Subversion Repositories ALCASAR

Rev

Rev 2631 | Rev 2643 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2631 Rev 2640
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
#  $Id: alcasar.sh 2631 2018-09-12 21:16:42Z rexy $
 2 
#  $Id: alcasar.sh 2640 2018-09-20 21:21:15Z rexy $
3 
 
 3 
 
4 
# alcasar.sh
 4 
# alcasar.sh
5 
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
 5 
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6 
# This script is distributed under the Gnu General Public License (GPL)
 6 
# This script is distributed under the Gnu General Public License (GPL)
7 
#  team@alcasar.net
 7 
#  team@alcasar.net
Line 1673... Line 1673...
1673 
##                  Function "cron"                  ##
 1673 
##                  Function "cron"                  ##
1674 
## - write all cron & anacron files                  ##
 1674 
## - write all cron & anacron files                  ##
1675 
#######################################################
 1675 
#######################################################
1676 
cron ()
 1676 
cron ()
1677 
{
 1677 
{
1678 
# Modif du fichier 'crontab' pour passer les cron à minuit au lieu de 04h00
 1678 
# 'crontab' with standard cron at midnight instead of 4:0 am (default)
1679 
	[ -e /etc/crontab.default ] || cp /etc/crontab /etc/crontab.default
 1679 
	[ -e /etc/crontab.default ] || cp /etc/crontab /etc/crontab.default
1680 
	cat <<EOF > /etc/crontab
 1680 
	cat <<EOF > /etc/crontab
1681 
SHELL=/usr/bin/bash
 1681 
SHELL=/usr/bin/bash
1682 
PATH=/usr/sbin:/usr/bin
 1682 
PATH=/sbin:/bin:/usr/sbin:/usr/bin
1683 
MAILTO=root
 1683 
MAILTO=root
1684 
HOME=/
 1684 
HOME=/
1685 
 
 1685 
 
1686 
# run-parts
 1686 
# run-parts
1687 
01 * * * * root nice -n 19 run-parts --report /etc/cron.hourly
 1687 
01 * * * * root nice -n 19 run-parts --report /etc/cron.hourly
Line 1691... Line 1691...
1691 
EOF
 1691 
EOF
1692 
	[ -e /etc/anacrontab.default ] || cp /etc/anacrontab /etc/anacrontab.default
 1692 
	[ -e /etc/anacrontab.default ] || cp /etc/anacrontab /etc/anacrontab.default
1693 
	cat <<EOF >> /etc/anacrontab
 1693 
	cat <<EOF >> /etc/anacrontab
1694 
7	8	cron.MysqlDump		nice /etc/cron.d/alcasar-mysql
 1694 
7	8	cron.MysqlDump		nice /etc/cron.d/alcasar-mysql
1695 
7	10	cron.logExport		nice /etc/cron.d/alcasar-archive
 1695 
7	10	cron.logExport		nice /etc/cron.d/alcasar-archive
1696 
7	20	cron.importClean	nice /etc/cron.d/alcasar-clean_import
 - 
 
