WebSVN – ALCASAR – Diff – /scripts/alcasar-conf.sh


#/bin/bash
# $Id: alcasar-conf.sh 862 2012-04-22 19:50:30Z richard $
 
# alcasar-conf.sh
# by Richard REY
# This script is distributed under the Gnu General Public License (GPL)
 
# Ce script permet la mise à jour ALCASAR 
#	- création et chargement de l'archive des fichiers de configuration (/tmp/alcasar-conf.tar.gz)
#	- application des directives du fichier de conf central (/usr/local/etc/alcasar.conf)
# This script allows ALCASAR update 
#	- create and load the configuration files backup (/tmp/alcasar-conf.tar.gz)
#	- apply ALCASAR central configuration file (/usr/local/etc/alcasar.conf)
 
new="$(date +%F-%Hh%M)"  			# date et heure des fichiers
fichier="alcasar-conf-$new.tar.gz"		# nom du fichier de sauvegarde
DIR_UPDATE="/tmp/conf"				# répertoire de stockage des fichier de conf pour une mise à jour
DIR_WEB="/var/www/html"				# répertoire du centre de gestion
DIR_BIN="/usr/local/bin"			# répertoire des scripts d'admin
DIR_SBIN="/usr/local/sbin"			# répertoire des scripts d'admin
DIR_ETC="/usr/local/etc"			# répertoire des fichiers de conf
DIR_SAVE="/var/Save/system_backup"		# répertoire de sauvegarde
CONF_FILE="$DIR_ETC/alcasar.conf"		# main alcasar conf file
VERSION="/var/www/html/VERSION"			# contient la version en cours
EXTIF="eth0"					# ETH0 est l'interface connectée à Internet (Box FAI)
INTIF="eth1"					# ETH1 est l'interface connectée au réseau local de consultation
HOSTNAME="alcasar"
DB_USER="radius"
radiuspwd=""
SED="/bin/sed -i"
RUNNING_VERSION=`cat $VERSION|cut -d" " -f1`
MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1`
MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1`
UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3`
DATE=`date '+%d %B %Y - %Hh%M'`
private_network_calc ()
{
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2`		# prefixe du réseau (ex. 24)
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2`		# @ réseau de consultation (ex.: 192.168.182.0)
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX					# @ + masque du réseau de consult (192.168.182.0/24)
	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2`		# classes de réseau (ex.: 2=classe B, 3=classe C)
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.			# @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
}
 
usage="Usage: alcasar-conf.sh --create | --load | --apply"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
	nb_args=1
	args="-h"
fi
case $args in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	--create|-create)	
		[ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE
		mkdir $DIR_UPDATE
# Sauvegarde de la base des usagers
		/usr/local/sbin/alcasar-mysql.sh -dump
		cp /var/Save/base/`ls /var/Save/base|tail -1` $DIR_UPDATE
# Sauvegarde du logo
		cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
# Sauvegarde des fichiers exploités par dansguardian 
		cp -f /etc/dansguardian/lists/exceptioniplist $DIR_UPDATE
		cp -f /etc/dansguardian/lists/exceptionsitelist $DIR_UPDATE
		cp -f /etc/dansguardian/lists/bannedsitelist $DIR_UPDATE
		cp -f /etc/dansguardian/lists/exceptionurllist $DIR_UPDATE
		cp -f /etc/dansguardian/lists/bannedurllist $DIR_UPDATE
		cp -rf /etc/dansguardian/lists/blacklists/ossi $DIR_UPDATE
# sauvegarde des fichiers : de conf, de filtrage, d'exception, digest, etc.
		mkdir $DIR_UPDATE/etc/
		cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
# particularité des versions
		rm -f $DIR_UPDATE/etc/alcasar-macallowed	# macallowed is replaced with macauth
# si version <= 2.0
		if [ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -eq 0 ])
		then
			rm -f $DIR_UPDATE/etc/alcasar-dns-name		# changement de format
			rm -rf $DIR_UPDATE/etc/digest			# hostname=alcasar
			if [ -e $DIR_UPDATE/etc/alcasar-uamallowed ]; then
				uamallowed=`cat $DIR_UPDATE/etc/alcasar-uamallowed`
				if [ $uamallowed == "uamallowed=\"\"" ]
					then rm -f $DIR_UPDATE/etc/alcasar-uamallowed		# un uamallowed 'vide' perturbe coova
				fi
			fi
			if [ -e $DIR_UPDATE/etc/alcasar-uamdomain ]; then
				uamdomain=`cat $DIR_UPDATE/etc/alcasar-uamdomain`
				if [ $uamdomain == "uamdomain=\"\"" ]
					then rm -f $DIR_UPDATE/etc/alcasar-uamdomain		# un uamdomain 'vide' perturbe coova
				fi
			fi
		else
# si version >= 2.1 : sauvegarde des certificats (serveur et CA)
			mkdir $DIR_UPDATE/pki/
			cert_date=`/usr/bin/openssl x509 -noout -in /etc/pki/tls/certs/alcasar.crt -dates|grep After|cut -d"=" -f2`
			cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE
			cp -f /etc/pki/tls/private/alcasar.key $DIR_UPDATE
			cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
			cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE
			if [ -e /etc/pki/tls/certs/server-chain.crt ]; then
				cp -f /etc/pki/tls/certs/server-chain.crt $DIR_UPDATE
			else
				cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt
			fi
		fi
# si version < 2.2
		if [ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 2 ])
		then
			ORGANISM=`cat $DIR_WEB/intercept.php|grep '$organisme =' | cut -d"=" -f2|tr -d ";\" "` # Sauvegarde du nom d'organisme
			rm -f $DIR_UPDATE/etc/alcasar-ethers		# This file doesn't contain comments
			rm -f $DIR_UPDATE/exceptionurllist		# This file was not empty (comments)
			# Create the initial conf file (doesn't exist in earlier versions)
			cat <<EOF > $CONF_FILE
##########################################
##                                      ##
##          ALCASAR Parameters          ##
##                                      ##
##########################################
 
INSTALL_DATE=$DATE
VERSION=$RUNNING_VERSION
ORGANISM=$ORGANISM
EOF
			PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip du portail (côté Internet)
			PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
			PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK |cut -d"=" -f2`		# prefixe du réseau (ex. 24)
			PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
			DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 1er DNS
			DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 2ème DNS
			DNS1=${DNS1:=208.67.220.220}
			DNS2=${DNS2:=208.67.222.222}
			PRIVATE_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$INTIF|cut -d"=" -f2` 	# @ip du portail (côté LAN)
			PRIVATE_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$INTIF|cut -d"=" -f2`
			private_network_calc
			echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE 
			echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
			echo "DNS1=$DNS1" >> $CONF_FILE
			echo "DNS2=$DNS2" >> $CONF_FILE 
			echo "PRIVATE_IP=$PRIVATE_IP/$PRIVATE_PREFIX" >> $CONF_FILE 
			echo "DHCP=half" >> $CONF_FILE
 
			if [ -r /var/run/sshd.pid ]; then
				echo "SSH=on" >> $CONF_FILE
			else
				echo "SSH=off" >> $CONF_FILE
			fi
			echo "QOS=off" >> $CONF_FILE
			echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
			if [ `grep ^ldap /etc/raddb/sites-available/alcasar | wc -l` -eq "0" ];	then
				echo "LDAP=off" >> $CONF_FILE
			else
				echo "LDAP=on" >> $CONF_FILE
			fi
			PROTOCOLS_FILTERING=`grep ^PROTO_FILTERING /usr/local/bin/alcasar-iptables.sh | cut -d"=" -f2`
			PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:="no"}
			if [ $PROTOCOLS_FILTERING = "no" ]; then
				echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
			else
				echo "PROTOCOLS_FILTERING=on" >> $CONF_FILE
			fi
			DNS_FILTERING=`grep ^reportinglevel /etc/dansguardian/dansguardian.conf | cut -d"=" -f2 | tr -d " "`
			DNS_FILTERING=${DNS_FILTERING:="-1"}
			if [ $DNS_FILTERING -eq "-1" ]; then
				echo "DNS_FILTERING=off" >> $CONF_FILE
			else
				echo "DNS_FILTERING=on" >> $CONF_FILE
			fi
 
