| Line 1... |
Line 1... |
| 1 |
#/bin/bash
|
1 |
#/bin/bash
|
| 2 |
# $Id: alcasar-conf.sh 1505 2014-11-28 08:48:49Z franck $
|
2 |
# $Id: alcasar-conf.sh 1518 2014-12-16 23:06:52Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-conf.sh
|
4 |
# alcasar-conf.sh
|
| 5 |
# by REXY
|
5 |
# by REXY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 106... |
Line 106... |
| 106 |
# Changes since V2.6
|
106 |
# Changes since V2.6
|
| 107 |
# SSH_ADMIN_FROM is redefined
|
107 |
# SSH_ADMIN_FROM is redefined
|
| 108 |
$SED "s?^Admin_from_IP=.*?SSH_ADMIN_FROM=0.0.0.0/0.0.0.0?" $CONF_FILE
|
108 |
$SED "s?^Admin_from_IP=.*?SSH_ADMIN_FROM=0.0.0.0/0.0.0.0?" $CONF_FILE
|
| 109 |
# macallowed is replaced with macauth
|
109 |
# macallowed is replaced with macauth
|
| 110 |
rm -f $DIR_UPDATE/etc/alcasar-macallowed
|
110 |
rm -f $DIR_UPDATE/etc/alcasar-macallowed
|
| 111 |
# DHCP mode can be "off/half/full"
|
- |
|
| 112 |
DHCP_mode=`cat $CONF_FILE|grep DHCP=|cut -d"=" -f2`
|
- |
|
| 113 |
if [ $DHCP_mode = "on" ]; then
|
- |
|
| 114 |
$SED "s?^DHCP=on.*?DHCP=full?" $CONF_FILE # DHCP option can be "off/half/full" since V2.6
|
- |
|
| 115 |
fi
|
- |
|
| 116 |
# The option 'EXT_LAN_FILTERING' is deleted
|
111 |
# The option 'EXT_LAN_FILTERING' is deleted
|
| 117 |
$SED "/^EXT_LAN/d" $CONF_FILE
|
112 |
$SED "/^EXT_LAN/d" $CONF_FILE
|
| 118 |
# The category "ip" no longer exist
|
113 |
# The category "ip" no longer exist
|
| 119 |
$SED "/\/ip\/urls/d" $DIR_UPDATE/bannedurllist; $SED "/\/ip\/domains/d" $DIR_UPDATE/bannedsitelist
|
114 |
$SED "/\/ip\/urls/d" $DIR_UPDATE/bannedurllist; $SED "/\/ip\/domains/d" $DIR_UPDATE/bannedsitelist
|
| 120 |
$SED "/blacklists\/ip/d" $DIR_UPDATE/etc/alcasar-bl-categories; $SED "/^ip/d" $DIR_UPDATE/etc/alcasar-bl-categories-enabled
|
115 |
$SED "/blacklists\/ip/d" $DIR_UPDATE/etc/alcasar-bl-categories; $SED "/^ip/d" $DIR_UPDATE/etc/alcasar-bl-categories-enabled
|
| Line 265... |
Line 260... |
| 265 |
$DIR_SBIN/alcasar-dhcp.sh --off
|
260 |
$DIR_SBIN/alcasar-dhcp.sh --off
|
| 266 |
fi
|
261 |
fi
|
| 267 |
# Logout everybody
|
262 |
# Logout everybody
|
| 268 |
$DIR_SBIN/alcasar-logout.sh all
|
263 |
$DIR_SBIN/alcasar-logout.sh all
|
| 269 |
# Services stop
|
264 |
# Services stop
|
| 270 |
for i in ntpd chilli httpd network
|
265 |
for i in ntpd httpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist chilli network
|
| 271 |
do
|
266 |
do
|
| 272 |
systemctl stop $i && echo "$i stopped"
|
267 |
systemctl stop $i && echo "$i stopped"
|
| 273 |
done
|
268 |
done
|
| 274 |
fi
|
269 |
fi
|
| 275 |
|
270 |
|
| Line 277... |
Line 272... |
| 277 |
cat <<EOF > /etc/hosts
|
272 |
cat <<EOF > /etc/hosts
|
| 278 |
127.0.0.1 localhost
|
273 |
127.0.0.1 localhost
|
| 279 |
$PRIVATE_IP $HOSTNAME $HOSTNAME.$DOMAIN
|
274 |
$PRIVATE_IP $HOSTNAME $HOSTNAME.$DOMAIN
|
| 280 |
EOF
|
275 |
EOF
|
| 281 |
|
276 |
|
| 282 |
# Ext Network Card config
|
277 |
# EXTIF config
|
| 283 |
$SED "s?^IPADDR=.*?IPADDR=$PUBLIC_IP?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
|
278 |
