| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 2519 2018-03-26 19:40:51Z rexy $
|
2 |
# $Id: alcasar.sh 2521 2018-04-02 19:46:16Z armand.ito $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
5 |
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
# team@alcasar.net
|
7 |
# team@alcasar.net
|
| Line 16... |
Line 16... |
| 16 |
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
|
16 |
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
|
| 17 |
# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :
|
17 |
# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :
|
| 18 |
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
|
18 |
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
|
| 19 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
|
19 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
|
| 20 |
|
20 |
|
| 21 |
# Coovachilli, freeradius, mariaDB, lighttpd, netfilter, dansguardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump
|
21 |
# Coovachilli, freeradius, mariaDB, lighttpd, netfilter, e2guardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump
|
| 22 |
|
22 |
|
| 23 |
# Options :
|
23 |
# Options :
|
| 24 |
# -i or --install
|
24 |
# -i or --install
|
| 25 |
# -u or --uninstall
|
25 |
# -u or --uninstall
|
| 26 |
|
26 |
|
| Line 32... |
Line 32... |
| 32 |
# CA : Certification Authority initialization
|
32 |
# CA : Certification Authority initialization
|
| 33 |
# time_server : NTPd configuration
|
33 |
# time_server : NTPd configuration
|
| 34 |
# init_db : Initilization of radius database managed with MariaDB
|
34 |
# init_db : Initilization of radius database managed with MariaDB
|
| 35 |
# freeradius : FreeRadius initialisation
|
35 |
# freeradius : FreeRadius initialisation
|
| 36 |
# chilli : coovachilli initialisation (+authentication page)
|
36 |
# chilli : coovachilli initialisation (+authentication page)
|
| 37 |
# dansguardian : DansGuardian filtering HTTP proxy configuration
|
37 |
# e2guardian : E2Guardian filtering HTTP proxy configuration
|
| 38 |
# antivirus : HAVP + libclamav configuration
|
38 |
# antivirus : HAVP + libclamav configuration
|
| 39 |
# tinyproxy : little proxy for user filtered with "WL + antivirus" and "antivirus"
|
39 |
# tinyproxy : little proxy for user filtered with "WL + antivirus" and "antivirus"
|
| 40 |
# ulogd : log system in userland (match NFLOG target of iptables)
|
40 |
# ulogd : log system in userland (match NFLOG target of iptables)
|
| 41 |
# nfsen : Configuration of Nfsen Netflow grapher
|
41 |
# nfsen : Configuration of Nfsen Netflow grapher
|
| 42 |
# dnsmasq : Name server configuration
|
42 |
# dnsmasq : Name server configuration
|
| 43 |
# vnstat : little network stat daemon
|
43 |
# vnstat : little network stat daemon
|
| 44 |
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
|
44 |
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for e2guardian and for Netfilter)
|
| 45 |
# cron : Logs export + watchdog + connexion statistics
|
45 |
# cron : Logs export + watchdog + connexion statistics
|
| 46 |
# fail2ban : Fail2ban IDS installation and configuration
|
46 |
# fail2ban : Fail2ban IDS installation and configuration
|
| 47 |
# gammu_smsd : Autoregister addon via SMS (gammu-smsd)
|
47 |
# gammu_smsd : Autoregister addon via SMS (gammu-smsd)
|
| 48 |
# msec : Mandriva security package configuration
|
48 |
# msec : Mandriva security package configuration
|
| 49 |
# letsencrypt : Let's Encrypt client
|
49 |
# letsencrypt : Let's Encrypt client
|
| Line 59... |
Line 59... |
| 59 |
DIR_CONF="$DIR_INSTALL/conf" # install directory (with conf files)
|
59 |
DIR_CONF="$DIR_INSTALL/conf" # install directory (with conf files)
|
| 60 |
DIR_SCRIPTS="$DIR_INSTALL/scripts" # install directory (with script files)
|
60 |
