WebSVN – ALCASAR – Diff – /alcasar.sh



#!/bin/bash
#  $Id: alcasar.sh 2724 2019-05-05 19:05:53Z rexy $
 
# alcasar.sh
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
# This script is distributed under the Gnu General Public License (GPL)
#  team@alcasar.net

	done
	if [ "$response" = "n" ] || [ "$response" = "N" ]
	then
		exit 1
	fi
} # End of license()
 
header_install()
{
	clear
	echo "-----------------------------------------------------------------------------"
	echo "                     ALCASAR V$VERSION Installation"
	echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
	echo "-----------------------------------------------------------------------------"
 
} # End of header_install()
 
########################################################
##                  Function "testing"                ##
## - Test Mageia version                              ##
## - Test ALCASAR version (if already installed)      ##

		else echo "External interface (Internet) used: $EXTIF"
	fi
 
	if [ -z "$INTIF" ]; then
		interfacesList=$(/usr/sbin/ip -br link show | cut -d' ' -f1 | grep -v "^\(lo\|tun0\|$EXTIF\)\$")
		interfacesCount=$(echo "$interfacesList" | wc -w)
		if [ $interfacesCount -eq 0 ]; then
			if [ "$Lang" == 'fr' ]
				then echo "Aucune interface de disponible pour le réseau interne"
				else echo "No interface available for the internal network"
			fi

		elif [ $interfacesCount -eq 1 ]; then
			INTIF="$interfacesList"
		else
			interfacesSorted=$(/usr/sbin/ip -br addr | grep -v "^\(lo\|tun0\|$EXTIF\) " | sort -b -k3n -k2r -k1)
			interfacePreferred=$(echo "$interfacesSorted" | head -1 | cut -d' ' -f1)
 
			if [ "$Lang" == 'fr' ]
				then echo 'Liste des interfaces disponible :'
				else echo 'List of available interfaces:'
			fi
			echo "$interfacesSorted"

			echo "Verify the DNS IP addresses"
		fi
		exit 1
	fi
	echo ". : ok"
} # End of testing()
 
#######################################################################
##                    Function "init"                                ##
## - Creation of ALCASAR conf file "/usr/local/etc/alcasar.conf      ##
## - Creation of random password for GRUB, mariadb (admin and user)  ##

	$SED "s?^tmpdir.*?tmpdir=/tmp?g" /etc/my.cnf
	$SED "s?^port.*?#&?g" /etc/my.cnf # we use unix socket only
	$SED "s?^;collation_server =.*?collation_server = utf8_unicode_ci?g" /etc/my.cnf
	$SED "s?^;character_set_server =.*?character_set_server = utf8?g" /etc/my.cnf  # accentuated user names are allowed
	[ -e /etc/my.cnf.d/feedback.cnf ] && $SED "s?^plugin-load.*?#&?g" /etc/my.cnf.d/feedback.cnf # remove the feedback plugin (ALCASAR doesn't report anything !)
	[ -e /etc/my.cnf.d/auth_gssapi.cnf ] && $SED "s?^plugin-load.*?#&?g" /etc/my.cnf.d/auth_gssapi.cnf # remove GSS plugin (ALCASAR doesn't use Kerberos)
	/usr/sbin/mysqld-prepare-db-dir > /dev/null 2>&1
	/usr/bin/systemctl set-environment MYSQLD_OPTS="--skip-grant-tables --skip-networking"
	/usr/bin/systemctl start mysqld
	nb_round=1
	while [ ! -S /var/lib/mysql/mysql.sock ] && [ $nb_round -lt 10 ] # we wait until mariadb is on

		echo "Problème : la base données 'MariaDB' ne s'est pas lancée !"
		exit
	fi
# Secure the server
	/usr/bin/mysql --execute "GRANT ALL PRIVILEGES ON *.* TO root@'localhost' IDENTIFIED BY '$mysqlpwd';"
 
	MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --execute"
	$MYSQL "DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;"
	$MYSQL "CONNECT mysql;DELETE from user where User='';DELETE FROM user WHERE User='root' AND Host NOT IN ('localhost','127.0.0.1','::1');FLUSH PRIVILEGES;"
# Create 'radius' database
	$MYSQL "CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES;"

	[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default
	$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
	/usr/bin/systemctl daemon-reload
# Allow apache to change some conf files (ie : ldap on/off)
	chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available
} # End of freeradius()
 
#############################################################################
##                           Function "chilli"                             ##
## - Creation of the conf file and init file (systemd) for coova-chilli    ##
## - Adapt the authentication web page (intercept.php)                     ##

 
[Install]
WantedBy=multi-user.target
EOF
 
} # end of tinyproxy()
 
##############################################################
##                            function "ulogd"              ##
## - Ulog config for multi-log files                        ##
##############################################################
ulogd()
{
# Three instances of ulogd (three different logfiles)
	[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
	nl=1

	chown -R root:apache /var/log/firewall
	chmod 750 /var/log/firewall
	chmod 640 /var/log/firewall/*
}  # End of ulogd()
 
 
##########################################################
##                    Function "nfsen"                  ##
## - install the nfsen grapher                          ##
## - install the two plugins porttracker & surfmap      ##
##########################################################

# see https://adullact.net/forum/forum.php?thread_id=319545&forum_id=1601&group_id=450
#	cp $DIR_CONF/nfsen/SURFmap_*.tar.gz /tmp/
#	cp $DIR_CONF/nfsen/GeoLiteCity* /tmp/
#	tar xzf /tmp/SURFmap_*.tar.gz -C /tmp/
#	cd /tmp/
#	/usr/bin/sh SURFmap/install.sh (no more used since Google sells the access to googleMap API)
# clear the installation
#	rm -rf /tmp/SURFmap*
	rm -rf /tmp/nfsen-*
	cd $DirTmp || { echo "Unable to find $DirTmp directory"; exit 1; }
	chown -R apache:apache /var/www/html/acc/manager/nfsen /usr/share/nfsen /var/log/nfsen

	$SED "s?^DatabaseDir.*?DatabaseDir /var/log/vnstat?g" /etc/vnstat.conf
	[ -e $DIR_ACC/manager/stats/config.php.default ] || cp $DIR_ACC/manager/stats/config.php $DIR_ACC/manager/stats/config.php.default
	$SED "s?\$iface_list =.*?\$iface_list = array('$EXTIF');?" $DIR_ACC/manager/stats/config.php
	$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php
	/usr/bin/vnstat -i $EXTIF -u --force
} # End of vnstat()
 
###################################################################
##                     Function "dnsmasq"                        ##
## - creation of the conf files of dnsmasq (whitelist for ipset )##
 
