BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 2762

  → / @ 2763

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 2762 → Rev 2763

/CHANGELOG
1,6 → 1,18
# $Id$
********** ALCASAR CHANGELOG **********
-------------------- 3.5.0 --------------------
NEWS
- Mageia7 - Linux Kernel 5.3.7
ACC
CHANGES
BUGS
SECU
-------------------- 3.4.0 --------------------
NEWS
- Linux Kernel 4.14.131 - ipt_NETFLOW 2.4

/alcasar.sh
539,34 → 539,6
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= conf/etc/alcasar.conf|cut -d"=" -f2`
rm -f conf/etc/alcasar.conf
fi
header_install
if [ "$mode" != "update" ]
then
if [ $Lang == "fr" ]
then echo "Par défaut, le nom d'hôte d'ALCASAR est : $HOSTNAME.$DOMAIN"
else echo "The default ALCASAR hostname is : $HOSTNAME.$DOMAIN"
fi
response=0
PTN='^[oOyYnN]?$'
until [[ "$response" =~ $PTN ]]
do
if [ $Lang == "fr" ]
then echo -n "Voulez-vous utiliser ce nom d'hôte (recommandé) (O/n)? : "
else echo -n "Do you want to use this hostname (recommanded) (Y/n)? : "
fi
read response
done
if [ "$response" = "n" ] || [ "$response" = "N" ]
then
if [ $Lang == "fr" ]
then echo -n "Entrez le nouveau nom d'hôte pleinement qualifié (hôte.domain) : "
else echo -n "Enter the new full qualified hostname (host.domain) : "
fi
read FQDN
HOSTNAME=`echo $FQDN|cut -d"." -f1`
DOMAIN=`echo $FQDN|cut -d"." -f2`
fi
fi
# Define LAN side global parameters
hostnamectl set-hostname $HOSTNAME.$DOMAIN
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # private network address (ie.: 192.168.182.0)
790,6 → 762,17
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
} # End of network()
##################################################################
## Fonction "CA" ##
## - Creating the CA and the server certificate (lighttpd) ##
##################################################################
CA()
{
$DIR_DEST_BIN/alcasar-CA.sh
chown -R root:apache /etc/pki
chmod -R 750 /etc/pki
} # End of CA()
###################################################
## Function "ACC" ##
## - copy ALCASAR Control Center (ACC) files ##
908,17 → 891,6
chmod 664 /var/Save/security/acc_access.log
} # End of ACC()
##################################################################
## Fonction "CA" ##
## - Creating the CA and the server certificate (lighttpd) ##
##################################################################
CA()
{
$DIR_DEST_BIN/alcasar-CA.sh
chown -R root:apache /etc/pki
chmod -R 750 /etc/pki
} # End of CA()
#############################################################
## Function "time_server" ##
## - Configuring NTP server ##
1066,12 → 1038,12
$SED "s?^#[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/mods-available/sql
$SED "s?^#[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/mods-available/sql
# no TLS encryption on 127.0.0.1
$SED "s?^[\t] ]*ca_file =.*?#&?g" /etc/raddb/mods-available/sql
$SED "s?^[\t] ]*ca_path =.*?#&?g" /etc/raddb/mods-available/sql
$SED "s?^[\t] ]*certificate_file =.*?#&?g" /etc/raddb/mods-available/sql
$SED "s?^[\t] ]*private_key_file =.*?#&?g" /etc/raddb/mods-available/sql
$SED "s?^[\t] ]*cipher =.*?#&?g" /etc/raddb/mods-available/sql
$SED "s?^[\t] ]*tls_required =.*?tls_required = no?g" /etc/raddb/mods-available/sql
$SED "s?^[\t ]*ca_file =.*?#&?g" /etc/raddb/mods-available/sql
$SED "s?^[\t ]*ca_path =.*?#&?g" /etc/raddb/mods-available/sql
$SED "s?^[\t ]*certificate_file =.*?#&?g" /etc/raddb/mods-available/sql
$SED "s?^[\t ]*private_key_file =.*?#&?g" /etc/raddb/mods-available/sql
$SED "s?^[\t ]*cipher =.*?#&?g" /etc/raddb/mods-available/sql
$SED "s?^[\t ]*tls_required =.*?tls_required = no?g" /etc/raddb/mods-available/sql
# queries.conf modifications : case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.
[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] || cp /etc/raddb/mods-config/sql/main/mysql/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf.default
cp -f $DIR_CONF/radius/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf
1305,8 → 1277,10
$SED "s?^language =.*?language = french?g" $DIR_DG/e2guardian.conf
# Listen only on LAN side
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/e2guardian.conf
# The port that E2guardian listens to
$SED "s?^filterports =*?filteports = 8080?g" $DIR_DG/e2guardian.conf
# The port that E2guardian listens to HTTP
$SED "s?^filterports =*?filterports = 8080?g" $DIR_DG/e2guardian.conf
# The port that E2guardian listens to HTTPS
$SED "s?^transparenthttpsport =*?transparenthttpsport = 8443?g" $DIR_DG/e2guardian.conf
# DG send its flow to HAVP (127.0.0.1:8090)
$SED "s?^#proxyip.*?proxyip = 127.0.0.1?g" $DIR_DG/e2guardian.conf
$SED "s?^#proxyport.*?proxyport = 8090?g" $DIR_DG/e2guardian.conf
1595,7 → 1569,6
[ -e $DIR_ACC/manager/stats/config.php.default ] || cp $DIR_ACC/manager/stats/config.php $DIR_ACC/manager/stats/config.php.default
$SED "s?\$iface_list =.*?\$iface_list = array('$EXTIF');?" $DIR_ACC/manager/stats/config.php
$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php
/usr/bin/vnstat -i $EXTIF -u --force
} # End of vnstat()
###################################################################

