Subversion Repositories ALCASAR

Rev

Rev 2707 | Rev 2745 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2707 Rev 2744
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
# $Id: alcasar-conf.sh 2707 2019-03-05 22:54:17Z tom.houdayer $
2
# $Id: alcasar-conf.sh 2744 2019-07-28 09:29:15Z rexy $
3
 
3
 
4
# alcasar-conf.sh
4
# alcasar-conf.sh
5
# by REXY
5
# by REXY
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
 
7
 
8
# Ce script permet de mettre à jour d'ALCASAR
8
# Ce script permet la mise à jour d'un ALCASAR
9
#	- création de l'archive des fichiers de configuration "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
9
#	- (alcasar-conf.sh -create) : création de l'archive des fichiers de configuration (/var/tmp/alcasar-conf.tar.gz)
10
#	- chargement de l'archive de fichiers de configuration lors de la mise à jour d'un alcasar (alcasar-conf -load). Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions
10
#	- (alcasar-conf.sh -load) : chargement de l'archive des fichiers de configuration. Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions
11
#	- application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" à chaud (alcasar-conf -apply)
11
#	- (alcasar-conf.sh -apply) : application des directives du fichier de conf central "/usr/local/etc/alcasar.conf". Peut aussi être exploité à chaud après avoir changé des valeurs du fichier de conf.
12
# This script allows ALCASAR update
12
# This script allows ALCASAR update
13
#	- create the configuration files backup "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)
13
#	- (alcasar-conf.sh -create) : create the configuration files backup (/var/tmp/alcasar-conf.tar.gz)
14
#	- load the backup of configuration files during the update process (alcasar-conf -load). If needed, it's here we update files between versions
14
#	- (alcasar-conf.sh -load) : load the backup of configuration files. If needed, it's here we update files between versions
15
#	- apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification are needed (alcasar-conf -apply)
15
#	- (alcasar-conf.sh -load) : apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf". Can be use after changes of conf file values.
16
 
16
 
17
DIR_UPDATE="/var/tmp/conf"				# répertoire de stockage des fichier de conf pour une mise à jour
17
DIR_UPDATE="/var/tmp/conf"				# répertoire de stockage des fichier de conf pour une mise à jour
18
DIR_WEB="/var/www/html"					# répertoire du centre de gestion
18
DIR_WEB="/var/www/html"					# répertoire du centre de gestion
19
DIR_BIN="/usr/local/bin"				# scripts directory
19
DIR_BIN="/usr/local/bin"				# scripts directory
20
DIR_ETC="/usr/local/etc"				# conf directory
20
DIR_ETC="/usr/local/etc"				# conf directory
Line 239... Line 239...
239
		PUBLIC_IP_MASK=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2`
239
		PUBLIC_IP_MASK=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2`
240
		PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
240
		PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
241
		if [[ "$PUBLIC_IP_MASK" == "dhcp" ]]
241
		if [[ "$PUBLIC_IP_MASK" == "dhcp" ]]
242
		then
242
		then
243
			PUBLIC_GATEWAY="dhcp"
243
			PUBLIC_GATEWAY="dhcp"
244
 
-
 
245
		else
244
		else
246
			if ! echo $PUBLIC_IP_MASK | egrep -q $PTN
245
			if ! echo $PUBLIC_IP_MASK | egrep -q $PTN
247
			then
246
			then
248
				echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"
247
				echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"
249
				exit 0
248
				exit 0
Line 284... Line 283...
284
			then
283
			then
285
				$DIR_BIN/alcasar-dhcp.sh --off
284
				$DIR_BIN/alcasar-dhcp.sh --off
286
			else
285
			else
287
				$DIR_BIN/alcasar-dhcp.sh --on
286
				$DIR_BIN/alcasar-dhcp.sh --on
288
			fi
287
			fi
289
 
-
 
290
# Set the local DNS (or not)
288
# Set the local DNS (or not)
291
			if [ "$INT_DNS_mode" = "on" ] || [ "$INT_DNS_mode" = "On" ] || [ "$INT_DNS_mode" = "ON" ]
289
			if [ "$INT_DNS_mode" = "on" ] || [ "$INT_DNS_mode" = "On" ] || [ "$INT_DNS_mode" = "ON" ]
292
			then
290
			then
293
				$DIR_BIN/alcasar-dns-local.sh --on
291
				$DIR_BIN/alcasar-dns-local.sh --on
294
			else
292
			else
295
				$DIR_BIN/alcasar-dns-local.sh --off
293
				$DIR_BIN/alcasar-dns-local.sh --off
296
			fi
294
			fi
297
 