DIR_SCRIPTS="$DIR_INSTALL/scripts" # install directory (with script files)
|
| 61 |
DIR_BLACKLIST="$DIR_INSTALL/blacklist" # install directory (with blacklist files)
|
61 |
DIR_BLACKLIST="$DIR_INSTALL/blacklist" # install directory (with blacklist files)
|
| 62 |
DIR_SAVE="/var/Save" # backup directory (traceability_log, user_db, security_log)
|
62 |
DIR_SAVE="/var/Save" # backup directory (traceability_log, user_db, security_log)
|
| 63 |
DIR_WEB="/var/www/html" # directory of Lighttpd
|
63 |
DIR_WEB="/var/www/html" # directory of Lighttpd
|
| 64 |
DIR_DG="/etc/dansguardian" # directory of DansGuardian
|
64 |
DIR_DG="/etc/e2guardian" # directory of E2Guardian
|
| 65 |
DIR_ACC="$DIR_WEB/acc" # directory of the 'ALCASAR Control Center'
|
65 |
DIR_ACC="$DIR_WEB/acc" # directory of the 'ALCASAR Control Center'
|
| 66 |
DIR_DEST_BIN="/usr/local/bin" # directory of ALCASAR scripts
|
66 |
DIR_DEST_BIN="/usr/local/bin" # directory of ALCASAR scripts
|
| 67 |
DIR_DEST_ETC="/usr/local/etc" # directory of ALCASAR conf files
|
67 |
DIR_DEST_ETC="/usr/local/etc" # directory of ALCASAR conf files
|
| 68 |
DIR_DEST_SHARE="/usr/local/share" # directory of share files used by ALCASAR (dnsmasq for instance)
|
68 |
DIR_DEST_SHARE="/usr/local/share" # directory of share files used by ALCASAR (dnsmasq for instance)
|
| 69 |
CONF_FILE="$DIR_DEST_ETC/alcasar.conf" # central ALCASAR conf file
|
69 |
CONF_FILE="$DIR_DEST_ETC/alcasar.conf" # central ALCASAR conf file
|
| Line 1223... |
Line 1223... |
| 1223 |
groupadd -f chilli
|
1223 |
groupadd -f chilli
|
| 1224 |
useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
|
1224 |
useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
|
| 1225 |
} # End of chilli ()
|
1225 |
} # End of chilli ()
|
| 1226 |
|
1226 |
|
| 1227 |
##################################################################
|
1227 |
##################################################################
|
| 1228 |
## Function "dansguardian" ##
|
1228 |
## Function "e2guardian" ##
|
| 1229 |
## - Set the parameters of this HTML proxy (as controler) ##
|
1229 |
## - Set the parameters of this HTML proxy (as controler) ##
|
| 1230 |
##################################################################
|
1230 |
##################################################################
|
| 1231 |
dansguardian ()
|
1231 |
e2guardian ()
|
| 1232 |
{
|
1232 |
{
|
| 1233 |
mkdir -p /var/dansguardian /var/log/dansguardian
|
1233 |
mkdir -p /var/e2guardian /var/log/e2guardian
|
| 1234 |
chown -R dansguardian /var/dansguardian /var/log/dansguardian
|
1234 |
chown -R e2guardian /var/e2guardian /var/log/e2guardian
|
| 1235 |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dansguardian -c /etc/dansguardian/dansguardian.conf?g" /lib/systemd/system/dansguardian.service
|
1235 |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/e2guardian -c /etc/e2guardian/e2guardian.conf?g" /lib/systemd/system/e2guardian.service
|
| 1236 |
$SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/dansguardian.service
|
1236 |
$SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/e2guardian.service
|
| 1237 |
[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
|
1237 |
[ -e $DIR_DG/e2guardian.conf.default ] || cp $DIR_DG/e2guardian.conf $DIR_DG/e2guardian.conf.default
|
| 1238 |
# By default the filter is off
|
1238 |
# By default the filter is off
|
| 1239 |
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/dansguardian.conf
|
1239 |
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/e2guardian.conf
|
| 1240 |
# French deny HTML page
|
1240 |
# French deny HTML page
|
| 1241 |
$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
|
1241 |
$SED "s?^language =.*?language = french?g" $DIR_DG/e2guardian.conf
|
| 1242 |
# Listen only on LAN side
|
1242 |
# Listen only on LAN side
|
