Subversion Repositories ALCASAR

Rev

Rev 1465 | Rev 1471 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1465 Rev 1469
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
#  $Id: alcasar.sh 1465 2014-09-29 16:03:10Z richard $
2 
#  $Id: alcasar.sh 1469 2014-10-30 21:58:47Z richard $
3 
 
 3 
 
4 
# alcasar.sh
 4 
# alcasar.sh
5 
 
 5 
 
6 
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
6 
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
7 
# Ce programme est un logiciel libre ; This software is free and open source
 7 
# Ce programme est un logiciel libre ; This software is free and open source
Line 68... Line 68...
68 
# ******* DBMS parameters - paramètres SGBD ********
 68 
# ******* DBMS parameters - paramètres SGBD ********
69 
DB_RADIUS="radius"				# database name used by FreeRadius server
 69 
DB_RADIUS="radius"				# database name used by FreeRadius server
70 
DB_USER="radius"				# user name allows to request the users database
 70 
DB_USER="radius"				# user name allows to request the users database
71 
DB_GAMMU="gammu"				# database name used by Gammu-smsd
 71 
DB_GAMMU="gammu"				# database name used by Gammu-smsd
72 
# ******* Network parameters - paramètres réseau *******
 72 
# ******* Network parameters - paramètres réseau *******
73 
HOSTNAME="alcasar"				#
73 
HOSTNAME="alcasar"				# default hostname
74 
DOMAIN="localdomain"				# default local domain
 74 
DOMAIN="localdomain"				# default local domain
75 
EXTIF=`/sbin/ip route|grep default|cut -d" " -f5`	# EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)
 75 
EXTIF=`/sbin/ip route|grep default|cut -d" " -f5`	# EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)
76 
INTIF=`/sbin/ip	link|grep '^[[:digit:]]:'|grep -v "lo\|$EXTIF"|cut -d" " -f2|tr -d ":"`		# INTIF is connected to the consultation network
 76 
INTIF=`/sbin/ip	link|grep '^[[:digit:]]:'|grep -v "lo\|$EXTIF"|cut -d" " -f2|tr -d ":"`		# INTIF is connected to the consultation network
77 
MTU="1500"
 77 
MTU="1500"
78 
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'
 78 
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'
Line 457... Line 457...
457 
	PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
 457 
	PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
458 
	DEFAULT_PUBLIC_NETMASK=`ipcalc -m $PUBLIC_IP | cut -d"=" -f2`
 458 
	DEFAULT_PUBLIC_NETMASK=`ipcalc -m $PUBLIC_IP | cut -d"=" -f2`
459 
	PUBLIC_NETMASK=${PUBLIC_NETMASK:=$DEFAULT_PUBLIC_NETMASK}
 459 
	PUBLIC_NETMASK=${PUBLIC_NETMASK:=$DEFAULT_PUBLIC_NETMASK}
460 
	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
 460 
	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
461 
	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
 461 
	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
- 
 
 462 
	echo "EXTIF=$EXTIF" >> $CONF_FILE
- 
 
 463 
	echo "INTIF=$INTIF" >> $CONF_FILE
462 
	echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
 464 
	echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
463 
	echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
 465 
	echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
464 
	echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
466 
	echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
465 
	echo "DNS1=$DNS1" >> $CONF_FILE
 467 
	echo "DNS1=$DNS1" >> $CONF_FILE
466 
	echo "DNS2=$DNS2" >> $CONF_FILE
 468 
	echo "DNS2=$DNS2" >> $CONF_FILE
Line 559... Line 561...
559 
EOF
 561 
EOF
560 
	[ -e /etc/host.deny.default ]  || cp /etc/hosts.deny /etc/hosts.deny.default
 562 
	[ -e /etc/host.deny.default ]  || cp /etc/hosts.deny /etc/hosts.deny.default
561 
	cat <<EOF > /etc/hosts.deny
 563 
	cat <<EOF > /etc/hosts.deny
562 
ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" | /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &
 564 
ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" | /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) &
563 
EOF
 565 
EOF
564 
# Firewall config
 - 
 
565 
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh $DIR_DEST_BIN/alcasar-conf.sh
 - 
 
566 
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh $DIR_DEST_BIN/alcasar-conf.sh
 - 
 
567 
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
 566 
	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
568 
# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)
 567 
# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW)
569 
	echo "#$PUBLIC_NETWORK/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked
 568 
	echo "#$PUBLIC_NETWORK/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked
570 
# load conntrack ftp module
 569 
# load conntrack ftp module
571 
	[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
 570 
	[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
Line 795... Line 794...
795 
##				Fonction "CA"						##
 794 
##				Fonction "CA"						##
796 
## - Création d'une Autorité de Certification et du certificat serveur pour apache 	##
 795 
## - Création d'une Autorité de Certification et du certificat serveur pour apache 	##
797 
##########################################################################################
 796 
##########################################################################################
798 
CA ()
 797 
CA ()
799 
{
 798 
{
800 
	$SED "s?ifcfg-eth.?ifcfg-$INTIF?g" $DIR_DEST_BIN/alcasar-CA.sh
 - 
 
801 
	$DIR_DEST_BIN/alcasar-CA.sh
 799 
	$DIR_DEST_BIN/alcasar-CA.sh
802 
	FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf`
 800 
	FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf`
803 
	[ -e /etc/httpd/conf/vhosts-ssl.default ]  || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
 801 
	[ -e /etc/httpd/conf/vhosts-ssl.default ]  || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
804
802
805 
	#$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
 803 
	#$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
Line 1719... Line 1717...
1719 
## - Mise en place du la rotation des logs			##
 1717 
## - Mise en place du la rotation des logs			##
1720 
## - Configuration dans le cas d'une mise à jour		##
 1718 
## - Configuration dans le cas d'une mise à jour		##
1721 
##################################################################
 1719 
##################################################################
1722 
post_install()
 1720 
post_install()
1723 
{
 1721 
{
1724 
# adaptation du script "chien de garde" (watchdog)
 - 
 
1725 
	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
 - 
 
1726 
	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-watchdog.sh
 - 
 
1727 
# création de la bannière locale
 1722 
# création de la bannière locale
1728 
	[ -e /etc/mageia-release.default ]  || cp /etc/mageia-release /etc/mageia-release.default
 1723 
	[ -e /etc/mageia-release.default ]  || cp /etc/mageia-release /etc/mageia-release.default
1729 
	cp -f $DIR_CONF/banner /etc/mageia-release
 1724 
	cp -f $DIR_CONF/banner /etc/mageia-release
1730 
	echo " V$VERSION" >> /etc/mageia-release
 1725 
	echo " V$VERSION" >> /etc/mageia-release
1731 
# création de la bannière SSH
 1726 
# création de la bannière SSH