/alcasar.sh |
---|
452,8 → 452,7 |
rm -rf conf/etc/alcasar.conf |
fi |
# Define LAN side global parameters |
hostname $HOSTNAME.$DOMAIN |
echo $HOSTNAME.$DOMAIN > /etc/hostname |
hostnamectl set-hostname $HOSTNAME.$DOMAIN |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # private network address (ie.: 192.168.182.0) |
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f4` # last octet of LAN address |
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # private network mask (ie.: 255.255.255.0) |
514,7 → 513,6 |
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default |
cat <<EOF > /etc/sysconfig/network |
NETWORKING=yes |
HOSTNAME="$HOSTNAME.$DOMAIN" |
FORWARD_IPV4=true |
EOF |
# /etc/hosts config |
789,7 → 787,6 |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP |
require valid-user |
AuthType digest |
AuthName $HOSTNAME.$DOMAIN |
804,7 → 801,6 |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP |
require valid-user |
AuthType digest |
AuthName $HOSTNAME.$DOMAIN |
819,7 → 815,6 |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP |
require valid-user |
AuthType digest |
AuthName $HOSTNAME.$DOMAIN |
834,7 → 829,6 |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP |
require valid-user |
AuthType digest |
AuthName $HOSTNAME.$DOMAIN |
850,7 → 844,6 |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP |
require valid-user |
AuthType digest |
AuthName $HOSTNAME.$DOMAIN |
/conf/sudoers |
---|
25,8 → 25,7 |
Cmnd_Alias UAM=/usr/local/sbin/alcasar-uamallowed.sh # to manage the trusted websites (uamallowed) |
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # to manage the linux services |
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem |
Cmnd_Alias SSL=/usr/bin/openssl # to manage the certificates |
Cmnd_Alias IMPCERT=/usr/local/sbin/alcasar-importcert.sh # to import an official certificate |
Cmnd_Alias SSL=/usr/bin/openssl,/usr/local/bin/alcasar-importcert.sh # to manage the certificates |
# Defaults specification |
# Defaults syslog=auth |
46,6 → 45,6 |
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom |
# %users localhost=/sbin/shutdown -h now |
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,IMPCERT |
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL |
ADMIN LAN_ORG=(root) NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE |
/scripts/alcasar-importcert.sh |
---|
32,19 → 32,20 |
$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf |
$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf |
$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf |
hostnamectl set-hostname alcasar.localdomain |
$SED "s/^\tAuthName.*/\tAuthName alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf |
$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf |
} |
function defaultCert() |
{ |
cd $DIR_CERT |
rm private/alcasar.key |
rm certs/alcasar.crt |
mv certs/alcasar.crt.old certs/alcasar.crt |
mv private/alcasar.key.old private/alcasar.key |
if [ -f certs/server-chain.crt.old ] |
mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt |
mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key |
if [ -f $DIR_CERT/certs/server-chain.crt.old ] |
then |
rm certs/server-chain.crt |
mv certs/server-chain.crt.old certs/server-chain.crt |
mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt |
else |
rm -f $DIR_CERT/certs/server-chain.crt |
fi |
} |
69,44 → 70,43 |
$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf |
$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf |
$SED "s/^domain=.*/domain=$domain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf |
hostnamectl set-hostname $fqdn |
$SED "s/^\tAuthName.*/\tAuthName $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf |
$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf |
fi |
} |
function certImport() |
{ |
cd $DIR_CERT |
if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ] |
if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ] |
then |
echo "Backup of old cert (alcasar.crt)" |
mv certs/alcasar.crt certs/alcasar.crt.old |
mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old |
fi |
if [ ! -f "/etc/pki/tls/private/alcasar.key.old" ] |
if [ ! -f "$DIR_CERT/private/alcasar.key.old" ] |
then |
echo "Backup of old private key (alcasar.key)" |
mv private/alcasar.key private/alcasar.key.old |
mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old |
fi |
cp $cert $DIR_CERT/certs/alcasar.crt |
cp $key $DIR_CERT/private/alcasar.key |
cp $cert certs/alcasar.crt |
cp $key private/alcasar.key |
