| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 1514 2014-12-08 20:58:01Z richard $
|
2 |
# $Id: alcasar.sh 1515 2014-12-08 22:52:18Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
|
5 |
|
| 6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
| 7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
| Line 593... |
Line 593... |
| 593 |
echo "ipt_NETFLOW" >> /etc/modprobe.preload
|
593 |
echo "ipt_NETFLOW" >> /etc/modprobe.preload
|
| 594 |
# modify iptables service files (start with "alcasar-iptables.sh" and stop with flush)
|
594 |
# modify iptables service files (start with "alcasar-iptables.sh" and stop with flush)
|
| 595 |
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default
|
595 |
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default
|
| 596 |
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
|
596 |
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
|
| 597 |
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default
|
597 |
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default
|
| 598 |
$SED "s?\[ -f \$IPTABLE_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test in order the stop function run (fluxh all rules & policies)
|
598 |
$SED "s?\[ -f \$IPTABLES_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test in order the stop function run (fluxh all rules & policies)
|
| 599 |
#
|
599 |
#
|
| 600 |
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
|
600 |
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
|
| 601 |
} # End of network ()
|
601 |
} # End of network ()
|
| 602 |
|
602 |
|
| 603 |
##################################################################
|
603 |
##################################################################
|
| Line 886... |
Line 886... |
| 886 |
$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES;"
|
886 |
$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES;"
|
| 887 |
# Add an empty radius database structure
|
887 |
# Add an empty radius database structure
|
| 888 |
mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/radiusd-db-vierge.sql
|
888 |
mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/radiusd-db-vierge.sql
|
| 889 |
# modify the start script in order to close accounting connexion when the system is comming down or up
|
889 |
# modify the start script in order to close accounting connexion when the system is comming down or up
|
| 890 |
[ -e /lib/systemd/system/mysqld.service.default ] || cp /lib/systemd/system/mysqld.service /lib/systemd/system/mysqld.service.default
|
890 |
[ -e /lib/systemd/system/mysqld.service.default ] || cp /lib/systemd/system/mysqld.service /lib/systemd/system/mysqld.service.default
|
| 891 |
$SED "/ExecStartPost=/a ExecStartPost=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service
|
891 |
$SED "/ExecStartPost=/a ExecStop=/usr/local/sbin/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
|
| 892 |
$SED "/ExecStartPost=/a ExecStop=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
|
892 |
$SED "/ExecStartPost=/a ExecStartPost=/usr/local/sbin/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service
|
| 893 |
systemctl daemon-reload
|
893 |
systemctl daemon-reload
|
| 894 |
} # End of init_db ()
|
894 |
} # End of init_db ()
|
| 895 |
|
895 |
|
| 896 |
##########################################################################
|
896 |
##########################################################################
|
| 897 |
## Fonction "radius" ##
|
897 |
## Fonction "radius" ##
|
| Line 1305... |
Line 1305... |
| 1305 |
groupdel tinyproxy 2>/dev/null
|
1305 |
groupdel tinyproxy 2>/dev/null
|
| 1306 |
fi
|
1306 |
fi
|
| 1307 |
groupadd -f tinyproxy
|
1307 |
groupadd -f tinyproxy
|
| 1308 |
useradd -r -g tinyproxy -s /bin/false -c "system user for tinyproxy" tinyproxy
|
1308 |
useradd -r -g tinyproxy -s /bin/false -c "system user for tinyproxy" tinyproxy
|
| 1309 |
mkdir -p /var/run/tinyproxy /var/log/tinyproxy
|
1309 |
mkdir -p /var/run/tinyproxy /var/log/tinyproxy
|
| 1310 |
chown tinyproxy:tinyproxy /var/run/tinyproxy /var/log/tinyproxy
|
1310 |
chown -R tinyproxy:tinyproxy /var/run/tinyproxy /var/log/tinyproxy
|
| 1311 |
[ -e /etc/tinyproxy/tinyproxy.conf.default ] || cp /etc/tinyproxy/tinyproxy.conf /etc/tinyproxy/tinyproxy.conf.default
|
1311 |
[ -e /etc/tinyproxy/tinyproxy.conf.default ] || cp /etc/tinyproxy/tinyproxy.conf /etc/tinyproxy/tinyproxy.conf.default
|
| 1312 |
$SED "s?^User.*?User tinyproxy?g" /etc/tinyproxy/tinyproxy.conf
|
1312 |
