Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2743 → Rev 2744

/scripts/alcasar-conf.sh
5,14 → 5,14
# by REXY
# This script is distributed under the Gnu General Public License (GPL)
 
# Ce script permet de mettre à jour d'ALCASAR
# - création de l'archive des fichiers de configuration "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
# - chargement de l'archive de fichiers de configuration lors de la mise à jour d'un alcasar (alcasar-conf -load). Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions
# - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" à chaud (alcasar-conf -apply)
# Ce script permet la mise à jour d'un ALCASAR
# - (alcasar-conf.sh -create) : création de l'archive des fichiers de configuration (/var/tmp/alcasar-conf.tar.gz)
# - (alcasar-conf.sh -load) : chargement de l'archive des fichiers de configuration. Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions
# - (alcasar-conf.sh -apply) : application des directives du fichier de conf central "/usr/local/etc/alcasar.conf". Peut aussi être exploité à chaud après avoir changé des valeurs du fichier de conf.
# This script allows ALCASAR update
# - create the configuration files backup "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
# - load the backup of configuration files during the update process (alcasar-conf -load). If needed, it's here we update files between versions
# - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification are needed (alcasar-conf -apply)
# - (alcasar-conf.sh -create) : create the configuration files backup (/var/tmp/alcasar-conf.tar.gz)
# - (alcasar-conf.sh -load) : load the backup of configuration files. If needed, it's here we update files between versions
# - (alcasar-conf.sh -load) : apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf". Can be use after changes of conf file values.
 
DIR_UPDATE="/var/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour
DIR_WEB="/var/www/html" # répertoire du centre de gestion
241,7 → 241,6
if [[ "$PUBLIC_IP_MASK" == "dhcp" ]]
then
PUBLIC_GATEWAY="dhcp"
 
else
if ! echo $PUBLIC_IP_MASK | egrep -q $PTN
then
286,7 → 285,6
else
$DIR_BIN/alcasar-dhcp.sh --on
fi
 
# Set the local DNS (or not)
if [ "$INT_DNS_mode" = "on" ] || [ "$INT_DNS_mode" = "On" ] || [ "$INT_DNS_mode" = "ON" ]
then
294,7 → 292,6
else
$DIR_BIN/alcasar-dns-local.sh --off
fi
 
# Set the pure ip option (or not)
if [ "$BL_PUREIP" = "off" ] || [ "$BL_PUREIP" = "Off" ] || [ "$BL_PUREIP" = "OFF" ]
then
302,7 → 299,6
else
bl_filter_param+="--pureip_on"
fi
 
# Set the safesearch options (or not)
bl_filter_param=""
if [ "$BL_SAFESEARCH" = "on" ] || [ "$BL_SAFESEARCH" = "On" ] || [ "$BL_SAFESEARCH" = "ON" ]
311,9 → 307,7
else
bl_filter_param+="--safesearch_off "
fi
 
$DIR_BIN/alcasar-url_filter_bl.sh $bl_filter_param
 
if [ "$WL_SAFESEARCH" = "on" ] || [ "$WL_SAFESEARCH" = "On" ] || [ "$WL_SAFESEARCH" = "ON" ]
then
$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_on
320,10 → 314,8
else
$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_off
fi
 
# Reload the local dns configuration
$DIR_BIN/alcasar-dns-local.sh --reload
 
# Logout everybody
$DIR_BIN/alcasar-logout.sh all
# Services stop
399,7 → 391,7
$SED "s?^server\.bind.*?server\.bind = \"$PRIVATE_IP\"?g" /etc/lighttpd/lighttpd.conf
$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$PRIVATE_IP"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf
$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$PRIVATE_IP\"/g" /etc/lighttpd/vhosts.d/alcasar.conf
# FreeRADIUS Web
# FreeRADIUS
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
# CoovaChilli
424,7 → 416,6
rm -f /etc/unbound/conf.d/{forward,blacklist,whitelist,blackhole}/iface.*
rm -f /etc/unbound/conf.d/common/forward-zone.conf
find /etc/unbound/conf.d/common/local-dns/ ! -name "global.conf" -type f -delete
 
