33,7 → 33,7 |
# CA : Certification Authority initialization |
# time_server : NTPd configuration |
# init_db : Initilization of radius database managed with MariaDB |
# radius : FreeRadius initialisation |
# freeradius : FreeRadius initialisation |
# chilli : coovachilli initialisation (+authentication page) |
# dansguardian : DansGuardian filtering HTTP proxy configuration |
# antivirus : HAVP + libclamav configuration |
395,13 → 395,15 |
echo "GRUB2_PASSWORD=$pbkdf2" > /boot/grub2/user.cfg |
chmod 0600 /boot/grub2/user.cfg |
echo "# Login name and password to protect GRUB2 boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE |
echo "GRUB2_user=root GRUB2_password=$grub2pwd" >> $PASSWD_FILE |
echo "GRUB2_user=root" >> $PASSWD_FILE |
echo "GRUB2_password=$grub2pwd" >> $PASSWD_FILE |
mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16` |
echo "# Login name and Password of MariaDB administrator:" >> $PASSWD_FILE |
echo "db_root=$mysqlpwd" >> $PASSWD_FILE |
radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16` |
echo "# Login name and password of MariaDB user:" >> $PASSWD_FILE |
echo "db_user=$DB_USER db_password=$radiuspwd" >> $PASSWD_FILE |
echo "db_user=$DB_USER" >> $PASSWD_FILE |
echo "db_password=$radiuspwd" >> $PASSWD_FILE |
secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c16` |
echo "# Shared secret between the script 'intercept.php' and coova-chilli:" >> $PASSWD_FILE |
echo "secret_uam=$secretuam" >> $PASSWD_FILE |
1060,12 → 1062,12 |
} # End of init_db () |
|
########################################################################## |
## Fonction "radius" ## |
## Fonction "freeradius" ## |
## - Paramètrage des fichiers de configuration FreeRadius ## |
## - Affectation du secret partagé entre coova-chilli et freeradius ## |
## - Modification de fichier de conf pour l'accès à Mysql ## |
########################################################################## |
radius () |
freeradius () |
{ |
cp -f $DIR_CONF/empty-radiusd-db.sql /etc/raddb/ |
chown -R radius:radius /etc/raddb |
1122,18 → 1124,38 |
[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] || cp /etc/raddb/mods-config/sql/main/mysql/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf.default |
cp -f $DIR_CONF/radius/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf |
chown -R radius:radius /etc/raddb/mods-config/sql/main/mysql/queries.conf |
# sqlcounter.conf modifications (change the Max-All-Session-Time counter) |
[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default |
cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf |
# make certain that mysql is up before radius start |
# sqlcounter modifications |
[ -e /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf.default ] || cp /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf.default |
cat << EOF > /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf |
query = "SELECT IFNULL((SELECT SUM(acctsessiontime - \ |
GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)),0)) \ |
FROM radacct WHERE username = '%{${key}}' AND \ |
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'),0)" |
EOF |
[ -e /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf.default ] || cp /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf.default |
cat << EOF > /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf |
query = "SELECT IFNULL((SELECT SUM(acctsessiontime - \ |
GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \ |
FROM radacct WHERE username='%{${key}}' AND \ |
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'),0)" |
EOF |
[ -e /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf.default ] || cp /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf.default |
cat << EOF > /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf |
# This is the query modified for ALCASAR needs (thanks to Daniel Laliberte --> authorized period after the first connection) |
query = "SELECT IFNULL((SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) \ |
FROM radacct \ |
WHERE UserName='%{${key}}' \ |
ORDER BY acctstarttime \ |
LIMIT 1),0)" |
EOF |
# make certain that mysql is up before freeradius start |
[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default |
