Subversion Repositories ALCASAR

Rev

Rev 1353 | Rev 1356 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1353 Rev 1355
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
#  $Id: alcasar.sh 1353 2014-05-19 16:59:51Z richard $
2 
#  $Id: alcasar.sh 1355 2014-05-20 15:03:10Z richard $
3 
 
 3 
 
4 
# alcasar.sh
 4 
# alcasar.sh
5 
 
 5 
 
6 
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
6 
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
7 
# Ce programme est un logiciel libre ; This software is free and open source
 7 
# Ce programme est un logiciel libre ; This software is free and open source
Line 696... Line 696...
696 
## - Import des tables de comptabilité (mtotacct, totacct) et info_usagers (userinfo)	##
 696 
## - Import des tables de comptabilité (mtotacct, totacct) et info_usagers (userinfo)	##
697 
##       ces table proviennent de 'dialupadmin' (paquetage freeradius-web)		##
 697 
##       ces table proviennent de 'dialupadmin' (paquetage freeradius-web)		##
698 
##########################################################################################
 698 
##########################################################################################
699 
init_db ()
 699 
init_db ()
700 
{
 700 
{
701 
	mkdir -p /var/lib/mysql/.tmp
 - 
 
702 
	chown -R mysql:mysql /var/lib/mysql/
 - 
 
703 
	[ -e /etc/my.cnf.rpmnew ] && mv /etc/my.cnf.rpmnew /etc/my.cnf		# prend en compte les migrations de MySQL
 701 
	rm -rf /var/lib/mysql # to be sure that there is no former installation
704 
	[ -e /etc/my.cnf.default ] || cp /etc/my.cnf /etc/my.cnf.default
 702 
	[ -e /etc/my.cnf.default ] || cp /etc/my.cnf /etc/my.cnf.default
705 
	$SED "s?^#bind-address.*?bind-address=127.0.0.1?g" /etc/my.cnf
 703 
	$SED "s?^#bind-address.*?bind-address=127.0.0.1?g" /etc/my.cnf
- 
 
 704 
	$SED "s?^tmpdir.*?tmpdir=/tmp?g" /etc/my.cnf
706 
	systemctl start mysqld.service
 705 
	systemctl start mysqld.service
707 
	sleep 4
 706 
	sleep 4
708 
	mysqladmin -u root password $mysqlpwd
 707 
	mysqladmin -u root password $mysqlpwd
709 
	MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
 708 
	MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
710 
# Delete exemple databases if exist
 709 
# Secure the server
711 
	$MYSQL="DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;CONNECT mysql;DELETE from user where user='';FLUSH PRIVILEGES;"
710 
	$MYSQL="DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;"
- 
 
 711 
	$MYSQL="CONNECT mysql;DELETE from user where User='';DELETE FROM user WHERE User='root' AND Host NOT IN ('localhost','127.0.0.1','::1');FLUSH PRIVILEGES;"
712 
# Create 'radius' database
 712 
# Create 'radius' database
713 
	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES;"
 713 
	$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES;"
714 
# Add an empty radius database structure
 714 
# Add an empty radius database structure
715 
	mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/radiusd-db-vierge.sql
 715 
	mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/radiusd-db-vierge.sql
716 
# modify the start script in order to close accounting connexion when the system is comming down or up
 716 
# modify the start script in order to close accounting connexion when the system is comming down or up
717 
	[ -e /etc/init.d/mysqld.default ] || cp /etc/init.d/mysqld /etc/init.d/mysqld.default
 717 
	[ -e /usr/lib/systemd/system/mysqld.service.default ] || cp /usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/mysqld.service.default
718 
	$SED "/wait_for_pid created/a echo \"Flush ALCASAR open accounting sessions\"; /usr/local/sbin/alcasar-mysql.sh -acct_stop" /etc/init.d/mysqld
 718 
	$SED "/ExecStartPost=/a ExecStartPost=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
719 
	$SED "/'stop')/a echo \"Flush ALCASAR open accounting sessions\"; /usr/local/sbin/alcasar-mysql.sh -acct_stop" /etc/init.d/mysqld
 719 
	$SED "/ExecStartPost=/a ExecStop=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
- 
 
 720 
	systemctl daemon-reload
720 
} # End init_db ()
 721 
} # End init_db ()
721 
 
 722 
 
722 
##########################################################################
 723 
##########################################################################
723 
##			Fonction "param_radius"				##
 724 
##			Fonction "param_radius"				##
724 
## - Paramètrage des fichiers de configuration FreeRadius		##
 725 
## - Paramètrage des fichiers de configuration FreeRadius		##
Line 774... Line 775...
774 
# counter.conf modification (change the Max-All-Session-Time counter)
 775 
# counter.conf modification (change the Max-All-Session-Time counter)
775 
	[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default
 776 
	[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default
776 
	cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf
 777 
	cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf
777 
	chown -R radius:radius /etc/raddb/sql/mysql/*
 778 
	chown -R radius:radius /etc/raddb/sql/mysql/*
778 
# insures that mysql is up before radius start
 779 
# insures that mysql is up before radius start
779 
	$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
 780 
	$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /usr/lib/systemd/system/radiusd.service
780 
 
