WebSVN – ALCASAR – Diff – /alcasar.sh



#!/bin/bash
#  $Id: alcasar.sh 2870 2020-10-27 23:16:41Z rexy $
 
# alcasar.sh
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
# This script is distributed under the Gnu General Public License (GPL)
#  team@alcasar.net

	echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
	echo "-----------------------------------------------------------------------------"
} # End of header_install()
 
########################################################
##              Function "testing_system"             ##
## - Test Mageia version                              ##
## - Test ALCASAR version (if already installed)      ##
## - Test free space on /var  (>10G)                  ##
## - Test Internet access                             ##
########################################################
testing_system()
{
# Test of Mageia version
# extract the current Mageia version and hardware architecture (i586 ou X64)
	fic=`cat /etc/product.id`
	unknown_os=0

		done
		if [ "$response" = "2" ]
		then
			rm -f /var/tmp/alcasar-conf*
		else
 
 
 
 
 
# Create the archive of conf files
			$DIR_SCRIPTS/alcasar-conf.sh --create
			mode="update"
		fi
	fi
# Free /var (when updating) and test free space

			then echo "Espace disponible insuffisant sur /var ($free_space Go au lieu de 10 Go au minimum)"
			else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"
		fi
	exit 0
	fi
} # End of testing_system
 
########################################################
##             Function "testing_network"             ##
## - Test Internet access                             ##
########################################################
testing_network()
{
# Detect external/internal interfaces
	if [ -z "$EXTIF" ]; then
		EXTIF=$(/usr/sbin/ip route list | awk '/^default / {print $5}')
		if [ -z "$EXTIF" ]; then
			if [ "$Lang" == 'fr' ]

			echo "Verify the DNS IP addresses"
		fi
		exit 1
	fi
	echo ". : ok"
} # End of testing_network()
 
#######################################################################
##                    Function "init"                                ##
## - Creation of ALCASAR conf file "/usr/local/etc/alcasar.conf      ##
## - Creation of random password for GRUB, mariadb (admin and user)  ##

	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.				# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
	PRIVATE_MAC=`/usr/sbin/ip link show $INTIF | grep ether | cut -d" " -f6| sed 's/:/-/g'| awk '{print toupper($0)}'` 	# MAC address of INTIF
# Define Internet parameters
	DNS1=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF | grep '^DNS1='| cut -d"=" -f2`	# 1st DNS server
	DNS2=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF | grep '^DNS2=' | cut -d"=" -f2`	# 2nd DNS server
	DNS1=${DNS1:=208.67.220.220}
	DNS2=${DNS2:=208.67.222.222}
	PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
# Write network parameters in the conf file

DEVICE=$EXTIF
BOOTPROTO=static
IPADDR=$PUBLIC_IP
NETMASK=$PUBLIC_NETMASK
GATEWAY=$PUBLIC_GATEWAY
DNS1=$DNS1
DNS2=$DNS2
RESOLV_MODS=yes
ONBOOT=yes
METRIC=10
NOZEROCONF=yes
MII_NOT_SUPPORTED=yes

	$SED "s?^Interface.*?Interface \"$EXTIF\"?g" /etc/vnstat.conf
	$SED "s?^DatabaseDir.*?DatabaseDir /var/log/vnstat?g" /etc/vnstat.conf
    # vnstat-dashboard
    $SED "s?^\$thisInterface.*?\$thisInterface = \"$EXTIF\";?" $DIR_ACC/manager/vnstat/index.php
	[ -e /lib/systemd/system/vnstat.service.default ] || cp /lib/systemd/system/vnstat.service /lib/systemd/system/vnstat.service.default
    $SED "s?^PIDFILE=.*?PIDFILE=/run/vnstat/vnstat.pid?g" /lib/systemd/system/vnstat.service
} # End of vnstat()
 
###################################################################
##                     Function "dnsmasq"                        ##
## - creation of the conf files of dnsmasq (whitelist for ipset )##

Type=oneshot
RemainAfterExit=yes
ExecStart=$DIR_DEST_BIN/alcasar-load_balancing.sh start
ExecStop=$DIR_DEST_BIN/alcasar-load_balancing.sh stop
TimeoutSec=0
 
 
[Install]
WantedBy=multi-user.target
EOF
	/usr/bin/systemctl daemon-reload

	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	-i | --install)
		for func in license testing_system
		do
			header_install
			$func
			if [ $DEBUG_ALCASAR == "on" ]
			then
				echo "*** 'debug' : end of function '$func' ***"
				read
			fi
		done
# RPMs install
		$DIR_SCRIPTS/alcasar-urpmi.sh

				then echo "#### Installation avec mise à jour ####";
				else echo "#### Installation with update     ####";
			fi
			mode="update"
		fi
		for func in testing_network init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat dnsmasq unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt post_install
		do
			$func
			if [ $DEBUG_ALCASAR == "on" ]
			then
				echo "*** 'debug' : end of function '$func' ***"
				read
			fi
		done
		;;
	-u | --uninstall)

