| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-conf.sh 2813 2020-04-26 21:26:32Z rexy $
|
2 |
# $Id: alcasar-conf.sh 2824 2020-05-30 17:39:20Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-conf.sh
|
4 |
# alcasar-conf.sh
|
| 5 |
# by REXY
|
5 |
# by REXY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 65... |
Line 65... |
| 65 |
[ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE
|
65 |
[ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE
|
| 66 |
mkdir $DIR_UPDATE
|
66 |
mkdir $DIR_UPDATE
|
| 67 |
# backup the users database (test to delete in future version)
|
67 |
# backup the users database (test to delete in future version)
|
| 68 |
$DIR_BIN/alcasar-mysql.sh --dump
|
68 |
$DIR_BIN/alcasar-mysql.sh --dump
|
| 69 |
cp /var/Save/base/"$(ls -1t /var/Save/base|head -1)" $DIR_UPDATE
|
69 |
cp /var/Save/base/"$(ls -1t /var/Save/base|head -1)" $DIR_UPDATE
|
| 70 |
# backup the logo
|
70 |
# backup organism logo
|
| 71 |
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
|
71 |
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
|
| 72 |
# backup BL/WL custom files
|
72 |
# backup BL/WL custom files
|
| 73 |
mkdir $DIR_UPDATE/custom_bl
|
73 |
mkdir $DIR_UPDATE/custom_bl
|
| 74 |
for i in exceptioniplist urlregexplist exceptionsitelist bannedsitelist exceptionurllist bannedurllist
|
74 |
for i in exceptioniplist urlregexplist exceptionsitelist bannedsitelist exceptionurllist bannedurllist
|
| 75 |
do
|
75 |
do
|
| Line 79... |
Line 79... |
| 79 |
else
|
79 |
else
|
| 80 |
cp $DIR_E2G/$i $DIR_UPDATE/custom_bl/ # since V3.3
|
80 |
cp $DIR_E2G/$i $DIR_UPDATE/custom_bl/ # since V3.3
|
| 81 |
cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
|
81 |
cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
|
| 82 |
fi
|
82 |
fi
|
| 83 |
done
|
83 |
done
|
| 84 |
# backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.)
|
84 |
# backup conf files (main conf file, filtering, digest, etc.)
|
| 85 |
mkdir $DIR_UPDATE/etc/
|
85 |
mkdir $DIR_UPDATE/etc/
|
| 86 |
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
|
86 |
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
|
| 87 |
cp /etc/hosts $DIR_UPDATE/etc/
|
- |
|
| 88 |
# backup of the security certificates (server & CA)
|
87 |
# backup of the security certificates (server & CA)
|
| 89 |
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE
|
88 |
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE
|
| 90 |
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE
|
89 |
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE
|
| 91 |
[ -e /etc/pki/tls/private/alcasar.pem ] && cp -f /etc/pki/tls/private/alcasar.pem $DIR_UPDATE # since V3.3
|
90 |
[ -e /etc/pki/tls/private/alcasar.pem ] && cp -f /etc/pki/tls/private/alcasar.pem $DIR_UPDATE # since V3.3
|
| 92 |
cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
|
91 |
cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
|
| Line 94... |
Line 93... |
| 94 |
if [ -e /etc/pki/tls/certs/server-chain.pem ]; then
|
93 |
if [ -e /etc/pki/tls/certs/server-chain.pem ]; then
|
| 95 |
cp -f /etc/pki/tls/certs/server-chain.pem $DIR_UPDATE # autosigned and official if exist
|
94 |
cp -f /etc/pki/tls/certs/server-chain.pem $DIR_UPDATE # autosigned and official if exist
|
| 96 |
else
|
95 |
else
|
| 97 |
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.pem
|
96 |
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.pem
|
| 98 |
fi
|
97 |
fi
|
| 99 |
# pureip & safesearch status
|
- |
|
| 100 |
[ -d /etc/dansguardian ] && dg_path=/etc/dansguardian || dg_path=/etc/e2guardian
|
- |
|
| 101 |
|
- |
|
| 102 |
if ! grep -Eq '^WL_SAFESEARCH=' $DIR_UPDATE/etc/alcasar.conf; then
|
- |
|
| 103 |
if [ -f /etc/dnsmasq-whitelist.conf ] && grep -iq "SafeSearch" /etc/dnsmasq-whitelist.conf; then
|
- |
|
| 104 |
echo 'WL_SAFESEARCH=on' >> $DIR_UPDATE/etc/alcasar.conf
|
- |
|
| 105 |
else
|
- |
|
| 106 |
echo 'WL_SAFESEARCH=off' >> $DIR_UPDATE/etc/alcasar.conf
|
- |
|
| 107 |
fi
|
- |
|
| 108 |
fi
|
- |