1697 
EOF
 1696 
EOF
1698 
 
 - 
 
1699 
	cat <<EOF > /etc/cron.d/alcasar-mysql
 1697 
	cat <<EOF > /etc/cron.d/alcasar-mysql
1700 
# Contrôle, réparation et export de la base des usagers (tous les lundi à 4h45)
 1698 
# Verify, repair and export users database (every monday at 4:45 am)
1701 
45 4 * * 1 root $DIR_DEST_BIN/alcasar-mysql.sh --dump
 1699 
45 4 * * 1 root $DIR_DEST_BIN/alcasar-mysql.sh --dump
1702 
# Nettoyage des utilisateurs dont la date d'expiration du compte est supérieure à 7 jours
 1700 
# Remove users whose expiration date is exceeded for more more than 7 days (every Monday at 4:40 am)
1703 
40 4 * * * root $DIR_DEST_BIN/alcasar-mysql.sh --expire_user 2>&1 >/dev/null
 1701 
40 4 * * * root $DIR_DEST_BIN/alcasar-mysql.sh --expire_user 2>&1 >/dev/null
1704 
EOF
 1702 
EOF
1705 
	cat <<EOF > /etc/cron.d/alcasar-archive
 1703 
	cat <<EOF > /etc/cron.d/alcasar-archive
1706 
# Archive des logs et de la base de données (tous les lundi à 5h35)
 1704 
# Archiving logs (traceability & users database) (every Monday at 5:35 am)
1707 
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
 1705 
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
1708 
EOF
 1706 
EOF
1709 
	cat <<EOF > /etc/cron.d/alcasar-ticket-clean
 1707 
	cat <<EOF > /etc/cron.d/alcasar-ticket-clean
1710 
# suppression des fichiers de mots de passe (imports massifs par fichier) et des ticket PDF d'utilisateur
 1708 
# Remove password files (created when importing users by CSV files) and user's PDF voucher (every hours at 30')
1711 
30 * * * *  root $DIR_DEST_BIN/alcasar-ticket-clean.sh
 1709 
30 * * * *  root $DIR_DEST_BIN/alcasar-ticket-clean.sh
1712 
EOF
 1710 
EOF
1713 
	cat <<EOF > /etc/cron.d/alcasar-distrib-updates
 1711 
	cat <<EOF > /etc/cron.d/alcasar-distrib-updates
1714 
# mise à jour automatique de la distribution tous les jours 3h30
 1712 
# Update the system (everyday at 3:30 am)
1715 
30 3 * * *  root /usr/sbin/urpmi --auto-update --auto 2>&1
 1713 
30 3 * * *  root /usr/sbin/urpmi --auto-update --auto 2>&1
1716 
EOF
 1714 
EOF
1717 
 
 - 
 
1718 
	cat <<EOF > /etc/cron.d/alcasar-connections-stats
 1715 
	cat <<EOF > /etc/cron.d/alcasar-connections-stats
1719 
# Connection stats update (accounting). These Perl scripts are from "dialup_admin" (cf. wiki.freeradius.org/Dialup_admin).
 1716 
# Connection stats update (accounting). These Perl scripts are from "dialup_admin" (cf. wiki.freeradius.org/Dialup_admin).
1720 
# 'alcasar-tot_stats' (everyday at 01h01 pm) : aggregating the daily connections of users (write in the table 'totacct')
 1717 
# 'alcasar-tot_stats' : aggregate the daily connections of users and write it in the table 'totacct' (everyday at 1:01 pm)
1721 
# 'alcasar-monthly_tot_stat' (everyday at 01h05 pm) : aggregating the monthly connections of users (write in table 'mtotacct')
 1718 
# 'alcasar-monthly_tot_stat' : aggregate the monthly connections of users and write it in table 'mtotacct' (everyday at 1h05 pm)
1722 
# 'alcasar-truncate_raddact' (every month, the first at 01h10 pm) : removing the log sessions of users older than 365 days
 1719 
# 'alcasar-truncate_raddact' : remove the user' session log older than 365 days (applying French law : "LCEN") (every month, the first at 01:10 pm)
1723 
# 'alcasar-clean_radacct' (every month, the first at 01h15 pm) : closing the sessions openned for more than 30 days
 1720 
# 'alcasar-clean_radacct' : close the sessions openned for more than 30 days (every month, the first at 01:15 pm)
1724 
# 'alcasar-activity_report.sh' (every sunday at 5h35 pm) : generate an activity report in PDF
 1721 
# 'alcasar-activity_report.sh' : generate an activity report in PDF (every sunday at 5:35 pm)
1725 
1 1 * * * root $DIR_DEST_BIN/alcasar-tot_stats > /dev/null 2>&1
 1722 
1 1 * * * root $DIR_DEST_BIN/alcasar-tot_stats > /dev/null 2>&1
1726 
5 1 * * * root $DIR_DEST_BIN/alcasar-monthly_tot_stats > /dev/null 2>&1
 1723 
5 1 * * * root $DIR_DEST_BIN/alcasar-monthly_tot_stats > /dev/null 2>&1
1727 
10 1 1 * * root $DIR_DEST_BIN/alcasar-truncate_radacct > /dev/null 2>&1
 1724 
10 1 1 * * root $DIR_DEST_BIN/alcasar-truncate_radacct > /dev/null 2>&1
1728 
15 1 1 * * root $DIR_DEST_BIN/alcasar-clean_radacct > /dev/null 2>&1
 1725 
15 1 1 * * root $DIR_DEST_BIN/alcasar-clean_radacct > /dev/null 2>&1
1729 
35 5 * * 0 root $DIR_DEST_BIN/alcasar-activity_report.sh > /dev/null 2>&1
 1726 
35 5 * * 0 root $DIR_DEST_BIN/alcasar-activity_report.sh > /dev/null 2>&1
1730 
EOF
 1727 
EOF
1731 
	cat <<EOF > /etc/cron.d/alcasar-watchdog
 1728 
	cat <<EOF > /etc/cron.d/alcasar-watchdog
1732 
# run the "watchdog" every 3'
 1729 
# 'alcasar-watchdog.sh' : run the "watchdog" (every 10')
1733 
# empty the IPSET of the whitelisted IP (loaded dynamically with dnsmasq-whitelist) when every whitelisted users are logged out (every sunday at 0h05
 1730 
# 'alcasar-flush_ipset_wl.sh' : empty the IPSET of the whitelisted IP loaded dynamically with dnsmasq-whitelist hook (every sunday at 0:05 am)
- 
 
