Subversion Repositories ALCASAR

Rev

Rev 2724 | Rev 2730 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 2724 Rev 2728
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 2724 2019-05-05 19:05:53Z rexy $
2
#  $Id: alcasar.sh 2728 2019-05-20 20:55:06Z rexy $
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
#  team@alcasar.net
7
#  team@alcasar.net
Line 987... Line 987...
987
        $SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
987
        $SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
988
        $SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
988
        $SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
989
        $SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
989
        $SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
990
        $SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf # remove the proxy function
990
        $SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf # remove the proxy function
991
        $SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf # remove the proxy function
991
        $SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf # remove the proxy function
992
 
-
 
993
# Add ALCASAR dictionary
992
# Add ALCASAR & Coovachilli dictionaries
-
 
993
        [ -e /etc/raddb/dictionary.default ] || cp /etc/raddb/dictionary /etc/raddb/dictionary.default
994
        cp $DIR_CONF/radius/dictionary.alcasar /usr/share/freeradius/dictionary.alcasar
994
        cp $DIR_CONF/radius/dictionary.alcasar /usr/share/freeradius/dictionary.alcasar
995
        echo -e '\n$INCLUDE dictionary.alcasar' >> /usr/share/freeradius/dictionary
995
        echo -e '\n$INCLUDE dictionary.alcasar' > /etc/raddb/dictionary
996
# Add CoovaChilli dictionary
-
 
997
        cp /usr/share/doc/coova-chilli/dictionary.coovachilli /usr/share/freeradius/dictionary.coovachilli
996
        cp /usr/share/doc/coova-chilli/dictionary.coovachilli /usr/share/freeradius/dictionary.coovachilli
998
        echo -e '\n$INCLUDE dictionary.coovachilli' >> /usr/share/freeradius/dictionary
997
        echo -e '\n$INCLUDE dictionary.coovachilli' >> /etc/raddb/dictionary
999
# Set "client.conf" to describe radius clients (coova on 127.0.0.1)
998
# Set "client.conf" to describe radius clients (coova on 127.0.0.1)
1000
        [ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
999
        [ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
1001
        cat << EOF > /etc/raddb/clients.conf
1000
        cat << EOF > /etc/raddb/clients.conf
1002
client localhost {
1001
client localhost {
1003
        ipaddr = 127.0.0.1
1002
        ipaddr = 127.0.0.1
Line 1012... Line 1011...
1012
        cp $DIR_CONF/radius/alcasar-with-ldap /etc/raddb/sites-available/alcasar-with-ldap
1011
        cp $DIR_CONF/radius/alcasar-with-ldap /etc/raddb/sites-available/alcasar-with-ldap
1013
        chown radius:apache /etc/raddb/sites-available/alcasar*
1012
        chown radius:apache /etc/raddb/sites-available/alcasar*
1014
        chmod 660 /etc/raddb/sites-available/alcasar*
1013
        chmod 660 /etc/raddb/sites-available/alcasar*
1015
        ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
1014
        ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
1016
# INFO : To connect from outside (EAP), add the EAP virtual server (link in sites-enabled) and inner-tunnel modules (link in mods-enabled)
1015
        # INFO : To connect from outside (EAP), add the EAP virtual server (link in sites-enabled) and inner-tunnel modules (link in mods-enabled)
1017
 
-
 
1018
# Set modules
1016
# Set modules
1019
# Add custom LDAP "available module"
1017
        # Add custom LDAP "available module"
1020
        cp -f $DIR_CONF/radius/ldap-alcasar /etc/raddb/mods-available/
1018
        cp -f $DIR_CONF/radius/ldap-alcasar /etc/raddb/mods-available/
1021
        chown -R radius:radius /etc/raddb/mods-available/ldap-alcasar
1019
        chown -R radius:radius /etc/raddb/mods-available/ldap-alcasar
1022
# Set only usefull modules for ALCASAR (ldap is enabled only via ACC)
1020
        # Set only usefull modules for ALCASAR (! the module 'ldap-alcasar' is enabled only via ACC)
1023
        rm -rf  /etc/raddb/mods-enabled/*
1021
        rm -rf  /etc/raddb/mods-enabled/*
1024
        for mods in sql sqlcounter attr_filter expiration logintime pap expr always
1022
        for mods in sql sqlcounter attr_filter expiration logintime pap expr always
1025
        do
1023
        do
1026
                ln -s /etc/raddb/mods-available/$mods /etc/raddb/mods-enabled/$mods
1024
                ln -s /etc/raddb/mods-available/$mods /etc/raddb/mods-enabled/$mods
1027
        done
1025
        done
-
 
1026
        # INFO : To connect from outside (EAP), add the EAP module (and right accesses to the keys (/etc/pki/tls/private/radius.pem)
1028
# Configure SQL mod
1027
# Configure SQL mod
1029
        [ -e /etc/raddb/mods-available/sql.default ] || cp /etc/raddb/mods-available/sql /etc/raddb/mods-available/sql.default
1028
        [ -e /etc/raddb/mods-available/sql.default ] || cp /etc/raddb/mods-available/sql /etc/raddb/mods-available/sql.default
1030
        $SED "s?^[\t ]*driver =.*?driver = \"rlm_sql_mysql\"?g" /etc/raddb/mods-available/sql
1029
        $SED "s?^[\t ]*driver =.*?driver = \"rlm_sql_mysql\"?g" /etc/raddb/mods-available/sql
1031
        $SED "s?^[\t ]*dialect =.*?dialect = \"mysql\"?g" /etc/raddb/mods-available/sql
1030
        $SED "s?^[\t ]*dialect =.*?dialect = \"mysql\"?g" /etc/raddb/mods-available/sql
1032
        $SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/mods-available/sql
1031
        $SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/mods-available/sql