85,25 → 85,12 |
mkdir $DIR_UPDATE/etc/ |
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/ |
# particularité des versions |
# si version <= 2.0 |
if [ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -eq 0 ]) |
# si version <= 2.8 |
if [ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 8 ]) |
then |
rm -f $DIR_UPDATE/etc/alcasar-dns-name # changement de format |
rm -rf $DIR_UPDATE/etc/digest # hostname=alcasar |
if [ -e $DIR_UPDATE/etc/alcasar-uamallowed ]; then |
uamallowed=`cat $DIR_UPDATE/etc/alcasar-uamallowed` |
if [ $uamallowed == "uamallowed=\"\"" ] |
then rm -f $DIR_UPDATE/etc/alcasar-uamallowed # un uamallowed 'vide' perturbe coova |
fi |
fi |
if [ -e $DIR_UPDATE/etc/alcasar-uamdomain ]; then |
uamdomain=`cat $DIR_UPDATE/etc/alcasar-uamdomain` |
if [ $uamdomain == "uamdomain=\"\"" ] |
then rm -f $DIR_UPDATE/etc/alcasar-uamdomain # un uamdomain 'vide' perturbe coova |
fi |
fi |
rm -rf $DIR_UPDATE/etc/digest # hostname=alcasar.$DOMAIN (add the domain name) |
else |
# si version >= 2.1 : sauvegarde des certificats (serveur et CA) |
# si version > 2.8 : sauvegarde des certificats (serveur et CA) |
cert_date=`/usr/bin/openssl x509 -noout -in /etc/pki/tls/certs/alcasar.crt -dates|grep After|cut -d"=" -f2` |
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE |
cp -f /etc/pki/tls/private/alcasar.key $DIR_UPDATE |
115,76 → 102,7 |
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt |
fi |
fi |
# si version < 2.2 |
if [ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 2 ]) |
then |
ORGANISM=`cat $DIR_WEB/intercept.php|grep '$organisme =' | cut -d"=" -f2|tr -d ";\" "` # Sauvegarde du nom d'organisme |
rm -f $DIR_UPDATE/etc/alcasar-ethers # This file doesn't contain comments |
rm -f $DIR_UPDATE/exceptionurllist # This file was not empty (comments) |
# Create the initial conf file (doesn't exist in earlier versions) |
cat <<EOF > $CONF_FILE |
########################################## |
## ## |
## ALCASAR Parameters ## |
## ## |
########################################## |
|
INSTALL_DATE=$DATE |
VERSION=$RUNNING_VERSION |
ORGANISM=$ORGANISM |
DOMAIN=$DOMAIN |
EOF |
PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` # @ip du portail (côté Internet) |
PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` |
PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24) |
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` |
DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 1er DNS |
DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 2ème DNS |
DNS1=${DNS1:=208.67.220.220} |
DNS2=${DNS2:=208.67.222.222} |
PRIVATE_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$INTIF|cut -d"=" -f2` # @ip du portail (côté LAN) |
PRIVATE_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$INTIF|cut -d"=" -f2` |
private_network_calc |
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE |
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE |
echo "DNS1=$DNS1" >> $CONF_FILE |
echo "DNS2=$DNS2" >> $CONF_FILE |
echo "PRIVATE_IP=$PRIVATE_IP/$PRIVATE_PREFIX" >> $CONF_FILE |
echo "DHCP=full" >> $CONF_FILE |
echo "EXT_DHCP_IP=none" >> $CONF_FILE |
echo "RELAY_DHCP_IP=none" >> $CONF_FILE |
echo "RELAY_DHCP_PORT=none" >> $CONF_FILE |
|
if [ -r /var/run/sshd.pid ]; then |
echo "SSH=on" >> $CONF_FILE |
else |
echo "SSH=off" >> $CONF_FILE |
fi |
echo "SSH_ADMIN_FROM=0.0.0.0/0.0.0.0" >> $CONF_FILE |
echo "QOS=off" >> $CONF_FILE |
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE |
if [ `grep ^ldap /etc/raddb/sites-available/alcasar | wc -l` -eq "0" ]; then |
echo "LDAP=off" >> $CONF_FILE |
else |
echo "LDAP=on" >> $CONF_FILE |
fi |
echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE |
PROTOCOLS_FILTERING=`grep ^PROTO_FILTERING /usr/local/bin/alcasar-iptables.sh | cut -d"=" -f2` |
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:="no"} |
if [ $PROTOCOLS_FILTERING = "no" ]; then |
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE |
else |
echo "PROTOCOLS_FILTERING=on" >> $CONF_FILE |
fi |
DNS_FILTERING=`grep ^reportinglevel /etc/dansguardian/dansguardian.conf | cut -d"=" -f2 | tr -d " "` |
DNS_FILTERING=${DNS_FILTERING:="-1"} |
if [ $DNS_FILTERING -eq "-1" ]; then |
echo "DNS_FILTERING=off" >> $CONF_FILE |
else |
echo "DNS_FILTERING=on" >> $CONF_FILE |
fi |
fi |
# since V2.6 |
# Changes since V2.6 |
# SSH_ADMIN_FROM is redefined |
$SED "s?^Admin_from_IP=.*?SSH_ADMIN_FROM=0.0.0.0/0.0.0.0?" $CONF_FILE |
# macallowed is replaced with macauth |