Subversion Repositories ALCASAR

Rev

Rev 2665 | Rev 2705 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2665 Rev 2688
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
# $Id: alcasar-conf.sh 2665 2018-12-06 21:03:45Z tom.houdayer $
2
# $Id: alcasar-conf.sh 2688 2019-01-18 23:15:49Z lucas.echard $
3
 
3
 
4
# alcasar-conf.sh
4
# alcasar-conf.sh
5
# by REXY
5
# by REXY
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
 
7
 
Line 12... Line 12...
12
# This script allows ALCASAR update
12
# This script allows ALCASAR update
13
#	- create the configuration files backup "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
13
#	- create the configuration files backup "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
14
#	- load the backup of configuration files during the update process (alcasar-conf -load). If needed, it's here we update files between versions
14
#	- load the backup of configuration files during the update process (alcasar-conf -load). If needed, it's here we update files between versions
15
#	- apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification are needed (alcasar-conf -apply)
15
#	- apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification are needed (alcasar-conf -apply)
16
 
16
 
17
new="$(date +%G%m%d-%Hh%M)"  				# date et heure des fichiers
-
 
18
fichier="alcasar-conf-$new.tar.gz"			# nom du fichier de sauvegarde
-
 
19
DIR_UPDATE="/var/tmp/conf"				# répertoire de stockage des fichier de conf pour une mise à jour
17
DIR_UPDATE="/var/tmp/conf"				# répertoire de stockage des fichier de conf pour une mise à jour
20
DIR_WEB="/var/www/html"					# répertoire du centre de gestion
18
DIR_WEB="/var/www/html"					# répertoire du centre de gestion
21
DIR_BIN="/usr/local/bin"				# scripts directory
19
DIR_BIN="/usr/local/bin"				# scripts directory
22
DIR_ETC="/usr/local/etc"				# conf directory
20
DIR_ETC="/usr/local/etc"				# conf directory
23
DIR_SHARE="/usr/local/share"				# data directory
21
DIR_E2G="/etc/e2guardian/lists"			# Toulouse BL directory
24
DIR_BLACKLIST="/etc/e2guardian/lists/blacklists"	# Toulouse BL directory
22
DIR_BLACKLIST="$DIR_E2G/blacklists"		# Toulouse BL directory
25
CONF_FILE="$DIR_ETC/alcasar.conf"			# main alcasar conf file
23
CONF_FILE="$DIR_ETC/alcasar.conf"			# main alcasar conf file
26
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2`		# EXTernal InterFace
24
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2`		# EXTernal InterFace
27
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`		# INTernal InterFace
25
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`		# INTernal InterFace
28
MTU=`grep ^PUBLIC_MTU= $CONF_FILE|cut -d"=" -f2`
26
MTU=`grep ^PUBLIC_MTU= $CONF_FILE|cut -d"=" -f2`
29
DHCP_mode=`grep ^DHCP= $CONF_FILE|cut -d"=" -f2`
27
DHCP_mode=`grep ^DHCP= $CONF_FILE|cut -d"=" -f2`
Line 32... Line 30...
32
HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2`
30
HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2`
33
DOMAIN=`grep ^DOMAIN= $CONF_FILE|cut -d"=" -f2`
31
DOMAIN=`grep ^DOMAIN= $CONF_FILE|cut -d"=" -f2`
34
SED="/bin/sed -i"
32
SED="/bin/sed -i"
35
DNS1=`grep ^DNS1= $CONF_FILE | cut -d'=' -f2` 			# server DNS1 (for WL domain names)
33
DNS1=`grep ^DNS1= $CONF_FILE | cut -d'=' -f2` 			# server DNS1 (for WL domain names)
36
DOMAIN=${DOMAIN:=localdomain}
34
DOMAIN=${DOMAIN:=localdomain}
37
DATE=`date '+%d %B %Y - %Hh%M'`
-
 
38
 
35
 
39
private_network_calc ()
36
private_network_calc ()
40
{
37
{
41
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2`				# prefixe du réseau (ex. 24)
38
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2`				# prefixe du réseau (ex. 24)
42
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2`			# @ réseau de consultation (ex.: 192.168.182.0)
39
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2`			# @ réseau de consultation (ex.: 192.168.182.0)
43
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX									# @ + masque du réseau de consult (192.168.182.0/24)
40
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX									# @ + masque du réseau de consult (192.168.182.0/24)
44
	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2`		# classes de réseau (ex.: 2=classe B, 3=classe C)
41
	classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`;							# classes de réseau (ex.: 2=classe B, 3=classe C)
45
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.					# @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.)
42
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.					# @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.)
46
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`				# private network broadcast (ie.: 192.168.182.255)
43
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`				# private network broadcast (ie.: 192.168.182.255)
47
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`				# last octet of LAN address
-
 
48
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`			# last octet of LAN broadcast
44
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`			# last octet of LAN broadcast
49
	private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4`									# last octet of LAN address
45
	private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4`									# last octet of LAN address
50
	PRIVATE_FIRST_IP=$PRIVATE_IP															# First network address (ex.: 192.168.182.1)
-
 
51
	PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1`	# second network address (ex.: 192.168.182.2)
46
	PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1`	# second network address (ex.: 192.168.182.2)
52
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
47
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
53
	PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6| sed 's/:/-/g'| awk '{print toupper($0)}'`	# MAC address of INTIF
48
	PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6| sed 's/:/-/g'| awk '{print toupper($0)}'`	# MAC address of INTIF
54
}
49
}
55
 