| 1243 |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
|
1243 |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/e2guardian.conf
|
| 1244 |
# DG send its flow to HAVP
|
1244 |
# DG send its flow to HAVP
|
| 1245 |
$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf
|
1245 |
$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/e2guardian.conf
|
| 1246 |
# replace the default deny HTML page
|
1246 |
# replace the default deny HTML page
|
| 1247 |
cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
|
1247 |
cp -f $DIR_CONF/template.html /usr/share/e2guardian/languages/ukenglish/
|
| 1248 |
cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
|
1248 |
cp -f $DIR_CONF/template-fr.html /usr/share/e2guardian/languages/french/template.html
|
| 1249 |
# Don't log
|
1249 |
# Don't log
|
| 1250 |
$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/dansguardian.conf
|
1250 |
$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/e2guardian.conf
|
| 1251 |
# # Change the default report page
|
1251 |
# # Change the default report page
|
| 1252 |
$SED "s?^accessdeniedaddress =.*?accessdeniedaddress = http://$HOSTNAME.$DOMAIN?g" $DIR_DG/dansguardian.conf
|
1252 |
$SED "s?^accessdeniedaddress =.*?accessdeniedaddress = http://$HOSTNAME.$DOMAIN?g" $DIR_DG/e2guardian.conf
|
| 1253 |
# Disable HTML content control
|
1253 |
# Disable HTML content control
|
| 1254 |
$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf
|
1254 |
$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/e2guardian.conf
|
| 1255 |
cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
|
1255 |
cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
|
| 1256 |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
|
1256 |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
|
| 1257 |
# Disable URL control with regex
|
1257 |
# Disable URL control with regex
|
| 1258 |
cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
|
1258 |
cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
|
| 1259 |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
|
1259 |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
|
| 1260 |
# Configure Dansguardian for large site
|
1260 |
# Configure E2guardian for large site
|
| 1261 |
# Minimum number of processus to handle connections
|
1261 |
# Minimum number of processus to handle connections
|
| 1262 |
$SED "s?^minchildren =.*?minchildren = 15?g" $DIR_DG/dansguardian.conf
|
1262 |
$SED "s?^minchildren =.*?minchildren = 15?g" $DIR_DG/e2guardian.conf
|
| 1263 |
# Maximum number of processus to handle connections
|
1263 |
# Maximum number of processus to handle connections
|
| 1264 |
$SED "s?^maxchildren =.*?maxchildren = 200?g" $DIR_DG/dansguardian.conf
|
1264 |
$SED "s?^maxchildren =.*?maxchildren = 200?g" $DIR_DG/e2guardian.conf
|
| 1265 |
# Run at least 8 daemons
|
1265 |
# Run at least 8 daemons
|
| 1266 |
$SED "s?^minsparechildren =.*?minsparechildren = 8?g" $DIR_DG/dansguardian.conf
|
1266 |
$SED "s?^minsparechildren =.*?minsparechildren = 8?g" $DIR_DG/e2guardian.conf
|
| 1267 |
# minimum number of processes to spawn
|
1267 |
# minimum number of processes to spawn
|
| 1268 |
$SED "s?^preforkchildren =.*?preforkchildren = 10?g" $DIR_DG/dansguardian.conf
|
1268 |
$SED "s?^preforkchildren =.*?preforkchildren = 10?g" $DIR_DG/e2guardian.conf
|
| 1269 |
# maximum age of a child process before it croaks it
|
1269 |
# maximum age of a child process before it croaks it
|
| 1270 |
$SED "s?^maxagechildren =.*?maxagechildren = 1000?g" $DIR_DG/dansguardian.conf
|
1270 |
$SED "s?^maxagechildren =.*?maxagechildren = 1000?g" $DIR_DG/e2guardian.conf
|
| 1271 |
# Disable download files control
|
1271 |
# Disable download files control
|
| 1272 |
[ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
|
1272 |
