Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 2971 → Rev 2970

/scripts/test-create-delete-multiple_MAC-sh
File deleted
/scripts/test-retrieve-users-attributes-sh
File deleted
Property changes:
Deleted: svn:executable
-*
\ No newline at end of property
/scripts/alcasar-rpm.sh
8,7 → 8,6
# configure the RPM repository
 
Lang=`echo $LANG|cut -c 1-2`
SED="/bin/sed -i"
VERSION="7"
ARCH="x86_64"
# The kernel version we compile netflow for
127,15 → 126,8
echo "Download the Linux kernel used by ALCASAR. Please wait ..."
fi
urpmi --auto --quiet $KERNEL
# Remove some of our RPMs in order to avoid their automatic update
# Remove some of our RPMs in order to avoid their update
urpme wkhtmltopdf
# At this time, only skip Kernel update
echo "/^kernel/" > /etc/urpmi/skip.list
if [ `egrep '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
$SED "s?^exclude=.*?exclude=kernel\*?g" /etc/dnf/dnf.conf
else
echo "exclude=kernel*" >> /etc/dnf/dnf.conf
fi
# download updated RPM in cache
if [ $Lang == "fr" ]
then
274,15 → 266,10
then
exit 1
fi
# Avoid some RPM automatic updates
# fix some RPM versions
echo "/^kernel/" > /etc/urpmi/skip.list
echo "/^wkhtmltopdf/" >> /etc/urpmi/skip.list
echo "/^clamd/" >> /etc/urpmi/skip.list
echo "/^clamav/" >> /etc/urpmi/skip.list
echo "/^freeradius/" >> /etc/urpmi/skip.list
if [ `egrep '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
$SED "s?^exclude=.*?exclude=kernel\* wkhtmltopdf clamd clamav freeradius?g" /etc/dnf/dnf.conf
else
echo "exclude=kernel* wkhtmltopdf clamd clamav freeradius" >> /etc/dnf/dnf.conf
fi
echo "exclude=kernel* wkhtmltopdf clamd clamav" >> /etc/dnf/dnf.conf
exit 0
/scripts/alcasar-uninstall.sh
88,7 → 88,8
[ -e /etc/raddb/mods-available/sql.default ] && mv /etc/raddb/mods-available/sql.default /etc/raddb/mods-available/sql && echo -n "19, "
[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] && mv /etc/raddb/mods-config/sql/main/mysql/queries.conf.default /etc/raddb/mods-config/sql/main/mysql/queries.conf && echo -n "20, "
[ -e /etc/raddb/mods-available/sqlcounter.default ] && mv /etc/raddb/mods-available/sqlcounter.default /etc/raddb/mods-available/sqlcounter && echo -n "21, "
if [ -e /etc/systemd/system/radiusd.service ]; then
if [ -e /etc/systemd/system/radiusd.service ]
then
rm -f /etc/systemd/system/radiusd.service
echo -n "22"
fi
108,7 → 109,8
echo -en "(15) : "
[ -d /var/e2guardian ] && rm -rf /var/e2guardian
[ -d /var/dansguardian ] && rm -rf /var/dansguardian
if [ -e /etc/systemd/system/e2guardian.service ]; then
if [ -e /etc/systemd/system/e2guardian.service ]
then
rm -f /etc/systemd/system/e2guardian.service
echo -n "1, "
fi
131,11 → 133,13
antivirus ()
{
echo -en "(4) : "
if [ -e /etc/systemd/system/clamav-daemon.service ]; then
if [ -e /etc/systemd/system/clamav-daemon.service ]
then
rm -f /etc/systemd/system/clamav-daemon.service
echo -n "1, "
fi
if [ -e /etc/systemd/system/clamav-daemon.socket ]; then
if [ -e /etc/systemd/system/clamav-daemon.socket ]
then
rm -f /etc/systemd/system/clamav-daemon.socket
echo -n "2, "
fi
167,7 → 171,8
{
echo -en "(2) : "
[ -e /etc/vnstat.conf.default ] && mv /etc/vnstat.conf.default /etc/vnstat.conf && echo -n "1, "
if [ -e /etc/systemd/system/vnstat.service ]; then
if [ -e /etc/systemd/system/vnstat.service ]
then
rm -f /etc/systemd/system/vnstat.service
echo -n "2"
fi
178,7 → 183,8
echo -en "(3) : "
[ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf && echo -n "1, "
[ -e /etc/dnsmasq-whitelist.conf ] && rm /etc/dnsmasq-whitelist.conf && echo -n "2, "
if [ -e /etc/systemd/system/dnsmasq-whitelist.service ]; then
if [ -e /etc/systemd/system/dnsmasq-whitelist.service ]
then
rm -f /etc/systemd/system/dnsmasq-whitelist.service
echo -n "3, "
fi
202,7 → 208,8
fi
i=`expr $i + 1`
done
if [ -e /etc/systemd/system/unbound.service ]; then
if [ -e /etc/systemd/system/unbound.service ]
then
rm -f /etc/systemd/system/unbound.service
echo -n "9"
fi
244,7 → 251,8
i=`expr $i + 1`
rm $jail && echo -n "$i, "
done
if [ -e /etc/systemd/system/fail2ban.service ]; then
if [ -e /etc/systemd/system/fail2ban.service ]
then
rm -f /etc/systemd/system/fail2ban.service
echo -n "11"
fi
263,11 → 271,11
msec ()
{
echo -en "(2) : "
if [ -e /etc/security/msec/security.conf ]; then
if [ -e /etc/security/msec/security.conf ]
then
[ -e /etc/security/msec/security.conf.default ] && mv /etc/security/msec/security.conf.default /etc/security/msec/security.conf && echo -n "1, "
[ -e /etc/security/msec/perm.local ] && rm -f /etc/security/msec/perm.local && echo -n "2"
else
echo -n "uninstalled"
else echo -n "uninstalled"
fi
}
 