-
 
298
# Set the pure ip option (or not)
295
# Set the pure ip option (or not)
299
			if [ "$BL_PUREIP" = "off" ] || [ "$BL_PUREIP" = "Off" ] || [ "$BL_PUREIP" = "OFF" ]
296
			if [ "$BL_PUREIP" = "off" ] || [ "$BL_PUREIP" = "Off" ] || [ "$BL_PUREIP" = "OFF" ]
300
			then
297
			then
301
				bl_filter_param+="--pureip_off"
298
				bl_filter_param+="--pureip_off"
302
			else
299
			else
303
				bl_filter_param+="--pureip_on"
300
				bl_filter_param+="--pureip_on"
304
			fi
301
			fi
305
 
-
 
306
# Set the safesearch options (or not)
302
# Set the safesearch options (or not)
307
			bl_filter_param=""
303
			bl_filter_param=""
308
			if [ "$BL_SAFESEARCH" = "on" ] || [ "$BL_SAFESEARCH" = "On" ] || [ "$BL_SAFESEARCH" = "ON" ]
304
			if [ "$BL_SAFESEARCH" = "on" ] || [ "$BL_SAFESEARCH" = "On" ] || [ "$BL_SAFESEARCH" = "ON" ]
309
			then
305
			then
310
				bl_filter_param+="--safesearch_on "
306
				bl_filter_param+="--safesearch_on "
311
			else
307
			else
312
				bl_filter_param+="--safesearch_off "
308
				bl_filter_param+="--safesearch_off "
313
			fi
309
			fi
314
 
-
 
315
			$DIR_BIN/alcasar-url_filter_bl.sh $bl_filter_param
310
			$DIR_BIN/alcasar-url_filter_bl.sh $bl_filter_param
316
 
-
 
317
			if [ "$WL_SAFESEARCH" = "on" ] || [ "$WL_SAFESEARCH" = "On" ] || [ "$WL_SAFESEARCH" = "ON" ]
311
			if [ "$WL_SAFESEARCH" = "on" ] || [ "$WL_SAFESEARCH" = "On" ] || [ "$WL_SAFESEARCH" = "ON" ]
318
			then
312
			then
319
				$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_on
313
				$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_on
320
			else
314
			else
321
				$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_off
315
				$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_off
322
			fi
316
			fi
323
 
-
 
324
# Reload the local dns configuration
317
# Reload the local dns configuration
325
			$DIR_BIN/alcasar-dns-local.sh --reload
318
			$DIR_BIN/alcasar-dns-local.sh --reload
326
 
