/alcasar.sh |
---|
386,32 → 386,30 |
# On crée aléatoirement les mots de passe et les secrets partagés |
rm -f $PASSWD_FILE |
grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16` |
echo -n "Password to protect the GRUB boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE |
echo "$grubpwd" >> $PASSWD_FILE |
echo "# Password to protect the GRUB boot menu (/!\\ qwerty keyboard):" > $PASSWD_FILE |
echo "grub=$grubpwd" >> $PASSWD_FILE |
md5_grubpwd=`/usr/bin/openssl passwd -1 $grubpwd` |
$SED "/^password.*/d" /boot/grub/menu.lst |
$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst |
mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16` |
echo -n "Name and password of Mysql/mariadb administrator : " >> $PASSWD_FILE |
echo "root / $mysqlpwd" >> $PASSWD_FILE |
echo "# Password of MariaDB administrator:" >> $PASSWD_FILE |
echo "db_root=$mysqlpwd" >> $PASSWD_FILE |
radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16` |
echo -n "Name and password of Mysql/mariadb user : " >> $PASSWD_FILE |
echo "$DB_USER / $radiuspwd" >> $PASSWD_FILE |
echo "# Name and password of MariaDB user:" >> $PASSWD_FILE |
echo "db_user=$DB_USER" >> $PASSWD_FILE |
echo "db_password=$radiuspwd" >> $PASSWD_FILE |
secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c16` |
echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $PASSWD_FILE |
echo "$secretuam" >> $PASSWD_FILE |
echo "# Shared secret between the script 'intercept.php' and coova-chilli:" >> $PASSWD_FILE |
echo "secret_uam=$secretuam" >> $PASSWD_FILE |
secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c16` |
echo -n "Shared secret between coova-chilli and FreeRadius : " >> $PASSWD_FILE |
echo "$secretradius" >> $PASSWD_FILE |
echo "# Shared secret between coova-chilli and FreeRadius:" >> $PASSWD_FILE |
echo "secret_radius=$secretradius" >> $PASSWD_FILE |
chmod 640 $PASSWD_FILE |
# copy scripts in in /usr/local/bin |
cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar* |
# copy conf files in /usr/local/etc |
cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown -R root:apache $DIR_DEST_ETC ; chmod 770 $DIR_DEST_ETC ; chmod 660 $DIR_DEST_ETC/alcasar* |
$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_BIN/alcasar-logout.sh |
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_BIN/alcasar-mysql.sh |
$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_BIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh |
$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_BIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh |
# generate central conf file |
cat <<EOF > $CONF_FILE |
########################################## |
/scripts/alcasar-conf.sh |
---|
31,8 → 31,9 |
LDAP_mode=`grep ^LDAP= $CONF_FILE|cut -d"=" -f2` |
HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2` |
DOMAIN=`grep ^DOMAIN= $CONF_FILE|cut -d"=" -f2` |
DB_USER="radius" |
radiuspwd="" |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
DB_USER=$(grep '^db_user=' $PASSWD_FILE | cut -d'=' -f 2-) |
DB_PASS=$(grep '^db_password=' $PASSWD_FILE | cut -d'=' -f 2-) |
SED="/bin/sed -i" |
RUNNING_VERSION=`grep ^VERSION= $CONF_FILE|cut -d'=' -f2` |
MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1` |
130,7 → 131,7 |
chown -R root:apache /etc/pki |
chmod -R 750 /etc/pki |
# Import of the users database |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$radiuspwd |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS |
# Retrieve local parameters |
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/ |
# Retrieve BL/WL custom files |
/scripts/alcasar-generate_log.sh |
---|
29,6 → 29,7 |
TMP_HTML="$DIR/log_nf.html" |
TMP_PDF="$DIR/imputabilities_logs-$(date +%F).pdf" |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
DB_ROOT_PW=$(grep '^db_root=' $PASSWD_FILE | cut -d'=' -f 2-) |
