| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 1482 2014-11-07 22:11:06Z richard $
|
2 |
# $Id: alcasar.sh 1484 2014-11-11 23:14:36Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
|
5 |
|
| 6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
| 7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
| Line 461... |
Line 461... |
| 461 |
echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
|
461 |
echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
|
| 462 |
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
|
462 |
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
|
| 463 |
echo "DNS1=$DNS1" >> $CONF_FILE
|
463 |
echo "DNS1=$DNS1" >> $CONF_FILE
|
| 464 |
echo "DNS2=$DNS2" >> $CONF_FILE
|
464 |
echo "DNS2=$DNS2" >> $CONF_FILE
|
| 465 |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
|
465 |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
|
| 466 |
echo "DHCP=full" >> $CONF_FILE
|
466 |
echo "DHCP=on" >> $CONF_FILE
|
| 467 |
echo "EXT_DHCP_IP=none" >> $CONF_FILE
|
467 |
echo "EXT_DHCP_IP=none" >> $CONF_FILE
|
| 468 |
echo "RELAY_DHCP_IP=none" >> $CONF_FILE
|
468 |
echo "RELAY_DHCP_IP=none" >> $CONF_FILE
|
| 469 |
echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
|
469 |
echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
|
| 470 |
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
|
470 |
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
|
| 471 |
# config network
|
471 |
# config network
|
| Line 1221... |
Line 1221... |
| 1221 |
groupdel havp 2>/dev/null
|
1221 |
groupdel havp 2>/dev/null
|
| 1222 |
fi
|
1222 |
fi
|
| 1223 |
groupadd -f havp
|
1223 |
groupadd -f havp
|
| 1224 |
useradd -r -g havp -s /bin/false -c "system user for havp" havp
|
1224 |
useradd -r -g havp -s /bin/false -c "system user for havp" havp
|
| 1225 |
mkdir -p /var/tmp/havp /var/log/havp /var/run/havp
|
1225 |
mkdir -p /var/tmp/havp /var/log/havp /var/run/havp
|
| 1226 |
mkdir -p /var/tmp/havp2 /var/log/havp2
|
1226 |
mkdir -p /var/tmp/havp2 /var/log/havp2 /var/run/havp2
|
| 1227 |
chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
|
1227 |
chown -R havp:havp /var/tmp/havp /var/log/havp /var/run/havp
|
| 1228 |
chown -R havp /var/tmp/havp2 /var/log/havp2
|
1228 |
chown -R havp:havp /var/tmp/havp2 /var/log/havp2 /var/run/havp2
|
| 1229 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
|
1229 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
|
| 1230 |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
|
1230 |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
|
| 1231 |
$SED "s?^# PIDFILE.*?PIDFILE /var/run/havp/havp.pid?g" /etc/havp/havp.config # pidfile
|
1231 |
$SED "s?^# PIDFILE.*?PIDFILE /var/run/havp/havp.pid?g" /etc/havp/havp.config # pidfile
|
| 1232 |
$SED "s?^# TRANSPARENT.*?TRANSPARENT false?g" /etc/havp/havp.config # transparent mode
|
1232 |
$SED "s?^# TRANSPARENT.*?TRANSPARENT false?g" /etc/havp/havp.config # transparent mode
|
| 1233 |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090
|
- |
|
| 1234 |
$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback
|
1233 |
$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback
|
| - |
|
1234 |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090 (on loopback)
|
| 1235 |
$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config # Log format
|
1235 |
$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config # Log format
|
| 1236 |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV
|
1236 |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV
|
| 1237 |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches
|
1237 |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches
|
| 1238 |
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously
|
1238 |
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously
|
| 1239 |
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files
|
1239 |
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files
|
| 1240 |
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
|
1240 |
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
|
| 1241 |
cp /etc/havp/havp.config /etc/havp/havp2.config
|
1241 |
cp /etc/havp/havp.config /etc/havp/havp2.config
|
| 1242 |
