Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Regard whitespace Rev 2970 → Rev 2971

/scripts/script_test-create-mac-account-sh
File deleted
Property changes:
Deleted: svn:executable
-*
\ No newline at end of property
/scripts/alcasar-rpm.sh
8,6 → 8,7
# configure the RPM repository
 
Lang=`echo $LANG|cut -c 1-2`
SED="/bin/sed -i"
VERSION="7"
ARCH="x86_64"
# The kernel version we compile netflow for
126,8 → 127,15
echo "Download the Linux kernel used by ALCASAR. Please wait ..."
fi
urpmi --auto --quiet $KERNEL
# Remove some of our RPMs in order to avoid their update
# Remove some of our RPMs in order to avoid their automatic update
urpme wkhtmltopdf
# At this time, only skip Kernel update
echo "/^kernel/" > /etc/urpmi/skip.list
if [ `egrep '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
$SED "s?^exclude=.*?exclude=kernel\*?g" /etc/dnf/dnf.conf
else
echo "exclude=kernel*" >> /etc/dnf/dnf.conf
fi
# download updated RPM in cache
if [ $Lang == "fr" ]
then
266,10 → 274,15
then
exit 1
fi
# fix some RPM versions
# Avoid some RPM automatic updates
echo "/^kernel/" > /etc/urpmi/skip.list
echo "/^wkhtmltopdf/" >> /etc/urpmi/skip.list
echo "/^clamd/" >> /etc/urpmi/skip.list
echo "/^clamav/" >> /etc/urpmi/skip.list
echo "exclude=kernel* wkhtmltopdf clamd clamav" >> /etc/dnf/dnf.conf
echo "/^freeradius/" >> /etc/urpmi/skip.list
if [ `egrep '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
$SED "s?^exclude=.*?exclude=kernel\* wkhtmltopdf clamd clamav freeradius?g" /etc/dnf/dnf.conf
else
echo "exclude=kernel* wkhtmltopdf clamd clamav freeradius" >> /etc/dnf/dnf.conf
fi
exit 0
/scripts/alcasar-uninstall.sh
88,8 → 88,7
[ -e /etc/raddb/mods-available/sql.default ] && mv /etc/raddb/mods-available/sql.default /etc/raddb/mods-available/sql && echo -n "19, "
[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] && mv /etc/raddb/mods-config/sql/main/mysql/queries.conf.default /etc/raddb/mods-config/sql/main/mysql/queries.conf && echo -n "20, "
[ -e /etc/raddb/mods-available/sqlcounter.default ] && mv /etc/raddb/mods-available/sqlcounter.default /etc/raddb/mods-available/sqlcounter && echo -n "21, "
if [ -e /etc/systemd/system/radiusd.service ]
then
if [ -e /etc/systemd/system/radiusd.service ]; then
rm -f /etc/systemd/system/radiusd.service
echo -n "22"
fi
109,8 → 108,7
echo -en "(15) : "
[ -d /var/e2guardian ] && rm -rf /var/e2guardian
[ -d /var/dansguardian ] && rm -rf /var/dansguardian
if [ -e /etc/systemd/system/e2guardian.service ]
then
if [ -e /etc/systemd/system/e2guardian.service ]; then
rm -f /etc/systemd/system/e2guardian.service
echo -n "1, "
fi
133,13 → 131,11
antivirus ()
{
echo -en "(4) : "
if [ -e /etc/systemd/system/clamav-daemon.service ]
then
if [ -e /etc/systemd/system/clamav-daemon.service ]; then
rm -f /etc/systemd/system/clamav-daemon.service
echo -n "1, "
fi
if [ -e /etc/systemd/system/clamav-daemon.socket ]
then
if [ -e /etc/systemd/system/clamav-daemon.socket ]; then
rm -f /etc/systemd/system/clamav-daemon.socket
echo -n "2, "
fi
171,8 → 167,7
{
echo -en "(2) : "
[ -e /etc/vnstat.conf.default ] && mv /etc/vnstat.conf.default /etc/vnstat.conf && echo -n "1, "
if [ -e /etc/systemd/system/vnstat.service ]
then
if [ -e /etc/systemd/system/vnstat.service ]; then
rm -f /etc/systemd/system/vnstat.service
echo -n "2"
fi
183,8 → 178,7
echo -en "(3) : "
[ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf && echo -n "1, "
[ -e /etc/dnsmasq-whitelist.conf ] && rm /etc/dnsmasq-whitelist.conf && echo -n "2, "
if [ -e /etc/systemd/system/dnsmasq-whitelist.service ]
then
if [ -e /etc/systemd/system/dnsmasq-whitelist.service ]; then
rm -f /etc/systemd/system/dnsmasq-whitelist.service
echo -n "3, "
fi
208,8 → 202,7
fi
i=`expr $i + 1`
done
if [ -e /etc/systemd/system/unbound.service ]
then
if [ -e /etc/systemd/system/unbound.service ]; then
rm -f /etc/systemd/system/unbound.service
echo -n "9"
fi
251,8 → 244,7
i=`expr $i + 1`
rm $jail && echo -n "$i, "
done
if [ -e /etc/systemd/system/fail2ban.service ]
then
if [ -e /etc/systemd/system/fail2ban.service ]; then
rm -f /etc/systemd/system/fail2ban.service
echo -n "11"
fi
271,11 → 263,11
msec ()
{
echo -en "(2) : "
if [ -e /etc/security/msec/security.conf ]
then
if [ -e /etc/security/msec/security.conf ]; then
[ -e /etc/security/msec/security.conf.default ] && mv /etc/security/msec/security.conf.default /etc/security/msec/security.conf && echo -n "1, "
[ -e /etc/security/msec/perm.local ] && rm -f /etc/security/msec/perm.local && echo -n "2"
else echo -n "uninstalled"
else
echo -n "uninstalled"
fi
}
 