###################################################################
dnsmasq()
{
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
	[ -e /etc/dnsmasq.conf.default ] || mv /etc/dnsmasq.conf /etc/dnsmasq.conf.default
	# dnsmasq listen on udp 55 ("dnsmasq with whitelist")
	cat << EOF > /etc/dnsmasq-whitelist.conf
# Configuration file for "dnsmasq with whitelist"
# ADD Toulouse university whitelist domains
pid-file=/var/run/dnsmasq-whitelist.pid
listen-address=127.0.0.1

filterwin2k
ipset=/#/wl_ip_allowed	# dynamically add the resolv IP address in the Firewall rules
server=$DNS1
server=$DNS2
EOF
 
	# Create dnsmasq-whitelist unit
	mv /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default
	cp /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq-whitelist.service
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
	$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service
} # End of dnsmasq()
 
#########################################################
##              Function "unbound"                     ##
## - create the conf files for 4 unbound services      ##
## - create the systemd files for 4 unbound services   ##
#########################################################
unbound ()
{
	[ -d /etc/unbound/conf.d ] || mkdir -p /etc/unbound/conf.d
	[ -d /etc/unbound/conf.d/common ] || mkdir /etc/unbound/conf.d/common
	[ -d /etc/unbound/conf.d/common/local-forward ] || mkdir /etc/unbound/conf.d/common/local-forward

	[ -d /etc/unbound/conf.d/blacklist ] || mkdir /etc/unbound/conf.d/blacklist
	[ -d /etc/unbound/conf.d/whitelist ] || mkdir /etc/unbound/conf.d/whitelist
	[ -d /etc/unbound/conf.d/blackhole ] || mkdir /etc/unbound/conf.d/blackhole
	[ -d /var/log/unbound ] || { mkdir /var/log/unbound; chown unbound:unbound /var/log/unbound; }
	[ -e /etc/unbound/unbound.conf.default ] || cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default
 
	# Local static DNS configuration
	[ -e /etc/unbound/conf.d/common/local-dns/global.conf ] || touch /etc/unbound/conf.d/common/local-dns/global.conf
 
# Forward zone configuration file for all unbound dns servers
	cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf

server:
	verbosity: 1
	hide-version: yes
	hide-identity: yes
	do-ip6: no
 
	include: /etc/unbound/conf.d/common/forward-zone.conf
	include: /etc/unbound/conf.d/common/local-forward/*
	include: /etc/unbound/conf.d/common/local-dns/*
	include: /etc/unbound/conf.d/forward/*
EOF

	do-ip6: no
	logfile: "/var/log/unbound/unbound-blacklist.log"
	chroot: ""
	define-tag: "blacklist"
	log-local-actions: yes
 
	include: /etc/unbound/conf.d/common/forward-zone.conf
	include: /etc/unbound/conf.d/common/local-forward/*
	include: /etc/unbound/conf.d/common/local-dns/*
	include: /etc/unbound/conf.d/blacklist/*
 
	include: /usr/local/share/unbound-bl-enabled/*
EOF
 
# Configuration file for $INTIF of whitelist unbound
	cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf

	hide-version: yes
	hide-identity: yes
	do-ip6: no
	do-not-query-localhost: no
	define-tag: "whitelist"
 
	local-zone: "." transparent
	local-zone-tag: "." "whitelist"
 
	include: /usr/local/share/unbound-wl-enabled/*
	include: /etc/unbound/conf.d/whitelist/*
	include: /etc/unbound/conf.d/common/local-dns/*
	include: /etc/unbound/conf.d/common/local-forward/*
 
forward-zone:
	name: "."
	forward-addr: 127.0.0.1@55
EOF
 

server:
	verbosity: 1
	hide-version: yes
	hide-identity: yes
	do-ip6: no
 
	include: /etc/unbound/conf.d/blackhole/*
	include: /etc/unbound/conf.d/common/local-dns/*
	include: /etc/unbound/conf.d/common/local-forward/*
EOF
 

	then
		cp -f /lib/systemd/system/unbound.service /lib/systemd/system/unbound.service.default
	fi
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound.conf?g" /lib/systemd/system/unbound.service
	$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /lib/systemd/system/unbound.service
 
	for list in blacklist blackhole whitelist
	do
		cp -f /lib/systemd/system/unbound.service /lib/systemd/system/unbound-$list.service
		$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound-$list.conf?g" /lib/systemd/system/unbound-$list.service
		$SED "s?^PIDFile=.*?PIDFile=/var/run/unbound-$list.pid?g" /lib/systemd/system/unbound-$list.service
	done
 
	$SED "s?^After=.*?After=syslog.target network-online.target chilli.service dnsmasq-whitelist.service?g" /lib/systemd/system/unbound-whitelist.service
} # End of unbound()
 
##################################################
##              Function "dhcpd"                ##
##################################################
dhcpd()
{
	[ -e /etc/dhcpd.conf.default ] || cp /etc/dhcpd.conf /etc/dhcpd.conf.default
 
	cat <<EOF > /etc/dhcpd.conf
ddns-update-style none;
subnet $PRIVATE_NETWORK netmask $PRIVATE_NETMASK {
	option routers $PRIVATE_IP;
	option subnet-mask $PRIVATE_NETMASK;
	option domain-name-servers $PRIVATE_IP;
 
	range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;
	default-lease-time 21600;
	max-lease-time 43200;
}
EOF
} # End of dhcpd()
 
##########################################################
##                      Function "BL"                   ##
## - copy Toulouse BL                                   ##
## - adapt this BL to ALCASAR architecture              ##

# adapt the Toulouse BL to ALCASAR architecture
	$DIR_DEST_BIN/alcasar-bl.sh --adapt
# enable the default categories
	$DIR_DEST_BIN/alcasar-bl.sh --cat_choice
	rm -rf /tmp/blacklists
} # End of BL()
 
#######################################################
##                  Function "cron"                  ##
## - write all cron & anacron files                  ##
#######################################################

@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1
EOF
 
# removing the users crons
	rm -f /var/spool/cron/*
} # End of cron()
 
######################################################################
##                      Fonction "Fail2Ban"                         ##
##- Adapt conf file to ALCASAR                                      ##
##- Secure items : DDOS, SSH-Brute-Force, Intercept.php Brute-Force ##

# fail2ban unit
[ -e /lib/systemd/system/fail2ban.service.default ] || cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default
$SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /usr/lib/systemd/system/fail2ban.service
$SED '/Type=/a\PIDFile=/var/run/fail2ban/fail2ban.pid' /usr/lib/systemd/system/fail2ban.service
$SED '/After=*/c After=syslog.target network.target lighttpd.service' /usr/lib/systemd/system/fail2ban.service
} # End of fail2ban()
 