 1731 
# 'alcasar-watchdog-hl.sh' : (optionnaly) remove the IP 0.0.0.0 from chilli cache memory
1734 
*/10 * * * * root $DIR_DEST_BIN/alcasar-watchdog.sh > /dev/null 2>&1
 1732 
*/10 * * * * root $DIR_DEST_BIN/alcasar-watchdog.sh > /dev/null 2>&1
1735 
0 5 * * 0 root $DIR_DEST_BIN/alcasar-flush_ipset_wl.sh > /dev/null 2>&1
 1733 
0 5 * * 0 root $DIR_DEST_BIN/alcasar-flush_ipset_wl.sh > /dev/null 2>&1
1736 
#* * * * * root $DIR_DEST_BIN/alcasar-watchdog-hl.sh > /dev/null 2>&1
 1734 
#* * * * * root $DIR_DEST_BIN/alcasar-watchdog-hl.sh > /dev/null 2>&1
1737 
EOF
 1735 
EOF
1738 
# Enabling the watchdog every 18'
 - 
 
1739 
	cat <<EOF > /etc/cron.d/alcasar-daemon-watchdog
 1736 
	cat <<EOF > /etc/cron.d/alcasar-daemon-watchdog
1740 
# activate  the daemon-watchdog after boot process
 1737 
# start dead daemons (after boot process and every 18')
1741 
@reboot root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
 1738 
@reboot root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
1742 
# activate the daemon-watchdog every 18'
 - 
 
1743 
*/18 * * * * root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
 1739 
*/18 * * * * root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
1744 
EOF
 1740 
EOF
1745 
 
 - 
 
1746 
# Enabling category update from rsync
 - 
 
1747 
	cat <<EOF > /etc/cron.d/alcasar-rsync-bl
 1741 
	cat <<EOF > /etc/cron.d/alcasar-rsync-bl
1748 
# Automatic update of BL via rsync every 12 hours. The categories are listed in the file '/usr/local/etc/update_cat.conf' (no sync if empty).
 1742 
# Automatic update the BL via rsync (every 12 hours). The enabled categories are listed in '/usr/local/etc/update_cat.conf' (no sync if empty).
1749 
0 */12 * * * root $DIR_DEST_BIN/alcasar-bl.sh --update_cat > /dev/null 2>&1
 1743 
0 */12 * * * root $DIR_DEST_BIN/alcasar-bl.sh --update_cat > /dev/null 2>&1
1750 
EOF
 1744 
EOF
1751 
 
 - 
 
1752 
# Renew the Let's Encrypt certificate
 - 
 
1753 
	cat <<EOF > /etc/cron.d/alcasar-letsencrypt
 1745 
	cat <<EOF > /etc/cron.d/alcasar-letsencrypt
1754 
# Automatic renew of the Let's Encrypt certificate
 1746 
# Automatic renew the Let's Encrypt certificate (daily --> see "cron.daily")
1755 
@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1
 1747 
@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1
1756 
EOF
 1748 
EOF
1757 
 
 1749 
 
1758 
# removing the users crons
 1750 
# removing the users crons
1759 
	rm -f /var/spool/cron/*
 1751 
	rm -f /var/spool/cron/*