$SED "s?^IPADDR=.*?IPADDR=$PUBLIC_IP?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
|
| 284 |
$SED "s?^NETMASK=.*?NETMASK=$PUBLIC_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
|
279 |
$SED "s?^NETMASK=.*?NETMASK=$PUBLIC_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
|
| 285 |
$SED "s?^GATEWAY=.*?GATEWAY=$PUBLIC_GATEWAY?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
|
280 |
$SED "s?^GATEWAY=.*?GATEWAY=$PUBLIC_GATEWAY?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
|
| - |
|
281 |
# INTIF config (for bypass mode only)
|
| - |
|
282 |
$SED "s?^IPADDR=.?IPADDR=$PRIVATE_IP?" /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
|
| - |
|
283 |
$SED "s?^NETMASK=.?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
|
| 286 |
# NTP server
|
284 |
# NTP server
|
| 287 |
$SED "/127.0.0.1/!s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap?g" /etc/ntp.conf
|
285 |
$SED "/127.0.0.1/!s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap?g" /etc/ntp.conf
|
| 288 |
# host.allow
|
286 |
# host.allow
|
| 289 |
cat <<EOF > /etc/hosts.allow
|
287 |
cat <<EOF > /etc/hosts.allow
|
| 290 |
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
|
288 |
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
|
| Line 298... |
Line 296... |
| 298 |
$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf
|
296 |
$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf
|
| 299 |
# Dialup_Admin
|
297 |
# Dialup_Admin
|
| 300 |
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
|
298 |
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
|
| 301 |
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
|
299 |
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
|
| 302 |
# coova
|
300 |
# coova
|
| 303 |
#$SED "s?ifconfig.*?ifconfig \$HS_LANIF $PRIVATE_IP?g" /etc/init.d/chilli
|
- |
|
| 304 |
$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf
|
301 |
$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf
|
| 305 |
$SED "s?^dns1.*?dns1\t\t$PRIVATE_IP?g" /etc/chilli.conf
|
302 |
$SED "s?^dns1.*?dns1\t\t$PRIVATE_IP?g" /etc/chilli.conf
|
| 306 |
$SED "s?^dns2.*?dns2\t\t$PRIVATE_IP?g" /etc/chilli.conf
|
303 |
$SED "s?^dns2.*?dns2\t\t$PRIVATE_IP?g" /etc/chilli.conf
|
| 307 |
$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf
|
304 |
$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf
|
| 308 |
# dhcp (coova + dnsmasq)
|
- |
|
| 309 |
$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode
|
- |
|
| 310 |
# dnsmasq
|
305 |
# dnsmasq
|
| 311 |
$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
|
306 |
$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
|
| 312 |
for i in /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf
|
307 |
for i in /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf
|
| 313 |
do
|
308 |
do
|
| 314 |
$SED "/^server=/d" $i
|
309 |
$SED "/^server=/d" $i
|
| 315 |
echo "server=$DNS1" >> $i
|
310 |
echo "server=$DNS1" >> $i
|
| 316 |
echo "server=$DNS2" >> $i
|
311 |
echo "server=$DNS2" >> $i
|
| 317 |
done
|
312 |
done
|
| 318 |
