Subversion Repositories ALCASAR

Rev

Rev 2850 | Rev 2863 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2850 Rev 2861
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 2850 2020-07-15 22:24:44Z rexy $
2
#  $Id: alcasar.sh 2861 2020-10-04 20:41:06Z rexy $
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
#  team@alcasar.net
7
#  team@alcasar.net
Line 558... Line 558...
558
# Define Internet parameters
558
# Define Internet parameters
559
	DNS1=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF | grep '^DNS1='| cut -d"=" -f2`	# 1st DNS server
559
	DNS1=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF | grep '^DNS1='| cut -d"=" -f2`	# 1st DNS server
560
	DNS2=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF | grep '^DNS2=' | cut -d"=" -f2`	# 2nd DNS server
560
	DNS2=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF | grep '^DNS2=' | cut -d"=" -f2`	# 2nd DNS server
561
    DNS1=${DNS1:=208.67.220.220}
561
    DNS1=${DNS1:=208.67.220.220}
562
	DNS2=${DNS2:=208.67.222.222}
562
	DNS2=${DNS2:=208.67.222.222}
563
#	if [ "$DNS1" == "" ]
-
 
564
#	then
-
 
565
#		if [ $Lang == "fr" ]
-
 
566
#		then
-
 
567
#			echo "L'adresse IP des serveurs DNS ne sont pas corrects"
-
 
568
#			echo "Vérifiez la configuration de la carte réseau externe ($EXTIF)"
-
 
569
#		else
-
 
570
#			echo "The IP address of DNS servers are not set correctly"
-
 
571
#			echo "Check the extern network card configuration ($EXTIF)"
-
 
572
#		fi
-
 
573
#		exit 0
-
 
574
#	fi
-
 
575
	PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
563
	PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
576
	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
564
	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
577
	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
565
	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
578
# Write network parameters in the conf file
566
# Write network parameters in the conf file
579
	echo "HOSTNAME=$HOSTNAME" >> $CONF_FILE
567
	echo "HOSTNAME=$HOSTNAME" >> $CONF_FILE
Line 1547... Line 1535...
1547
##     local-zone: "<your_domain>." transparent
1535
##     local-zone: "<your_domain>." transparent
1548
## forward-zone:
1536
## forward-zone:
1549
##     name: "<your_domain>."
1537
##     name: "<your_domain>."
1550
##     forward-addr: <@IP_domain_server>
1538
##     forward-addr: <@IP_domain_server>
1551
##
1539
##
1552
## INFO : local hostnames are resolved in /etc/hosts file
-
 
1553
EOF
1540
EOF
1554
 
1541
 
1555
# Configuration file of ALCASAR main domains for $INTIF
1542
# Configuration file of ALCASAR main domains for $INTIF
1556
	cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
1543
	cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
1557
server:
1544
server:
Line 1642... Line 1629...
1642
	do-ip6: no
1629
	do-ip6: no
1643
	do-not-query-localhost: no
1630
	do-not-query-localhost: no
1644
	define-tag: "whitelist"
1631
	define-tag: "whitelist"
1645
	local-zone: "." transparent
1632
	local-zone: "." transparent
1646
	local-zone-tag: "." "whitelist"
1633
	local-zone-tag: "." "whitelist"
1647
	include: /usr/local/share/unbound-wl-enabled/*
-
 
1648
	include: /etc/unbound/conf.d/whitelist/*
-
 
1649
	include: /etc/unbound/conf.d/common/local-dns/*
-
 
1650
	include: /etc/unbound/conf.d/common/local-forward/*
1634
	include: /etc/unbound/conf.d/common/local-forward/*
-
 
1635
	include: /etc/unbound/conf.d/common/local-dns/*
-
 
1636
	include: /etc/unbound/conf.d/whitelist/*
-
 
1637
	include: /usr/local/share/unbound-wl-enabled/*
1651
forward-zone:
1638
forward-zone:
1652
	name: "."
1639
	name: "."
1653
	forward-addr: 127.0.0.1@55
1640
	forward-addr: 127.0.0.1@55
1654
EOF
1641
EOF
1655
 
1642
 
Line 1672... Line 1659...
1672
server:
1659
server:
1673
	verbosity: 1
1660
	verbosity: 1
1674
	hide-version: yes
1661
	hide-version: yes
1675
	hide-identity: yes
1662
	hide-identity: yes
1676
	do-ip6: no
1663
	do-ip6: no
1677
	include: /etc/unbound/conf.d/blackhole/*
-
 
1678
	include: /etc/unbound/conf.d/common/local-forward/*
1664
	include: /etc/unbound/conf.d/common/local-forward/*
-
 
1665
	include: /etc/unbound/conf.d/common/local-dns/*
-
 
1666
	include: /etc/unbound/conf.d/blackhole/*
1679
EOF
1667
EOF
1680
 
1668
 
1681
	if [ ! -e /lib/systemd/system/unbound.service.default ]
1669
	if [ ! -e /lib/systemd/system/unbound.service.default ]
1682
	then
1670
	then
1683
		cp -f /lib/systemd/system/unbound.service /lib/systemd/system/unbound.service.default
1671
		cp -f /lib/systemd/system/unbound.service /lib/systemd/system/unbound.service.default