[ -e $DIR_DG/e2guardianf1.conf.default ] || cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf1.conf.default
|
| 1273 |
$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
|
1273 |
$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/e2guardianf1.conf
|
| 1274 |
[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
|
1274 |
[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
|
| 1275 |
[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
|
1275 |
[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
|
| 1276 |
touch $DIR_DG/lists/bannedextensionlist
|
1276 |
touch $DIR_DG/lists/bannedextensionlist
|
| 1277 |
touch $DIR_DG/lists/bannedmimetypelist
|
1277 |
touch $DIR_DG/lists/bannedmimetypelist
|
| 1278 |
# 'Safesearch' regex actualisation
|
1278 |
# 'Safesearch' regex actualisation
|
| Line 1281... |
Line 1281... |
| 1281 |
[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
|
1281 |
[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
|
| 1282 |
touch $DIR_DG/lists/exceptioniplist
|
1282 |
touch $DIR_DG/lists/exceptioniplist
|
| 1283 |
# Keep a copy of URL & domain filter configuration files
|
1283 |
# Keep a copy of URL & domain filter configuration files
|
| 1284 |
[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
|
1284 |
[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
|
| 1285 |
[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
|
1285 |
[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
|
| 1286 |
} # End of dansguardian ()
|
1286 |
} # End of e2guardian ()
|
| 1287 |
|
1287 |
|
| 1288 |
##################################################################
|
1288 |
##################################################################
|
| 1289 |
## Function "antivirus" ##
|
1289 |
## Function "antivirus" ##
|
| 1290 |
## - Set the parameters of havp, libclamav and freshclam ##
|
1290 |
## - Set the parameters of havp, libclamav and freshclam ##
|
| 1291 |
##################################################################
|
1291 |
##################################################################
|
| Line 1629... |
Line 1629... |
| 1629 |
# creation of file for the rehabilited domains and urls
|
1629 |
# creation of file for the rehabilited domains and urls
|
| 1630 |
[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
|
1630 |
[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
|
| 1631 |
[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
|
1631 |
[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
|
| 1632 |
touch $DIR_DG/lists/exceptionsitelist
|
1632 |
touch $DIR_DG/lists/exceptionsitelist
|
| 1633 |
touch $DIR_DG/lists/exceptionurllist
|
1633 |
touch $DIR_DG/lists/exceptionurllist
|
| 1634 |
# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian
|
1634 |
# On crée la configuration de base du filtrage de domaine et d'URL pour E2guardian
|
| 1635 |
cat <<EOF > $DIR_DG/lists/bannedurllist
|
1635 |
cat <<EOF > $DIR_DG/lists/bannedurllist
|
| 1636 |
# Dansguardian filter config for ALCASAR
|
1636 |
# E2guardian filter config for ALCASAR
|
| 1637 |
EOF
|
1637 |
EOF
|
| 1638 |
cat <<EOF > $DIR_DG/lists/bannedsitelist
|
1638 |
cat <<EOF > $DIR_DG/lists/bannedsitelist
|
| 1639 |
# Dansguardian domain filter config for ALCASAR
|
1639 |
# E2guardian domain filter config for ALCASAR
|
| 1640 |
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
|
1640 |
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
|
| 1641 |
#**
|
1641 |
#**
|
| 1642 |
# block all SSL and CONNECT tunnels
|
1642 |
# block all SSL and CONNECT tunnels
|
| 1643 |
**s
|
1643 |
**s
|
| 1644 |
# block all SSL and CONNECT tunnels specified only as an IP
|
1644 |
# block all SSL and CONNECT tunnels specified only as an IP
|
| Line 1665... |
Line 1665... |
| 1665 |
do
|
1665 |
do
|
| 1666 |
mkdir $DIR_DG/lists/blacklists/ossi-bl-$x
|
1666 |
