WebSVN – ALCASAR – Diff – /alcasar.sh

 #!/bin/bash
-#  $Id: alcasar.sh 1214 2013-09-18 16:01:28Z crox53 $
+#  $Id: alcasar.sh 1215 2013-09-18 22:08:14Z richard $
 # alcasar.sh
 # ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
 # Ce programme est un logiciel libre ; This software is free and open source
 ##              Fonction param_nfsen			##
 ##########################################################
 param_nfsen()
+{
 #Decompression tarball
-tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
+	tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
 #Création groupe et utilisteur
-if grep "^www-data:" /etc/group > /dev/null; then
+	if grep "^www-data:" /etc/group > /dev/null; then
-	echo "Group already exists !"
+		echo "Group already exists !"
-else
+	else
-	groupadd www-data
+		groupadd www-data
-	echo "Group 'www-data' created !"
+		echo "Group 'www-data' created !"
-fi
+	fi
-if grep "^nfsen:" /etc/passwd > /dev/null; then
+	if grep "^nfsen:" /etc/passwd > /dev/null; then
-	echo "User already exists !"
+		echo "User already exists !"
-else
+	else
-	useradd -m nfsen
+		useradd -m nfsen
-	echo "User 'nfsen' created !"
+		echo "User 'nfsen' created !"
-fi
+	fi
-usermod -G www-data nfsen
+	usermod -G www-data nfsen
 #Ajout du plugin nfsen : PortTracker
-mkdir -p /var/www/nfsen/plugins
+	mkdir -p /var/www/nfsen/plugins
-chown -R nfsen:www-data /var/www/nfsen
+	chown -R nfsen:www-data /var/www/nfsen
 #Ajout du plugin PortTracker
-mkdir -p /var/log/netflow/porttracker
+	mkdir -p /var/log/netflow/porttracker /usr/share/nfsen/plugins
-mkdir -p /usr/share/nfsen/plugins
-chown -R apache:apache /usr/share/nfsen
+	chown -R apache:apache /var/log/netflow/porttracker /usr/share/nfsen
-cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
+	cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
-chown apache /var/log/netflow/porttracker
 #Copie du fichier de conf modifié de nfsen
-cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
+	cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
 #Copie du script d'initialisation de nfsen
-cp $DIR_CONF/nfsen/nfsen.service /lib/systemd/system/
+	cp $DIR_CONF/nfsen/nfsen.service /lib/systemd/system/
-systemctl enable nfsen.service
 #Installation de nfsen via le scrip Perl
-DirTmp=$(pwd)
+	DirTmp=$(pwd)
-cd /tmp/nfsen-1.3.6p1/
+	cd /tmp/nfsen-1.3.6p1/
-/usr/bin/perl5 install.pl etc/nfsen.conf #script lancé deux fois pour corriger,
+	/usr/bin/perl5 install.pl etc/nfsen.conf #script lancé deux fois pour corriger,
-/usr/bin/perl5 install.pl etc/nfsen.conf #un problème Perl : "Semaphore introuvable"
+	/usr/bin/perl5 install.pl etc/nfsen.conf #un problème Perl : "Semaphore introuvable"
 #Création de la DB pour rrdtool
-cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
+	cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
-cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
+	cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
-sudo -u apache nftrack -I -d /var/log/netflow/porttracker
+	sudo -u apache nftrack -I -d /var/log/netflow/porttracker
-chown -R apache:www-data /var/log/netflow/porttracker/
+	chown -R apache:www-data /var/log/netflow/porttracker/
-chmod -R 775 /var/log/netflow/porttracker
+	chmod -R 775 /var/log/netflow/porttracker
 #Configuration du fichier de conf d'apache
-if [ -f /etc/httpd/conf.d/nfsen.conf ];then
+	if [ -f /etc/httpd/conf.d/nfsen.conf ];then
-	rm -f /etc/httpd/conf.d/nfsen.conf
+		rm -f /etc/httpd/conf.d/nfsen.conf
-fi
+	fi
-cat <<EOF >> /etc/httpd/conf.d/nfsen.conf
+	cat <<EOF >> /etc/httpd/conf.d/nfsen.conf
 Alias /nfsen /var/www/nfsen
 <Directory /var/www/nfsen/>
 DirectoryIndex nfsen.php
 Options -Indexes
 AllowOverride all
 php_flag magic_quotes_gpc on
 php_flag track_vars on
 </Directory>
 EOF
 #Configuration du délais d'expiration des captures du profile "live"
-nfsen -m live -e 62d
