Subversion Repositories ALCASAR

Rev

Rev 2868 | Rev 2874 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2868 Rev 2870
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 2868 2020-10-26 21:22:24Z rexy $
2
#  $Id: alcasar.sh 2870 2020-10-27 23:16:41Z rexy $
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
#  team@alcasar.net
7
#  team@alcasar.net
Line 114... Line 114...
114
	echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
114
	echo "Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau"
115
	echo "-----------------------------------------------------------------------------"
115
	echo "-----------------------------------------------------------------------------"
116
} # End of header_install()
116
} # End of header_install()
117
 
117
 
118
########################################################
118
########################################################
119
##                  Function "testing"                ##
119
##              Function "testing_system"             ##
120
## - Test Mageia version                              ##
120
## - Test Mageia version                              ##
121
## - Test ALCASAR version (if already installed)      ##
121
## - Test ALCASAR version (if already installed)      ##
122
## - Test free space on /var  (>10G)                  ##
122
## - Test free space on /var  (>10G)                  ##
123
## - Test Internet access                             ##
123
## - Test Internet access                             ##
124
########################################################
124
########################################################
125
testing()
125
testing_system()
126
{
126
{
127
# Test of Mageia version
127
# Test of Mageia version
128
# extract the current Mageia version and hardware architecture (i586 ou X64)
128
# extract the current Mageia version and hardware architecture (i586 ou X64)
129
	fic=`cat /etc/product.id`
129
	fic=`cat /etc/product.id`
130
	unknown_os=0
130
	unknown_os=0
Line 209... Line 209...
209
		done
209
		done
210
		if [ "$response" = "2" ]
210
		if [ "$response" = "2" ]
211
		then
211
		then
212
			rm -f /var/tmp/alcasar-conf*
212
			rm -f /var/tmp/alcasar-conf*
213
		else
213
		else
214
# Retrieve former NICname
-
 
215
			EXTIF_saved=`grep ^EXTIF= $CONF_FILE | cut -d'=' -f2-`	# EXTernal InterFace
-
 
216
			INTIF_saved=`grep ^INTIF= $CONF_FILE | cut -d'=' -f2-`	# INTernal InterFace
-
 
217
			[ "$(/usr/sbin/ip link | grep -c " $EXTIF_saved:")" -ne 0 ] && EXTIF=$EXTIF_saved || echo "Warning: Network card \"$EXTIF_saved\" is not connected, so \"$EXTIF\" will be used for external network."
-
 
218
			[ "$(/usr/sbin/ip link | grep -c " $INTIF_saved:")" -ne 0 ] && INTIF=$INTIF_saved || echo "Warning: Network card \"$INTIF_saved\" is not connected, so \"$INTIF\" will be used for internal network."
-
 
219
# Create the current conf file
214
# Create the archive of conf files
220
			$DIR_SCRIPTS/alcasar-conf.sh --create
215
			$DIR_SCRIPTS/alcasar-conf.sh --create
221
			mode="update"
216
			mode="update"
222
		fi
217
		fi
223
	fi
218
	fi
224
# Free /var (when updating) and test free space
219
# Free /var (when updating) and test free space
Line 232... Line 227...
232
			then echo "Espace disponible insuffisant sur /var ($free_space Go au lieu de 10 Go au minimum)"
227
			then echo "Espace disponible insuffisant sur /var ($free_space Go au lieu de 10 Go au minimum)"
233
			else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"
228
			else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"
234
		fi
229
		fi
235
	exit 0
230
	exit 0
236
	fi
231
	fi
-
 
232
} # End of testing_system
237
 
233
 
-
 
234
########################################################
-
 
235
##             Function "testing_network"             ##
-
 
236
## - Test Internet access                             ##
-
 
237
########################################################
-
 
238
testing_network()
-
 
239
{
238
# Detect external/internal interfaces
240
# Detect external/internal interfaces
239
	if [ -z "$EXTIF" ]; then
241
	if [ -z "$EXTIF" ]; then
240
		EXTIF=$(/usr/sbin/ip route list | awk '/^default / {print $5}')
242
		EXTIF=$(/usr/sbin/ip route list | awk '/^default / {print $5}')
241
		if [ -z "$EXTIF" ]; then
243
		if [ -z "$EXTIF" ]; then
242
			if [ "$Lang" == 'fr' ]
244
			if [ "$Lang" == 'fr' ]
Line 411... Line 413...
411
			echo "Verify the DNS IP addresses"
413
			echo "Verify the DNS IP addresses"
412
		fi
414
		fi
413
		exit 1
415
		exit 1
414
	fi
416
	fi
415
	echo ". : ok"
417
	echo ". : ok"
416
} # End of testing()
418
} # End of testing_network()
417
 