50
 
Line 64... Line 59...
64
case $args in
59
case $args in
65
	-\? | -h* | --h*)
60
	-\? | -h* | --h*)
66
		echo "$usage"
61
		echo "$usage"
67
		exit 0
62
		exit 0
68
		;;
63
		;;
69
	--create|-create)	
64
	--create|-create)
70
		[ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE
65
		[ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE
71
		mkdir $DIR_UPDATE
66
		mkdir $DIR_UPDATE
72
# backup the users database  (test to delete in future version)
67
# backup the users database  (test to delete in future version)
73
		$DIR_BIN/alcasar-mysql.sh --dump
68
		$DIR_BIN/alcasar-mysql.sh --dump
74
		cp /var/Save/base/`ls -1t /var/Save/base|head -1` $DIR_UPDATE
69
		cp /var/Save/base/"$(ls -1t /var/Save/base|head -1)" $DIR_UPDATE
75
# backup the logo
70
# backup the logo
76
		cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
71
		cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
77
# backup BL/WL custom files
72
# backup BL/WL custom files
78
		mkdir $DIR_UPDATE/custom_bl
73
		mkdir $DIR_UPDATE/custom_bl
79
		for i in exceptioniplist urlregexplist exceptionsitelist bannedsitelist exceptionurllist bannedurllist
74
		for i in exceptioniplist urlregexplist exceptionsitelist bannedsitelist exceptionurllist bannedurllist
80
		do
75
		do
81
			if [ -d /etc/dansguardian ]; then
76
			if [ -d /etc/dansguardian ]; then
82
				cp /etc/dansguardian/lists/$i $DIR_UPDATE/custom_bl/ # before V3.3
77
				cp /etc/dansguardian/lists/$i $DIR_UPDATE/custom_bl/ # before V3.3
83
				cp -rf /etc/dansguardian/lists/blacklists/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
78
				cp -rf /etc/dansguardian/lists/blacklists/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
84
			else
79
			else
85
				cp /etc/e2guardian/lists/$i $DIR_UPDATE/custom_bl/ # since V3.3
80
				cp $DIR_E2G/$i $DIR_UPDATE/custom_bl/ # since V3.3
86
				cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
81
				cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
87
			fi
82
			fi
88
		done
83
		done
89
# backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.)
84
# backup of different conf files (main conf file, filtering, digest, /etc/hosts, etc.)
90
		mkdir $DIR_UPDATE/etc/
85
		mkdir $DIR_UPDATE/etc/
Line 99... Line 94...
99
		if [ -e /etc/pki/tls/certs/server-chain.crt ]; then
94
		if [ -e /etc/pki/tls/certs/server-chain.crt ]; then
100
			cp -f /etc/pki/tls/certs/server-chain.crt* $DIR_UPDATE # autosigned and official if exist
95
			cp -f /etc/pki/tls/certs/server-chain.crt* $DIR_UPDATE # autosigned and official if exist
101
		else
96
		else
102
			cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt
97
			cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt
103
		fi
98
		fi
-
 
99
# pureip & safesearch status
-
 
100
		[ -d /etc/dansguardian ] && dg_path=/etc/dansguardian || dg_path=/etc/e2guardian
-
 
101
 
-
 
102
		if ! grep -Eq '^WL_SAFESEARCH=' $DIR_UPDATE/etc/alcasar.conf; then
-
 
103
			if [ -f /etc/dnsmasq-whitelist.conf ] && grep -iq "SafeSearch" /etc/dnsmasq-whitelist.conf; then
-
 
104
				echo 'WL_SAFESEARCH=on' >> $DIR_UPDATE/etc/alcasar.conf
-
 
105
			else
-
 
106
				echo 'WL_SAFESEARCH=off' >> $DIR_UPDATE/etc/alcasar.conf
-
 
107
			fi
-
 
108
		fi
-
 
109
 
-
 
110
		if ! grep -Eq '^BL_SAFESEARCH=' $DIR_UPDATE/etc/alcasar.conf; then
-
 
111
			if [ -f /etc/dnsmasq-blacklist.conf ] && grep -iq "SafeSearch" /etc/dnsmasq-blacklist.conf; then
-
 
112
				echo 'BL_SAFESEARCH=on' >> $DIR_UPDATE/etc/alcasar.conf
-
 
113
			else
-
 
114
				echo 'BL_SAFESEARCH=off' >> $DIR_UPDATE/etc/alcasar.conf
-
 
115
			fi
-
 
116
		fi
-
 
117
 
-
 
118
		if ! grep -Eq '^BL_PUREIP=' $DIR_UPDATE/etc/alcasar.conf; then
-
 
119
			if grep -Eq "^\*ip" $dg_path/lists/bannedsitelist; then
-
 
120
				echo 'BL_PUREIP=on' >> $DIR_UPDATE/etc/alcasar.conf
-
 
121
			else
-
 
122
				echo 'BL_PUREIP=off' >> $DIR_UPDATE/etc/alcasar.conf
-
 
123
			fi
-
 
124
		fi
-
 
125
 
104
# archive file creation
126
# archive file creation
105
		cd /var/tmp
127
		cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
106
		tar -cf alcasar-conf.tar conf/
128
		tar -cf alcasar-conf.tar conf/
107
		gzip -f alcasar-conf.tar
129
		gzip -f alcasar-conf.tar
108
		rm -rf $DIR_UPDATE
130
		rm -rf $DIR_UPDATE
109
		;;
131
		;;
110
 
