Context Navigation

fuss-server @ 24efd2525afd035ae9d4c4f04dc1d4f1205df177

Revision 24efd2525afd035ae9d4c4f04dc1d4f1205df177, 26.5 KB (checked in by Simone Piccardi <piccardi@…>, 4 years ago)
New version, removing bugs and more check
Property mode set to `100755`

Line
1	#!/bin/bash
2	#
3	# fuss-server: script to configure a FUSS Server.
4	#
5	# Copyright (C) 2007 Simone Piccardi <piccardi@truelite.it>
6	#
7	# This program is free software; you can redistribute it and/or modify
8	# it under the terms of the GNU General Public License as published by
9	# the Free Software Foundation; version 2 of the License.
10	#
11	# This program is distributed in the hope that it will be useful,
12	# but WITHOUT ANY WARRANTY; without even the implied warranty of
13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	# GNU General Public License for more details.
15	#
16	# You should have received a copy of the GNU General Public License
17	# along with this program or from the site that you downloaded it
18	# from; if not, write to the Free Software Foundation, Inc., 59 Temple
19	# Place, Suite 330, Boston, MA 02111-1307 USA
20	#
21	set -e
22
23	#
24	# To avoid localizations hassles
25	#
26	export LANG=C
27
28	##
29	## Defining used files, directories and program
30	##
31	ETC_DIR=/etc/fuss-server/
32	CONF_FILE=$ETC_DIR/fuss-server.conf
33	SERV_FUNC=$ETC_DIR/service-functions
34	CONF_CMD=/usr/sbin/fuss-server-config
35	CA_DIR=$ETC_DIR/Credentials
36	TEMPL_DIR=/usr/share/fuss-server/templates
37	SCRIPT_DIR=/usr/share/fuss-server/scripts
38	TEMP_DIR=/tmp/fuss-server
39
40	FUSS_SER_VERS=$(dpkg -l fuss-server \| grep fuss-server\| awk '{print $3}')
41	echo "Running fuss-server $FUSS_SER_VERS"
42
43
44	# Service functions, they must be present
45	if [ -f "$SERV_FUNC" ]; then
46	. "$SERV_FUNC"
47	else
48	echo "Something wrong, missing service functions file $SERV_FUNC"
49	echo "you need to purge and reinstall the package"
50	exit 1
51	fi
52
53	case "$1" in
54	create)
55	##
56	## Read and check configuration variables, they mut be defined
57	##
58	if [ -f "$CONF_FILE" ]; then
59	. "$CONF_FILE"
60	else
61	echo "Something wrong, missing configuration file $CONF_FILE"
62	echo "try a fuss-server purge or reintall the package"
63	exit 1
64	fi
65	# checking mandatory configuration variables
66	while [ -z "$LOCALNET" ]; do
67	echo "Variable LOCALNET must be configured, please enter value"
68	$CONF_CMD
69	. "$CONF_FILE"
70	done
71	while [ -z "$DOMAIN" ]; do
72	echo "Variable DOMAIN must be configured, please enter value"
73	$CONF_CMD
74	. "$CONF_FILE"
75	done
76	while [ -z "$WORKGROUP" ]; do
77	echo "Variable WORKGROUP must be configured, please enter value"
78	$CONF_CMD
79	. "$CONF_FILE"
80	done
81	if [ -z "$MASTER_PASS" ]; then
82	echo "Variable MASTER_PASS must be configured, please enter value"
83	$CONF_CMD
84	. "$CONF_FILE"
85	fi
86	while [ -z "$GEOPLACE" ]; do
87	echo "Variable GEOPLACE must be configured, please enter value"
88	$CONF_CMD
89	. "$CONF_FILE"
90	done
91	while [ -z "$DHCP_RANGE" ]; do
92	echo "Variable DHCP_RANGE must be configured, please enter value"
93	$CONF_CMD
94	. "$CONF_FILE"
95	done
96	# check correctness of values
97	cidr_check $LOCALNET
98	if [ "$OK" = no ]; then
99	echo "Error on LOCALNET variable: $LOCALNET"
100	resetconf LOCALNET
101	$CONF_CMD
102	. "$CONF_FILE"
103	fi
104	for i in $DHCP_RANGE; do
105	ip_check $i
106	if [ "$OK" = no ]; then
107	echo "Error on DHCP_RANGE variable: $DHCP_RANGE"
108	resetconf DHCP_RANGE
109	$CONF_CMD
110	. "$CONF_FILE"
111	break
112	fi
113	done
114	if ! echo $DOMAIN \| grep -E "^[[:alnum:]]+\.[[:alnum:]]+$" >/dev/null; then
115	resetconf DOMAIN
116	$CONF_CMD
117	. "$CONF_FILE"
118	fi
119	if echo $WORKGROUP \| grep -E "[^[:alnum:]]" > /dev/null; then
