Subversion Repositories ALCASAR

#!/bin/sh

#!/bin/sh

# alcasar.sh

# alcasar.sh

# by Franck BOUIJOUX, Pascal LEVANT and Richard REY

# by Franck BOUIJOUX, Pascal LEVANT and Richard REY

# This script is distributed under the Gnu General Public License (GPL)

# This script is distributed under the Gnu General Public License (GPL)

	urpmi --auto $PACKAGES 

	urpmi --auto $PACKAGES 

# On supprime les paquetages, les services et les utilisateurs inutiles

# On supprime les paquetages, les services et les utilisateurs inutiles

	for rm_rpm in shorewall dhcp-server c-icap-server cyrus-sasl distcache-server avahi mandi radeontool

	for rm_rpm in shorewall dhcp-server c-icap-server cyrus-sasl distcache-server avahi mandi radeontool

	do

	do

		/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null

		/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null

	done

	done

	for svc in alsa sound dm atd netfs bootlogd stop-bootlogd

	for svc in alsa sound dm atd netfs bootlogd stop-bootlogd

	do

	do

		/sbin/chkconfig --del $svc

		/sbin/chkconfig --del $svc

	done

	done

	$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php

	$SED "s?99/99/9999?$DATE_SHORT?g" $DIR_ACC/menu.php

	$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php

	$SED "s?\$DB_RADIUS = .*?\$DB_RADIUS = \"$DB_RADIUS\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php

	$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php

	$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php

	$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php

	$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php

	$SED "s?^\$private_ip =.*?\$private_ip = \"$PRIVATE_IP\";?g" $DIR_WEB/index.php

	$SED "s?^\$private_ip =.*?\$private_ip = \"$PRIVATE_IP\";?g" $DIR_WEB/index.php

	chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php

	chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php

	chown -R apache:apache $DIR_WEB/*

	chown -R apache:apache $DIR_WEB/*

	for i in ISO base logs/firewall logs/httpd logs/squid ;

	for i in ISO base logs/firewall logs/httpd logs/squid ;

	do

	do

		[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i

		[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i

	AllowOverride None

	AllowOverride None

	Order deny,allow

	Order deny,allow

	Deny from all

	Deny from all

	Allow from 127.0.0.1

	Allow from 127.0.0.1

	Allow from $PRIVATE_NETWORK_MASK

	Allow from $PRIVATE_NETWORK_MASK

	require valid-user

	require valid-user

	AuthType digest

	AuthType digest

	AuthName $HOSTNAME

	AuthName $HOSTNAME

	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On

	BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On

	AuthUserFile $DIR_DEST_ETC/digest/key_all

	AuthUserFile $DIR_DEST_ETC/digest/key_all

	[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default

	[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default

	[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default

	[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default

	touch $DIR_DG/lists/bannedextensionlist

	touch $DIR_DG/lists/bannedextensionlist

	touch $DIR_DG/lists/bannedmimetypelist

	touch $DIR_DG/lists/bannedmimetypelist

# 'Safesearch' regex actualisation

# 'Safesearch' regex actualisation

# empty LAN IP list that won't be WEB filtered

# empty LAN IP list that won't be WEB filtered

	[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default

	[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default

	touch $DIR_DG/lists/exceptioniplist

	touch $DIR_DG/lists/exceptioniplist

# Keep a copy of URL & domain filter configuration files

# Keep a copy of URL & domain filter configuration files

	[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default

	[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default

{

{

	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh

	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh

	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh

	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh

	$SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh

	$SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh

	$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh

	$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh

	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)

	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)

# création du fichier d'exception au filtrage

# création du fichier d'exception au filtrage

	touch /usr/local/etc/alcasar-filter-exceptions

	touch /usr/local/etc/alcasar-filter-exceptions

# le script $DIR_DEST_BIN/alcasar-iptables.sh est lancé à la fin (pour ne pas perturber une mise à jour via ssh)

# le script $DIR_DEST_BIN/alcasar-iptables.sh est lancé à la fin (pour ne pas perturber une mise à jour via ssh)

}  # End of firewall ()

