| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 2202 2017-05-06 13:35:14Z richard $
|
2 |
# $Id: alcasar.sh 2203 2017-05-06 14:02:05Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
|
5 |
|
| 6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
| 7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
| Line 1799... |
Line 1799... |
| 1799 |
|
1799 |
|
| 1800 |
##################################################################
|
1800 |
##################################################################
|
| 1801 |
## Fonction "gammu_smsd" ##
|
1801 |
## Fonction "gammu_smsd" ##
|
| 1802 |
## - Creation de la base de donnée Gammu ##
|
1802 |
## - Creation de la base de donnée Gammu ##
|
| 1803 |
## - Creation du fichier de config: gammu_smsd_conf ##
|
1803 |
## - Creation du fichier de config: gammu_smsd_conf ##
|
| 1804 |
## ##
|
- |
|
| 1805 |
##################################################################
|
1804 |
##################################################################
|
| 1806 |
gammu_smsd()
|
1805 |
gammu_smsd()
|
| 1807 |
{
|
1806 |
{
|
| 1808 |
# Create 'gammu' databse
|
1807 |
# Create 'gammu' databse
|
| 1809 |
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
|
1808 |
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
|
| Line 1865... |
Line 1864... |
| 1865 |
} # END gammu_smsd()
|
1864 |
} # END gammu_smsd()
|
| 1866 |
|
1865 |
|
| 1867 |
|
1866 |
|
| 1868 |
##################################################################
|
1867 |
##################################################################
|
| 1869 |
## Fonction "msec" ##
|
1868 |
## Fonction "msec" ##
|
| 1870 |
## - Application du niveau de sécurité fileserver ##
|
1869 |
## - Apply the "fileserver" security level ##
|
| 1871 |
## - Désactiver l'autorisation de redémarrage ##
|
- |
|
| 1872 |
## - forcer les permissions sur les configurations ##
|
1870 |
## - remove the "system request" for rebboting ##
|
| 1873 |
## - forcer les permissions sur les log ##
|
1871 |
## - Fix several file permissions ##
|
| 1874 |
##################################################################
|
1872 |
##################################################################
|
| 1875 |
msec()
|
1873 |
msec()
|
| 1876 |
{
|
1874 |
{
|
| 1877 |
|
1875 |
|
| 1878 |
# Apply fileserver security level
|
1876 |
# Apply fileserver security level
|
| 1879 |
$SED "s?BASE_LEVEL=.*?BASE_LEVEL=fileserver?g" /etc/security/msec/security.conf
|
1877 |
$SED "s?BASE_LEVEL=.*?BASE_LEVEL=fileserver?g" /etc/security/msec/security.conf
|
| 1880 |
# Disable Magic SysReq Keys
|
1878 |
# Disable Magic SysReq Keys
|
| 1881 |
$SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver
|
1879 |
$SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver
|
| 1882 |
|
1880 |
|
| 1883 |
|
- |
|
| 1884 |
# Configure permissions monitoring and enforcement
|
1881 |
# Set permissions monitoring and enforcement
|
| 1885 |
cat <<EOF > /etc/security/msec/perm.local
|
1882 |
cat <<EOF > /etc/security/msec/perm.local
|
| 1886 |
/var/log/firefwall/ root.apache 750
|
1883 |
/var/log/firefwall/ root.apache 750
|
| 1887 |
/var/log/firewall/* root.apache 640
|
1884 |
/var/log/firewall/* root.apache 640
|
| 1888 |
/etc/security/msec/perm.local root.root 640
|
1885 |
/etc/security/msec/perm.local root.root 640
|
| 1889 |
/etc/security/msec/level.local root.root 640
|
1886 |
/etc/security/msec/level.local root.root 640
|
| Line 1900... |
Line 1897... |
| 1900 |
/etc/raddb/modules/ldap radius.apache 660
|
1897 |
/etc/raddb/modules/ldap radius.apache 660
|
| 1901 |
/etc/raddb/sites-available/alcasar radius.apache 660
|
1898 |
/etc/raddb/sites-available/alcasar radius.apache 660
|
| 1902 |
/etc/pki/* root.apache 750
|
1899 |
/etc/pki/* root.apache 750
|
| 1903 |
/var/log/netflow/porttracker apache.apache 770
|
1900 |
/var/log/netflow/porttracker apache.apache 770
|
| 1904 |
/var/log/netflow/porttracker/* apache.apache 770
|
1901 |
/var/log/netflow/porttracker/* apache.apache 770
|
| 1905 |
|
- |
|
| 1906 |
EOF
|
1902 |
EOF
|
| 1907 |
|
1903 |
# apply now
|
| 1908 |
/usr/sbin/msec
|
1904 |
/usr/sbin/msec
|
| 1909 |
|
1905 |
|
| 1910 |
} # END msec()
|
1906 |
} # END msec()
|
| 1911 |
|
1907 |
|
| 1912 |
##################################################################
|
1908 |
##################################################################
|
| Line 2023... |
Line 2019... |
| 2023 |
# Remove unused service ipv6
|
2019 |
# Remove unused service ipv6
|
| 2024 |
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.d/alcasar.conf
|
2020 |
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.d/alcasar.conf
|
| 2025 |
echo "net.ipv6.conf.all.autoconf = 0" >> /etc/sysctl.d/alcasar.conf
|
2021 |
echo "net.ipv6.conf.all.autoconf = 0" >> /etc/sysctl.d/alcasar.conf
|
| 2026 |
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.d/alcasar.conf
|
2022 |
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.d/alcasar.conf
|
| 2027 |
echo "net.ipv6.conf.default.autoconf = 0" >> /etc/sysctl.d/alcasar.conf
|
2023 |
echo "net.ipv6.conf.default.autoconf = 0" >> /etc/sysctl.d/alcasar.conf
|
| 2028 |
# remove Magic SysReq Keys
|
- |
|
| 2029 |
[ -e /etc/sysctl.d/51-alt-sysrq.conf ] && rm /etc/sysctl.d/51-alt-sysrq.conf
|
- |
|
| 2030 |
# switch to multi-users runlevel (instead of x11)
|
2024 |
# switch to multi-users runlevel (instead of x11)
|
| 2031 |
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
2025 |
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
| 2032 |
# GRUB modifications (only one time)
|
2026 |
# GRUB modifications (only one time)
|
| 2033 |
# Limit wait time to 3s - Create an alcasar entry instead of linux-nonfb - Change the default banner
|
2027 |
# Limit wait time to 3s - Create an alcasar entry instead of linux-nonfb - Change the default banner
|
| 2034 |
grub_already_modified=`grep ALCASAR /boot/grub/menu.lst|wc -l`
|
2028 |
grub_already_modified=`grep ALCASAR /boot/grub/menu.lst|wc -l`
|