120	resetconf WORKGROUP
121	$CONF_CMD
122	. "$CONF_FILE"
123	fi
124	# check for "prolematic" chars
125	if echo $MASTER_PASS \| grep '/' > /dev/null; then
126	resetconf MASTER_PASS
127	$CONF_CMD
128	. "$CONF_FILE"
129	fi
130
131	# check internal that interfaces definition is coerent with LAN
132	for i in $LOCALNET; do
133	INT_IF=$(ip route \| grep "$i" \| awk '{print $3}')
134	if [ -z "$INT_IF" ]; then
135	echo "No interface found for $i network"
136	exit 1
137	fi
138	if ! echo "$INTERN_IFACES" \| grep "$INT_IF"; then
139	echo "Configured internal interface $INTERN_IFACES do not"
140	echo "match LAN address $i on interface $INT_IF"
141	exit 1
142	fi
143	done
144
145	######################
146	## Initial settings ##
147	######################
148	#
149	# Setting other variables for configuration
150	#
151	BASE=`echo $DOMAIN \|
152	awk -F"." '{OFS=""; ORS=","; for (i=1; i <= NF; i++) print "dc=",$i}' \|
153	sed -re 's/,$//g'`
154	DOM=`echo $BASE \| cut -d'=' -f2\| cut -d, -f1`
155	HOST=`hostname`
156	FQDN=`hostname`'.'$DOMAIN
157	# define master password for LDAP, services and CA
158	export PASS="$MASTER_PASS"
159	# create uuencoded password for LDAP
160	NEWPASS=`slappasswd -s $PASS`
161	TODAY=`date +%F-%X`
162	export TODAY
163	echo "Dominio $DOMAIN, Base $BASE, Workgroup $WORKGROUP"
164	if [ ! -d $TEMP_DIR ]; then
165	mkdir -p $TEMP_DIR
166	chmod 700 $TEMP_DIR
167	fi
168
169
170	###############################
171	## Network LAN configuration ##
172	###############################
173	#
174	# check if configured as static, otherwise remove configs
175	#
176	# if ! grep -E "iface.+$INTERN_IFACES.+static" /etc/network/interfaces; then
177	# backfile /etc/network/interfaces
178	# # remove previous config, if is there
179	# sed -r -e "/^iface.+$INTERN_IFACES.*/,/(^iface\|^$)/{d}" \
180	# > $TEMP_DIR/interfaces
181	# # append new config
182	# echo -e "iface $INTERN_IFACES inet static" >> $TEMP_DIR/interfaces
183	# IP=$(netmask -r )
184	# echo -e "" >> $TEMP_DIR/interfaces
185
186
187	############################
188	## Firewall configuration ##
189	############################
190
191	# adding to runlevel
192	echo "Configuring Firewall, local net is $LOCALNET"
193	if [ -x /etc/init.d/firewall ]; then
194	update-rc.d firewall defaults 41 80 >/dev/null
195	if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
196	invoke-rc.d firewall start
197	else
198	/etc/init.d/firewall start \|\| exit 0
199	fi
200	fi
201
202	#############################
203	## Filesever configuration ##
204	#############################
205	##
206	## CA configuration
207	##
208	# to do just the first time, leave as is if already exists
209	if [ ! -d "$CA_DIR/demoCA" ]; then
210	echo "#####################################"
211	echo "# Creating CA and Certificates #"
212	echo "#####################################"
213	mkdir -p $CA_DIR
214	chmod 700 $CA_DIR
215	cd $CA_DIR
216	rm -f *.pem
217	cat $TEMPL_DIR/certif \
218	\| sed -e "s/Firenze/$GEOPLACE/g" \
219	\| sed -e "s/<WORKGRP>/$WORKGROUP/g" \
220	\| sed -e "s/FQDN/$FQDN/g" \
221	> $CA_DIR/certif
222	echo "Generating CA certificate"
223	export SSLEAY_CONFIG="-config $TEMPL_DIR/openssl.cnf"
224	$SCRIPT_DIR/CA.sh -newca < $TEMPL_DIR/cacert
225	echo "Generating server certificate"
226	$SCRIPT_DIR/CA.sh -newreq < certif
227	echo "Signing server certificate"
228	$SCRIPT_DIR/CA.sh -sign < $TEMPL_DIR/confirm
229	echo "Unlock server certificate key"
230	if [ -e newkey.pem ]; then
231	chmod 600 $CA_DIR/newkey.pem
232	openssl rsa -passin env:PASS < newkey.pem > nopasskey.pem
233	else
234	chmod 600 $CA_DIR/newreq.pem
235	openssl rsa -passin env:PASS < newreq.pem > nopasskey.pem
236	fi
237	# copying certificates and keys
238	backfile /etc/ssl/certs/cacert.pem