#########################################################
##                   Fonction "gammu_smsd"             ##
## - Creating of SMS management database               ##
## - Write the gammu a gammu_smsd conf files           ##

#KERNEL=="ttyUSB0",ATTRS{idVendor}=="12d1",RUN+="$DIR_DEST_BIN/alcasar-sms.sh --mode"
#EOF
# Udev rule for fixing the enumeration of ttyUSB port on some MODEM (when they switch randomly the order of their ports at boot time)
# example : http://hintshop.ludvig.co.nz/show/persistent-names-usb-serial-devices/
 
} # End of gammu_smsd()
 
############################################################
##                 Fonction "msec"                        ##
## - Apply the "fileserver" security level                ##
## - remove the "system request" for rebboting            ##

EOF
# apply now hourly & daily checks
/usr/sbin/msec
/etc/cron.weekly/msec
 
} # End of msec()
 
 
##################################################################
##                   Fonction "letsencrypt"                     ##
## - Install Let's Encrypt client                               ##
## - Prepare Let's Encrypt ALCASAR configuration file           ##

EOF
 
	cd $pwdInstall || { echo "Unable to find $pwdInstall directory"; exit 1; }
	rm -rf /tmp/acme.sh-*
 
} # End of letsencrypt()
 
##################################################################
##                    Fonction "post_install"                   ##
## - Modifying banners (locals et ssh) & prompts                ##
## - SSH config                                                 ##

	then
		read
	fi
	clear
	reboot
} # End of post_install()
 
#####################################################################################
#                                   Main Install loop                               #
#####################################################################################
dir_exec=`dirname "$0"`

	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	-i | --install)
		for func in license testing
		do
			header_install
			$func
			if [ $DEBUG_ALCASAR == "on" ]
			then
				echo "*** 'debug' : end of install '$func' ***"
				read
			fi
		done
# RPMs install
		$DIR_SCRIPTS/alcasar-urpmi.sh
		if [ "$?" != "0" ]
		then
			exit 0