|
| 109 |
|
- |
|
| 110 |
if ! grep -Eq '^BL_SAFESEARCH=' $DIR_UPDATE/etc/alcasar.conf; then
|
- |
|
| 111 |
if [ -f /etc/dnsmasq-blacklist.conf ] && grep -iq "SafeSearch" /etc/dnsmasq-blacklist.conf; then
|
- |
|
| 112 |
echo 'BL_SAFESEARCH=on' >> $DIR_UPDATE/etc/alcasar.conf
|
- |
|
| 113 |
else
|
- |
|
| 114 |
echo 'BL_SAFESEARCH=off' >> $DIR_UPDATE/etc/alcasar.conf
|
- |
|
| 115 |
fi
|
- |
|
| 116 |
fi
|
- |
|
| 117 |
|
- |
|
| 118 |
if ! grep -Eq '^BL_PUREIP=' $DIR_UPDATE/etc/alcasar.conf; then
|
- |
|
| 119 |
if grep -Eq "^\*ip" $dg_path/lists/bannedsitelist; then
|
- |
|
| 120 |
echo 'BL_PUREIP=on' >> $DIR_UPDATE/etc/alcasar.conf
|
- |
|
| 121 |
else
|
- |
|
| 122 |
echo 'BL_PUREIP=off' >> $DIR_UPDATE/etc/alcasar.conf
|
- |
|
| 123 |
fi
|
- |
|
| 124 |
fi
|
- |
|
| 125 |
|
- |
|
| 126 |
# archive file creation
|
98 |
# archive file creation
|
| 127 |
cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
|
99 |
cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
|
| 128 |
tar -cf alcasar-conf.tar conf/
|
100 |
tar -cf alcasar-conf.tar conf/
|
| 129 |
gzip -f alcasar-conf.tar
|
101 |
gzip -f alcasar-conf.tar
|
| 130 |
rm -rf $DIR_UPDATE
|
102 |
rm -rf $DIR_UPDATE
|
| 131 |
;;
|
103 |
;;
|
| 132 |
|
104 |
|
| 133 |
--load|-load)
|
105 |
--load|-load)
|
| 134 |
cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
|
106 |
cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
|
| 135 |
tar -xf alcasar-conf*.tar.gz
|
107 |
tar -xf alcasar-conf*.tar.gz
|
| 136 |
######################### modifications between versions #######################
|
- |
|
| 137 |
# Retrieve the previous version
|
108 |
# copy alcasar.conf parameters
|
| 138 |
PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2`
|
109 |
PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2`
|
| 139 |
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
|
110 |
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
|
| 140 |
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2`
|
111 |
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2`
|
| 141 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1`
|
112 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1`
|
| 142 |
## From 3.2.0 & 3.2.1 ##
|
- |
|
| 143 |
## rewrite /etc/hosts file managing hostname resolution
|
- |
|
| 144 |
PRIVATE_IP=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2|cut -d"/" -f1`
|
- |
|
| 145 |
HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2-`
|
- |
|
| 146 |
domainNames="$HOSTNAME $HOSTNAME.$DOMAIN"
|
- |
|
| 147 |
[ "$HOSTNAME" != 'alcasar' ] && domainNames="alcasar $domainNames"
|
- |
|
| 148 |
if [ "$(grep -c "$PRIVATE_IP\s$domainNames" $DIR_UPDATE/etc/hosts )" -eq 0 ]; then
|
113 |
for line in `cat $DIR_UPDATE/etc/alcasar.conf | grep "=" | grep -v "^#" | grep -v " "| grep -v "VERSION"`
|
| 149 |
cat << EOF > $DIR_UPDATE/etc/hosts
|
- |
|
| 150 |
127.0.0.1 localhost
|
- |
|
| 151 |
$PRIVATE_IP $domainNames
|
- |
|
| 152 |
EOF
|
- |
|
| 153 |
fi
|
114 |
do
|
| 154 |
## apache & dansguardian are replaced with lighttpd & EĀ²guardian
|
- |
|
| 155 |
if [ "$(rpm -qa | grep '^\(apache\|apache-mod_php\|apache-mod_ssl\|dansguardian\)-' | wc -l)" -ne 0 ]; then
|
- |
|
| 156 |
rm_rpm="apache apache-mod_php apache-mod_ssl dansguardian"
|
- |
|
| 157 |
/usr/sbin/urpme --auto -a $rm_rpm 2>/dev/null
|
- |
|
| 158 |
/usr/sbin/urpme --auto --auto-orphans
|
115 |
key=`echo $line | cut -d"=" -f1`
|
| 159 |
rm -rf /etc/httpd/ /var/log/httpd/ /var/dansguardian/ /etc/dansguardian/
|
- |
|
| 160 |
fi
|
116 |
key=$key=
|
| 161 |
## lighttpd need a .pem certificate (aggregation with private key & server crt)
|
- |
|
| 162 |
[ ! -f $DIR_UPDATE/alcasar.pem ] && (cat $DIR_UPDATE/alcasar.key; echo; cat $DIR_UPDATE/alcasar.crt) > $DIR_UPDATE/alcasar.pem
|
- |
|
| 163 |
## From 3.3.0 ##
|
- |
|
| 164 |
# add "SMS=off" in conf file
|
117 |
value=`echo $line|cut -d"=" -f2-`
|
| 165 |
if [ "$(grep -c '^SMS=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
|
- |
|
| 166 |