239	backfile /etc/ssl/certs/fuss-server-cert.pem
240	backfile /etc/ssl/private/fuss-server-key.pem
241
242	cp -af $CA_DIR/demoCA/cacert.pem /etc/ssl/certs/cacert.pem
243	cp -af $CA_DIR/newcert.pem /etc/ssl/certs/fuss-server-cert.pem
244	cp -af $CA_DIR/nopasskey.pem /etc/ssl/private/fuss-server-key.pem
245	fi
246
247	##
248	## LDAP configuration
249	##
250	echo "##########################################"
251	echo "# Configuring LDAP server and client #"
252	echo "##########################################"
253	if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
254	invoke-rc.d slapd stop
255	else
256	/etc/init.d/slapd stop \|\| exit 0
257	fi
258	echo "SLAPD stopped"
259	echo "Installing Samba schema"
260	zcat /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz \
261	> /etc/ldap/schema/samba.schema
262	# previous LDAP DB backup
263	if [ -e /etc/ldap/slapd.conf ]; then
264	LDAP_BACK="/var/backups/old-ldap_backup-$TODAY"
265	umask 0077
266	if ! slapcat > $LDAP_BACK ; then
267	echo "WARNING: cannot backup old LDAP tree"
268	echo "OLD DB will be reused, if BASE or PASSWORD has been changed"
269	echo "there will be troubles and installation will probably fails"
270	else
271	echo "LDAP tree backup saved in $LDAP_BACK"
272	echo "Erasing previous LDAP data"
273	backfile /var/lib/ldap/DB_CONFIG
274	rm -f /var/lib/ldap/*
275	cp -f $TEMPL_DIR/DB_CONFIG /var/lib/ldap
276	fi
277	umask 0022
278	else
279	echo "WARNING: cannot find /etc/ldap/slapd.conf"
280	echo "Cannot backup the LDAP tree"
281	fi
282	# backup previous config and set the new one
283	backfile /etc/default/slapd
284	cp -f $TEMPL_DIR/slapd_defaults /etc/default/slapd
285	echo "Using $BASE as tree suffix"
286	backfile /etc/ldap/slapd.conf
287	cat $TEMPL_DIR/slapd.conf \
288	\| sed -re "s/(.)(dc=domain,dc=local)(.)/\1$BASE\3/g" \
289	> /etc/ldap/slapd.conf
290	if [ $? -ne 0 ] ; then
291	echo "Error on LDAP configuration file creation"
292	echo "Using suffix $BASE"
293	exit 1
294	else
295	echo "LDAP configuration created"
296	fi
297	# create initial tree structure
298	echo "Using $BASE suffix"
299	cat $TEMPL_DIR/init.ldif \
300	\| sed -re "s/(.)(dc=domain,dc=local)(.)/\1$BASE\3/g" \
301	\| sed -e "s/o: Truelite/o: $WORKGROUP/g" \
302	\| sed -e "s/dc: domain/dc: $DOM/g" \
303	\| sed -re "s\|(userPassword:)(.*)\|\1 $NEWPASS\|g" \
304	\| slapadd
305	if [ $? -ne 0 ] ; then
306	echo "Error on creating initial LDAP tree"
307	echo "Using suffix $BASE, dc=$DOM and password $PASS"
308	else
309	echo "Initial tree for LDAP created"
310	fi
311	# server restart
312	if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
313	invoke-rc.d slapd start
314	else
315	/etc/init.d/slapd start \|\| exit 0
316	fi
317	# LDAP client config file
318	backfile /etc/ldap/ldap.conf
319	cat $TEMPL_DIR/ldap.conf \
320	\| sed -re "s/(.)(dc=domain,dc=local)(.)/\1$BASE\3/g" \
321	> /etc/ldap/ldap.conf
322	if [ $? -ne 0 ] ; then
323	echo "Error on LDAP client configuration creation"
324	echo "Using suffix $BASE"
325	else
326	echo "New LDAP client configuration created"
327	fi
328	##
329	## Config LDAP user authentication
330	##
331	# config libnns-ldap
332	backfile /etc/nsswitch.conf
333	cp -f $TEMPL_DIR/nsswitch.conf /etc/nsswitch.conf
334
335	backfile /etc/libnss-ldap.conf
336	cat $TEMPL_DIR/libnss-ldap.conf \
337	\| sed -re "s/(.)(dc=domain,dc=local)(.)/\1$BASE\3/g" \
338	> /etc/libnss-ldap.conf
339
340	# config pam_ldap
341	backfile /etc/pam_ldap.conf
342	cat $TEMPL_DIR/pam_ldap.conf \
343	\| sed -re "s/(.)(dc=domain,dc=local)(.)/\1$BASE\3/g" \
344	> /etc/pam_ldap.conf
345	backfile /etc/pam.d/common-account
346	backfile /etc/pam.d/common-password
347	backfile /etc/pam.d/common-session
348	backfile /etc/pam.d/common-auth
349	cp $TEMPL_DIR/common-* /etc/pam.d/
350
351	# restart nscd service if installed