+	nfsen -m live -e 62d
 #Suppression des sources de nfsen
-cd $DirTmp
+	cd $DirTmp
-rm -rf /tmp/nfsen-1.3.6p1/
+	rm -rf /tmp/nfsen-1.3.6p1/
 } # End of param_nfsen
 ##########################################################
 ##		Fonction param_dnsmasq			##
 ##########################################################
 server=$DNS1
 server=$DNS2
 EOF
 # Init file modification
-[ -e /etc/init.d/dnsmasq.default ] || cp /etc/init.d/dnsmasq /etc/init.d/dnsmasq.default
+	[ -e /etc/init.d/dnsmasq.default ] || cp /etc/init.d/dnsmasq /etc/init.d/dnsmasq.default
 # Start and stop a 2nd process for the "DNS blackhole"
-cp -f $DIR_CONF/dnsmasq /etc/init.d/dnsmasq
+	cp -f $DIR_CONF/dnsmasq /etc/init.d/dnsmasq
 # Start after chilli (65) which create tun0
-$SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq
+	$SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq
 # Optionnellement on pré-active les logs DNS des clients
-[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
+	[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
-$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g"  /etc/sysconfig/dnsmasq
+	$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g"  /etc/sysconfig/dnsmasq
 # Optionnellement, exemple de paramètre supplémentaire pour le cache memoire
-echo '#OPTIONS="$OPTIONS --cache-size=250"' >> /etc/sysconfig/dnsmasq
+	echo '#OPTIONS="$OPTIONS --cache-size=250"' >> /etc/sysconfig/dnsmasq
 # Optionnellement, exemple de configuration avec un A.D.
-echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.3"' >> /etc/sysconfig/dnsmasq
+	echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.3"' >> /etc/sysconfig/dnsmasq
 } # End dnsmasq
 ##########################################################
 ##		Fonction BL (BlackList)			##
 ##########################################################
 	do
 	      find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
 	done
 # export des logs en 'retard' dans /var/Save/logs
 	/usr/local/bin/alcasar-log.sh --export
-# processus lancés par défaut au démarrage
+# creation of the unit of alcasar-load_balancing
-	for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam nfsen
-	do
-		/sbin/chkconfig --add $i
-	done
-cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
+	cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
 #  This file is part of systemd.
+#
 #  systemd is free software; you can redistribute it and/or modify it
 #  under the terms of the GNU General Public License as published by
 #  the Free Software Foundation; either version 2 of the License, or
 SysVStartPriority=99
 [Install]
 WantedBy=multi-user.target
 EOF
+# process launch at boot time
+	for service in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam
+	do
+		/sbin/chkconfig --add $service
+	done
-systemctl enable alcasar-load_balancing.service
+	for service in alcasar-load_balancing.service nfsen.service
+	do
+		 /bin/systemctl enable $service
+	done
 # On applique les préconisations ANSSI
 # Apply French Security Agency rules
 # ignorer les broadcast ICMP. (attaque smurf)
-sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
+	sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
 # ignorer les erreurs ICMP bogus
-sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
+	sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
 # désactiver l'envoi et la réponse aux ICMP redirects
-sysctl -w net.ipv4.conf.all.accept_redirects=0
+	sysctl -w net.ipv4.conf.all.accept_redirects=0
-accept_redirect=`grep accept_redirect /etc/sysctl.conf|wc -l`
+	accept_redirect=`grep accept_redirect /etc/sysctl.conf|wc -l`
 	if [ "$accept_redirect" == "0" ]
 	then
 		echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
 	else
 		$SED "s?accept_redirects.*?accept_redirects = 0?g" /etc/sysctl.conf

Subversion Repositories ALCASAR

(root)/alcasar.sh – Rev 1214 → 1215