		fi
# DHCP mode can be "off/half/full" since V2.6
		DHCP_mode=`cat $CONF_FILE|grep DHCP=|cut -d"=" -f2`
		if [ $DHCP_mode = "on" ]; then
			$SED "s?^DHCP=on.*?DHCP=half?" $CONF_FILE	# DHCP option can be "off/half/full" since V2.6
		fi
		cp $CONF_FILE $DIR_UPDATE/etc/
# le paramêtre 'EXT_LAN_FILTERING' n'existe plus depuis la V2.6
		$SED "/^EXT_LAN/d" $DIR_UPDATE/etc/alcasar.conf 
# le répertoire "ISO" est remplacé par "system_backup" suite à la suppression de "mondoarchive" (V2.5)
		rm -rf /var/Save/ISO
# création de l'archive et copie dans le répertoire WEB associé
		cd /tmp
		tar -cf alcasar-conf.tar conf/
		gzip -f alcasar-conf.tar
		[ -d $DIR_SAVE ] && cp alcasar-conf.tar.gz $DIR_SAVE/$fichier
		rm -rf $DIR_UPDATE
		;;
	--load|-load)
		cd /tmp
		tar -xf /tmp/alcasar-conf.tar.gz
# Récupération du logo
		[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
		chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
# Récupération des certificats (CA et serveur)
		[ -e $DIR_UPDATE/alcasar-ca.crt ] && cp -f $DIR_UPDATE/alcasar-ca.crt /etc/pki/CA/
		[ -e $DIR_UPDATE/alcasar-ca.key ] && cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/
		[ -e $DIR_UPDATE/alcasar.crt ] && cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
		[ -e $DIR_UPDATE/alcasar.key ] && cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
		[ -e $DIR_UPDATE/server-chain.crt ] &&	cp -f $DIR_UPDATE/server-chain.crt /etc/pki/tls/certs/
		chown -R root:apache /etc/pki
		chmod -R 750 /etc/pki
# Import de la dernière base usagers
		mysql -u$DB_USER -p$radiuspwd < `ls $DIR_UPDATE/radius*`
# Récupération des paramêtres locaux (fichier de conf, règles de filtrage, fichiers d'exception, comptes de gestion, etc.)
		[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
# Récupération des fichiers de Dansguardian
		[ -e $DIR_UPDATE/exceptioniplist ] && cp -f $DIR_UPDATE/exceptioniplist /etc/dansguardian/lists/
		[ -e $DIR_UPDATE/exceptionsitelist ] && cp -f $DIR_UPDATE/exceptionsitelist /etc/dansguardian/lists/
		[ -e $DIR_UPDATE/bannedsitelist ] && cp -f $DIR_UPDATE/bannedsitelist /etc/dansguardian/lists/ 
		[ -e $DIR_UPDATE/exceptionurllist ] && cp -f $DIR_UPDATE/exceptionurllist /etc/dansguardian/lists/
		[ -e $DIR_UPDATE/bannedurllist ] && cp -f $DIR_UPDATE/bannedurllist /etc/dansguardian/lists/
		[ -d $DIR_UPDATE/ossi ] && cp -rf $DIR_UPDATE/ossi /etc/dansguardian/lists/blacklists/
		chown -R dansguardian:apache /etc/dansguardian/lists
		chmod -R g+rw /etc/dansguardian/lists
# Start / Stop DNS/URL filtering
		PARENT_SCRIPT=$0
		export PARENT_SCRIPT
		$DIR_SBIN/alcasar-bl.sh -reload
# Prise en compte des comptes de gestion (admin + manager + backup)
		$DIR_SBIN/alcasar-profil.sh --list
# Start / Stop SSH Daemon
		ssh_active=`grep SSH $CONF_FILE|cut -d"=" -f2`
		if [ $ssh_active = "on" ]
		then
			/sbin/chkconfig --add sshd
		else
			/sbin/chkconfig --del sshd
		fi
# Effacement du répertoire d'update
		rm -rf $DIR_UPDATE
		;;
	--apply|-apply)
		PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/[012]?[0-9]\b"
		PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2`
		check=$(echo $PRIVATE_IP_MASK | egrep $PTN)
		if [[ "$?" -ne 0 ]]
		then 
			echo "Syntax error for PRIVATE_IP_MASK ($PRIVATE_IP_MASK)"
			exit 0
		fi
		PUBLIC_IP_MASK=`grep PUBLIC_IP $CONF_FILE|cut -d"=" -f2`
		check=$(echo $PUBLIC_IP_MASK | egrep $PTN)
		if [[ "$?" -ne 0 ]]
		then 
			echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"
			exit 0
		fi
		PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
		PUBLIC_GATEWAY=`grep GW $CONF_FILE|cut -d"=" -f2`
		check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
		if [[ "$?" -ne 0 ]]
			then 
			echo "Syntax error for the Gateway IP ($PUBLIC_GATEWAY)"
			exit 0
		fi
		DNS1=`grep DNS1 $CONF_FILE|cut -d"=" -f2`
		check=$(echo $DNS1 | egrep $PTN)
		if [[ "$?" -ne 0 ]]
		then 
			echo "Syntax error for the IP address of the first DNS server ($DNS1)"
			exit 0
		fi
		DNS2=`grep DNS2 $CONF_FILE|cut -d"=" -f2`
		check=$(echo $DNS2 | egrep $PTN)
		if [[ "$?" -ne 0 ]]
		then 
			echo "Syntax error for the IP address of the second DNS server ($DNS2)"
			exit 0
		fi
		PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1`
		PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
		PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
		PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`
		private_network_calc
		VERSION=`grep VERSION $CONF_FILE|cut -d"=" -f2`
		INSTALL_DATE=`grep INSTALL_DATE $CONF_FILE|cut -d"=" -f2`
		ORGANISME=`grep ORGANISM $CONF_FILE|cut -d"=" -f2`
		DHCP_mode=`grep DHCP= $CONF_FILE|cut -d"=" -f2`
# Logout everybody
		$DIR_SBIN/alcasar-logout.sh all		
# Services stop
		for i in squid ntpd chilli httpd sshd network
		do
			[ -e /etc/init.d/$i ] && /etc/init.d/$i stop && killall $i 2>/dev/null
		done
 
# /etc/hosts
		cat <<EOF > /etc/hosts
127.0.0.1	localhost
$PRIVATE_IP	$HOSTNAME 
EOF
 
# Ext Network Card config
		$SED "s?^IPADDR=.*?IPADDR=$PUBLIC_IP?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
		$SED "s?^NETMASK=.*?NETMASK=$PUBLIC_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
		$SED "s?^GATEWAY=.*?GATEWAY=$PUBLIC_GATEWAY?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
# NTP server
		$SED "/127.0.0.1/!s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap?g" /etc/ntp.conf
# host.allow 
		cat <<EOF > /etc/hosts.allow
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
sshd: ALL
ntpd: $PRIVATE_NETWORK_SHORT
EOF
# Alcasar Control Center
		echo "$VERSION du $INSTALL_DATE" > /var/www/html/VERSION; chown apache:apache /var/www/html/VERSION
		$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
		FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
		$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL
		$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf
# Dialup_Admin
		$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
		$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
# coova
		$SED "s?ifconfig.*?ifconfig \$HS_LANIF $PRIVATE_IP?g" /etc/init.d/chilli
		$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf
 
