| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 3248 2025-02-08 14:09:43Z rexy $
|
2 |
# $Id: alcasar.sh 3252 2025-02-21 18:40:30Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
4 |
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
| 5 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
|
5 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
|
| 6 |
# contact : info@alcasar.net
|
6 |
# contact : info@alcasar.net
|
| 7 |
|
7 |
|
| Line 872... |
Line 872... |
| 872 |
echo "SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" >> /etc/httpd/conf/conf.d/ssl.conf # Define the cipher suite
|
872 |
echo "SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" >> /etc/httpd/conf/conf.d/ssl.conf # Define the cipher suite
|
| 873 |
echo "SSLHonorCipherOrder on" >> /etc/httpd/conf/conf.d/ssl.conf # The Browser must respect the order of the cipher suite
|
873 |
echo "SSLHonorCipherOrder on" >> /etc/httpd/conf/conf.d/ssl.conf # The Browser must respect the order of the cipher suite
|
| 874 |
echo "SSLPassPhraseDialog builtin" >> /etc/httpd/conf/conf.d/ssl.conf # in case of passphrase the dialog will be perform on stdin
|
874 |
echo "SSLPassPhraseDialog builtin" >> /etc/httpd/conf/conf.d/ssl.conf # in case of passphrase the dialog will be perform on stdin
|
| 875 |
echo "SSLSessionCache \"shmcb:/run/httpd/ssl_scache(512000)\"" >> /etc/httpd/conf/conf.d/ssl.conf # default cache size
|
875 |
echo "SSLSessionCache \"shmcb:/run/httpd/ssl_scache(512000)\"" >> /etc/httpd/conf/conf.d/ssl.conf # default cache size
|
| 876 |
echo "SSLSessionCacheTimeout 300" >> /etc/httpd/conf/conf.d/ssl.conf # default cache time in seconds
|
876 |
echo "SSLSessionCacheTimeout 300" >> /etc/httpd/conf/conf.d/ssl.conf # default cache time in seconds
|
| - |
|
877 |
[ -e /etc/httpd/conf/vhosts.d/00_default_ssl_vhost.conf.default ] || cp /etc/httpd/conf/vhosts.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts.d/00_default_ssl_vhost.conf.default
|
| - |
|
878 |
$SED "s?^ SSLCertificateFile.*? SSLCertificateFile /etc/pki/tls/certs/alcasar.crt?g" /etc/httpd/conf/vhosts.d/00_default_ssl_vhost.conf
|
| - |
|
879 |
$SED "s?^ SSLCertificateKeyFile.*? SSLCertificateKeyFile /etc/pki/tls/private/alcasar.key?g" /etc/httpd/conf/vhosts.d/00_default_ssl_vhost.conf
|
| 877 |
# Error page management
|
880 |
# Error page management
|
| 878 |
[ -e /etc/httpd/conf/conf.d/multilang-errordoc.conf.default ] || cp /etc/httpd/conf/conf.d/multilang-errordoc.conf /etc/httpd/conf/conf.d/multilang-errordoc.conf.default
|
881 |
[ -e /etc/httpd/conf/conf.d/multilang-errordoc.conf.default ] || cp /etc/httpd/conf/conf.d/multilang-errordoc.conf /etc/httpd/conf/conf.d/multilang-errordoc.conf.default
|
| 879 |
cat <<EOF > /etc/httpd/conf/conf.d/multilang-errordoc.conf
|
882 |
cat <<EOF > /etc/httpd/conf/conf.d/multilang-errordoc.conf
|
| 880 |
Alias /error/ "/var/www/html/"
|
883 |
Alias /error/ "/var/www/html/"
|
| 881 |
<Directory "/usr/share/httpd/error">
|
884 |
<Directory "/usr/share/httpd/error">
|
| Line 1027... |
Line 1030... |
| 1027 |
until [ -s $DIR_DEST_ETC/digest/key_admin ]
|
1030 |
until [ -s $DIR_DEST_ETC/digest/key_admin ]
|
| 1028 |
do
|
1031 |
do
|
| 1029 |
$DIR_DEST_BIN/alcasar-profil.sh --add admin
|
1032 |
$DIR_DEST_BIN/alcasar-profil.sh --add admin
|
| 1030 |
done
|
1033 |
done
|
| 1031 |
fi
|
1034 |
fi
|
| 1032 |
# Creation of ACC certs links
|
1035 |
# Link CAcerts in ACC
|
| 1033 |
[ -d /var/www/html/certs ] || mkdir /var/www/html/certs
|
1036 |
[ -d /var/www/html/certs ] || mkdir /var/www/html/certs
|
| 1034 |
ln -s /etc/pki/CA/alcasar-ca.crt /var/www/html/certs/certificat_alcasar_ca.crt
|
1037 |
ln -s /etc/pki/CA/alcasar-ca.crt /var/www/html/certs/certificat_alcasar_ca.crt
|
| 1035 |
# Run Apache after coova (in order waiting tun0 to be up)
|
1038 |
# Run Apache after coova (in order waiting tun0 to be up)
|
| 1036 |
cp /lib/systemd/system/httpd.service /etc/systemd/system/httpd.service
|
1039 |
cp /lib/systemd/system/httpd.service /etc/systemd/system/httpd.service
|
| 1037 |
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /etc/systemd/system/httpd.service
|
1040 |
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /etc/systemd/system/httpd.service
|