`AuthUserFile $DIR_DEST_ETC/digest/key_manager`
675	`ErrorDocument 404 https://$HOSTNAME/`	675	`ErrorDocument 404 https://$HOSTNAME.$DOMAIN/`
676	`</Directory>`	676	`</Directory>`
677	`<Directory $DIR_ACC/backup>`	677	`<Directory $DIR_ACC/backup>`
678	`SSLRequireSSL`	678	`SSLRequireSSL`
679	`AllowOverride None`	679	`AllowOverride None`
680	`Order deny,allow`	680	`Order deny,allow`
Line 682...	Line 682...
682	`Allow from 127.0.0.1`	682	`Allow from 127.0.0.1`
683	`Allow from $PRIVATE_NETWORK_MASK`	683	`Allow from $PRIVATE_NETWORK_MASK`
684	`# Allow from AA.BB.CC.DD/32 # Allow from specific @IP`	684	`# Allow from AA.BB.CC.DD/32 # Allow from specific @IP`
685	`require valid-user`	685	`require valid-user`
686	`AuthType digest`	686	`AuthType digest`
687	`AuthName $HOSTNAME`	687	`AuthName $HOSTNAME.$DOMAIN`
688	`BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On`	688	`BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On`
689	`AuthUserFile $DIR_DEST_ETC/digest/key_backup`	689	`AuthUserFile $DIR_DEST_ETC/digest/key_backup`
690	`ErrorDocument 404 https://$HOSTNAME/`	690	`ErrorDocument 404 https://$HOSTNAME.$DOMAIN/`
691	`</Directory>`	691	`</Directory>`
692	`Alias /save/ "$DIR_SAVE/"`	692	`Alias /save/ "$DIR_SAVE/"`
693	`<Directory $DIR_SAVE>`	693	`<Directory $DIR_SAVE>`
694	`SSLRequireSSL`	694	`SSLRequireSSL`
695	`Options Indexes`	695	`Options Indexes`
Line 698...	Line 698...
698	`Allow from 127.0.0.1`	698	`Allow from 127.0.0.1`
699	`Allow from $PRIVATE_NETWORK_MASK`	699	`Allow from $PRIVATE_NETWORK_MASK`
700	`# Allow from AA.BB.CC.DD/32 # Allow from specific @IP`	700	`# Allow from AA.BB.CC.DD/32 # Allow from specific @IP`
701	`require valid-user`	701	`require valid-user`
702	`AuthType digest`	702	`AuthType digest`
703	`AuthName $HOSTNAME`	703	`AuthName $HOSTNAME.$DOMAIN`
704	`AuthUserFile $DIR_DEST_ETC/digest/key_backup`	704	`AuthUserFile $DIR_DEST_ETC/digest/key_backup`
705	`ErrorDocument 404 https://$HOSTNAME/`	705	`ErrorDocument 404 https://$HOSTNAME.$DOMAIN/`
706	`</Directory>`	706	`</Directory>`
707	`EOF`	707	`EOF`
708	`} # End of ACC()`	708	`} # End of ACC()`
709		709
710	`##########################################################################################`	710	`##########################################################################################`
Line 866...	Line 866...
866	`AllowOverride None`	866	`AllowOverride None`
867	`Order deny,allow`	867	`Order deny,allow`
868	`Deny from all`	868	`Deny from all`
869	`Allow from 127.0.0.1`	869	`Allow from 127.0.0.1`
870	`Allow from $PRIVATE_NETWORK_MASK`	870	`Allow from $PRIVATE_NETWORK_MASK`
871	`ErrorDocument 404 https://$HOSTNAME`	871	`ErrorDocument 404 https://$HOSTNAME.$DOMAIN`
872	`</Directory>`	872	`</Directory>`
873	`EOF`	873	`EOF`
874	`} # End of param_web_radius ()`	874	`} # End of param_web_radius ()`
875		875
876	`##################################################################################`	876	`##################################################################################`
Line 982...	Line 982...
982	`dns2 $PRIVATE_IP`	982	`dns2 $PRIVATE_IP`
983	`uamlisten $PRIVATE_IP`	983	`uamlisten $PRIVATE_IP`
984	`uamport 3990`	984	`uamport 3990`
985	`macauth`	985	`macauth`
986	`macpasswd password`	986	`macpasswd password`
987	`locationname $HOSTNAME`	987	`locationname $HOSTNAME.$DOMAIN`
988	`radiusserver1 127.0.0.1`	988	`radiusserver1 127.0.0.1`
989	`radiusserver2 127.0.0.1`	989	`radiusserver2 127.0.0.1`
990	`radiussecret $secretradius`	990	`radiussecret $secretradius`
991	`radiusauthport 1812`	991	`radiusauthport 1812`
992	`radiusacctport 1813`	992	`radiusacctport 1813`
993	`uamserver https://$HOSTNAME/intercept.php`	993	`uamserver https://$HOSTNAME.$DOMAIN/intercept.php`
994	`radiusnasid $HOSTNAME`	994	`radiusnasid $HOSTNAME.$DOMAIN`
995	`uamsecret $secretuam`	995	`uamsecret $secretuam`
996	`uamallowed alcasar`	996	`uamallowed alcasar`
997	`coaport 3799`	997	`coaport 3799`
998	`include $DIR_DEST_ETC/alcasar-uamallowed`	998	`include $DIR_DEST_ETC/alcasar-uamallowed`
999	`include $DIR_DEST_ETC/alcasar-uamdomain`	999	`include $DIR_DEST_ETC/alcasar-uamdomain`

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 3193 – Rev 1229 → 1243