 
		$SED "s?^dns1.*?dns1\t\t$PRIVATE_IP?g" /etc/chilli.conf
		$SED "s?^dns2.*?dns2\t\t$PRIVATE_IP?g" /etc/chilli.conf
		$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf
		$SED "s?^\$organisme = .*?\$organisme = \"$ORGANISME\";?g" /var/www/html/intercept.php /var/www/html/status.php
# dhcp (coova + dnsmasq)
		$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode
# awstat
		$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf
# dnsmasq
		$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf
		for i in /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf
		do
			$SED "/^server=/d" $i
			echo "server=$DNS1" >> $i
			echo "server=$DNS2" >> $i
		done
 
		$SED "s?^dhcp-option=option:router.*?dhcp-option=option:router,$PRIVATE_IP?g" /etc/dnsmasq.conf
# DG + BL
		$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf
# Watchdog
		$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh
# SSHD
		$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
		$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
# Prompts
		$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc
# sudoers
		$SED "s?^Host_Alias.*?Host_Alias	LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost		#réseau de l'organisme?g" /etc/sudoers
# Services start
		for i in network squid ntpd chilli httpd 
		do
			[ -e /etc/init.d/$i ] && /etc/init.d/$i start 2>/dev/null
		done
# Start / Stop SSH Daemon
		ssh_active=`grep SSH $CONF_FILE|cut -d"=" -f2`
		if [ $ssh_active = "on" ]
		then
			/sbin/chkconfig --add sshd
			/etc/init.d/sshd start
		else
			/sbin/chkconfig --del sshd
		fi
# Reload BL (restart DG, dnsmasq & iptables)
		$DIR_SBIN/alcasar-bl.sh -reload
		;;
	*)
		echo "Argument inconnu :$1";
		echo "$usage"
		exit 1
		;;
esac
 
 

