Subversion Repositories ALCASAR

Rev

Rev 3219 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 3219 Rev 3222
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 3219 2024-07-05 14:54:19Z rexy $
2
#  $Id: alcasar.sh 3222 2024-07-17 09:56:42Z rexy $
3
 
3
 
4
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
4
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, lighttpd, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
5
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, lighttpd, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
6
# contact : info@alcasar.net
6
# contact : info@alcasar.net
7
 
7
 
Line 448... Line 448...
448
	grub2pwd=`cat /dev/urandom | tr -dc '[:alnum:]' | head -c8`
448
	grub2pwd=`cat /dev/urandom | tr -dc '[:alnum:]' | head -c8`
449
	pbkdf2=`( echo $grub2pwd ; echo $grub2pwd ) | \
449
	pbkdf2=`( echo $grub2pwd ; echo $grub2pwd ) | \
450
		LC_ALL=C /usr/bin/grub2-mkpasswd-pbkdf2 | \
450
		LC_ALL=C /usr/bin/grub2-mkpasswd-pbkdf2 | \
451
		grep -v '[eE]nter password:' | \
451
		grep -v '[eE]nter password:' | \
452
		sed -e "s/PBKDF2 hash of your password is //"`
452
		sed -e "s/PBKDF2 hash of your password is //"`
-
 
453
	[ -e /etc/grub.d/default-40_custom ]  || cp /etc/grub.d/40_custom /etc/grub.d/default-40_custom
453
	echo "GRUB2_PASSWORD=$pbkdf2" > /boot/grub2/user.cfg
454
	echo "set superusers=\"root\"" >> /etc/grub.d/40_custom
454
	chmod 0600 /boot/grub2/user.cfg
455
	echo "password_pbkdf2 root $pbkdf2" >> /etc/grub.d/40_custom
455
	echo "# Login name and password to protect GRUB2 boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE
456
	echo "# Login name and password to protect GRUB2 boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE
456
	echo "GRUB2_user=root" >> $PASSWD_FILE
457
	echo "GRUB2_user=root" >> $PASSWD_FILE
457
	echo "GRUB2_password=$grub2pwd" >> $PASSWD_FILE
458
	echo "GRUB2_password=$grub2pwd" >> $PASSWD_FILE
458
	mysqlpwd=`cat /dev/urandom | tr -dc '[:alnum:]' | head -c16`
459
	mysqlpwd=`cat /dev/urandom | tr -dc '[:alnum:]' | head -c16`
459
	echo "# Login name and Password of MariaDB administrator:" >> $PASSWD_FILE
460
	echo "# Login name and Password of MariaDB administrator:" >> $PASSWD_FILE
Line 475... Line 476...
475
#  copy scripts in in /usr/local/bin
476
#  copy scripts in in /usr/local/bin
476
	cp -fr $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown -R root:root $DIR_DEST_BIN/alcasar* ; chmod -R 740 $DIR_DEST_BIN/alcasar*
477
	cp -fr $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown -R root:root $DIR_DEST_BIN/alcasar* ; chmod -R 740 $DIR_DEST_BIN/alcasar*
477
#  copy conf files in /usr/local/etc
478
#  copy conf files in /usr/local/etc
478
	cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown -R root:apache $DIR_DEST_ETC ; chmod 770 $DIR_DEST_ETC ; chmod 660 $DIR_DEST_ETC/alcasar*
479
	cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown -R root:apache $DIR_DEST_ETC ; chmod 770 $DIR_DEST_ETC ; chmod 660 $DIR_DEST_ETC/alcasar*
479
	$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_BIN/alcasar-mysql.sh
480
	$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_BIN/alcasar-mysql.sh
480
# generate central conf file
481
# generate main conf file
481
	cat <<EOF > $CONF_FILE
482
	cat <<EOF > $CONF_FILE
482
##########################################
483
##########################################
483
##                                      ##
484
##                                      ##
484
##          ALCASAR Parameters          ##
485
##          ALCASAR Parameters          ##
485
##                                      ##
486
##                                      ##
Line 2199... Line 2200...
2199
	ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
2200
	ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
2200
# disable Core dump file
2201
# disable Core dump file
2201
	[ -e /etc/security/limits.conf.default ]  || cp /etc/security/limits.conf /etc/security/limits.conf.default
2202
	[ -e /etc/security/limits.conf.default ]  || cp /etc/security/limits.conf /etc/security/limits.conf.default
2202
	$SED "/^# End of file.*/i*\tsoft\tcore\t0\n*\thard\tcore\t0" /etc/security/limits.conf
2203
	$SED "/^# End of file.*/i*\tsoft\tcore\t0\n*\thard\tcore\t0" /etc/security/limits.conf
2203
# GRUB2 modifications (Wait time : 3s - ALCASAR entry - VGA=791 - Change the default banner
2204
# GRUB2 modifications (Wait time : 3s - ALCASAR entry - VGA=791 - Change the default banner
2204
	[ -e /etc/default/grub.default ]  || cp /etc/default/grub /etc/default/grub.default
2205
	[ -e /etc/default/grub.default ] || cp /etc/default/grub /etc/default/grub.default
2205
	$SED "s?^GRUB_TIMEOUT=.*?GRUB_TIMEOUT=3?g" /etc/default/grub
2206
	$SED "s?^GRUB_TIMEOUT=.*?GRUB_TIMEOUT=3?g" /etc/default/grub
2206
	$SED "s?^GRUB_DISTRIBUTOR=.*?GRUB_DISTRIBUTOR=ALCASAR?g" /etc/default/grub
2207
	$SED "s?^GRUB_DISTRIBUTOR=.*?GRUB_DISTRIBUTOR=ALCASAR?g" /etc/default/grub
2207
	[ -e /etc/mageia-release.default ]  || cp /etc/mageia-release /etc/mageia-release.default
2208
	[ -e /etc/mageia-release.default ]  || cp /etc/mageia-release /etc/mageia-release.default
2208
	vm_vga=`lsmod | grep -c -E "virtio|vmwgfx"` # test if in VM
2209
	vm_vga=`lsmod | grep -c -E "virtio|vmwgfx"` # test if in VM
2209
	if [ $vm_vga == 0 ] # is not a VM
2210
	if [ $vm_vga == 0 ] # is not a VM