| 384,14 → 384,24 |
|---|
| done |
| fi |
| # On crée aléatoirement les mots de passe et les secrets partagés |
| # We create random passwords and shared secrets |
| rm -f $PASSWD_FILE |
| echo "##### ALCASAR ($ORGANISME) security passwords #####" > $PASSWD_FILE |
| grub2pwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` |
| pbkdf2=`( echo $grub2pwd ; echo $grub2pwd ) | \ |
| LC_ALL=C /usr/bin/grub2-mkpasswd-pbkdf2 | \ |
| grep -v '[eE]nter password:' | \ |
| sed -e "s/PBKDF2 hash of your password is //"` |
| echo "GRUB2_PASSWORD=$pbkdf2" > /boot/grub2/user.cfg |
| chmod 0600 /boot/grub2/user.cfg |
| echo "# Login name and password to protect GRUB2 boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE |
| echo "GRUB2_user=root GRUB2_password=$grub2pwd" >> $PASSWD_FILE |
| mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16` |
| echo "# Password of MariaDB administrator:" >> $PASSWD_FILE |
| echo "# Login name and Password of MariaDB administrator:" >> $PASSWD_FILE |
| echo "db_root=$mysqlpwd" >> $PASSWD_FILE |
| radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16` |
| echo "# Name and password of MariaDB user:" >> $PASSWD_FILE |
| echo "db_user=$DB_USER" >> $PASSWD_FILE |
| echo "db_password=$radiuspwd" >> $PASSWD_FILE |
| echo "# Login name and password of MariaDB user:" >> $PASSWD_FILE |
| echo "db_user=$DB_USER db_password=$radiuspwd" >> $PASSWD_FILE |
| secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c16` |
| echo "# Shared secret between the script 'intercept.php' and coova-chilli:" >> $PASSWD_FILE |
| echo "secret_uam=$secretuam" >> $PASSWD_FILE |
| 1067,10 → 1077,12 |
|---|
| # remove the proxy function |
| $SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf |
| $SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf |
| |
| # remove EAP module |
| $SED "s?^[\t ]*\$INCLUDE eap.conf.*?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf |
| # $SED "s?^[\t ]*\$INCLUDE eap.conf.*?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf |
| # listen on loopback (should be modified later if EAP enabled) |
| $SED "s?^[\t ]*ipaddr =.*?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf |
| # $SED "s?^[\t ]*ipaddr =.*?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf |
| |
| # enable the SQL module (and SQL counter) |
| $SED "s?^[\t ]*#[\t ]*\$INCLUDE sql.conf.*?\$INCLUDE sql.conf?g" /etc/raddb/radiusd.conf |
| $SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf |
| 1089,9 → 1101,11 |
|---|
| chmod 660 /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap |
| chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/modules |
| ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar |
| |
| # Inutile dans notre fonctionnement mais les liens sont recréés par un update de radius ... donc forcé en tant que fichier à 'vide' |
| touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default} |
| # client.conf configuration (127.0.0.1 suffit mais on laisse le deuxième client pour la future gestion de l'EAP) |
| # touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default} |
| |
| # client.conf configuration (coova on 127.0.0.1) |
| [ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default |
| cat << EOF > /etc/raddb/clients.conf |
| client 127.0.0.1 { |