Rev 861	Rev 862
1	`#/bin/bash`	1	`#/bin/bash`
2	`# $Id: alcasar-conf.sh 861 2012-04-21 20:18:48Z richard $`	2	`# $Id: alcasar-conf.sh 862 2012-04-22 19:50:30Z richard $`
3		3
4	`# alcasar-conf.sh`	4	`# alcasar-conf.sh`
5	`# by Richard REY`	5	`# by Richard REY`
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7		7
8	`# Ce script permet la mise à jour ALCASAR`	8	`# Ce script permet la mise à jour ALCASAR`
9	`# - création et chargement de l'archive des fichiers de configuration (/tmp/alcasar-conf.tar.gz)`	9	`# - création et chargement de l'archive des fichiers de configuration (/tmp/alcasar-conf.tar.gz)`
10	`# - application des directives du fichier de conf central (/usr/local/etc/alcasar.conf)`	10	`# - application des directives du fichier de conf central (/usr/local/etc/alcasar.conf)`
11	`# This script allows ALCASAR update`	11	`# This script allows ALCASAR update`
12	`# - create and load the configuration files backup (/tmp/alcasar-conf.tar.gz)`	12	`# - create and load the configuration files backup (/tmp/alcasar-conf.tar.gz)`
13	`# - apply ALCASAR central configuration file (/usr/local/etc/alcasar.conf)`	13	`# - apply ALCASAR central configuration file (/usr/local/etc/alcasar.conf)`
14		14
15	`new="$(date +%F-%Hh%M)" # date et heure des fichiers`	15	`new="$(date +%F-%Hh%M)" # date et heure des fichiers`
16	`fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde`	16	`fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde`
17	`DIR_UPDATE="/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour`	17	`DIR_UPDATE="/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour`
18	`DIR_WEB="/var/www/html" # répertoire du centre de gestion`	18	`DIR_WEB="/var/www/html" # répertoire du centre de gestion`
19	`DIR_BIN="/usr/local/bin" # répertoire des scripts d'admin`	19	`DIR_BIN="/usr/local/bin" # répertoire des scripts d'admin`
20	`DIR_SBIN="/usr/local/sbin" # répertoire des scripts d'admin`	20	`DIR_SBIN="/usr/local/sbin" # répertoire des scripts d'admin`
21	`DIR_ETC="/usr/local/etc" # répertoire des fichiers de conf`	21	`DIR_ETC="/usr/local/etc" # répertoire des fichiers de conf`
22	`DIR_SAVE="/var/Save/system_backup" # répertoire de sauvegarde`	22	`DIR_SAVE="/var/Save/system_backup" # répertoire de sauvegarde`
23	`CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file`	23	`CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file`
24	`VERSION="/var/www/html/VERSION" # contient la version en cours`	24	`VERSION="/var/www/html/VERSION" # contient la version en cours`
25	`EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI)`	25	`EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI)`
26	`INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation`	26	`INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation`
27	`HOSTNAME="alcasar"`	27	`HOSTNAME="alcasar"`
28	`DB_USER="radius"`	28	`DB_USER="radius"`
29	`radiuspwd=""`	29	`radiuspwd=""`
30	`SED="/bin/sed -i"`	30	`SED="/bin/sed -i"`
31	RUNNING_VERSION=`cat $VERSION\|cut -d" " -f1`	31	RUNNING_VERSION=`cat $VERSION\|cut -d" " -f1`
32	MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION\|cut -d"." -f1`	32	MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION\|cut -d"." -f1`
33	MIN_RUNNING_VERSION=`echo $RUNNING_VERSION\|cut -d"." -f2\|cut -c1`	33	MIN_RUNNING_VERSION=`echo $RUNNING_VERSION\|cut -d"." -f2\|cut -c1`
34	UPD_RUNNING_VERSION=`echo $RUNNING_VERSION\|cut -d"." -f3`	34	UPD_RUNNING_VERSION=`echo $RUNNING_VERSION\|cut -d"." -f3`
35	DATE=`date '+%d %B %Y - %Hh%M'`	35	DATE=`date '+%d %B %Y - %Hh%M'`
36	`private_network_calc ()`	36	`private_network_calc ()`
37	`{`	37	`{`
38	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK \|cut -d"=" -f2` # prefixe du réseau (ex. 24)	38	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK \|cut -d"=" -f2` # prefixe du réseau (ex. 24)
39	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK\| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0)	39	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK\| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0)
40	`PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24)`	40	`PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24)`
41	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # classes de réseau (ex.: 2=classe B, 3=classe C)	41	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # classes de réseau (ex.: 2=classe B, 3=classe C)
42	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK \| cut -d"." -f1-$classe`. # @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.)	42	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK \| cut -d"." -f1-$classe`. # @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.)
43	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK \| cut -d"=" -f2` # @ broadcast réseau de consultation (ex.: 192.168.182.255)	-
44	private_network_ending=`echo $PRIVATE_NETWORK \| cut -d"." -f$classe_sup` # dernier octet de l'@ de réseau	-
45	private_broadcast_ending=`echo $PRIVATE_BROADCAST \| cut -d"." -f$classe_sup` # dernier octet de l'@ de broadcast	-
46	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK \| cut -d"." -f1-3`"."`expr $private_network_ending + 1` # 1ère adresse de la plage de consultation (ex.: 192.168.182.1)	-
47	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST \| cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # dernière adresse de la plage de consultation (ex.: 192.168.182.254)	-
48	tmp_mask=`echo $PRIVATE_NETWORK_MASK\|cut -d"/" -f2`; half_mask=`expr $tmp_mask + 1` # masque du 1/2 réseau de consultation (ex.: 25)	-
49	`PRIVATE_STAT_IP=$PRIVATE_NETWORK/$half_mask # plage des adresses statiques (ex.: 192.168.182.0/25)`	-
50	private_plage=`expr $private_broadcast_ending - $private_network_ending + 1`	-
51	private_half_plage=`expr $private_plage / 2`	-
52	private_dyn=`expr $private_half_plage + $private_network_ending`	-
53	private_dyn_ip_network=`echo $PRIVATE_NETWORK \| cut -d"." -f1-$classe`"."$private_dyn"."`echo $PRIVATE_NETWORK \| cut -d"." -f$classe_sup_sup-5`	-
54	PRIVATE_DYN_IP=`echo $private_dyn_ip_network \| cut -d"." -f1-4`/$half_mask # @ réseau (CIDR) de la plage des adresses dynamiques (ex.: 192.168.182.128/25)	-
55	private_dyn_ip_ending=`echo $private_dyn_ip_network \| cut -d"." -f4`	-
56	PRIVATE_DYN_FIRST_IP=`echo $private_dyn_ip_network \| cut -d"." -f1-3`"."`expr $private_dyn_ip_ending + 1` # 1ère adresse de la plage dynamique (ex.: 192.168.182.129)	-
57	PRIVATE_DYN_LAST_IP=`echo $PRIVATE_BROADCAST \| cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # dernière adresse de la plage dynamique (ex.: 192.168.182.254)	-
58	`}`	43	`}`
59		44
60	`usage="Usage: alcasar-conf.sh --create \| --load \| --apply"`	45	`usage="Usage: alcasar-conf.sh --create \| --load \| --apply"`
61	`nb_args=$#`	46	`nb_args=$#`
62	`args=$1`	47	`args=$1`
63	`if [ $nb_args -eq 0 ]`	48	`if [ $nb_args -eq 0 ]`
64	`then`	49	`then`
65	`nb_args=1`	50	`nb_args=1`
66	`args="-h"`	51	`args="-h"`
67	`fi`	52	`fi`
68	`case $args in`	53	`case $args in`
69	`-\? \| -h* \| --h*)`	54	`-\? \| -h* \| --h*)`
70	`echo "$usage"`	55	`echo "$usage"`
71	`exit 0`	56	`exit 0`
