Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1498 → Rev 1499

/alcasar.sh
226,8 → 226,9
echo -n "."
 
# Test EXTIF config files
PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
PUBLIC_IP_MASK=`ip addr show $EXTIF|grep "inet "|cut -d" " -f6`
PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1`
PUBLIC_GATEWAY=`ip route list|grep ^default|cut -d" " -f3`
if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
then
if [ $Lang == "fr" ]
269,14 → 270,13
fi
echo -n "."
# On teste le lien vers le routeur par defaut
IP_GW=`ip route list|grep ^default|cut -d" " -f3`
arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $IP_GW|grep response|cut -d" " -f2`
arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $PUBLIC_GATEWAY|grep response|cut -d" " -f2`
if [ $(expr $arp_reply) -eq 0 ]
then
if [ $Lang == "fr" ]
then
echo "Échec"
echo "Le routeur de site ou la Box Internet ($IP_GW) ne répond pas."
echo "Le routeur de site ou la Box Internet ($PUBLIC_GATEWAY) ne répond pas."
echo "Réglez ce problème puis relancez ce script."
else
echo "Failed"
432,35 → 432,50
hostname $HOSTNAME.$DOMAIN
echo $HOSTNAME.$DOMAIN > /etc/hostname
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # private network address (ie.: 192.168.182.0)
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f4` # last octet of LAN address
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # private network mask (ie.: 255.255.255.0)
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24)
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # ALCASAR private ip address (consultation LAN side)
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24)
if [ $PRIVATE_IP == $PRIVATE_NETWORK ] # when entering network address instead of ip address
then
PRIVATE_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`
PRIVATE_IP_MASK=`echo $PRIVATE_IP/$PRIVATE_PREFIX`
fi
private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4` # last octet of LAN address
PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1` # second network address (ex.: 192.168.182.2)
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # ie.: 2=classe B, 3=classe C
classe=$((PRIVATE_PREFIX/8)) # ie.: 2=classe B, 3=classe C
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255)
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1)
PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2` # second network address (ex.: 192.168.182.2)
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f4` # last octet of LAN broadcast
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1)
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254)
PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6` # MAC address of INTIF
# Define Internet parameters
[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 1er DNS
DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 2ème DNS
DNS1=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|head -n 1` # 1st DNS server
nb_dns=`grep ^nameserver /etc/resolv.conf|wc -l`
if [ $nb_dns == 2 ]
then
DNS2=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|tail -n 1` # 2nd DNS server (if exist)
fi
DNS1=${DNS1:=208.67.220.220}
DNS2=${DNS2:=208.67.222.222}
PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
DEFAULT_PUBLIC_NETMASK=`ipcalc -m $PUBLIC_IP | cut -d"=" -f2`
PUBLIC_NETMASK=${PUBLIC_NETMASK:=$DEFAULT_PUBLIC_NETMASK}
PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
# Wrtie the conf file
echo "EXTIF=$EXTIF" >> $CONF_FILE
echo "INTIF=$INTIF" >> $CONF_FILE
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
IP_SETTING=`grep BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` # IP setting (static or dynamic)
if [ $IP_SETTING == "dhcp" ]
then
echo "PUBLIC_IP=dhcp" >> $CONF_FILE
echo "GW=dhcp" >> $CONF_FILE
else
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
fi
echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
echo "DNS1=$DNS1" >> $CONF_FILE
echo "DNS2=$DNS2" >> $CONF_FILE
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
469,21 → 484,28
echo "RELAY_DHCP_IP=none" >> $CONF_FILE
echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
# network default
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
# config network
cat <<EOF > /etc/sysconfig/network
NETWORKING=yes
HOSTNAME="$HOSTNAME.$DOMAIN"
FORWARD_IPV4=true
EOF
# config /etc/hosts
# /etc/hosts config
[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default
cat <<EOF > /etc/hosts
127.0.0.1 localhost
$PRIVATE_IP $HOSTNAME.$DOMAIN $HOSTNAME $ORGANISME.$DOMAIN $ORGANISME
EOF
# Config EXTIF (Internet)
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
# EXTIF (Internet) config
[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
if [ $IP_SETTING == "dhcp" ]
then
$SED "s?^RESOLV_MODS=.*?RESOLV_MODS=yes?g" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
$SED "s?^PEERDNS=.*?PEERDNS=no?g" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
echo "DNS1=127.0.0.1" >> /etc/sysconfig/network-scripts/ifcfg-$EXTIF
else
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
DEVICE=$EXTIF
BOOTPROTO=static
IPADDR=$PUBLIC_IP
490,9 → 512,9
NETMASK=$PUBLIC_NETMASK
GATEWAY=$PUBLIC_GATEWAY
DNS1=127.0.0.1
RESOLV_MODS=yes
ONBOOT=yes
METRIC=10
NOZEROCONF=yes
MII_NOT_SUPPORTED=yes
IPV6INIT=no
IPV6TO4INIT=no
500,6 → 522,7
USERCTL=no
MTU=$MTU
EOF
fi
# Config INTIF (consultation LAN) in normal mode
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
DEVICE=$INTIF
1761,8 → 1784,7
# postfix banner anonymisation
$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf
# sshd écoute côté LAN et WAN
$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
$SED "s?^#ListenAddress.*?ListenAddress 0\.0\.0\.0?g" /etc/ssh/sshd_config
# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on)
echo "SSH=off" >> $CONF_FILE
echo 'SSH_ADMIN_FROM=0.0.0.0/0.0.0.0' >> $CONF_FILE