/alcasar.sh |
---|
562,8 → 562,8 |
ALL: ALL: spawn ( /bin/echo "service %d demandé par %c" | /bin/mail -s "Tentative d'accès au service %d par %c REFUSE !!!" security ) & |
EOF |
# Firewall config |
$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh $DIR_DEST_BIN/alcasar-conf.sh |
$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh $DIR_DEST_BIN/alcasar-conf.sh |
chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau) |
# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW) |
echo "#$PUBLIC_NETWORK/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked |
/scripts/alcasar-conf.sh |
---|
263,9 → 263,9 |
# Logout everybody |
$DIR_SBIN/alcasar-logout.sh all |
# Services stop |
for i in squid ntpd chilli httpd network |
for i in ntpd chilli httpd network |
do |
[ -e /etc/init.d/$i ] && /etc/init.d/$i stop && killall $i 2>/dev/null |
systemctl stop $i && echo "$i stopped" |
done |
fi |
289,7 → 289,7 |
EOF |
# Alcasar Control Center |
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf |
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf` |
FIC_MOD_SSL=`find /etc/httpd/conf/ -type f -name ssl.conf` |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL |
$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf |
# Dialup_Admin |
296,7 → 296,7 |
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf |
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf |
# coova |
$SED "s?ifconfig.*?ifconfig \$HS_LANIF $PRIVATE_IP?g" /etc/init.d/chilli |
#$SED "s?ifconfig.*?ifconfig \$HS_LANIF $PRIVATE_IP?g" /etc/init.d/chilli |
$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf |
$SED "s?^dns1.*?dns1\t\t$PRIVATE_IP?g" /etc/chilli.conf |
$SED "s?^dns2.*?dns2\t\t$PRIVATE_IP?g" /etc/chilli.conf |
304,7 → 304,7 |
# dhcp (coova + dnsmasq) |
$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode |
# dnsmasq |
$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf |
$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf |
for i in /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf |
do |
$SED "/^server=/d" $i |
329,9 → 329,9 |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage |
then |
# Services start |
for i in network squid ntpd chilli httpd |
for i in network ntpd chilli httpd |
do |
[ -e /etc/init.d/$i ] && /etc/init.d/$i start |
systemctl start $i && echo "$i started" |
done |
# Reload BL (restart DG, dnsmasq & iptables) |
$DIR_SBIN/alcasar-bl.sh -reload |
/scripts/sbin/alcasar-dhcp.sh |
---|
75,7 → 75,7 |
$SED "s?.*dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
fi |
/etc/init.d/chilli restart |
/usr/bin/systemctl restart chilli |
;; |
--full|-full) # enable DHCP service on all range of IP addresses |
$SED "s?^.*statip.*?#statip?g" $CHILLI_CONF_FILE |
90,7 → 90,7 |
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=none?g" $ALCASAR_CONF_FILE |
$SED "s?^RELAY_DHCP_IP.*?RELAY_DHCP_IP=none?g" $ALCASAR_CONF_FILE |
$SED "s?^RELAY_DHCP_PORT.*?RELAY_DHCP_PORT=none?g" $ALCASAR_CONF_FILE |
/etc/init.d/chilli restart |
/usr/bin/systemctl restart chilli |
;; |
--half|-half) # enable DHCP service on half (upper) range of IP addresses |
$SED "s?.*statip.*?statip\t\t$PRIVATE_STAT_IP?g" $CHILLI_CONF_FILE |
105,7 → 105,7 |
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=none?g" $ALCASAR_CONF_FILE |
$SED "s?^RELAY_DHCP_IP.*?RELAY_DHCP_IP=none?g" $ALCASAR_CONF_FILE |
$SED "s?^RELAY_DHCP_PORT.*?RELAY_DHCP_PORT=none?g" $ALCASAR_CONF_FILE |
/etc/init.d/chilli restart |
/usr/bin/systemctl restart chilli |
;; |
*) |
echo "Argument inconnu :$1"; |