296,7 → 304,8
 
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]; then
if [ $nb_args -eq 0 ]
then
nb_args=1
args="-h"
fi
318,7 → 327,8
;;
esac
clear
if [ $mode == "full" ]; then
if [ $mode == "full" ]
then
echo "----------------------------------------------------------------------------"
echo "** Uninstall/Désinstallation d'ALCASAR **"
echo "----------------------------------------------------------------------------"
340,7 → 350,8
for i in $services
do
service_exist=`systemctl list-unit-files | grep ^$i.service | wc -l`
if [ $service_exist -eq 1 ]; then
if [ $service_exist -eq 1 ]
then
/usr/bin/systemctl disable $i.service
/usr/bin/systemctl stop $i.service 1>/dev/null
sleep 1
351,26 → 362,30
echo "Check the service clearing"
for i in $services
do
if [ `systemctl is-active $i.service` == "active" ]; then
if [ `systemctl is-active $i.service` == "active" ]
then
echo "The service '$i' need to be killed"
/usr/bin/systemctl stop $i.service
killall $i
fi
done
 
[ $mode == "update" ] && /usr/bin/systemctl reload sshd # reload sshd in case of remote update
 
if [ $mode == "update" ] # reload sshd in case of remote update
then
/usr/bin/systemctl reload sshd
fi
echo "Reset ALCASAR main functions : "
for func in init ACC CA time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat unbound dnsmasq dhcpd cron fail2ban gammu_smsd msec letsencrypt post_install
do
echo -en "\n- $func "
$func
if [ $DEBUG_ALCASAR == "on" ]; then
if [ $DEBUG_ALCASAR == "on" ]
then
echo -n " *** 'debug' : end of cleaning '$func' *** "
read a
fi
done
if [ $mode == "full" ]; then
if [ $mode == "full" ]
then
echo -en "\n- network(10) : "
hostnamectl set-hostname localhost.localdomain
chmod a-x /etc/sysconfig/network-scripts/default-*
386,11 → 401,13
[ -e /etc/hosts.allow.default ] && mv -f /etc/hosts.allow.default /etc/hosts.allow && echo -n "5, "
[ -e /etc/hosts.deny.default ] && mv -f /etc/hosts.deny.default /etc/hosts.deny && echo -n "6, "
[ -e /etc/modprobe.preload.default ] && mv -f /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "7, "
if [ -e /etc/systemd/system/alcasar-network.service ]; then
rm -f /etc/systemd/system/alcasar-network.service
echo -n "8, "
fi
if [ -e /etc/systemd/system/iptables.service ]; then
if [ -e /etc/systemd/system/alcasar-network.service ]
- then
- rm -f /etc/systemd/system/alcasar-network.service
- echo -n "8, "
- fi
if [ -e /etc/systemd/system/iptables.service ]
then
rm -f /etc/systemd/system/iptables.service
echo -n "9, "
fi
401,11 → 418,8
 
