| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 1419 2014-07-24 15:40:16Z richard $
|
2 |
# $Id: alcasar.sh 1452 2014-09-19 13:21:07Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
|
5 |
|
| 6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
| 7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
| Line 1293... |
Line 1293... |
| 1293 |
[ -e /lib/systemd/system/ulogd-$log_type.service ] || cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-$log_type.service
|
1293 |
[ -e /lib/systemd/system/ulogd-$log_type.service ] || cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-$log_type.service
|
| 1294 |
[ -e /var/log/firewall/$log_type.log ] || echo "" > /var/log/firewall/$log_type.log
|
1294 |
[ -e /var/log/firewall/$log_type.log ] || echo "" > /var/log/firewall/$log_type.log
|
| 1295 |
cp -f $DIR_CONF/ulogd-sample.conf /etc/ulogd-$log_type.conf
|
1295 |
cp -f $DIR_CONF/ulogd-sample.conf /etc/ulogd-$log_type.conf
|
| 1296 |
$SED "s?^nlgroup=.*?nlgroup=$nl?g" /etc/ulogd-$log_type.conf
|
1296 |
$SED "s?^nlgroup=.*?nlgroup=$nl?g" /etc/ulogd-$log_type.conf
|
| 1297 |
cat << EOF >> /etc/ulogd-$log_type.conf
|
1297 |
cat << EOF >> /etc/ulogd-$log_type.conf
|
| 1298 |
[LOGEMU]
|
1298 |
[emu1]
|
| 1299 |
file="/var/log/firewall/$log_type.log"
|
1299 |
file="/var/log/firewall/$log_type.log"
|
| 1300 |
sync=1
|
1300 |
sync=1
|
| 1301 |
EOF
|
1301 |
EOF
|
| 1302 |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -d -c /etc/ulogd-$log_type.conf?g" /lib/systemd/system/ulogd-$log_type.service
|
1302 |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -u ulogd -c /etc/ulogd-$log_type.conf $ULOGD_OPTIONS?g" /lib/systemd/system/ulogd-$log_type.service
|
| 1303 |
nl=`expr $nl + 1`
|
1303 |
nl=`expr $nl + 1`
|
| 1304 |
done
|
1304 |
done
|
| 1305 |
chown -R root:apache /var/log/firewall
|
1305 |
chown -R root:apache /var/log/firewall
|
| 1306 |
chmod 750 /var/log/firewall
|
1306 |
chmod 750 /var/log/firewall
|
| 1307 |
chmod 640 /var/log/firewall/*
|
1307 |
chmod 640 /var/log/firewall/*
|
| Line 1692... |
Line 1692... |
| 1692 |
#Creation dossier de log Gammu-smsd
|
1692 |
#Creation dossier de log Gammu-smsd
|
| 1693 |
[ -e /var/log/gammu-smsd ] || mkdir /var/log/gammu-smsd
|
1693 |
[ -e /var/log/gammu-smsd ] || mkdir /var/log/gammu-smsd
|
| 1694 |
chmod 755 /var/log/gammu-smsd
|
1694 |
chmod 755 /var/log/gammu-smsd
|
| 1695 |
|
1695 |
|
| 1696 |
#Edition du script sql gammu <-> radius
|
1696 |
#Edition du script sql gammu <-> radius
|
| 1697 |
$SED "10c u_db=\"$DB_USER\"" $DIR_DEST_BIN/alcasar-sms.sh
|
1697 |
$SED "s/^u_db=\".*/u_db=\"$DB_USER\"/g" $DIR_DEST_BIN/alcasar-sms.sh
|
| 1698 |
$SED "11c p_db=\"$radiuspwd\"" $DIR_DEST_BIN/alcasar-sms.sh
|
1698 |
$SED "s/^p_db=\".*/p_db=\"$radiuspwd\"/g" $DIR_DEST_BIN/alcasar-sms.sh
|
| 1699 |
|
1699 |
|
| 1700 |
#Création de la règle udev pour les Huawei // idVendor: 12d1
|
1700 |
#Création de la règle udev pour les Huawei // idVendor: 12d1
|
| 1701 |
cat << EOF > /etc/udev/rules.d/66-huawei.rules
|
1701 |
cat << EOF > /etc/udev/rules.d/66-huawei.rules
|
| 1702 |
KERNEL=="ttyUSB0",ATTRS{idVendor}=="12d1",RUN+="/usr/local/bin/alcasar-sms.sh --mode"
|
1702 |
KERNEL=="ttyUSB0",ATTRS{idVendor}=="12d1",RUN+="/usr/local/bin/alcasar-sms.sh --mode"
|
| 1703 |
EOF
|
1703 |
EOF
|
| Line 1791... |
Line 1791... |
| 1791 |
for i in havp
|
1791 |
for i in havp
|
| 1792 |
do
|
1792 |
do
|
| 1793 |
/sbin/chkconfig --add $i
|
1793 |
/sbin/chkconfig --add $i
|
| 1794 |
done
|
1794 |
done
|
| 1795 |
# processes launched at boot time (Systemctl)
|
1795 |
# processes launched at boot time (Systemctl)
|
| 1796 |
for i in alcasar-load_balancing mysqld httpd ntpd iptables ulogd dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban
|
1796 |
for i in alcasar-load_balancing mysqld httpd ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban
|
| 1797 |
do
|
1797 |
do
|
| 1798 |
systemctl -q enable $i.service
|
1798 |
systemctl -q enable $i.service
|
| 1799 |
done
|
1799 |
done
|
| - |
|
1800 |
|
| - |
|
1801 |
# disable processes at boot time (Systemctl)
|
| - |
|
1802 |
for i in ulogd
|
| - |
|
1803 |
do
|
| - |
|
1804 |
systemctl -q disable $i.service
|
| - |
|
1805 |
done
|
| - |
|
1806 |
|
| 1800 |
# Apply French Security Agency (ANSSI) rules
|
1807 |
# Apply French Security Agency (ANSSI) rules
|
| 1801 |
# ignore ICMP broadcast (smurf attack)
|
1808 |
# ignore ICMP broadcast (smurf attack)
|
| 1802 |
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" > /etc/sysctl.d/alcasar.conf
|
1809 |
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" > /etc/sysctl.d/alcasar.conf
|
| 1803 |
# ignore ICMP errors bogus
|
1810 |
# ignore ICMP errors bogus
|
| 1804 |
echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" >> /etc/sysctl.d/alcasar.conf
|
1811 |
echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" >> /etc/sysctl.d/alcasar.conf
|