304,8 → 296,7
 
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
if [ $nb_args -eq 0 ]; then
nb_args=1
args="-h"
fi
327,8 → 318,7
;;
esac
clear
if [ $mode == "full" ]
then
if [ $mode == "full" ]; then
echo "----------------------------------------------------------------------------"
echo "** Uninstall/Désinstallation d'ALCASAR **"
echo "----------------------------------------------------------------------------"
350,8 → 340,7
for i in $services
do
service_exist=`systemctl list-unit-files | grep ^$i.service | wc -l`
if [ $service_exist -eq 1 ]
then
if [ $service_exist -eq 1 ]; then
/usr/bin/systemctl disable $i.service
/usr/bin/systemctl stop $i.service 1>/dev/null
sleep 1
362,30 → 351,26
echo "Check the service clearing"
for i in $services
do
if [ `systemctl is-active $i.service` == "active" ]
then
if [ `systemctl is-active $i.service` == "active" ]; then
echo "The service '$i' need to be killed"
/usr/bin/systemctl stop $i.service
killall $i
fi
done
if [ $mode == "update" ] # reload sshd in case of remote update
then
/usr/bin/systemctl reload sshd
fi
 
[ $mode == "update" ] && /usr/bin/systemctl reload sshd # reload sshd in case of remote update
 
echo "Reset ALCASAR main functions : "
for func in init ACC CA time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat unbound dnsmasq dhcpd cron fail2ban gammu_smsd msec letsencrypt post_install
do
echo -en "\n- $func "
$func
if [ $DEBUG_ALCASAR == "on" ]
then
if [ $DEBUG_ALCASAR == "on" ]; then
echo -n " *** 'debug' : end of cleaning '$func' *** "
read a
fi
done
if [ $mode == "full" ]
then
if [ $mode == "full" ]; then
echo -en "\n- network(10) : "
hostnamectl set-hostname localhost.localdomain
chmod a-x /etc/sysconfig/network-scripts/default-*
401,13 → 386,11
[ -e /etc/hosts.allow.default ] && mv -f /etc/hosts.allow.default /etc/hosts.allow && echo -n "5, "
[ -e /etc/hosts.deny.default ] && mv -f /etc/hosts.deny.default /etc/hosts.deny && echo -n "6, "
[ -e /etc/modprobe.preload.default ] && mv -f /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "7, "
if [ -e /etc/systemd/system/alcasar-network.service ]
- then
- rm -f /etc/systemd/system/alcasar-network.service
- echo -n "8, "
- fi
if [ -e /etc/systemd/system/iptables.service ]
then
if [ -e /etc/systemd/system/alcasar-network.service ]; then
rm -f /etc/systemd/system/alcasar-network.service
echo -n "8, "
fi
if [ -e /etc/systemd/system/iptables.service ]; then
rm -f /etc/systemd/system/iptables.service
echo -n "9, "
fi
418,8 → 401,11
 