132
 
111
	--load|-load)
133
	--load|-load)
112
		cd /var/tmp
134
		cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
113
		tar -xf alcasar-conf*.tar.gz
135
		tar -xf alcasar-conf*.tar.gz
114
#########################   modifications between versions  #######################
136
#########################   modifications between versions  #######################
115
# Retrieve the previous version
137
# Retrieve the previous version
116
		PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2`
138
		PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2`
117
		MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
139
		MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
Line 121... Line 143...
121
	## rewrite /etc/hosts file managing hostname resolution
143
	## rewrite /etc/hosts file managing hostname resolution
122
		PRIVATE_IP=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2|cut -d"/" -f1`
144
		PRIVATE_IP=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2|cut -d"/" -f1`
123
		HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2-`
145
		HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2-`
124
		domainNames="$HOSTNAME $HOSTNAME.$DOMAIN"
146
		domainNames="$HOSTNAME $HOSTNAME.$DOMAIN"
125
		[ "$HOSTNAME" != 'alcasar' ] && domainNames="alcasar $domainNames"
147
		[ "$HOSTNAME" != 'alcasar' ] && domainNames="alcasar $domainNames"
126
		if [ $(grep -c "$PRIVATE_IP\s$domainNames" $DIR_UPDATE/etc/hosts ) -eq 0 ]; then
148
		if [ "$(grep -c "$PRIVATE_IP\s$domainNames" $DIR_UPDATE/etc/hosts )" -eq 0 ]; then
127
			cat << EOF > $DIR_UPDATE/etc/hosts
149
			cat << EOF > $DIR_UPDATE/etc/hosts
128
127.0.0.1	localhost
150
127.0.0.1	localhost
129
$PRIVATE_IP	$domainNames
151
$PRIVATE_IP	$domainNames
130
EOF
152
EOF
131
		fi
153
		fi
132
	## apache & dansguardian are replaced with lighttpd & E²guardian
154
	## apache & dansguardian are replaced with lighttpd & E²guardian
133
		if [ $(rpm -qa | grep '^\(apache\|apache-mod_php\|apache-mod_ssl\|dansguardian\)-' | wc -l) -ne 0 ]; then
155
		if [ "$(rpm -qa | grep '^\(apache\|apache-mod_php\|apache-mod_ssl\|dansguardian\)-' | wc -l)" -ne 0 ]; then
134
			rm_rpm="apache apache-mod_php apache-mod_ssl dansguardian"
156
			rm_rpm="apache apache-mod_php apache-mod_ssl dansguardian"
135
			/usr/sbin/urpme --auto -a $rm_rpm 2>/dev/null
157
			/usr/sbin/urpme --auto -a $rm_rpm 2>/dev/null
136
			/usr/sbin/urpme --auto --auto-orphans
158
			/usr/sbin/urpme --auto --auto-orphans
137
			rm -rf /etc/httpd/ /var/log/httpd/ /var/dansguardian/ /etc/dansguardian/
159
			rm -rf /etc/httpd/ /var/log/httpd/ /var/dansguardian/ /etc/dansguardian/
138
		fi
160
		fi
139
	## lighttpd need a .pem certificate (aggregation with private key & server crt)
161
	## lighttpd need a .pem certificate (aggregation with private key & server crt)
140
		[ ! -f $DIR_UPDATE/alcasar.pem ] && (cat $DIR_UPDATE/alcasar.key; echo; cat $DIR_UPDATE/alcasar.crt) > $DIR_UPDATE/alcasar.pem
162
		[ ! -f $DIR_UPDATE/alcasar.pem ] && (cat $DIR_UPDATE/alcasar.key; echo; cat $DIR_UPDATE/alcasar.crt) > $DIR_UPDATE/alcasar.pem
141
##  From 3.3.0  ##
163
##  From 3.3.0  ##
142
	# add "SMS=off" in conf file
164
	# add "SMS=off" in conf file
143
		if [ $(grep -c '^SMS=' $DIR_UPDATE/etc/alcasar.conf) -eq 0 ]; then
165
		if [ "$(grep -c '^SMS=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
144
				echo "SMS=off" >> $DIR_UPDATE/etc/alcasar.conf
166
				echo "SMS=off" >> $DIR_UPDATE/etc/alcasar.conf
145
		fi
167
		fi
146
		if [ $(grep -c '^SMS_NUM=' $DIR_UPDATE/etc/alcasar.conf) -eq 0 ]; then
168
		if [ "$(grep -c '^SMS_NUM=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
147
				echo "SMS_NUM=" >> $DIR_UPDATE/etc/alcasar.conf
169
				echo "SMS_NUM=" >> $DIR_UPDATE/etc/alcasar.conf
148
		fi
170
		fi
-
 
171
##  From 3.4.0  ##
-
 
172
	# Fix subdomain dot position (.domain.org to domain.org.) for Unbound
-
 
173
	for file in $DIR_E2G/exceptionsitelist $DIR_BLACKLIST/ossi-bl*/domains $DIR_BLACKLIST/ossi-wl*/domains; do
-
 
