| 5,14 → 5,14 |
|---|
| # by REXY |
| # This script is distributed under the Gnu General Public License (GPL) |
| |
| # Ce script permet de mettre à jour d'ALCASAR |
| # - création de l'archive des fichiers de configuration "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
| # - chargement de l'archive de fichiers de configuration lors de la mise à jour d'un alcasar (alcasar-conf -load). Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions |
| # - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" à chaud (alcasar-conf -apply) |
| # Ce script permet la mise à jour d'un ALCASAR |
| # - (alcasar-conf.sh -create) : création de l'archive des fichiers de configuration (/var/tmp/alcasar-conf.tar.gz) |
| # - (alcasar-conf.sh -load) : chargement de l'archive des fichiers de configuration. Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions |
| # - (alcasar-conf.sh -apply) : application des directives du fichier de conf central "/usr/local/etc/alcasar.conf". Peut aussi être exploité à chaud après avoir changé des valeurs du fichier de conf. |
| # This script allows ALCASAR update |
| # - create the configuration files backup "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create) |
| # - load the backup of configuration files during the update process (alcasar-conf -load). If needed, it's here we update files between versions |
| # - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification are needed (alcasar-conf -apply) |
| # - (alcasar-conf.sh -create) : create the configuration files backup (/var/tmp/alcasar-conf.tar.gz) |
| # - (alcasar-conf.sh -load) : load the backup of configuration files. If needed, it's here we update files between versions |
| # - (alcasar-conf.sh -load) : apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf". Can be use after changes of conf file values. |
| |
| DIR_UPDATE="/var/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour |
| DIR_WEB="/var/www/html" # répertoire du centre de gestion |
| 241,7 → 241,6 |
|---|
| if [[ "$PUBLIC_IP_MASK" == "dhcp" ]] |
| then |
| PUBLIC_GATEWAY="dhcp" |
| |
| else |
| if ! echo $PUBLIC_IP_MASK | egrep -q $PTN |
| then |
| 286,7 → 285,6 |
|---|
| else |
| $DIR_BIN/alcasar-dhcp.sh --on |
| fi |
| |
| # Set the local DNS (or not) |
| if [ "$INT_DNS_mode" = "on" ] || [ "$INT_DNS_mode" = "On" ] || [ "$INT_DNS_mode" = "ON" ] |
| then |
| 294,7 → 292,6 |
|---|
| else |
| $DIR_BIN/alcasar-dns-local.sh --off |
| fi |
| |
| # Set the pure ip option (or not) |
| if [ "$BL_PUREIP" = "off" ] || [ "$BL_PUREIP" = "Off" ] || [ "$BL_PUREIP" = "OFF" ] |
| then |
| 302,7 → 299,6 |
|---|
| else |
| bl_filter_param+="--pureip_on" |
| fi |
| |
| # Set the safesearch options (or not) |
| bl_filter_param="" |
| if [ "$BL_SAFESEARCH" = "on" ] || [ "$BL_SAFESEARCH" = "On" ] || [ "$BL_SAFESEARCH" = "ON" ] |
| 311,9 → 307,7 |
|---|
| else |
| bl_filter_param+="--safesearch_off " |
| fi |
| |
| $DIR_BIN/alcasar-url_filter_bl.sh $bl_filter_param |
| |
| if [ "$WL_SAFESEARCH" = "on" ] || [ "$WL_SAFESEARCH" = "On" ] || [ "$WL_SAFESEARCH" = "ON" ] |
| then |
| $DIR_BIN/alcasar-url_filter_wl.sh --safesearch_on |
| 320,10 → 314,8 |
|---|
| else |
| $DIR_BIN/alcasar-url_filter_wl.sh --safesearch_off |
| fi |
| |
| # Reload the local dns configuration |
| $DIR_BIN/alcasar-dns-local.sh --reload |
| |
| # Logout everybody |
| $DIR_BIN/alcasar-logout.sh all |
| # Services stop |
| 399,7 → 391,7 |
|---|
| $SED "s?^server\.bind.*?server\.bind = \"$PRIVATE_IP\"?g" /etc/lighttpd/lighttpd.conf |
| $SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$PRIVATE_IP"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf |
| $SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$PRIVATE_IP\"/g" /etc/lighttpd/vhosts.d/alcasar.conf |
| # FreeRADIUS Web |
| # FreeRADIUS |
| $SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf |
| $SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf |
| # CoovaChilli |
| 424,7 → 416,6 |
|---|
| rm -f /etc/unbound/conf.d/{forward,blacklist,whitelist,blackhole}/iface.* |
| rm -f /etc/unbound/conf.d/common/forward-zone.conf |
| find /etc/unbound/conf.d/common/local-dns/ ! -name "global.conf" -type f -delete |
| |
| # Configuration file for the dns servers forward-zone |
| cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf |
| forward-zone: |
| 432,7 → 423,6 |
|---|
| forward-addr: $DNS1 |
| forward-addr: $DNS2 |
| EOF |
| |
| # Configuration file of ALCASAR main domains for $INTIF |
| cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf |
| server: |
| 441,13 → 431,11 |
|---|
| local-zone: "$HOSTNAME" static |
| local-data: "$HOSTNAME A $PRIVATE_IP" |
| EOF |
| |
| # Configuration file for lo of forward unbound |
| cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf |
| server: |
| interface: 127.0.0.1@53 |
| access-control-view: 127.0.0.1/8 lo |
| |
| view: |
| name: "lo" |
| view-first: yes |
| 458,7 → 446,6 |
|---|
| local-zone: "$DOMAIN." static |
| local-data: "$DOMAIN. A" |
| EOF |
| |
| if [ "$HOSTNAME" != 'alcasar' ] |
| then |
| echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf |
| 466,7 → 453,6 |
|---|
| echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf |
| echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf |
| fi |
| |
| # Configuration file for $INTIF of forward unbound |
| cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf |
| server: |
| 477,7 → 463,6 |
|---|
| name: "$INTIF" |
| view-first: yes |
| EOF |
| |
| # Configuration file for $INTIF of blacklist unbound |
| cat << EOF > /etc/unbound/conf.d/blacklist/iface.${INTIF}.conf |
| server: |
| 487,7 → 472,6 |
|---|
| access-control-tag-action: $PRIVATE_IP_MASK "blacklist" redirect |
| access-control-tag-data: $PRIVATE_IP_MASK "blacklist" "A $PRIVATE_IP" |
| EOF |
| |
| # Configuration file for $INTIF of whitelist unbound |
| cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf |
| server: |
| 497,19 → 481,16 |
|---|
| access-control-tag-action: $PRIVATE_IP_MASK "whitelist" redirect |
| access-control-tag-data: $PRIVATE_IP_MASK "whitelist" "A $PRIVATE_IP" |
| EOF |
| |
| # Configuration file for $INTIF of blackhole unbound |
| cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf |
| server: |
| interface: ${PRIVATE_IP}@56 |
| access-control-view: $PRIVATE_NETWORK_MASK $INTIF |
| |
| view: |
| name: "$INTIF" |
| local-zone: "." redirect |
| local-data: ". A $PRIVATE_IP" |
| EOF |
| |
| # dhcpd |
| cat <<EOF > /etc/dhcpd.conf |
| ddns-update-style none; |
| 517,7 → 498,6 |
|---|
| option routers $PRIVATE_IP; |
| option subnet-mask $PRIVATE_NETMASK; |
| option domain-name-servers $PRIVATE_IP; |
| |
| range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP; |
| default-lease-time 21600; |
| max-lease-time 43200; |