Subversion Repositories ALCASAR

Rev

Rev 3244 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 3244 Rev 3247
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
#  $Id: alcasar.sh 3244 2025-01-29 12:21:27Z rexy $
 2 
#  $Id: alcasar.sh 3247 2025-02-02 23:22:02Z rexy $
3 
 
 3 
 
4 
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
 4 
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5 
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
 5 
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
6 
# contact : info@alcasar.net
 6 
# contact : info@alcasar.net
7 
 
 7 
 
Line 543... Line 543...
543 
	hostnamectl set-hostname $HOSTNAME.$DOMAIN
 543 
	hostnamectl set-hostname $HOSTNAME.$DOMAIN
544 
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)
 544 
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network address (ie.: 192.168.182.0)
545 
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f4`					# last octet of LAN address
 545 
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f4`					# last octet of LAN address
546 
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)
 546 
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`				# private network mask (ie.: 255.255.255.0)
547 
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`					# network prefix (ie. 24)
 547 
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`					# network prefix (ie. 24)
548 
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`						# ALCASAR private ip address (consultation LAN side)
 548 
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`								# ALCASAR private ip address (consultation LAN side)
549 
	if [ $PRIVATE_IP == $PRIVATE_NETWORK ]								# when entering network address instead of ip address
 549 
	if [ $PRIVATE_IP == $PRIVATE_NETWORK ]											# when entering network address instead of ip address
550 
	then
 550 
	then
551 
		PRIVATE_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`
 551 
		PRIVATE_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`
552 
		PRIVATE_IP_MASK=`echo $PRIVATE_IP/$PRIVATE_PREFIX`
 552 
		PRIVATE_IP_MASK=`echo $PRIVATE_IP/$PRIVATE_PREFIX`
553 
	fi
 553 
	fi
- 
 
 554 
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX						# ie.: 192.168.182.0/24
- 
 
 555 
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`	# private network broadcast (ie.: 192.168.182.255)
- 
 
 556 
	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`;				# ie.: 2=classe B, 3=classe C
554 
	private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4`						# last octet of LAN address
 557 
	private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4`						# last octet of LAN address
- 
 
 558 
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`				# last octet of LAN broadcast
555 
	PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1`		# second network address (ex.: 192.168.182.2)
 559 
	PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1`		# second network address (ex.: 192.168.182.2)
556 
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
 560 
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
557 
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX						# ie.: 192.168.182.0/24
 - 
 
558 
	classe=$((PRIVATE_PREFIX/8))									# ie.: 2=classe B, 3=classe C
 561 
	classe=$((PRIVATE_PREFIX/8))												# ie.: 2=classe B, 3=classe C
559 
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.				# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
 562 
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.		# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
560 
	PRIVATE_MAC=`/usr/sbin/ip link show $INTIF | grep ether | cut -d" " -f6| sed 's/:/-/g'| awk '{print toupper($0)}'` 	# MAC address of INTIF
 563 
	PRIVATE_MAC=`/usr/sbin/ip link show $INTIF | grep ether | cut -d" " -f6| sed 's/:/-/g'| awk '{print toupper($0)}'` 	# MAC address of INTIF
561 
# Define Internet parameters
 564 
# Define Internet parameters
562 
	DNS1=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF | grep '^DNS1='| cut -d"=" -f2`	# 1st DNS server
 565 
	DNS1=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF | grep '^DNS1='| cut -d"=" -f2`	# 1st DNS server
563 
	DNS2=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF | grep '^DNS2=' | cut -d"=" -f2`	# 2nd DNS server
 566 
	DNS2=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF | grep '^DNS2=' | cut -d"=" -f2`	# 2nd DNS server
564 
	DNS1=${DNS1:=208.67.220.220}
 567 
	DNS1=${DNS1:=208.67.220.220}
Line 972... Line 975...
972 
        AllowOverride None
 975 
        AllowOverride None
973 
        <IfModule mod_rewrite.c>
 976 
        <IfModule mod_rewrite.c>
974 
                RewriteEngine On
 977 
                RewriteEngine On
975 
                RewriteCond %{REQUEST_FILENAME} !-f
 978 
                RewriteCond %{REQUEST_FILENAME} !-f
976 
                RewriteCond %{REQUEST_FILENAME} !-d
 979 
                RewriteCond %{REQUEST_FILENAME} !-d
977 
                RewriteRule ^api/(.*)$ backend/index.php?request=$1 [QSA,NC,L]
 980 
                RewriteRule ^api/(.*)$ backend/index.php?request=\$1 [QSA,NC,L]
978 
                RewriteRule ^$ frontend [L]
 981 
                RewriteRule ^$ frontend [L]
979 
        </IfModule>
 982 
        </IfModule>
980 
</Directory>
 983 
</Directory>
981 
<Directory $DIR_ACC/backup>
 984 
<Directory $DIR_ACC/backup>
982 
        SSLRequireSSL
 985 
        SSLRequireSSL
Line 1564... Line 1567...
1564 
EOF
 1567 
EOF
1565 
    [ -d /var/log/nfsen/profiles-data/live/alcasar_netflow ] || mkdir -p /var/log/nfsen/profiles-data/live/alcasar_netflow
 1568 
    [ -d /var/log/nfsen/profiles-data/live/alcasar_netflow ] || mkdir -p /var/log/nfsen/profiles-data/live/alcasar_netflow
1566 
    touch /var/log/nfsen/profiles-data/live/alcasar_netflow/.nfstat
 1569 
    touch /var/log/nfsen/profiles-data/live/alcasar_netflow/.nfstat
1567 
    chown -R nfcapd:nfcapd /var/log/nfsen
 1570 
    chown -R nfcapd:nfcapd /var/log/nfsen
1568 
# nfsen-ng
 1571 
# nfsen-ng
1569 
 
 - 
 
1570 
 
 - 
 
- 
 
 1572 
php /var/www/html/acc/manager/nfsen/backend/cli.php -f -p -ps import # initializing and populating the RDD database
1571 
 
 1573 
 
1572 
} # End of nfsen()
 1574 
} # End of nfsen()
1573 
 
 1575 
 
1574 
###########################################################
 1576 
###########################################################
1575 
##                       "vnstat"                        ##
 1577 
##                       "vnstat"                        ##