}  # End of firewall ()

param_dnsmasq ()

param_dnsmasq ()

{

{

	[ -d /etc/dnsmasq.d ] || mkdir /etc/dnsmasq.d

	[ -d /etc/dnsmasq.d ] || mkdir /etc/dnsmasq.d

	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq

	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq

	[ -e /etc/dnsmasq.conf ] && cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default

	[ -e /etc/dnsmasq.conf ] && cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default

	$SED "s?^#conf-dir=.*?conf-dir=/etc/dnsmasq.d?g" /etc/dnsmasq.conf	# les fichiers de config se trouvent dans /etc/dnsmasq.d/*

	$SED "s?^#conf-dir=.*?conf-dir=/etc/dnsmasq.d?g" /etc/dnsmasq.conf	# les fichiers de config se trouvent dans /etc/dnsmasq.d/*

	$SED "s?^DHCP_LEASE=.*?DHCP_LEASE=/var/log/dnsmasq/lease.log?g" /etc/sysconfig/dnsmasq # fichier contenant les baux

	$SED "s?^DHCP_LEASE=.*?DHCP_LEASE=/var/log/dnsmasq/lease.log?g" /etc/sysconfig/dnsmasq # fichier contenant les baux

	cat << EOF > /etc/dnsmasq.d/alcasar-dnsmasq.conf 

	cat << EOF > /etc/dnsmasq.d/alcasar-dnsmasq.conf 

# Inclusion de la blacklist <domains> de Toulouse dans la configuration

# Inclusion de la blacklist <domains> de Toulouse dans la configuration

conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled

conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled

listen-address=$PRIVATE_IP

listen-address=$PRIVATE_IP

listen-address=127.0.0.1

listen-address=127.0.0.1

no-dhcp-interface=$INTIF

no-dhcp-interface=$INTIF

bind-interfaces

bind-interfaces

bogus-priv

bogus-priv

filterwin2k

filterwin2k

server=$DNS1

server=$DNS1

server=$DNS2

server=$DNS2

dhcp-range=$ORGANISME,$PRIVATE_DYN_FIRST_IP,$PRIVATE_DYN_LAST_IP,$PRIVATE_MASK,12h

dhcp-range=$ORGANISME,$PRIVATE_DYN_FIRST_IP,$PRIVATE_DYN_LAST_IP,$PRIVATE_MASK,12h

#dhcp-option=3,1.2.3.4

#dhcp-option=3,1.2.3.4

#dhcp-option=option:router,1.2.3.4

#dhcp-option=option:router,1.2.3.4

#dhcp-option=42,0.0.0.0

#dhcp-option=42,0.0.0.0

#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5

#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5

# Exemple de configuration statique : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>

# Exemple de configuration statique : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>

#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m

#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m

EOF

EOF

touch /usr/local/etc/alcasar-dns-name

touch /usr/local/etc/alcasar-dns-name

} # End dnsmasq

} # End dnsmasq

##########################################################

##########################################################

##		Fonction BL (BlackList)			##

##		Fonction BL (BlackList)			##

##########################################################

##########################################################

			read response

			read response

		done

		done

		if [ "$reponse" = "o" ] || [ "$reponse" = "O" ]

		if [ "$reponse" = "o" ] || [ "$reponse" = "O" ]

		then

		then

			$DIR_SCRIPT/alcasar-conf.sh --create

			$DIR_SCRIPT/alcasar-conf.sh --create

		fi

		fi

# On désinstalle la version actuelle

# On désinstalle la version actuelle

		$DIR_SCRIPTS/sbin/alcasar-uninstall.sh

		$DIR_SCRIPTS/sbin/alcasar-uninstall.sh

		;;

		;;

	*)

	*)