Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Regard whitespace Rev 2770 → Rev 2771

/alcasar.sh
224,8 → 224,6
fi
fi
# Test free space on /var
if [ ! -d /var/log/netflow/porttracker ]
then
free_space=`df -BG --output=avail /var|tail -1|tr -d '[:space:]G'`
if [ $free_space -lt 10 ]
then
235,7 → 233,6
fi
exit 0
fi
fi
 
# Detect external/internal interfaces
if [ -z "$EXTIF" ]; then
242,8 → 239,8
EXTIF=$(/usr/sbin/ip route list | awk '/^default / {print $5}')
if [ -z "$EXTIF" ]; then
if [ "$Lang" == 'fr' ]
then echo -n "Aucune passerelle par défaut configurée"
else echo -n "No default gateway configured"
then echo "Aucune passerelle par défaut configurée"
else echo "No default gateway configured"
fi
exit 1
fi
1075,6 → 1072,8
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
 
# This unit launches coova-chilli a captive portal
[Unit]
Description=chilli is a captive portal daemon
After=network.target
1486,32 → 1485,15
 
##########################################################
## Function "nfsen" ##
## - install the nfsen grapher ##
## - install the two plugins porttracker & surfmap ##
## - configure NetFlow collector (nfcapd) ##
## - configure NetFlow grapher (nfsen-ng) ##
##########################################################
nfsen()
{
tar xzf ./conf/nfsen/nfsen-*.tar.gz -C /tmp/
# Add PortTracker plugin
for i in /var/www/html/acc/manager/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
do
[ ! -d $i ] && mkdir -p $i && chown -R apache:apache $i
done
$SED "s?^my \$PORTSDBDIR =.*?my \$PORTSDBDIR = \"/var/log/netflow/porttracker\";?g" /tmp/nfsen-*/contrib/PortTracker/PortTracker.pm
# use of our conf file and init unit
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-*/etc/
# Installation of nfsen (we change a little 'install.pl in order not to ask the user for the perl version)
DirTmp=$(pwd)
cd /tmp/nfsen-*/ || { echo "Unable to find nfsen directory"; exit 1; }
/usr/bin/perl install.pl /tmp/nfsen-*/etc/nfsen.conf
/usr/bin/perl install.pl /tmp/nfsen-*/etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable"
# Create RRD DB for porttracker (only in it still doesn't exist)
cp contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
cp contrib/PortTracker/PortTracker.php /var/www/html/acc/manager/nfsen/plugins/
if [ "$(ls -A "/var/log/netflow/porttracker" 2>&1)" = "" ]; then sudo -u apache nftrack -I -d /var/log/netflow/porttracker; else echo "RRD DB already exists"; fi
chmod -R 770 /var/log/netflow/porttracker
# nfsen unit for systemd
cat << EOF > /lib/systemd/system/nfsen.service
groupadd -f nfcapd
useradd -r -g nfcapd -s /bin/false -c "system user for nfcapd" nfcapd
# nfcapd unit for systemd
cat << EOF > /lib/systemd/system/nfcapd.service
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
1519,42 → 1501,24
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
 
# This unit launches nfsen (a Netflow grapher).
# This unit launches nfcapd (a Netflow collector).
[Unit]
Description= NfSen init script
After=network.target iptables.service
Description=Netflow Capture Daemon
After=network-online.target iptables.service
 
[Service]
Type=oneshot
RemainAfterExit=yes
PIDFile=/var/run/nfsen/nfsen.pid
ExecStartPre=/bin/mkdir -p /var/run/nfsen
ExecStartPre=/bin/chown apache:apache /var/run/nfsen
ExecStart=/usr/bin/nfsen start
ExecStop=/usr/bin/nfsen stop
ExecReload=/usr/bin/nfsen restart
TimeoutSec=0
Type=exec
PIDFile=/run/nfcapd/nfcapd.pid
ExecStart=/usr/bin/nfcapd -w -D -b 127.0.0.1 -p 2055 -u nfcapd -g nfcapd -B 200000 -t 300 -S 7 -z -P /var/run/nfcapd/nfcapd.pid -I alcasar_netflow -l /var/log/nfsen/profile-data/live/alcasar_netflow
ExecReload=/bin/kill -HUP $MAINPID
 
[Install]
WantedBy=multi-user.target
EOF
# Add the listen port to collect netflow packet (nfcapd)
$SED 's?$ziparg $extensions.*?$ziparg $extensions -b 127.0.0.1";?g' /usr/libexec/NfSenRC.pm
# expire delay for the profile "live"
/usr/bin/systemctl start nfsen
/bin/nfsen -m live -e 62d 2>/dev/null
# add SURFmap plugin (waiting for new technical solution)
# see https://adullact.net/forum/forum.php?thread_id=319545&forum_id=1601&group_id=450
# cp $DIR_CONF/nfsen/SURFmap_*.tar.gz /tmp/
# cp $DIR_CONF/nfsen/GeoLiteCity* /tmp/
# tar xzf /tmp/SURFmap_*.tar.gz -C /tmp/
# cd /tmp/
# /usr/bin/sh SURFmap/install.sh (no more used since Google sells the access to googleMap API)
# clear the installation
# rm -rf /tmp/SURFmap*
rm -rf /tmp/nfsen-*
cd $DirTmp || { echo "Unable to find $DirTmp directory"; exit 1; }
chown -R apache:apache /var/www/html/acc/manager/nfsen /usr/share/nfsen /var/log/nfsen
[ -e /var/log/nfsen/profile-data/live/alcasar_netflow ] || mkdir -p /var/log/nfsen/profile-data/live/alcasar_netflow
[ -e /var/run/nfcapd ] || mkdir -p /var/run/nfcapd
chown -R nfcapd:nfcapd /var/log/nfsen/profile-data/live/alcasar_netflow /var/run/nfcapd
# chown -R apache:apache /var/www/html/acc/manager/nfsen-ng
} # End of nfsen()
 