/conf/banner
1,9 → 1,9
db 88 ,ad8888ba, db ad88888ba db 88888888ba
d88b 88 d8"' `"8b d88b d8" "8b d88b 88 "8b
d8'`8b 88 d8' d8'`8b Y8, d8'`8b 88 ,8P
d8' `8b 88 88 d8' `8b `Y8aaaaa, d8' `8b 88aaaaaa8P'
d8YaaaaY8b 88 88 d8YaaaaY8b `"""""8b, d8YaaaaY8b 88""""88'
d8""""""""8b 88 Y8, d8""""""""8b `8b d8""""""""8b 88 `8b
d8' `8b 88 Y8a. .a8P d8' `8b Y8a a8P d8' `8b 88 `8b
d8' `8b 88888888888 `"Y8888Y"' d8' `8b "Y88888P" d8' `8b 88 `8b
db 88 ,ad8888ba, db ad88888ba db 88888888ba
d88b 88 d8"' `"8b d88b d8" "8b d88b 88 "8b
d8'`8b 88 d8' d8'`8b Y8, d8'`8b 88 ,8P
d8' `8b 88 88 d8' `8b `Y8aaaaa, d8' `8b 88aaaaaa8P'
d8YaaaaY8b 88 88 d8YaaaaY8b `"""""8b, d8YaaaaY8b 88""""88'
d8""""""""8b 88 Y8, d8""""""""8b `8b d8""""""""8b 88 `8b
d8' `8b 88 Y8a. .a8P d8' `8b Y8a a8P d8' `8b 88 `8b
d8' `8b 88888888888 `"Y8888Y"' d8' `8b "Y88888P" d8' `8b 88 `8b

/scripts/alcasar-urpmi.sh
14,7 → 14,8
# The kernel version we compile netflow for
KERNEL="kernel-server-5.3.7-4.mga7-1-1.mga7"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav perl-rrdtool perl-MailTools fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch tinyproxy vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server gammu wkhtmltopdf"
# perl-Socket6 : needed by nfsen
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav perl-rrdtool perl-MailTools fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch tinyproxy vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server gammu wkhtmltopdf perl-Socket6"
rpm_repository_sync ()
{