 781 
 
781 
} # End param_radius ()
 782 
} # End param_radius ()
782 
 
 783 
 
783 
##########################################################################
 784 
##########################################################################
784 
##			Function "param_web_radius"			##
 785 
##			Function "param_web_radius"			##
Line 1076... Line 1077...
1076 
	cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
 1077 
	cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
1077 
	cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
 1078 
	cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
1078 
# automatisation de la mise à jour de la base antivirale (toutes les 2 heures)
 1079 
# automatisation de la mise à jour de la base antivirale (toutes les 2 heures)
1079 
	$SED "s?^Checks.*?Checks 12?g" /etc/freshclam.conf
 1080 
	$SED "s?^Checks.*?Checks 12?g" /etc/freshclam.conf
1080 
	$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
 1081 
	$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
1081 
# Virus database update
 1082 
# Copy of the main virus database
1082 
	rm -f /var/lib/clamav/*.cld # in case of old database scheme
 1083 
	rm -f /var/lib/clamav/*.cld # in case of old database scheme
1083 
	cp -f $DIR_CONF/clamav-main.cvd /var/lib/clamav/main.cvd
 1084 
	cp -f $DIR_CONF/clamav-main.cvd /var/lib/clamav/main.cvd
1084 
	/usr/bin/freshclam
 - 
 
1085 
}
 1085 
}
1086 
 
 1086 
 
1087 
##################################################################################
 1087 
##################################################################################
1088 
##			function "param_ulogd"					##
 1088 
##			function "param_ulogd"					##
1089 
## - Ulog config for multi-log files 						##
 1089 
## - Ulog config for multi-log files 						##
Line 1154... Line 1154...
1154 
	cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
 1154 
	cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
1155 
	sudo -u apache nftrack -I -d /var/log/netflow/porttracker
 1155 
	sudo -u apache nftrack -I -d /var/log/netflow/porttracker
1156 
	chown -R apache:www-data /var/log/netflow/porttracker/
 1156 
	chown -R apache:www-data /var/log/netflow/porttracker/
1157 
	chmod -R 775 /var/log/netflow/porttracker
 1157 
	chmod -R 775 /var/log/netflow/porttracker
1158 
#Configuration du fichier de conf d'apache
 1158 
#Configuration du fichier de conf d'apache
1159 
	if [ -f /etc/httpd/conf.d/nfsen.conf ];then
 1159 
	if [ -f /etc/httpd/conf/conf.d/nfsen.conf ];then
1160 
		rm -f /etc/httpd/conf.d/nfsen.conf
 1160 
		rm -f /etc/httpd/conf/conf.d/nfsen.conf
1161 
	fi
 1161 
	fi
1162 
	cat <<EOF >> /etc/httpd/conf.d/nfsen.conf
 1162 
	cat <<EOF >> /etc/httpd/conf/conf.d/nfsen.conf
1163 
Alias /nfsen /var/www/nfsen
1163 
Alias /nfsen /var/www/nfsen
1164 
<Directory /var/www/nfsen/>
1164 
<Directory /var/www/nfsen/>
1165 
DirectoryIndex nfsen.php
1165 
DirectoryIndex nfsen.php
1166 
Options -Indexes
1166 
Options -Indexes
1167 
AllowOverride all
1167 
AllowOverride all
Line 1477... Line 1477...
1477 
 
 1477 
 
1478 
[Install]
 1478 
[Install]
1479 
WantedBy=multi-user.target
 1479 
WantedBy=multi-user.target
1480 
EOF
 1480 
EOF
1481 
# processes launched at boot time (SYSV)
 1481 
# processes launched at boot time (SYSV)
1482 
	for i in ntpd iptables ulogd dnsmasq chilli httpd radiusd netfs dansguardian havp freshclam
 1482 
	for i in chilli netfs havp
1483 
	do
 1483 
	do
1484 
		/sbin/chkconfig --add $i
 1484 
		/sbin/chkconfig --add $i
1485 
	done
 1485 
	done
1486 
# processes launched at boot time (Systemctl)
 1486 
# processes launched at boot time (Systemctl)
1487 
	for i in alcasar-load_balancing.service nfsen.service mysqld.service
 1487 
	for i in alcasar-load_balancing nfsen mysqld httpd ntpd iptables ulogd dnsmasq radiusd dansguardian freshclam
1488 
 
 1488 
 
1489 
	do
 1489 
	do
1490 
		systemctl enable $i
 1490 
		systemctl enable $i
1491 
	done
 1491 
	done
1492 
# Apply French Security Agency (ANSSI) rules
 1492 
# Apply French Security Agency (ANSSI) rules