| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-conf.sh 3245 2025-01-29 22:39:35Z rexy $
|
2 |
# $Id: alcasar-conf.sh 3247 2025-02-02 23:22:02Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-conf.sh
|
4 |
# alcasar-conf.sh
|
| 5 |
# by REXY
|
5 |
# by REXY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 176... |
Line 176... |
| 176 |
[ -e $DIR_UPDATE/gammurc ] && cp -f $DIR_UPDATE/gammurc /etc/ # Gammu conf file
|
176 |
[ -e $DIR_UPDATE/gammurc ] && cp -f $DIR_UPDATE/gammurc /etc/ # Gammu conf file
|
| 177 |
[ -e $DIR_UPDATE/gammu_smsd_conf ] && cp -f $DIR_UPDATE/gammu_smsd_conf /etc/ # Gammu_smsd conf file
|
177 |
[ -e $DIR_UPDATE/gammu_smsd_conf ] && cp -f $DIR_UPDATE/gammu_smsd_conf /etc/ # Gammu_smsd conf file
|
| 178 |
# Retrieve BL/WL custom files
|
178 |
# Retrieve BL/WL custom files
|
| 179 |
for i in urlregexplist exceptionsitelist bannedurllist exceptionsiteiplist
|
179 |
for i in urlregexplist exceptionsitelist bannedurllist exceptionsiteiplist
|
| 180 |
do
|
180 |
do
|
| 181 |
cp -f $DIR_UPDATE/custom_bl/$i $DIR_E2G/group1/
|
181 |
[ -e $DIR_UPDATE/custom_bl/$i ] && cp -f $DIR_UPDATE/custom_bl/$i $DIR_E2G/group1/
|
| 182 |
done
|
182 |
done
|
| 183 |
cp -rf $DIR_UPDATE/custom_bl/ossi-* $DIR_BLACKLIST/ 2>/dev/null
|
183 |
cp -rf $DIR_UPDATE/custom_bl/ossi-* $DIR_BLACKLIST/ 2>/dev/null
|
| 184 |
chown -R e2guardian:apache $DIR_E2G
|
184 |
chown -R e2guardian:apache $DIR_E2G
|
| 185 |
chmod -R g+rw $DIR_E2G
|
185 |
chmod -R g+rw $DIR_E2G
|
| 186 |
# Adapt DNS/URL filtering
|
186 |
# Adapt DNS/URL filtering
|
| Line 206... |
Line 206... |
| 206 |
chown root:root /etc/pki/CA/private; chmod 700 /etc/pki/CA/private
|
206 |
chown root:root /etc/pki/CA/private; chmod 700 /etc/pki/CA/private
|
| 207 |
chmod 600 /etc/pki/CA/private/*
|
207 |
chmod 600 /etc/pki/CA/private/*
|
| 208 |
chown -R root:apache /etc/pki/tls/private; chmod 750 /etc/pki/tls/private
|
208 |
chown -R root:apache /etc/pki/tls/private; chmod 750 /etc/pki/tls/private
|
| 209 |
chmod 640 /etc/pki/tls/private/*
|
209 |
chmod 640 /etc/pki/tls/private/*
|
| 210 |
chmod 644 /etc/pki/tls/certs/*
|
210 |
chmod 644 /etc/pki/tls/certs/*
|
| 211 |
fi
|
211 |
fi
|
| - |
|
212 |
## alcasar-services become alcasar-custom-allowed-ports
|
| - |
|
213 |
[ -e $DIR_ETC/alcasar-services ] && mv $DIR_ETC/alcasar-services $DIR_ETC/alcasar-custom-allowed-ports
|
| 212 |
# Remove the update folder
|
214 |
# Remove the update folder
|
| 213 |
rm -rf $DIR_UPDATE
|
215 |
rm -rf $DIR_UPDATE
|
| 214 |
;;
|
216 |
;;
|
| 215 |
|
217 |
|
| 216 |
####################################################
|
218 |
####################################################
|
| Line 314... |
Line 316... |
| 314 |