$SED "s?^dhcp-range=.*?dhcp-range=$PRIVATE_SECOND_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h?g" /etc/dnsmasq.conf
|
313 |
$SED "s?^dhcp-range=.*?dhcp-range=$PRIVATE_SECOND_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h?g" /etc/dnsmasq.conf
|
| 319 |
$SED "s?^dhcp-option=option:router.*?dhcp-option=option:router,$PRIVATE_IP?g" /etc/dnsmasq.conf
|
314 |
$SED "s?^dhcp-option=option:router.*?dhcp-option=option:router,$PRIVATE_IP?g" /etc/dnsmasq.conf
|
| - |
|
315 |
# tinyproxy
|
| - |
|
316 |
$SED "s?^Listen.*?Listen $PRIVATE_IP?g" /etc/tinyproxy/tinyproxy.conf
|
| 320 |
# DG + BL
|
317 |
# DG + BL
|
| 321 |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf
|
318 |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf
|
| 322 |
# Watchdog
|
319 |
# Watchdog
|
| 323 |
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh
|
320 |
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh
|
| 324 |
# SSHD
|
321 |
# SSHD
|
| 325 |
$SED "/^ListenAddress/d" /etc/ssh/sshd_config
|
322 |
$SED "/^ListenAddress/d" /etc/ssh/sshd_config
|
| 326 |
# $SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
|
- |
|
| 327 |
$SED "/ListenAddress 0.0.0.0.*/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
|
323 |
$SED "/ListenAddress 0.0.0.0.*/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
|
| 328 |
$SED "/ListenAddress $PUBLIC_IP/a\ListenAddress $PRIVATE_IP" /etc/ssh/sshd_config
|
324 |
$SED "/ListenAddress $PUBLIC_IP/a\ListenAddress $PRIVATE_IP" /etc/ssh/sshd_config
|
| 329 |
# Prompts
|
325 |
# Prompts
|
| 330 |
$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc
|
326 |
$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc
|
| 331 |
# sudoers
|
327 |
# sudoers
|
| 332 |
$SED "s?^Host_Alias.*?Host_Alias LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost #réseau de l'organisme?g" /etc/sudoers
|
328 |
$SED "s?^Host_Alias.*?Host_Alias LAN_ORG=$PRIVATE_NETWORK/$PRIVATE_NETMASK,localhost #réseau de l'organisme?g" /etc/sudoers
|
| 333 |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
|
329 |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
|
| 334 |
then
|
330 |
then
|
| 335 |
# Services start
|
331 |
# Services start
|
| - |
|
332 |
systemctl start network
|
| - |
|
333 |
$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode # apply DHCP mode and start coova
|
| 336 |
for i in network ntpd chilli httpd
|
334 |
for i in ntpd httpd tinyproxy dnsmasq
|
| 337 |
do
|
335 |
do
|
| 338 |
systemctl start $i && echo "$i started"
|
336 |
systemctl start $i && echo "$i started"
|
| 339 |
done
|
337 |
done
|
| 340 |
# Reload BL (restart DG, dnsmasq & iptables)
|
338 |
$DIR_SBIN/alcasar-bl.sh -reload # restart DG, dnsmasq-blacklist dnsmasq-whitelist & iptables
|
| 341 |
$DIR_SBIN/alcasar-bl.sh -reload
|
- |
|
| 342 |
fi
|
339 |
fi
|
| 343 |
# Start / Stop SSH Daemon
|
340 |
# Start / Stop SSH Daemon
|
| 344 |
ssh_active=`grep SSH= $CONF_FILE|cut -d"=" -f2`
|
341 |
ssh_active=`grep SSH= $CONF_FILE|cut -d"=" -f2`
|
| 345 |
if [ $ssh_active = "on" ]
|
342 |
if [ $ssh_active = "on" ]
|
| 346 |
then
|
343 |
then
|