echo "SMS=off" >> $DIR_UPDATE/etc/alcasar.conf
|
118 |
if [ "$value" != "" ]
|
| 167 |
fi
|
119 |
then
|
| 168 |
if [ "$(grep -c '^SMS_NUM=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
|
120 |
echo "key = $key ; value = $value"
|
| 169 |
echo "SMS_NUM=" >> $DIR_UPDATE/etc/alcasar.conf
|
121 |
sed -i "s?^$key.*?$key$value?g" /usr/local/etc/alcasar.conf
|
| 170 |
fi
|
122 |
fi
|
| 171 |
## From 3.4.0 ##
|
- |
|
| 172 |
# Fix subdomain dot position (.domain.org to domain.org.) for Unbound
|
- |
|
| 173 |
for file in $DIR_E2G/exceptionsitelist $DIR_BLACKLIST/ossi-bl*/domains $DIR_BLACKLIST/ossi-wl*/domains; do
|
- |
|
| 174 |
[ -f $file ] && $SED "s/^\.\(.*\)$/\1./g" $file
|
- |
|
| 175 |
done
|
123 |
done
|
| 176 |
# Add LDAPS parameters to config file
|
- |
|
| 177 |
if [ "$(grep -c '^LDAP_SSL=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
|
- |
|
| 178 |
echo "LDAP_SSL=on" >> $DIR_UPDATE/etc/alcasar.conf
|
- |
|
| 179 |
fi
|
- |
|
| 180 |
if [ "$(grep -c '^LDAP_CERT_REQUIRED=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
|
- |
|
| 181 |
echo "LDAP_CERT_REQUIRED=" >> $DIR_UPDATE/etc/alcasar.conf
|
- |
|
| 182 |
fi
|
- |
|
| 183 |
# remove DNSMASQ primary service (keep only one instance for whitelist on port 55)
|
124 |
## lighttpd need a .pem certificate (aggregation with private key & server crt)
|
| 184 |
[ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf
|
- |
|
| 185 |
[ -e /lib/systemd/system/dnsmasq.service.default ] && rm /lib/systemd/system/dnsmasq.service.default
|
125 |
[ ! -f $DIR_UPDATE/alcasar.pem ] && (cat $DIR_UPDATE/alcasar.key; echo; cat $DIR_UPDATE/alcasar.crt) > $DIR_UPDATE/alcasar.pem
|
| 186 |
[ -e /lib/systemd/system/dnsmasq.service ] && rm /lib/systemd/system/dnsmasq.service
|
- |
|
| 187 |
###################### End of modifications between versions #######################
|
- |
|
| 188 |
# Retrieve the logo
|
126 |
# Retrieve organism logo
|
| 189 |
[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
|
127 |
[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
|
| 190 |
chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
|
128 |
chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
|
| 191 |
# Retrieve the security certificates (CA and server)
|
129 |
# Retrieve the security certificates (CA and server)
|
| 192 |
cp -f $DIR_UPDATE/alcasar-ca.crt /etc/pki/CA/
|
130 |
cp -f $DIR_UPDATE/alcasar-ca.crt /etc/pki/CA/
|
| 193 |
cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/
|
131 |
cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/
|
| Line 202... |
Line 140... |
| 202 |
chown -R root:apache /etc/pki/tls/private; chmod 750 /etc/pki/tls/private
|
140 |
chown -R root:apache /etc/pki/tls/private; chmod 750 /etc/pki/tls/private
|
| 203 |
chmod 640 /etc/pki/tls/private/*
|
141 |
chmod 640 /etc/pki/tls/private/*
|
| 204 |
# Import of the users database
|
142 |
# Import of the users database
|
| 205 |
$DIR_BIN/alcasar-mysql.sh --import "$(ls $DIR_UPDATE/alcasar-users-database*)"
|
143 |
$DIR_BIN/alcasar-mysql.sh --import "$(ls $DIR_UPDATE/alcasar-users-database*)"
|
| 206 |
# Retrieve local parameters
|
144 |
# Retrieve local parameters
|
| 207 |
cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
|
145 |
#TODO cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
|
| 208 |
mv -f $DIR_UPDATE/etc/hosts /etc/hosts
|
- |
|
| 209 |
chmod 755 /etc/hosts
|
- |
|
| 210 |
# Retrieve BL/WL custom files
|
146 |
# Retrieve BL/WL custom files
|
| 211 |
cp -f $DIR_UPDATE/custom_bl/exceptioniplist $DIR_E2G/
|
147 |
cp -f $DIR_UPDATE/custom_bl/exceptioniplist $DIR_E2G/
|
| 212 |
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist $DIR_E2G/
|
148 |
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist $DIR_E2G/
|
| 213 |
cp -f $DIR_UPDATE/custom_bl/urlregexplist $DIR_E2G/
|
149 |
cp -f $DIR_UPDATE/custom_bl/urlregexplist $DIR_E2G/
|
| 214 |
cp -f $DIR_UPDATE/custom_bl/bannedsitelist $DIR_E2G/
|
150 |
cp -f $DIR_UPDATE/custom_bl/bannedsitelist $DIR_E2G/
|