chown root:apache $DIR_CERT/certs/alcasar.crt |
chown root:apache $DIR_CERT/private/alcasar.key |
chown root:apache certs/alcasar.crt |
chown root:apache private/alcasar.key |
chmod 750 certs/alcasar.crt |
chmod 750 private/alcasar.key |
chmod 750 $DIR_CERT/certs/alcasar.crt |
chmod 750 $DIR_CERT/private/alcasar.key |
if [ "$sc" != "" ] |
then |
echo "cert-chain exists" |
if [ ! -f "/etc/pki/tls/certs/server-chain.crt.old" ] |
if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ] |
then |
echo "Backup of old cert-chain (server-chain.crt)" |
mv certs/server-chain.crt certs/server-chain.crt.old |
mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old |
fi |
cp $sc certs/server-chain.crt |
chown root:apache certs/server-chain.crt |
chmod 750 certs/server-chain.crt |
cp $sc $DIR_CERT/certs/server-chain.crt |
chown root:apache $DIR_CERT/certs/server-chain.crt |
chmod 750 $DIR_CERT/certs/server-chain.crt |
fi |
} |
161,13 → 161,12 |
else |
echo "Importing certificate $cert with private key $key and server-chain $sc" |
fi |
domainName $cert |
certImport $cert $key $sc |
for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist |
do |
systemctl restart $services |
done |
do |
echo "restarting $services"; systemctl restart $services; sleep 1 |
done |
;; |
-d) |
if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ] |
175,8 → 174,10 |
echo "Restoring default certificate" |
defaultCert |
defaultNdd |
systemctl restart chilli.service |
systemctl restart httpd.service |
for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist |
do |
echo "restarting $services"; systemctl restart $services; sleep 1 |
done |
fi |
;; |
*) |
/web/acc/admin/network.php |
---|
44,8 → 44,9 |
$l_import_cert = "Import de certificat"; |
$l_private_key = "Clé privée (.key) :"; |
$l_certificate = "Certificat (.crt) :"; |
$l_server_chain = "Server-chain (Si nécéssaire : .crt) :"; |
$l_default_cert = "Retourner aux certificat par défaut"; |
$l_server_chain = "Chaîne de certification (si nécéssaire : .crt) :"; |
$l_default_cert = "Revenir au certificat d'origine"; |
$l_import = "Importer"; |
} else { |
$l_network_title = "Network configuration"; |
72,8 → 73,9 |
$l_import_cert = "Certificate import"; |
$l_private_key = "Private key (.key) :"; |
$l_certificate = "Certificate (.crt) :"; |
$l_server_chain = "Server-chain (If necessary : .crt) :"; |
$l_server_chain = "Server-chain (if necessary : .crt) :"; |
$l_default_cert = "Back to default certificate"; |
$l_import = "Import"; |
} |
if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";} |
switch ($choix) |
181,7 → 183,8 |
*************************/ |
//modification de la conf réseau --> V3.0 |
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
?> |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
<html><!-- written by steweb57 & rexy --> |
<head> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
270,16 → 273,16 |
<table width="100%" border="1" cellspacing="0" cellpadding="0"> |
<tr><td> |
<form method="post" action="network.php" enctype="multipart/form-data"> |
<?php echo $l_private_key;?><input type="file" name="key"/><br/> |
<?php echo $l_certificate;?><input type="file" name="crt"/><br/> |
<?php echo $l_server_chain;?><input type="file" name="sc"/> |
<input type="hidden" name="MAX_FILE_SIZE" value=<?php echo $maxsize;?> /><br/> |
<input type="submit" value="Valider"/> |
<?php echo $l_private_key;?><input type="file" name="key"><br> |
<?php echo $l_certificate;?><input type="file" name="crt"><br> |
<?php echo $l_server_chain;?><input type="file" name="sc"> |
<input type="hidden" name="MAX_FILE_SIZE" value=<?php echo $maxsize;?>><br> |
<input type="submit" <?php echo "value=\"".$l_import."\""?>> |
</form> |
</td><td> |
<form method="post" action="network.php"> |
<input type="hidden" name="default"/> |
<input type="submit" <?php echo "value=\"".$l_default_cert."\""?>/> |
<input type="hidden" name="default"> |
<input type="submit" <?php echo "value=\"".$l_default_cert."\""?>> |
</form> |
</td> |
</tr> |
290,7 → 293,7 |
<?php |
if(isset($_POST['default'])){ |
echo "Retour au certificats par défaut"; |
echo "$l_default_cert"; |
exec("sudo alcasar-importcert.sh -d"); |
} |
if(isset($_POST['MAX_FILE_SIZE'])){ |
306,7 → 309,7 |
if(isset($_FILES['sc']) && pathinfo($_FILES['sc']['name'])['extension'] == 'crt') |
{ |
$scpath = $dest."server-chain.crt"; |
move_uploaded_file($_FILES['key']['tmp_name'], $scpath); |
move_uploaded_file($_FILES['sc']['tmp_name'], $scpath); |
} |
$keypath = $dest."alcasar.key"; |
$crtpath = $dest."alcasar.crt"; |