Rev 2868	Rev 2870
Line 1...	Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar.sh 2868 2020-10-26 21:22:24Z rexy $`	2	`# $Id: alcasar.sh 2870 2020-10-27 23:16:41Z rexy $`
3		3
4	`# alcasar.sh`	4	`# alcasar.sh`
5	`# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)`	5	`# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)`
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7	`# team@alcasar.net`	7	`# team@alcasar.net`
Line 114...	Line 114...
114	`echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"`	114	`echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"`
115	`echo "-----------------------------------------------------------------------------"`	115	`echo "-----------------------------------------------------------------------------"`
116	`} # End of header_install()`	116	`} # End of header_install()`
117		117
118	`########################################################`	118	`########################################################`
119	`## Function "testing" ##`	119	`## Function "testing_system" ##`
120	`## - Test Mageia version ##`	120	`## - Test Mageia version ##`
121	`## - Test ALCASAR version (if already installed) ##`	121	`## - Test ALCASAR version (if already installed) ##`
122	`## - Test free space on /var (>10G) ##`	122	`## - Test free space on /var (>10G) ##`
123	`## - Test Internet access ##`	123	`## - Test Internet access ##`
124	`########################################################`	124	`########################################################`
125	`testing()`	125	`testing_system()`
126	`{`	126	`{`
127	`# Test of Mageia version`	127	`# Test of Mageia version`
128	`# extract the current Mageia version and hardware architecture (i586 ou X64)`	128	`# extract the current Mageia version and hardware architecture (i586 ou X64)`
129	fic=`cat /etc/product.id`	129	fic=`cat /etc/product.id`
130	`unknown_os=0`	130	`unknown_os=0`
Line 209...	Line 209...
209	`done`	209	`done`
210	`if [ "$response" = "2" ]`	210	`if [ "$response" = "2" ]`
211	`then`	211	`then`
212	`rm -f /var/tmp/alcasar-conf*`	212	`rm -f /var/tmp/alcasar-conf*`
213	`else`	213	`else`
214	`# Retrieve former NICname`	-
215	EXTIF_saved=`grep ^EXTIF= $CONF_FILE \| cut -d'=' -f2-` # EXTernal InterFace	-
216	INTIF_saved=`grep ^INTIF= $CONF_FILE \| cut -d'=' -f2-` # INTernal InterFace	-
217	`[ "$(/usr/sbin/ip link \| grep -c " $EXTIF_saved:")" -ne 0 ] && EXTIF=$EXTIF_saved \|\| echo "Warning: Network card \"$EXTIF_saved\" is not connected, so \"$EXTIF\" will be used for external network."`	-
218	`[ "$(/usr/sbin/ip link \| grep -c " $INTIF_saved:")" -ne 0 ] && INTIF=$INTIF_saved \|\| echo "Warning: Network card \"$INTIF_saved\" is not connected, so \"$INTIF\" will be used for internal network."`	-
219	`# Create the current conf file`	214	`# Create the archive of conf files`
220	`$DIR_SCRIPTS/alcasar-conf.sh --create`	215	`$DIR_SCRIPTS/alcasar-conf.sh --create`
221	`mode="update"`	216	`mode="update"`
222	`fi`	217	`fi`
223	`fi`	218	`fi`
224	`# Free /var (when updating) and test free space`	219	`# Free /var (when updating) and test free space`
Line 232...	Line 227...
232	`then echo "Espace disponible insuffisant sur /var ($free_space Go au lieu de 10 Go au minimum)"`	227	`then echo "Espace disponible insuffisant sur /var ($free_space Go au lieu de 10 Go au minimum)"`
233	`else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"`	228	`else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"`
234	`fi`	229	`fi`
235	`exit 0`	230	`exit 0`
236	`fi`	231	`fi`
-		232	`} # End of testing_system`
237		233
-		234	`########################################################`
-		235	`## Function "testing_network" ##`
-		236	`## - Test Internet access ##`
-		237	`########################################################`
-		238	`testing_network()`
-		239	`{`
