WebSVN – ALCASAR – Diff – /alcasar.sh



#!/bin/bash
#  $Id: alcasar.sh 1148 2013-07-08 16:19:10Z crox53 $ 
 
# alcasar.sh
 
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
# Ce programme est un logiciel libre ; This software is free and open source

DB_USER="radius"				# nom de l'utilisateur de la base de données
# ******* Network parameters - paramètres réseau *******
HOSTNAME="alcasar"				# 
DOMAIN="localdomain"				# domaine local
EXTIF="eth0"					# ETH0 est l'interface connectée à Internet (Box FAI)
MTU="1500"
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'
INTIF="eth1"					# ETH1 est l'interface connectée au réseau local de consultation
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24"	# adresse d'ALCASAR (+masque) proposée par défaut sur le réseau de consultation
# ****** Paths - chemin des commandes *******
SED="/bin/sed -i"

IPV6INIT=no
IPV6TO4INIT=no
ACCOUNTING=no
USERCTL=no
MTU=$MTU
 
EOF
# Config eth1 (consultation LAN) in normal mode
	cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
DEVICE=$INTIF
BOOTPROTO=static

MII_NOT_SUPPORTED=yes
IPV6INIT=no
IPV6TO4INIT=no
ACCOUNTING=no
USERCTL=no
ETHTOOL_OPTS=$ETHTOOL_OPTS
EOF
# Config of eth1 in bypass mode (see "alcasar-bypass.sh")
	cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
DEVICE=$INTIF
BOOTPROTO=static

EOF
	[ -e /etc/host.deny.default ]  || cp /etc/hosts.deny /etc/hosts.deny.default
	cat <<EOF > /etc/hosts.deny
ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" | /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &
EOF
read a
# modify "network-functions" Mageia script (waiting for bug fix bugzilla:10623)
        $SED "s?/sbin/ethtool?/usr/sbin/ethtool?g" /etc/sysconfig/network-scripts/network-functions
# Firewall config
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
# create the filter exception file and ip_bloqued file

# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)
	echo "#$PUBLIC_NETWORK/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked
# load conntrack ftp module
	[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
	echo "ip_conntrack_ftp" >>  /etc/modprobe.preload
# 
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
} # End of network ()
 
##################################################################
##			Fonction gestion			##

#dhcpgatewayport
EOF
# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0)
	echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
# create files for trusted domains and urls
#	cp -f $DIR_CONF/etc/alcasar-uam* $DIR_DEST_ETC/.
	touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
	chown root:apache $DIR_DEST_ETC/alcasar-*
	chmod 660 $DIR_DEST_ETC/alcasar-*
# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli)
	$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php
	$SED "s?^\$userpassword=1.*?\$userpassword=1;?g" $DIR_WEB/intercept.php

			mode="install"
		fi
		for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_awstats param_dnsmasq BL cron post_install
		do
			$func
 echo "*** 'debug' : end of function $func ***"; read a
		done
		;;
	-u | --uninstall)
		if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]
		then

