WebSVN – ALCASAR – Diff – /scripts/alcasar-conf.sh

 #/bin/sh
-# $Id: alcasar-conf.sh 632 2011-06-12 17:48:40Z richard $
+# $Id: alcasar-conf.sh 634 2011-06-13 17:23:46Z richard $
 # $Author: richard $
 # by rexy
 # Ce script permet de créer ou de charger l'archive des fichiers de configuration (/tmp/alcasar-conf.tar.gz)
 DIR_UPDATE="/tmp/conf"				# répertoire de stockage des fichier de conf pour une mise à jour
 DIR_WEB="/var/www/html"				# répertoire du centre de gestion
 		echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
 		echo "DNS1=$DNS1" >> $CONF_FILE
 		echo "DNS2=$DNS2" >> $CONF_FILE
 		echo "PRIVATE_IP=$PRIVATE_IP/$PRIVATE_PREFIX" >> $CONF_FILE
 		echo "DHCP=on" >> $CONF_FILE
-		echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $CONF_FILE
-		echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $CONF_FILE
 		if [ -r /var/run/sshd.pid ]; then
 			echo "SSH=on" >> $CONF_FILE
 		else
 			echo "SSH=off" >> $CONF_FILE
 		fi
 		[ -e $DIR_UPDATE/exceptionurllist ] && cp -f $DIR_UPDATE/exceptionurllist /etc/dansguardian/lists/
 		[ -e $DIR_UPDATE/bannedurllist ] && cp -f $DIR_UPDATE/bannedurllist /etc/dansguardian/lists/
 		[ -d $DIR_UPDATE/ossi ] && cp -rf $DIR_UPDATE/ossi /etc/dansguardian/lists/blacklists/
 		chown -R dansguardian:apache /etc/dansguardian/lists
 		chmod -R g+rw /etc/dansguardian/lists
-# On active/désactive la BL
+# Start / Stop DNS/URL filtering
-		$DIR_SBIN/alcasar-bl.sh -conf
+		$DIR_SBIN/alcasar-bl.sh
 # Prise en compte des comptes de gestion (admin + manager + backup)
 		$DIR_SBIN/alcasar-profil.sh --list
+# Start / Stop SSH Daemon
+		ssh_active=`grep SSH $CONF_FILE|cut -d"=" -f2`
+		if [ $ssh_active = "on" ]
+		then
+			/sbin/chkconfig --add sshd
+		else
+			/sbin/chkconfig --del sshd
+		fi
+# Start / Stop network filtering
+		$DIR_BIN/alcasar-iptables.sh
 # Effacement du répertoire d'update
 		rm -rf $DIR_UPDATE
 		;;
 	--apply|-apply)
 		PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/[012]?[0-9]\b"
 		PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`
 		private_network_calc
 		VERSION=`grep VERSION $CONF_FILE|cut -d"=" -f2`
 		INSTALL_DATE=`grep INSTALL_DATE $CONF_FILE|cut -d"=" -f2`
 		ORGANISME=`grep ORGANISM $CONF_FILE|cut -d"=" -f2`
+# Logout everybody
+		$DIR_SBIN/alcasar-logout.sh all
+# Services stop
+		for i in squid ntpd chilli httpd sshd network
+		do
+			[ -e /etc/init.d/$i ] && /etc/init.d/$i stop && killall $i 2>/dev/null
+		done
 # /etc/hosts
 		cat <<EOF > /etc/hosts
 .0.0.1	localhost
 $PRIVATE_IP	$HOSTNAME
 ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
 sshd: ALL
 ntpd: $PRIVATE_NETWORK_SHORT
 EOF
 # Alcasar Control Center
-echo "$VERSION du $INSTALL_DATE" > /var/www/html/VERSION; chown apache:apache /var/www/html/VERSION
+		echo "$VERSION du $INSTALL_DATE" > /var/www/html/VERSION; chown apache:apache /var/www/html/VERSION
-$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
+		$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
-FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
+		FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
-$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL
+		$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL
-$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf
+		$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf
 # Dialup_Admin
-$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
+		$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
-$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
