Subversion Repositories ALCASAR

Rev

Rev 2552 | Rev 2560 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2552 Rev 2558
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
#  $Id: alcasar.sh 2552 2018-05-08 22:21:47Z rexy $
 2 
#  $Id: alcasar.sh 2558 2018-06-05 21:56:34Z rexy $
3 
 
 3 
 
4 
# alcasar.sh
 4 
# alcasar.sh
5 
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
 5 
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6 
# This script is distributed under the Gnu General Public License (GPL)
 6 
# This script is distributed under the Gnu General Public License (GPL)
7 
#  team@alcasar.net
 7 
#  team@alcasar.net
Line 579... Line 579...
579 
EOF
 579 
EOF
580 
# write "/etc/hosts"
 580 
# write "/etc/hosts"
581 
	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
 581 
	[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
582 
	cat <<EOF > /etc/hosts
 582 
	cat <<EOF > /etc/hosts
583 
127.0.0.1	localhost
 583 
127.0.0.1	localhost
584 
$PRIVATE_IP	$HOSTNAME.$DOMAIN $HOSTNAME
 584 
$PRIVATE_IP	$HOSTNAME
585 
EOF
 585 
EOF
586 
# write EXTIF (Internet) config
 586 
# write EXTIF (Internet) config
587 
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
 587 
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
588 
	if [ $IP_SETTING == "dhcp" ]
 588 
	if [ $IP_SETTING == "dhcp" ]
589 
		then
 589 
		then
Line 1501... Line 1501...
1501 
	$SED "s?\$iface_list =.*?\$iface_list = array('$EXTIF');?" $DIR_ACC/manager/stats/config.php
 1501 
	$SED "s?\$iface_list =.*?\$iface_list = array('$EXTIF');?" $DIR_ACC/manager/stats/config.php
1502 
	$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php
 1502 
	$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php
1503 
	/usr/bin/vnstat -u -i $EXTIF
 1503 
	/usr/bin/vnstat -u -i $EXTIF
1504 
} # End of vnstat
 1504 
} # End of vnstat
1505 
 
 1505 
 
1506 
################################################################
 1506 
##################################################################
1507 
##                     Function "dnsmasq"                     ##
 1507 
##                     Function "dnsmasq"                       ##
1508 
## - creation of the conf files of the 4 intances of dnsmasq  ##
1508 
## - creation of the conf files of the 4 intances of dnsmasq    ##
- 
 
 1509 
## - creation of the file managing domain name (local & remote) ##
1509 
################################################################
 1510 
##################################################################
1510 
dnsmasq ()
 1511 
dnsmasq ()
1511 
{
 1512 
{
1512 
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
 1513 
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
1513 
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if "alcasar-bypass" is on.
 1514 
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if "alcasar-bypass" is on.
1514 
	[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
 1515 
	[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
1515 
	cat << EOF > /etc/dnsmasq.conf
 1516 
	cat << EOF > /etc/dnsmasq.conf
1516 
# Configuration file for "dnsmasq in forward mode"
 1517 
# Configuration file for "dnsmasq in forward mode"
1517 
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
 1518 
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local & remote DNS domain name resolutions
1518 
listen-address=$PRIVATE_IP
 1519 
listen-address=$PRIVATE_IP
1519 
pid-file=/var/run/dnsmasq.pid
 1520 
pid-file=/var/run/dnsmasq.pid
1520 
listen-address=127.0.0.1
 1521 
listen-address=127.0.0.1
1521 
no-dhcp-interface=$INTIF
 1522 
no-dhcp-interface=$INTIF
1522 
no-dhcp-interface=tun0
 1523 
no-dhcp-interface=tun0
Line 1531... Line 1532...
1531 
server=$DNS2
 1532 
server=$DNS2
1532 
# DHCP service is configured. It will be enabled in "bypass" mode
 1533 
# DHCP service is configured. It will be enabled in "bypass" mode
1533 
#dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
 1534 
#dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
1534 
#dhcp-option=option:router,$PRIVATE_IP
 1535 
#dhcp-option=option:router,$PRIVATE_IP
1535 
#dhcp-option=option:ntp-server,$PRIVATE_IP
 1536 
#dhcp-option=option:ntp-server,$PRIVATE_IP
1536 
#domain=$DOMAIN
 - 
 