Rev 2711	Rev 2724
Line 1...	Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar.sh 2711 2019-03-10 23:23:31Z tom.houdayer $`	2	`# $Id: alcasar.sh 2724 2019-05-05 19:05:53Z rexy $`
3		3
4	`# alcasar.sh`	4	`# alcasar.sh`
5	`# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)`	5	`# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)`
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7	`# team@alcasar.net`	7	`# team@alcasar.net`
Line 104...	Line 104...
104	`done`	104	`done`
105	`if [ "$response" = "n" ] \|\| [ "$response" = "N" ]`	105	`if [ "$response" = "n" ] \|\| [ "$response" = "N" ]`
106	`then`	106	`then`
107	`exit 1`	107	`exit 1`
108	`fi`	108	`fi`
109	`}`	109	`} # End of license()`
110		110
111	`header_install ()`	111	`header_install()`
112	`{`	112	`{`
113	`clear`	113	`clear`
114	`echo "-----------------------------------------------------------------------------"`	114	`echo "-----------------------------------------------------------------------------"`
115	`echo " ALCASAR V$VERSION Installation"`	115	`echo " ALCASAR V$VERSION Installation"`
116	`echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"`	116	`echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"`
117	`echo "-----------------------------------------------------------------------------"`	117	`echo "-----------------------------------------------------------------------------"`
118	`}`	-
-		118	`} # End of header_install()`
119		119
120	`########################################################`	120	`########################################################`
121	`## Function "testing" ##`	121	`## Function "testing" ##`
122	`## - Test Mageia version ##`	122	`## - Test Mageia version ##`
123	`## - Test ALCASAR version (if already installed) ##`	123	`## - Test ALCASAR version (if already installed) ##`
Line 253...	Line 253...
253	`else echo "External interface (Internet) used: $EXTIF"`	253	`else echo "External interface (Internet) used: $EXTIF"`
254	`fi`	254	`fi`
255		255
256	`if [ -z "$INTIF" ]; then`	256	`if [ -z "$INTIF" ]; then`
257	`interfacesList=$(/usr/sbin/ip -br link show \| cut -d' ' -f1 \| grep -v "^\(lo\\|tun0\\|$EXTIF\)\$")`	257	`interfacesList=$(/usr/sbin/ip -br link show \| cut -d' ' -f1 \| grep -v "^\(lo\\|tun0\\|$EXTIF\)\$")`
258	`interfacesCount=$(echo "$interfacesList" \| wc -l)`	258	`interfacesCount=$(echo "$interfacesList" \| wc -w)`
259	`if [ $interfacesCount -eq 0 ]; then`	259	`if [ $interfacesCount -eq 0 ]; then`
260	`if [ "$Lang" == 'fr' ]`	260	`if [ "$Lang" == 'fr' ]`
261	`then echo "Aucune interface de disponible pour le réseau interne"`	261	`then echo "Aucune interface de disponible pour le réseau interne"`
262	`else echo "No interface available for the internal network"`	262	`else echo "No interface available for the internal network"`
263	`fi`	263	`fi`
Line 265...	Line 265...
265	`elif [ $interfacesCount -eq 1 ]; then`	265	`elif [ $interfacesCount -eq 1 ]; then`
266	`INTIF="$interfacesList"`	266	`INTIF="$interfacesList"`
267	`else`	267	`else`
268	`interfacesSorted=$(/usr/sbin/ip -br addr \| grep -v "^\(lo\\|tun0\\|$EXTIF\) " \| sort -b -k3n -k2r -k1)`	268	`interfacesSorted=$(/usr/sbin/ip -br addr \| grep -v "^\(lo\\|tun0\\|$EXTIF\) " \| sort -b -k3n -k2r -k1)`
269	`interfacePreferred=$(echo "$interfacesSorted" \| head -1 \| cut -d' ' -f1)`	269	`interfacePreferred=$(echo "$interfacesSorted" \| head -1 \| cut -d' ' -f1)`
270		-
271	`if [ "$Lang" == 'fr' ]`	270	`if [ "$Lang" == 'fr' ]`
272	`then echo 'Liste des interfaces disponible :'`	271	`then echo 'Liste des interfaces disponible :'`
273	`else echo 'List of available interfaces:'`	272	`else echo 'List of available interfaces:'`
274	`fi`	273	`fi`
275	`echo "$interfacesSorted"`	274	`echo "$interfacesSorted"`
Line 414...	Line 413...
414	`echo "Verify the DNS IP addresses"`	413	`echo "Verify the DNS IP addresses"`
415	`fi`	414	`fi`
416	`exit 1`	415	`exit 1`
417	`fi`	416	`fi`
418	`echo ". : ok"`	417	`echo ". : ok"`
419	`} # end of testing ()`	418	`} # End of testing()`
420		419
421	`#######################################################################`	420	`#######################################################################`
422	`## Function "init" ##`	421	`## Function "init" ##`
423	`## - Creation of ALCASAR conf file "/usr/local/etc/alcasar.conf ##`	422	`## - Creation of ALCASAR conf file "/usr/local/etc/alcasar.conf ##`
424	`## - Creation of random password for GRUB, mariadb (admin and user) ##`	423	`## - Creation of random password for GRUB, mariadb (admin and user) ##`
Line 939...	Line 938...
939	`$SED "s?^tmpdir.*?tmpdir=/tmp?g" /etc/my.cnf`	938	`$SED "s?^tmpdir.*?tmpdir=/tmp?g" /etc/my.cnf`
940	`$SED "s?^port.*?#&?g" /etc/my.cnf # we use unix socket only`	939	`$SED "s?^port.*?#&?g" /etc/my.cnf # we use unix socket only`
941	`$SED "s?^;collation_server =.*?collation_server = utf8_unicode_ci?g" /etc/my.cnf`	940	`$SED "s?^;collation_server =.*?collation_server = utf8_unicode_ci?g" /etc/my.cnf`
942	`$SED "s?^;character_set_server =.*?character_set_server = utf8?g" /etc/my.cnf # accentuated user names are allowed`	941	`$SED "s?^;character_set_server =.*?character_set_server = utf8?g" /etc/my.cnf # accentuated user names are allowed`
943	`[ -e /etc/my.cnf.d/feedback.cnf ] && $SED "s?^plugin-load.*?#&?g" /etc/my.cnf.d/feedback.cnf # remove the feedback plugin (ALCASAR doesn't report anything !)`	942	`[ -e /etc/my.cnf.d/feedback.cnf ] && $SED "s?^plugin-load.*?#&?g" /etc/my.cnf.d/feedback.cnf # remove the feedback plugin (ALCASAR doesn't report anything !)`
-		943	`[ -e /etc/my.cnf.d/auth_gssapi.cnf ] && $SED "s?^plugin-load.*?#&?g" /etc/my.cnf.d/auth_gssapi.cnf # remove GSS plugin (ALCASAR doesn't use Kerberos)`
944	`/usr/sbin/mysqld-prepare-db-dir > /dev/null 2>&1`	944	`/usr/sbin/mysqld-prepare-db-dir > /dev/null 2>&1`
945	`/usr/bin/systemctl set-environment MYSQLD_OPTS="--skip-grant-tables --skip-networking"`	945	`/usr/bin/systemctl set-environment MYSQLD_OPTS="--skip-grant-tables --skip-networking"`
946	`/usr/bin/systemctl start mysqld`	946	`/usr/bin/systemctl start mysqld`
947	`nb_round=1`	947	`nb_round=1`
948	`while [ ! -S /var/lib/mysql/mysql.sock ] && [ $nb_round -lt 10 ] # we wait until mariadb is on`	948	`while [ ! -S /var/lib/mysql/mysql.sock ] && [ $nb_round -lt 10 ] # we wait until mariadb is on`
Line 955...	Line 955...
955	`echo "Problème : la base données 'MariaDB' ne s'est pas lancée !"`	955	`echo "Problème : la base données 'MariaDB' ne s'est pas lancée !"`
956	`exit`	956	`exit`
957	`fi`	957	`fi`
958	`# Secure the server`	958	`# Secure the server`