174
		[ -f $file ] && $SED "s/^\.\(.*\)$/\1./g" $file
-
 
175
	done
149
######################   End of modifications between versions  #######################
176
######################   End of modifications between versions  #######################
150
# Retrieve the logo
177
# Retrieve the logo
151
		[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
178
		[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
152
		chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
179
		chown apache:apache $DIR_WEB/images/organisme.png $DIR_WEB/intercept.php
153
# Retrieve the security certificates (CA and server)
180
# Retrieve the security certificates (CA and server)
154
		cp -f $DIR_UPDATE/alcasar-ca.crt /etc/pki/CA/
181
		cp -f $DIR_UPDATE/alcasar-ca.crt /etc/pki/CA/
155
		cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/
182
		cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/
156
		cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
183
		cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
157
		cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
184
		cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
158
		cp -f $DIR_UPDATE/alcasar.pem /etc/pki/tls/private/	
185
		cp -f $DIR_UPDATE/alcasar.pem /etc/pki/tls/private/
159
		[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
186
		[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
160
		chown -R root:apache /etc/pki
187
		chown -R root:apache /etc/pki
161
		chmod -R 750 /etc/pki
188
		chmod -R 750 /etc/pki
162
# Import of the users database
189
# Import of the users database
163
		$DIR_BIN/alcasar-mysql.sh --import `ls $DIR_UPDATE/alcasar-users-database*`
190
		$DIR_BIN/alcasar-mysql.sh --import "$(ls $DIR_UPDATE/alcasar-users-database*)"
164
# Retrieve local parameters
191
# Retrieve local parameters
165
		cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
192
		cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
166
		mv -f $DIR_UPDATE/etc/hosts /etc/hosts
193
		mv -f $DIR_UPDATE/etc/hosts /etc/hosts
167
		chmod 755 /etc/hosts
194
		chmod 755 /etc/hosts
168
# Retrieve BL/WL custom files
195
# Retrieve BL/WL custom files
169
		cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/
196
		cp -f $DIR_UPDATE/custom_bl/exceptioniplist $DIR_E2G/
170
		cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/
197
		cp -f $DIR_UPDATE/custom_bl/exceptionsitelist $DIR_E2G/
171
		cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/e2guardian/lists/
198
		cp -f $DIR_UPDATE/custom_bl/urlregexplist $DIR_E2G/
172
		cp -f $DIR_UPDATE/custom_bl/bannedsitelist /etc/e2guardian/lists/ 
199
		cp -f $DIR_UPDATE/custom_bl/bannedsitelist $DIR_E2G/
173
		cp -f $DIR_UPDATE/custom_bl/exceptionurllist /etc/e2guardian/lists/
200
		cp -f $DIR_UPDATE/custom_bl/exceptionurllist $DIR_E2G/
174
		cp -f $DIR_UPDATE/custom_bl/bannedurllist /etc/e2guardian/lists/
201
		cp -f $DIR_UPDATE/custom_bl/bannedurllist $DIR_E2G/
175
		cp -rf $DIR_UPDATE/custom_bl/ossi-* $DIR_BLACKLIST/ 2>/dev/null
202
		cp -rf $DIR_UPDATE/custom_bl/ossi-* $DIR_BLACKLIST/ 2>/dev/null
176
		chown -R e2guardian:apache /etc/e2guardian/lists
203
		chown -R e2guardian:apache $DIR_E2G
177
		chmod -R g+rw /etc/e2guardian/lists
204
		chmod -R g+rw $DIR_E2G
178
# Adapt DNS/URL filtering
205
# Adapt DNS/URL filtering
179
		PARENT_SCRIPT=`basename $0`
206
		PARENT_SCRIPT=`basename $0`
180
		export PARENT_SCRIPT
207
		export PARENT_SCRIPT
181
		$DIR_BIN/alcasar-bl.sh -cat_choice
208
		$DIR_BIN/alcasar-bl.sh -cat_choice
182
		$DIR_BIN/alcasar-bl.sh -reload
209
		$DIR_BIN/alcasar-bl.sh -reload
Line 195... Line 222...
195
		;;
222
		;;
196
 
223
 
197
	--apply|-apply)
224
	--apply|-apply)
198
		PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
225
		PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
199
		PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
226
		PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
200
		check=$(echo $PRIVATE_IP_MASK | egrep $PTN)
227
		if ! echo $PRIVATE_IP_MASK | egrep -q $PTN
201
		if [[ "$?" -ne 0 ]]
-
 
202
		then 
228
		then
203
			echo "Syntax error for PRIVATE_IP_MASK ($PRIVATE_IP_MASK)"
229
			echo "Syntax error for PRIVATE_IP_MASK ($PRIVATE_IP_MASK)"
204
			exit 0
230
			exit 0
205
		fi
231
		fi
206
		PUBLIC_IP_MASK=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2`
232
		PUBLIC_IP_MASK=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2`
207
		PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
233
		PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
208
		if [[ "$PUBLIC_IP_MASK" == "dhcp" ]]
234
		if [[ "$PUBLIC_IP_MASK" == "dhcp" ]]
209
		then
235
		then
210
			PUBLIC_GATEWAY="dhcp"
236
			PUBLIC_GATEWAY="dhcp"
211
 
237
 
212
		else
238
		else
213
			check=$(echo $PUBLIC_IP_MASK | egrep $PTN)
239
			if ! echo $PUBLIC_IP_MASK | egrep -q $PTN
214
			if [[ "$?" -ne 0 ]]
-
 
215
			then 
240
			then
216
				echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"
241
				echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"
217
				exit 0
242
				exit 0
218
			fi
243
			fi
219
			PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1`
244
			PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1`
220
			PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
245
			PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
221
			PUBLIC_GATEWAY=`grep ^GW= $CONF_FILE|cut -d"=" -f2`
246
			PUBLIC_GATEWAY=`grep ^GW= $CONF_FILE|cut -d"=" -f2`
222
			check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
247
			if ! echo $PUBLIC_GATEWAY | egrep -q $PTN
223
			if [[ "$?" -ne 0 ]]
-
 