352	if [ -x /etc/init.d/nscd ]; then
353	/etc/init.d/nscd restart
354	fi
355
356	##
357	## SAMBA configuration
358	##
359
360	# creating Samba directories
361	SAMBADIR=/home/samba
362	PROFILES=$SAMBADIR/profiles
363	NETLOGON=$SAMBADIR/netlogon
364	if [ ! -d "SAMBDIR" ]; then
365	if [ ! -d $PROFILES ] ; then
366	mkdir -p $PROFILES
367	chmod 1777 $PROFILES
368	echo "Created profile directory $PROFILES"
369	fi
370	if [ ! -d $NETLOGON ] ; then
371	mkdir -p $NETLOGON
372	echo "Created profile directory $NETLOGON"
373	fi
374	fi
375
376	echo "Stopping Samba for reconfiguration"
377	/etc/init.d/samba stop
378	# creating Samba config file
379	backfile /etc/samba/smb.conf
380	cat $TEMPL_DIR/smb.conf \
381	\| sed -re "s/(.*)TRUELITE/\1 $WORKGROUP/g" \
382	\| sed -re "s/(.)(dc=domain,dc=local)(.)/\1$BASE\3/g" \
383	> /etc/samba/smb.conf
384	if [ $? -ne 0 ] ; then
385	echo "Error on Samba configuration creation"
386	echo "Using workgroup $WORKGROUP and suffix $BASE"
387	else
388	echo "New Samba config created for domain $WORKGROUP"
389	fi
390	# clearing previuos data
391	rm -fR /var/lib/samba/*
392	echo "Setting LDAP passwd"
393	smbpasswd -w $PASS
394
395	echo "Starting Samba after configuration"
396	/etc/init.d/samba start \|\| echo "Samba restart failed"
397
398	# configuring IDEALX script
399	SID=`net getlocalsid \| cut -d: -f2 \| awk '{print $1}'`
400	echo "Setting IDEALX scripts, SID is: $SID"
401	backfile /etc/smbldap-tools/smbldap_bind.conf
402	cat $TEMPL_DIR/smbldap_bind.conf \
403	\| sed -re "s/(.)(dc=domain,dc=local)(.)/\1$BASE\3/g" \
404	\| sed -re "s/(.)(<PASSWORD>)(.)/\1$PASS\3/g" \
405	> /etc/smbldap-tools/smbldap_bind.conf
406	chmod 600 /etc/smbldap-tools/smbldap_bind.conf
407
408	backfile /etc/smbldap-tools/smbldap.conf
409	cat $TEMPL_DIR/smbldap.conf \
410	\| sed -re "s/#SID.*/SID=\"$SID\"/g" \
411	\| sed -re "s/(.)(dc=domain,dc=local)(.)/\1$BASE\3/g" \
412	\| sed -re "s/(.*)TRUELITE/\1$WORKGROUP/g" \
413	\| sed -re "s/(.*)domain.local/\1$DOMAIN/g" \
414	> /etc/smbldap-tools/smbldap.conf
415
416	echo "Populate LDAP tree"
417	# select smbldap-tool version, > 0.8, use $1
418	VERSION=`dpkg -l\|grep smbldap\|awk '{print $3}'`
419	VAL=`echo $VERSION \| awk -F"." '{print ($1>0, $2>8)}'`
420	WIN_ADM="admin"
421	if [ "$VAL" = "0 0" ]; then
422	echo "Old (<0.8) smbldap-populate version"
423	/usr/sbin/smbldap-populate -a $WIN_ADM -u 2000 -g 2000
424	/usr/sbin/smbldap-usermod -u 0 $WIN_ADM
425	/usr/sbin/smbldap-passwd $WIN_ADM <<EOF
426	$PASS
427	$PASS
428	EOF
429	else
430	echo "New (>0.8) smbldap-populate version"
431	/usr/sbin/smbldap-populate -a $WIN_ADM -u 2000 -g 2000 <<EOF
432	$PASS
433	$PASS
434	EOF
435	fi
436
437	# Samba defaults for italian privacy laws
438	#pdbedit -P "maximum password age" -C $(( 175 * 86400 )) # 175 giorni
439	#pdbedit -P "password history" -C 3
440	#pdbedit -P "min password length" -C 9
441
442	##
443	## APACHE config for exporting client config files
444	##
445	# generating LDAP configuration files for clients
446	echo "Generating client configs with ldaps://$FQDN"
447	DATA_CONF=/var/www/fuss-data-conf
448	mkdir -p $DATA_CONF
449	cp -a /etc/ssl/certs/cacert.pem $DATA_CONF/
450	cat /etc/ldap/ldap.conf \
451	\| sed -re "/^host/I d" \
452	\| sed -re "/^uri/I d" \
453	\| sed -re "/^#uri/I a uri ldaps://$FQDN" \
454	> $DATA_CONF/ldap.conf
455	cat /etc/pam_ldap.conf \
456	\| sed -re "/^host/I d" \
457	\| sed -re "/^uri/I d" \
458	\| sed -re "s/^rootbinddn/#rootbinddn/g" \
459	\| sed -re "/^#host/I a uri ldaps://$FQDN" \
460	> $DATA_CONF/pam_ldap.conf
461	cat /etc/libnss-ldap.conf \
462	\| sed -re "/^host/I d" \
463	\| sed -re "/^uri/I d" \
464	\| sed -re "s/^rootbinddn/#rootbinddn/g" \
465	\| sed -re "/^#host/I a uri ldaps://$FQDN" \
466	> $DATA_CONF/libnss-ldap.conf