959	`/usr/bin/mysql --execute "GRANT ALL PRIVILEGES ON . TO root@'localhost' IDENTIFIED BY '$mysqlpwd';"`	959	`/usr/bin/mysql --execute "GRANT ALL PRIVILEGES ON . TO root@'localhost' IDENTIFIED BY '$mysqlpwd';"`
960		-
961	`MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --execute"`	960	`MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --execute"`
962	`$MYSQL "DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;"`	961	`$MYSQL "DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;"`
963	`$MYSQL "CONNECT mysql;DELETE from user where User='';DELETE FROM user WHERE User='root' AND Host NOT IN ('localhost','127.0.0.1','::1');FLUSH PRIVILEGES;"`	962	`$MYSQL "CONNECT mysql;DELETE from user where User='';DELETE FROM user WHERE User='root' AND Host NOT IN ('localhost','127.0.0.1','::1');FLUSH PRIVILEGES;"`
964	`# Create 'radius' database`	963	`# Create 'radius' database`
965	`$MYSQL "CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES;"`	964	`$MYSQL "CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES;"`
Line 1047...	Line 1046...
1047	`[ -e /lib/systemd/system/radiusd.service.default ] \|\| cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default`	1046	`[ -e /lib/systemd/system/radiusd.service.default ] \|\| cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default`
1048	`$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service`	1047	`$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service`
1049	`/usr/bin/systemctl daemon-reload`	1048	`/usr/bin/systemctl daemon-reload`
1050	`# Allow apache to change some conf files (ie : ldap on/off)`	1049	`# Allow apache to change some conf files (ie : ldap on/off)`
1051	`chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available`	1050	`chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available`
1052	`} # End freeradius ()`	1051	`} # End of freeradius()`
1053		1052
1054	`#############################################################################`	1053	`#############################################################################`
1055	`## Function "chilli" ##`	1054	`## Function "chilli" ##`
1056	`## - Creation of the conf file and init file (systemd) for coova-chilli ##`	1055	`## - Creation of the conf file and init file (systemd) for coova-chilli ##`
1057	`## - Adapt the authentication web page (intercept.php) ##`	1056	`## - Adapt the authentication web page (intercept.php) ##`
Line 1415...	Line 1414...
1415		1414
1416	`[Install]`	1415	`[Install]`
1417	`WantedBy=multi-user.target`	1416	`WantedBy=multi-user.target`
1418	`EOF`	1417	`EOF`
1419		1418
1420	`} # end of tinyproxy`	1419	`} # end of tinyproxy()`
-		1420
1421	`##############################################################################`	1421	`##############################################################`
1422	`## function "ulogd" ##`	1422	`## function "ulogd" ##`
1423	`## - Ulog config for multi-log files ##`	1423	`## - Ulog config for multi-log files ##`
1424	`##############################################################################`	1424	`##############################################################`
1425	`ulogd ()`	1425	`ulogd()`
1426	`{`	1426	`{`
1427	`# Three instances of ulogd (three different logfiles)`	1427	`# Three instances of ulogd (three different logfiles)`
1428	`[ -d /var/log/firewall ] \|\| mkdir -p /var/log/firewall`	1428	`[ -d /var/log/firewall ] \|\| mkdir -p /var/log/firewall`
1429	`nl=1`	1429	`nl=1`
Line 1444...	Line 1444...
1444	`chown -R root:apache /var/log/firewall`	1444	`chown -R root:apache /var/log/firewall`
1445	`chmod 750 /var/log/firewall`	1445	`chmod 750 /var/log/firewall`
1446	`chmod 640 /var/log/firewall/*`	1446	`chmod 640 /var/log/firewall/*`
1447	`} # End of ulogd ()`	1447	`} # End of ulogd()`
1448		1448
1449		-
1450	`##########################################################`	1449	`##########################################################`
1451	`## Function "nfsen" ##`	1450	`## Function "nfsen" ##`
1452	`## - install the nfsen grapher ##`	1451	`## - install the nfsen grapher ##`
1453	`## - install the two plugins porttracker & surfmap ##`	1452	`## - install the two plugins porttracker & surfmap ##`
1454	`##########################################################`	1453	`##########################################################`
Line 1510...	Line 1509...
1510	`# see https://adullact.net/forum/forum.php?thread_id=319545&forum_id=1601&group_id=450`	1509	`# see https://adullact.net/forum/forum.php?thread_id=319545&forum_id=1601&group_id=450`
1511	`# cp $DIR_CONF/nfsen/SURFmap_*.tar.gz /tmp/`	1510	`# cp $DIR_CONF/nfsen/SURFmap_*.tar.gz /tmp/`
1512	`# cp $DIR_CONF/nfsen/GeoLiteCity* /tmp/`	1511	`# cp $DIR_CONF/nfsen/GeoLiteCity* /tmp/`
1513	`# tar xzf /tmp/SURFmap_*.tar.gz -C /tmp/`	1512	`# tar xzf /tmp/SURFmap_*.tar.gz -C /tmp/`
1514	`# cd /tmp/`	1513	`# cd /tmp/`
1515	`# /usr/bin/sh SURFmap/install.sh`	1514	`# /usr/bin/sh SURFmap/install.sh (no more used since Google sells the access to googleMap API)`
1516	`# clear the installation`	1515	`# clear the installation`
1517	`# rm -rf /tmp/SURFmap*`	1516	`# rm -rf /tmp/SURFmap*`
1518	`rm -rf /tmp/nfsen-*`	1517	`rm -rf /tmp/nfsen-*`
1519	`cd $DirTmp \|\| { echo "Unable to find $DirTmp directory"; exit 1; }`	1518	`cd $DirTmp \|\| { echo "Unable to find $DirTmp directory"; exit 1; }`
1520	`chown -R apache:apache /var/www/html/acc/manager/nfsen /usr/share/nfsen /var/log/nfsen`	1519	`chown -R apache:apache /var/www/html/acc/manager/nfsen /usr/share/nfsen /var/log/nfsen`
Line 1531...	Line 1530...
1531	`$SED "s?^DatabaseDir.*?DatabaseDir /var/log/vnstat?g" /etc/vnstat.conf`	1530	`$SED "s?^DatabaseDir.*?DatabaseDir /var/log/vnstat?g" /etc/vnstat.conf`
1532	`[ -e $DIR_ACC/manager/stats/config.php.default ] \|\| cp $DIR_ACC/manager/stats/config.php $DIR_ACC/manager/stats/config.php.default`	1531	`[ -e $DIR_ACC/manager/stats/config.php.default ] \|\| cp $DIR_ACC/manager/stats/config.php $DIR_ACC/manager/stats/config.php.default`
1533	`$SED "s?\$iface_list =.*?\$iface_list = array('$EXTIF');?" $DIR_ACC/manager/stats/config.php`	1532	`$SED "s?\$iface_list =.*?\$iface_list = array('$EXTIF');?" $DIR_ACC/manager/stats/config.php`
1534	`$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php`	1533	`$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php`
1535	`/usr/bin/vnstat -i $EXTIF -u --force`	1534	`/usr/bin/vnstat -i $EXTIF -u --force`
1536	`} # End of vnstat`	1535	`} # End of vnstat()`
1537		1536
1538	`##################################################################`	1537	`###################################################################`
