Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1388 → Rev 1389

/alcasar.sh
33,18 → 33,19
# ACC : ALCASAR Control Center installation
# CA : Certification Authority initialization
# init_db : Initilization of radius database managed with MariaDB
# param_radius : FreeRadius initialisation
# param_web_radius : copy ans modifiy original "freeradius web" in ACC
# param_chilli : coovachilli initialisation (+authentication page)
# param_dansguardian : DansGuardian filtering HTTP proxy configuration
# radius : FreeRadius initialisation
# radius_web : copy ans modifiy original "freeradius web" in ACC
# chilli : coovachilli initialisation (+authentication page)
# dansguardian : DansGuardian filtering HTTP proxy configuration
# antivirus : HAVP + libclamav configuration
# param_nfsen : Configuration du grapheur nfsen pour apache
# ulogd : log system in userland (match NFLOG target of iptables)
# nfsen : : Configuration du grapheur nfsen pour apache
# dnsmasq : Name server configuration
# BL : BlackList of Toulouse configuration : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
# cron : Logs export + watchdog + connexion statistics
# fail2ban : Fail2ban installation and configuration
# fail2ban : Fail2ban IDS installation and configuration
# gammu_smsd : Autoregister addon via SMS (gammu-smsd)
# post_install : Security, log rotation, etc.
# gammu_smsd : Autoregister addon via SMS (gammu-smsd)
 
DATE=`date '+%d %B %Y - %Hh%M'`
DATE_SHORT=`date '+%d/%m/%Y'`
98,9 → 99,8
echo " ALCASAR V$VERSION Installation"
echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
echo "-----------------------------------------------------------------------------"
} # End of header_install ()
}
 
 
##################################################################
## Function "testing" ##
## - Test of Mageia version ##
308,7 → 308,7
fi
rm -rf /tmp/con_ok.html
echo ". : ok"
} # end of testing
} # end of testing ()
 
##################################################################
## Function "init" ##
753,7 → 753,7
EOF
# Launch after coova
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/httpd.service
} # End of ACC()
} # End of ACC ()
 
##########################################################################################
## Fonction "CA" ##
770,7 → 770,7
$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?" $FIC_VIRTUAL_SSL
chown -R root:apache /etc/pki
chmod -R 750 /etc/pki
} # End CA ()
} # End of CA ()
 
##########################################################################################
## Fonction "init_db" ##
804,15 → 804,15
$SED "/ExecStartPost=/a ExecStartPost=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service
$SED "/ExecStartPost=/a ExecStop=[ -e /usr/local/sbin/alcasar-mysql.sh ] && /usr/local/sbin/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
systemctl daemon-reload
} # End init_db ()
} # End of init_db ()
 
##########################################################################
## Fonction "param_radius" ##
## Fonction "radius" ##
## - Paramètrage des fichiers de configuration FreeRadius ##
## - Affectation du secret partagé entre coova-chilli et freeradius ##
## - Modification de fichier de conf pour l'accès à Mysql ##
##########################################################################
param_radius ()
radius ()
{
cp -f $DIR_CONF/radiusd-db-vierge.sql /etc/raddb/
chown -R radius:radius /etc/raddb
866,14 → 866,14
[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
systemctl daemon-reload
} # End param_radius ()
} # End radius ()
 
##########################################################################
## Function "param_web_radius" ##
## Function "radius_web" ##
## - Import, modification et paramètrage de l'interface "dialupadmin" ##
## - Création du lien vers la page de changement de mot de passe ##
##########################################################################
param_web_radius ()
radius_web ()
{
# copie de l'interface d'origine dans la structure Alcasar
[ -d /usr/share/freeradius-web ] && cp -rf /usr/share/freeradius-web/* $DIR_ACC/manager/
925,14 → 925,14
ErrorDocument 404 https://$HOSTNAME.$DOMAIN
</Directory>
EOF
} # End of param_web_radius ()
} # End of radius_web ()
 
##################################################################################
## Fonction "param_chilli" ##
## Fonction "chilli" ##
## - Création du fichier d'initialisation et de configuration de coova-chilli ##
## - Paramètrage de la page d'authentification (intercept.php) ##
##################################################################################
param_chilli ()
chilli ()
{
# chilli unit for systemd
cat << EOF > /lib/systemd/system/chilli.service
1096,13 → 1096,13
fi
groupadd -f chilli
useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
} # End of param_chilli ()
} # End of chilli ()
 
##################################################################
## Fonction "param_dansguardian" ##
## Fonction "dansguardian" ##
## - Paramètrage du gestionnaire de contenu Dansguardian ##
##################################################################
param_dansguardian ()
dansguardian ()
{
mkdir /var/dansguardian
chown dansguardian /var/dansguardian
1146,7 → 1146,7
# Keep a copy of URL & domain filter configuration files
[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
} # End of param_dansguardian ()
} # End of dansguardian ()
 
##################################################################
## Fonction "antivirus" ##
1194,13 → 1194,13
$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
# update now
/usr/bin/freshclam --no-warnings
}
} # End of antivirus ()
 
##################################################################################
## function "param_ulogd" ##
## function "ulogd" ##
## - Ulog config for multi-log files ##
##################################################################################
param_ulogd ()
ulogd ()
{
# Three instances of ulogd (three different logfiles)
[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
1222,13 → 1222,13
chown -R root:apache /var/log/firewall
chmod 750 /var/log/firewall
chmod 640 /var/log/firewall/*
} # End of param_ulogd ()
} # End of ulogd ()
 
 
##########################################################
## Function "param_nfsen" ##
## Function "nfsen" ##
##########################################################
param_nfsen()
nfsen()
{
tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
# Create a specific user and group
1300,12 → 1300,12
# clear the installation
cd $DirTmp
rm -rf /tmp/nfsen-1.3.6p1/
} # End of param_nfsen
} # End of nfsen ()
 
##########################################################
## Function "param_dnsmasq" ##
## Function "dnsmasq" ##
##########################################################
param_dnsmasq ()
dnsmasq ()
{
[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
1383,9 → 1383,13
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-whitelist.service
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
<<<<<<< .mine
} # End of dnsmasq()
=======
$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-blacklist.pid?g" /lib/systemd/system/dnsmasq-blacklist.service
$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service
} # End dnsmasq
>>>>>>> .r1387
 
##########################################################
## Fonction "BL" ##
1691,9 → 1695,9
/sbin/chkconfig --add $i
done
# processes launched at boot time (Systemctl)
for i in alcasar-load_balancing nfsen mysqld httpd ntpd iptables ulogd dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli
for i in alcasar-load_balancing nfsen mysqld httpd ntpd iptables ulogd dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban
do
systemctl -q enable $i
systemctl -q enable $i.service
done
# Apply French Security Agency (ANSSI) rules
# ignore ICMP broadcast (smurf attack)
1904,7 → 1908,7
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
mode="update"
fi
for func in init network ACC CA init_db param_radius param_web_radius param_chilli param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron fail2ban gammu_smsd post_install
for func in init network ACC CA init_db radius radius_web chilli dansguardian antivirus ulogd nfsen dnsmasq BL cron fail2ban gammu_smsd post_install
do
$func
# echo "*** 'debug' : end of function $func ***"; read a