| Line 1... |
Line 1... |
| 1 |
#/bin/bash
|
1 |
#/bin/bash
|
| 2 |
# $Id: alcasar-conf.sh 1912 2016-05-29 13:18:17Z richard $
|
2 |
# $Id: alcasar-conf.sh 1914 2016-05-29 15:36:09Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-conf.sh
|
4 |
# alcasar-conf.sh
|
| 5 |
# by REXY
|
5 |
# by REXY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 76... |
Line 76... |
| 76 |
$DIR_BIN/alcasar-mysql.sh -dump
|
76 |
$DIR_BIN/alcasar-mysql.sh -dump
|
| 77 |
cp /var/Save/base/`ls -1t /var/Save/base|head -1` $DIR_UPDATE
|
77 |
cp /var/Save/base/`ls -1t /var/Save/base|head -1` $DIR_UPDATE
|
| 78 |
# backup the logo
|
78 |
# backup the logo
|
| 79 |
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
|
79 |
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
|
| 80 |
# backup BL/WL custom files
|
80 |
# backup BL/WL custom files
|
| - |
|
81 |
mkdir $DIR_UPDATE/custom_bl
|
| 81 |
cp -f /etc/dansguardian/lists/exceptioniplist $DIR_UPDATE/dansguardian/
|
82 |
cp -f /etc/dansguardian/lists/exceptioniplist $DIR_UPDATE/custom_bl/
|
| 82 |
cp -f /etc/dansguardian/lists/urlregexplist $DIR_UPDATE/dansguardian/
|
83 |
cp -f /etc/dansguardian/lists/urlregexplist $DIR_UPDATE/custom_bl/
|
| 83 |
cp -f /etc/dansguardian/lists/exceptionsitelist $DIR_UPDATE/dansguardian/
|
84 |
cp -f /etc/dansguardian/lists/exceptionsitelist $DIR_UPDATE/custom_bl/
|
| 84 |
cp -f /etc/dansguardian/lists/bannedsitelist $DIR_UPDATE/dansguardian/
|
85 |
cp -f /etc/dansguardian/lists/bannedsitelist $DIR_UPDATE/custom_bl/
|
| 85 |
cp -f /etc/dansguardian/lists/exceptionurllist $DIR_UPDATE/dansguardian/
|
86 |
cp -f /etc/dansguardian/lists/exceptionurllist $DIR_UPDATE/custom_bl/
|
| 86 |
cp -f /etc/dansguardian/lists/bannedurllist $DIR_UPDATE/dansguardian/
|
87 |
cp -f /etc/dansguardian/lists/bannedurllist $DIR_UPDATE/custom_bl/
|
| 87 |
cp -f $DIR_SHARE/dnsmasq-bl/ossi.conf $DIR_UPDATE/dnsmasq-bl/ossi.conf
|
88 |
cp -f $DIR_SHARE/dnsmasq-bl/ossi.conf $DIR_UPDATE/custom_bl/ossi-dnsbl.conf
|
| 88 |
cp -f $DIR_SHARE/dnsmasq-wl/ossi.conf $DIR_UPDATE/dnsmasq-wl/ossi.conf
|
89 |
cp -f $DIR_SHARE/dnsmasq-wl/ossi.conf $DIR_UPDATE/custom_bl/ossi-dnswl.conf
|
| 89 |
cp -f $DIR_SHARE/iptables-bl/ossi $DIR_UPDATE/iptables-bl/ossi
|
90 |
cp -f $DIR_SHARE/iptables-bl/ossi $DIR_UPDATE/custom_bl/ossi-ipbl
|
| 90 |
cp -f $DIR_SHARE/iptables-wl/ossi $DIR_UPDATE/iptables-wl/ossi
|
91 |
cp -f $DIR_SHARE/iptables-wl/ossi $DIR_UPDATE/custom_bl/ossi-ipwl
|
| 91 |
# backup of different conf files (main conf file, filtering, digest, etc)
|
92 |
# backup of different conf files (main conf file, filtering, digest, etc)
|
| 92 |
mkdir $DIR_UPDATE/etc/
|
93 |
mkdir $DIR_UPDATE/etc/
|
| 93 |
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
|
94 |
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
|
| 94 |
# backup of the security certificates (server & CA)
|
95 |
# backup of the security certificates (server & CA)
|
| 95 |
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist
|
96 |
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist
|
| Line 123... |
Line 124... |
| 123 |
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt /etc/pki/tls/certs/
|
124 |
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt /etc/pki/tls/certs/
|
| 124 |
chown -R root:apache /etc/pki
|
125 |
chown -R root:apache /etc/pki
|
| 125 |
chmod -R 750 /etc/pki
|
126 |
chmod -R 750 /etc/pki
|
| 126 |
# Import of the users database
|
127 |
# Import of the users database
|