$SED "s?^PIDFILE.*?PIDFILE /var/run/havp/havp2.pid?g" /etc/havp/havp2.config # pidfile
|
1242 |
$SED "s?^PIDFILE.*?PIDFILE /var/run/havp/havp2.pid?g" /etc/havp/havp2.config # pidfile
|
| 1243 |
$SED "s?^TRANSPARENT.*?TRANSPARENT true?g" /etc/havp/havp2.config # transparent mode
|
1243 |
$SED "s?^TRANSPARENT.*?TRANSPARENT true?g" /etc/havp/havp2.config # transparent mode
|
| 1244 |
$SED "s?^PORT.*?PORT 8091?g" /etc/havp/havp2.config # datas come on 8091
|
1244 |
$SED "s?^BIND_ADDRESS.*?BIND_ADDRESS $PRIVATE_IP?g" /etc/havp/havp2.config # we listen only on tun0
|
| 1245 |
$SED "s?^BIND_ADDRESS.*?BIND_ADDRESS 192.168.182.1?g" /etc/havp/havp2.config # we listen only on tun0
|
1245 |
$SED "s?^PORT.*?PORT 8090?g" /etc/havp/havp2.config # datas come on 8091
|
| 1246 |
# skip checking of youtube flow (too heavy load / risk too low)
|
1246 |
# skip checking of youtube flow (too heavy load / risk too low)
|
| 1247 |
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
|
1247 |
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
|
| 1248 |
echo "# Whitelist youtube flow" >> /etc/havp/whitelist
|
1248 |
echo "# Whitelist youtube flow" >> /etc/havp/whitelist
|
| 1249 |
echo "*.youtube.com/*" >> /etc/havp/whitelist
|
1249 |
echo "*.youtube.com/*" >> /etc/havp/whitelist
|
| 1250 |
# replacement of init script
|
1250 |
# replacement of init script
|
| 1251 |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
|
1251 |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
|
| 1252 |
cp -f $DIR_CONF/havp-init /etc/init.d/havp
|
1252 |
cp -f $DIR_CONF/havp-init /etc/init.d/havp
|
| 1253 |
cp /etc/init.d/havp /etc/init.d/havp2
|
1253 |
cp /etc/init.d/havp /etc/init.d/havp2
|
| 1254 |
$SED "s?^# description.*?# description: starts HAVP2 the High Availability Antivirus Proxy?g" /etc/init.d/havp2 # description
|
1254 |
$SED "s?^# description.*?# description: starts HAVP2 the High Availability Antivirus Proxy?g" /etc/init.d/havp2 # description
|
| 1255 |
$SED "s?^HAVP_CONFIG.*?HAVP_CONFIG=/etc/havp/havp2.config?g" /etc/init.d/havp2 # config file
|
1255 |
$SED "s?^HAVP_CONFIG.*?HAVP_CONFIG=/etc/havp/havp2.config?g" /etc/init.d/havp2 # config file
|
| 1256 |
$SED "s?^PIDFILE.*?PIDFILE=/var/run/havp/havp2.pid?g" /etc/init.d/havp2 # pidfile
|
1256 |
$SED "s?^PIDFILE.*?PIDFILE=/var/run/havp2/havp.pid?g" /etc/init.d/havp2 # pidfile
|
| 1257 |
$SED "s?^NAME.*?NAME=havp2?g" /etc/init.d/havp2 # name
|
1257 |
$SED "s?^NAME.*?NAME=havp2?g" /etc/init.d/havp2 # name
|
| 1258 |
$SED "s?^DESC.*?DESC=havp2?g" /etc/init.d/havp2 # desc
|
1258 |
$SED "s?^DESC.*?DESC=havp2?g" /etc/init.d/havp2 # desc
|
| 1259 |
#$SED "s?if [ -f /etc/sysconfig/havp ] ; then.*?if [ -f /etc/sysconfig/havp2 ] ; then?g" /etc/init.d/havp2 # defaults
|
- |
|
| 1260 |
#$SED "s?. /etc/sysconfig/havp.*?. /etc/sysconfig/havp2?g" /etc/init.d/havp2 # defaults
|
- |
|
| 1261 |
$SED "s?^havp_mountpoint.*?havp_mountpoint=/var/tmp/havp2?g" /etc/init.d/havp2 # mountpoint
|
1259 |
$SED "s?^havp_mountpoint.*?havp_mountpoint=/var/tmp/havp2?g" /etc/init.d/havp2 # mountpoint
|
| 1262 |
$SED "s?echo \"Reloading HAVP ...\".*?echo \"Reloading HAVP2 ...\"?g" /etc/init.d/havp2 # reloading havp
|
1260 |
$SED "s?echo \"Reloading HAVP ...\".*?echo \"Reloading HAVP2 ...\"?g" /etc/init.d/havp2 # reloading havp
|
| 1263 |
$SED "s?echo \"Error: HAVP not running\".*?echo \"Error : HAVP2 not running\"?g" /etc/init.d/havp2 # error havp
|
1261 |
$SED "s?echo \"Error: HAVP not running\".*?echo \"Error : HAVP2 not running\"?g" /etc/init.d/havp2 # error havp
|
| 1264 |
$SED "s?echo \"Error: HAVP not running or PIDFILE not readable\".*?echo \"Error : HAVP2 not running or PIDFILE not readable\"?g" /etc/init.d/havp2 # error havp
|
1262 |
$SED "s?echo \"Error: HAVP not running or PIDFILE not readable\".*?echo \"Error : HAVP2 not running or PIDFILE not readable\"?g" /etc/init.d/havp2 # error havp
|
| 1265 |
$SED "s?echo \"Error: HAVP not running or PIDFILE unreadable\".*?echo \"Error : HAVP2 not running or PIDFILE unreadable\"?g" /etc/init.d/havp2 # error havp
|
1263 |
$SED "s?echo \"Error: HAVP not running or PIDFILE unreadable\".*?echo \"Error : HAVP2 not running or PIDFILE unreadable\"?g" /etc/init.d/havp2 # error havp
|