467	# generating root user SSH key for clusterssh use
468	echo "#############################################"
469	echo "## Generating SSH root key for cluster ssh ##"
470	echo "#############################################"
471	backfile /root/.ssh/id_dsa
472	backfile /root/.ssh/id_dsa.pub
473	rm -f /root/.ssh/id_dsa*
474	ssh-keygen -t dsa -P "" -f /root/.ssh/id_dsa
475	cp /root/.ssh/id_dsa.pub $DATA_CONF/
476	cp /root/.ssh/id_dsa* $CA_DIR/
477
478
479	# recreating Apache default virtual host (to enable SSL)
480	backfile /etc/apache2/sites-available/default
481	cp -f $TEMPL_DIR/apache_default \
482	/etc/apache2/sites-available/default
483	echo "Enabling SSL for Apache2"
484	a2enmod ssl
485	echo "Set Apache2 listening on ports 80 e 443"
486	backfile /etc/apache2/ports.conf
487	backfile /etc/default/apache2
488	echo -e "Listen 80\nListen 443" > /etc/apache2/ports.conf
489	echo "NO_START=0" > /etc/default/apache2
490	echo "Apache2 restart after setup:"
491	apache2ctl restart \|\| echo "Apache restart failed"
492
493	# creating ldap.secret & C
494	UMASK=`umask`
495	umask 077
496	backfile /etc/ldap.secret
497	backfile /etc/libnss-ldap.secret
498	backfile /etc/pam_ldap.secret
499	echo $PASS > /etc/ldap.secret
500	echo $PASS > /etc/libnss-ldap.secret
501	echo $PASS > /etc/pam_ldap.secret
502	umask $UMASK
503
504	##
505	## Modify /etc/fstab to enable ACL support
506	##
507	backfile /etc/fstab
508	if [ ! -z "`mount \| grep /home`" ]; then
509	if [ ! -z "`mount \| grep /home \| grep acl`" ]; then
510	echo "ACL attive"
511	else
512	if [ ! -z "`mount \| grep /home \| grep ext3`" ]; then
513	echo "Attivo le ACL per la partizione /home"
514	TEMP_FILE=$(tempfile -d $TEMP_DIR -p fstab)
515	cat /etc/fstab \
516	\| sed -re "s\|(^[^#].)(/home)([ \t]+[^ \t]+[ \t]+[^ \t]+)(.)\|\1\2\3,acl\4\|g" \
517	> $TEMP_FILE
518	if [ -s "$TEMP_FILE" ]; then
519	cp -f $TEMP_FILE /etc/fstab
520	rm -f $TEMP_FILE
521	mount -o remount /home
522	else
523	echo "Produced an empty fstab file, doing nothing"
524	fi
525	else
526	echo "ACL support is working for ext3 filesystem"
527	echo "Please use a better supported filesystem"
528	fi
529	fi
530	else
531	echo "###############################################"
532	echo "## ##"
533	echo "## /home inside /, cannot activate ACL ##"
534	echo "## ##"
535	echo "###############################################"
536	fi
537
538	##
539	## NFS configuration
540	##
541	NFSON="true"
542	if [ $NFSON = "true" ]; then
543	echo "Configuring NFS"
544	# server restart
545	if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
546	invoke-rc.d nfs-kernel-server stop
547	invoke-rc.d portmap stop
548	else
549	/etc/init.d/nfs-kernel-server stop
550	/etc/init.d/portmap stop \|\| exit 0
551	fi
552	backfile /etc/exports
553	cat $TEMPL_DIR/exports \
554	\| sed -e "s\|<localnet>\|$LOCALNET\|g" \
555	> /etc/exports
556	if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
557	invoke-rc.d portmap start
558	invoke-rc.d nfs-kernel-server start
559	else
560	/etc/init.d/portmap start
561	/etc/init.d/nfs-kernel-server start
562	fi
563	/usr/sbin/exportfs -a
564	echo "NFS configured"
565	fi
566
567	# Interface list, better having it from configuration
568	if [ ! -z "$INTERN_IFACES" ]; then
569	IFACES=$INTERN_IFACES
570	else
571	IFACES=$(ip route \| grep "scope link" \
572	\| grep -v `ip route \| grep default \| awk '{print $5}'` \
573	\| awk '{print $3}')
574	fi
575	echo "Configured $IFACES, configuration is $INTERN_IFACES"
576
577	# Creating DNS e DHCP
578	echo "Generating DNS/DHCP key"
579	cd $CA_DIR
580	if [ ! -e Ktruelite*.private ]; then
581	echo "Key file not found, recreate it"
582	echo "this will take some time, you can shorten it"
583	echo "by increasing system entropy: press some key, ecc."
