Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2420 → Rev 2421

/alcasar.sh
33,7 → 33,7
# CA : Certification Authority initialization
# time_server : NTPd configuration
# init_db : Initilization of radius database managed with MariaDB
# radius : FreeRadius initialisation
# freeradius : FreeRadius initialisation
# chilli : coovachilli initialisation (+authentication page)
# dansguardian : DansGuardian filtering HTTP proxy configuration
# antivirus : HAVP + libclamav configuration
395,13 → 395,15
echo "GRUB2_PASSWORD=$pbkdf2" > /boot/grub2/user.cfg
chmod 0600 /boot/grub2/user.cfg
echo "# Login name and password to protect GRUB2 boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE
echo "GRUB2_user=root GRUB2_password=$grub2pwd" >> $PASSWD_FILE
echo "GRUB2_user=root" >> $PASSWD_FILE
echo "GRUB2_password=$grub2pwd" >> $PASSWD_FILE
mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16`
echo "# Login name and Password of MariaDB administrator:" >> $PASSWD_FILE
echo "db_root=$mysqlpwd" >> $PASSWD_FILE
radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16`
echo "# Login name and password of MariaDB user:" >> $PASSWD_FILE
echo "db_user=$DB_USER db_password=$radiuspwd" >> $PASSWD_FILE
echo "db_user=$DB_USER" >> $PASSWD_FILE
echo "db_password=$radiuspwd" >> $PASSWD_FILE
secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c16`
echo "# Shared secret between the script 'intercept.php' and coova-chilli:" >> $PASSWD_FILE
echo "secret_uam=$secretuam" >> $PASSWD_FILE
1060,12 → 1062,12
} # End of init_db ()
 
##########################################################################
## Fonction "radius" ##
## Fonction "freeradius" ##
## - Paramètrage des fichiers de configuration FreeRadius ##
## - Affectation du secret partagé entre coova-chilli et freeradius ##
## - Modification de fichier de conf pour l'accès à Mysql ##
##########################################################################
radius ()
freeradius ()
{
cp -f $DIR_CONF/empty-radiusd-db.sql /etc/raddb/
chown -R radius:radius /etc/raddb
1122,18 → 1124,38
[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] || cp /etc/raddb/mods-config/sql/main/mysql/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf.default
cp -f $DIR_CONF/radius/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf
chown -R radius:radius /etc/raddb/mods-config/sql/main/mysql/queries.conf
# sqlcounter.conf modifications (change the Max-All-Session-Time counter)
[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default
cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf
# make certain that mysql is up before radius start
# sqlcounter modifications
[ -e /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf.default ] || cp /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf.default
cat << EOF > /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf
query = "SELECT IFNULL((SELECT SUM(acctsessiontime - \
GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)),0)) \
FROM radacct WHERE username = '%{${key}}' AND \
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'),0)"
EOF
[ -e /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf.default ] || cp /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf.default
cat << EOF > /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf
query = "SELECT IFNULL((SELECT SUM(acctsessiontime - \
GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \
FROM radacct WHERE username='%{${key}}' AND \
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'),0)"
EOF
[ -e /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf.default ] || cp /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf.default
cat << EOF > /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf
# This is the query modified for ALCASAR needs (thanks to Daniel Laliberte --> authorized period after the first connection)
query = "SELECT IFNULL((SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) \
FROM radacct \
WHERE UserName='%{${key}}' \
ORDER BY acctstarttime \
LIMIT 1),0)"
EOF
# make certain that mysql is up before freeradius start
[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
/usr/bin/systemctl daemon-reload
 
# Allow apache to change some conf files (ie : ldap on/off)
chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available
} # End radius ()
} # End freeradius ()
 
##################################################################################
## Fonction "chilli" ##
1622,11 → 1644,6
dnsmasq ()
{
[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
# $SED "s?^OPTION=.*?OPTION=-C /etc/dnsmasq.conf?g" /etc/sysconfig/dnsmasq # default conf file for the first dnsmasq instance
$SED "s?^.*OPTIONS=.*?#OPTIONS=\"--log-async=250 --log-queries --log-facility=/var/log/dnsmasq/queries.log\"?g" /etc/sysconfig/dnsmasq # General Options for dnslog or debugging
$SED "s?^local=.*?local=/$DOMAIN/?g" $DIR_DEST_ETC/alcasar-dns-name # default domain name for all dnsmasq daemons
[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if "alcasar-bypass" is on.
cat << EOF > /etc/dnsmasq.conf
# Configuration file for "dnsmasq in forward mode"
1907,7 → 1924,7
gammu_smsd()
{
# Create 'gammu' databse
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --execute"
$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_GAMMU;GRANT ALL ON $DB_GAMMU.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES"
# Add a gammu database structure
mysql -u$DB_USER -p$radiuspwd $DB_GAMMU < $DIR_CONF/empty-gammu-smsd-db.sql
2174,28 → 2191,28
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# GRUB modifications (only one time)
# Limit wait time to 3s - Create an alcasar entry instead of linux-nonfb - Change the default banner
vm_vga=`lsmod | egrep -c "virtio|vmwgfx"` # test if in VM
grub_already_modified=`grep -c ALCASAR /boot/grub/menu.lst`
[ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default
if [ $grub_already_modified == 0 ]
then
$SED "s?^timeout.*?timeout 3?g" /boot/grub/menu.lst
$SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst
$SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst
$SED "/^kernel/s/BOOT_IMAGE=linux /BOOT_IMAGE=linux-nonfb /" /boot/grub/menu.lst
$SED "/^gfxmenu/d" /boot/grub/menu.lst
if [ $vm_vga == 0 ] # is not a VM
then
$SED "/BOOT_IMAGE=linux-nonfb/s/$/ vga=791/" /boot/grub/menu.lst # change display to 1024*768 (vga791) only if not on VM and only on ALCASAR entry
fi
fi
if [ $vm_vga == 0 ] # is not a VM
then
# vm_vga=`lsmod | egrep -c "virtio|vmwgfx"` # test if in VM
# grub_already_modified=`grep -c ALCASAR /boot/grub/menu.lst`
# [ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default
# if [ $grub_already_modified == 0 ]
# then
# $SED "s?^timeout.*?timeout 3?g" /boot/grub/menu.lst
# $SED "s?^title linux?title ALCASAR?g" /boot/grub/menu.lst
# $SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst
# $SED "/^kernel/s/BOOT_IMAGE=linux /BOOT_IMAGE=linux-nonfb /" /boot/grub/menu.lst
# $SED "/^gfxmenu/d" /boot/grub/menu.lst
# if [ $vm_vga == 0 ] # is not a VM
# then
# $SED "/BOOT_IMAGE=linux-nonfb/s/$/ vga=791/" /boot/grub/menu.lst # change display to 1024*768 (vga791) only if not on VM and only on ALCASAR entry
# fi
# fi
# if [ $vm_vga == 0 ] # is not a VM
# then
cp -f $DIR_CONF/banner /etc/mageia-release
echo " V$VERSION" >> /etc/mageia-release
else
echo "ALCASAR V$VERSION" > /etc/mageia-release
fi
# else
# echo "ALCASAR V$VERSION" > /etc/mageia-release
# fi
# Load and apply the previous conf file
if [ "$mode" = "update" ]
then
2341,7 → 2358,7
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
mode="update"
fi
for func in init network ACC CA time_server init_db radius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install
for func in init network ACC CA time_server init_db freeradius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install
do
$func
# echo "*** 'debug' : end of function $func ***"; read a