mkdir $DIR_DG/lists/blacklists/ossi-bl-$x
|
| 1667 |
cp $DIR_BLACKLIST/$x $DIR_DG/lists/blacklists/ossi-bl-$x/domains
|
1667 |
cp $DIR_BLACKLIST/$x $DIR_DG/lists/blacklists/ossi-bl-$x/domains
|
| 1668 |
echo "ossi-bl-$x" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
|
1668 |
echo "ossi-bl-$x" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
|
| 1669 |
done
|
1669 |
done
|
| 1670 |
chown -R dansguardian:apache $DIR_DG
|
1670 |
chown -R e2guardian:apache $DIR_DG
|
| 1671 |
chown -R root:apache $DIR_DEST_SHARE
|
1671 |
chown -R root:apache $DIR_DEST_SHARE
|
| 1672 |
chmod -R g+rw $DIR_DG $DIR_DEST_SHARE
|
1672 |
chmod -R g+rw $DIR_DG $DIR_DEST_SHARE
|
| 1673 |
# adapt the Toulouse BL to ALCASAR architecture
|
1673 |
# adapt the Toulouse BL to ALCASAR architecture
|
| 1674 |
$DIR_DEST_BIN/alcasar-bl.sh --adapt
|
1674 |
$DIR_DEST_BIN/alcasar-bl.sh --adapt
|
| 1675 |
# enable the default categories
|
1675 |
# enable the default categories
|
| Line 1993... |
Line 1993... |
| 1993 |
cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
|
1993 |
cp -f $DIR_CONF/logrotate.d/* /etc/logrotate.d/
|
| 1994 |
chmod 644 /etc/logrotate.d/*
|
1994 |
chmod 644 /etc/logrotate.d/*
|
| 1995 |
# Log compression
|
1995 |
# Log compression
|
| 1996 |
$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
|
1996 |
$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
|
| 1997 |
# actualisation des fichiers logs compressés
|
1997 |
# actualisation des fichiers logs compressés
|
| 1998 |
for dir in firewall dansguardian lighttpd
|
1998 |
for dir in firewall e2guardian lighttpd
|
| 1999 |
do
|
1999 |
do
|
| 2000 |
find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
|
2000 |
find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
|
| 2001 |
done
|
2001 |
done
|
| 2002 |
# create the alcasar-load_balancing unit
|
2002 |
# create the alcasar-load_balancing unit
|
| 2003 |
cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
|
2003 |
cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
|
| Line 2023... |
Line 2023... |
| 2023 |
|
2023 |
|
| 2024 |
[Install]
|
2024 |
[Install]
|
| 2025 |
WantedBy=multi-user.target
|
2025 |
WantedBy=multi-user.target
|
| 2026 |
EOF
|
2026 |
EOF
|
| 2027 |
# processes launched at boot time (Systemctl)
|
2027 |
# processes launched at boot time (Systemctl)
|
| 2028 |
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd
|
2028 |
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd
|
| 2029 |
do
|
2029 |
do
|
| 2030 |
/usr/bin/systemctl -q enable $i.service
|
2030 |
/usr/bin/systemctl -q enable $i.service
|
| 2031 |
done
|
2031 |
done
|
| 2032 |
|
2032 |
|
| 2033 |
# disable processes at boot time (Systemctl)
|
2033 |
# disable processes at boot time (Systemctl)
|
| Line 2239... |
Line 2239... |
| 2239 |
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
|
2239 |
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
|
| 2240 |
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
|
2240 |
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2|cut -c1`
|
| 2241 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
|
2241 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
|
| 2242 |
mode="update"
|
2242 |
mode="update"
|
| 2243 |
fi
|
2243 |
fi
|
| 2244 |
for func in init network ACC CA time_server init_db freeradius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install
|
2244 |
for func in init network ACC CA time_server init_db freeradius chilli e2guardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install
|
| 2245 |
do
|
2245 |
do
|
| 2246 |
$func
|
2246 |
$func
|
| 2247 |
if [ $DEBUG_ALCASAR == "on" ]
|
2247 |
if [ $DEBUG_ALCASAR == "on" ]
|
| 2248 |
then
|
2248 |
then
|
| 2249 |
echo "*** 'debug' : end of install '$func' ***"
|
2249 |
echo "*** 'debug' : end of install '$func' ***"
|