1539	`## Function "dnsmasq" ##`	1538	`## Function "dnsmasq" ##`
1540	`## - creation of the conf files of the 4 intances of dnsmasq ##`	1539	`## - creation of the conf files of dnsmasq (whitelist for ipset )##`
1541	`## - creation of the file managing domain name (local & remote) ##`	-
1542	`##################################################################`	1540	`###################################################################`
1543	`dnsmasq ()`	1541	`dnsmasq()`
1544	`{`	1542	`{`
1545	`[ -d /var/log/dnsmasq ] \|\| mkdir /var/log/dnsmasq`	1543	`[ -d /var/log/dnsmasq ] \|\| mkdir /var/log/dnsmasq`
1546	`[ -e /etc/dnsmasq.conf.default ] \|\| mv /etc/dnsmasq.conf /etc/dnsmasq.conf.default`	1544	`[ -e /etc/dnsmasq.conf.default ] \|\| mv /etc/dnsmasq.conf /etc/dnsmasq.conf.default`
1547	`# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")`	1545	`# dnsmasq listen on udp 55 ("dnsmasq with whitelist")`
1548	`cat << EOF > /etc/dnsmasq-whitelist.conf`	1546	`cat << EOF > /etc/dnsmasq-whitelist.conf`
1549	`# Configuration file for "dnsmasq with whitelist"`	1547	`# Configuration file for "dnsmasq with whitelist"`
1550	`# ADD Toulouse university whitelist domains`	1548	`# ADD Toulouse university whitelist domains`
1551	`pid-file=/var/run/dnsmasq-whitelist.pid`	1549	`pid-file=/var/run/dnsmasq-whitelist.pid`
1552	`listen-address=127.0.0.1`	1550	`listen-address=127.0.0.1`
Line 1560...	Line 1558...
1560	`filterwin2k`	1558	`filterwin2k`
1561	`ipset=/#/wl_ip_allowed # dynamically add the resolv IP address in the Firewall rules`	1559	`ipset=/#/wl_ip_allowed # dynamically add the resolv IP address in the Firewall rules`
1562	`server=$DNS1`	1560	`server=$DNS1`
1563	`server=$DNS2`	1561	`server=$DNS2`
1564	`EOF`	1562	`EOF`
1565		-
1566	`# Create dnsmasq-whitelist unit`	1563	`# Create dnsmasq-whitelist unit`
1567	`mv /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default`	1564	`mv /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default`
1568	`cp /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq-whitelist.service`	1565	`cp /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq-whitelist.service`
1569	`$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service`	1566	`$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service`
1570	`$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service`	1567	`$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service`
1571	`} # End dnsmasq`	1568	`} # End of dnsmasq()`
1572		1569
1573	`##################################################`	1570	`#########################################################`
1574	`## Function "unbound" ##`	1571	`## Function "unbound" ##`
-		1572	`## - create the conf files for 4 unbound services ##`
-		1573	`## - create the systemd files for 4 unbound services ##`
1575	`##################################################`	1574	`#########################################################`
1576	`unbound ()`	1575	`unbound ()`
1577	`{`	1576	`{`
1578	`[ -d /etc/unbound/conf.d ] \|\| mkdir -p /etc/unbound/conf.d`	1577	`[ -d /etc/unbound/conf.d ] \|\| mkdir -p /etc/unbound/conf.d`
1579	`[ -d /etc/unbound/conf.d/common ] \|\| mkdir /etc/unbound/conf.d/common`	1578	`[ -d /etc/unbound/conf.d/common ] \|\| mkdir /etc/unbound/conf.d/common`
1580	`[ -d /etc/unbound/conf.d/common/local-forward ] \|\| mkdir /etc/unbound/conf.d/common/local-forward`	1579	`[ -d /etc/unbound/conf.d/common/local-forward ] \|\| mkdir /etc/unbound/conf.d/common/local-forward`
Line 1583...	Line 1582...
1583	`[ -d /etc/unbound/conf.d/blacklist ] \|\| mkdir /etc/unbound/conf.d/blacklist`	1582	`[ -d /etc/unbound/conf.d/blacklist ] \|\| mkdir /etc/unbound/conf.d/blacklist`
1584	`[ -d /etc/unbound/conf.d/whitelist ] \|\| mkdir /etc/unbound/conf.d/whitelist`	1583	`[ -d /etc/unbound/conf.d/whitelist ] \|\| mkdir /etc/unbound/conf.d/whitelist`
1585	`[ -d /etc/unbound/conf.d/blackhole ] \|\| mkdir /etc/unbound/conf.d/blackhole`	1584	`[ -d /etc/unbound/conf.d/blackhole ] \|\| mkdir /etc/unbound/conf.d/blackhole`
1586	`[ -d /var/log/unbound ] \|\| { mkdir /var/log/unbound; chown unbound:unbound /var/log/unbound; }`	1585	`[ -d /var/log/unbound ] \|\| { mkdir /var/log/unbound; chown unbound:unbound /var/log/unbound; }`
1587	`[ -e /etc/unbound/unbound.conf.default ] \|\| cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default`	1586	`[ -e /etc/unbound/unbound.conf.default ] \|\| cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default`
1588		-
1589	`# Local static DNS configuration`	1587	`# Local static DNS configuration`
1590	`[ -e /etc/unbound/conf.d/common/local-dns/global.conf ] \|\| touch /etc/unbound/conf.d/common/local-dns/global.conf`	1588	`[ -e /etc/unbound/conf.d/common/local-dns/global.conf ] \|\| touch /etc/unbound/conf.d/common/local-dns/global.conf`
1591		1589
1592	`# Forward zone configuration file for all unbound dns servers`	1590	`# Forward zone configuration file for all unbound dns servers`
1593	`cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf`	1591	`cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf`
Line 1659...	Line 1657...
1659	`server:`	1657	`server:`
1660	`verbosity: 1`	1658	`verbosity: 1`
1661	`hide-version: yes`	1659	`hide-version: yes`
1662	`hide-identity: yes`	1660	`hide-identity: yes`
1663	`do-ip6: no`	1661	`do-ip6: no`
1664		-
1665	`include: /etc/unbound/conf.d/common/forward-zone.conf`	1662	`include: /etc/unbound/conf.d/common/forward-zone.conf`
1666	`include: /etc/unbound/conf.d/common/local-forward/*`	1663	`include: /etc/unbound/conf.d/common/local-forward/*`
1667	`include: /etc/unbound/conf.d/common/local-dns/*`	1664	`include: /etc/unbound/conf.d/common/local-dns/*`
1668	`include: /etc/unbound/conf.d/forward/*`	1665	`include: /etc/unbound/conf.d/forward/*`
1669	`EOF`	1666	`EOF`
Line 1687...	Line 1684...
1687	`do-ip6: no`	1684	`do-ip6: no`
1688	`logfile: "/var/log/unbound/unbound-blacklist.log"`	1685	`logfile: "/var/log/unbound/unbound-blacklist.log"`
1689	`chroot: ""`	1686	`chroot: ""`
1690	`define-tag: "blacklist"`	1687	`define-tag: "blacklist"`
1691	`log-local-actions: yes`	1688	`log-local-actions: yes`
1692		-
1693	`include: /etc/unbound/conf.d/common/forward-zone.conf`	1689	`include: /etc/unbound/conf.d/common/forward-zone.conf`
1694	`include: /etc/unbound/conf.d/common/local-forward/*`	1690	`include: /etc/unbound/conf.d/common/local-forward/*`
1695	`include: /etc/unbound/conf.d/common/local-dns/*`	1691	`include: /etc/unbound/conf.d/common/local-dns/*`
1696	`include: /etc/unbound/conf.d/blacklist/*`	1692	`include: /etc/unbound/conf.d/blacklist/*`
