| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-conf.sh 2824 2020-05-30 17:39:20Z rexy $
|
2 |
# $Id: alcasar-conf.sh 2825 2020-05-31 17:01:33Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-conf.sh
|
4 |
# alcasar-conf.sh
|
| 5 |
# by REXY
|
5 |
# by REXY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 82... |
Line 82... |
| 82 |
fi
|
82 |
fi
|
| 83 |
done
|
83 |
done
|
| 84 |
# backup conf files (main conf file, filtering, digest, etc.)
|
84 |
# backup conf files (main conf file, filtering, digest, etc.)
|
| 85 |
mkdir $DIR_UPDATE/etc/
|
85 |
mkdir $DIR_UPDATE/etc/
|
| 86 |
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
|
86 |
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
|
| - |
|
87 |
cp -f /etc/hosts $DIR_UPDATE/etc/
|
| 87 |
# backup of the security certificates (server & CA)
|
88 |
# backup of the security certificates (server & CA)
|
| 88 |
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE
|
89 |
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE
|
| 89 |
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE
|
90 |
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE
|
| 90 |
[ -e /etc/pki/tls/private/alcasar.pem ] && cp -f /etc/pki/tls/private/alcasar.pem $DIR_UPDATE # since V3.3
|
91 |
[ -e /etc/pki/tls/private/alcasar.pem ] && cp -f /etc/pki/tls/private/alcasar.pem $DIR_UPDATE # since V3.3
|
| 91 |
cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
|
92 |
cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
|
| Line 108... |
Line 109... |
| 108 |
# copy alcasar.conf parameters
|
109 |
# copy alcasar.conf parameters
|
| 109 |
PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2`
|
110 |
PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2`
|
| 110 |
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
|
111 |
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
|
| 111 |
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2`
|
112 |
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2`
|
| 112 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1`
|
113 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1`
|
| 113 |
for line in `cat $DIR_UPDATE/etc/alcasar.conf | grep "=" | grep -v "^#" | grep -v " "| grep -v "VERSION"`
|
114 |
for line in `cat $DIR_UPDATE/etc/alcasar.conf | grep "=" | grep -v "^#" | grep -v " "| grep -v "VERSION" |grep -v "INSTALL_DATE"|grep -v "PUBLIC"|grep -v "GW"|grep -v "DNS"|grep -v "SMS"`
|
| 114 |
do
|
115 |
do
|
| 115 |
key=`echo $line | cut -d"=" -f1`
|
116 |
key=`echo $line | cut -d"=" -f1`
|
| 116 |
key=$key=
|
117 |
key=$key=
|
| 117 |
value=`echo $line|cut -d"=" -f2-`
|
118 |
value=`echo $line|cut -d"=" -f2-`
|
| 118 |
if [ "$value" != "" ]
|
119 |
if [ "$value" != "" ]
|
| 119 |
then
|
120 |
then
|
| 120 |
echo "key = $key ; value = $value"
|
- |
|
| 121 |
sed -i "s?^$key.*?$key$value?g" /usr/local/etc/alcasar.conf
|
121 |
sed -i "s?^$key.*?$key$value?g" /usr/local/etc/alcasar.conf
|
| 122 |
fi
|
122 |
fi
|
| 123 |
done
|
123 |
done
|
| 124 |
## lighttpd need a .pem certificate (aggregation with private key & server crt)
|
124 |
## lighttpd need a .pem certificate (aggregation with private key & server crt)
|
| 125 |
[ ! -f $DIR_UPDATE/alcasar.pem ] && (cat $DIR_UPDATE/alcasar.key; echo; cat $DIR_UPDATE/alcasar.crt) > $DIR_UPDATE/alcasar.pem
|
125 |
[ ! -f $DIR_UPDATE/alcasar.pem ] && (cat $DIR_UPDATE/alcasar.key; echo; cat $DIR_UPDATE/alcasar.crt) > $DIR_UPDATE/alcasar.pem
|
| Line 131... |
Line 131... |
| 131 |
cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/
|
131 |
cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/
|
| 132 |
