Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 2727 → Rev 2728

/alcasar.sh
989,13 → 989,12
$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf # remove the proxy function
$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf # remove the proxy function
 
# Add ALCASAR dictionary
# Add ALCASAR & Coovachilli dictionaries
[ -e /etc/raddb/dictionary.default ] || cp /etc/raddb/dictionary /etc/raddb/dictionary.default
cp $DIR_CONF/radius/dictionary.alcasar /usr/share/freeradius/dictionary.alcasar
echo -e '\n$INCLUDE dictionary.alcasar' >> /usr/share/freeradius/dictionary
# Add CoovaChilli dictionary
echo -e '\n$INCLUDE dictionary.alcasar' > /etc/raddb/dictionary
cp /usr/share/doc/coova-chilli/dictionary.coovachilli /usr/share/freeradius/dictionary.coovachilli
echo -e '\n$INCLUDE dictionary.coovachilli' >> /usr/share/freeradius/dictionary
echo -e '\n$INCLUDE dictionary.coovachilli' >> /etc/raddb/dictionary
# Set "client.conf" to describe radius clients (coova on 127.0.0.1)
[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
cat << EOF > /etc/raddb/clients.conf
1013,18 → 1012,18
chown radius:apache /etc/raddb/sites-available/alcasar*
chmod 660 /etc/raddb/sites-available/alcasar*
ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
# INFO : To connect from outside (EAP), add the EAP virtual server (link in sites-enabled) and inner-tunnel modules (link in mods-enabled)
 
# INFO : To connect from outside (EAP), add the EAP virtual server (link in sites-enabled) and inner-tunnel modules (link in mods-enabled)
# Set modules
# Add custom LDAP "available module"
# Add custom LDAP "available module"
cp -f $DIR_CONF/radius/ldap-alcasar /etc/raddb/mods-available/
chown -R radius:radius /etc/raddb/mods-available/ldap-alcasar
# Set only usefull modules for ALCASAR (ldap is enabled only via ACC)
# Set only usefull modules for ALCASAR (! the module 'ldap-alcasar' is enabled only via ACC)
rm -rf /etc/raddb/mods-enabled/*
for mods in sql sqlcounter attr_filter expiration logintime pap expr always
do
ln -s /etc/raddb/mods-available/$mods /etc/raddb/mods-enabled/$mods
done
# INFO : To connect from outside (EAP), add the EAP module (and right accesses to the keys (/etc/pki/tls/private/radius.pem)
# Configure SQL mod
[ -e /etc/raddb/mods-available/sql.default ] || cp /etc/raddb/mods-available/sql /etc/raddb/mods-available/sql.default
$SED "s?^[\t ]*driver =.*?driver = \"rlm_sql_mysql\"?g" /etc/raddb/mods-available/sql
/rpms/ipt-netflow-2.3.spec
1,6 → 1,6
Name: ipt-netflow
Version: 2.3
Release: %mkrel 6
Release: %mkrel 7
Summary: Netflow iptables module for Linux kernel
License: GPLv2
Packager: Richard REY (Rexy)
8,7 → 8,7
URL: https://github.com/aabc/ipt-netflow
BuildRequires: iptables-devel
Source0: %name-%version.tgz
%define kversion 4.14.89-server-1.mga6
%define kversion 4.14.106-server-1.mga6
 
%description
High performance NetFlow v5, v9, IPFIX flow data export module for Linux kernel.
44,6 → 44,8
/lib/modules/%kversion/extra/ipt_NETFLOW.ko
 
%changelog
* Sun May 12 2019 Richard REY <Rexy>
- Version 2.3 for the kernel 4.14.106 (ALCASAR 3.4)
* Wed Jan 02 2019 Richard REY <Rexy>
- Version 2.3 for the kernel 4.14.89 (ALCASAR 3.3.3)
* Sun Nov 04 2018 Richard REY <Rexy>
/rpms/rpm-build-howto
42,6 → 42,7
- test the module : go to the directory of sources and try to load it (depmod + modprobe ipt_NETFLOW), run "lsmod|grep ipt_NETFLOW" to verify if it's loaded. Run "alcasar-iptables.sh" to reload netfilter rules (no errors should appear)
- if all is ok, copy the tarball in rpmbuild/SOURCES. Copy and adapt the .spec in rpmbuild/SPECS (change the versions of kernel and rpm).
- change to the directory ~/pmbuild/SPEC and run "rpmbuild -bb ****.spec"
--> !!! Pb : rpmbuild ne réalise pas le "make install" correctement (pas de copie du module compilé "~/rpmbuild/BUILD/ipt_NETFLOW.ko" vers /lib/modules/kernel-.../extra/ipt_NETFLOW.ko). Solutions : lancez la compil à la main (make + make install) depuis le répertoire ~/rpmbuild/BUILD
- install the fresh rpm (urpmi) and load ALCASAR iptables rules (alcasar-iptables.sh). Great job ;-)
 