# Configuration file for the dns servers forward-zone
cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf
forward-zone:
432,7 → 423,6
forward-addr: $DNS1
forward-addr: $DNS2
EOF
 
# Configuration file of ALCASAR main domains for $INTIF
cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
server:
441,13 → 431,11
local-zone: "$HOSTNAME" static
local-data: "$HOSTNAME A $PRIVATE_IP"
EOF
 
# Configuration file for lo of forward unbound
cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf
server:
interface: 127.0.0.1@53
access-control-view: 127.0.0.1/8 lo
 
view:
name: "lo"
view-first: yes
458,7 → 446,6
local-zone: "$DOMAIN." static
local-data: "$DOMAIN. A"
EOF
 
if [ "$HOSTNAME" != 'alcasar' ]
then
echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
466,7 → 453,6
echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf
echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf
fi
 
# Configuration file for $INTIF of forward unbound
cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf
server:
477,7 → 463,6
name: "$INTIF"
view-first: yes
EOF
 
# Configuration file for $INTIF of blacklist unbound
cat << EOF > /etc/unbound/conf.d/blacklist/iface.${INTIF}.conf
server:
487,7 → 472,6
access-control-tag-action: $PRIVATE_IP_MASK "blacklist" redirect
access-control-tag-data: $PRIVATE_IP_MASK "blacklist" "A $PRIVATE_IP"
EOF
 
# Configuration file for $INTIF of whitelist unbound
cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf
server:
497,19 → 481,16
access-control-tag-action: $PRIVATE_IP_MASK "whitelist" redirect
access-control-tag-data: $PRIVATE_IP_MASK "whitelist" "A $PRIVATE_IP"
EOF
 
# Configuration file for $INTIF of blackhole unbound
cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf
server:
interface: ${PRIVATE_IP}@56
access-control-view: $PRIVATE_NETWORK_MASK $INTIF
 
view:
name: "$INTIF"
local-zone: "." redirect
local-data: ". A $PRIVATE_IP"
EOF
 
# dhcpd
cat <<EOF > /etc/dhcpd.conf
ddns-update-style none;
517,7 → 498,6
option routers $PRIVATE_IP;
option subnet-mask $PRIVATE_NETMASK;
option domain-name-servers $PRIVATE_IP;
 
range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;
default-lease-time 21600;
max-lease-time 43200;
/scripts/alcasar-uninstall.sh
62,7 → 62,7
 