238	`# Detect external/internal interfaces`	240	`# Detect external/internal interfaces`
239	`if [ -z "$EXTIF" ]; then`	241	`if [ -z "$EXTIF" ]; then`
240	`EXTIF=$(/usr/sbin/ip route list \| awk '/^default / {print $5}')`	242	`EXTIF=$(/usr/sbin/ip route list \| awk '/^default / {print $5}')`
241	`if [ -z "$EXTIF" ]; then`	243	`if [ -z "$EXTIF" ]; then`
242	`if [ "$Lang" == 'fr' ]`	244	`if [ "$Lang" == 'fr' ]`
Line 411...	Line 413...
411	`echo "Verify the DNS IP addresses"`	413	`echo "Verify the DNS IP addresses"`
412	`fi`	414	`fi`
413	`exit 1`	415	`exit 1`
414	`fi`	416	`fi`
415	`echo ". : ok"`	417	`echo ". : ok"`
416	`} # End of testing()`	418	`} # End of testing_network()`
417		419
418	`#######################################################################`	420	`#######################################################################`
419	`## Function "init" ##`	421	`## Function "init" ##`
420	`## - Creation of ALCASAR conf file "/usr/local/etc/alcasar.conf ##`	422	`## - Creation of ALCASAR conf file "/usr/local/etc/alcasar.conf ##`
421	`## - Creation of random password for GRUB, mariadb (admin and user) ##`	423	`## - Creation of random password for GRUB, mariadb (admin and user) ##`
Line 556...	Line 558...
556	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK \| cut -d"." -f1-$classe`. # compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)	558	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK \| cut -d"." -f1-$classe`. # compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
557	PRIVATE_MAC=`/usr/sbin/ip link show $INTIF \| grep ether \| cut -d" " -f6\| sed 's/:/-/g'\| awk '{print toupper($0)}'` # MAC address of INTIF	559	PRIVATE_MAC=`/usr/sbin/ip link show $INTIF \| grep ether \| cut -d" " -f6\| sed 's/:/-/g'\| awk '{print toupper($0)}'` # MAC address of INTIF
558	`# Define Internet parameters`	560	`# Define Internet parameters`
559	DNS1=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF \| grep '^DNS1='\| cut -d"=" -f2` # 1st DNS server	561	DNS1=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF \| grep '^DNS1='\| cut -d"=" -f2` # 1st DNS server
560	DNS2=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF \| grep '^DNS2=' \| cut -d"=" -f2` # 2nd DNS server	562	DNS2=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF \| grep '^DNS2=' \| cut -d"=" -f2` # 2nd DNS server
561	`DNS1=${DNS1:=208.67.220.220}`	563	`DNS1=${DNS1:=208.67.220.220}`
562	`DNS2=${DNS2:=208.67.222.222}`	564	`DNS2=${DNS2:=208.67.222.222}`
563	PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK \| cut -d"=" -f2`	565	PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK \| cut -d"=" -f2`
564	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK\|cut -d"=" -f2`	566	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK\|cut -d"=" -f2`
565	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX\|cut -d"=" -f2`	567	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX\|cut -d"=" -f2`
566	`# Write network parameters in the conf file`	568	`# Write network parameters in the conf file`
Line 641...	Line 643...
641	`DEVICE=$EXTIF`	643	`DEVICE=$EXTIF`
642	`BOOTPROTO=static`	644	`BOOTPROTO=static`
643	`IPADDR=$PUBLIC_IP`	645	`IPADDR=$PUBLIC_IP`
644	`NETMASK=$PUBLIC_NETMASK`	646	`NETMASK=$PUBLIC_NETMASK`
645	`GATEWAY=$PUBLIC_GATEWAY`	647	`GATEWAY=$PUBLIC_GATEWAY`
646	`DNS1=127.0.0.1`	648	`DNS1=$DNS1`
-		649	`DNS2=$DNS2`
647	`RESOLV_MODS=yes`	650	`RESOLV_MODS=yes`
648	`ONBOOT=yes`	651	`ONBOOT=yes`
649	`METRIC=10`	652	`METRIC=10`
650	`NOZEROCONF=yes`	653	`NOZEROCONF=yes`
651	`MII_NOT_SUPPORTED=yes`	654	`MII_NOT_SUPPORTED=yes`
Line 1470...	Line 1473...
1470	`$SED "s?^Interface.*?Interface \"$EXTIF\"?g" /etc/vnstat.conf`	1473	`$SED "s?^Interface.*?Interface \"$EXTIF\"?g" /etc/vnstat.conf`
