WebSVN – ALCASAR – Path Comparison – / – /alcasar.sh Rev 3169 and /alcasar.sh Rev 3170

Ignore whitespace Rev 3169 → Rev 3170

 /alcasar.sh
 ,7 → 2,7
 #  $Id$
 # ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
-# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, lighttpd, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, clamav, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
+# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, lighttpd, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
 # contact : info@alcasar.net
 # Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
 ,7 → 23,6
 #       freeradius              : FreeRadius initialisation
 #       chilli                  : Coovachilli initialisation (+authentication page)
 #       e2guardian              : E2Guardian filtering HTTP proxy configuration
-#       antivirus               : Clamav & freshclam configuration
 #       ulogd                   : Log system in userland (match NFLOG target of iptables)
 #       nfsen                   : Configuration of Netflow grapher (nfsen) & netflow collector (nfcapd)
 #       unbound                 : Name server configuration
 ,7 → 211,6
         fi
 # Free /var (when updating) and test free space
         [ -d /var/log/netflow ] && rm -rf /var/log/netflow  # remove old porttracker RRD database
-        [ -d /var/lib/clamav ] && rm -rf /var/lib/clamav/* # remove old clamav database
         journalctl -q --vacuum-files 1  # remove previous journal logs
         free_space=`df -BG --output=avail /var|tail -1|tr -d '[:space:]G'`
         if [ $free_space -lt 10 ]
 ,7 → 777,7
         chmod 600 /etc/pki/CA/private/*
         chown -R root:apache /etc/pki/tls/private; chmod 750 /etc/pki/tls/private
         chmod 640 /etc/pki/tls/private/*
-        chmod 644 /etc/pki/tls/certs/* # "freshclam" need to access to that bundle
+        chmod 644 /etc/pki/tls/certs/*
 } # End of CA()
 ######################################################
 ,8 → 1305,6
 # Enable authport plugin
         $SED "s?^#authplugin = '/etc/e2guardian/authplugins/port.conf'?authplugin = '/etc/e2guardian/authplugins/port.conf'?g" $DIR_DG/e2guardian.conf
         $SED "s?^#mapauthtoports =.*?mapauthtoports = off?g" $DIR_DG/e2guardian.conf
-# Enable clamd scanner
-        $SED "s?^#contentscanner = '/etc/e2guardian/contentscanners/clamdscan.conf'?contentscanner = '/etc/e2guardian/contentscanners/clamdscan.conf'?g" $DIR_DG/e2guardian.conf
 # Set Max RAM cache to 10Mb
         $SED "s?^maxcontentramcachescansize =.*?maxcontentramcachescansize = 10240?g" $DIR_DG/e2guardian.conf
 # Set Max file size cache to 20Mb
 ,42 → 1386,6
         chown -R e2guardian /etc/e2guardian /var/log/e2guardian
 } # End of e2guardian()
-##################################################################
-##                       "antivirus"                            ##
-## - Set the parameters of clamav and freshclam                 ##
-##################################################################
-antivirus()
-{
-# Clamd unit adaptation to e2guardian
-        cp /lib/systemd/system/clamav-daemon.service /etc/systemd/system/clamav-daemon.service
-        $SED "/^[Service]/a ExecStartPre=\/bin\/chown e2guardian:e2guardian \/run\/clamav" /etc/systemd/system/clamav-daemon.service
-        $SED "/^[Service]/a ExecStartPre=\/bin\/mkdir -p \/run\/clamav" /etc/systemd/system/clamav-daemon.service
-        $SED "s?^StandardOuput=.*?StandardOutput=journal?g" /etc/systemd/system/clamav-daemon.service
-        cp /lib/systemd/system/clamav-daemon.socket /etc/systemd/system/clamav-daemon.socket
-        $SED "s?^SocketUser=.*?SocketUser=e2guardian?g" /etc/systemd/system/clamav-daemon.socket
-        $SED "s?^SocketGroup=.*?SocketGroup=e2guardian?g" /etc/systemd/system/clamav-daemon.socket
-# Clamd conf adaptation to e2guardian
-[ -e /etc/clamd.conf.default ] || cp /etc/clamd.conf /etc/clamd.conf.default
-        $SED "s?^MaxThreads.*?MaxThreads 32?g" /etc/clamd.conf
-        $SED "s?^#LogTime.*?LogTime yes?g" /etc/clamd.conf # enable logtime for each message
-        $SED "s?^LogVerbose.*?LogVerbose no?g" /etc/clamd.conf
-        $SED "s?^#LogRotate.*?LogRotate yes?g" /etc/clamd.conf
-        $SED "s?^User.*?User e2guardian?g" /etc/clamd.conf
-        $SED "s?^TemporaryDirectory.*?TemporaryDirectory /var/lib/e2guardian/tmp?g" /etc/clamd.conf
-        chown -R e2guardian:e2guardian /var/log/clamav /var/lib/clamav
-        chmod 775 /var/log/clamav /var/lib/clamav
-        chmod 664 /var/log/clamav/*
-# update virus database every 4 hours (24h/6)
-        [ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
