Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1248 → Rev 1249

/scripts/alcasar-conf.sh
85,25 → 85,12
mkdir $DIR_UPDATE/etc/
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
# particularité des versions
# si version <= 2.0
if [ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -eq 0 ])
# si version <= 2.8
if [ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 8 ])
then
rm -f $DIR_UPDATE/etc/alcasar-dns-name # changement de format
rm -rf $DIR_UPDATE/etc/digest # hostname=alcasar
if [ -e $DIR_UPDATE/etc/alcasar-uamallowed ]; then
uamallowed=`cat $DIR_UPDATE/etc/alcasar-uamallowed`
if [ $uamallowed == "uamallowed=\"\"" ]
then rm -f $DIR_UPDATE/etc/alcasar-uamallowed # un uamallowed 'vide' perturbe coova
fi
fi
if [ -e $DIR_UPDATE/etc/alcasar-uamdomain ]; then
uamdomain=`cat $DIR_UPDATE/etc/alcasar-uamdomain`
if [ $uamdomain == "uamdomain=\"\"" ]
then rm -f $DIR_UPDATE/etc/alcasar-uamdomain # un uamdomain 'vide' perturbe coova
fi
fi
rm -rf $DIR_UPDATE/etc/digest # hostname=alcasar.$DOMAIN (add the domain name)
else
# si version >= 2.1 : sauvegarde des certificats (serveur et CA)
# si version > 2.8 : sauvegarde des certificats (serveur et CA)
cert_date=`/usr/bin/openssl x509 -noout -in /etc/pki/tls/certs/alcasar.crt -dates|grep After|cut -d"=" -f2`
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE
cp -f /etc/pki/tls/private/alcasar.key $DIR_UPDATE
115,76 → 102,7
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt
fi
fi
# si version < 2.2
if [ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 2 ])
then
ORGANISM=`cat $DIR_WEB/intercept.php|grep '$organisme =' | cut -d"=" -f2|tr -d ";\" "` # Sauvegarde du nom d'organisme
rm -f $DIR_UPDATE/etc/alcasar-ethers # This file doesn't contain comments
rm -f $DIR_UPDATE/exceptionurllist # This file was not empty (comments)
# Create the initial conf file (doesn't exist in earlier versions)
cat <<EOF > $CONF_FILE
##########################################
## ##
## ALCASAR Parameters ##
## ##
##########################################
 
INSTALL_DATE=$DATE
VERSION=$RUNNING_VERSION
ORGANISM=$ORGANISM
DOMAIN=$DOMAIN
EOF
PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` # @ip du portail (côté Internet)
PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 1er DNS
DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 2ème DNS
DNS1=${DNS1:=208.67.220.220}
DNS2=${DNS2:=208.67.222.222}
PRIVATE_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$INTIF|cut -d"=" -f2` # @ip du portail (côté LAN)
PRIVATE_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$INTIF|cut -d"=" -f2`
private_network_calc
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
echo "DNS1=$DNS1" >> $CONF_FILE
echo "DNS2=$DNS2" >> $CONF_FILE
echo "PRIVATE_IP=$PRIVATE_IP/$PRIVATE_PREFIX" >> $CONF_FILE
echo "DHCP=full" >> $CONF_FILE
echo "EXT_DHCP_IP=none" >> $CONF_FILE
echo "RELAY_DHCP_IP=none" >> $CONF_FILE
echo "RELAY_DHCP_PORT=none" >> $CONF_FILE
if [ -r /var/run/sshd.pid ]; then
echo "SSH=on" >> $CONF_FILE
else
echo "SSH=off" >> $CONF_FILE
fi
echo "SSH_ADMIN_FROM=0.0.0.0/0.0.0.0" >> $CONF_FILE
echo "QOS=off" >> $CONF_FILE
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
if [ `grep ^ldap /etc/raddb/sites-available/alcasar | wc -l` -eq "0" ]; then
echo "LDAP=off" >> $CONF_FILE
else
echo "LDAP=on" >> $CONF_FILE
fi
echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
PROTOCOLS_FILTERING=`grep ^PROTO_FILTERING /usr/local/bin/alcasar-iptables.sh | cut -d"=" -f2`
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:="no"}
if [ $PROTOCOLS_FILTERING = "no" ]; then
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
else
echo "PROTOCOLS_FILTERING=on" >> $CONF_FILE
fi
DNS_FILTERING=`grep ^reportinglevel /etc/dansguardian/dansguardian.conf | cut -d"=" -f2 | tr -d " "`
DNS_FILTERING=${DNS_FILTERING:="-1"}
if [ $DNS_FILTERING -eq "-1" ]; then
echo "DNS_FILTERING=off" >> $CONF_FILE
else
echo "DNS_FILTERING=on" >> $CONF_FILE
fi
fi
# since V2.6
# Changes since V2.6
# SSH_ADMIN_FROM is redefined
$SED "s?^Admin_from_IP=.*?SSH_ADMIN_FROM=0.0.0.0/0.0.0.0?" $CONF_FILE
# macallowed is replaced with macauth