-
 
327
# Logout everybody
319
# Logout everybody
328
			$DIR_BIN/alcasar-logout.sh all
320
			$DIR_BIN/alcasar-logout.sh all
329
# Services stop
321
# Services stop
330
			echo -n "Stop services : "
322
			echo -n "Stop services : "
331
			for i in ntpd tinyproxy e2guardian unbound unbound-whitelist dnsmasq-whitelist unbound-blacklist unbound-blackhole chilli network lighttpd
323
			for i in ntpd tinyproxy e2guardian unbound unbound-whitelist dnsmasq-whitelist unbound-blacklist unbound-blackhole chilli network lighttpd
Line 397... Line 389...
397
		$SED "s@'https://\(.\+\)/acc'@'https://$HOSTNAME.$DOMAIN/acc'@" /etc/mageia-release
389
		$SED "s@'https://\(.\+\)/acc'@'https://$HOSTNAME.$DOMAIN/acc'@" /etc/mageia-release
398
# Lighttpd
390
# Lighttpd
399
		$SED "s?^server\.bind.*?server\.bind = \"$PRIVATE_IP\"?g" /etc/lighttpd/lighttpd.conf
391
		$SED "s?^server\.bind.*?server\.bind = \"$PRIVATE_IP\"?g" /etc/lighttpd/lighttpd.conf
400
		$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$PRIVATE_IP"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf
392
		$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$PRIVATE_IP"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf
401
		$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$PRIVATE_IP\"/g" /etc/lighttpd/vhosts.d/alcasar.conf
393
		$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$PRIVATE_IP\"/g" /etc/lighttpd/vhosts.d/alcasar.conf
402
# FreeRADIUS Web
394
# FreeRADIUS
403
		$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
395
		$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
404
		$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
396
		$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
405
# CoovaChilli
397
# CoovaChilli
406
		$SED "s/^uamallowed.*/uamallowed\t$HOSTNAME,$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
398
		$SED "s/^uamallowed.*/uamallowed\t$HOSTNAME,$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
407
		$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
399
		$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
Line 422... Line 414...
422
# unbound
414
# unbound
423
		# removing unbound configuration files
415
		# removing unbound configuration files
424
		rm -f /etc/unbound/conf.d/{forward,blacklist,whitelist,blackhole}/iface.*
416
		rm -f /etc/unbound/conf.d/{forward,blacklist,whitelist,blackhole}/iface.*
425
		rm -f /etc/unbound/conf.d/common/forward-zone.conf
417
		rm -f /etc/unbound/conf.d/common/forward-zone.conf
426
		find /etc/unbound/conf.d/common/local-dns/ ! -name "global.conf" -type f -delete
418
		find /etc/unbound/conf.d/common/local-dns/ ! -name "global.conf" -type f -delete
427
 
-
 
428
		# Configuration file for the dns servers forward-zone
419
		# Configuration file for the dns servers forward-zone
429
		cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf
420
		cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf
430
forward-zone:
421
forward-zone:
431
	name: "."
422
	name: "."
432
	forward-addr: $DNS1
423
	forward-addr: $DNS1
433
	forward-addr: $DNS2
424
	forward-addr: $DNS2
434
EOF
425
EOF
435
 
-
 
436
		# Configuration file of ALCASAR main domains for $INTIF
426
		# Configuration file of ALCASAR main domains for $INTIF
437
		cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
427
		cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
438
server:
428
server:
439
	local-zone: "$HOSTNAME.$DOMAIN" static
429
	local-zone: "$HOSTNAME.$DOMAIN" static
440
	local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"
430
	local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"
441
	local-zone: "$HOSTNAME" static
431
	local-zone: "$HOSTNAME" static
442
	local-data: "$HOSTNAME A $PRIVATE_IP"
432
	local-data: "$HOSTNAME A $PRIVATE_IP"
443
EOF
433
EOF
444
 
-
 
445
		# Configuration file for lo of forward unbound
434
		# Configuration file for lo of forward unbound
446
		cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf
435
		cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf
447
server:
436
server:
448
	interface: 127.0.0.1@53
437
	interface: 127.0.0.1@53
449
	access-control-view: 127.0.0.1/8 lo
438
	access-control-view: 127.0.0.1/8 lo
450
 
-
 
451
view:
439
view:
452
	name: "lo"
440
	name: "lo"
453
	view-first: yes
441
	view-first: yes
454
	local-zone: "$HOSTNAME.$DOMAIN" static
442
	local-zone: "$HOSTNAME.$DOMAIN" static
455
	local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1"
443
	local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1"
456
	local-zone: "$HOSTNAME" static
444
	local-zone: "$HOSTNAME" static
457
	local-data: "$HOSTNAME A 127.0.0.1"
445
	local-data: "$HOSTNAME A 127.0.0.1"
458
	local-zone: "$DOMAIN." static
446
	local-zone: "$DOMAIN." static
459
	local-data: "$DOMAIN. A"
447
	local-data: "$DOMAIN. A"
460
EOF
448
EOF
461
 
-
 
462
		if [ "$HOSTNAME" != 'alcasar' ]
449
		if [ "$HOSTNAME" != 'alcasar' ]
463
		then
450
		then
464
			echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
451
			echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
465
			echo -e "\tlocal-zone: \"alcasar A $PRIVATE_IP\"" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
452
			echo -e "\tlocal-zone: \"alcasar A $PRIVATE_IP\"" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
466
			echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf
453
			echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf
467
			echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf
454
			echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf
468
		fi
455
		fi
469
 