419
 
418
#######################################################################
420
#######################################################################
419
##                    Function "init"                                ##
421
##                    Function "init"                                ##
420
## - Creation of ALCASAR conf file "/usr/local/etc/alcasar.conf      ##
422
## - Creation of ALCASAR conf file "/usr/local/etc/alcasar.conf      ##
421
## - Creation of random password for GRUB, mariadb (admin and user)  ##
423
## - Creation of random password for GRUB, mariadb (admin and user)  ##
Line 556... Line 558...
556
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.				# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
558
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.				# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
557
	PRIVATE_MAC=`/usr/sbin/ip link show $INTIF | grep ether | cut -d" " -f6| sed 's/:/-/g'| awk '{print toupper($0)}'` 	# MAC address of INTIF
559
	PRIVATE_MAC=`/usr/sbin/ip link show $INTIF | grep ether | cut -d" " -f6| sed 's/:/-/g'| awk '{print toupper($0)}'` 	# MAC address of INTIF
558
# Define Internet parameters
560
# Define Internet parameters
559
	DNS1=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF | grep '^DNS1='| cut -d"=" -f2`	# 1st DNS server
561
	DNS1=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF | grep '^DNS1='| cut -d"=" -f2`	# 1st DNS server
560
	DNS2=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF | grep '^DNS2=' | cut -d"=" -f2`	# 2nd DNS server
562
	DNS2=`cat /etc/sysconfig/network-scripts/ifcfg-$EXTIF | grep '^DNS2=' | cut -d"=" -f2`	# 2nd DNS server
561
    DNS1=${DNS1:=208.67.220.220}
563
	DNS1=${DNS1:=208.67.220.220}
562
	DNS2=${DNS2:=208.67.222.222}
564
	DNS2=${DNS2:=208.67.222.222}
563
	PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
565
	PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
564
	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
566
	PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2`
565
	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
567
	PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2`
566
# Write network parameters in the conf file
568
# Write network parameters in the conf file
Line 641... Line 643...
641
DEVICE=$EXTIF
643
DEVICE=$EXTIF
642
BOOTPROTO=static
644
BOOTPROTO=static
643
IPADDR=$PUBLIC_IP
645
IPADDR=$PUBLIC_IP
644
NETMASK=$PUBLIC_NETMASK
646
NETMASK=$PUBLIC_NETMASK
645
GATEWAY=$PUBLIC_GATEWAY
647
GATEWAY=$PUBLIC_GATEWAY
646
DNS1=127.0.0.1
648
DNS1=$DNS1
-
 
649
DNS2=$DNS2
647
RESOLV_MODS=yes
650
RESOLV_MODS=yes
648
ONBOOT=yes
651
ONBOOT=yes
649
METRIC=10
652
METRIC=10
650
NOZEROCONF=yes
653
NOZEROCONF=yes
651
MII_NOT_SUPPORTED=yes
654
MII_NOT_SUPPORTED=yes
Line 1470... Line 1473...
1470
	$SED "s?^Interface.*?Interface \"$EXTIF\"?g" /etc/vnstat.conf
1473
	$SED "s?^Interface.*?Interface \"$EXTIF\"?g" /etc/vnstat.conf
1471
	$SED "s?^DatabaseDir.*?DatabaseDir /var/log/vnstat?g" /etc/vnstat.conf
1474
	$SED "s?^DatabaseDir.*?DatabaseDir /var/log/vnstat?g" /etc/vnstat.conf
1472
    # vnstat-dashboard
1475
    # vnstat-dashboard
1473
    $SED "s?^\$thisInterface.*?\$thisInterface = \"$EXTIF\";?" $DIR_ACC/manager/vnstat/index.php
1476
    $SED "s?^\$thisInterface.*?\$thisInterface = \"$EXTIF\";?" $DIR_ACC/manager/vnstat/index.php
1474
	[ -e /lib/systemd/system/vnstat.service.default ] || cp /lib/systemd/system/vnstat.service /lib/systemd/system/vnstat.service.default
1477
	[ -e /lib/systemd/system/vnstat.service.default ] || cp /lib/systemd/system/vnstat.service /lib/systemd/system/vnstat.service.default
1475
    $SED "s?^PIDFILE=.*?PIDFILE=/var/run/vnstat/vnstat.pid?g" /lib/systemd/system/vnstat.service
1478
    $SED "s?^PIDFILE=.*?PIDFILE=/run/vnstat/vnstat.pid?g" /lib/systemd/system/vnstat.service
1476
} # End of vnstat()
1479
} # End of vnstat()
1477
 