584	dnssec-keygen -a HMAC-MD5 -b 512 -n HOST truelite
585	fi
586	CHIAVE=$(cat Ktruelite*.private\|grep Key: \| cut -d" " -f2)
587
588	##
589	## BIND configuration
590	##
591	echo "Starting DNS configuration, stopping service"
592	if which invoke-rc.d >/dev/null 2>&1; then
593	invoke-rc.d bind9 stop
594	else
595	/etc/init.d/bind9 stop
596	fi
597
598	# key file creation
599	backfile /etc/bind/rndc.key
600	echo "Using Key $CHIAVE"
601	cat $TEMPL_DIR/rndc.key \
602	\| sed -e "s\|<chiave>\|$CHIAVE\|g" \
603	> /etc/bind/rndc.key
604
605	# direct local zone creation
606	MAINIF=$(echo $IFACES \| cut -d " " -f 1)
607	SERVERIP=$(ip addr show $MAINIF\|grep "inet "\|awk '{print $2}'\|cut -d/ -f1\|head -n1)
608	NIP=$(ip addr show $MAINIF\|grep "inet "\|awk '{print $2}'\|cut -d/ -f1\|wc -l)
609	if [ "$NIP" -gt 1 ]; then
610	echo "Found multiple IP on $MAINIF, using $SERVERIP"
611	fi
612	echo "Interfaces $IFACES, main interface $MAINIF, server IP is $SERVERIP"
613	cat $TEMPL_DIR/db.local \
614	\| sed -e "s/domain.local/$DOMAIN/g" \
615	\| sed -e "s/<FQDN>/$FQDN/g" \
616	\| sed -e "s/<HOST>/$HOST/g" \
617	\| sed -e "s/<server-ip>/$SERVERIP/g" \
618	> /var/cache/bind/db.local
619	echo "Created local zone"
620	# insert A records
621	for i in $IFACES; do
622	ADDR=$(ip addr show $i \| grep "inet " \| awk '{print $2}' \| cut -d/ -f1)
623	for j in $ADDR; do
624	# adding A records to direct zone
625	echo -e "$HOST \t IN \t A \t $j" >> /var/cache/bind/db.local
626	done
627	done
628	# create bind configs for local zones
629	backfile /etc/bind/named.conf.local
630	cat $TEMPL_DIR/named.conf.local \
631	\| sed -e "s/domain.local/$DOMAIN/g" \
632	\| sed -e "s/<FQDN>/$FQDN/g" \
633	\| sed -e "s\|<chiave>\|$CHIAVE\|g" \
634	> /etc/bind/named.conf.local
635
636	# configs on internal interfaces
637	for i in $IFACES; do
638	NETS=$(/sbin/ip route \| grep -v default \|grep $i \| awk '{print $1}')
639	for j in $NETS; do
640	reverse $j
641	# reverse zone creation
642	cat $TEMPL_DIR/db.reverse \
643	\| sed -e "s/domain.local/$DOMAIN/g" \
644	\| sed -e "s/<FQDN>/$FQDN/g" \
645	> /var/cache/bind/db.$NET
646	# adding zone to bind config
647	cat $TEMPL_DIR/named.conf.reverse \
648	\| sed -e "s/<FQDN>/$FQDN/g" \
649	\| sed -e "s/<reverse>/$ZONE/g" \
650	\| sed -e "s/<revfile>/$NET/g" \
651	>> /etc/bind/named.conf.local
652	# adding PTR records to reverse zone
653	ADDR=$(ip addr show $i \| grep $NET \|awk '{print $2}' \| cut -d/ -f1)
654	for k in $ADDR; do
655	revip $k
656	echo -e "$REVIP\t IN\t PTR\t $FQDN." >> /var/cache/bind/db.$NET
657	done
658	done
659	done
660
661	# clearing temporary files
662	rm -f /var/cache/bind/db.*.jnl
663	# clearing permissions
664	chmod 2775 /var/cache/bind/
665	chgrp bind /var/cache/bind/
666	chown bind:bind /var/cache/bind/db.*
667	if which invoke-rc.d >/dev/null 2>&1; then
668	invoke-rc.d bind9 start
669	else
670	/etc/init.d/bind9 start
671	fi
672
673	# use localhost as local DNS
674	backfile /etc/resolv.conf
675	cat $TEMPL_DIR/resolv.conf \
676	\| sed -e "s/DOMINIO/$DOMAIN/g" \
677	> /etc/resolv.conf
678
679	##
680	## DHCP configuration
681	##