$SED "s?^User.*?User tinyproxy?g" /etc/tinyproxy/tinyproxy.conf
|
| 1313 |
$SED "s?^Group.*?Group tinyproxy?g" /etc/tinyproxy/tinyproxy.conf
|
1313 |
$SED "s?^Group.*?Group tinyproxy?g" /etc/tinyproxy/tinyproxy.conf
|
| 1314 |
$SED "s?^Port.*?Port 8090?g" /etc/tinyproxy/tinyproxy.conf # Listen Port
|
1314 |
$SED "s?^Port.*?Port 8090?g" /etc/tinyproxy/tinyproxy.conf # Listen Port
|
| 1315 |
$SED "s?^#Listen.*?Listen $PRIVATE_IP?g" /etc/tinyproxy/tinyproxy.conf # Listen NIC (only intif)
|
1315 |
$SED "s?^#Listen.*?Listen $PRIVATE_IP?g" /etc/tinyproxy/tinyproxy.conf # Listen NIC (only intif)
|
| Line 1331... |
Line 1331... |
| 1331 |
Description=Tinyproxy Web Proxy Server
|
1331 |
Description=Tinyproxy Web Proxy Server
|
| 1332 |
After=network.target iptables.service
|
1332 |
After=network.target iptables.service
|
| 1333 |
|
1333 |
|
| 1334 |
[Service]
|
1334 |
[Service]
|
| 1335 |
Type=forking
|
1335 |
Type=forking
|
| - |
|
1336 |
User=tinyproxy
|
| - |
|
1337 |
PIDFile=/run/tinyproxy/tinyproxy.pid
|
| 1336 |
ExecStart=/usr/sbin/tinyproxy -c /etc/tinyproxy/tinyproxy.conf
|
1338 |
ExecStart=/usr/sbin/tinyproxy -c /etc/tinyproxy/tinyproxy.conf
|
| 1337 |
|
1339 |
|
| 1338 |
[Install]
|
1340 |
[Install]
|
| 1339 |
WantedBy=multi-user.target
|
1341 |
WantedBy=multi-user.target
|
| 1340 |
EOF
|
1342 |
EOF
|
| Line 1378... |
Line 1380... |
| 1378 |
# Add PortTracker plugin
|
1380 |
# Add PortTracker plugin
|
| 1379 |
for i in /var/www/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
|
1381 |
for i in /var/www/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
|
| 1380 |
do
|
1382 |
do
|
| 1381 |
[ ! -d $i ] && mkdir $i && chown -R apache:apache $i
|
1383 |
[ ! -d $i ] && mkdir $i && chown -R apache:apache $i
|
| 1382 |
done
|
1384 |
done
|
| 1383 |
$SED "s?^my \$PORTSDBDIR =.*?my \$PORTSDBDIR = \"/var/log/netflow/porttracker\"?g" /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm
|
1385 |
$SED "s?^my \$PORTSDBDIR =.*?my \$PORTSDBDIR = \"/var/log/netflow/porttracker\";?g" /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm
|
| 1384 |
# use of our conf file and init unit
|
1386 |
# use of our conf file and init unit
|
| 1385 |
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
|
1387 |
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
|
| 1386 |
# Installation of nfsen
|
1388 |
# Installation of nfsen
|
| 1387 |
DirTmp=$(pwd)
|
1389 |
DirTmp=$(pwd)
|
| 1388 |
cd /tmp/nfsen-1.3.6p1/
|
1390 |
cd /tmp/nfsen-1.3.6p1/
|
| Line 1705... |
Line 1707... |
| 1705 |
[ -e /var/log/fail2ban.log ] || touch /var/log/fail2ban.log
|
1707 |
[ -e /var/log/fail2ban.log ] || touch /var/log/fail2ban.log
|
| 1706 |
[ -e /var/Save/security/watchdog.log ] || touch /var/Save/security/watchdog.log
|
1708 |
[ -e /var/Save/security/watchdog.log ] || touch /var/Save/security/watchdog.log
|
| 1707 |
chmod 644 /var/log/fail2ban.log
|
1709 |
chmod 644 /var/log/fail2ban.log
|
| 1708 |
chmod 644 /var/Save/security/watchdog.log
|
1710 |
chmod 644 /var/Save/security/watchdog.log
|
| 1709 |
/usr/bin/touch /var/log/auth.log
|
1711 |
/usr/bin/touch /var/log/auth.log
|
| 1710 |
|
- |
|
| 1711 |
|
- |
|
| 1712 |
# Edition de l'unité fail2ban
|
1712 |
# fail2ban unit
|
| 1713 |
[ -e /usr/lib/systemd/system/fail2ban.service ] && cp /usr/lib/systemd/system/fail2ban.service /usr/lib/systemd/system/fail2ban.service.default
|
1713 |
[ -e /lib/systemd/system/fail2ban.service.default ] || cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default
|
| - |
|
1714 |
$SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /usr/lib/systemd/system/fail2ban.service
|
| 1714 |
$SED '/Type/a\PIDFile=/var/run/fail2ban/fail2ban.pid' /usr/lib/systemd/system/fail2ban.service
|
1715 |
$SED '/Type=/a\PIDFile=/var/run/fail2ban/fail2ban.pid' /usr/lib/systemd/system/fail2ban.service
|
| 1715 |
$SED '/After=*/c After=syslog.target network.target httpd.service' /usr/lib/systemd/system/fail2ban.service
|
1716 |
$SED '/After=*/c After=syslog.target network.target httpd.service' /usr/lib/systemd/system/fail2ban.service
|
| 1716 |
|
- |
|
| 1717 |
|
- |
|
| 1718 |
} #Fin de fail2ban_install()
|
1717 |
} #Fin de fail2ban_install()
|
| 1719 |
|
1718 |
|
| 1720 |
##################################################################
|
1719 |
##################################################################
|
| 1721 |
## Fonction "gammu_smsd" ##
|
1720 |
## Fonction "gammu_smsd" ##
|
| 1722 |
## - Creation de la base de donnée Gammu ##
|
1721 |
## - Creation de la base de donnée Gammu ##
|