+		$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
 # coova
-$SED "s?ifconfig.*?ifconfig \$HS_LANIF $PRIVATE_IP?g" /etc/init.d/chilli
+		$SED "s?ifconfig.*?ifconfig \$HS_LANIF $PRIVATE_IP?g" /etc/init.d/chilli
-$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf
+		$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf
-$SED "s?^dynip.*?dynip\t\t$PRIVATE_DYN_IP?g" /etc/chilli.conf
+		$SED "s?^dynip.*?dynip\t\t$PRIVATE_DYN_IP?g" /etc/chilli.conf
-$SED "s?^statip.*?statip\t\t$PRIVATE_STAT_IP?g" /etc/chilli.conf
+		$SED "s?^statip.*?statip\t\t$PRIVATE_STAT_IP?g" /etc/chilli.conf
-$SED "s?^dns1.*?dns1\t\t$PRIVATE_IP?g" /etc/chilli.conf
+		$SED "s?^dns1.*?dns1\t\t$PRIVATE_IP?g" /etc/chilli.conf
-$SED "s?^dns2.*?dns2\t\t$PRIVATE_IP?g" /etc/chilli.conf
+		$SED "s?^dns2.*?dns2\t\t$PRIVATE_IP?g" /etc/chilli.conf
-$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf
+		$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf
-$SED "s?^\$organisme = .*?\$organisme = \"$ORGANISME\";?g" /var/www/html/intercept.php /var/www/html/status.php
+		$SED "s?^\$organisme = .*?\$organisme = \"$ORGANISME\";?g" /var/www/html/intercept.php /var/www/html/status.php
 # awstat
-$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf
+		$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf
 # dnsmasq
-$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf
+		$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf
-$SED "s?^server=.*?server=$DNS1?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf
+		$SED "s?^server=.*?server=$DNS1?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf
-$SED "/$DNS1/!s?^server=.*?server=$DNS2?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf
+		$SED "/$DNS1/!s?^server=.*?server=$DNS2?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf
-$SED "s?^dhcp-range=.*?dhcp-range=$PRIVATE_DYN_FIRST_IP,$PRIVATE_DYN_LAST_IP,$PRIVATE_NETMASK,12h?g" /etc/dnsmasq.conf
+		$SED "s?^dhcp-range=.*?dhcp-range=$PRIVATE_DYN_FIRST_IP,$PRIVATE_DYN_LAST_IP,$PRIVATE_NETMASK,12h?g" /etc/dnsmasq.conf
-$SED "s?^dhcp-option=option:router.*?dhcp-option=option:router,$PRIVATE_IP?g" /etc/dnsmasq.conf
+		$SED "s?^dhcp-option=option:router.*?dhcp-option=option:router,$PRIVATE_IP?g" /etc/dnsmasq.conf
+# DG + BL
+		$SED "s?^IP_RETOUR=.*?IP_RETOUR=\"$PRIVATE_IP\"?g" $DIR_SBIN/alcasar-bl.sh
+		$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf
+# Watchdog
+		$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh
+# SSHD
+		$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
+		$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
+# Prompts
+		$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc
+# sudoers
+		$SED "s?^Host_Alias.*?Host_Alias	LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost		#réseau de l'organisme?g" /etc/sudoers
+# Services start
+		for i in network squid ntpd chilli httpd
+		do
+			[ -e /etc/init.d/$i ] && /etc/init.d/$i start 2>/dev/null
+		done
 # Start / Stop SSH Daemon
-ssh_active=`grep SSH $CONF_FILE|cut -d"=" -f2`
+		ssh_active=`grep SSH $CONF_FILE|cut -d"=" -f2`
-if [ $ssh_active = "on" ]
+		if [ $ssh_active = "on" ]
-	then
+		then
-/sbin/chkconfig --add sshd
+			/sbin/chkconfig --add sshd
+			/etc/init.d/sshd start
-else
+		else
-/sbin/chkconfig --del sshd
+			/sbin/chkconfig --del sshd
-fi
+		fi
+# Reload BL (restart DG, dnsmasq & iptables)
-$DIR_BIN/alcasar-iptables.sh
+		$DIR_SBIN/alcasar-bl.sh -reload
 		;;
 	*)
 		echo "Argument inconnu :$1";
 		echo "$usage"
 		exit 1

Subversion Repositories ALCASAR

(root)/scripts/alcasar-conf.sh – Rev 632 → 634