72	`;;`	57	`;;`
73	`--create\|-create)`	58	`--create\|-create)`
74	`[ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE`	59	`[ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE`
75	`mkdir $DIR_UPDATE`	60	`mkdir $DIR_UPDATE`
76	`# Sauvegarde de la base des usagers`	61	`# Sauvegarde de la base des usagers`
77	`/usr/local/sbin/alcasar-mysql.sh -dump`	62	`/usr/local/sbin/alcasar-mysql.sh -dump`
78	cp /var/Save/base/`ls /var/Save/base\|tail -1` $DIR_UPDATE	63	cp /var/Save/base/`ls /var/Save/base\|tail -1` $DIR_UPDATE
79	`# Sauvegarde du logo`	64	`# Sauvegarde du logo`
80	`cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE`	65	`cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE`
81	`# Sauvegarde des fichiers exploités par dansguardian`	66	`# Sauvegarde des fichiers exploités par dansguardian`
82	`cp -f /etc/dansguardian/lists/exceptioniplist $DIR_UPDATE`	67	`cp -f /etc/dansguardian/lists/exceptioniplist $DIR_UPDATE`
83	`cp -f /etc/dansguardian/lists/exceptionsitelist $DIR_UPDATE`	68	`cp -f /etc/dansguardian/lists/exceptionsitelist $DIR_UPDATE`
84	`cp -f /etc/dansguardian/lists/bannedsitelist $DIR_UPDATE`	69	`cp -f /etc/dansguardian/lists/bannedsitelist $DIR_UPDATE`
85	`cp -f /etc/dansguardian/lists/exceptionurllist $DIR_UPDATE`	70	`cp -f /etc/dansguardian/lists/exceptionurllist $DIR_UPDATE`
86	`cp -f /etc/dansguardian/lists/bannedurllist $DIR_UPDATE`	71	`cp -f /etc/dansguardian/lists/bannedurllist $DIR_UPDATE`
87	`cp -rf /etc/dansguardian/lists/blacklists/ossi $DIR_UPDATE`	72	`cp -rf /etc/dansguardian/lists/blacklists/ossi $DIR_UPDATE`
88	`# sauvegarde des fichiers : de conf, de filtrage, d'exception, digest, etc.`	73	`# sauvegarde des fichiers : de conf, de filtrage, d'exception, digest, etc.`
89	`mkdir $DIR_UPDATE/etc/`	74	`mkdir $DIR_UPDATE/etc/`
90	`cp -rf $DIR_ETC/* $DIR_UPDATE/etc/`	75	`cp -rf $DIR_ETC/* $DIR_UPDATE/etc/`
91	`# particularité des versions`	76	`# particularité des versions`
92	`rm -f $DIR_UPDATE/etc/alcasar-macallowed # macallowed is replaced with macauth`	77	`rm -f $DIR_UPDATE/etc/alcasar-macallowed # macallowed is replaced with macauth`
93	`# si version <= 2.0`	78	`# si version <= 2.0`
94	`if [ $MAJ_RUNNING_VERSION -lt 2 ] \|\| ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -eq 0 ])`	79	`if [ $MAJ_RUNNING_VERSION -lt 2 ] \|\| ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -eq 0 ])`
95	`then`	80	`then`
96	`rm -f $DIR_UPDATE/etc/alcasar-dns-name # changement de format`	81	`rm -f $DIR_UPDATE/etc/alcasar-dns-name # changement de format`
97	`rm -rf $DIR_UPDATE/etc/digest # hostname=alcasar`	82	`rm -rf $DIR_UPDATE/etc/digest # hostname=alcasar`
98	`if [ -e $DIR_UPDATE/etc/alcasar-uamallowed ]; then`	83	`if [ -e $DIR_UPDATE/etc/alcasar-uamallowed ]; then`
99	uamallowed=`cat $DIR_UPDATE/etc/alcasar-uamallowed`	84	uamallowed=`cat $DIR_UPDATE/etc/alcasar-uamallowed`
100	`if [ $uamallowed == "uamallowed=\"\"" ]`	85	`if [ $uamallowed == "uamallowed=\"\"" ]`
101	`then rm -f $DIR_UPDATE/etc/alcasar-uamallowed # un uamallowed 'vide' perturbe coova`	86	`then rm -f $DIR_UPDATE/etc/alcasar-uamallowed # un uamallowed 'vide' perturbe coova`
102	`fi`	87	`fi`
103	`fi`	88	`fi`
104	`if [ -e $DIR_UPDATE/etc/alcasar-uamdomain ]; then`	89	`if [ -e $DIR_UPDATE/etc/alcasar-uamdomain ]; then`
105	uamdomain=`cat $DIR_UPDATE/etc/alcasar-uamdomain`	90	uamdomain=`cat $DIR_UPDATE/etc/alcasar-uamdomain`
106	`if [ $uamdomain == "uamdomain=\"\"" ]`	91	`if [ $uamdomain == "uamdomain=\"\"" ]`
107	`then rm -f $DIR_UPDATE/etc/alcasar-uamdomain # un uamdomain 'vide' perturbe coova`	92	`then rm -f $DIR_UPDATE/etc/alcasar-uamdomain # un uamdomain 'vide' perturbe coova`
108	`fi`	93	`fi`
109	`fi`	94	`fi`
110	`else`	95	`else`
111	`# si version >= 2.1 : sauvegarde des certificats (serveur et CA)`	96	`# si version >= 2.1 : sauvegarde des certificats (serveur et CA)`
112	`mkdir $DIR_UPDATE/pki/`	97	`mkdir $DIR_UPDATE/pki/`
113	cert_date=`/usr/bin/openssl x509 -noout -in /etc/pki/tls/certs/alcasar.crt -dates\|grep After\|cut -d"=" -f2`	98	cert_date=`/usr/bin/openssl x509 -noout -in /etc/pki/tls/certs/alcasar.crt -dates\|grep After\|cut -d"=" -f2`
114	`cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE`	99	`cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE`
115	`cp -f /etc/pki/tls/private/alcasar.key $DIR_UPDATE`	100	`cp -f /etc/pki/tls/private/alcasar.key $DIR_UPDATE`
116	`cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE`	101	`cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE`
117	`cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE`	102	`cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE`
118	`if [ -e /etc/pki/tls/certs/server-chain.crt ]; then`	103	`if [ -e /etc/pki/tls/certs/server-chain.crt ]; then`
119	`cp -f /etc/pki/tls/certs/server-chain.crt $DIR_UPDATE`	104	`cp -f /etc/pki/tls/certs/server-chain.crt $DIR_UPDATE`
120	`else`	105	`else`
121	`cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt`	106	`cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt`
122	`fi`	107	`fi`
123	`fi`	108	`fi`
124	`# si version < 2.2`	109	`# si version < 2.2`
125	`if [ $MAJ_RUNNING_VERSION -lt 2 ] \|\| ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 2 ])`	110	`if [ $MAJ_RUNNING_VERSION -lt 2 ] \|\| ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 2 ])`
126	`then`	111	`then`
127	ORGANISM=`cat $DIR_WEB/intercept.php\|grep '$organisme =' \| cut -d"=" -f2\|tr -d ";\" "` # Sauvegarde du nom d'organisme	112	ORGANISM=`cat $DIR_WEB/intercept.php\|grep '$organisme =' \| cut -d"=" -f2\|tr -d ";\" "` # Sauvegarde du nom d'organisme
128	`rm -f $DIR_UPDATE/etc/alcasar-ethers # This file doesn't contain comments`	113	`rm -f $DIR_UPDATE/etc/alcasar-ethers # This file doesn't contain comments`
129	`rm -f $DIR_UPDATE/exceptionurllist # This file was not empty (comments)`	114	`rm -f $DIR_UPDATE/exceptionurllist # This file was not empty (comments)`
130	`# Create the initial conf file (doesn't exist in earlier versions)`	115	`# Create the initial conf file (doesn't exist in earlier versions)`
131	`cat <<EOF > $CONF_FILE`	116	`cat <<EOF > $CONF_FILE`
132	`##########################################`	117	`##########################################`
133	`## ##`	118	`## ##`
134	`## ALCASAR Parameters ##`	119	`## ALCASAR Parameters ##`
135	`## ##`	120	`## ##`
136	`##########################################`	121	`##########################################`
137		122
138	`INSTALL_DATE=$DATE`	123	`INSTALL_DATE=$DATE`
139	`VERSION=$RUNNING_VERSION`	124	`VERSION=$RUNNING_VERSION`
140	`ORGANISM=$ORGANISM`	125	`ORGANISM=$ORGANISM`
141	`EOF`	126	`EOF`
142	PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF\|cut -d"=" -f2` # @ip du portail (côté Internet)	127	PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF\|cut -d"=" -f2` # @ip du portail (côté Internet)
143	PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$EXTIF\|cut -d"=" -f2`	128	PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$EXTIF\|cut -d"=" -f2`
144	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK \|cut -d"=" -f2` # prefixe du réseau (ex. 24)	129	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK \|cut -d"=" -f2` # prefixe du réseau (ex. 24)
