Récupération
This commit is contained in:
commit
f3875e447c
|
@ -0,0 +1,300 @@
|
|||
#!/bin/bash
|
||||
#Initialisation des variables
|
||||
SOURCE=`pwd`
|
||||
MAJ=n
|
||||
MENTEUR=n
|
||||
echo ' __ __ _____ ____ ____ _____ ______'
|
||||
echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|'
|
||||
echo ' \ V / / \ | |__) | | | | |_) | / \ | (___ | |__'
|
||||
echo ' > < / /\ \ | _ /| | | | _ < / /\ \ \___ \| __|'
|
||||
echo ' / . \ / ____ \| | \ \| |__| | |_) / ____ \ ____) | |____'
|
||||
echo ' /_/ \_\/_/ \_\_| \_\\____/|____/_/ \_\_____/|______|'
|
||||
echo ' _____ __ _'
|
||||
echo '/ ___| / _| |'
|
||||
echo '\ `--. ___ | |_| |___ ____ _ _ __ ___'
|
||||
echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \'
|
||||
echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/'
|
||||
echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|'
|
||||
echo ""
|
||||
echo "Programme de déploiement de service DNS et DHCP (V1)"
|
||||
echo ""
|
||||
read -p "Ce script s'adresse aux utilisateurs expérimentés. Voulvez-vous continuer ? (O/N) : " CONFIRM
|
||||
CONFIRM=${CONFIRM^^}
|
||||
if [ $CONFIRM != 'O' ];
|
||||
then
|
||||
exit
|
||||
fi
|
||||
echo "#######################"
|
||||
echo "# Lancement du script #"
|
||||
echo "#######################"
|
||||
|
||||
# Installation des mises à jours
|
||||
echo "########################################"
|
||||
echo "# Début de la procédure de mise à jour #"
|
||||
echo "########################################"
|
||||
apt-get update
|
||||
apt-get upgrade -y
|
||||
echo "-- Mise à jour terminé !"
|
||||
|
||||
# Services à déployer
|
||||
echo "#######################"
|
||||
echo "# Services à déployer #"
|
||||
echo "#######################"
|
||||
read -p "Voulez-vous déployer le service DNS ? (O/N) : " DNS
|
||||
DNS=${DNS^^}
|
||||
read -p "Voulez-vous déployer le service DHCP ? (O/N) : " DHCP
|
||||
DHCP=${DHCP^^}
|
||||
|
||||
# Sevices associés
|
||||
if [ $DNS == 'O' ] && [ $DHCP == 'O' ];
|
||||
then
|
||||
read -p "Voulez-vous installer la fonctionnalité de mise à jour automaitque entre le DHCP et le DNS ? (O/N) : " MAJ
|
||||
MAJ=${MAJ^^}
|
||||
fi
|
||||
read -p "Quel est l'interface réseau à utilisé ? : " INTERFACE
|
||||
|
||||
# Récupération adresse IP, HOSTNAME et utilisateur
|
||||
IP=`ifconfig $INTERFACE | grep netmask | awk -F" " '{print $2}'`
|
||||
HOSTNAME=`hostname`
|
||||
DNS_SRV=$IP
|
||||
USER=`whoami`
|
||||
if [ $DNS == 'O' ];
|
||||
then
|
||||
|
||||
# Installation DNS
|
||||
echo "######################################"
|
||||
echo "# Lancement de l'installation du DNS #"
|
||||
echo "######################################"
|
||||
apt-get install bind9 -y
|
||||
echo "-- Installation du DNS terminé !"
