| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-conf.sh 2554 2018-05-20 11:02:46Z lucas.echard $
|
2 |
# $Id: alcasar-conf.sh 2560 2018-06-10 21:04:56Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-conf.sh
|
4 |
# alcasar-conf.sh
|
| 5 |
# by REXY
|
5 |
# by REXY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| 8 |
# Ce script permet la mise à jour ALCASAR
|
8 |
# Ce script permet la mise à jour ALCASAR
|
| 9 |
# - création de l'archive des fichiers de configuration dans "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
|
9 |
# - création de l'archive des fichiers de configuration "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
|
| 10 |
# - chargement de l'archive de fichiers de configuration lors de la mise à jour d'un alcasar (alcasar-conf -load). Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions
|
10 |
# - chargement de l'archive de fichiers de configuration lors de la mise à jour d'un alcasar (alcasar-conf -load). Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions
|
| 11 |
# - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" lors d'un changement de conf réseau à chaud (alcasar-conf -apply)
|
11 |
# - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" lors d'un changement de conf réseau à chaud (alcasar-conf -apply)
|
| 12 |
# This script allows ALCASAR update
|
12 |
# This script allows ALCASAR update
|
| 13 |
# - create the configuration files backup "/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
|
13 |
# - create the configuration files backup "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
|
| 14 |
# - load the backup of configuration files during the update process (alcasar-conf -load). If needed, it's here we update files between versions
|
14 |
# - load the backup of configuration files during the update process (alcasar-conf -load). If needed, it's here we update files between versions
|
| 15 |
# - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification is needed (alcasar-conf -apply)
|
15 |
# - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification is needed (alcasar-conf -apply)
|
| 16 |
|
16 |
|
| 17 |
new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers
|
17 |
new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers
|
| 18 |
fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde
|
18 |
fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde
|
| 19 |
DIR_UPDATE="/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour
|
19 |
DIR_UPDATE="/var/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour
|
| 20 |
DIR_WEB="/var/www/html" # répertoire du centre de gestion
|
20 |
DIR_WEB="/var/www/html" # répertoire du centre de gestion
|
| 21 |
DIR_BIN="/usr/local/bin" # scripts directory
|
21 |
DIR_BIN="/usr/local/bin" # scripts directory
|
| 22 |
DIR_ETC="/usr/local/etc" # conf directory
|
22 |
DIR_ETC="/usr/local/etc" # conf directory
|
| 23 |
DIR_SHARE="/usr/local/share" # data directory
|
23 |
DIR_SHARE="/usr/local/share" # data directory
|
| 24 |
DIR_BLACKLIST="/etc/e2guardian/lists/blacklists" # Toulouse BL directory
|
24 |
DIR_BLACKLIST="/etc/e2guardian/lists/blacklists" # Toulouse BL directory
|
| Line 94... |
Line 94... |
| 94 |
else
|
94 |
else
|
| 95 |
cp /etc/e2guardian/lists/$i $DIR_UPDATE/custom_bl/
|
95 |
cp /etc/e2guardian/lists/$i $DIR_UPDATE/custom_bl/
|
| 96 |
fi
|
96 |
fi
|
| 97 |
done
|
97 |
done
|
| 98 |
cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
|
98 |
cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
|
| 99 |
# backup of different conf files (main conf file, filtering, digest, etc)
|
99 |
# backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.)
|
| 100 |
mkdir $DIR_UPDATE/etc/
|
100 |
mkdir $DIR_UPDATE/etc/
|
| 101 |
[ -e $DIR_ETC/alcasar-ethers-info ] || cp $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info # V3.1.2 new info file for dhcp static
|
101 |
[ -e $DIR_ETC/alcasar-ethers-info ] || cp $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info # V3.1.2 new info file for dhcp static
|
| 102 |
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
|
102 |
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
|
| - |
|
103 |
cp /etc/hosts $DIR_UPDATE/etc/
|
| 103 |
# backup of the security certificates (server & CA)
|
104 |
# backup of the security certificates (server & CA)
|
| 104 |
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist
|
105 |
cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE # autosigned and official if exist