145	PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF\|cut -d"=" -f2`	130	PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF\|cut -d"=" -f2`
146	DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF\|cut -d"=" -f2` # @ip 1er DNS	131	DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF\|cut -d"=" -f2` # @ip 1er DNS
147	DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF\|cut -d"=" -f2` # @ip 2ème DNS	132	DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF\|cut -d"=" -f2` # @ip 2ème DNS
148	`DNS1=${DNS1:=208.67.220.220}`	133	`DNS1=${DNS1:=208.67.220.220}`
149	`DNS2=${DNS2:=208.67.222.222}`	134	`DNS2=${DNS2:=208.67.222.222}`
150	PRIVATE_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$INTIF\|cut -d"=" -f2` # @ip du portail (côté LAN)	135	PRIVATE_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$INTIF\|cut -d"=" -f2` # @ip du portail (côté LAN)
151	PRIVATE_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$INTIF\|cut -d"=" -f2`	136	PRIVATE_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/ifcfg-$INTIF\|cut -d"=" -f2`
152	`private_network_calc`	137	`private_network_calc`
153	`echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE`	138	`echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE`
154	`echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE`	139	`echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE`
155	`echo "DNS1=$DNS1" >> $CONF_FILE`	140	`echo "DNS1=$DNS1" >> $CONF_FILE`
156	`echo "DNS2=$DNS2" >> $CONF_FILE`	141	`echo "DNS2=$DNS2" >> $CONF_FILE`
157	`echo "PRIVATE_IP=$PRIVATE_IP/$PRIVATE_PREFIX" >> $CONF_FILE`	142	`echo "PRIVATE_IP=$PRIVATE_IP/$PRIVATE_PREFIX" >> $CONF_FILE`
158	`echo "DHCP=on" >> $CONF_FILE`	143	`echo "DHCP=half" >> $CONF_FILE`
159		144
160	`if [ -r /var/run/sshd.pid ]; then`	145	`if [ -r /var/run/sshd.pid ]; then`
161	`echo "SSH=on" >> $CONF_FILE`	146	`echo "SSH=on" >> $CONF_FILE`
162	`else`	147	`else`
163	`echo "SSH=off" >> $CONF_FILE`	148	`echo "SSH=off" >> $CONF_FILE`
164	`fi`	149	`fi`
165	`echo "QOS=off" >> $CONF_FILE`	150	`echo "QOS=off" >> $CONF_FILE`
166	`echo "WEB_ANTIVIRUS=on" >> $CONF_FILE`	151	`echo "WEB_ANTIVIRUS=on" >> $CONF_FILE`
167	if [ `grep ^ldap /etc/raddb/sites-available/alcasar \| wc -l` -eq "0" ]; then	152	if [ `grep ^ldap /etc/raddb/sites-available/alcasar \| wc -l` -eq "0" ]; then
168	`echo "LDAP=off" >> $CONF_FILE`	153	`echo "LDAP=off" >> $CONF_FILE`
169	`else`	154	`else`
170	`echo "LDAP=on" >> $CONF_FILE`	155	`echo "LDAP=on" >> $CONF_FILE`
171	`fi`	156	`fi`
172	PROTOCOLS_FILTERING=`grep ^PROTO_FILTERING /usr/local/bin/alcasar-iptables.sh \| cut -d"=" -f2`	157	PROTOCOLS_FILTERING=`grep ^PROTO_FILTERING /usr/local/bin/alcasar-iptables.sh \| cut -d"=" -f2`
173	`PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:="no"}`	158	`PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:="no"}`
174	`if [ $PROTOCOLS_FILTERING = "no" ]; then`	159	`if [ $PROTOCOLS_FILTERING = "no" ]; then`
175	`echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE`	160	`echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE`
176	`else`	161	`else`
177	`echo "PROTOCOLS_FILTERING=on" >> $CONF_FILE`	162	`echo "PROTOCOLS_FILTERING=on" >> $CONF_FILE`
178	`fi`	163	`fi`
179	DNS_FILTERING=`grep ^reportinglevel /etc/dansguardian/dansguardian.conf \| cut -d"=" -f2 \| tr -d " "`	164	DNS_FILTERING=`grep ^reportinglevel /etc/dansguardian/dansguardian.conf \| cut -d"=" -f2 \| tr -d " "`
180	`DNS_FILTERING=${DNS_FILTERING:="-1"}`	165	`DNS_FILTERING=${DNS_FILTERING:="-1"}`
181	`if [ $DNS_FILTERING -eq "-1" ]; then`	166	`if [ $DNS_FILTERING -eq "-1" ]; then`
182	`echo "DNS_FILTERING=off" >> $CONF_FILE`	167	`echo "DNS_FILTERING=off" >> $CONF_FILE`
183	`else`	168	`else`
184	`echo "DNS_FILTERING=on" >> $CONF_FILE`	169	`echo "DNS_FILTERING=on" >> $CONF_FILE`
185	`fi`	170	`fi`
186	`cp $CONF_FILE $DIR_UPDATE/etc/`	-
187	`fi`	171	`fi`
-		172	`# DHCP mode can be "off/half/full" since V2.6`
-		173	DHCP_mode=`cat $CONF_FILE\|grep DHCP=\|cut -d"=" -f2`
-		174	`if [ $DHCP_mode = "on" ]; then`
-		175	`$SED "s?^DHCP=on.*?DHCP=half?" $CONF_FILE # DHCP option can be "off/half/full" since V2.6`
-		176	`fi`
-		177	`cp $CONF_FILE $DIR_UPDATE/etc/`
188	`# le paramêtre 'EXT_LAN_FILTERING' n'existe plus depuis la V2.6`	178	`# le paramêtre 'EXT_LAN_FILTERING' n'existe plus depuis la V2.6`
189	`$SED "/^EXT_LAN/d" $DIR_UPDATE/etc/alcasar.conf`	179	`$SED "/^EXT_LAN/d" $DIR_UPDATE/etc/alcasar.conf`
190	`# le répertoire "ISO" est remplacé par "system_backup" suite à la suppression de "mondoarchive" (V2.5)`	180	`# le répertoire "ISO" est remplacé par "system_backup" suite à la suppression de "mondoarchive" (V2.5)`
191	`rm -rf /var/Save/ISO`	181	`rm -rf /var/Save/ISO`
192	`# création de l'archive et copie dans le répertoire WEB associé`	182	`# création de l'archive et copie dans le répertoire WEB associé`
193	`cd /tmp`	183	`cd /tmp`
194	`tar -cf alcasar-conf.tar conf/`	184	`tar -cf alcasar-conf.tar conf/`
195	`gzip -f alcasar-conf.tar`	185	`gzip -f alcasar-conf.tar`
196	`[ -d $DIR_SAVE ] && cp alcasar-conf.tar.gz $DIR_SAVE/$fichier`	186	`[ -d $DIR_SAVE ] && cp alcasar-conf.tar.gz $DIR_SAVE/$fichier`
197	`rm -rf $DIR_UPDATE`	187	`rm -rf $DIR_UPDATE`
198	`;;`	188	`;;`
199	`--load\|-load)`	189	`--load\|-load)`
200	`cd /tmp`	190	`cd /tmp`
201	`tar -xf /tmp/alcasar-conf.tar.gz`	191	`tar -xf /tmp/alcasar-conf.tar.gz`
202	`# Récupération du logo`	192	`# Récupération du logo`
203	`[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/`	193	`[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/`
204	`chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php`	194	`chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php`
205	`# Récupération des certificats (CA et serveur)`	195	`# Récupération des certificats (CA et serveur)`
206	`[ -e $DIR_UPDATE/alcasar-ca.crt ] && cp -f $DIR_UPDATE/alcasar-ca.crt /etc/pki/CA/`	196	`[ -e $DIR_UPDATE/alcasar-ca.crt ] && cp -f $DIR_UPDATE/alcasar-ca.crt /etc/pki/CA/`
207	`[ -e $DIR_UPDATE/alcasar-ca.key ] && cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/`	197	`[ -e $DIR_UPDATE/alcasar-ca.key ] && cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/`
208	`[ -e $DIR_UPDATE/alcasar.crt ] && cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/`	198	`[ -e $DIR_UPDATE/alcasar.crt ] && cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/`
209	`[ -e $DIR_UPDATE/alcasar.key ] && cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/`	199	`[ -e $DIR_UPDATE/alcasar.key ] && cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/`
210	`[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt /etc/pki/tls/certs/`	200	`[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt /etc/pki/tls/certs/`
211	`chown -R root:apache /etc/pki`	201	`chown -R root:apache /etc/pki`
212	`chmod -R 750 /etc/pki`	202	`chmod -R 750 /etc/pki`
213	`# Import de la dernière base usagers`	203	`# Import de la dernière base usagers`
214	mysql -u$DB_USER -p$radiuspwd < `ls $DIR_UPDATE/radius*`	204	mysql -u$DB_USER -p$radiuspwd < `ls $DIR_UPDATE/radius*`