**** For wkhtmltopdf ****
/rpms/x86_64/ipt-netflow-2.3-6.mga6.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/rpms/x86_64/ipt-netflow-2.3-7.mga6.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property
/scripts/alcasar-rpm-download.sh
11,9 → 11,9
VERSION="6"
ARCH="x86_64"
# The kernel version we compile netflow for
KERNEL="kernel-server-4.14.89-1.mga6-1-1.mga6"
KERNEL="kernel-server-4.14.106-1.mga6-1-1.mga6"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq dhcp-server netcat-traditional"
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server netcat-traditional"
 
rpm_repository_sync ()
{
/scripts/alcasar-uninstall.sh
64,14 → 64,18
echo -en "(12) : "
[ -e /etc/raddb/empty-radiusd-db.sql ] && rm -f /etc/raddb/empty-radiusd-db.sql && echo -n "1, "
[ -e /etc/raddb/radiusd.conf.default ] && mv /etc/raddb/radiusd.conf.default /etc/raddb/radiusd.conf && echo -n "2, "
[ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar && echo -n "3, "
[ -e /etc/raddb/sites-available/alcasar ] && rm /etc/raddb/sites-available/alcasar && echo -n "4, "
[ -e /etc/raddb/sites-available/alcasar-with-ldap ] && rm /etc/raddb/sites-available/alcasar-with-ldap && echo -n "5, "
[ -e /etc/raddb/clients.conf.default ] && mv /etc/raddb/clients.conf.default /etc/raddb/clients.conf && echo -n "6, "
[ -e /etc/raddb/mods-enabled/ldap ] && rm /etc/raddb/mods-enabled/ldap && echo -n "7, " #Add here other mods
[ -e /etc/raddb/mods-enabled/sql ] && rm /etc/raddb/mods-enabled/sql && echo -n "7bis, " #Add here other mods
[ -e /etc/raddb/mods-available/ldap-alcasar ] && rm /etc/raddb/mods-available/ldap-alcasar && echo -n "8, "
[ -e /etc/raddb/mods-available/sql.default ] && mv /etc/raddb/mods-available/sql.default /etc/raddb/mods-available/sql && echo -n "9, "
[ -e /etc/raddb/dictionary.default ] && mv /etc/raddb/dictionary.default /etc/raddb/dictionary && echo -n "3, "
[ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar && echo -n "4, "
[ -e /etc/raddb/sites-available/alcasar ] && rm /etc/raddb/sites-available/alcasar && echo -n "5, "
[ -e /etc/raddb/sites-available/alcasar-with-ldap ] && rm /etc/raddb/sites-available/alcasar-with-ldap && echo -n "6, "
[ -e /etc/raddb/clients.conf.default ] && mv /etc/raddb/clients.conf.default /etc/raddb/clients.conf && echo -n "7, "
echo -n "8"
for mods in sql sqlcounter attr_filter expiration logintime pap expr always
do
rm /etc/raddb/mods-enabled/$mods && echo -n"."
done
echo -n ", "
[ -e /etc/raddb/mods-available/ldap-alcasar ] && rm -f /etc/raddb/mods-enabled/ldap-alcasar && rm /etc/raddb/mods-available/ldap-alcasar echo -n "9, "
[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] && mv /etc/raddb/mods-config/sql/main/mysql/queries.conf.default /etc/raddb/mods-config/sql/main/mysql/queries.conf && echo -n "10, "
[ -e /lib/systemd/system/radiusd.service.default ] && mv /lib/systemd/system/radiusd.service.default /lib/systemd/system/radiusd.service && echo -n "11, "
[ -e /etc/raddb/mods-available/sqlcounter.default ] && mv /etc/raddb/mods-available/sqlcounter.default /etc/raddb/mods-available/sqlcounter && echo -n "12"
/scripts/alcasar-urpmi.sh
12,9 → 12,9
VERSION="6"
ARCH="x86_64"
# The kernel version we compile netflow for
KERNEL="kernel-server-4.14.89-1.mga6-1-1.mga6"
KERNEL="kernel-server-4.14.106-1.mga6-1-1.mga6"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq dhcp-server netcat-traditional"
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server netcat-traditional"
 
rpm_repository_sync ()
{