-
 
470
		# Configuration file for $INTIF of forward unbound
456
		# Configuration file for $INTIF of forward unbound
471
		cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf
457
		cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf
472
server:
458
server:
473
	interface: ${PRIVATE_IP}@53
459
	interface: ${PRIVATE_IP}@53
474
	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
460
	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
475
 
461
 
476
view:
462
view:
477
	name: "$INTIF"
463
	name: "$INTIF"
478
	view-first: yes
464
	view-first: yes
479
EOF
465
EOF
480
 
-
 
481
		# Configuration file for $INTIF of blacklist unbound
466
		# Configuration file for $INTIF of blacklist unbound
482
		cat << EOF > /etc/unbound/conf.d/blacklist/iface.${INTIF}.conf
467
		cat << EOF > /etc/unbound/conf.d/blacklist/iface.${INTIF}.conf
483
server:
468
server:
484
	interface: ${PRIVATE_IP}@54
469
	interface: ${PRIVATE_IP}@54
485
	access-control: $PRIVATE_IP_MASK allow
470
	access-control: $PRIVATE_IP_MASK allow
486
	access-control-tag: $PRIVATE_IP_MASK "blacklist"
471
	access-control-tag: $PRIVATE_IP_MASK "blacklist"
487
	access-control-tag-action: $PRIVATE_IP_MASK "blacklist" redirect
472
	access-control-tag-action: $PRIVATE_IP_MASK "blacklist" redirect
488
	access-control-tag-data: $PRIVATE_IP_MASK "blacklist" "A $PRIVATE_IP"
473
	access-control-tag-data: $PRIVATE_IP_MASK "blacklist" "A $PRIVATE_IP"
489
EOF
474
EOF
490
 
-
 
491
		# Configuration file for $INTIF of whitelist unbound
475
		# Configuration file for $INTIF of whitelist unbound
492
		cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf
476
		cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf
493
server:
477
server:
494
	interface: ${PRIVATE_IP}@55
478
	interface: ${PRIVATE_IP}@55
495
	access-control: $PRIVATE_IP_MASK allow
479
	access-control: $PRIVATE_IP_MASK allow
496
	access-control-tag: $PRIVATE_IP_MASK "whitelist"
480
	access-control-tag: $PRIVATE_IP_MASK "whitelist"
497
	access-control-tag-action: $PRIVATE_IP_MASK "whitelist" redirect
481
	access-control-tag-action: $PRIVATE_IP_MASK "whitelist" redirect
498
	access-control-tag-data: $PRIVATE_IP_MASK "whitelist" "A $PRIVATE_IP"
482
	access-control-tag-data: $PRIVATE_IP_MASK "whitelist" "A $PRIVATE_IP"
499
EOF
483
EOF
500
 
-
 
501
		# Configuration file for $INTIF of blackhole unbound
484
		# Configuration file for $INTIF of blackhole unbound
502
		cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf
485
		cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf
503
server:
486
server:
504
	interface: ${PRIVATE_IP}@56
487
	interface: ${PRIVATE_IP}@56
505
	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
488
	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
506
 
-
 
507
view:
489
view:
508
	name: "$INTIF"
490
	name: "$INTIF"
509
	local-zone: "." redirect
491
	local-zone: "." redirect
510
	local-data: ". A $PRIVATE_IP"
492
	local-data: ". A $PRIVATE_IP"
511
EOF
493
EOF
512
 
-
 
513
# dhcpd
494
# dhcpd
514
		cat <<EOF > /etc/dhcpd.conf
495
		cat <<EOF > /etc/dhcpd.conf
515
ddns-update-style none;
496
ddns-update-style none;
516
subnet $PRIVATE_NETWORK netmask $PRIVATE_NETMASK {
497
subnet $PRIVATE_NETWORK netmask $PRIVATE_NETMASK {
517
	option routers $PRIVATE_IP;
498
	option routers $PRIVATE_IP;
518
	option subnet-mask $PRIVATE_NETMASK;
499
	option subnet-mask $PRIVATE_NETMASK;
519
	option domain-name-servers $PRIVATE_IP;
500
	option domain-name-servers $PRIVATE_IP;
520
 
-
 
521
	range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;
501
	range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;
522
	default-lease-time 21600;
502
	default-lease-time 21600;
523
	max-lease-time 43200;
503
	max-lease-time 43200;
524
}
504
}
525
EOF
505
EOF