WebSVN – ALCASAR – Diff – /alcasar.sh



#!/bin/bash
#  $Id: alcasar.sh 806 2012-02-05 22:19:41Z richard $ 
 
# alcasar.sh
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
 
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
# ALCASAR est architecturé autour d'une distribution Linux Mandriva minimaliste et les logiciels libres suivants :
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
# ALCASAR is based on a stripped Mandriva (LSB) with the following open source softwares :
#
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav  and firewalleyes
 
# Options :
#       -i or --install
#       -u or --uninstall
 

Lang=`echo $LANG|cut -c 1-2`
# ******* Files parameters - paramètres fichiers *********
DIR_INSTALL=`pwd`				# répertoire d'installation
DIR_CONF="$DIR_INSTALL/conf"			# répertoire d'installation contenant les fichiers de configuration
DIR_SCRIPTS="$DIR_INSTALL/scripts"		# répertoire d'installation contenant les scripts
DIR_SAVE="/var/Save"				# répertoire de sauvegarde (system_backup, user_db_backup, logs)
DIR_WEB="/var/www/html"				# répertoire racine APACHE
DIR_DG="/etc/dansguardian"			# répertoire de config de DansGuardian
DIR_ACC="$DIR_WEB/acc"				# répertoire du centre de gestion 'ALCASAR Control Center'
DIR_DEST_BIN="/usr/local/bin"			# répertoire des scripts
DIR_DEST_SBIN="/usr/local/sbin"			# répertoire des scripts d'admin

	secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`	# secret partagé entre coova-chilli et FreeRadius
	echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE
	echo "$secretradius" >> $PASSWD_FILE
	chmod 640 $PASSWD_FILE
# On installe les scripts et fichiers de configuration d'ALCASAR 
#  - dans /usr/local/bin :  alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log-clean.sh,log-export.sh,watchdog.sh}
	cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
#  - dans /usr/local/sbin :  alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
	cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
#  - des fichiers de conf dans /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,ethers,iptables-local.sh,services}
	cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*

	$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
	$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php
	$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php
	chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
	chown -R apache:apache $DIR_WEB/*
	for i in system_backup base logs/firewall logs/httpd logs/squid ;
	do
		[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
	done
	chown -R root:apache $DIR_SAVE
# Configuration et sécurisation php

	$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf
	$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/httpd.conf
	$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
	$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
	$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
 
	$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
	$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
	FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
	$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF
	$SED "s?background-color.*?background-color: #EFEFEF; }?g" /var/www/error/include/top.html

