| 35,10 → 35,6 |
|---|
| DB_USER=$(grep '^db_user=' $PASSWD_FILE | cut -d'=' -f 2-) |
| DB_PASS=$(grep '^db_password=' $PASSWD_FILE | cut -d'=' -f 2-) |
| SED="/bin/sed -i" |
| RUNNING_VERSION=`grep ^VERSION= $CONF_FILE|cut -d'=' -f2` |
| MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1` |
| MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1` |
| UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3` |
| DNS1=`grep ^DNS1= $CONF_FILE | cut -d'=' -f2` # server DNS1 (for WL domain names) |
| DOMAIN=${DOMAIN:=localdomain} |
| DATE=`date '+%d %B %Y - %Hh%M'` |
| 46,16 → 42,16 |
|---|
| private_network_calc () |
| { |
| PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24) |
| PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0) |
| PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24) |
| PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0) |
| PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24) |
| classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # classes de réseau (ex.: 2=classe B, 3=classe C) |
| PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.) |
| PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255) |
| private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address |
| private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast |
| private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4` # last octet of LAN address |
| PRIVATE_FIRST_IP=$PRIVATE_IP # First network address (ex.: 192.168.182.1) |
| PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1` # second network address (ex.: 192.168.182.2) |
| private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast |
| private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4` # last octet of LAN address |
| PRIVATE_FIRST_IP=$PRIVATE_IP # First network address (ex.: 192.168.182.1) |
| PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1` # second network address (ex.: 192.168.182.2) |
| PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254) |
| PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6| sed 's/:/-/g'| awk '{print toupper($0)}'` # MAC address of INTIF |
| } |
| 89,21 → 85,20 |
|---|
| mkdir $DIR_UPDATE/custom_bl |
| for i in exceptioniplist urlregexplist exceptionsitelist bannedsitelist exceptionurllist bannedurllist |
| do |
| if [ -d /etc/dansguardian ]; then # remove when no more dansguardian migrations needed |
| if [ -d /etc/dansguardian ]; then # before V3.3 |
| cp /etc/dansguardian/lists/$i $DIR_UPDATE/custom_bl/ |
| else |
| cp /etc/e2guardian/lists/$i $DIR_UPDATE/custom_bl/ |
| cp /etc/e2guardian/lists/$i $DIR_UPDATE/custom_bl/ # since V3.3 |
| fi |
| done |
| cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null |
| # backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.) |
| mkdir $DIR_UPDATE/etc/ |
| [ -e $DIR_ETC/alcasar-ethers-info ] || cp $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info # V3.1.2 new info file for dhcp static |
| cp -rf $DIR_ETC/* $DIR_UPDATE/etc/ |
| cp /etc/hosts $DIR_UPDATE/etc/ |
| # backup of the security certificates (server & CA) |
| cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist |
| cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE # autosigned & official if exist |
| cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE |
| cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE |
| cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE |
| cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE |
| if [ -e /etc/pki/tls/certs/server-chain.crt ]; then |
| 121,12 → 116,17 |
|---|
| --load|-load) |
| cd /var/tmp |
| tar -xf alcasar-conf*.tar.gz |
| # Extract the previous version |
| PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2` |
| MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1` |
| MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2` |
| UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1` |
| # Retrieve the logo |
| [ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/ |
| chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php |
| # Retrieve the security certificates (CA and server) |
| cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official |
| cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official |
| cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ |
| cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ |
| cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/ |
| cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/ |
| (cat /etc/pki/tls/private/alcasar.key; echo; cat /etc/pki/tls/certs/alcasar.crt) > /etc/pki/tls/private/alcasar.pem |
| 136,7 → 136,7 |
|---|
| # Import of the users database |
| gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS |
| # Retrieve local parameters |
| [ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/ |
| cp -rf $DIR_UPDATE/etc/* $DIR_ETC/ |
| mv -f $DIR_ETC/hosts /etc/hosts |
| # Retrieve BL/WL custom files |
| cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/ |
| 166,13 → 166,8 |
|---|
| # Remove the update folder |
| rm -rf $DIR_UPDATE |
| ######################### modifications between versions ####################### |
| # Extract the curent version |
| CURRENT_VERSION=`grep ^VERSION= $CONF_FILE|cut -d"=" -f2` |
| MAJ_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f1` |
| MIN_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f2` |
| UPD_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f3|cut -c1` |
| ## From 3.2.0 & 3.2.1 ## |
| if [ [ $MAJ_CURRENT_VERSION == "3" ] && [ $MIN_CURRENT_VERSION == "2" ] ] |
| if [ $MAJ_PREVIOUS_VERSION == "3" ] && [ $MIN_PREVIOUS_VERSION == "2" ] |
| then |
| ## rewrite the file managing domain name resolution (local & remote). Hostnames resolutions are now in /etc/hosts |
| cat << EOF > $DIR_ETC/alcasar-dns-name |
| 196,12 → 191,11 |
|---|
| 127.0.0.1 localhost |
| $PRIVATE_IP $HOSTNAME |
| EOF |
| # apache is removed (lighttpd instead) |
| rm -rf /etc/httpd/ |
| rm -rf /var/log/httpd/ |
| # dansguardian is removed (E²guardian instead) |
| rm -rf /var/dansguardian/ |
| rm -rf /etc/dansguardian/ |
| # apache & dansguardian are replaced with lighttpd & E²guardian |
| rm_rpm="apache apache-mod_php apache-mod_ssl dansguardian" |
| /usr/sbin/urpme --auto -a $rm_rpm |
| /usr/sbin/urpme --auto --auto-orphans |
| rm -rf /etc/httpd/ /var/log/httpd/ /var/dansguardian/ /etc/dansguardian/ |
| fi |
| ;; |
| |
| 426,7 → 420,7 |
|---|
| /usr/bin/systemctl stop sshd.service |
| fi |
| fi |
| echo |
| echo |
| ;; |
| *) |
| echo "Argument inconnu :$1"; |