Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 2415 → Rev 2416

/alcasar.sh
189,7 → 189,7
mode="update"
fi
fi
if [[ ( $unknown_os != 3 ) || ("$DISTRIBUTION" != "Mageia" ) || ( "$CURRENT_VERSION" != "5" ) ]]
if [[ ( $unknown_os != 3 ) || ("$DISTRIBUTION" != "Mageia" ) || ( "$CURRENT_VERSION" != "6" ) ]]
then
if [ -e /tmp/alcasar-conf.tar.gz ] # update
then
198,12 → 198,12
then
echo "La mise à jour automatique d'ALCASAR ne peut pas être réalisée."
echo "1 - Effectuez une sauvegarde des fichiers de traçabilité et de la base des usagers via l'ACC"
echo "2 - Installez Linux-Mageia 5.1-64bits et ALCASAR (cf. doc d'installation)"
echo "2 - Installez Linux-Mageia 6.0 (64bits) et ALCASAR (cf. doc d'installation)"
echo "3 - Importez votre base des usagers"
else
echo "The automatic update of ALCASAR can't be performed."
echo "1 - Save your traceability files and the user database"
echo "2 - Install Linux-Mageia 5.1-64bits & ALCASAR (cf. installation doc)"
echo "2 - Install Linux-Mageia 6 (64bits) & ALCASAR (cf. installation doc)"
echo "3 - Import your users database"
fi
else
217,9 → 217,9
echo
if [ $Lang == "fr" ]
then
echo "Le système d'exploitation doit être remplacé (Mageia5.1-64bits)"
echo "Le système d'exploitation doit être remplacé (Mageia6-64bits)"
else
echo "The OS must be replaced (Mageia5.1-64bits)"
echo "The OS must be replaced (Mageia6-64bits)"
fi
exit 0
fi
385,12 → 385,6
fi
# On crée aléatoirement les mots de passe et les secrets partagés
rm -f $PASSWD_FILE
grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16`
echo "# Password to protect the GRUB boot menu (/!\\ qwerty keyboard):" > $PASSWD_FILE
echo "grub=$grubpwd" >> $PASSWD_FILE
md5_grubpwd=`/usr/bin/openssl passwd -1 $grubpwd`
$SED "/^password.*/d" /boot/grub/menu.lst
$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16`
echo "# Password of MariaDB administrator:" >> $PASSWD_FILE
echo "db_root=$mysqlpwd" >> $PASSWD_FILE
1017,7 → 1011,6
systemctl stop mysqld
fi
rm -rf /var/lib/mysql # to be sure that there is no former installation
/usr/sbin/mysqld-prepare-db-dir > /dev/null 2>&1
[ -e /etc/my.cnf.default ] || cp /etc/my.cnf /etc/my.cnf.default
$SED "s?^tmpdir.*?tmpdir=/tmp?g" /etc/my.cnf
$SED "s?^port.*?#&?g" /etc/my.cnf # we use unix socket only
1024,7 → 1017,9
$SED "s?^;collation_server =.*?collation_server = utf8_unicode_ci?g" /etc/my.cnf
$SED "s?^;character_set_server =.*?character_set_server = utf8?g" /etc/my.cnf # accentuated user names are allowed
$SED "s?^plugin-load.*?#&?g" /etc/my.cnf.d/feedback.cnf # remove the feedback plugin (ALCASAR doesn't report anything !)
/usr/bin/systemctl start mysqld.service
/usr/sbin/mysqld-prepare-db-dir > /dev/null 2>&1
/usr/bin/systemctl set-environment MYSQLD_OPTS="--skip-grant-tables --skip-networking"
/usr/bin/systemctl start mysqld
nb_round=1
while [ ! -S /var/lib/mysql/mysql.sock ] && [ $nb_round -lt 10 ] # we wait until mariadb is on
do
1036,9 → 1031,10
echo "Problème : la base données 'MariaDB' ne s'est pas lancée !"
exit
fi
mysqladmin -u root password $mysqlpwd
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
MYSQL="/usr/bin/mysql --execute"
# Secure the server
$MYSQL="GRANT ALL PRIVILEGES ON *.* TO root@'localhost' IDENTIFIED BY '$mysqlpwd';"
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --execute"
$MYSQL="DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;"
$MYSQL="CONNECT mysql;DELETE from user where User='';DELETE FROM user WHERE User='root' AND Host NOT IN ('localhost','127.0.0.1','::1');FLUSH PRIVILEGES;"
# Create 'radius' database
1047,8 → 1043,9
mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/empty-radiusd-db.sql
# modify the start script in order to close accounting connexion when the system is comming down or up
[ -e /lib/systemd/system/mysqld.service.default ] || cp /lib/systemd/system/mysqld.service /lib/systemd/system/mysqld.service.default
$SED "/ExecStartPost=/a ExecStop=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
$SED "/ExecStartPost=/a ExecStartPost=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service
$SED "/^ExecStart=/a ExecStop=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
$SED "/^ExecStop=/a ExecStartPost=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service
/usr/bin/systemctl unset-environment MYSQLD_OPTS
/usr/bin/systemctl daemon-reload
} # End of init_db ()
 
2130,7 → 2127,7
done
# disable processes at boot time (Systemctl)
for i in ulogd
for i in ulogd gpm
do
/usr/bin/systemctl -q disable $i.service
done
/rpms/x86_64/dnsmasq-base-2.75-1.mga6.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/rpms/x86_64/dnsmasq-2.75-1.mga6.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/rpms/x86_64/wget-1.18-1.mga6.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/rpms/x86_64/wget-1.19.1-2.mga6.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property
/scripts/alcasar-urpmi.sh
9,12 → 9,12
# configure the RPM repository
 
Lang=`echo $LANG|cut -c 1-2`
VERSION="5"
VERSION="6"
ARCH="x86_64"
# The kernel version we compile netflow for
KERNEL="kernel-server-4.4.74-1.mga5-1-1.mga5"
KERNEL="kernel-server-4.9.50-1.mga6-1.1.mga6"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man kernel-firmware-nonfree dos2unix p7zip bc msec kernel-userspace-headers"
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers"
 
rpm_repository_sync ()
{
214,7 → 214,7
else
echo "Nettoyage du système : "
fi
rm_rpm="shorewall mandi avahi mageia-gfxboot-theme cpupower privoxy squid gamin"
rm_rpm="shorewall mandi grub2-mageia-theme"
/usr/sbin/urpme --auto -a $rm_rpm
/usr/sbin/urpme --auto --auto-orphans
 
228,4 → 228,4
urpmi --clean
# the ipt-netflow RPM add the kernel module ipt_NETFLOW (the modules dependance tree need to be updated)
/sbin/depmod -a
exit 0