| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 3277 2025-04-27 16:39:10Z rexy $
|
2 |
# $Id: alcasar.sh 3285 2025-05-20 17:33:11Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
4 |
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
| 5 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
|
5 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
|
| 6 |
# contact : info@alcasar.net
|
6 |
# contact : info@alcasar.net
|
| 7 |
|
7 |
|
| Line 721... |
Line 721... |
| 721 |
IPV6TO4INIT=no
|
721 |
IPV6TO4INIT=no
|
| 722 |
ACCOUNTING=no
|
722 |
ACCOUNTING=no
|
| 723 |
USERCTL=no
|
723 |
USERCTL=no
|
| 724 |
EOF
|
724 |
EOF
|
| 725 |
fi
|
725 |
fi
|
| - |
|
726 |
# write resolv.conf
|
| - |
|
727 |
[ -e /etc/resolv.conf.default ] || cp /etc/resolv.conf /etc/resolv.conf.default
|
| - |
|
728 |
cat <<EOF > /etc/resolv.conf
|
| - |
|
729 |
# Basic resolv.conf : ALCASAR ask its local DNS servers (unbound)
|
| - |
|
730 |
search $DOMAIN
|
| - |
|
731 |
nameserver 127.0.0.1
|
| - |
|
732 |
EOF
|
| 726 |
# write hosts.allow & hosts.deny
|
733 |
# write hosts.allow & hosts.deny
|
| 727 |
[ -e /etc/hosts.allow.default ] || cp /etc/hosts.allow /etc/hosts.allow.default
|
734 |
[ -e /etc/hosts.allow.default ] || cp /etc/hosts.allow /etc/hosts.allow.default
|
| 728 |
cat <<EOF > /etc/hosts.allow
|
735 |
cat <<EOF > /etc/hosts.allow
|
| 729 |
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
|
736 |
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
|
| 730 |
sshd: ALL
|
737 |
sshd: ALL
|
| Line 1885... |
Line 1892... |
| 1885 |
cat <<EOF > /etc/cron.d/alcasar-mariadb
|
1892 |
cat <<EOF > /etc/cron.d/alcasar-mariadb
|
| 1886 |
# Verify, repair and export users database (every monday at 4:45 am)
|
1893 |
# Verify, repair and export users database (every monday at 4:45 am)
|
| 1887 |
45 4 * * 1 root $DIR_DEST_BIN/alcasar-mariadb.sh --dump
|
1894 |
45 4 * * 1 root $DIR_DEST_BIN/alcasar-mariadb.sh --dump
|
| 1888 |
# Remove users whose expiration date is exceeded for more more than 7 days (every Monday at 4:40 am)
|
1895 |
# Remove users whose expiration date is exceeded for more more than 7 days (every Monday at 4:40 am)
|
| 1889 |
40 4 * * * root $DIR_DEST_BIN/alcasar-mariadb.sh --expire_user 2>&1 >/dev/null
|
1896 |
40 4 * * * root $DIR_DEST_BIN/alcasar-mariadb.sh --expire_user 2>&1 >/dev/null
|
| 1890 |
# Remove users who haven't logged in for more than a year (every Monday at 4:35 am)
|
- |
|
| 1891 |
|
- |
|
| 1892 |
EOF
|
1897 |
EOF
|
| 1893 |
cat <<EOF > /etc/cron.d/alcasar-archive
|
1898 |
cat <<EOF > /etc/cron.d/alcasar-archive
|
| 1894 |
# Archiving logs (traceability & users database) (every Monday at 5:35 am)
|
1899 |
# Archiving logs (traceability & users database) (every Monday at 5:35 am)
|
| 1895 |
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
|
1900 |
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
|
| 1896 |
EOF
|
1901 |
EOF
|