# Reset "skip.list" (we keep "kernel" in order not to download kernel we don't want to have)
echo "/^kernel/" > /etc/urpmi/skip.list
$SED "/^exclude/d" /etc/dnf/dnf.conf
 
if [ `egrep '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
$SED "s?^exclude=.*?exclude=kernel\*?g" /etc/dnf/dnf.conf
else
echo "exclude=kernel*" >> /etc/dnf/dnf.conf
fi
# Cleaning (remove all "old" alcasar scripts)
echo -en "\n- End of cleaning ...\n"
for rm_fic in /usr/local/bin /usr/local/etc /usr/local/sbin
428,8 → 414,7
done
/usr/bin/update-grub2
 
if [ $mode == "full" ]
then
if [ $mode == "full" ]; then
echo -n "Waiting for Network to be up again : "
i=0
while [ $i -lt 10 ] # We wait 10 seconds max
436,8 → 421,7
do
echo -n "."
DNS1=`grep ^nameserver /etc/resolv.conf|awk -F" " '{print $2}'|head -n 1`
if [ "$DNS1" != "" ] && [ "$DNS1" != "127.0.0.1" ]
then
if [ "$DNS1" != "" ] && [ "$DNS1" != "127.0.0.1" ]; then
i=9
echo -n "ok"
fi
/scripts/test-create-delete-multiple_MAC-sh
0,0 → 1,19
#!/bin/bash
PASSWD_FILE="/root/ALCASAR-passwords.txt"
USER_NAME="test"
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2`
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2`
MAC_ADDRESSES="00:11:22:33:44:50 00:11:22:33:44:51 00:11:22:33:44:52"
 
for MAC in $MAC_ADDRESSES
do
salt=`cat /dev/urandom | tr -dc '[:alnum:]' | head -c8`
export algo_salt='$5$'$salt
export pass='PASSWORD'
pass_salt=$(perl -e'print crypt($ARGV[0],$ARGV[1])' $pass $algo_salt)
db_query1="INSERT INTO radcheck (username,attribute,op,value) VALUES ('$MAC', 'Crypt-Password', ':=', '$pass_salt'); INSERT INTO userinfo (username) VALUES ('$MAC');"
db_query2="DELETE FROM radcheck WHERE username = '$MAC'; DELETE FROM userinfo WHERE username = '$MAC';"
db_radcheck_insert_res=$(mysql -u $DB_USER -p$DB_PASSWORD -D radius -e "$db_query2" -Ns)
echo -n "$MAC "
done
echo
/scripts/test-retrieve-users-attributes-sh
0,0 → 1,69
#! /bin/bash
# script test&debug.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# This script tests the following behaviour :
# - Retreive 3 special attributes of a user ('test' by default). It Retrieves theses attributes from default group, then from user's group, then from its account
# - test if the attribute "Alcasar-Status-Page-Must-Stay-Open" is set to "2", then retrieve the "expiration" attribute
# - (todo) if the "expiration" attribute exists then create a new user (login = user's @MAC) and duplicates all user's attributes
 
 
PASSWD_FILE="/root/ALCASAR-passwords.txt"
USER_NAME="test"
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2`
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2`
 
# Retrieve 3 ALCASAR special radius attributes (search order : default group, then user's group, then user)
db_query="SELECT attribute, value FROM ( \
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) UNION \
( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ORDER BY ug.priority ) UNION \
( SELECT attribute, value FROM radgroupreply WHERE groupname = 'default' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) \
) attrs GROUP BY attribute;"
db_radreply_res=$(mysql -u$DB_USER -p$DB_PASSWORD -D radius -e "$db_query" -Ns)
 
filter=$(echo "$db_radreply_res" | awk '$1 == "Alcasar-Filter" { print $2 }')
filterProto=$(echo "$db_radreply_res" | awk '$1 == "Alcasar-Protocols-Filter" { print $2 }')
statusOpenRequired=$(echo "$db_radreply_res" | awk '$1 == "Alcasar-Status-Page-Must-Stay-Open" { print $2 }')
echo "USER_NAME = $USER_NAME; filter = $filter; filterproto = $filterProto; statusOpenRequired = $statusOpenRequired";
 