Rev 1144	Rev 1148
Line 1...	Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar.sh 1144 2013-07-01 08:21:20Z franck $`	2	`# $Id: alcasar.sh 1148 2013-07-08 16:19:10Z crox53 $`
3		3
4	`# alcasar.sh`	4	`# alcasar.sh`
5		5
6	`# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]`	6	`# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]`
7	`# Ce programme est un logiciel libre ; This software is free and open source`	7	`# Ce programme est un logiciel libre ; This software is free and open source`
Line 67...	Line 67...
67	`DB_USER="radius" # nom de l'utilisateur de la base de données`	67	`DB_USER="radius" # nom de l'utilisateur de la base de données`
68	`# ***** Network parameters - paramètres réseau *****`	68	`# ***** Network parameters - paramètres réseau *****`
69	`HOSTNAME="alcasar" #`	69	`HOSTNAME="alcasar" #`
70	`DOMAIN="localdomain" # domaine local`	70	`DOMAIN="localdomain" # domaine local`
71	`EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI)`	71	`EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI)`
72	`MTU="1492"`	72	`MTU="1500"`
73	`ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'`	73	`ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'`
74	`INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation`	74	`INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation`
75	`DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # adresse d'ALCASAR (+masque) proposée par défaut sur le réseau de consultation`	75	`DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # adresse d'ALCASAR (+masque) proposée par défaut sur le réseau de consultation`
76	`# **** Paths - chemin des commandes *****`	76	`# **** Paths - chemin des commandes *****`
77	`SED="/bin/sed -i"`	77	`SED="/bin/sed -i"`
Line 422...	Line 422...
422	`IPV6INIT=no`	422	`IPV6INIT=no`
423	`IPV6TO4INIT=no`	423	`IPV6TO4INIT=no`
424	`ACCOUNTING=no`	424	`ACCOUNTING=no`
425	`USERCTL=no`	425	`USERCTL=no`
426	`MTU=$MTU`	426	`MTU=$MTU`
427	`#ETHTOOL_OPTS=$ETHTOOL_OPTS`	-
428	`EOF`	427	`EOF`
429	`# Config eth1 (consultation LAN) in normal mode`	428	`# Config eth1 (consultation LAN) in normal mode`
430	`cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF`	429	`cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF`
431	`DEVICE=$INTIF`	430	`DEVICE=$INTIF`
432	`BOOTPROTO=static`	431	`BOOTPROTO=static`
Line 435...	Line 434...
435	`MII_NOT_SUPPORTED=yes`	434	`MII_NOT_SUPPORTED=yes`
436	`IPV6INIT=no`	435	`IPV6INIT=no`
437	`IPV6TO4INIT=no`	436	`IPV6TO4INIT=no`
438	`ACCOUNTING=no`	437	`ACCOUNTING=no`
439	`USERCTL=no`	438	`USERCTL=no`
-		439	`ETHTOOL_OPTS=$ETHTOOL_OPTS`
440	`EOF`	440	`EOF`
441	`# Config of eth1 in bypass mode (see "alcasar-bypass.sh")`	441	`# Config of eth1 in bypass mode (see "alcasar-bypass.sh")`
442	`cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF`	442	`cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF`
443	`DEVICE=$INTIF`	443	`DEVICE=$INTIF`
444	`BOOTPROTO=static`	444	`BOOTPROTO=static`
Line 484...	Line 484...
484	`EOF`	484	`EOF`
485	`[ -e /etc/host.deny.default ] \|\| cp /etc/hosts.deny /etc/hosts.deny.default`	485	`[ -e /etc/host.deny.default ] \|\| cp /etc/hosts.deny /etc/hosts.deny.default`
486	`cat <<EOF > /etc/hosts.deny`	486	`cat <<EOF > /etc/hosts.deny`
487	`ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" \| /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &`	487	`ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" \| /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &`
488	`EOF`	488	`EOF`
-		489	`read a`
-		490	`# modify "network-functions" Mageia script (waiting for bug fix bugzilla:10623)`
-		491	`$SED "s?/sbin/ethtool?/usr/sbin/ethtool?g" /etc/sysconfig/network-scripts/network-functions`
489	`# Firewall config`	492	`# Firewall config`
490	`$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`	493	`$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`
491	`$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`	494	`$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh`
492	`chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)`	495	`chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)`
493	`# create the filter exception file and ip_bloqued file`	496	`# create the filter exception file and ip_bloqued file`
Line 495...	Line 498...
495	`# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)`	498	`# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)`
496	`echo "#$PUBLIC_NETWORK/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked`	499	`echo "#$PUBLIC_NETWORK/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked`
497	`# load conntrack ftp module`	500	`# load conntrack ftp module`
498	`[ -e /etc/modprobe.preload.default ] \|\| cp /etc/modprobe.preload /etc/modprobe.preload.default`	501	`[ -e /etc/modprobe.preload.default ] \|\| cp /etc/modprobe.preload /etc/modprobe.preload.default`
499	`echo "ip_conntrack_ftp" >> /etc/modprobe.preload`	502	`echo "ip_conntrack_ftp" >> /etc/modprobe.preload`
-		503	`#`
500	`# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh`	504	`# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh`
501	`} # End of network ()`	505	`} # End of network ()`
502		506
503	`##################################################################`	507	`##################################################################`
504	`## Fonction gestion ##`	508	`## Fonction gestion ##`
Line 996...	Line 1000...
996	`#dhcpgatewayport`	1000	`#dhcpgatewayport`
997	`EOF`	1001	`EOF`
998	`# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0)`	1002	`# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0)`
999	`echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers`	1003	`echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers`
1000	`# create files for trusted domains and urls`	1004	`# create files for trusted domains and urls`
1001	`cp -f $DIR_CONF/etc/alcasar-uam* $DIR_DEST_ETC/.`	1005	`# cp -f $DIR_CONF/etc/alcasar-uam* $DIR_DEST_ETC/.`
1002	`# touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain`	1006	`touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain`
1003	`chown root:apache $DIR_DEST_ETC/alcasar-*`	1007	`chown root:apache $DIR_DEST_ETC/alcasar-*`
1004	`chmod 660 $DIR_DEST_ETC/alcasar-*`	1008	`chmod 660 $DIR_DEST_ETC/alcasar-*`
1005	`# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli)`	1009	`# Configuration des fichier WEB d'interception (secret partagé avec coova-chilli)`
1006	`$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php`	1010	`$SED "s?^\$uamsecret =.*?\$uamsecret = \"$secretuam\";?g" $DIR_WEB/intercept.php`
1007	`$SED "s?^\$userpassword=1.*?\$userpassword=1;?g" $DIR_WEB/intercept.php`	1011	`$SED "s?^\$userpassword=1.*?\$userpassword=1;?g" $DIR_WEB/intercept.php`
Line 1793...	Line 1797...
1793	`mode="install"`	1797	`mode="install"`
1794	`fi`	1798	`fi`
1795	`for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_awstats param_dnsmasq BL cron post_install`	1799	`for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_awstats param_dnsmasq BL cron post_install`
1796	`do`	1800	`do`
1797	`$func`	1801	`$func`
1798	`# echo "* 'debug' : end of function $func *"; read a`	1802	`echo "* 'debug' : end of function $func *"; read a`
1799	`done`	1803	`done`
1800	`;;`	1804	`;;`
1801	`-u \| --uninstall)`	1805	`-u \| --uninstall)`
1802	`if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]`	1806	`if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]`
1803	`then`	1807	`then`

Subversion Repositories ALCASAR

(root)/alcasar.sh – Rev 1144 → 1148