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service |
/usr/bin/systemctl daemon-reload |
|
# Allow apache to change some conf files (ie : ldap on/off) |
chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available |
|
} # End radius () |
} # End freeradius () |
|
################################################################################## |
## Fonction "chilli" ## |
1622,11 → 1644,6 |
dnsmasq () |
{ |
[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq |
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default |
# $SED "s?^OPTION=.*?OPTION=-C /etc/dnsmasq.conf?g" /etc/sysconfig/dnsmasq # default conf file for the first dnsmasq instance |
$SED "s?^.*OPTIONS=.*?#OPTIONS=\"--log-async=250 --log-queries --log-facility=/var/log/dnsmasq/queries.log\"?g" /etc/sysconfig/dnsmasq # General Options for dnslog or debugging |
$SED "s?^local=.*?local=/$DOMAIN/?g" $DIR_DEST_ETC/alcasar-dns-name # default domain name for all dnsmasq daemons |
[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default |
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if "alcasar-bypass" is on. |
cat << EOF > /etc/dnsmasq.conf |
# Configuration file for "dnsmasq in forward mode" |
1907,7 → 1924,7 |
gammu_smsd() |
{ |
# Create 'gammu' databse |
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec" |
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --execute" |
$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_GAMMU;GRANT ALL ON $DB_GAMMU.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES" |
# Add a gammu database structure |
mysql -u$DB_USER -p$radiuspwd $DB_GAMMU < $DIR_CONF/empty-gammu-smsd-db.sql |
2174,28 → 2191,28 |
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target |
# GRUB modifications (only one time) |
# Limit wait time to 3s - Create an alcasar entry instead of linux-nonfb - Change the default banner |
vm_vga=`lsmod | egrep -c "virtio|vmwgfx"` # test if in VM |
grub_already_modified=`grep -c ALCASAR /boot/grub/menu.lst` |
[ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default |
if [ $grub_already_modified == 0 ] |
then |
$SED "s?^timeout.*?timeout 3?g" /boot/grub/menu.lst |
$SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst |
$SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst |
$SED "/^kernel/s/BOOT_IMAGE=linux /BOOT_IMAGE=linux-nonfb /" /boot/grub/menu.lst |
$SED "/^gfxmenu/d" /boot/grub/menu.lst |
if [ $vm_vga == 0 ] # is not a VM |
then |
$SED "/BOOT_IMAGE=linux-nonfb/s/$/ vga=791/" /boot/grub/menu.lst # change display to 1024*768 (vga791) only if not on VM and only on ALCASAR entry |
fi |
fi |
if [ $vm_vga == 0 ] # is not a VM |
then |
# vm_vga=`lsmod | egrep -c "virtio|vmwgfx"` # test if in VM |
# grub_already_modified=`grep -c ALCASAR /boot/grub/menu.lst` |
# [ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default |
# if [ $grub_already_modified == 0 ] |
# then |
# $SED "s?^timeout.*?timeout 3?g" /boot/grub/menu.lst |
# $SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst |
# $SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst |
# $SED "/^kernel/s/BOOT_IMAGE=linux /BOOT_IMAGE=linux-nonfb /" /boot/grub/menu.lst |
# $SED "/^gfxmenu/d" /boot/grub/menu.lst |
# if [ $vm_vga == 0 ] # is not a VM |
# then |
# $SED "/BOOT_IMAGE=linux-nonfb/s/$/ vga=791/" /boot/grub/menu.lst # change display to 1024*768 (vga791) only if not on VM and only on ALCASAR entry |
# fi |
# fi |
# if [ $vm_vga == 0 ] # is not a VM |
# then |
cp -f $DIR_CONF/banner /etc/mageia-release |
echo " V$VERSION" >> /etc/mageia-release |
else |
echo "ALCASAR V$VERSION" > /etc/mageia-release |
fi |
# else |
# echo "ALCASAR V$VERSION" > /etc/mageia-release |
# fi |
# Load and apply the previous conf file |
if [ "$mode" = "update" ] |
then |
2341,7 → 2358,7 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3` |
mode="update" |
fi |
for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install |
for func in init network ACC CA time_server init_db freeradius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install |
do |
$func |
# echo "*** 'debug' : end of function $func ***"; read a |