|
||||
|
||||
# Questions DNS et définition des variables
|
||||
echo "########################"
|
||||
echo "# Configuration du DNS #"
|
||||
echo "########################"
|
||||
read -p "Entrer le TLD de votre réseau local : " TLD
|
||||
TLD=${TLD,,}
|
||||
read -p "Voulez-vous installer la fonctionnalité de DNS menteur ? (O/N) : " MENTEUR
|
||||
MENTEUR=${MENTEUR^^}
|
||||
SERIAL=`date +%Y%m%d`
|
||||
IP_REV=`echo $IP | awk -F"." '{print $3}'`.`echo $IP | awk -F"." '{print $2}'`.`echo $IP | awk -F"." '{print $1}'`.in-addr.arpa
|
||||
IP_FIN=`echo $IP | awk -F"." '{print $4}'`
|
||||
|
||||
# Configuration DNS
|
||||
echo "####################################"
|
||||
echo "# Copie de la configuration du DNS #"
|
||||
echo "####################################"
|
||||
echo -e "RESOLVCONF=no\nOPTIONS=\"-4 -u bind\"" > /etc/default/bind9
|
||||
echo "-- Paramètres appliqués !"
|
||||
echo "" > /etc/bind/named.conf.local
|
||||
if [ $MAJ == 'O' ];
|
||||
then
|
||||
echo -e "include \"/etc/bind/ddns.key\";\n" >> /etc/bind/named.conf.local
|
||||
fi
|
||||
echo -e "zone \"$TLD\" {\n\ttype master;\n\tfile\"/var/cache/bind/db.$TLD\";" >> /etc/bind/named.conf.local
|
||||
if [ $MAJ == 'O' ];
|
||||
then
|
||||
echo -e "\tallow-update { key DDNS_UPDATE; };" >> /etc/bind/named.conf.local
|
||||
fi
|
||||
echo -e "};\n" >> /etc/bind/named.conf.local
|
||||
echo -e "zone \"$IP_REV\" {\n\ttype master;\n\tfile \"/var/cache/bind/db.$TLD.inv\";" >> /etc/bind/named.conf.local
|
||||
if [ $MAJ == 'O' ];
|
||||
then
|
||||
echo -e "\tallow-update { key DDNS_UPDATE; };" >> /etc/bind/named.conf.local
|
||||
echo "-- Fonctionnalité de mise à jour du DNS et et DHCP activé !"
|
||||
fi
|
||||
echo -e "};\n" >> /etc/bind/named.conf.local
|
||||
echo "-- Zones configurés !"
|
||||
touch /etc/bind/db.$TLD
|
||||
touch /etc/bind/db.$TLD.inv
|
||||
echo -e "\$ORIGIN .\n\$TTL 7200\n$TLD\t\t\tIN SOA $HOSTNAME.$TLD. $USER.$TLD. (\n\t\t\t\t$SERIAL\n\t\t\t\t7200\n\t\t\t\t3600\n\t\t\t\t604800\n\t\t\t\t7200\n\t\t\t\t)\n\t\t\tNS\t$HOSTNAME.$TLD.\n\$ORIGIN $TLD.\n$HOSTNAME\t\t\tA\t$IP" >> /etc/bind/db.$TLD
|
||||
echo -e "\$ORIGIN .\n\$TTL 7200\n$IP_REV\t\t\tIN SOA $HOSTNAME.$TLD. $USER.$TLD. (\n\t\t\t\t$SERIAL\n\t\t\t\t7200\n\t\t\t\t3600\n\t\t\t\t604800\n\t\t\t\t7200\n\t\t\t\t)\n\t\t\tNS\t$HOSTNAME.$TLD.\n\$ORIGIN $IP_REV.\n$IP_FIN\t\t\tPTR\t$HOSTNAME.$TLD." >> /etc/bind/db.$TLD.inv
|
||||
echo "-- Fichiers de zones créés !"
|
||||
ln -s /etc/bind/db.$TLD /var/cache/bind/new.db.$TLD
|
||||
ln -s /etc/bind/db.$TLD.inv /var/cache/bind/new.db.$TLD.inv
|
||||
echo "-- Liens symboliques créés !"
|
||||
cp /var/cache/bind/new.db.$TLD /var/cache/bind/db.$TLD
|
||||
cp /var/cache/bind/new.db.$TLD.inv /var/cache/bind/db.$TLD.inv
|
||||
echo "-- Fichiers de zones déployés !"