###########################################################
1937,7 → 1901,10
# Automatic renew the Let's Encrypt certificate (daily --> see "cron.daily")
@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1
EOF
 
cat <<EOF > /etc/cron.d/alcasar-nfcapd-expire
# Remove netflow files older than one year
@daily root /usr/bin/nfexpire -e /var/log/nfsen/profile-data/live/alcasar_netflow -t 365d
EOF
# removing the users crons
rm -f /var/spool/cron/*
} # End of cron()
2234,7 → 2201,7
EOF
/usr/bin/systemctl daemon-reload
# processes launched at boot time (Systemctl)
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfsen e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd
do
/usr/bin/systemctl -q enable $i.service
done
/conf/nfsen/Readme.alcasar
File deleted
/conf/nfsen/SURFmap_v3.3.1.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/nfsen/nfsen-1.3.8.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/nfsen/nfsen.conf
File deleted
/conf/nfsen/GeoLiteCity.dat.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/nfsen/GeoLiteCityv6.dat.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/nfsen/patch1.diff
File deleted
/conf/nfsen/patch2.diff
File deleted
/conf/nfsen/nfsen-ng.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property
/scripts/alcasar-daemon.sh
16,7 → 16,7
LDAP=${LDAP:=off}
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2` # INTIF name
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2` # EXTIF name
SERVICES="mysqld lighttpd php-fpm ntpd havp unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd tinyproxy nfsen e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
SERVICES="mysqld lighttpd php-fpm ntpd havp unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd tinyproxy nfcapd e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
nb_available_srv=`echo $SERVICES|wc -w`
 
function ServiceTest () {
/scripts/alcasar-uninstall.sh
118,14 → 118,16
 
antivirus ()
{
echo -en "(5) : "
echo -en "(6) : "
if [ -e /etc/init.d/havp ]
then
[ -e /etc/havp/havp.config.default ] && mv /etc/havp/havp.config.default /etc/havp/havp.config && echo -n "1, "
userdel -r havp 2>/dev/null && echo -n "2, "
[ -d /var/run/havp ] && rm -rf /var/run/havp && echo -n "2, "
[ -e /etc/init.d/havp.default ] && mv /etc/init.d/havp.default /etc/init.d/havp && echo -n "3, "
[ -e /lib/systemd/system/havp.service ] && rm /lib/systemd/system/havp.service && echo -n "4, "
[ -e /etc/freshclam.conf.default ] && mv /etc/freshclam.conf.default /etc/freshclam.conf && echo -n "5"
[ -e /etc/freshclam.conf.default ] && mv /etc/freshclam.conf.default /etc/freshclam.conf && echo -n "5, "
userdel -r havp 2>/dev/null && echo -n "6"
 
else echo -n "already uninstalled"
fi
}
132,11 → 134,12
 
tinyproxy ()
{
echo -en "(2) : "
echo -en "(3) : "
if [ -e /etc/init.d/tinyproxy ]
then
[ -e /etc/tinyproxy/tinyproxy.conf.default ] && mv /etc/tinyproxy/tinyproxy.conf.default /etc/tinyproxy/tinyproxy.conf && echo -n "1, "
userdel -r tinyproxy 2>/dev/null && echo -n "2"
[ -d /var/run/tinyproxy ] && rm -rf /var/run/tinyproxy && echo -n "2, "
userdel -r tinyproxy 2>/dev/null && echo -n "3"
else echo -n "already uninstalled"
fi
}
156,8 → 159,9
 
nfsen ()
{
# we don't remove user "nfcapd" & nfcapd folders in order to keep data when updating
echo -en "(1) : "
[ -e /lib/systemd/system/nfsen.service ] && rm -f /lib/systemd/system/nfsen.service && echo -n "1"
[ -e /lib/systemd/system/nfcapd.service ] && rm -f /lib/systemd/system/nfcapd.service && echo -n "1"
}
 
vnstat ()
291,7 → 295,7
echo "----------------------------------------------------------------------------"
echo "** Uninstall/Désinstallation d'ALCASAR **"
echo "----------------------------------------------------------------------------"
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli"
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli"
/usr/local/bin/alcasar-logout.sh all # logout everybody
else
echo "--------------------------------------------------------------------------"
298,11 → 302,9
echo "** update/mise à jour d'ALCASAR **"
echo "--------------------------------------------------------------------------"
# unbound, iptables & sshd should stay on to allow remote update
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli"
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli"
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update
fi
old_services=" dnsmasq dnsmasq-blacklist dnsmasq-blackhole"
services+=$old_services
 
echo "Stopping services : "
/usr/local/bin/alcasar-sms.sh --stop
/scripts/alcasar-urpmi.sh
15,7 → 15,7
KERNEL="kernel-server-5.3.7-4.mga7-1-1.mga7"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
# perl-Socket6 : needed by nfsen
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav perl-rrdtool perl-MailTools fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch tinyproxy vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server wkhtmltopdf perl-Socket6 tcpdump"
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-rrd unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch tinyproxy vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server wkhtmltopdf tcpdump"
 
rpm_repository_sync ()
{