| Line -... |
Line 1... |
| - |
|
1 |
|
| 1 |
#!/bin/bash
|
2 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 1359 2014-05-23 16:15:57Z richard $
|
3 |
# $Id: alcasar.sh 1361 2014-05-25 22:08:44Z richard $
|
| 3 |
|
4 |
|
| 4 |
# alcasar.sh
|
5 |
# alcasar.sh
|
| 5 |
|
6 |
|
| 6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
7 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
| 7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
8 |
# Ce programme est un logiciel libre ; This software is free and open source
|
| Line 118... |
Line 119... |
| 118 |
fi
|
119 |
fi
|
| 119 |
if [ $Lang == "fr" ]
|
120 |
if [ $Lang == "fr" ]
|
| 120 |
then echo -n "Tests des paramètres réseau : "
|
121 |
then echo -n "Tests des paramètres réseau : "
|
| 121 |
else echo -n "Network parameters tests : "
|
122 |
else echo -n "Network parameters tests : "
|
| 122 |
fi
|
123 |
fi
|
| - |
|
124 |
# We test gw
|
| - |
|
125 |
if [ "$EXTIF" == "" ]
|
| - |
|
126 |
then
|
| - |
|
127 |
if [ $Lang == "fr" ]
|
| - |
|
128 |
then
|
| - |
|
129 |
echo "L'adresse du routeur n'est pas configuré"
|
| - |
|
130 |
else
|
| - |
|
131 |
echo "The gateway address isn't set"
|
| - |
|
132 |
fi
|
| - |
|
133 |
exit 0
|
| - |
|
134 |
fi
|
| 123 |
# We test EXTIF config files
|
135 |
# We test EXTIF config files
|
| 124 |
|
- |
|
| 125 |
PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
|
136 |
PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
|
| 126 |
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
|
137 |
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
|
| 127 |
if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
|
138 |
if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
|
| 128 |
then
|
139 |
then
|
| 129 |
if [ $Lang == "fr" ]
|
140 |
if [ $Lang == "fr" ]
|
| Line 1263... |
Line 1274... |
| 1263 |
bogus-priv
|
1274 |
bogus-priv
|
| 1264 |
filterwin2k
|
1275 |
filterwin2k
|
| 1265 |
address=/#/$PRIVATE_IP
|
1276 |
address=/#/$PRIVATE_IP
|
| 1266 |
EOF
|
1277 |
EOF
|
| 1267 |
# Create dnsmasq-blacklist and dnsmasq-whitelist unit
|
1278 |
# Create dnsmasq-blacklist and dnsmasq-whitelist unit
|
| - |
|
1279 |
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service
|
| 1268 |
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service /lib/systemd/system/dnsmasq-whitelist.service
|
1280 |
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-whitelist.service
|
| 1269 |
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service
|
1281 |
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service
|
| 1270 |
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
|
1282 |
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
|
| 1271 |
# TODO Start after chilli which create tun0
|
1283 |
# TODO Start after chilli which create tun0
|
| 1272 |
# $SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq
|
1284 |
# $SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq
|
| 1273 |
} # End dnsmasq
|
1285 |
} # End dnsmasq
|
| Line 1509... |
Line 1521... |
| 1509 |
done
|
1521 |
done
|
| 1510 |
# processes launched at boot time (Systemctl)
|
1522 |
# processes launched at boot time (Systemctl)
|
| 1511 |
for i in alcasar-load_balancing nfsen mysqld httpd ntpd iptables ulogd dnsmasq radiusd dansguardian freshclam
|
1523 |
for i in alcasar-load_balancing nfsen mysqld httpd ntpd iptables ulogd dnsmasq radiusd dansguardian freshclam
|
| 1512 |
|
1524 |
|
| 1513 |
do
|
1525 |
do
|
| 1514 |
systemctl enable $i
|
1526 |
systemctl -q enable $i
|
| 1515 |
done
|
1527 |
done
|
| 1516 |
# Apply French Security Agency (ANSSI) rules
|
1528 |
# Apply French Security Agency (ANSSI) rules
|
| 1517 |
# ignorer les broadcast ICMP. (attaque smurf)
|
1529 |
# ignorer les broadcast ICMP. (attaque smurf)
|
| 1518 |
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
|
1530 |
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
|
| 1519 |
# ignorer les erreurs ICMP bogus
|
1531 |
# ignorer les erreurs ICMP bogus
|
| Line 1521... |
Line 1533... |
| 1521 |
# désactiver l'envoi et la réponse aux ICMP redirects
|
1533 |
# désactiver l'envoi et la réponse aux ICMP redirects
|
| 1522 |
sysctl -w net.ipv4.conf.all.accept_redirects=0
|
1534 |
sysctl -w net.ipv4.conf.all.accept_redirects=0
|
| 1523 |
accept_redirect=`grep accept_redirect /etc/sysctl.conf|wc -l`
|
1535 |
accept_redirect=`grep accept_redirect /etc/sysctl.conf|wc -l`
|
| 1524 |
if [ "$accept_redirect" == "0" ]
|
1536 |
if [ "$accept_redirect" == "0" ]
|
| 1525 |
then
|
1537 |
then
|
| 1526 |
echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
|
1538 |
echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.d/alcasar.conf
|
| 1527 |
else
|
1539 |
else
|
| 1528 |
$SED "s?accept_redirects.*?accept_redirects = 0?g" /etc/sysctl.conf
|
1540 |
$SED "s?accept_redirects.*?accept_redirects = 0?g" /etc/sysctl.conf
|
| 1529 |
fi
|
1541 |
fi
|
| 1530 |
sysctl -w net.ipv4.conf.all.send_redirects=0
|
1542 |
sysctl -w net.ipv4.conf.all.send_redirects=0
|
| 1531 |
send_redirect=`grep send_redirect /etc/sysctl.conf|wc -l`
|
1543 |
send_redirect=`grep send_redirect /etc/sysctl.conf|wc -l`
|
| Line 1858... |
Line 1870... |
| 1858 |
mode="install"
|
1870 |
mode="install"
|
| 1859 |
fi
|
1871 |
fi
|
| 1860 |
for func in init network ACC CA init_db param_radius param_web_radius param_chilli param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron fail2ban post_install
|
1872 |
for func in init network ACC CA init_db param_radius param_web_radius param_chilli param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron fail2ban post_install
|
| 1861 |
do
|
1873 |
do
|
| 1862 |
$func
|
1874 |
$func
|
| 1863 |
# echo "*** 'debug' : end of function $func ***"; read a
|
1875 |
echo "*** 'debug' : end of function $func ***"; read a
|
| 1864 |
done
|
1876 |
done
|
| 1865 |
;;
|
1877 |
;;
|
| 1866 |
-u | --uninstall)
|
1878 |
-u | --uninstall)
|
| 1867 |
if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]
|
1879 |
if [ ! -e $DIR_DEST_SBIN/alcasar-uninstall.sh ]
|
| 1868 |
then
|
1880 |
then
|