Subversion Repositories ALCASAR

(root)/alcasar.sh – Rev 801 → 806

Rev 801		Rev 806
Line 1...		Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar.sh 801 2012-02-02 21:05:57Z richard $`	2	`# $Id: alcasar.sh 806 2012-02-05 22:19:41Z richard $`
3		3
4	`# alcasar.sh`	4	`# alcasar.sh`
5	`# by Franck BOUIJOUX, Pascal LEVANT and Richard REY`	5	`# by Franck BOUIJOUX, Pascal LEVANT and Richard REY`
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7		7
8	`# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)`	8	`# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)`
9	`# ALCASAR est architecturé autour d'une distribution Linux Mandriva minimaliste et les logiciels libres suivants :`	9	`# ALCASAR est architecturé autour d'une distribution Linux Mandriva minimaliste et les logiciels libres suivants :`
10	`# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)`	10	`# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)`
11	`# ALCASAR is based on a stripped Mandriva (LSB) with the following open source softwares :`	11	`# ALCASAR is based on a stripped Mandriva (LSB) with the following open source softwares :`
12	`#`	12	`#`
13	`# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, mondo, mindi, awstat, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes`	13	`# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes`
14		14
15	`# Options :`	15	`# Options :`
16	`# -i or --install`	16	`# -i or --install`
17	`# -u or --uninstall`	17	`# -u or --uninstall`
18		18
Line 41...		Line 41...
41	Lang=`echo $LANG\|cut -c 1-2`	41	Lang=`echo $LANG\|cut -c 1-2`
42	`# ***** Files parameters - paramètres fichiers *******`	42	`# ***** Files parameters - paramètres fichiers *******`
43	DIR_INSTALL=`pwd` # répertoire d'installation	43	DIR_INSTALL=`pwd` # répertoire d'installation
44	`DIR_CONF="$DIR_INSTALL/conf" # répertoire d'installation contenant les fichiers de configuration`	44	`DIR_CONF="$DIR_INSTALL/conf" # répertoire d'installation contenant les fichiers de configuration`
45	`DIR_SCRIPTS="$DIR_INSTALL/scripts" # répertoire d'installation contenant les scripts`	45	`DIR_SCRIPTS="$DIR_INSTALL/scripts" # répertoire d'installation contenant les scripts`
46	`DIR_SAVE="/var/Save" # répertoire de sauvegarde (ISO, backup, etc.)`	46	`DIR_SAVE="/var/Save" # répertoire de sauvegarde (system_backup, user_db_backup, logs)`
47	`DIR_WEB="/var/www/html" # répertoire racine APACHE`	47	`DIR_WEB="/var/www/html" # répertoire racine APACHE`
48	`DIR_DG="/etc/dansguardian" # répertoire de config de DansGuardian`	48	`DIR_DG="/etc/dansguardian" # répertoire de config de DansGuardian`
49	`DIR_ACC="$DIR_WEB/acc" # répertoire du centre de gestion 'ALCASAR Control Center'`	49	`DIR_ACC="$DIR_WEB/acc" # répertoire du centre de gestion 'ALCASAR Control Center'`
50	`DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts`	50	`DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts`
51	`DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin`	51	`DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin`
Line 252...		Line 252...
252	secretradius=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8` # secret partagé entre coova-chilli et FreeRadius	252	secretradius=`cat /dev/urandom \| tr -dc [:alnum:] \| head -c8` # secret partagé entre coova-chilli et FreeRadius
253	`echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE`	253	`echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE`
254	`echo "$secretradius" >> $PASSWD_FILE`	254	`echo "$secretradius" >> $PASSWD_FILE`
255	`chmod 640 $PASSWD_FILE`	255	`chmod 640 $PASSWD_FILE`
256	`# On installe les scripts et fichiers de configuration d'ALCASAR`	256	`# On installe les scripts et fichiers de configuration d'ALCASAR`
257	`# - dans /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log-clean.sh,log-export.sh,mondo.sh,watchdog.sh}`	257	`# - dans /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log-clean.sh,log-export.sh,watchdog.sh}`
258	`cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*`	258	`cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*`
259	`# - dans /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}`	259	`# - dans /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}`
260	`cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*`	260	`cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*`
261	`# - des fichiers de conf dans /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,ethers,iptables-local.sh,services}`	261	`# - des fichiers de conf dans /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,ethers,iptables-local.sh,services}`
262	`cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*`	262	`cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*`
Line 476...		Line 476...
476	`$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`	476	`$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`
477	`$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`	477	`$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php`
478	`$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php`	478	`$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php`
479	`chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php`	479	`chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php`
480	`chown -R apache:apache $DIR_WEB/*`	480	`chown -R apache:apache $DIR_WEB/*`
481	`for i in ISO base logs/firewall logs/httpd logs/squid ;`	481	`for i in system_backup base logs/firewall logs/httpd logs/squid ;`
482	`do`	482	`do`
483	`[ -d $DIR_SAVE/$i ] \|\| mkdir -p $DIR_SAVE/$i`	483	`[ -d $DIR_SAVE/$i ] \|\| mkdir -p $DIR_SAVE/$i`
484	`done`	484	`done`
485	`chown -R root:apache $DIR_SAVE`	485	`chown -R root:apache $DIR_SAVE`
486	`# Configuration et sécurisation php`	486	`# Configuration et sécurisation php`
Line 501...		Line 501...
501	`$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf`	501	`$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf`
502	`$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/httpd.conf`	502	`$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/httpd.conf`
503	`$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf`	503	`$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf`
504	`$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf`	504	`$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf`
505	`$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf`	505	`$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf`
506	`$SED "s?^LoadModule cgi_module.*?#LoadModule cgi_module modules/mod_cgi.so?g" /etc/httpd/conf/httpd.conf`	-
507	`$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf`	506	`$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf`
508	`$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf`	507	`$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf`
509	FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`	508	FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
510	`$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF`	509	`$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF`
511	`$SED "s?background-color.*?background-color: #EFEFEF; }?g" /var/www/error/include/top.html`	510	`$SED "s?background-color.*?background-color: #EFEFEF; }?g" /var/www/error/include/top.html`