ARCHIVE_LOCATION="$DIR/imputabilities_logs.zip" |
81,7 → 82,7 |
#get log information for each users |
mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev) -e "$QUERY" |
mysql -u root -p"$DB_ROOT_PW" -D radius -e "$QUERY" |
#Create HTML document which contains every informations about users |
echo "<!DOCTYPE html>" > $TMP_HTML |
157,7 → 158,7 |
#inform users about that by setting the fourth bit of Filter-Id at 1. |
QUERY="SELECT username from radreply INTO OUTFILE '$TMP_USERS' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';" |
mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev) -e "$QUERY" |
mysql -u root -p"$DB_ROOT_PW" -D radius -e "$QUERY" |
if [ -e $TMP_USERS ] && [ $(cat $TMP_USERS | wc -l) -gt 0 ] |
then |
164,7 → 165,7 |
for user in $(cat $TMP_USERS) |
do |
QUERY="set @CurrentFilter=(SELECT value from radreply where username='$user');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'1', (@CurrentFilterRight)) WHERE username='$user' ;" |
mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev) -e "$QUERY" |
mysql -u root -p"$DB_ROOT_PW" -D radius -e "$QUERY" |
done |
fi |
rm $TMP_USERS |
/scripts/alcasar-logout.sh |
---|
8,7 → 8,8 |
# Déconnexion d'un ou de tous les usagers |
# Logout one user (or all users) |
radiussecret="" |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
RADIUS_SECRET=$(grep '^secret_radius=' $PASSWD_FILE | cut -d'=' -f 2-) |
OLDIFS=$IFS |
IFS=$'\n' |
47,7 → 48,7 |
echo "All users are now logout : ($logout_users)" |
;; |
*) |
echo "User-Name = $args" | /usr/bin/radclient 127.0.0.1:3799 40 $radiussecret |
echo "User-Name = $args" | /usr/bin/radclient 127.0.0.1:3799 40 $RADIUS_SECRET |
;; |
esac |
IFS=$OLDIFS |
/scripts/alcasar-mysql.sh |
---|
1,4 → 1,4 |
#! /bin/bash |
#!/bin/bash |
# $Id$ |
# alcasar-mysql.sh |
8,24 → 8,24 |
# Gestion (sauvegarde / import / RAZ) de la base MySQL 'radius'. Fermeture des sessions de comptabilité ouvertes |
# Management of mysql 'radius' database (save / import / RAZ). Close the accounting open sessions |
rep_tr="/var/Save/base" # répertoire d'accueil des sauvegardes |
ext="sql" # extension des fichiers de sauvegarde |
rep_tr="/var/Save/base" # répertoire d'accueil des sauvegardes |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
DB_RADIUS="radius" |
DB_USER="radius" |
radiuspwd="MotdePasse" |
new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers |
fichier="alcasar-users-database-$new.$ext" # nom du fichier de sauvegarde |
DB_USER=$(grep '^db_user=' $PASSWD_FILE | cut -d'=' -f 2-) |
DB_PASS=$(grep '^db_password=' $PASSWD_FILE | cut -d'=' -f 2-) |
new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers |
fichier="alcasar-users-database-$new.sql" # nom du fichier de sauvegarde |
stop_acct () |
{ |
date_now=`date "+%F %X"` |
echo "UPDATE radacct SET acctstoptime = '$date_now', acctterminatecause = 'Admin-Reset' WHERE acctstoptime IS NULL" | mysql -u$DB_USER -p$radiuspwd $DB_RADIUS |
echo "UPDATE radacct SET acctstoptime = '$date_now', acctterminatecause = 'Admin-Reset' WHERE acctstoptime IS NULL" | mysql -u$DB_USER -p$DB_PASS $DB_RADIUS |
} |
check () |
{ |
echo "check (and repair if needed) the database :" |
mysqlcheck --databases $DB_RADIUS -u $DB_USER -p$radiuspwd --auto-repair |
mysqlcheck --databases $DB_RADIUS -u $DB_USER -p$DB_PASS --auto-repair |
} |
expire_user () # remove users whom expiration date has passed to 7 days |
32,10 → 32,10 |
{ |
del_date=`date +%F` |
MYSQL_USER="" |
MYSQL_USER=`/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS -ss --exec "SELECT username FROM radcheck WHERE ( DATE_SUB(CURDATE(),INTERVAL 7 DAY) > STR_TO_DATE(value,'%d %M %Y')) AND attribute='Expiration';"` |
MYSQL_USER=`/usr/bin/mysql -u$DB_USER -p$DB_PASS $DB_RADIUS -ss --exec "SELECT username FROM radcheck WHERE ( DATE_SUB(CURDATE(),INTERVAL 7 DAY) > STR_TO_DATE(value,'%d %M %Y')) AND attribute='Expiration';"` |