|
| 105 |
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE # autosigned & official if exist
|
106 |
cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE # autosigned & official if exist
|
| 106 |
cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
|
107 |
cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
|
| 107 |
cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE
|
108 |
cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE
|
| Line 109... |
Line 110... |
| 109 |
cp -f /etc/pki/tls/certs/server-chain.crt* $DIR_UPDATE # autosigned and official if exist
|
110 |
cp -f /etc/pki/tls/certs/server-chain.crt* $DIR_UPDATE # autosigned and official if exist
|
| 110 |
else
|
111 |
else
|
| 111 |
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt
|
112 |
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt
|
| 112 |
fi
|
113 |
fi
|
| 113 |
# archive file creation
|
114 |
# archive file creation
|
| 114 |
cd /tmp
|
115 |
cd /var/tmp
|
| 115 |
tar -cf alcasar-conf.tar conf/
|
116 |
tar -cf alcasar-conf.tar conf/
|
| 116 |
gzip -f alcasar-conf.tar
|
117 |
gzip -f alcasar-conf.tar
|
| 117 |
rm -rf $DIR_UPDATE
|
118 |
rm -rf $DIR_UPDATE
|
| 118 |
;;
|
119 |
;;
|
| - |
|
120 |
|
| 119 |
--load|-load)
|
121 |
--load|-load)
|
| 120 |
cd /tmp
|
122 |
cd /var/tmp
|
| 121 |
tar -xf /tmp/alcasar-conf*.tar.gz
|
123 |
tar -xf alcasar-conf*.tar.gz
|
| 122 |
# Retrieve the logo
|
124 |
# Retrieve the logo
|
| 123 |
[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
|
125 |
[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
|
| 124 |
chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
|
126 |
chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
|
| 125 |
# Retrieve the security certificates (CA and server)
|
127 |
# Retrieve the security certificates (CA and server)
|
| 126 |
cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official
|
128 |
cp -f $DIR_UPDATE/alcasar-ca.crt* /etc/pki/CA/ # autosigned & official
|
| 127 |
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
|
129 |
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
|
| 128 |
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
|
130 |
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
|
| 129 |
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
|
131 |
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
|
| 130 |
|
- |
|
| 131 |
(cat /etc/pki/tls/private/alcasar.key; echo; cat /etc/pki/tls/certs/alcasar.crt) > /etc/pki/tls/private/alcasar.pem
|
132 |
(cat /etc/pki/tls/private/alcasar.key; echo; cat /etc/pki/tls/certs/alcasar.crt) > /etc/pki/tls/private/alcasar.pem
|
| 132 |
|
- |
|
| 133 |
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
|
133 |
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
|
| 134 |
chown -R root:apache /etc/pki
|
134 |
chown -R root:apache /etc/pki
|
| 135 |
chmod -R 750 /etc/pki
|
135 |
chmod -R 750 /etc/pki
|
| 136 |
# Import of the users database
|
136 |
# Import of the users database
|
| 137 |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS
|
137 |
gzip -dc < `ls $DIR_UPDATE/alcasar-users-database*` | mysql -u$DB_USER -p$DB_PASS
|
| 138 |
# Retrieve local parameters
|
138 |
# Retrieve local parameters
|
| 139 |
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
|
139 |
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
|
| - |
|
140 |
mv -f $DIR_ETC/hosts /etc/hosts
|
| 140 |
# Retrieve BL/WL custom files
|
141 |
# Retrieve BL/WL custom files
|
| 141 |
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/
|
142 |
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/
|
| 142 |
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/
|
143 |
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/
|
| 143 |
cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/e2guardian/lists/
|
144 |
cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/e2guardian/lists/
|
| 144 |
cp -f $DIR_UPDATE/custom_bl/bannedsitelist /etc/e2guardian/lists/
|
145 |
cp -f $DIR_UPDATE/custom_bl/bannedsitelist /etc/e2guardian/lists/
|
| Line 162... |
Line 163... |
| 162 |
else
|
163 |
else
|
| 163 |
/usr/bin/systemctl -q disable sshd.service
|
164 |
/usr/bin/systemctl -q disable sshd.service
|
| 164 |
fi
|
165 |
fi
|
| 165 |
# Remove the update folder
|
166 |
# Remove the update folder
|
| 166 |
rm -rf $DIR_UPDATE
|
167 |
rm -rf $DIR_UPDATE
|
| 167 |
# If needed : write modifications between version
|