# Reset "skip.list" (we keep "kernel" in order not to download kernel we don't want to have)
echo "/^kernel/" > /etc/urpmi/skip.list
if [ `egrep '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
$SED "s?^exclude=.*?exclude=kernel\*?g" /etc/dnf/dnf.conf
else
echo "exclude=kernel*" >> /etc/dnf/dnf.conf
fi
$SED "/^exclude/d" /etc/dnf/dnf.conf
 
# Cleaning (remove all "old" alcasar scripts)
echo -en "\n- End of cleaning ...\n"
for rm_fic in /usr/local/bin /usr/local/etc /usr/local/sbin
414,7 → 428,8
done
/usr/bin/update-grub2
 
if [ $mode == "full" ]; then
if [ $mode == "full" ]
then
echo -n "Waiting for Network to be up again : "
i=0
while [ $i -lt 10 ] # We wait 10 seconds max
421,7 → 436,8
do
echo -n "."
DNS1=`grep ^nameserver /etc/resolv.conf|awk -F" " '{print $2}'|head -n 1`
if [ "$DNS1" != "" ] && [ "$DNS1" != "127.0.0.1" ]; then
if [ "$DNS1" != "" ] && [ "$DNS1" != "127.0.0.1" ]
then
i=9
echo -n "ok"
fi
/scripts/script_test-create-mac-account-sh
0,0 → 1,71
#! /bin/bash
# script test&debug.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# This script tests the following behaviour :
# - Retreive 3 special attributes of a user ('test' by default). It Retrieves theses attributes from default group, then from user's group, then from its account
# - test if the attribute "Alcasar-Status-Page-Must-Stay-Open" is set to "2", then retrieve the "expiration" attribute
# - if the "expiration" attribute exists then create a new user (login = user's @MAC) and duplicates all user's attributes
 
 
PASSWD_FILE="/root/ALCASAR-passwords.txt"
USER_NAME="test"
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2`
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2`
 
# Retrieve 3 ALCASAR special radius attributes (search order : default group, then user's group, then user)
db_query="SELECT attribute, value FROM ( \
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) UNION \
( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ORDER BY ug.priority ) UNION \
( SELECT attribute, value FROM radgroupreply WHERE groupname = 'default' AND (attribute IN ('Alcasar-Filter', 'Alcasar-Protocols-Filter', 'Alcasar-Status-Page-Must-Stay-Open')) ) \
) attrs GROUP BY attribute;"
db_radreply_res=$(mysql -u$DB_USER -p$DB_PASSWORD -D radius -e "$db_query" -Ns)
 
filter=$(echo "$db_radreply_res" | awk '$1 == "Alcasar-Filter" { print $2 }')
filterProto=$(echo "$db_radreply_res" | awk '$1 == "Alcasar-Protocols-Filter" { print $2 }')
statusOpenRequired=$(echo "$db_radreply_res" | awk '$1 == "Alcasar-Status-Page-Must-Stay-Open" { print $2 }')
echo "USER_NAME = $USER_NAME; filter = $filter; filterproto = $filterProto; statusOpenRequired = $statusOpenRequired";
 