1480
 
1478
###################################################################
1481
###################################################################
1479
##                     Function "dnsmasq"                        ##
1482
##                     Function "dnsmasq"                        ##
1480
## - creation of the conf files of dnsmasq (whitelist for ipset )##
1483
## - creation of the conf files of dnsmasq (whitelist for ipset )##
Line 2207... Line 2210...
2207
Type=oneshot
2210
Type=oneshot
2208
RemainAfterExit=yes
2211
RemainAfterExit=yes
2209
ExecStart=$DIR_DEST_BIN/alcasar-load_balancing.sh start
2212
ExecStart=$DIR_DEST_BIN/alcasar-load_balancing.sh start
2210
ExecStop=$DIR_DEST_BIN/alcasar-load_balancing.sh stop
2213
ExecStop=$DIR_DEST_BIN/alcasar-load_balancing.sh stop
2211
TimeoutSec=0
2214
TimeoutSec=0
2212
SysVStartPriority=99
-
 
2213
 
2215
 
2214
[Install]
2216
[Install]
2215
WantedBy=multi-user.target
2217
WantedBy=multi-user.target
2216
EOF
2218
EOF
2217
	/usr/bin/systemctl daemon-reload
2219
	/usr/bin/systemctl daemon-reload
Line 2371... Line 2373...
2371
	-\? | -h* | --h*)
2373
	-\? | -h* | --h*)
2372
		echo "$usage"
2374
		echo "$usage"
2373
		exit 0
2375
		exit 0
2374
		;;
2376
		;;
2375
	-i | --install)
2377
	-i | --install)
2376
		for func in license testing
2378
		for func in license testing_system
2377
		do
2379
		do
2378
			header_install
2380
			header_install
2379
			$func
2381
			$func
2380
			if [ $DEBUG_ALCASAR == "on" ]
2382
			if [ $DEBUG_ALCASAR == "on" ]
2381
			then
2383
			then
2382
				echo "*** 'debug' : end of install '$func' ***"
2384
				echo "*** 'debug' : end of function '$func' ***"
2383
				read
2385
				read
2384
			fi
2386
			fi
2385
		done
2387
		done
2386
# RPMs install
2388
# RPMs install
2387
		$DIR_SCRIPTS/alcasar-urpmi.sh
2389
		$DIR_SCRIPTS/alcasar-urpmi.sh
Line 2447... Line 2449...
2447
				then echo "#### Installation avec mise à jour ####";
2449
				then echo "#### Installation avec mise à jour ####";
2448
				else echo "#### Installation with update     ####";
2450
				else echo "#### Installation with update     ####";
2449
			fi
2451
			fi
2450
			mode="update"
2452
			mode="update"
2451
		fi
2453
		fi
2452
		for func in init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat dnsmasq unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt post_install
2454
		for func in testing_network init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat dnsmasq unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt post_install
2453
		do
2455
		do
2454
			$func
2456
			$func
2455
			if [ $DEBUG_ALCASAR == "on" ]
2457
			if [ $DEBUG_ALCASAR == "on" ]
2456
			then
2458
			then
2457
				echo "*** 'debug' : end of install '$func' ***"
2459
				echo "*** 'debug' : end of function '$func' ***"
2458
				read
2460
				read
2459
			fi
2461
			fi
2460
		done
2462
		done
2461
		;;
2463
		;;
2462
	-u | --uninstall)
2464
	-u | --uninstall)