for i in ntpd e2guardian unbound unbound-whitelist unbound-blacklist unbound-blackhole chilli network httpd
|
316 |
for i in ntpd e2guardian unbound unbound-whitelist unbound-blacklist unbound-blackhole chilli network httpd
|
| 315 |
do
|
317 |
do
|
| 316 |
/usr/bin/systemctl stop $i && echo -n "$i, "
|
318 |
/usr/bin/systemctl stop $i && echo -n "$i, "
|
| 317 |
done
|
319 |
done
|
| 318 |
echo
|
320 |
echo
|
| 319 |
fi
|
- |
|
| 320 |
# EXTIF config
|
321 |
# set network configuration
|
| 321 |
if [ $PUBLIC_IP_MASK == "dhcp" ]
|
- |
|
| 322 |
then
|
- |
|
| 323 |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
|
- |
|
| 324 |
DEVICE=$EXTIF
|
- |
|
| 325 |
BOOTPROTO=dhcp
|
- |
|
| 326 |
DNS1=127.0.0.1
|
- |
|
| 327 |
PEERDNS=no
|
- |
|
| 328 |
RESOLV_MODS=yes
|
- |
|
| 329 |
ONBOOT=yes
|
- |
|
| 330 |
METRIC=10
|
- |
|
| 331 |
MII_NOT_SUPPORTED=yes
|
- |
|
| 332 |
IPV6INIT=no
|
- |
|
| 333 |
IPV6TO4INIT=no
|
- |
|
| 334 |
ACCOUNTING=no
|
- |
|
| 335 |
USERCTL=no
|
- |
|
| 336 |
MTU=$MTU
|
- |
|
| 337 |
NOZEROCONF=yes
|
- |
|
| 338 |
EOF
|
- |
|
| 339 |
else # set the static configuration for EXTIF in multi-gw mode
|
- |
|
| 340 |
$DIR_BIN/alcasar-network.sh --apply
|
322 |
$DIR_BIN/alcasar-network.sh --apply
|
| 341 |
fi
|
323 |
fi
|
| 342 |
# INTIF config (for bypass mode only)
|
324 |
# INTIF config (for bypass mode only)
|
| 343 |
$SED "s?^IPADDR=.*?IPADDR=$PRIVATE_IP?" /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF
|
325 |
$SED "s?^IPADDR=.*?IPADDR=$PRIVATE_IP?" /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF
|
| 344 |
$SED "s?^NETMASK=.*?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF
|
326 |
$SED "s?^NETMASK=.*?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF
|
| Line 505... |
Line 487... |
| 505 |
done
|
487 |
done
|
| 506 |
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", unbound-blacklist, unbound-whitelist, e2guardian, iptables"
|
488 |
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", unbound-blacklist, unbound-whitelist, e2guardian, iptables"
|
| 507 |
/usr/bin/systemctl restart httpd && echo -n ", httpd"
|
489 |
/usr/bin/systemctl restart httpd && echo -n ", httpd"
|
| 508 |
fi
|
490 |
fi
|
| 509 |
# Email user registration
|
491 |
# Email user registration
|
| - |
|
492 |
export PARENT_SCRIPT # if "alcasar.sh" then avoid some process
|
| 510 |
$DIR_BIN/alcasar-mail-install.sh
|
493 |
$DIR_BIN/alcasar-mail-install.sh
|
| 511 |
# Start / Stop LDAP authentification
|
494 |
# Start / Stop LDAP authentification
|
| 512 |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
|
495 |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
|
| 513 |
then
|
496 |
then
|
| 514 |
LDAP_mode=`grep ^LDAP= $CONF_FILE|cut -d"=" -f2`
|
497 |
LDAP_mode=`grep ^LDAP= $CONF_FILE|cut -d"=" -f2`
|