# If status page isn't required :
# -add user_IP with the flag 'PERM' in /tmp/current_users.txt
# -add user_@MAC as an authenticated (with the same user's attributes)
if [ "$statusOpenRequired" == '2' ]; then # Status page is not required
echo ""
# Retrieve "expiration" attribute from radcheck
db_query="SELECT attribute, value FROM ( \
( SELECT attribute, value FROM radcheck WHERE username = '$USER_NAME' AND attribute = 'Expiration' ) UNION \
( SELECT attribute, value FROM radgroupcheck gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' AND attribute = 'Expiration' ORDER BY ug.priority ) UNION \
( SELECT attribute, value FROM radgroupcheck WHERE groupname = 'default' AND attribute = 'Expiration' ) \
) attrs GROUP BY attribute;"
db_radcheck_expiration_res=$(mysql -u$DB_USER -p$DB_PASSWORD -D radius -e "$db_query" -Ns)
# if a expiration date exists we retrieve all radreply attributes
if [ `echo $db_radcheck_expiration_res|wc -l` == '1' ]; then
echo "###########################"
echo "## Attributs radreply"
db_query="SELECT attribute, value FROM ( \
( SELECT attribute, value FROM radreply WHERE username = '$USER_NAME' ) UNION \
( SELECT attribute, value FROM radgroupreply gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' ORDER BY ug.priority ) UNION \
( SELECT attribute, value FROM radgroupreply WHERE groupname = 'default' ) \
) attrs GROUP BY attribute;"
mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns | while IFS= read -r loop
do
attr=`echo $loop|cut -d" " -f1`
attr_value=`echo $loop|cut -d" " -f2-`
echo "$attr = $attr_value"
done
# if a expiration date exists we retrieve all radcheck attributes
echo "## Attributs radcheck"
db_query="SELECT attribute, value FROM ( \
( SELECT attribute, value FROM radcheck WHERE username = '$USER_NAME' ) UNION \
( SELECT attribute, value FROM radgroupcheck gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '$USER_NAME' ORDER BY ug.priority ) UNION \
( SELECT attribute, value FROM radgroupcheck WHERE groupname = 'default' ) \
) attrs GROUP BY attribute;"
mysql -u root -p$(cat $PASSWD_FILE | grep ^db_root= | cut -d'=' -f2-) -D radius -e "$db_query" -Ns | while IFS= read -r loop
do
attr=`echo $loop|cut -d" " -f1`
attr_value=`echo $loop|cut -d" " -f2-`
echo "$attr = $attr_value"
done
fi
fi
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/web/acc/manager/lib/langues.php
327,7 → 327,7
$l_telephonenumber = "Office phone number";
$l_mobile = "Mobile phone number";
$l_lang_ticket = "Voucher language";
$l_simultaneous_use = "Number of simultaneous sessions";
$l_simultaneous_use = "Number of concurent login";
$l_max_all_session = "Maximum time of connection<br>(in seconds)";
$l_expire_after = "Authorized period after the first connection<br>(in seconds)";
$l_expiration = "Expiration date";
/web/acc/admin/network.php
163,13 → 163,13
$l_renew = "Renovar";
$l_renew_force = "Renovar (forzado)";
$l_previous_LE_cert = "Volver al certificado de Let's Encrypt :";
$l_gw_weight = "Peso";
$l_error = "Error";
$l_error_bad_ip = "Esta no es una dirección IP válida";
$l_error_bad_ip_CIDR = "Esta no es una dirección CIDR válida"
$l_error_bad_ip_port = "Esto no es una dirección IP + puerto válidos";
$l_error_weight = "Esto no es un peso válido";
$l_change_successful = "Cambio completado con éxito";
$l_gw_weight = "";/*TODO Traduction espagnole*/
$l_error = "";/*TODO Traduction espagnole*/
$l_error_bad_ip = "";/*TODO Traduction espagnole*/
$l_error_bad_ip_CIDR = "";/*TODO Traduction espagnole*/
$l_error_bad_ip_port = "";/*TODO Traduction espagnole*/
$l_error_weight = "";/*TODO Traduction espagnole*/
$l_change_successful = "";/*TODO Traduction espagnole*/
} else {
$l_network_title = "Network configuration";
$l_internet_legend = "INTERNET";