| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 1356 2014-05-21 17:14:46Z richard $
|
2 |
# $Id: alcasar.sh 1357 2014-05-22 15:10:39Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
|
5 |
|
| 6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
| 7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
| Line 712... |
Line 712... |
| 712 |
# Create 'radius' database
|
712 |
# Create 'radius' database
|
| 713 |
$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES;"
|
713 |
$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES;"
|
| 714 |
# Add an empty radius database structure
|
714 |
# Add an empty radius database structure
|
| 715 |
mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/radiusd-db-vierge.sql
|
715 |
mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/radiusd-db-vierge.sql
|
| 716 |
# modify the start script in order to close accounting connexion when the system is comming down or up
|
716 |
# modify the start script in order to close accounting connexion when the system is comming down or up
|
| 717 |
[ -e /usr/lib/systemd/system/mysqld.service.default ] || cp /usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/mysqld.service.default
|
717 |
[ -e /lib/systemd/system/mysqld.service.default ] || cp /lib/systemd/system/mysqld.service /lib/systemd/system/mysqld.service.default
|
| 718 |
$SED "/ExecStartPost=/a ExecStartPost=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
|
718 |
$SED "/ExecStartPost=/a ExecStartPost=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service
|
| 719 |
$SED "/ExecStartPost=/a ExecStop=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
|
719 |
$SED "/ExecStartPost=/a ExecStop=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
|
| 720 |
systemctl daemon-reload
|
720 |
systemctl daemon-reload
|
| 721 |
} # End init_db ()
|
721 |
} # End init_db ()
|
| 722 |
|
722 |
|
| 723 |
##########################################################################
|
723 |
##########################################################################
|
| Line 775... |
Line 775... |
| 775 |
# counter.conf modification (change the Max-All-Session-Time counter)
|
775 |
# counter.conf modification (change the Max-All-Session-Time counter)
|
| 776 |
[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default
|
776 |
[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default
|
| 777 |
cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf
|
777 |
cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf
|
| 778 |
chown -R radius:radius /etc/raddb/sql/mysql/*
|
778 |
chown -R radius:radius /etc/raddb/sql/mysql/*
|
| 779 |
# insures that mysql is up before radius start
|
779 |
# insures that mysql is up before radius start
|
| 780 |
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /usr/lib/systemd/system/radiusd.service
|
780 |
[ -e $SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
|
| 781 |
|
781 |
|
| 782 |
} # End param_radius ()
|
782 |
} # End param_radius ()
|
| 783 |
|
783 |
|
| 784 |
##########################################################################
|
784 |
##########################################################################
|
| 785 |
## Function "param_web_radius" ##
|
785 |
## Function "param_web_radius" ##
|
| Line 1037... |
Line 1037... |
| 1037 |
[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
|
1037 |
[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
|
| 1038 |
} # End of param_dansguardian ()
|
1038 |
} # End of param_dansguardian ()
|
| 1039 |
|
1039 |
|
| 1040 |
##################################################################
|
1040 |
##################################################################
|
| 1041 |
## Fonction "antivirus" ##
|
1041 |
## Fonction "antivirus" ##
|
| 1042 |
## - configuration havp + libclamav ##
|
1042 |
## - configuration of havp, libclamav and freshclam ##
|
| 1043 |
##################################################################
|
1043 |
##################################################################
|
| 1044 |
antivirus ()
|
1044 |
antivirus ()
|
| 1045 |
{
|
1045 |
{
|
| 1046 |
# création de l'usager 'havp'
|
1046 |
# création de l'usager 'havp'
|
| 1047 |
havp_exist=`grep havp /etc/passwd|wc -l`
|
1047 |
havp_exist=`grep havp /etc/passwd|wc -l`
|
| Line 1069... |
Line 1069... |
| 1069 |
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
|
1069 |
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
|
| 1070 |
echo "# Whitelist youtube flow" >> /etc/havp/whitelist
|
1070 |
echo "# Whitelist youtube flow" >> /etc/havp/whitelist
|
| 1071 |
echo "*.youtube.com/*" >> /etc/havp/whitelist
|
1071 |
echo "*.youtube.com/*" >> /etc/havp/whitelist
|
| 1072 |
# remplacement du fichier d'initialisation
|
1072 |
# remplacement du fichier d'initialisation
|
| 1073 |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
|
1073 |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
|
| 1074 |
# if keep old init file : $SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp
|
1074 |
# if keep old init file :
|
| 1075 |
cp -f $DIR_CONF/havp-init /etc/init.d/havp
|
1075 |
cp -f $DIR_CONF/havp-init /etc/init.d/havp
|
| 1076 |
# on remplace la page d'interception (template)
|
1076 |
# replace the on remplace la page d'interception (template)
|
| 1077 |
cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
|
1077 |
cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
|
| 1078 |
cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
|
1078 |
cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
|
| 1079 |
# automatisation de la mise à jour de la base antivirale (toutes les 2 heures)
|
1079 |
# update virus database every 2 hours (24h/12)
|
| - |
|
1080 |
[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
|
| 1080 |
$SED "s?^Checks.*?Checks 12?g" /etc/freshclam.conf
|
1081 |
$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
|
| 1081 |
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
|
1082 |
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
|
| - |
|
1083 |
$SED "/^DatabaseMirror/i DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
|
| - |
|
1084 |
$SED "/^DatabaseMirror/i DatabaseMirror switch.clamav.net" /etc/freshclam.conf
|
| 1082 |
# Copy of the main virus database
|
1085 |
# Copy of the main virus database
|
| 1083 |
rm -f /var/lib/clamav/*.cld # in case of old database scheme
|
1086 |
rm -f /var/lib/clamav/*.cld # in case of old database scheme
|
| 1084 |
cp -f $DIR_CONF/clamav-main.cvd /var/lib/clamav/main.cvd
|
1087 |
cp -f $DIR_CONF/clamav-main.cvd /var/lib/clamav/main.cvd
|
| - |
|
1088 |
/usr/bin/freshclam
|
| 1085 |
}
|
1089 |
}
|
| 1086 |
|
1090 |
|
| 1087 |
##################################################################################
|
1091 |
##################################################################################
|
| 1088 |
## function "param_ulogd" ##
|
1092 |
## function "param_ulogd" ##
|
| 1089 |
## - Ulog config for multi-log files ##
|
1093 |
## - Ulog config for multi-log files ##
|
| Line 1238... |
Line 1242... |
| 1238 |
filterwin2k
|
1242 |
filterwin2k
|
| 1239 |
server=$DNS1
|
1243 |
server=$DNS1
|
| 1240 |
server=$DNS2
|
1244 |
server=$DNS2
|
| 1241 |
EOF
|
1245 |
EOF
|
| 1242 |
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelis")
|
1246 |
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelis")
|
| 1243 |
cat << EOF > /etc/dnsmasq-blacklist.conf
|
1247 |
cat << EOF > /etc/dnsmasq-whitelist.conf
|
| 1244 |
# Configuration file for "dnsmasq with whitelist"
|
1248 |
# Configuration file for "dnsmasq with whitelist"
|
| 1245 |
# Inclusion de la whitelist <domains> de Toulouse dans la configuration
|
1249 |
# Inclusion de la whitelist <domains> de Toulouse dans la configuration
|
| 1246 |
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
|
1250 |
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
|
| 1247 |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # zone de definition de noms DNS locaux
|
1251 |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # zone de definition de noms DNS locaux
|
| 1248 |
listen-address=$PRIVATE_IP
|
1252 |
listen-address=$PRIVATE_IP
|