Subversion Repositories ALCASAR

Rev

Rev 1386 | Rev 1389 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1386 Rev 1387
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 1386 2014-06-12 14:53:07Z richard $ 
2
#  $Id: alcasar.sh 1387 2014-06-13 16:57:56Z richard $ 
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
 
5
 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
7
# Ce programme est un logiciel libre ; This software is free and open source
7
# Ce programme est un logiciel libre ; This software is free and open source
Line 1307... Line 1307...
1307
##########################################################
1307
##########################################################
1308
param_dnsmasq ()
1308
param_dnsmasq ()
1309
{
1309
{
1310
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
1310
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
1311
	[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
1311
	[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
1312
	$SED "s?^DHCP_LEASE=.*?DHCP_LEASE=/var/log/dnsmasq/lease.log?g" /etc/sysconfig/dnsmasq # fichier contenant les baux
1312
	$SED "s?^OPTION=.*?OPTION=-C /etc/dnsmasq.conf?g" /etc/sysconfig/dnsmasq # default conf file for the first dnsmasq instance
1313
# Option : on pré-active les logs DNS des clients
-
 
1314
	$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g"  /etc/sysconfig/dnsmasq
-
 
1315
# Option : exemple de paramètre supplémentaire pour le cache memoire
-
 
1316
	echo '#OPTIONS="$OPTIONS --cache-size=250"' >> /etc/sysconfig/dnsmasq
-
 
1317
# Option : exemple de configuration avec un A.D.
-
 
1318
	echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.3"' >> /etc/sysconfig/dnsmasq
-
 
1319
	[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
1313
	[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
1320
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if bypass is on.
1314
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if bypass is on.
1321
	cat << EOF > /etc/dnsmasq.conf 
1315
	cat << EOF > /etc/dnsmasq.conf 
1322
# Configuration file for "dnsmasq in forward mode"
1316
# Configuration file for "dnsmasq in forward mode"
1323
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux
1317
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1324
listen-address=$PRIVATE_IP
1318
listen-address=$PRIVATE_IP
1325
listen-address=127.0.0.1
1319
listen-address=127.0.0.1
1326
no-dhcp-interface=$INTIF
1320
no-dhcp-interface=$INTIF
-
 
1321
no-dhcp-interface=tun0
-
 
1322
no-dhcp-interface=lo
1327
bind-interfaces
1323
bind-interfaces
1328
cache-size=256
1324
cache-size=256
1329
domain=$DOMAIN
1325
domain=$DOMAIN
1330
domain-needed
1326
domain-needed
1331
expand-hosts
1327
expand-hosts
1332
bogus-priv
1328
bogus-priv
1333
filterwin2k
1329
filterwin2k
1334
server=$DNS1
1330
server=$DNS1
1335
server=$DNS2
1331
server=$DNS2
1336
# le servive DHCP est configuré mais n'est exploité que pour le "bypass"
1332
# DHCP service is configured. It will be enabled in "bypass" mode
1337
dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
1333
dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
1338
dhcp-option=option:router,$PRIVATE_IP
1334
dhcp-option=option:router,$PRIVATE_IP
1339
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
1335
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
1340
 
1336
 
1341
# Exemple de configuration statique : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
1337
# Exemple of static dhcp assignation : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
1342
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
1338
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
1343
EOF
1339
EOF
1344
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
1340
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
1345
	cat << EOF > /etc/dnsmasq-blacklist.conf 
1341
	cat << EOF > /etc/dnsmasq-blacklist.conf 
1346
	# Configuration file for "dnsmasq with blacklist"
1342
	# Configuration file for "dnsmasq with blacklist"
1347
# Inclusion de la blacklist <domains> de Toulouse dans la configuration
1343
# Add Toulouse blacklist domains
1348
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
1344
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
1349
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux
1345
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1350
listen-address=$PRIVATE_IP
1346
listen-address=$PRIVATE_IP
1351
port=54
1347
port=54
1352
no-dhcp-interface=$INTIF
1348
no-dhcp-interface=$INTIF
-
 
1349
no-dhcp-interface=tun0
1353
bind-interfaces
1350
bind-interfaces
1354
cache-size=256
1351
cache-size=256
1355
domain=$DOMAIN
1352
domain=$DOMAIN
1356
domain-needed
1353
domain-needed
1357
expand-hosts
1354
expand-hosts
Line 1367... Line 1364...
1367
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
1364
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
1368
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux
1365
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# zone de definition de noms DNS locaux
1369
listen-address=$PRIVATE_IP
1366
listen-address=$PRIVATE_IP
1370
port=55
1367
port=55
1371
no-dhcp-interface=$INTIF
1368
no-dhcp-interface=$INTIF
-
 
1369
no-dhcp-interface=tun0
1372
bind-interfaces
1370
bind-interfaces
1373
cache-size=256
1371
cache-size=256
1374
domain=$DOMAIN
1372
domain=$DOMAIN
1375
domain-needed
1373
domain-needed
1376
expand-hosts
1374
expand-hosts
Line 1383... Line 1381...
1383
# Create dnsmasq-blacklist and dnsmasq-whitelist unit
1381
# Create dnsmasq-blacklist and dnsmasq-whitelist unit
1384
	cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service
1382
	cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service
1385
	cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-whitelist.service
1383
	cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-whitelist.service
1386
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service
1384
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service
1387
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
1385
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
-
 
1386
	$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-blacklist.pid?g" /lib/systemd/system/dnsmasq-blacklist.service
-
 
1387
	$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service
1388
} # End dnsmasq
1388
} # End dnsmasq
1389
 
1389
 
1390
##########################################################
1390
##########################################################
1391
##		Fonction "BL"				##
1391
##		Fonction "BL"				##
1392
##########################################################
1392
##########################################################
Line 1435... Line 1435...
1435
	$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
1435
	$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
1436
# adapt the BL to ALCASAR architecture. Enable the default categories
1436
# adapt the BL to ALCASAR architecture. Enable the default categories
1437
	if [ "$mode" != "update" ]; then
1437
	if [ "$mode" != "update" ]; then
1438
		$DIR_DEST_SBIN/alcasar-bl.sh --adapt
1438
		$DIR_DEST_SBIN/alcasar-bl.sh --adapt
1439
		$DIR_DEST_SBIN/alcasar-bl.sh --cat_choice
1439
		$DIR_DEST_SBIN/alcasar-bl.sh --cat_choice
1440
		$DIR_DEST_SBIN/alcasar-bl.sh --ip_retrieving
1440
# !!! we can be banned by DNS server (waiting for a cool solution	$DIR_DEST_SBIN/alcasar-bl.sh --ip_retrieving
1441
	fi
1441
	fi
1442
}
1442
}
1443
 
1443
 
1444
##########################################################
1444
##########################################################
1445
##		Fonction "cron"				##
1445
##		Fonction "cron"				##