# If status page isn't required :
if [ "$statusOpenRequired" == '2' ]; then # Status page is not required
echo ""
# Retrieve "expiration" attribute from radcheck
db_query="SELECT attribute, value FROM ( \
( SELECT attribute, value FROM radcheck WHERE username = '$USER_NAME' AND attribute = 'Expiration' ) UNION \
( SELECT attribute, value FROM radgroupcheck gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' AND attribute = 'Expiration' ORDER BY ug.priority ) UNION \
( SELECT attribute, value FROM radgroupcheck WHERE groupname = 'default' AND attribute = 'Expiration' ) \
) attrs GROUP BY attribute;"
db_radcheck_expiration_res=$(mysql -u$DB_USER -p$DB_PASSWORD -D radius -e "$db_query" -Ns)
# if a expiration date exists we retrieve all radreply attributes
if [ `echo $db_radcheck_expiration_res|wc -l` == '1' ]; then
echo "###########################"
echo "## Radreply attributes"
db_query="SELECT attribute, value FROM ( \
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' ) UNION \
( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' ORDER BY ug.priority ) UNION \
( SELECT attribute, value FROM radgroupreply WHERE groupname = 'default' ) \
) attrs GROUP BY attribute;"
mysql -u$DB_USER -p$DB_PASSWORD -D radius -e "$db_query" -Ns | while IFS= read -r loop
do
attr=`echo $loop|cut -d" " -f1`
attr_value=`echo $loop|cut -d" " -f2-`
echo "$attr = $attr_value"
done
# if a expiration date exists we retrieve all radcheck attributes
echo "## Radcheck attributes"
db_query="SELECT attribute, value FROM ( \
( SELECT attribute, value FROM radcheck WHERE username = '$USER_NAME' ) UNION \
( SELECT attribute, value FROM radgroupcheck gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' ORDER BY ug.priority ) UNION \
( SELECT attribute, value FROM radgroupcheck WHERE groupname = 'default' ) \
) attrs GROUP BY attribute;"
mysql -u$DB_USER -p$DB_PASSWORD -D radius -e "$db_query" -Ns | while IFS= read -r loop
do
attr=`echo $loop|cut -d" " -f1`
attr_value=`echo $loop|cut -d" " -f2-`
echo "$attr = $attr_value"
done
fi
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/web/acc/admin/network.php
163,13 → 163,13
$l_renew = "Renovar";
$l_renew_force = "Renovar (forzado)";
$l_previous_LE_cert = "Volver al certificado de Let's Encrypt :";
$l_gw_weight = "";/*TODO Traduction espagnole*/
$l_error = "";/*TODO Traduction espagnole*/
$l_error_bad_ip = "";/*TODO Traduction espagnole*/
$l_error_bad_ip_CIDR = "";/*TODO Traduction espagnole*/
$l_error_bad_ip_port = "";/*TODO Traduction espagnole*/
$l_error_weight = "";/*TODO Traduction espagnole*/
$l_change_successful = "";/*TODO Traduction espagnole*/
$l_gw_weight = "Peso";
$l_error = "Error";
$l_error_bad_ip = "Esta no es una dirección IP válida";
$l_error_bad_ip_CIDR = "Esta no es una dirección CIDR válida"
$l_error_bad_ip_port = "Esto no es una dirección IP + puerto válidos";
$l_error_weight = "Esto no es un peso válido";
$l_change_successful = "Cambio completado con éxito";
} else {
$l_network_title = "Network configuration";
$l_internet_legend = "INTERNET";
/web/acc/manager/lib/langues.php
327,7 → 327,7
$l_telephonenumber = "Office phone number";
$l_mobile = "Mobile phone number";
$l_lang_ticket = "Voucher language";
$l_simultaneous_use = "Number of concurent login";
$l_simultaneous_use = "Number of simultaneous sessions";
$l_max_all_session = "Maximum time of connection<br>(in seconds)";
$l_expire_after = "Authorized period after the first connection<br>(in seconds)";
$l_expiration = "Expiration date";