1697		-
1698	`include: /usr/local/share/unbound-bl-enabled/*`	1693	`include: /usr/local/share/unbound-bl-enabled/*`
1699	`EOF`	1694	`EOF`
1700		1695
1701	`# Configuration file for $INTIF of whitelist unbound`	1696	`# Configuration file for $INTIF of whitelist unbound`
1702	`cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf`	1697	`cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf`
Line 1715...	Line 1710...
1715	`hide-version: yes`	1710	`hide-version: yes`
1716	`hide-identity: yes`	1711	`hide-identity: yes`
1717	`do-ip6: no`	1712	`do-ip6: no`
1718	`do-not-query-localhost: no`	1713	`do-not-query-localhost: no`
1719	`define-tag: "whitelist"`	1714	`define-tag: "whitelist"`
1720		-
1721	`local-zone: "." transparent`	1715	`local-zone: "." transparent`
1722	`local-zone-tag: "." "whitelist"`	1716	`local-zone-tag: "." "whitelist"`
1723		-
1724	`include: /usr/local/share/unbound-wl-enabled/*`	1717	`include: /usr/local/share/unbound-wl-enabled/*`
1725	`include: /etc/unbound/conf.d/whitelist/*`	1718	`include: /etc/unbound/conf.d/whitelist/*`
1726	`include: /etc/unbound/conf.d/common/local-dns/*`	1719	`include: /etc/unbound/conf.d/common/local-dns/*`
1727	`include: /etc/unbound/conf.d/common/local-forward/*`	1720	`include: /etc/unbound/conf.d/common/local-forward/*`
1728		-
1729	`forward-zone:`	1721	`forward-zone:`
1730	`name: "."`	1722	`name: "."`
1731	`forward-addr: 127.0.0.1@55`	1723	`forward-addr: 127.0.0.1@55`
1732	`EOF`	1724	`EOF`
1733		1725
Line 1748...	Line 1740...
1748	`server:`	1740	`server:`
1749	`verbosity: 1`	1741	`verbosity: 1`
1750	`hide-version: yes`	1742	`hide-version: yes`
1751	`hide-identity: yes`	1743	`hide-identity: yes`
1752	`do-ip6: no`	1744	`do-ip6: no`
1753		-
1754	`include: /etc/unbound/conf.d/blackhole/*`	1745	`include: /etc/unbound/conf.d/blackhole/*`
1755	`include: /etc/unbound/conf.d/common/local-dns/*`	1746	`include: /etc/unbound/conf.d/common/local-dns/*`
1756	`include: /etc/unbound/conf.d/common/local-forward/*`	1747	`include: /etc/unbound/conf.d/common/local-forward/*`
1757	`EOF`	1748	`EOF`
1758		1749
Line 1760...	Line 1751...
1760	`then`	1751	`then`
1761	`cp -f /lib/systemd/system/unbound.service /lib/systemd/system/unbound.service.default`	1752	`cp -f /lib/systemd/system/unbound.service /lib/systemd/system/unbound.service.default`
1762	`fi`	1753	`fi`
1763	`$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound.conf?g" /lib/systemd/system/unbound.service`	1754	`$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound.conf?g" /lib/systemd/system/unbound.service`
1764	`$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /lib/systemd/system/unbound.service`	1755	`$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /lib/systemd/system/unbound.service`
1765		-
1766	`for list in blacklist blackhole whitelist`	1756	`for list in blacklist blackhole whitelist`
1767	`do`	1757	`do`
1768	`cp -f /lib/systemd/system/unbound.service /lib/systemd/system/unbound-$list.service`	1758	`cp -f /lib/systemd/system/unbound.service /lib/systemd/system/unbound-$list.service`
1769	`$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound-$list.conf?g" /lib/systemd/system/unbound-$list.service`	1759	`$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound-$list.conf?g" /lib/systemd/system/unbound-$list.service`
1770	`$SED "s?^PIDFile=.*?PIDFile=/var/run/unbound-$list.pid?g" /lib/systemd/system/unbound-$list.service`	1760	`$SED "s?^PIDFile=.*?PIDFile=/var/run/unbound-$list.pid?g" /lib/systemd/system/unbound-$list.service`
1771	`done`	1761	`done`
1772		-
1773	`$SED "s?^After=.*?After=syslog.target network-online.target chilli.service dnsmasq-whitelist.service?g" /lib/systemd/system/unbound-whitelist.service`	1762	`$SED "s?^After=.*?After=syslog.target network-online.target chilli.service dnsmasq-whitelist.service?g" /lib/systemd/system/unbound-whitelist.service`
1774	`} # End unbound`	1763	`} # End of unbound()`
1775		1764
1776	`##################################################`	1765	`##################################################`
1777	`## Function "dhcpd" ##`	1766	`## Function "dhcpd" ##`
1778	`##################################################`	1767	`##################################################`
1779	`dhcpd ()`	1768	`dhcpd()`
1780	`{`	1769	`{`
1781	`[ -e /etc/dhcpd.conf.default ] \|\| cp /etc/dhcpd.conf /etc/dhcpd.conf.default`	1770	`[ -e /etc/dhcpd.conf.default ] \|\| cp /etc/dhcpd.conf /etc/dhcpd.conf.default`
1782		-
1783	`cat <<EOF > /etc/dhcpd.conf`	1771	`cat <<EOF > /etc/dhcpd.conf`
1784	`ddns-update-style none;`	1772	`ddns-update-style none;`
1785	`subnet $PRIVATE_NETWORK netmask $PRIVATE_NETMASK {`	1773	`subnet $PRIVATE_NETWORK netmask $PRIVATE_NETMASK {`
1786	`option routers $PRIVATE_IP;`	1774	`option routers $PRIVATE_IP;`
1787	`option subnet-mask $PRIVATE_NETMASK;`	1775	`option subnet-mask $PRIVATE_NETMASK;`
1788	`option domain-name-servers $PRIVATE_IP;`	1776	`option domain-name-servers $PRIVATE_IP;`
1789		-
1790	`range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;`	1777	`range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;`
1791	`default-lease-time 21600;`	1778	`default-lease-time 21600;`
1792	`max-lease-time 43200;`	1779	`max-lease-time 43200;`
1793	`}`	1780	`}`
1794	`EOF`	1781	`EOF`
1795	`}`	1782	`} # End of dhcpd()`
1796		1783
1797	`##########################################################`	1784	`##########################################################`
1798	`## Function "BL" ##`	1785	`## Function "BL" ##`
1799	`## - copy Toulouse BL ##`	1786	`## - copy Toulouse BL ##`
1800	`## - adapt this BL to ALCASAR architecture ##`	1787	`## - adapt this BL to ALCASAR architecture ##`
Line 1855...	Line 1842...
1855	`# adapt the Toulouse BL to ALCASAR architecture`	1842	`# adapt the Toulouse BL to ALCASAR architecture`
1856	`$DIR_DEST_BIN/alcasar-bl.sh --adapt`	1843	`$DIR_DEST_BIN/alcasar-bl.sh --adapt`
1857	`# enable the default categories`	1844	`# enable the default categories`
1858	`$DIR_DEST_BIN/alcasar-bl.sh --cat_choice`	1845	`$DIR_DEST_BIN/alcasar-bl.sh --cat_choice`
1859	`rm -rf /tmp/blacklists`	1846	`rm -rf /tmp/blacklists`
1860	`} # End BL()`	1847	`} # End of BL()`
1861		1848
1862	`#######################################################`	1849	`#######################################################`
1863	`## Function "cron" ##`	1850	`## Function "cron" ##`
1864	`## - write all cron & anacron files ##`	1851	`## - write all cron & anacron files ##`
1865	`#######################################################`	1852	`#######################################################`