1537 
 
 1537 
 
1538 
# Exemple of static dhcp assignation : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
 1538 
# Exemple of static dhcp assignation : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
1539 
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
 1539 
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
1540 
EOF
 1540 
EOF
1541 
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
 1541 
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
1542 
	cat << EOF > /etc/dnsmasq-blacklist.conf
 1542 
	cat << EOF > /etc/dnsmasq-blacklist.conf
1543 
# Configuration file for "dnsmasq with blacklist"
 1543 
# Configuration file for "dnsmasq with blacklist"
1544 
# Add Toulouse University blacklist domains
 1544 
# Add Toulouse University blacklist domains
1545 
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
 1545 
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local & remote DNS domain name resolutions
1546 
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
 1546 
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
1547 
pid-file=/var/run/dnsmasq-blacklist.pid
 1547 
pid-file=/var/run/dnsmasq-blacklist.pid
1548 
listen-address=$PRIVATE_IP
 1548 
listen-address=$PRIVATE_IP
1549 
port=54
 1549 
port=54
1550 
no-dhcp-interface=$INTIF
 1550 
no-dhcp-interface=$INTIF
Line 1563... Line 1563...
1563 
EOF
 1563 
EOF
1564 
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
 1564 
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
1565 
	cat << EOF > /etc/dnsmasq-whitelist.conf
 1565 
	cat << EOF > /etc/dnsmasq-whitelist.conf
1566 
# Configuration file for "dnsmasq with whitelist"
 1566 
# Configuration file for "dnsmasq with whitelist"
1567 
# ADD Toulouse university whitelist domains
 1567 
# ADD Toulouse university whitelist domains
1568 
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
 1568 
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local & remote DNS domain name resolutions
1569 
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
 1569 
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
1570 
pid-file=/var/run/dnsmasq-whitelist.pid
 1570 
pid-file=/var/run/dnsmasq-whitelist.pid
1571 
listen-address=$PRIVATE_IP
 1571 
listen-address=$PRIVATE_IP
1572 
port=55
 1572 
port=55
1573 
no-dhcp-interface=$INTIF
 1573 
no-dhcp-interface=$INTIF
Line 1583... Line 1583...
1583 
address=/#/$PRIVATE_IP				# for Domain name without local resolution (WL)
 1583 
address=/#/$PRIVATE_IP				# for Domain name without local resolution (WL)
1584 
EOF
 1584 
EOF
1585 
# 4th dnsmasq listen on udp 56 ("blackhole")
 1585 
# 4th dnsmasq listen on udp 56 ("blackhole")
1586 
	cat << EOF > /etc/dnsmasq-blackhole.conf
 1586 
	cat << EOF > /etc/dnsmasq-blackhole.conf
1587 
# Configuration file for "dnsmasq as a blackhole"
 1587 
# Configuration file for "dnsmasq as a blackhole"
1588 
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
 1588 
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local & remote DNS domain name resolutions
1589 
address=/#/$PRIVATE_IP				# redirect all on ALCASAR IP address
 1589 
address=/#/$PRIVATE_IP				# redirect all on ALCASAR IP address
1590 
pid-file=/var/run/dnsmasq-blackhole.pid
 1590 
pid-file=/var/run/dnsmasq-blackhole.pid
1591 
listen-address=$PRIVATE_IP
 1591 
listen-address=$PRIVATE_IP
1592 
port=56
 1592 
port=56
1593 
no-dhcp-interface=$INTIF
 1593 
no-dhcp-interface=$INTIF
Line 1598... Line 1598...
1598 
domain-needed
 1598 
domain-needed
1599 
expand-hosts
 1599 
expand-hosts
1600 
bogus-priv
 1600 
bogus-priv
1601 
filterwin2k
 1601 
filterwin2k
1602 
EOF
 1602 
EOF
- 
 
 1603 
# file managing domain name resolution (local & remote)
- 
 
 1604 
cat << EOF > $DIR_DEST_ETC/alcasar-dns-name
- 
 
 1605 
# Vous pouvez définir ici votre nom de domain local ('localdomain' par défaut)
- 
 
 1606 
# Here you can define your local domain name ('localdomain' by default)
- 
 
 1607 
local=/$DOMAIN/
- 
 
 1608 
domain=$DOMAIN
- 
 
 1609 
 
- 
 
 1610 
## Ajouter une ligne pour chaque nom de domaine géré par un autre seveur DNS
- 
 
 1611 
## Add one line for each domain name managed by an other DNS server
- 
 
 1612 
## server=/<your_domain>/<@IP_domain_server>
- 
 
 1613 
## Exemple for an A.D. domain :  server=/Your.Domain.AD/110.120.100.100
- 
 
 1614 
## Exemple for an other domain : server=/an_other_domain/10.20.30.40
- 
 
 1615 
 
- 
 
 1616 
## INFO : local hostnames are resolved in /etc/hosts file
- 
 
 1617 
EOF
1603 
 
 1618 
 
1604 
# the main instance should start after network and chilli (which create tun0)
 1619 
# the main instance should start after network and chilli (which create tun0)
1605 
	[ -e /lib/systemd/system/dnsmasq.service.default ] || cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default
 1620 
	[ -e /lib/systemd/system/dnsmasq.service.default ] || cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default
1606 
	$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /lib/systemd/system/dnsmasq.service
 1621 
	$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /lib/systemd/system/dnsmasq.service
1607 
# Create dnsmasq-blacklist, dnsmasq-whitelist and dnsmasq-blackhole unit
 1622 
# Create dnsmasq-blacklist, dnsmasq-whitelist and dnsmasq-blackhole unit