|
||||
if [ $MENTEUR == 'O' ];
|
||||
then
|
||||
echo "#################################"
|
||||
echo "# Fonctionnalité de DNS menteur #"
|
||||
echo "#################################"
|
||||
touch /etc/bind/db.menteur
|
||||
echo "-- Zonne DNS menteur créé !"
|
||||
echo -e "\n\nzone \"menteur\" {\n\ttype master;\n\tfile\"/var/cache/bind/db.menteur\";\n};" >> /etc/bind/named.conf.local
|
||||
echo "-- Zone configuré !"
|
||||
echo -e "\$TTL 7200\n@\t\t\tIN SOA $HOSTNAME.$TLD. $USER.$TLD. (\n\t\t\t\t$SERIAL\n\t\t\t\t7200\n\t\t\t\t3600\n\t\t\t\t604800\n\t\t\t\t7200\n\t\t\t\t)\n\t\t\tIN NS\t$HOSTNAME.$TLD.\n" >> /etc/bind/db.menteur
|
||||
echo "-- Fichier de zone créé !"
|
||||
ln -s /etc/bind/db.menteur /var/cache/bind/new.db.menteur
|
||||
echo "-- Lien symbolique créé !"
|
||||
cp /var/cache/bind/new.db.menteur /var/cache/bind/db.menteur
|
||||
echo "-- Fichier de zone dépoyé !"
|
||||
fi
|
||||
chown bind:bind /var/cache/bind/db.*
|
||||
echo "-- Droits des fichiers appliqués !"
|
||||
echo "" > /etc/bind/named.conf.options
|
||||
echo -e "options {\n\tdirectory \"/var/cache/bind\";\n\tdnssec-validation auto;\n\tauth-nxdomain no;\n\tlisten-on { any; };\n\tlisten-on-v6 { none; };\n\tallow-query { any; };\n" >> /etc/bind/named.conf.options
|
||||
echo "-- Options DNS appliqués !"
|
||||
if [ $MENTEUR == 'O' ];
|
||||
then
|
||||
echo -e "\tresponse-policy { zone \"menteur\"; };\n" >> /etc/bind/named.conf.options
|
||||
echo "-- Application de la fonctionnalité de DNS menteur !"
|
||||
fi
|
||||
echo -e "};" >> /etc/bind/named.conf.options
|
||||
echo "-- DNS déployé !"
|
||||
fi
|
||||
|
||||
if [ $DHCP == 'O' ];
|
||||
then
|
||||
|
||||
# Installation DHCP
|
||||
echo "#######################################"
|
||||
echo "# Lancement de l'installation du DHCP #"
|
||||
echo "#######################################"
|
||||
apt-get install isc-dhcp-server -y
|
||||
echo "-- Installation du DHCP terminé !"
|
||||
|
||||
# Installation IPCALC
|
||||
apt-get install ipcalc -y
|
||||
echo "-- Installation de IPCALC terminé !"
|
||||
|
||||
# Questions DHCP et définition des variables
|
||||
echo "#########################"
|
||||
echo "# Configuration du DHCP #"
|
||||
echo "#########################"
|
||||
echo "Plage IP DHCP : "
|
||||
read -p "Entrer la première IP : " RANGE_DEB
|
||||
read -p "Entrer la dernière IP : " RANGE_FIN
|
||||
read -p "Entrer l'adresse de la passerelle : " PASSERELLE
|
||||
if [ $DNS != 'O' ];
|
||||
then
|
||||
read -p "Entrer le suffixe DNS du réseau : " TLD
|
||||
TLD=${TLD,,}
|
||||
read -p "Entrer l'adresse IP du serveur DNS : " DNS_SRV
|
||||
fi
|
||||
MSR=`ifconfig $INTERFACE | grep netmask | awk -F" " '{print $4}'`
|
||||
NETWORK=`ipcalc $IP/$MSR | grep Network | awk -F" " '{print $2}' | awk -F"/" '{print $1}'`
|
||||
|
||||
# Configuration DHCP
|
||||
echo "####################################"
|
||||
echo "# Copie de la configuration du DNS #"
|
||||
echo "####################################"
|
||||
echo -e "INTERFACESv4=\"$INTERFACE\"\nINTERFACESv6=\"\"" > /etc/default/isc-dhcp-server
|
||||
echo "-- Paramètres appliqués !"