for u in $MYSQL_USER |
do |
/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS --exec "DELETE FROM radusergroup WHERE username = '$u'; DELETE FROM radreply WHERE username = '$u'; DELETE FROM userinfo WHERE UserName = '$u'; DELETE FROM radcheck WHERE username = '$u';" |
/usr/bin/mysql -u$DB_USER -p$DB_PASS $DB_RADIUS --exec "DELETE FROM radusergroup WHERE username = '$u'; DELETE FROM radreply WHERE username = '$u'; DELETE FROM userinfo WHERE UserName = '$u'; DELETE FROM radcheck WHERE username = '$u';" |
if [ $? = 0 ] |
then |
echo "User $u was deleted $del_date" >> /var/log/mysqld/delete_user.log |
49,14 → 49,14 |
{ |
del_date=`date +%F` |
MYSQL_GROUP="" |
MYSQL_GROUP=`/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS -ss --exec "SELECT groupname FROM radgroupcheck WHERE ( DATE_SUB(CURDATE(),INTERVAL 7 DAY) > STR_TO_DATE(value,'%d %M %Y')) AND attribute='Expiration';"` |
MYSQL_GROUP=`/usr/bin/mysql -u$DB_USER -p$DB_PASS $DB_RADIUS -ss --exec "SELECT groupname FROM radgroupcheck WHERE ( DATE_SUB(CURDATE(),INTERVAL 7 DAY) > STR_TO_DATE(value,'%d %M %Y')) AND attribute='Expiration';"` |
for g in $MYSQL_GROUP |
do |
MYSQL_USERGROUP="" |
MYSQL_USERGROUP=`/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS -ss --exec "SELECT username FROM radusergroup WHERE groupname = '$g';"` |
MYSQL_USERGROUP=`/usr/bin/mysql -u$DB_USER -p$DB_PASS $DB_RADIUS -ss --exec "SELECT username FROM radusergroup WHERE groupname = '$g';"` |
for u in $MYSQL_USERGROUP |
do |
/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS --exec "DELETE FROM radusergroup WHERE username = '$u'; DELETE FROM radreply WHERE username = '$u'; DELETE FROM userinfo WHERE UserName = '$u'; DELETE FROM radcheck WHERE username = '$u';" |
/usr/bin/mysql -u$DB_USER -p$DB_PASS $DB_RADIUS --exec "DELETE FROM radusergroup WHERE username = '$u'; DELETE FROM radreply WHERE username = '$u'; DELETE FROM userinfo WHERE UserName = '$u'; DELETE FROM radcheck WHERE username = '$u';" |
if [ $? = 0 ] |
then |
echo "User $u was deleted $del_date" >> /var/log/mysqld/delete_user.log |
64,7 → 64,7 |
echo "Delete User $u : Error $del_date" >> /var/log/mysqld/delete_user.log |
fi |
done |
/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS --exec "DELETE FROM radgroupreply WHERE groupname = '$g'; DELETE FROM radgroupcheck WHERE groupname = '$g';" |
/usr/bin/mysql -u$DB_USER -p$DB_PASS $DB_RADIUS --exec "DELETE FROM radgroupreply WHERE groupname = '$g'; DELETE FROM radgroupcheck WHERE groupname = '$g';" |
if [ $? = 0 ] |
then |
echo "Group $g was deleted $del_date" >> /var/log/mysqld/delete_group.log |
93,8 → 93,8 |
then rm -f $fichier |
fi |
check |
echo "Export the database in file : $fichier" |
mysqldump -u $DB_USER -p$radiuspwd --opt -BcQC $DB_RADIUS > $rep_tr/$fichier |
echo "Export the database in file : $fichier.gz" |
mysqldump -u $DB_USER -p$DB_PASS --opt -BcQC $DB_RADIUS > $rep_tr/$fichier |
gzip -f $rep_tr/$fichier |
echo "End of export $( date "+%Hh %Mmn" )" |
;; |
109,11 → 109,11 |
else |
case $2 in |
*.sql.gz ) |
gunzip -f < $2 | mysql -u $DB_USER -p$radiuspwd |
gunzip -f < $2 | mysql -u $DB_USER -p$DB_PASS |
stop_acct |
;; |
*.sql ) |
mysql -u $DB_USER -p$radiuspwd < $2 |
mysql -u $DB_USER -p$DB_PASS < $2 |
stop_acct |
;; |
esac |
120,9 → 120,9 |
fi |
;; |
-r | --raz | -raz) |
mysqldump -u $DB_USER -p$radiuspwd --opt -BcQC $DB_RADIUS > $rep_tr/$fichier |
mysqldump -u $DB_USER -p$DB_PASS --opt -BcQC $DB_RADIUS > $rep_tr/$fichier |
gzip -f $rep_tr/$fichier |
mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < /etc/raddb/empty-radiusd-db.sql |
mysql -u$DB_USER -p$DB_PASS $DB_RADIUS < /etc/raddb/empty-radiusd-db.sql |
;; |
-a | --acct_stop | -acct_stop) |
stop_acct |