108,11 → 108,6 |
$SED "s?^Admin_from_IP=.*?SSH_ADMIN_FROM=0.0.0.0/0.0.0.0?" $CONF_FILE |
# macallowed is replaced with macauth |
rm -f $DIR_UPDATE/etc/alcasar-macallowed |
# DHCP mode can be "off/half/full" |
DHCP_mode=`cat $CONF_FILE|grep DHCP=|cut -d"=" -f2` |
if [ $DHCP_mode = "on" ]; then |
$SED "s?^DHCP=on.*?DHCP=full?" $CONF_FILE # DHCP option can be "off/half/full" since V2.6 |
fi |
# The option 'EXT_LAN_FILTERING' is deleted |
$SED "/^EXT_LAN/d" $CONF_FILE |
# The category "ip" no longer exist |
267,7 → 262,7 |
# Logout everybody |
$DIR_SBIN/alcasar-logout.sh all |
# Services stop |
for i in ntpd chilli httpd network |
for i in ntpd httpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist chilli network |
do |
systemctl stop $i && echo "$i stopped" |
done |
279,10 → 274,13 |
$PRIVATE_IP $HOSTNAME $HOSTNAME.$DOMAIN |
EOF |
|
# Ext Network Card config |
# EXTIF config |
$SED "s?^IPADDR=.*?IPADDR=$PUBLIC_IP?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
$SED "s?^NETMASK=.*?NETMASK=$PUBLIC_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
$SED "s?^GATEWAY=.*?GATEWAY=$PUBLIC_GATEWAY?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
# INTIF config (for bypass mode only) |
$SED "s?^IPADDR=.?IPADDR=$PRIVATE_IP?" /etc/sysconfig/network-scripts/default-ifcfg-$INTIF |
$SED "s?^NETMASK=.?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/default-ifcfg-$INTIF |
# NTP server |
$SED "/127.0.0.1/!s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap?g" /etc/ntp.conf |
# host.allow |
300,13 → 298,10 |
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf |
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf |
# coova |
#$SED "s?ifconfig.*?ifconfig \$HS_LANIF $PRIVATE_IP?g" /etc/init.d/chilli |
$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf |
$SED "s?^dns1.*?dns1\t\t$PRIVATE_IP?g" /etc/chilli.conf |
$SED "s?^dns2.*?dns2\t\t$PRIVATE_IP?g" /etc/chilli.conf |
$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf |
# dhcp (coova + dnsmasq) |
$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode |
# dnsmasq |
$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf |
for i in /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf |
317,6 → 312,8 |
done |
$SED "s?^dhcp-range=.*?dhcp-range=$PRIVATE_SECOND_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h?g" /etc/dnsmasq.conf |
$SED "s?^dhcp-option=option:router.*?dhcp-option=option:router,$PRIVATE_IP?g" /etc/dnsmasq.conf |
# tinyproxy |
$SED "s?^Listen.*?Listen $PRIVATE_IP?g" /etc/tinyproxy/tinyproxy.conf |
# DG + BL |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf |
# Watchdog |
323,7 → 320,6 |
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh |
# SSHD |
$SED "/^ListenAddress/d" /etc/ssh/sshd_config |
# $SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config |
$SED "/ListenAddress 0.0.0.0.*/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config |
$SED "/ListenAddress $PUBLIC_IP/a\ListenAddress $PRIVATE_IP" /etc/ssh/sshd_config |
# Prompts |
333,12 → 329,13 |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage |
then |
# Services start |
for i in network ntpd chilli httpd |
systemctl start network |
$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode # apply DHCP mode and start coova |
for i in ntpd httpd tinyproxy dnsmasq |
do |
systemctl start $i && echo "$i started" |
done |
# Reload BL (restart DG, dnsmasq & iptables) |
$DIR_SBIN/alcasar-bl.sh -reload |
$DIR_SBIN/alcasar-bl.sh -reload # restart DG, dnsmasq-blacklist dnsmasq-whitelist & iptables |
fi |
# Start / Stop SSH Daemon |
ssh_active=`grep SSH= $CONF_FILE|cut -d"=" -f2` |