| 127 |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$radiuspwd
|
128 |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$radiuspwd
|
| 128 |
# Retrieve local parameters &
|
129 |
# Retrieve local parameters
|
| 129 |
# !!! for this version (2.9.2) we need to create new digest accounts and Remove blacklist files (now in /usr/local/share)
|
- |
|
| 130 |
# !!! remove the first two lines for future versions
|
- |
|
| 131 |
[ -d $DIR_UPDATE/etc ] && rm -rf $DIR_UPDATE/etc/alcasar-dnsfilter*
|
- |
|
| 132 |
[ -d $DIR_UPDATE/etc ] && rm -f $DIR_UPDATE/etc/digest/*
|
- |
|
| 133 |
|
- |
|
| 134 |
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
|
130 |
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
|
| 135 |
# Retrieve Dansguardian files
|
131 |
# Retrieve BL/WL custom files
|
| 136 |
cp -f $DIR_UPDATE/exceptioniplist /etc/dansguardian/lists/
|
132 |
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/dansguardian/lists/
|
| 137 |
cp -f $DIR_UPDATE/exceptionsitelist /etc/dansguardian/lists/
|
133 |
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/dansguardian/lists/
|
| 138 |
cp -f $DIR_UPDATE/urlregexplist /etc/dansguardian/lists/
|
134 |
cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/dansguardian/lists/
|
| 139 |
cp -f $DIR_UPDATE/bannedsitelist /etc/dansguardian/lists/
|
135 |
cp -f $DIR_UPDATE/custom_bl/bannedsitelist /etc/dansguardian/lists/
|
| 140 |
cp -f $DIR_UPDATE/exceptionurllist /etc/dansguardian/lists/
|
136 |
cp -f $DIR_UPDATE/custom_bl/exceptionurllist /etc/dansguardian/lists/
|
| 141 |
cp -f $DIR_UPDATE/bannedurllist /etc/dansguardian/lists/
|
137 |
cp -f $DIR_UPDATE/custom_bl/bannedurllist /etc/dansguardian/lists/
|
| - |
|
138 |
cp -f $DIR_UPDATE/custom_bl/ossi-dnsbl.conf $DIR_SHARE/dnsmasq-bl/ossi.conf
|
| - |
|
139 |
cp -f $DIR_UPDATE/custom_bl/ossi-dnswl.conf $DIR_SHARE/dnsmasq-wl/ossi.conf
|
| - |
|
140 |
cp -f $DIR_UPDATE/custom_bl/ossi-ipbl $DIR_SHARE/iptables-bl/ossi
|
| 142 |
cp -rf $DIR_UPDATE/ossi /etc/dansguardian/lists/blacklists/
|
141 |
cp -f $DIR_UPDATE/custom_bl/ossi-ipwl $DIR_SHARE/iptables-wl/ossi
|
| 143 |
chown -R dansguardian:apache /etc/dansguardian/lists
|
142 |
chown -R dansguardian:apache /etc/dansguardian/lists
|
| 144 |
chmod -R g+rw /etc/dansguardian/lists
|
143 |
chmod -R g+rw /etc/dansguardian/lists
|
| 145 |
# Adapt DNS/URL filtering
|
144 |
# Adapt DNS/URL filtering
|
| 146 |
PARENT_SCRIPT=`basename $0`
|
145 |
PARENT_SCRIPT=`basename $0`
|
| 147 |
export PARENT_SCRIPT
|
146 |
export PARENT_SCRIPT
|
| Line 159... |
Line 158... |
| 159 |
then
|
158 |
then
|
| 160 |
/usr/bin/systemctl -q enable sshd.service
|
159 |
/usr/bin/systemctl -q enable sshd.service
|
| 161 |
else
|
160 |
else
|
| 162 |
/usr/bin/systemctl -q disable sshd.service
|
161 |
/usr/bin/systemctl -q disable sshd.service
|
| 163 |
fi
|
162 |
fi
|
| 164 |
# modifications added with this version (2.9.2)
|
- |
|
| 165 |
# add "HOSTNAME=" in alcasar.conf
|
- |
|
| 166 |
hostname_defined=`grep ^HOSTNAME= $CONF_FILE|wc -l`
|
- |
|
| 167 |
if [ $hostname_defined = "0" ]
|
- |
|
| 168 |
then
|
- |
|
| 169 |
$SED "/^DOMAIN=/iHOSTNAME=alcasar" $CONF_FILE
|
- |
|
| 170 |
fi
|
- |
|
| 171 |
# Remove the update folder
|
163 |
# Remove the update folder
|
| 172 |
rm -rf $DIR_UPDATE
|
164 |
rm -rf $DIR_UPDATE
|
| 173 |
;;
|
165 |
;;
|
| 174 |
--apply|-apply)
|
166 |
--apply|-apply)
|
| 175 |
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
|
167 |
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
|