Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1332 → Rev 1336

/VERSION
1,0 → 0,0
2.8
2.9
/alcasar.sh
69,10 → 69,10
# ******* Network parameters - paramètres réseau *******
HOSTNAME="alcasar" #
DOMAIN="localdomain" # default local domain
EXTIF="eth0" # ETH0 is connected to the ISP broadband modem/router (In France : Box-FAI )
EXTIF=`/sbin/ip route|grep default|cut -d" " -f5` # EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)
INTIF=`/sbin/ip link|grep '^[[:digit:]]:'|grep -v "lo\|$EXTIF"|cut -d" " -f2|tr -d ":"` # INTIF is connected to the consultation network
MTU="1500"
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'
INTIF="eth1" # ETH1 is connected to the consultation network
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # Default ALCASAR IP address
# ****** Paths - chemin des commandes *******
SED="/bin/sed -i"
98,8 → 98,6
echo "-----------------------------------------------------------------------------"
} # End of header_install ()
 
#Launch network service (useful only when Mageia is running in SafeFail mode)
service network start
 
##################################################################
## Function "testing" ##
111,7 → 109,8
then echo -n "Tests des paramètres réseau : "
else echo -n "Network parameters tests : "
fi
# We test eth0 config files
# We test EXTIF config files
 
PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
176,30 → 175,6
exit 0
fi
echo -n "."
# On traite le cas où l'interface configurée lors de l'installation est "eth1" au lieu de "eth0" (mystère sur certaines versions de BIOS et de VirtualBox)
if [ `ip route list|grep ^default|grep -c eth1` -eq "1" ] ; then
if [ $Lang == "fr" ]
then echo "La configuration des cartes réseau va être corrigée."
else echo "The Ethernet card configuration will be corrected."
fi
/etc/init.d/network stop
mv -f /etc/sysconfig/network-scripts/ifcfg-eth1 /etc/sysconfig/network-scripts/ifcfg-eth0
$SED "s?eth1?eth0?g" /etc/sysconfig/network-scripts/ifcfg-eth0
/etc/init.d/network start
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
sleep 2
if [ $Lang == "fr" ]
then echo "Configuration corrigée"
else echo "Configuration updated"
fi
sleep 2
if [ $Lang == "fr" ]
then echo "Vous pouvez relancer ce script."
else echo "You can restart this script."
fi
exit 0
fi
echo -n "."
# On teste le lien vers le routeur par defaut
IP_GW=`ip route list|grep ^default|cut -d" " -f3`
arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $IP_GW|grep response|cut -d" " -f2`
317,7 → 292,7
## Function "network" ##
## - Définition du plan d'adressage du réseau de consultation ##
## - Nommage DNS du système ##
## - Configuration de l'interface eth1 (réseau de consultation) ##
## - Configuration de l'interface INTIF (réseau de consultation)##
## - Modification du fichier /etc/hosts ##
## - Configuration du serveur de temps (NTP) ##
## - Renseignement des fichiers hosts.allow et hosts.deny ##
376,7 → 351,7
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1)
PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2` # second network address (ex.: 192.168.182.2)
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254)
PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6` # MAC address of INTIF (eth1)
PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6` # MAC address of INTIF
# Define Internet parameters
[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 1er DNS
411,7 → 386,7
127.0.0.1 localhost
$PRIVATE_IP $HOSTNAME.$DOMAIN
EOF
# Config eth0 (Internet)
# Config EXTIF (Internet)
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
DEVICE=$EXTIF
BOOTPROTO=static
429,7 → 404,7
USERCTL=no
MTU=$MTU
EOF
# Config eth1 (consultation LAN) in normal mode
# Config INTIF (consultation LAN) in normal mode
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
DEVICE=$INTIF
BOOTPROTO=static
442,7 → 417,7
USERCTL=no
ETHTOOL_OPTS=$ETHTOOL_OPTS
EOF
# Config of eth1 in bypass mode (see "alcasar-bypass.sh")
# Config of INTIF in bypass mode (see "alcasar-bypass.sh")
cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
DEVICE=$INTIF
BOOTPROTO=static
905,7 → 880,7
cd net;
mknod tun c 10 200)
}
ifconfig eth1 0.0.0.0
ifconfig $INTIF 0.0.0.0
daemon /usr/sbin/chilli -c \$CONFIG --pidfile=\$pidfile &
RETVAL=$?
fi
949,8 → 924,8
cat <<EOF > /etc/chilli.conf
# coova config for ALCASAR
cmdsocket /var/run/chilli.sock
unixipc chilli.eth1.ipc
pidfile /var/run/chilli.eth1.pid
unixipc chilli.$INTIF.ipc
pidfile /var/run/chilli.$INTIF.pid
net $PRIVATE_NETWORK_MASK
dhcpif $INTIF
ethers $DIR_DEST_ETC/alcasar-ethers
983,7 → 958,7
#dhcprelayagent
#dhcpgatewayport
EOF
# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0)
# create file for DHCP static ip. Reserve the second IP address for INTIF (the first one is for tun0)
echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
# create files for trusted domains and urls
touch $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
1486,8 → 1461,8
echo "MULTIWAN=off" >> $CONF_FILE
echo "FAILOVER=30" >> $CONF_FILE
echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE
echo "#WAN1=\"1,eth0:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE
echo "#WAN2=\"1,eth0:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE
echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE
echo "#WAN2=\"1,$EXTIF:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE
# Coloration des prompts
[ -e /etc/bashrc.default ] || cp /etc/bashrc /etc/bashrc.default
cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
1741,7 → 1716,7
license
header_install
testing
# Test if ALCASAR is already installed (before v2.2, the conf file doesn't exist --> can't update)
# Test if ALCASAR is already installed
if [ -e $CONF_FILE ]
then
current_version=`cat $CONF_FILE | grep VERSION | cut -d"=" -f2`
1769,6 → 1744,7
fi
fi
# RPMs install
echo "STOP" ; read a
$DIR_SCRIPTS/alcasar-urpmi.sh
if [ "$?" != "0" ]
then
/scripts/alcasar-urpmi.sh
9,13 → 9,13
# configure the RPM repository
 