224
			then 
248
			then
225
				echo "Syntax error for the Gateway IP ($PUBLIC_GATEWAY)"
249
				echo "Syntax error for the Gateway IP ($PUBLIC_GATEWAY)"
226
				exit 0
250
				exit 0
227
			fi
251
			fi
228
		fi
252
		fi
229
		DNS1=`grep ^DNS1= $CONF_FILE|cut -d"=" -f2`
253
		DNS1=`grep ^DNS1= $CONF_FILE|cut -d"=" -f2`
230
		check=$(echo $DNS1 | egrep $PTN)
254
		if ! echo $DNS1 | egrep -q $PTN
231
		if [[ "$?" -ne 0 ]]
-
 
232
		then 
255
		then
233
			echo "Syntax error for the IP address of the first DNS server ($DNS1)"
256
			echo "Syntax error for the IP address of the first DNS server ($DNS1)"
234
			exit 0
257
			exit 0
235
		fi
258
		fi
236
		DNS2=`grep ^DNS2= $CONF_FILE|cut -d"=" -f2`
259
		DNS2=`grep ^DNS2= $CONF_FILE|cut -d"=" -f2`
237
		check=$(echo $DNS2 | egrep $PTN)
260
		if ! echo $DNS2 | egrep -q $PTN
238
		if [[ "$?" -ne 0 ]]
-
 
239
		then 
261
		then
240
			echo "Syntax error for the IP address of the second DNS server ($DNS2)"
262
			echo "Syntax error for the IP address of the second DNS server ($DNS2)"
241
			exit 0
263
			exit 0
242
		fi
264
		fi
243
		PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
265
		PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
244
		PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`
266
		PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`
245
		private_network_calc
267
		private_network_calc
246
		INSTALL_DATE=`grep ^INSTALL_DATE= $CONF_FILE|cut -d"=" -f2`
268
		INSTALL_DATE=`grep ^INSTALL_DATE= $CONF_FILE|cut -d"=" -f2`
247
		ORGANISME=`grep ^ORGANISM= $CONF_FILE|cut -d"=" -f2-`
269
		ORGANISME=`grep ^ORGANISM= $CONF_FILE|cut -d"=" -f2-`
-
 
270
		BL_SAFESEARCH=`grep ^BL_SAFESEARCH= $CONF_FILE|cut -d"=" -f2`
-
 
271
		WL_SAFESEARCH=`grep ^WL_SAFESEARCH= $CONF_FILE|cut -d"=" -f2`
-
 
272
		BL_PUREIP=`grep ^BL_PUREIP= $CONF_FILE|cut -d"=" -f2`
248
		DHCP_mode=`grep ^DHCP= $CONF_FILE|cut -d"=" -f2`
273
		DHCP_mode=`grep ^DHCP= $CONF_FILE|cut -d"=" -f2`
249
		if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
274
		if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
250
		then
275
		then
251
			if [ $DHCP_mode = "off" ] || [ $DHCP_mode = "Off" ] || [ $DHCP_mode = "OFF" ]
276
			if [ "$DHCP_mode" = "off" ] || [ "$DHCP_mode" = "Off" ] || [ "$DHCP_mode" = "OFF" ]
252
			then
277
			then
253
				$DIR_BIN/alcasar-dhcp.sh --off
278
				$DIR_BIN/alcasar-dhcp.sh --off
254
			else
279
			else
255
				$DIR_BIN/alcasar-dhcp.sh --on
280
				$DIR_BIN/alcasar-dhcp.sh --on
256
			fi
281
			fi
257
 
282
 
258
# Set the local DNS (or not)
283
# Set the local DNS (or not)
259
			if [ $INT_DNS_mode = "on" ] || [ $INT_DNS_mode = "On" ] || [ $INT_DNS_mode = "ON" ]
284
			if [ "$INT_DNS_mode" = "on" ] || [ "$INT_DNS_mode" = "On" ] || [ "$INT_DNS_mode" = "ON" ]
260
			then
285
			then
261
				$DIR_BIN/alcasar-dns-local.sh --on
286
				$DIR_BIN/alcasar-dns-local.sh --on
262
			else
287
			else
263
				$DIR_BIN/alcasar-dns-local.sh --off
288
				$DIR_BIN/alcasar-dns-local.sh --off
264
			fi
289
			fi
265
 
290
 
-
 
291
# Set the pure ip option (or not)
-
 
292
			if [ "$BL_PUREIP" = "off" ] || [ "$BL_PUREIP" = "Off" ] || [ "$BL_PUREIP" = "OFF" ]
-
 
