| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-conf.sh 2474 2017-12-30 02:00:04Z tom.houdayer $
|
2 |
# $Id: alcasar-conf.sh 2488 2018-02-25 14:53:54Z lucas.echard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-conf.sh
|
4 |
# alcasar-conf.sh
|
| 5 |
# by REXY
|
5 |
# by REXY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 123... |
Line 123... |
| 123 |
# Retrieve the security certificates (CA and server)
|
123 |
# Retrieve the security certificates (CA and server)
|
| 124 |
cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official
|
124 |
cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official
|
| 125 |
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
|
125 |
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
|
| 126 |
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
|
126 |
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
|
| 127 |
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
|
127 |
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
|
| - |
|
128 |
cat /etc/pki/tls/private/alcasar.key /etc/pki/tls/certs/alcasar.crt > /etc/pki/tls/private/alcasar.pem
|
| 128 |
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
|
129 |
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
|
| 129 |
chown -R root:apache /etc/pki
|
130 |
chown -R root:apache /etc/pki
|
| 130 |
chmod -R 750 /etc/pki
|
131 |
chmod -R 750 /etc/pki
|
| 131 |
# Import of the users database
|
132 |
# Import of the users database
|
| 132 |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS
|
133 |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS
|
| Line 250... |
Line 251... |
| 250 |
|
251 |
|
| 251 |
# Logout everybody
|
252 |
# Logout everybody
|
| 252 |
$DIR_BIN/alcasar-logout.sh all
|
253 |
$DIR_BIN/alcasar-logout.sh all
|
| 253 |
# Services stop
|
254 |
# Services stop
|
| 254 |
echo -n "Stop services : "
|
255 |
echo -n "Stop services : "
|
| 255 |
for i in ntpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist dnsmasq-blackhole chilli network
|
256 |
for i in ntpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist dnsmasq-blackhole chilli network lighttpd
|
| 256 |
do
|
257 |
do
|
| 257 |
/usr/bin/systemctl stop $i && echo -n "$i, "
|
258 |
/usr/bin/systemctl stop $i && echo -n "$i, "
|
| 258 |
done
|
259 |
done
|
| 259 |
/usr/bin/kill -s SIGSTOP $(pidof httpd)
|
- |
|
| 260 |
echo
|
260 |
echo
|
| 261 |
fi
|
261 |
fi
|
| 262 |
# EXTIF config
|
262 |
# EXTIF config
|
| 263 |
if [ $PUBLIC_IP_MASK == "dhcp" ]
|
263 |
if [ $PUBLIC_IP_MASK == "dhcp" ]
|
| 264 |
then
|
264 |
then
|
| Line 322... |
Line 322... |
| 322 |
$SED "s/^uamallowed.*/uamallowed\t${domainNames// /,}/g" /etc/chilli.conf
|
322 |
$SED "s/^uamallowed.*/uamallowed\t${domainNames// /,}/g" /etc/chilli.conf
|
| 323 |
$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
|
323 |
$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
|
| 324 |
[ `grep ^HTTPS_LOGIN= $CONF_FILE | cut -d'=' -f2` == "on" ] && chilli_login_protocol="https" || chilli_login_protocol="http"
|
324 |
[ `grep ^HTTPS_LOGIN= $CONF_FILE | cut -d'=' -f2` == "on" ] && chilli_login_protocol="https" || chilli_login_protocol="http"
|
| 325 |
$SED "s/^uamserver.*/uamserver\t$chilli_login_protocol:\/\/$HOSTNAME.$DOMAIN\/intercept.php/" /etc/chilli.conf
|
325 |
$SED "s/^uamserver.*/uamserver\t$chilli_login_protocol:\/\/$HOSTNAME.$DOMAIN\/intercept.php/" /etc/chilli.conf
|
| 326 |
$SED "s/^radiusnasid.*/radiusnasid\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
|
326 |
$SED "s/^radiusnasid.*/radiusnasid\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
|
| 327 |
# Set hostname in Apache
|
327 |
# Set hostname in Lighttpd
|
| 328 |
$SED "s/^ServerName.*/ServerName $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/httpd.conf
|
328 |
$SED "s?^server\.bind.*?server\.bind = \"$HOSTNAME.$DOMAIN\"?g" /etc/lighttpd/lighttpd.conf
|
| 329 |
$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$HOSTNAME.$DOMAIN\//g" /etc/httpd/conf/webapps.d/alcasar.conf
|
329 |
$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$HOSTNAME.$DOMAIN"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf
|
| 330 |
$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/webapps.d/alcasar.conf
|
330 |
$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$HOSTNAME.$DOMAIN\"/g" /etc/lighttpd/vhosts.d/alcasar.conf
|
| 331 |
$SED "s/^ ServerName.*/ ServerName $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default
|
- |
|
| 332 |
# Alcasar Control Center (ACC)
|
- |
|
| 333 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
|
- |
|
| 334 |
FIC_MOD_SSL=`find /etc/httpd/conf/ -type f -name ssl.conf`
|
- |
|
| 335 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL
|
- |
|
| 336 |
$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf
|
- |
|
| 337 |
# FreeRADIUS Web
|
331 |
# FreeRADIUS Web
|
| 338 |
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
|
332 |
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
|
| 339 |
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
|
333 |
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
|
| 340 |
# coova
|
334 |
# coova
|
| 341 |
$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf
|
335 |
$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf
|
| Line 382... |
Line 376... |
| 382 |
do
|
376 |
do
|
| 383 |
sleep 1
|
377 |
sleep 1
|
| 384 |
/usr/bin/systemctl start $i && echo -n ", $i"
|
378 |
/usr/bin/systemctl start $i && echo -n ", $i"
|
| 385 |
done
|
379 |
done
|
| 386 |
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", dnsmasq-blacklist, dnsmasq-whitelist, iptables"
|
380 |
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", dnsmasq-blacklist, dnsmasq-whitelist, iptables"
|
| 387 |
/usr/bin/kill -s SIGCONT $(pidof httpd)
|
- |
|
| 388 |
/usr/bin/systemctl reload httpd && echo -n ", httpd"
|
381 |
/usr/bin/systemctl restart lighttpd && echo -n ", lighttpd"
|
| 389 |
fi
|
382 |
fi
|
| 390 |
# Start / Stop SSH Daemon
|
383 |
# Start / Stop SSH Daemon
|
| 391 |
ssh_active=`grep ^SSH= $CONF_FILE|cut -d"=" -f2`
|
384 |
ssh_active=`grep ^SSH= $CONF_FILE|cut -d"=" -f2`
|
| 392 |
if [ $ssh_active = "on" ]
|
385 |
if [ $ssh_active = "on" ]
|
| 393 |
then
|
386 |
then
|