1471	`$SED "s?^DatabaseDir.*?DatabaseDir /var/log/vnstat?g" /etc/vnstat.conf`	1474	`$SED "s?^DatabaseDir.*?DatabaseDir /var/log/vnstat?g" /etc/vnstat.conf`
1472	`# vnstat-dashboard`	1475	`# vnstat-dashboard`
1473	`$SED "s?^\$thisInterface.*?\$thisInterface = \"$EXTIF\";?" $DIR_ACC/manager/vnstat/index.php`	1476	`$SED "s?^\$thisInterface.*?\$thisInterface = \"$EXTIF\";?" $DIR_ACC/manager/vnstat/index.php`
1474	`[ -e /lib/systemd/system/vnstat.service.default ] \|\| cp /lib/systemd/system/vnstat.service /lib/systemd/system/vnstat.service.default`	1477	`[ -e /lib/systemd/system/vnstat.service.default ] \|\| cp /lib/systemd/system/vnstat.service /lib/systemd/system/vnstat.service.default`
1475	`$SED "s?^PIDFILE=.*?PIDFILE=/var/run/vnstat/vnstat.pid?g" /lib/systemd/system/vnstat.service`	1478	`$SED "s?^PIDFILE=.*?PIDFILE=/run/vnstat/vnstat.pid?g" /lib/systemd/system/vnstat.service`
1476	`} # End of vnstat()`	1479	`} # End of vnstat()`
1477		1480
1478	`###################################################################`	1481	`###################################################################`
1479	`## Function "dnsmasq" ##`	1482	`## Function "dnsmasq" ##`
1480	`## - creation of the conf files of dnsmasq (whitelist for ipset )##`	1483	`## - creation of the conf files of dnsmasq (whitelist for ipset )##`
Line 2207...	Line 2210...
2207	`Type=oneshot`	2210	`Type=oneshot`
2208	`RemainAfterExit=yes`	2211	`RemainAfterExit=yes`
2209	`ExecStart=$DIR_DEST_BIN/alcasar-load_balancing.sh start`	2212	`ExecStart=$DIR_DEST_BIN/alcasar-load_balancing.sh start`
2210	`ExecStop=$DIR_DEST_BIN/alcasar-load_balancing.sh stop`	2213	`ExecStop=$DIR_DEST_BIN/alcasar-load_balancing.sh stop`
2211	`TimeoutSec=0`	2214	`TimeoutSec=0`
2212	`SysVStartPriority=99`	-
2213		2215
2214	`[Install]`	2216	`[Install]`
2215	`WantedBy=multi-user.target`	2217	`WantedBy=multi-user.target`
2216	`EOF`	2218	`EOF`
2217	`/usr/bin/systemctl daemon-reload`	2219	`/usr/bin/systemctl daemon-reload`
Line 2371...	Line 2373...
2371	`-\? \| -h* \| --h*)`	2373	`-\? \| -h* \| --h*)`
2372	`echo "$usage"`	2374	`echo "$usage"`
2373	`exit 0`	2375	`exit 0`
2374	`;;`	2376	`;;`
2375	`-i \| --install)`	2377	`-i \| --install)`
2376	`for func in license testing`	2378	`for func in license testing_system`
2377	`do`	2379	`do`
2378	`header_install`	2380	`header_install`
2379	`$func`	2381	`$func`
2380	`if [ $DEBUG_ALCASAR == "on" ]`	2382	`if [ $DEBUG_ALCASAR == "on" ]`
2381	`then`	2383	`then`
2382	`echo "* 'debug' : end of install '$func' *"`	2384	`echo "* 'debug' : end of function '$func' *"`
2383	`read`	2385	`read`
2384	`fi`	2386	`fi`
2385	`done`	2387	`done`
2386	`# RPMs install`	2388	`# RPMs install`
2387	`$DIR_SCRIPTS/alcasar-urpmi.sh`	2389	`$DIR_SCRIPTS/alcasar-urpmi.sh`
Line 2447...	Line 2449...
2447	`then echo "#### Installation avec mise à jour ####";`	2449	`then echo "#### Installation avec mise à jour ####";`
2448	`else echo "#### Installation with update ####";`	2450	`else echo "#### Installation with update ####";`
2449	`fi`	2451	`fi`
2450	`mode="update"`	2452	`mode="update"`
2451	`fi`	2453	`fi`
2452	`for func in init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat dnsmasq unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt post_install`	2454	`for func in testing_network init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat dnsmasq unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt post_install`
2453	`do`	2455	`do`
2454	`$func`	2456	`$func`
2455	`if [ $DEBUG_ALCASAR == "on" ]`	2457	`if [ $DEBUG_ALCASAR == "on" ]`
2456	`then`	2458	`then`
2457	`echo "* 'debug' : end of install '$func' *"`	2459	`echo "* 'debug' : end of function '$func' *"`
2458	`read`	2460	`read`
2459	`fi`	2461	`fi`
2460	`done`	2462	`done`
2461	`;;`	2463	`;;`
2462	`-u \| --uninstall)`	2464	`-u \| --uninstall)`

Subversion Repositories ALCASAR

(root)/alcasar.sh – Rev 2868 → 2870