215	`# Récupération des paramêtres locaux (fichier de conf, règles de filtrage, fichiers d'exception, comptes de gestion, etc.)`	205	`# Récupération des paramêtres locaux (fichier de conf, règles de filtrage, fichiers d'exception, comptes de gestion, etc.)`
216	`[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/`	206	`[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/`
217	`# Récupération des fichiers de Dansguardian`	207	`# Récupération des fichiers de Dansguardian`
218	`[ -e $DIR_UPDATE/exceptioniplist ] && cp -f $DIR_UPDATE/exceptioniplist /etc/dansguardian/lists/`	208	`[ -e $DIR_UPDATE/exceptioniplist ] && cp -f $DIR_UPDATE/exceptioniplist /etc/dansguardian/lists/`
219	`[ -e $DIR_UPDATE/exceptionsitelist ] && cp -f $DIR_UPDATE/exceptionsitelist /etc/dansguardian/lists/`	209	`[ -e $DIR_UPDATE/exceptionsitelist ] && cp -f $DIR_UPDATE/exceptionsitelist /etc/dansguardian/lists/`
220	`[ -e $DIR_UPDATE/bannedsitelist ] && cp -f $DIR_UPDATE/bannedsitelist /etc/dansguardian/lists/`	210	`[ -e $DIR_UPDATE/bannedsitelist ] && cp -f $DIR_UPDATE/bannedsitelist /etc/dansguardian/lists/`
221	`[ -e $DIR_UPDATE/exceptionurllist ] && cp -f $DIR_UPDATE/exceptionurllist /etc/dansguardian/lists/`	211	`[ -e $DIR_UPDATE/exceptionurllist ] && cp -f $DIR_UPDATE/exceptionurllist /etc/dansguardian/lists/`
222	`[ -e $DIR_UPDATE/bannedurllist ] && cp -f $DIR_UPDATE/bannedurllist /etc/dansguardian/lists/`	212	`[ -e $DIR_UPDATE/bannedurllist ] && cp -f $DIR_UPDATE/bannedurllist /etc/dansguardian/lists/`
223	`[ -d $DIR_UPDATE/ossi ] && cp -rf $DIR_UPDATE/ossi /etc/dansguardian/lists/blacklists/`	213	`[ -d $DIR_UPDATE/ossi ] && cp -rf $DIR_UPDATE/ossi /etc/dansguardian/lists/blacklists/`
224	`chown -R dansguardian:apache /etc/dansguardian/lists`	214	`chown -R dansguardian:apache /etc/dansguardian/lists`
225	`chmod -R g+rw /etc/dansguardian/lists`	215	`chmod -R g+rw /etc/dansguardian/lists`
226	`# Start / Stop DNS/URL filtering`	216	`# Start / Stop DNS/URL filtering`
227	`PARENT_SCRIPT=$0`	217	`PARENT_SCRIPT=$0`
228	`export PARENT_SCRIPT`	218	`export PARENT_SCRIPT`
229	`$DIR_SBIN/alcasar-bl.sh -reload`	219	`$DIR_SBIN/alcasar-bl.sh -reload`
230	`# Prise en compte des comptes de gestion (admin + manager + backup)`	220	`# Prise en compte des comptes de gestion (admin + manager + backup)`
231	`$DIR_SBIN/alcasar-profil.sh --list`	221	`$DIR_SBIN/alcasar-profil.sh --list`
232	`# Start / Stop SSH Daemon`	222	`# Start / Stop SSH Daemon`
233	ssh_active=`grep SSH $CONF_FILE\|cut -d"=" -f2`	223	ssh_active=`grep SSH $CONF_FILE\|cut -d"=" -f2`
234	`if [ $ssh_active = "on" ]`	224	`if [ $ssh_active = "on" ]`
235	`then`	225	`then`
236	`/sbin/chkconfig --add sshd`	226	`/sbin/chkconfig --add sshd`
237	`else`	227	`else`
238	`/sbin/chkconfig --del sshd`	228	`/sbin/chkconfig --del sshd`
239	`fi`	229	`fi`
240	`# Effacement du répertoire d'update`	230	`# Effacement du répertoire d'update`
241	`rm -rf $DIR_UPDATE`	231	`rm -rf $DIR_UPDATE`
242	`;;`	232	`;;`
243	`--apply\|-apply)`	233	`--apply\|-apply)`
244	`PTN="\b(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\/[012]?[0-9]\b"`	234	`PTN="\b(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\/[012]?[0-9]\b"`
245	PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE\|cut -d"=" -f2`	235	PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE\|cut -d"=" -f2`
246	`check=$(echo $PRIVATE_IP_MASK \| egrep $PTN)`	236	`check=$(echo $PRIVATE_IP_MASK \| egrep $PTN)`
247	`if [[ "$?" -ne 0 ]]`	237	`if [[ "$?" -ne 0 ]]`
248	`then`	238	`then`
249	`echo "Syntax error for PRIVATE_IP_MASK ($PRIVATE_IP_MASK)"`	239	`echo "Syntax error for PRIVATE_IP_MASK ($PRIVATE_IP_MASK)"`
250	`exit 0`	240	`exit 0`
251	`fi`	241	`fi`
252	PUBLIC_IP_MASK=`grep PUBLIC_IP $CONF_FILE\|cut -d"=" -f2`	242	PUBLIC_IP_MASK=`grep PUBLIC_IP $CONF_FILE\|cut -d"=" -f2`
253	`check=$(echo $PUBLIC_IP_MASK \| egrep $PTN)`	243	`check=$(echo $PUBLIC_IP_MASK \| egrep $PTN)`
254	`if [[ "$?" -ne 0 ]]`	244	`if [[ "$?" -ne 0 ]]`
255	`then`	245	`then`
256	`echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"`	246	`echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"`
257	`exit 0`	247	`exit 0`
258	`fi`	248	`fi`
259	`PTN="\b(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\b"`	249	`PTN="\b(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\b"`
260	PUBLIC_GATEWAY=`grep GW $CONF_FILE\|cut -d"=" -f2`	250	PUBLIC_GATEWAY=`grep GW $CONF_FILE\|cut -d"=" -f2`
261	`check=$(echo $PUBLIC_GATEWAY \| egrep $PTN)`	251	`check=$(echo $PUBLIC_GATEWAY \| egrep $PTN)`
262	`if [[ "$?" -ne 0 ]]`	252	`if [[ "$?" -ne 0 ]]`
263	`then`	253	`then`
264	`echo "Syntax error for the Gateway IP ($PUBLIC_GATEWAY)"`	254	`echo "Syntax error for the Gateway IP ($PUBLIC_GATEWAY)"`
265	`exit 0`	255	`exit 0`
266	`fi`	256	`fi`
267	DNS1=`grep DNS1 $CONF_FILE\|cut -d"=" -f2`	257	DNS1=`grep DNS1 $CONF_FILE\|cut -d"=" -f2`
268	`check=$(echo $DNS1 \| egrep $PTN)`	258	`check=$(echo $DNS1 \| egrep $PTN)`
269	`if [[ "$?" -ne 0 ]]`	259	`if [[ "$?" -ne 0 ]]`
270	`then`	260	`then`
271	`echo "Syntax error for the IP address of the first DNS server ($DNS1)"`	261	`echo "Syntax error for the IP address of the first DNS server ($DNS1)"`
272	`exit 0`	262	`exit 0`
273	`fi`	263	`fi`
274	DNS2=`grep DNS2 $CONF_FILE\|cut -d"=" -f2`	264	DNS2=`grep DNS2 $CONF_FILE\|cut -d"=" -f2`
275	`check=$(echo $DNS2 \| egrep $PTN)`	265	`check=$(echo $DNS2 \| egrep $PTN)`
276	`if [[ "$?" -ne 0 ]]`	266	`if [[ "$?" -ne 0 ]]`
277	`then`	267	`then`
278	`echo "Syntax error for the IP address of the second DNS server ($DNS2)"`	268	`echo "Syntax error for the IP address of the second DNS server ($DNS2)"`
279	`exit 0`	269	`exit 0`
280	`fi`	270	`fi`
281	PUBLIC_IP=`echo $PUBLIC_IP_MASK \| cut -d"/" -f1`	271	PUBLIC_IP=`echo $PUBLIC_IP_MASK \| cut -d"/" -f1`
282	PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK \| cut -d"=" -f2`	272	PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK \| cut -d"=" -f2`
283	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`	273	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`
284	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK \| cut -d"=" -f2`	274	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK \| cut -d"=" -f2`
285	`private_network_calc`	275	`private_network_calc`
286	VERSION=`grep VERSION $CONF_FILE\|cut -d"=" -f2`	276	VERSION=`grep VERSION $CONF_FILE\|cut -d"=" -f2`
287	INSTALL_DATE=`grep INSTALL_DATE $CONF_FILE\|cut -d"=" -f2`	277	INSTALL_DATE=`grep INSTALL_DATE $CONF_FILE\|cut -d"=" -f2`
288	ORGANISME=`grep ORGANISM $CONF_FILE\|cut -d"=" -f2`	278	ORGANISME=`grep ORGANISM $CONF_FILE\|cut -d"=" -f2`
-		279	DHCP_mode=`grep DHCP= $CONF_FILE\|cut -d"=" -f2`
289	`# Logout everybody`	280	`# Logout everybody`
290	`$DIR_SBIN/alcasar-logout.sh all`	281	`$DIR_SBIN/alcasar-logout.sh all`
291	`# Services stop`	282	`# Services stop`
292	`for i in squid ntpd chilli httpd sshd network`	283	`for i in squid ntpd chilli httpd sshd network`
293	`do`	284	`do`
294	`[ -e /etc/init.d/$i ] && /etc/init.d/$i stop && killall $i 2>/dev/null`	285	`[ -e /etc/init.d/$i ] && /etc/init.d/$i stop && killall $i 2>/dev/null`