freeradius ()
{
echo -en "(12) : "
echo -en "(24) : "
[ -e /etc/raddb/empty-radiusd-db.sql ] && rm -f /etc/raddb/empty-radiusd-db.sql && echo -n "1, "
[ -e /etc/raddb/radiusd.conf.default ] && mv /etc/raddb/radiusd.conf.default /etc/raddb/radiusd.conf && echo -n "2, "
[ -e /etc/raddb/dictionary.default ] && mv /etc/raddb/dictionary.default /etc/raddb/dictionary && echo -n "3, "
70,20 → 70,21
[ -e /etc/raddb/sites-available/alcasar ] && rm /etc/raddb/sites-available/alcasar && echo -n "5, "
[ -e /etc/raddb/sites-available/alcasar-with-ldap ] && rm /etc/raddb/sites-available/alcasar-with-ldap && echo -n "6, "
[ -e /etc/raddb/clients.conf.default ] && mv /etc/raddb/clients.conf.default /etc/raddb/clients.conf && echo -n "7, "
echo -n "8"
i=7
for mods in sql sqlcounter attr_filter expiration logintime pap expr always
do
rm /etc/raddb/mods-enabled/$mods && echo -n "."
i=`expr $i + 1`
rm /etc/raddb/mods-enabled/$mods && echo -n "$i, "
done
echo -n ", "
[ -e /etc/raddb/mods-available/ldap-alcasar ] && rm -f /etc/raddb/mods-enabled/ldap-alcasar && rm -f /etc/raddb/mods-available/ldap-alcasar && echo -n "9, "
[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] && mv /etc/raddb/mods-config/sql/main/mysql/queries.conf.default /etc/raddb/mods-config/sql/main/mysql/queries.conf && echo -n "10, "
[ -e /lib/systemd/system/radiusd.service.default ] && mv /lib/systemd/system/radiusd.service.default /lib/systemd/system/radiusd.service && echo -n "11, "
[ -e /etc/raddb/mods-available/sqlcounter.default ] && mv /etc/raddb/mods-available/sqlcounter.default /etc/raddb/mods-available/sqlcounter && echo -n "12"
[ -e /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf.default ] && mv /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf.default /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf && echo -n ", 12a"
[ -e /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf.default ] && mv /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf.default /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf && echo -n ", 12b"
[ -e /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf.default ] && mv /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf.default /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf && echo -n ", 12c"
[ -e /etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf.default ] && mv /etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf.default /etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf && echo -n ", 12d"
[ -e /etc/raddb/mods-available/ldap-alcasar ] && rm -f /etc/raddb/mods-enabled/ldap-alcasar && rm -f /etc/raddb/mods-available/ldap-alcasar && echo -n "16, "
[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] && mv /etc/raddb/mods-config/sql/main/mysql/queries.conf.default /etc/raddb/mods-config/sql/main/mysql/queries.conf && echo -n "17, "
[ -e /lib/systemd/system/radiusd.service.default ] && mv /lib/systemd/system/radiusd.service.default /lib/systemd/system/radiusd.service && echo -n "18, "
[ -e /etc/raddb/mods-available/sqlcounter.default ] && mv /etc/raddb/mods-available/sqlcounter.default /etc/raddb/mods-available/sqlcounter && echo -n "19"
[ -e /etc/raddb/mods-available/sql.default ] && mv /etc/raddb/mods-available/sql.default /etc/raddb/mods-available/sql && echo -n "20"
[ -e /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf.default ] && mv /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf.default /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf && echo -n ", 21"
[ -e /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf.default ] && mv /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf.default /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf && echo -n ", 22"
[ -e /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf.default ] && mv /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf.default /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf && echo -n ", 23"
[ -e /etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf.default ] && mv /etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf.default /etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf && echo -n ", 24"
}
 
chilli ()
201,17 → 202,16
 
fail2ban ()
{
echo -en "(8) : "
[ -e /etc/fail2ban/fail2ban.conf.default ] && mv /etc/fail2ban/fail2ban.conf.default /etc/fail2ban/fail2ban.conf && echo -n "1, "
[ -e /etc/fail2ban/jail.conf.default ] && mv /etc/fail2ban/jail.conf.default /etc/fail2ban/jail.conf && echo -n "2, "
[ -e /etc/fail2ban/action.d/iptables-allports.conf.default ] && mv /etc/fail2ban/action.d/iptables-allports.conf.default /etc/fail2ban/action.d/iptables-allports.conf && echo -n "3, "
i=3
echo -en "(7) : "
[ -e /etc/fail2ban/jail.conf.default ] && mv /etc/fail2ban/jail.conf.default /etc/fail2ban/jail.conf && echo -n "1, "
[ -e /etc/fail2ban/action.d/iptables-allports.conf.default ] && mv /etc/fail2ban/action.d/iptables-allports.conf.default /etc/fail2ban/action.d/iptables-allports.conf && echo -n "2, "
i=2
for filter in `ls /etc/fail2ban/filter.d/alcasar_* 2>/dev/null`
do
i=`expr $i + 1`
rm $filter && echo -n "$i, "
done
[ -e /lib/systemd/system/fail2ban.service.default ] && mv /lib/systemd/system/fail2ban.service.default /lib/systemd/system/fail2ban.service && echo -n "8"
[ -e /lib/systemd/system/fail2ban.service.default ] && mv /lib/systemd/system/fail2ban.service.default /lib/systemd/system/fail2ban.service && echo -n "7"
}
 
gammu_smsd ()