| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 2499 2018-02-26 02:23:03Z tom.houdayer $
|
2 |
# $Id: alcasar.sh 2501 2018-02-28 00:34:14Z tom.houdayer $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
5 |
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
# team@alcasar.net
|
7 |
# team@alcasar.net
|
| Line 26... |
Line 26... |
| 26 |
|
26 |
|
| 27 |
# Functions :
|
27 |
# Functions :
|
| 28 |
# testing : connectivity tests, free space test and mageia version test
|
28 |
# testing : connectivity tests, free space test and mageia version test
|
| 29 |
# init : Installation of RPM and scripts
|
29 |
# init : Installation of RPM and scripts
|
| 30 |
# network : Network parameters
|
30 |
# network : Network parameters
|
| 31 |
# ACC : ALCASAR Control Center installation
|
31 |
# ACC : ALCASAR Control Center installation
|
| 32 |
# CA : Certification Authority initialization
|
32 |
# CA : Certification Authority initialization
|
| 33 |
# time_server : NTPd configuration
|
33 |
# time_server : NTPd configuration
|
| 34 |
# init_db : Initilization of radius database managed with MariaDB
|
34 |
# init_db : Initilization of radius database managed with MariaDB
|
| 35 |
# freeradius : FreeRadius initialisation
|
35 |
# freeradius : FreeRadius initialisation
|
| 36 |
# chilli : coovachilli initialisation (+authentication page)
|
36 |
# chilli : coovachilli initialisation (+authentication page)
|
| 37 |
# dansguardian : DansGuardian filtering HTTP proxy configuration
|
37 |
# dansguardian : DansGuardian filtering HTTP proxy configuration
|
| 38 |
# antivirus : HAVP + libclamav configuration
|
38 |
# antivirus : HAVP + libclamav configuration
|
| 39 |
# tinyproxy : little proxy for user filtered with "WL + antivirus" and "antivirus"
|
39 |
# tinyproxy : little proxy for user filtered with "WL + antivirus" and "antivirus"
|
| 40 |
# ulogd : log system in userland (match NFLOG target of iptables)
|
40 |
# ulogd : log system in userland (match NFLOG target of iptables)
|
| 41 |
# nfsen : Configuration of Nfsen Netflow grapher
|
41 |
# nfsen : Configuration of Nfsen Netflow grapher
|
| 42 |
# dnsmasq : Name server configuration
|
42 |
# dnsmasq : Name server configuration
|
| 43 |
# vnstat : little network stat daemon
|
43 |
# vnstat : little network stat daemon
|
| 44 |
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
|
44 |
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
|
| 45 |
# cron : Logs export + watchdog + connexion statistics
|
45 |
# cron : Logs export + watchdog + connexion statistics
|
| 46 |
# fail2ban : Fail2ban IDS installation and configuration
|
46 |
# fail2ban : Fail2ban IDS installation and configuration
|
| 47 |
# gammu_smsd : Autoregister addon via SMS (gammu-smsd)
|
47 |
# gammu_smsd : Autoregister addon via SMS (gammu-smsd)
|
| 48 |
# msec : Mandriva security package configuration
|
48 |
# msec : Mandriva security package configuration
|
| 49 |
# letsencrypt : Let's Encrypt client
|
49 |
# letsencrypt : Let's Encrypt client
|
| 50 |
# post_install : Security, log rotation, etc.
|
50 |
# post_install : Security, log rotation, etc.
|
| 51 |
|
51 |
|
| 52 |
DEBUG_ALCASAR='off'; export DEBUG_ALCASAR # Debug mode = wait (hit key) after each function
|
52 |
DEBUG_ALCASAR='off'; export DEBUG_ALCASAR # Debug mode = wait (hit key) after each function
|
| 53 |
DATE=`date '+%d %B %Y - %Hh%M'`
|
53 |
DATE=`date '+%d %B %Y - %Hh%M'`
|
| 54 |
DATE_SHORT=`date '+%d/%m/%Y'`
|
54 |
DATE_SHORT=`date '+%d/%m/%Y'`
|
| 55 |
Lang=`echo $LANG|cut -c 1-2`
|
55 |
Lang=`echo $LANG|cut -c 1-2`
|
| Line 932... |
Line 932... |
| 932 |
$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
|
932 |
$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
|
| 933 |
$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
|
933 |
$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
|
| 934 |
$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf # remove the proxy function
|
934 |
$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf # remove the proxy function
|
| 935 |
$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf # remove the proxy function
|
935 |
$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf # remove the proxy function
|
| 936 |
|
936 |
|
| - |
|
937 |
# Add ALCASAR dictionary
|
| - |
|
938 |
cp $DIR_CONF/radius/dictionary.alcasar /usr/share/freeradius/dictionary.alcasar
|
| 937 |
# Set "client.conf" to describe radius clients (coova on 127.0.0.1)
|
939 |
# Set "client.conf" to describe radius clients (coova on 127.0.0.1)
|
| 938 |
[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
|
940 |
[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
|
| 939 |
cat << EOF > /etc/raddb/clients.conf
|
941 |
cat << EOF > /etc/raddb/clients.conf
|
| 940 |
client localhost {
|
942 |
client localhost {
|
| 941 |
ipaddr = 127.0.0.1
|
943 |
ipaddr = 127.0.0.1
|