Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2887 → Rev 2886

/alcasar.sh
797,16 → 797,15
# - archive = tarball of "base + http firewall + netflow"
# - security = watchdog log
# - conf_file = archive conf file (usefull in updating process)
for i in base archive security activity_report iot_captures;
for i in base archive security activity_report conf_file;
do
[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
done
chown -R root:apache $DIR_SAVE
# Configuring & securing php
[ -e /etc/php.d/05_date.ini ] || cp /etc/php.d/05_date.ini /etc/php.d/05_date.ini.default
timezone=`timedatectl show --property=Timezone|cut -d"=" -f2`
$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.d/05_date.ini
[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default
timezone=`cat /etc/sysconfig/clock|grep ZONE|cut -d"=" -f2`
$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.ini
$SED "s?^upload_max_filesize.*?upload_max_filesize = 100M?g" /etc/php.ini
$SED "s?^post_max_size.*?post_max_size = 100M?g" /etc/php.ini
$SED "s?^display_errors.*?display_errors = Off?" /etc/php.ini
875,9 → 874,9
# Run lighttpd after coova (in order waiting tun0 to be up)
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/lighttpd.service
# Log file for ACC access imputability
[ -e $DIR_SAVE/security/acc_access.log ] || touch $DIR_SAVE/security/acc_access.log
chown root:apache $DIR_SAVE/security/acc_access.log
chmod 664 $DIR_SAVE/security/acc_access.log
[ -e /var/Save/security/acc_access.log ] || touch /var/Save/security/acc_access.log
chown root:apache /var/Save/security/acc_access.log
chmod 664 /var/Save/security/acc_access.log
} # End of ACC()
 
#############################################################
1932,9 → 1931,9
 
# allow reading of 2 log files (fail2ban & watchdog).
[ -e /var/log/fail2ban.log ] || /usr/bin/touch /var/log/fail2ban.log
[ -e $DIR_SAVE/security/watchdog.log ] || /usr/bin/touch $DIR_SAVE/security/watchdog.log
[ -e /var/Save/security/watchdog.log ] || /usr/bin/touch /var/Save/security/watchdog.log
chmod 644 /var/log/fail2ban.log
chmod 644 $DIR_SAVE/security/watchdog.log
chmod 644 /var/Save/security/watchdog.log
/usr/bin/touch /var/log/auth.log
# fail2ban unit
[ -e /lib/systemd/system/fail2ban.service.default ] || cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default
2280,7 → 2279,7
# Load and apply the previous conf file
if [ "$mode" = "update" ]
then
$DIR_DEST_BIN/alcasar-archive.sh --now # exports current logs in $DIR_SAVE/archive
$DIR_DEST_BIN/alcasar-archive.sh --now # exports current logs in /var/Save/archive
$DIR_DEST_BIN/alcasar-conf.sh --load
PARENT_SCRIPT=`basename $0`
export PARENT_SCRIPT # to avoid stop&start process during the installation process