Line 1937...	Line 1924...
1937	`@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1`	1924	`@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1`
1938	`EOF`	1925	`EOF`
1939		1926
1940	`# removing the users crons`	1927	`# removing the users crons`
1941	`rm -f /var/spool/cron/*`	1928	`rm -f /var/spool/cron/*`
1942	`} # End cron()`	1929	`} # End of cron()`
1943		1930
1944	`######################################################################`	1931	`######################################################################`
1945	`## Fonction "Fail2Ban" ##`	1932	`## Fonction "Fail2Ban" ##`
1946	`##- Adapt conf file to ALCASAR ##`	1933	`##- Adapt conf file to ALCASAR ##`
1947	`##- Secure items : DDOS, SSH-Brute-Force, Intercept.php Brute-Force ##`	1934	`##- Secure items : DDOS, SSH-Brute-Force, Intercept.php Brute-Force ##`
Line 1958...	Line 1945...
1958	`# fail2ban unit`	1945	`# fail2ban unit`
1959	`[ -e /lib/systemd/system/fail2ban.service.default ] \|\| cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default`	1946	`[ -e /lib/systemd/system/fail2ban.service.default ] \|\| cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default`
1960	`$SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /usr/lib/systemd/system/fail2ban.service`	1947	`$SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /usr/lib/systemd/system/fail2ban.service`
1961	`$SED '/Type=/a\PIDFile=/var/run/fail2ban/fail2ban.pid' /usr/lib/systemd/system/fail2ban.service`	1948	`$SED '/Type=/a\PIDFile=/var/run/fail2ban/fail2ban.pid' /usr/lib/systemd/system/fail2ban.service`
1962	`$SED '/After=*/c After=syslog.target network.target lighttpd.service' /usr/lib/systemd/system/fail2ban.service`	1949	`$SED '/After=*/c After=syslog.target network.target lighttpd.service' /usr/lib/systemd/system/fail2ban.service`
1963	`} # End fail2ban()`	1950	`} # End of fail2ban()`
1964		1951
1965	`#########################################################`	1952	`#########################################################`
1966	`## Fonction "gammu_smsd" ##`	1953	`## Fonction "gammu_smsd" ##`
1967	`## - Creating of SMS management database ##`	1954	`## - Creating of SMS management database ##`
1968	`## - Write the gammu a gammu_smsd conf files ##`	1955	`## - Write the gammu a gammu_smsd conf files ##`
Line 2047...	Line 2034...
2047	`#KERNEL=="ttyUSB0",ATTRS{idVendor}=="12d1",RUN+="$DIR_DEST_BIN/alcasar-sms.sh --mode"`	2034	`#KERNEL=="ttyUSB0",ATTRS{idVendor}=="12d1",RUN+="$DIR_DEST_BIN/alcasar-sms.sh --mode"`
2048	`#EOF`	2035	`#EOF`
2049	`# Udev rule for fixing the enumeration of ttyUSB port on some MODEM (when they switch randomly the order of their ports at boot time)`	2036	`# Udev rule for fixing the enumeration of ttyUSB port on some MODEM (when they switch randomly the order of their ports at boot time)`
2050	`# example : http://hintshop.ludvig.co.nz/show/persistent-names-usb-serial-devices/`	2037	`# example : http://hintshop.ludvig.co.nz/show/persistent-names-usb-serial-devices/`
2051		2038
2052	`} # End gammu_smsd()`	2039	`} # End of gammu_smsd()`
2053		2040
2054	`############################################################`	2041	`############################################################`
2055	`## Fonction "msec" ##`	2042	`## Fonction "msec" ##`
2056	`## - Apply the "fileserver" security level ##`	2043	`## - Apply the "fileserver" security level ##`
2057	`## - remove the "system request" for rebboting ##`	2044	`## - remove the "system request" for rebboting ##`
Line 2082...	Line 2069...
2082	`EOF`	2069	`EOF`
2083	`# apply now hourly & daily checks`	2070	`# apply now hourly & daily checks`
2084	`/usr/sbin/msec`	2071	`/usr/sbin/msec`
2085	`/etc/cron.weekly/msec`	2072	`/etc/cron.weekly/msec`
2086		2073
2087	`} # End msec()`	2074	`} # End of msec()`
2088		-
2089		2075
2090	`##################################################################`	2076	`##################################################################`
2091	`## Fonction "letsencrypt" ##`	2077	`## Fonction "letsencrypt" ##`
2092	`## - Install Let's Encrypt client ##`	2078	`## - Install Let's Encrypt client ##`
2093	`## - Prepare Let's Encrypt ALCASAR configuration file ##`	2079	`## - Prepare Let's Encrypt ALCASAR configuration file ##`
Line 2136...	Line 2122...
2136	`EOF`	2122	`EOF`
2137		2123
2138	`cd $pwdInstall \|\| { echo "Unable to find $pwdInstall directory"; exit 1; }`	2124	`cd $pwdInstall \|\| { echo "Unable to find $pwdInstall directory"; exit 1; }`
2139	`rm -rf /tmp/acme.sh-*`	2125	`rm -rf /tmp/acme.sh-*`
2140		2126
2141	`} # END letsencrypt()`	2127	`} # End of letsencrypt()`
2142		2128
2143	`##################################################################`	2129	`##################################################################`
2144	`## Fonction "post_install" ##`	2130	`## Fonction "post_install" ##`
2145	`## - Modifying banners (locals et ssh) & prompts ##`	2131	`## - Modifying banners (locals et ssh) & prompts ##`
2146	`## - SSH config ##`	2132	`## - SSH config ##`
Line 2350...	Line 2336...
2350	`then`	2336	`then`
2351	`read`	2337	`read`
2352	`fi`	2338	`fi`
2353	`clear`	2339	`clear`
2354	`reboot`	2340	`reboot`
2355	`} # End post_install ()`	2341	`} # End of post_install()`
2356		2342
2357	`#####################################################################################`	2343	`#####################################################################################`
2358	`# Main Install loop #`	2344	`# Main Install loop #`
2359	`#####################################################################################`	2345	`#####################################################################################`
2360	dir_exec=`dirname "$0"`	2346	dir_exec=`dirname "$0"`
Line 2384...	Line 2370...
2384	`-\? \| -h* \| --h*)`	2370	`-\? \| -h* \| --h*)`
2385	`echo "$usage"`	2371	`echo "$usage"`
2386	`exit 0`	2372	`exit 0`
2387	`;;`	2373	`;;`
2388	`-i \| --install)`	2374	`-i \| --install)`
-		2375	`for func in license testing`
-		2376	`do`
2389	`header_install`	2377	`header_install`
-		2378	`$func`
-		2379	`if [ $DEBUG_ALCASAR == "on" ]`
2390	`license`	2380	`then`
-		2381	`echo "* 'debug' : end of install '$func' *"`
2391	`header_install`	2382	`read`
-		2383	`fi`
2392	`testing`	2384	`done`
2393	`# RPMs install`	2385	`# RPMs install`
2394	`$DIR_SCRIPTS/alcasar-urpmi.sh`	2386	`$DIR_SCRIPTS/alcasar-urpmi.sh`
2395	`if [ "$?" != "0" ]`	2387	`if [ "$?" != "0" ]`
2396	`then`	2388	`then`
2397	`exit 0`	2389	`exit 0`

Subversion Repositories ALCASAR

(root)/alcasar.sh – Rev 2711 → 2724