293
			then
-
 
294
				bl_filter_param+="--pureip_off"
-
 
295
			else
-
 
296
				bl_filter_param+="--pureip_on"
-
 
297
			fi
-
 
298
 
-
 
299
# Set the safesearch options (or not)
-
 
300
			bl_filter_param=""
-
 
301
			if [ "$BL_SAFESEARCH" = "on" ] || [ "$BL_SAFESEARCH" = "On" ] || [ "$BL_SAFESEARCH" = "ON" ]
-
 
302
			then
-
 
303
				bl_filter_param+="--safesearch_on "
-
 
304
			else
-
 
305
				bl_filter_param+="--safesearch_off "
-
 
306
			fi
-
 
307
 
-
 
308
			$DIR_BIN/alcasar-url_filter_bl.sh $bl_filter_param
-
 
309
 
-
 
310
			if [ "$WL_SAFESEARCH" = "on" ] || [ "$WL_SAFESEARCH" = "On" ] || [ "$WL_SAFESEARCH" = "ON" ]
-
 
311
			then
-
 
312
				$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_on
-
 
313
			else
-
 
314
				$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_off
-
 
315
			fi
-
 
316
 
-
 
317
# Reload the local dns configuration
-
 
318
			$DIR_BIN/alcasar-dns-local.sh --reload
-
 
319
 
266
# Logout everybody
320
# Logout everybody
267
			$DIR_BIN/alcasar-logout.sh all		
321
			$DIR_BIN/alcasar-logout.sh all
268
# Services stop
322
# Services stop
269
			echo -n "Stop services : "
323
			echo -n "Stop services : "
270
			for i in ntpd tinyproxy e2guardian dnsmasq dnsmasq-whitelist dnsmasq-blacklist dnsmasq-blackhole chilli network lighttpd
324
			for i in ntpd tinyproxy e2guardian unbound unbound-whitelist dnsmasq-whitelist unbound-blacklist unbound-blackhole chilli network lighttpd
271
			do
325
			do
272
				/usr/bin/systemctl stop $i && echo -n "$i, "
326
				/usr/bin/systemctl stop $i && echo -n "$i, "
273
			done
327
			done
274
			echo
328
			echo
275
		fi
329
		fi
Line 290... Line 344...
290
ACCOUNTING=no
344
ACCOUNTING=no
291
USERCTL=no
345
USERCTL=no
292
MTU=$MTU
346
MTU=$MTU
293
NOZEROCONF=yes
347
NOZEROCONF=yes
294
EOF
348
EOF
295
		else	
349
		else
296
			cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
350
			cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
297
DEVICE=$EXTIF
351
DEVICE=$EXTIF
298
BOOTPROTO=static
352
BOOTPROTO=static
299
IPADDR=$PUBLIC_IP
353
IPADDR=$PUBLIC_IP
300
NETMASK=$PUBLIC_NETMASK
354
NETMASK=$PUBLIC_NETMASK
Line 315... Line 369...
315
# INTIF config (for bypass mode only)
369
# INTIF config (for bypass mode only)
316
		$SED "s?^IPADDR=.*?IPADDR=$PRIVATE_IP?" /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF
370
		$SED "s?^IPADDR=.*?IPADDR=$PRIVATE_IP?" /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF
317
		$SED "s?^NETMASK=.*?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF
371
		$SED "s?^NETMASK=.*?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF
318
# NTP server
372
# NTP server
319
		$SED "/127.0.0.1/!s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap?g" /etc/ntp.conf
373
		$SED "/127.0.0.1/!s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap?g" /etc/ntp.conf
320
# host.allow 
374
# host.allow
321
		cat <<EOF > /etc/hosts.allow
375
		cat <<EOF > /etc/hosts.allow
322
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
376
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
323
sshd: ALL
377
sshd: ALL
324
ntpd: $PRIVATE_NETWORK_SHORT
378
ntpd: $PRIVATE_NETWORK_SHORT
325
EOF
379
EOF
Line 333... Line 387...
333
		[ "$HOSTNAME" != 'alcasar' ] && $SED "/\salcasar\s\$/d" /etc/hosts
387
		[ "$HOSTNAME" != 'alcasar' ] && $SED "/\salcasar\s\$/d" /etc/hosts
334
		echo "$PRIVATE_IP	$domainNames" >> /etc/hosts
388
		echo "$PRIVATE_IP	$domainNames" >> /etc/hosts
335
# MOTD
389
# MOTD
336
		$SED "s@'https://\(.\+\)/acc'@'https://$HOSTNAME.$DOMAIN/acc'@" /etc/mageia-release
390
		$SED "s@'https://\(.\+\)/acc'@'https://$HOSTNAME.$DOMAIN/acc'@" /etc/mageia-release
337
# Lighttpd
391
# Lighttpd
338
		$SED "s?^server\.bind.*?server\.bind = \"$HOSTNAME.$DOMAIN\"?g" /etc/lighttpd/lighttpd.conf
392
		$SED "s?^server\.bind.*?server\.bind = \"$PRIVATE_IP\"?g" /etc/lighttpd/lighttpd.conf
339
		$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$HOSTNAME.$DOMAIN"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf
393
		$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$PRIVATE_IP"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf
340
		$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$HOSTNAME.$DOMAIN\"/g" /etc/lighttpd/vhosts.d/alcasar.conf
394
		$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$PRIVATE_IP\"/g" /etc/lighttpd/vhosts.d/alcasar.conf
341
# FreeRADIUS Web
395
# FreeRADIUS Web
342
		$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
396
		$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
343
		$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
397
		$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
344
# coova
398
# coova
345
		$SED "s/^uamallowed.*/uamallowed\t$HOSTNAME,$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
399
		$SED "s/^uamallowed.*/uamallowed\t$HOSTNAME,$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
346
		$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
400
		$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
347
		[ `grep ^HTTPS_LOGIN= $CONF_FILE | cut -d'=' -f2` == "on" ] && chilli_login_protocol="https" || chilli_login_protocol="http"
401
		[ "`grep ^HTTPS_LOGIN= $CONF_FILE | cut -d'=' -f2`" == "on" ] && chilli_login_protocol="https" || chilli_login_protocol="http"
348
		$SED "s/^uamserver.*/uamserver\t$chilli_login_protocol:\/\/$HOSTNAME.$DOMAIN\/intercept.php/" /etc/chilli.conf
402
		$SED "s/^uamserver.*/uamserver\t$chilli_login_protocol:\/\/$HOSTNAME.$DOMAIN\/intercept.php/" /etc/chilli.conf
349
		$SED "s/^radiusnasid.*/radiusnasid\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
403
		$SED "s/^radiusnasid.*/radiusnasid\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
350
		$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf
404
		$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf
351
		$SED "s?^dns1.*?dns1\t\t$PRIVATE_IP?g" /etc/chilli.conf
405
		$SED "s?^dns1.*?dns1\t\t$PRIVATE_IP?g" /etc/chilli.conf
352
		$SED "s?^dns2.*?dns2\t\t$PRIVATE_IP?g" /etc/chilli.conf
406
		$SED "s?^dns2.*?dns2\t\t$PRIVATE_IP?g" /etc/chilli.conf
353
		$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf
407
		$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf
354
		# modify the DHCP static ip file. Reserve the second IP address for INTIF (the first one is for tun0). Keep previous entries
408
		# modify the DHCP static ip file. Reserve the second IP address for INTIF (the first one is for tun0). Keep previous entries
355
		$SED "s?^$PRIVATE_MAC.*?$PRIVATE_MAC $PRIVATE_SECOND_IP?" $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info
409
		$SED "s?^$PRIVATE_MAC.*?$PRIVATE_MAC $PRIVATE_SECOND_IP?" $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info
-
 