682	echo "Starting DHCP configuration, stopping server"
683	if which invoke-rc.d >/dev/null 2>&1; then
684	invoke-rc.d dhcp3-server stop
685	else
686	/etc/init.d/dhcp3-server stop
687	fi
688	# setup /etc/default/dhcp3-server
689	echo "Setting default interfaces for DHCP"
690	backfile /etc/default/dhcp3-server
691	cat $TEMPL_DIR/dhcpd.default \
692	\| sed -e "s/<ifaces>/$IFACES/g" \
693	> /etc/default/dhcp3-server
694
695	# create base default config for DHCP
696	echo "Creating base configuration"
697	backfile /etc/dhcp3/dhcpd.conf
698	cat $TEMPL_DIR/dhcpd.conf \
699	\| sed -e "s/<dominio>/$DOMAIN/g" \
700	\| sed -e "s/<FQDN>/$FQDN/g" \
701	\| sed -e "s\|<chiave>\|$CHIAVE\|g" \
702	> /etc/dhcp3/dhcpd.conf
703
704	#
705	# Loop for interfaces configuration
706	#
707	echo "Configuring iface $IFACES"
708	NIF=$(echo $IFACES\|wc -w)
709	if [ "$NIF" -gt 1 ]; then
710	echo "We have $NIF different LAN interfaces, experimental setup,"
711	echo "we cannot use the IP range given on the configuration request"
712	echo "Be sure to check the results !!!"
713	fi
714	for i in $IFACES; do
715	DNSIP=$(
716	ip addr show $i \| grep "inet " \| head -n1 \|
717	awk '{print $2}' \| cut -d/ -f1
718	)
719	NIP=$(ip addr show $i\|grep "inet "\|awk '{print $2}'\|cut -d/ -f1\|wc -l)
720	if [ "$NIP" -gt 1 ]; then
721	echo "Found multiple IP on $i, using $DNSIP"
722	fi
723	NETS=$(ip route \| grep -v default \|grep $DNSIP \| awk '{print $1}')
724	NETMASK=$(netmask -s $NETS \| cut -d/ -f2)
725	SUBNET=$(netmask -s $NETS \| cut -d/ -f1)
726	if ip route \| grep default \| grep $i; then
727	ROUTER=$(ip route \| grep default \| grep $i \| awk '{print $3}')
728	else
729	ROUTER=$DNSIP
730	fi
731	# compute range for DHCP
732	ADDR=$( echo $NETS \| cut -d/ -f1)
733	SIZE=$(( 1 << ( 32 - $(echo $NETS\|cut -d/ -f2) ) ))
734	if [ $SIZE -gt 256 ]; then
735	SIZE=256
736	fi
737	INIT=$(echo $ADDR \| cut -d. -f 1-3).$(( $SIZE / 4 ))
738	END=$(echo $ADDR \| cut -d. -f 1-3).$(( $SIZE / 4 + $SIZE / 2 ))
739
740	reverse $NETS
741
742	# using given range only with a single interface
743	if [ "$NIF" -eq 1 ]; then
744	if [ ! -z "$DHCP_RANGE" ]; then
745	RANGE=$DHCP_RANGE
746	else
747	RANGE="$INIT $END"
748	fi
749	else
750	RANGE="$INIT $END"
751	fi
752
753	# creo configurazione specifica per ciascuna interfaccia
754	echo "subn $SUBNET, nmask $NETMASK"
755	echo "range $RANGE, router $ROUTER, DNS $DNSIP, "
756	cat $TEMPL_DIR/dhcpd.iface \
757	\| sed -e "s/<dns-ip>/$DNSIP/g" \
758	\| sed -e "s/<router-ip>/$ROUTER/g" \
759	\| sed -e "s/<subnet>/$SUBNET/g" \
760	\| sed -e "s/<netmask>/$NETMASK/g" \
761	\| sed -e "s/<range>/$RANGE/g" \
762	\| sed -e "s/<dominio>/$DOMAIN/g" \
763	\| sed -e "s/<FQDN>/$FQDN/g" \
764	\| sed -e "s/<reverse>/$ZONE/g" \
765	>> /etc/dhcp3/dhcpd.conf
766	done
767	# configuration completed, restart server
768	echo "Restarting DHCP server"
769	if which invoke-rc.d >/dev/null 2>&1; then
770	invoke-rc.d dhcp3-server start \|\| echo "DHCP restart failed"
771	else
772	/etc/init.d/dhcp3-server start \|\| echo "DHCP restart failed"
773	fi
774
775	##
776	## SQUID configuration
777	##
778	echo "Changing squid configuration..."