-        $SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
-        $SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
-        $SED "s?^DatabaseOwner.*?DatabaseOwner e2guardian?g" /etc/freshclam.conf
-        $SED "/^DatabaseMirror/a DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
-        $SED "s?^MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
-        # update now
-        /usr/bin/freshclam --no-warnings --quiet
-} # End of antivirus()
 ##############################################################
 ##                        "ulogd"                           ##
 ## - Ulog config for multi-log files                        ##
 ,9 → 2019,6
 /etc/pki/CA/private/*                   root.root       600 force
 /etc/pki/tls/private/                   root.apache     750 force
 /etc/pki/tls/private/*                  root.apache     640 force
-/var/log/clamav/                        e2guardian.e2guardian   755 force
-/var/log/clamav/*                       e2guardian.e2guardian   764 force
-/var/lib/clamav/                        e2guardian.e2guardian   755 force
 EOF
 # apply now hourly & daily checks
         /usr/sbin/msec
 ,16 → 2033,18
 ##################################################################
 letsencrypt()
 {
-        echo "Installing Let's Encrypt client..."
+        acmesh_installDir="/opt/acme.sh"
+        acmesh_confDir="/usr/local/etc/letsencrypt"
+        acmesh_userAgent="ALCASAR"
 # Remove potential old installers
         rm -rf /tmp/acme.sh-*
+        [ -d $acmesh_confDir ] && rm -rf $acmesh_confDir
 # Extract acme.sh
         tar xzf ./conf/letsencrypt-client/acme.sh-*.tar.gz -C /tmp/
         pwdInstall=$(pwd)
         cd /tmp/acme.sh-* || { echo "Unable to find tmp ACME directory"; exit 1; }
-        acmesh_installDir="/opt/acme.sh"
-        acmesh_confDir="/usr/local/etc/letsencrypt"
-        acmesh_userAgent="ALCASAR"
+        mkdir $acmesh_confDir ; chown root:apache $acmesh_confDir ; chmod 440 $acmesh_confDir
+        mkdir $acmesh_confDir/{data,certs,ca} ; chown root:apache $acmesh_confDir/{data,certs,ca} ; chmod 440 $acmesh_confDir/{data,certs,ca}
 # Install acme.sh
         ./acme.sh --install \
                 --home $acmesh_installDir \
 ,7 → 2054,6
                 --accountconf $acmesh_confDir/data/account.conf \
                 --useragent $acmesh_userAgent \
                 --nocron \
-                --set-default-ca  --server letsencrypt \
                 > /dev/null
         if [ $? -ne 0 ]; then
                 echo "Error during installation of Let's Encrypt client (acme.sh)."
 ,7 → 2172,7
         done
         /usr/bin/systemctl daemon-reload
 # processes started at boot time (Systemctl)
-        for i in alcasar-network mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd
+        for i in alcasar-network mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist unbound-blackhole radiusd nfcapd e2guardian ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd
         do
                 /usr/bin/systemctl -q enable $i.service
         done
 ,13 → 2364,11
 # Avoid some RPM automatic updates
                 echo "/^kernel/" > /etc/urpmi/skip.list
                 echo "/^wkhtmltopdf/" >> /etc/urpmi/skip.list
-                echo "/^clamd/" >> /etc/urpmi/skip.list
-                echo "/^clamav/" >> /etc/urpmi/skip.list
                 echo "/^freeradius/" >> /etc/urpmi/skip.list
                 if [ `egrep '^exclude=' /etc/dnf/dnf.conf |wc -l` -eq "1" ]; then
-                        $SED "s?^exclude=.*?exclude=kernel\* wkhtmltopdf clamd clamav freeradius?g" /etc/dnf/dnf.conf
+                        $SED "s?^exclude=.*?exclude=kernel\* wkhtmltopdf freeradius?g" /etc/dnf/dnf.conf
                 else
-                        echo "exclude=kernel* wkhtmltopdf clamd clamav freeradius" >> /etc/dnf/dnf.conf
+                        echo "exclude=kernel* wkhtmltopdf freeradius" >> /etc/dnf/dnf.conf
                 fi
 # Test if conf file
                 if [ -e /var/tmp/alcasar-conf.tar.gz ]
 ,7 → 2415,7
                         fi
                         mode="update"
                 fi
-                for func in init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt mail_service post_install
+                for func in init network CA ACC time_server init_db freeradius chilli e2guardian ulogd nfsen vnstat unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt mail_service post_install
                 do
                         $func
                         if [ $DEBUG_ALCASAR == "on" ]

Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 3169 → Rev 3170