410
# dnsmasq-whitelist
-
 
411
		$SED "/^server=/d" /etc/dnsmasq-whitelist.conf
-
 
412
		echo "server=$DNS1" >> /etc/dnsmasq-whitelist.conf
-
 
413
		echo "server=$DNS2" >> /etc/dnsmasq-whitelist.conf
356
# dnsmasq
414
# unbound
-
 
415
		# removing unbound configuration files
357
		$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf /etc/dnsmasq-blackhole.conf
416
		rm -f /etc/unbound/conf.d/{forward,blacklist,whitelist,blackhole}/iface.*
358
		for i in /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf
417
		rm -f /etc/unbound/conf.d/common/forward-zone.conf
-
 
418
		find /etc/unbound/conf.d/common/local-dns/ ! -name "global.conf" -type f -delete
-
 
419
 
-
 
420
		# Configuration file for the dns servers forward-zone
-
 
421
		cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf
-
 
422
forward-zone:
-
 
423
	name: "."
-
 
424
	forward-addr: $DNS1
-
 
425
	forward-addr: $DNS2
-
 
426
EOF
-
 
427
 
-
 
428
		# Configuration file of ALCASAR main domains for $INTIF
-
 
429
		cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
-
 
430
server:
-
 
431
	local-zone: "$HOSTNAME.$DOMAIN" static
-
 
432
	local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"
-
 
433
	local-zone: "$HOSTNAME" static
-
 
434
	local-data: "$HOSTNAME A $PRIVATE_IP"
359
		do
435
EOF
-
 
436
 
-
 
437
		# Configuration file for lo of forward unbound
-
 
438
		cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf
-
 
439
server:
360
			$SED "/^server=/d" $i
440
	interface: 127.0.0.1@53
-
 
441
	access-control-view: 127.0.0.1/8 lo
-
 
442
 
-
 
443
view:
-
 
444
	name: "lo"
-
 
445
	view-first: yes
-
 
446
	local-zone: "$HOSTNAME.$DOMAIN" static
-
 
447
	local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1"
361
			echo "server=$DNS1" >> $i
448
	local-zone: "$HOSTNAME" static
-
 
449
	local-data: "$HOSTNAME A 127.0.0.1"
362
			echo "server=$DNS2" >> $i
450
	local-zone: "$DOMAIN." static
-
 
451
	local-data: "$DOMAIN. A"
-
 
452
EOF
-
 
453
 
-
 
454
		if [ "$HOSTNAME" != 'alcasar' ]
363
		done
455
		then
-
 
456
			echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
364
		$SED "s?^address=.*?address=/#/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf
457
			echo -e "\tlocal-zone: \"alcasar A $PRIVATE_IP\"" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
365
		for i in `ls $DIR_SHARE/dnsmasq-wl`
458
			echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf
-
 
459
			echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf
366
		do
460
		fi
-
 
461
 
-
 
462
		# Configuration file for $INTIF of forward unbound
367
			cat $DIR_SHARE/dnsmasq-wl/$i|cut -d"/" -f1,2 > /tmp/tmp_file
463
		cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf
-
 
464
server:
368
			$SED "s/$/\/$DNS1/" /tmp/tmp_file
465
	interface: ${PRIVATE_IP}@53
-
 
466
	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
-
 
467
 
-
 
468
view:
-
 
469
	name: "$INTIF"
-
 
470
	view-first: yes
-
 
471
EOF
-
 
472
 
369
			mv -f /tmp/tmp_file $DIR_SHARE/dnsmasq-wl/$i
473
		# Configuration file for $INTIF of blacklist unbound
-
 
474
		cat << EOF > /etc/unbound/conf.d/blacklist/iface.${INTIF}.conf
370
		done
475
server:
371
		chown root:apache $DIR_SHARE/dnsmasq-wl/*
476
	interface: ${PRIVATE_IP}@54
372
		chmod 660 $DIR_SHARE/dnsmasq-wl/*
477
	access-control: $PRIVATE_IP_MASK allow
-
 
478
	access-control-tag: $PRIVATE_IP_MASK "blacklist"
373
		$SED "s@^\([#]\?\)dhcp-range=.*@\1dhcp-range=$PRIVATE_SECOND_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h@" /etc/dnsmasq.conf
479
	access-control-tag-action: $PRIVATE_IP_MASK "blacklist" redirect
374
		$SED "s@^\([#]\?\)dhcp-option=option:router.*@\1dhcp-option=option:router,$PRIVATE_IP@" /etc/dnsmasq.conf
480
	access-control-tag-data: $PRIVATE_IP_MASK "blacklist" "A $PRIVATE_IP"
-
 
481
EOF
-
 
482
 
-
 
483
		# Configuration file for $INTIF of whitelist unbound
375
		$SED "s@^\([#]\?\)dhcp-option=option:ntp-server.*@\1dhcp-option=option:ntp-server,$PRIVATE_IP@" /etc/dnsmasq.conf
484
		cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf
-
 