779	if which invoke-rc.d >/dev/null 2>&1; then
780	invoke-rc.d squid stop
781	else
782	/etc/init.d/squid stop
783	fi
784
785	# computer memory and disk sizes on avalaible resources
786	MEMSIZE=$(( $(free \| grep Mem:\| awk '{print $2}') / 4096 ))
787	DISKSIZE=$(( $(df -m /var/spool/squid \| tail -n1 \| awk '{print $2}') / 4 ))
788
789	echo "Setting host=$HOST and net=$LOCALNET, mem=$MEMSIZE, disk=$DISKSIZE"
790	backfile /etc/squid/squid.conf
791	cat $TEMPL_DIR/squid.conf \
792	\| sed -e "s/<HOSTNAME>/$HOST/g" \
793	\| sed -e "s/<DOMINIO>/$DOMAIN/g" \
794	\| sed -e "s/dc=domain,dc=local/$BASE/g" \
795	\| sed -e "s/<MEMSIZE>/$MEMSIZE/g" \
796	\| sed -e "s/<DISKSIZE>/$DISKSIZE/g" \
797	\| sed -e "s/<SERVER-IP>/$SERVERIP/g" \
798	\| sed -e "s\|<localnet>\|$LOCALNET\|g" \
799	> /etc/squid/squid.conf
800
801	echo "restarting squid with new configuration..."
802	squid -z
803	if which invoke-rc.d >/dev/null 2>&1; then
804	invoke-rc.d squid start
805	else
806	/etc/init.d/squid start
807	fi
808	# add internet group for access control
809	addgroup --system internet
810
811
812	##
813	## DansGuardian configuration
814	##
815	echo "changing dansguardian configuration..."
816	if [ -f /var/run/dansguardian.pid ]; then
817	if ps ax \| grep $(cat /var/run/dansguardian.pid) > /dev/null; then
818	if which invoke-rc.d >/dev/null 2>&1; then
819	invoke-rc.d dansguardian stop
820	else
821	/etc/init.d/dansguardian stop
822	fi
823	fi
824	fi
825	DANSCONF=/etc/dansguardian/
826	cd $DANSCONF
827	# backup and create configuration
828	backfile dansguardian.conf
829	cat $TEMPL_DIR/dansguardian.conf \
830	\| sed -e "s/<SERVER-IP>/$SERVERIP/g" \
831	\| sed -e "s/<FQDN>/$FQDN/g" \
832	> $DANSCONF/dansguardian.conf
833	# backup old configs
834	backfile dansguardianf1.conf
835	cp -f $TEMPL_DIR/dansguardianf1.conf $DANSCONF/
836	DANSLIST=/etc/dansguardian/lists
837	cd $DANSLIST
838	backfile bannedextensionlist
839	backfile bannedmimetypelist
840	backfile exceptionsitelist
841	# coping other templates
842	cd $TEMPL_DIR/
843	cp -f bannedextensionlist $DANSLIST/
844	cp -f bannedmimetypelist $DANSLIST/
845	cp -f exceptionsitelist $DANSLIST/
846
847	if which invoke-rc.d >/dev/null 2>&1; then
848	invoke-rc.d dansguardian start
849	else
850	/etc/init.d/dansguardian start
851	fi
852
853	#
854	# Forced reset of permissions, just to be sure
855	#
856	chmod 600 /etc/smbldap-tools/smbldap_bind.conf*
857	chmod 600 /etc/ssl/private/fuss-server-key.pem*
858	#
859	# Remove old fuss-server unused files
860	#
861	rm -f /etc/init.d/firewall.sh*
862	rm -f /etc/rcS.d/firewall.sh*
863	rm -f /etc/init.d/purgezone
864	rm -f /etc/rc0.d/purgezone
865
866	unset PASS
867	echo "FUSS Server configurations ended"
868
869	;;
870
871	purge)
872	echo "Removing all previuos configuration from $ETC_DIR"
873	BACKDIR=/var/backups/fuss-server
874	if [ -d $CA_DIR ]; then
875	tar -f $BACKDIR/Credential$TODAY -r $CA_DIR
876	rm -fR $CA_DIR
877	fi
878	cp -f $TEMPL_DIR/fuss-server.conf $CONF_FILE
879	;;
880
881	*)
882	echo "fuss-server called with unknown argument \`$1'" >&2
883	echo " fuss-server create - install configuration"
884	echo " fuss-server purge - clean $ETC_DIR dir"
885	exit 1
886	;;
887	esac
888
889	exit 0

Note: See TracBrowser for help on using the browser.

Download in other formats:

Original Format