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
|
132 |
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
|
| 133 |
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
|
133 |
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
|
| 134 |
cp -f $DIR_UPDATE/alcasar.pem /etc/pki/tls/private/
|
134 |
cp -f $DIR_UPDATE/alcasar.pem /etc/pki/tls/private/
|
| 135 |
[ -e $DIR_UPDATE/server-chain.pem ] && cp -f $DIR_UPDATE/server-chain.pem /etc/pki/tls/certs/ # autosigned and official if exist
|
135 |
[ -e $DIR_UPDATE/server-chain.pem ] && cp -f $DIR_UPDATE/server-chain.pem /etc/pki/tls/certs/ # autosigned and official if exist
|
| - |
|
136 |
chmod 755 /etc/pki/
|
| 136 |
chown root:apache /etc/pki/CA; chmod 750 /etc/pki/CA
|
137 |
chown root:apache /etc/pki/CA; chmod 750 /etc/pki/CA
|
| 137 |
chmod 640 /etc/pki/CA/*
|
138 |
chown root:apache /etc/pki/CA/alcasar-ca.crt; chmod 640 /etc/pki/CA/alcasar-ca.crt
|
| 138 |
chown root:root /etc/pki/CA/private; chmod 700 /etc/pki/CA/private
|
139 |
chown root:root /etc/pki/CA/private; chmod 700 /etc/pki/CA/private
|
| 139 |
chmod 600 /etc/pki/CA/private/*
|
140 |
chmod 600 /etc/pki/CA/private/*
|
| 140 |
chown -R root:apache /etc/pki/tls/private; chmod 750 /etc/pki/tls/private
|
141 |
chown -R root:apache /etc/pki/tls/private; chmod 750 /etc/pki/tls/private
|
| 141 |
chmod 640 /etc/pki/tls/private/*
|
142 |
chmod 640 /etc/pki/tls/private/*
|
| - |
|
143 |
chmod 644 /etc/pki/tls/certs/* # "freshclam" need to access to that bundle
|
| 142 |
# Import of the users database
|
144 |
# Import of the users database
|
| 143 |
$DIR_BIN/alcasar-mysql.sh --import "$(ls $DIR_UPDATE/alcasar-users-database*)"
|
145 |
$DIR_BIN/alcasar-mysql.sh --import "$(ls $DIR_UPDATE/alcasar-users-database*)"
|
| 144 |
# Retrieve local parameters
|
146 |
# Retrieve local parameters
|
| 145 |
#TODO cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
|
147 |
[ -d $DIR_UPDATE/etc/digest ] && cp -rf $DIR_UPDATE/etc/digest $DIR_ETC/ # ACC accounts
|
| - |
|
148 |
[ -e $DIR_UPDATE/etc/alcasar-iptables-local.sh ] && cp -f $DIR_UPDATE/etc/alcasar-iptables-local.sh $DIR_ETC/ # local FW rules
|
| - |
|
149 |
[ -e $DIR_UPDATE/etc/alcasar-iptables-local-mac-filtered ] && cp -f $DIR_UPDATE/etc/alcasar-iptables-local-mac-filtered $DIR_ETC/ # blocked MAC addresses
|
| - |
|
150 |
[ -e $DIR_UPDATE/etc/alcasar-uamdomain ] && cp -f $DIR_UPDATE/etc/alcasar-uamdomain $DIR_ETC/ # exception domain names
|
| - |
|
151 |
[ -e $DIR_UPDATE/etc/alcasar-uamallowed ] && cp -f $DIR_UPDATE/etc/alcasar-uamallowed $DIR_ETC/ # exception IP_addresses or network_IP_addresses
|
| - |
|
152 |
[ -e $DIR_UPDATE/etc/alcasar-ethers ] && cp -f $DIR_UPDATE/etc/alcasar-ethers $DIR_ETC/ # DHCP static hosts
|
| - |
|
153 |
[ -e $DIR_UPDATE/etc/alcasar-ethers-info ] && cp -f $DIR_UPDATE/etc/alcasar-ethers-info $DIR_ETC/ # DHCP static hosts information
|
| - |
|
154 |
[ -e $DIR_UPDATE/etc/hosts ] && cp -f $DIR_UPDATE/etc/hosts /etc/ && $DIR_BIN/alcasar-dns-local.sh -hosts_to_unbound # local hosts name
|
| 146 |
# Retrieve BL/WL custom files
|
155 |
# Retrieve BL/WL custom files
|
| 147 |
cp -f $DIR_UPDATE/custom_bl/exceptioniplist $DIR_E2G/
|
156 |
cp -f $DIR_UPDATE/custom_bl/exceptioniplist $DIR_E2G/
|
| 148 |
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist $DIR_E2G/
|
157 |
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist $DIR_E2G/
|
| 149 |
cp -f $DIR_UPDATE/custom_bl/urlregexplist $DIR_E2G/
|
158 |
cp -f $DIR_UPDATE/custom_bl/urlregexplist $DIR_E2G/
|
| 150 |
cp -f $DIR_UPDATE/custom_bl/bannedsitelist $DIR_E2G/
|
159 |
cp -f $DIR_UPDATE/custom_bl/bannedsitelist $DIR_E2G/
|