485
server:
376
		networkDomain='localdomain'
486
	interface: ${PRIVATE_IP}@55
-
 
487
	access-control: $PRIVATE_IP_MASK allow
-
 
488
	access-control-tag: $PRIVATE_IP_MASK "whitelist"
377
		# networkDomain="$DOMAIN" (/!\ this domain (and its subdomains) will not be resolved by the external DNS servers)
489
	access-control-tag-action: $PRIVATE_IP_MASK "whitelist" redirect
378
		$SED "s?^local=.*?local=/$networkDomain/?g" $DIR_ETC/alcasar-dns-name
490
	access-control-tag-data: $PRIVATE_IP_MASK "whitelist" "A $PRIVATE_IP"
-
 
491
EOF
-
 
492
 
-
 
493
		# Configuration file for $INTIF of blackhole unbound
379
		$SED "s?^domain=.*?domain=$networkDomain?g" $DIR_ETC/alcasar-dns-name
494
		cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf
-
 
495
server:
-
 
496
	interface: ${PRIVATE_IP}@56
-
 
497
	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
-
 
498
 
-
 
499
view:
-
 
500
	name: "$INTIF"
-
 
501
	local-zone: "." redirect
-
 
502
	local-data: ". A $PRIVATE_IP"
-
 
503
EOF
-
 
504
 
-
 
505
# dhcpd
-
 
506
		cat <<EOF > /etc/dhcpd.conf
-
 
507
ddns-update-style none;
-
 
508
subnet $PRIVATE_NETWORK netmask $PRIVATE_NETMASK {
-
 
509
	option routers $PRIVATE_IP;
-
 
510
	option subnet-mask $PRIVATE_NETMASK;
-
 
511
	option domain-name-servers $PRIVATE_IP;
-
 
512
 
-
 
513
	range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;
-
 
514
	default-lease-time 21600;
-
 
515
	max-lease-time 43200;
-
 
516
}
-
 
517
EOF
380
# tinyproxy			
518
# tinyproxy
381
		$SED "s?^Listen.*?Listen $PRIVATE_IP?g" /etc/tinyproxy/tinyproxy.conf
519
		$SED "s?^Listen.*?Listen $PRIVATE_IP?g" /etc/tinyproxy/tinyproxy.conf
382
# DG + BL
520
# DG + BL
383
		$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/e2guardian/e2guardian.conf
521
		$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/e2guardian/e2guardian.conf
384
# Watchdog
522
# Watchdog
385
		$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh
523
		$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh
Line 390... Line 528...
390
		if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
528
		if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
391
		then
529
		then
392
# Services start
530
# Services start
393
			/usr/bin/systemctl start network && echo -n "Start service : network" && sleep 1
531
			/usr/bin/systemctl start network && echo -n "Start service : network" && sleep 1
394
			$DIR_BIN/alcasar-dhcp.sh -$DHCP_mode && echo -n ", chilli" # apply DHCP mode and start CoovaChilli
532
			$DIR_BIN/alcasar-dhcp.sh -$DHCP_mode && echo -n ", chilli" # apply DHCP mode and start CoovaChilli
395
			for i in dnsmasq dnsmasq-blackhole tinyproxy ntpd
533
			for i in unbound unbound-blackhole tinyproxy ntpd
396
			do
534
			do
397
				sleep 1
535
				sleep 1
398
				/usr/bin/systemctl start $i && echo -n ", $i"
536
				/usr/bin/systemctl start $i && echo -n ", $i"
399
			done
537
			done
400
			$DIR_BIN/alcasar-bl.sh -reload && echo -n ", dnsmasq-blacklist, dnsmasq-whitelist, e2guardian, iptables"
538
			$DIR_BIN/alcasar-bl.sh -reload && echo -n ", unbound-blacklist, unbound-whitelist, dnsmasq-whitelist, e2guardian, iptables"
401
			/usr/bin/systemctl restart lighttpd && echo -n ", lighttpd"
539
			/usr/bin/systemctl restart lighttpd && echo -n ", lighttpd"
402
		fi
540
		fi
403
# Start / Stop SSH Daemon
541
# Start / Stop SSH Daemon
404
		ssh_active=`grep ^SSH= $CONF_FILE|cut -d"=" -f2`
542
		ssh_active=`grep ^SSH= $CONF_FILE|cut -d"=" -f2`
405
		if [ $ssh_active = "on" ]
543
		if [ $ssh_active = "on" ]
Line 415... Line 553...
415
			then
553
			then
416
				/usr/bin/systemctl stop sshd.service
554
				/usr/bin/systemctl stop sshd.service
417
			fi
555
			fi
418
		fi
556
		fi
419
# Start / Stop LDAP authentification
557
# Start / Stop LDAP authentification
420
		if [ LDAP_mode = "on" ] || [ $LDAP_mode = "On" ] || [ $LDAP_mode = "ON" ]
558
		if [ $LDAP_mode = "on" ] || [ $LDAP_mode = "On" ] || [ $LDAP_mode = "ON" ]
421
		then
559
		then
422
			$DIR_BIN/alcasar-ldap.sh
560
			$DIR_BIN/alcasar-ldap.sh
423
		fi
561
		fi
424
		echo
562
		echo
425
		;;
563
		;;
426
	*)
564
	*)
427
		echo "Argument inconnu :$1";
565
		echo "Argument inconnu : $1";
428
		echo "$usage"
566
		echo "$usage"
429
		exit 1
567
		exit 1
430
		;;
568
		;;
431
esac
569
esac