Lang=`echo $LANG|cut -c 1-2`
VERSION="2"
VERSION="4"
ARCH="i586"
# The kernel version we compile netflow for
KERNEL="kernel-desktop-3.4.52-1.mga2-1-1.mga2"
ModuleTree="kernel-desktop-3.4.52-1.mga2"
#KERNEL="kernel-desktop-3.4.52-1.mga2-1-1.mga2"
#ModuleTree="kernel-desktop-3.4.52-1.mga2"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="sudo freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb logwatch ntp bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy php-mbstring perl-rrdtool perl-MailTools perl-Socket6 php-sockets fail2ban gnupg man ipset"
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mbstring php-sockets rng-utils dnsmasq rsync clamav pm-fallback-policy perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg man ipset"
 
rpm_repository_sync ()
{
41,7 → 41,7
echo "If this problem occurs again, change the MIRRORLIST[1&2] variables in the file 'scripts/alcasar-urpmi.sh'"
fi
}
# extract the current Mandriva/Mageia version and hardware architecture (i586 ou X64)
# extract the current Mageia version and hardware architecture (i586 ou X64)
fic=`cat /etc/product.id`
unknown_os=0
old="$IFS"
66,7 → 66,7
fi
done
IFS="$old"
if [[ ( $unknown_os != 3 || "$DISTRIBUTION" != "Mageia" ) && ( "$CURRENT_VERSION" != "2" ) ]]
if [[ ( $unknown_os != 3 || "$DISTRIBUTION" != "Mageia" ) && ( "$CURRENT_VERSION" != "4" ) ]]
then
if [ $Lang == "fr" ]
then
82,11 → 82,11
if [ $Lang == "fr" ]
then
echo "1 - Récupérez le fichier de configuration actuel (/tmp/alcasar-conf.tar.gz)."
echo "2 - Installez Linux-Mageia2 (cf. doc d'installation)"
echo "2 - Installez Linux-Mageia4 (cf. doc d'installation)"
echo "3 - copiez le fichier 'alcasar-conf.tar.gz' dans le répertoire '/tmp' avant de lancer l'installation d'ALCASAR"
else
echo "1 - Retrieve the configuration file (/tmp/alcasar-conf.tar.gz)"
echo "2 - Install Linux-Mageia2 (cf. installation doc)"
echo "2 - Install Linux-Mageia4 (cf. installation doc)"
echo "3 - Copy the file 'alcasar-conf.tar.gz' in the folder '/tmp' before launching the installation of ALCASAR"
fi
fi
138,6 → 138,7
fi
fi
done
 
# delete unused RPMs
if [ $Lang == "fr" ]
then
145,22 → 146,22
else
echo "Nettoyage du système : "
fi
for rm_rpm in shorewall mandi radeontool avahi awstats
for rm_rpm in shorewall mandi radeontool mesa avahi
do
/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null
echo -n "."
done
# download the kernel used by ALCASAR and fix its version
if [ $Lang == "fr" ]
then
echo "Récupération du noyau Linux exploité par ALCASAR. Veuillez patienter ..."
else
echo "Download the Linux kernel used by ALCASAR. Please wait ..."
fi
urpmi --auto --quiet $KERNEL
echo "/^kernel/" > /etc/urpmi/skip.list
#if [ $Lang == "fr" ]
#then
# echo "Récupération du noyau Linux exploité par ALCASAR. Veuillez patienter ..."
#else
# echo "Download the Linux kernel used by ALCASAR. Please wait ..."
#fi
#urpmi --auto --quiet $KERNEL
#echo "/^kernel/" > /etc/urpmi/skip.list
# download "timezone" to avoid a mageia issue --> should be remove with mageia3
urpmi timezone
#urpmi timezone
# download updated RPM in cache
if [ $Lang == "fr" ]
then
233,17 → 234,18
rpm_error
exit 1
fi
# Keep only the kernel version we compil netflow with, and remove all others
kernelVersion=$(rpm -qa | grep "kernel-desktop")
for i in $kernelVersion
# Keep only the last kernel version
#kernelVersion=$(rpm -qa | grep "kernel-desktop")
#for i in $kernelVersion
#do
# if [ ! $i = $KERNEL ];then
# urpme --auto $i
# fi
#done
echo "STOP"; read a
# delete unused services
for rm_rpm in c-icap-server mageia-gfxboot-theme
do
if [ ! $i = $KERNEL ];then
urpme --auto $i
fi
done
# delete old alcasar RPMs and unused services
for rm_rpm in c-icap-server lib64chilli0 libchilli0 python-coova-chilli cyrus-sasl mageia-gfxboot-theme
do
/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null
done