168 |
######################### modifications between versions #######################
|
| 168 |
# V3.1.3
|
169 |
# Extract the curent version
|
| - |
|
170 |
CURRENT_VERSION=`grep ^VERSION= $CONF_FILE|cut -d"=" -f2`
|
| 169 |
# add "HTTPS_LOGIN=on" in conf file
|
171 |
MAJ_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f1`
|
| 170 |
HTTPS_LOGIN=`grep -c "^HTTPS_LOGIN=" $CONF_FILE`
|
172 |
MIN_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f2`
|
| - |
|
173 |
UPD_CURRENT_VERSION=`echo $CURRENT_VERSION|cut -d"." -f3|cut -c1`
|
| 171 |
if [ $HTTPS_LOGIN == "0" ]
|
174 |
## From 3.2.0 & 3.2.1 ##
|
| - |
|
175 |
if [ [ $MAJ_CURRENT_VERSION == "3" ] && [ $MIN_CURRENT_VERSION == "2" ] ]
|
| 172 |
then
|
176 |
then
|
| - |
|
177 |
## rewrite the file managing domain name resolution (local & remote). Hostnames resolutions are now in /etc/hosts
|
| 173 |
echo "HTTPS_LOGIN=on" >> $CONF_FILE
|
178 |
cat << EOF > $DIR_ETC/alcasar-dns-name
|
| - |
|
179 |
# Vous pouvez définir ici votre nom de domain local ('localdomain' par défaut)
|
| - |
|
180 |
# Here you can define your local domain name ('localdomain' by default)
|
| - |
|
181 |
local=/$DOMAIN/
|
| - |
|
182 |
domain=$DOMAIN
|
| - |
|
183 |
|
| - |
|
184 |
## Ajouter une ligne pour chaque nom de domaine géré par un autre seveur DNS
|
| - |
|
185 |
## Add one line for each domain name managed by an other DNS server
|
| - |
|
186 |
## server=/<your_domain>/<@IP_domain_server>
|
| - |
|
187 |
## Exemple for an A.D. domain : server=/Your.Domain.AD/110.120.100.100
|
| - |
|
188 |
## Exemple for an other domain : server=/an_other_domain/10.20.30.40
|
| 174 |
fi
|
189 |
|
| - |
|
190 |
## INFO : local hostnames are resolved in /etc/hosts file
|
| 175 |
# V3.2.0
|
191 |
EOF
|
| 176 |
# add "HTTPS_CHILLI=off" in conf file
|
192 |
## rewrite /etc/hosts file managing hostname resolution
|
| - |
|
193 |
PRIVATE_IP=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2|cut -d"/" -f1`
|
| 177 |
if [ $(grep -c "^HTTPS_CHILLI=" $CONF_FILE) == "0" ]; then
|
194 |
HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2`
|
| - |
|
195 |
cat << EOF > /etc/hosts
|
| - |
|
196 |
127.0.0.1 localhost
|
| - |
|
197 |
$PRIVATE_IP $HOSTNAME
|
| - |
|
198 |
EOF
|
| 178 |
echo "HTTPS_CHILLI=off" >> $CONF_FILE
|
199 |
# apache is removed (lighttpd instead)
|
| - |
|
200 |
rm -rf /etc/httpd/
|
| - |
|
201 |
rm -rf /var/log/httpd/
|
| - |
|
202 |
# dansguardian is removed (E²guardian instead)
|
| - |
|
203 |
rm -rf /var/dansguardian/
|
| - |
|
204 |
rm -rf /etc/dansguardian/
|
| 179 |
fi
|
205 |
fi
|
| 180 |
;;
|
206 |
;;
|
| - |
|
207 |
|
| 181 |
--apply|-apply)
|
208 |
--apply|-apply)
|
| 182 |
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
|
209 |
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
|
| 183 |
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
|
210 |
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
|
| 184 |
check=$(echo $PRIVATE_IP_MASK | egrep $PTN)
|
211 |
check=$(echo $PRIVATE_IP_MASK | egrep $PTN)
|
| 185 |
if [[ "$?" -ne 0 ]]
|
212 |
if [[ "$?" -ne 0 ]]
|
| Line 314... |
Line 341... |
| 314 |
ntpd: $PRIVATE_NETWORK_SHORT
|
341 |
ntpd: $PRIVATE_NETWORK_SHORT
|
| 315 |
EOF
|
342 |
EOF
|
| 316 |
# Set hostname
|
343 |
# Set hostname
|
| 317 |
hostnamectl set-hostname $HOSTNAME.$DOMAIN
|
344 |
hostnamectl set-hostname $HOSTNAME.$DOMAIN
|
| 318 |
# /etc/hosts
|
345 |
# /etc/hosts
|
| 319 |
domainNames="alcasar.localdomain $HOSTNAME $HOSTNAME.$DOMAIN"
|
- |
|
| 320 |
if [ "$HOSTNAME" != "alcasar" ]; then domainNames="alcasar $domainNames"; fi
|
- |
|
| 321 |
cat <<EOF > /etc/hosts
|
346 |
cat <<EOF > /etc/hosts
|
| 322 |
127.0.0.1 localhost
|
347 |
127.0.0.1 localhost
|
| 323 |
$PRIVATE_IP $domainNames
|
348 |
$PRIVATE_IP $HOSTNAME
|
| 324 |
EOF
|
349 |
EOF
|
| 325 |
# Set hostname in CoovaChilli
|
350 |
# Set hostname in CoovaChilli
|
| 326 |
$SED "s/^uamallowed.*/uamallowed\t${domainNames// /,}/g" /etc/chilli.conf
|
351 |
$SED "s/^uamallowed.*/uamallowed\t${domainNames// /,}/g" /etc/chilli.conf
|
| 327 |
$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
|
352 |
$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
|
| 328 |
[ `grep ^HTTPS_LOGIN= $CONF_FILE | cut -d'=' -f2` == "on" ] && chilli_login_protocol="https" || chilli_login_protocol="http"
|
353 |
[ `grep ^HTTPS_LOGIN= $CONF_FILE | cut -d'=' -f2` == "on" ] && chilli_login_protocol="https" || chilli_login_protocol="http"
|