295	`done`	286	`done`
296		287
297	`# /etc/hosts`	288	`# /etc/hosts`
298	`cat <<EOF > /etc/hosts`	289	`cat <<EOF > /etc/hosts`
299	`127.0.0.1 localhost`	290	`127.0.0.1 localhost`
300	`$PRIVATE_IP $HOSTNAME`	291	`$PRIVATE_IP $HOSTNAME`
301	`EOF`	292	`EOF`
302		293
303	`# Ext Network Card config`	294	`# Ext Network Card config`
304	`$SED "s?^IPADDR=.*?IPADDR=$PUBLIC_IP?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF`	295	`$SED "s?^IPADDR=.*?IPADDR=$PUBLIC_IP?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF`
305	`$SED "s?^NETMASK=.*?NETMASK=$PUBLIC_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF`	296	`$SED "s?^NETMASK=.*?NETMASK=$PUBLIC_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF`
306	`$SED "s?^GATEWAY=.*?GATEWAY=$PUBLIC_GATEWAY?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF`	297	`$SED "s?^GATEWAY=.*?GATEWAY=$PUBLIC_GATEWAY?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF`
307	`# NTP server`	298	`# NTP server`
308	`$SED "/127.0.0.1/!s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap?g" /etc/ntp.conf`	299	`$SED "/127.0.0.1/!s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap?g" /etc/ntp.conf`
309	`# host.allow`	300	`# host.allow`
310	`cat <<EOF > /etc/hosts.allow`	301	`cat <<EOF > /etc/hosts.allow`
311	`ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP`	302	`ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP`
312	`sshd: ALL`	303	`sshd: ALL`
313	`ntpd: $PRIVATE_NETWORK_SHORT`	304	`ntpd: $PRIVATE_NETWORK_SHORT`
314	`EOF`	305	`EOF`
315	`# Alcasar Control Center`	306	`# Alcasar Control Center`
316	`echo "$VERSION du $INSTALL_DATE" > /var/www/html/VERSION; chown apache:apache /var/www/html/VERSION`	307	`echo "$VERSION du $INSTALL_DATE" > /var/www/html/VERSION; chown apache:apache /var/www/html/VERSION`
317	`$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf`	308	`$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf`
318	FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`	309	FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
319	`$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL`	310	`$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL`
320	`$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf`	311	`$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf`
321	`# Dialup_Admin`	312	`# Dialup_Admin`
322	`$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf`	313	`$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf`
323	`$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf`	314	`$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf`
324	`# coova`	315	`# coova`
325	`$SED "s?ifconfig.*?ifconfig \$HS_LANIF $PRIVATE_IP?g" /etc/init.d/chilli`	316	`$SED "s?ifconfig.*?ifconfig \$HS_LANIF $PRIVATE_IP?g" /etc/init.d/chilli`
326	`$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf`	317	`$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf`
327	`$SED "s?^dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf`	-
328	`$SED "s?^statip.*?#statip?g" /etc/chilli.conf`	-
329	`$SED "s?^dns1.*?dns1\t\t$PRIVATE_IP?g" /etc/chilli.conf`	318	`$SED "s?^dns1.*?dns1\t\t$PRIVATE_IP?g" /etc/chilli.conf`
330	`$SED "s?^dns2.*?dns2\t\t$PRIVATE_IP?g" /etc/chilli.conf`	319	`$SED "s?^dns2.*?dns2\t\t$PRIVATE_IP?g" /etc/chilli.conf`
331	`$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf`	320	`$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf`
332	`$SED "s?^\$organisme = .*?\$organisme = \"$ORGANISME\";?g" /var/www/html/intercept.php /var/www/html/status.php`	321	`$SED "s?^\$organisme = .*?\$organisme = \"$ORGANISME\";?g" /var/www/html/intercept.php /var/www/html/status.php`
-		322	`# dhcp (coova + dnsmasq)`
-		323	`$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode`
333	`# awstat`	324	`# awstat`
334	`$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf`	325	`$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf`
335	`# dnsmasq`	326	`# dnsmasq`
336	`$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf`	327	`$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf`
337	`for i in /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf`	328	`for i in /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf`
338	`do`	329	`do`
339	`$SED "/^server=/d" $i`	330	`$SED "/^server=/d" $i`
340	`echo "server=$DNS1" >> $i`	331	`echo "server=$DNS1" >> $i`
341	`echo "server=$DNS2" >> $i`	332	`echo "server=$DNS2" >> $i`
342	`done`	333	`done`
343	`$SED "s?^dhcp-range=.*?dhcp-range=$PRIVATE_DYN_FIRST_IP,$PRIVATE_DYN_LAST_IP,$PRIVATE_NETMASK,12h?g" /etc/dnsmasq.conf`	-
344	`$SED "s?^dhcp-option=option:router.*?dhcp-option=option:router,$PRIVATE_IP?g" /etc/dnsmasq.conf`	334	`$SED "s?^dhcp-option=option:router.*?dhcp-option=option:router,$PRIVATE_IP?g" /etc/dnsmasq.conf`
345	`# DG + BL`	335	`# DG + BL`
346	`$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf`	336	`$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf`
347	`# Watchdog`	337	`# Watchdog`
348	`$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh`	338	`$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh`
349	`# SSHD`	339	`# SSHD`
350	`$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config`	340	`$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config`
351	`$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config`	341	`$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config`
352	`# Prompts`	342	`# Prompts`
353	`$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc`	343	`$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc`
354	`# sudoers`	344	`# sudoers`
355	`$SED "s?^Host_Alias.*?Host_Alias LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost #réseau de l'organisme?g" /etc/sudoers`	345	`$SED "s?^Host_Alias.*?Host_Alias LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost #réseau de l'organisme?g" /etc/sudoers`
356	`# Services start`	346	`# Services start`
357	`for i in network squid ntpd chilli httpd`	347	`for i in network squid ntpd chilli httpd`
358	`do`	348	`do`
359	`[ -e /etc/init.d/$i ] && /etc/init.d/$i start 2>/dev/null`	349	`[ -e /etc/init.d/$i ] && /etc/init.d/$i start 2>/dev/null`
360	`done`	350	`done`
361	`# Start / Stop SSH Daemon`	351	`# Start / Stop SSH Daemon`
362	ssh_active=`grep SSH $CONF_FILE\|cut -d"=" -f2`	352	ssh_active=`grep SSH $CONF_FILE\|cut -d"=" -f2`
363	`if [ $ssh_active = "on" ]`	353	`if [ $ssh_active = "on" ]`
364	`then`	354	`then`
365	`/sbin/chkconfig --add sshd`	355	`/sbin/chkconfig --add sshd`
366	`/etc/init.d/sshd start`	356	`/etc/init.d/sshd start`
367	`else`	357	`else`
368	`/sbin/chkconfig --del sshd`	358	`/sbin/chkconfig --del sshd`
369	`fi`	359	`fi`
370	`# Reload BL (restart DG, dnsmasq & iptables)`	360	`# Reload BL (restart DG, dnsmasq & iptables)`
371	`$DIR_SBIN/alcasar-bl.sh -reload`	361	`$DIR_SBIN/alcasar-bl.sh -reload`
372	`;;`	362	`;;`
373	`*)`	363	`*)`
374	`echo "Argument inconnu :$1";`	364	`echo "Argument inconnu :$1";`
375	`echo "$usage"`	365	`echo "$usage"`
376	`exit 1`	366	`exit 1`
377	`;;`	367	`;;`
378	`esac`	368	`esac`
379		369
380		370

Subversion Repositories ALCASAR

(root)/scripts/alcasar-conf.sh @ 2707 – Rev 861 → 862