|
||||
echo "" > /etc/dhcp/dhcpd.conf
|
||||
echo -e "option domain-name \"$TLD\";\noption domain-name-servers $DNS_SRV;\ndefault-lease-time 3600;\nmax-lease-time 7200;\n" >> /etc/dhcp/dhcpd.conf
|
||||
echo "-- TLD et DNS configurés !"
|
||||
if [ $MAJ == 'O' ];
|
||||
then
|
||||
echo -e "ddns-updates on;\nddns-update-style interim;\nignore client-updates;\nupdate-static-leases on;\n\ninclude \"/etc/dhcp/ddns.key\";\n\nzone $TLD. {\n\tprimary $IP;\n\tkey DDNS_UPDATE;\n}\n\nzone $IP_REV. {\n\tprimary $IP;\n\tkey DDNS_UPDATE;\n}\n" >> /etc/dhcp/dhcpd.conf
|
||||
fi
|
||||
echo -e "authoritative;\n\nsubnet $NETWORK netmask $MSR {\n\trange $RANGE_DEB $RANGE_FIN;\n\toption subnet-mask $MSR;\n\toption routers $PASSERELLE;" >> /etc/dhcp/dhcpd.conf
|
||||
echo "-- Plage IP appliqué !"
|
||||
if [ $MAJ == 'O' ];
|
||||
then
|
||||
echo -e "\tddns-domainname \"$TLD.\";\n\tddns-rev-domainname \"in-addr.arpa\";" >> /etc/dhcp/dhcpd.conf
|
||||
echo "-- Fonctionnalité de mise à jour du DNS et et DHCP activé !"
|
||||
fi
|
||||
echo -e "}" >> /etc/dhcp/dhcpd.conf
|
||||
echo "-- DHCP déployé !"
|
||||
fi
|
||||
|
||||
# Génération de la clé DDNS_UPDATE
|
||||
if [ $MAJ == 'O' ];
|
||||
then
|
||||
echo "###########################################"
|
||||
echo "# Génération de la clé d'échange DNS/DHCP #"
|
||||
echo "###########################################"
|
||||
cd /tmp
|
||||
DDNS_KEY=`dnssec-keygen -a HMAC-MD5 -b 128 -r /dev/urandom -n USER DDNS_UPDATE`
|
||||
DDNS_KEY=`cat $DDNS_KEY.private | grep Key | awk -F" " '{print $2}'`
|
||||
echo "-- Clé généré !"
|
||||
touch /etc/bind/ddns.key
|
||||
echo "-- Fichier créé !"
|
||||
echo -e "key DDNS_UPDATE {\n\talgorithm HMAC-MD5.SIG-ALG.REG.INT;\n\tsecret \"$DDNS_KEY\";\n};" >> /etc/bind/ddns.key
|
||||
echo "-- Clé copié !"
|
||||
chown root:bind /etc/bind/ddns.key
|
||||
chmod 640 /etc/bind/ddns.key
|
||||
cp /etc/bind/ddns.key /etc/dhcp/ddns.key
|
||||
chown root:root /etc/dhcp/ddns.key
|
||||
chmod 640 /etc/dhcp/ddns.key
|
||||
echo "-- Droits appliqués !"
|
||||
echo "-- Clé déployé !"
|
||||
fi
|
||||
|
||||
# Redémarrage des services
|
||||
echo "############################"
|
||||
echo "# Redémarrage des services #"
|
||||
echo "############################"
|
||||
if [ $DNS == 'O' ];
|
||||
then
|
||||
service bind9 restart
|
||||
echo "-- DNS redémarré !"
|
||||
fi
|
||||
if [ $DHCP == 'O' ];
|
||||
then
|
||||
service isc-dhcp-server restart
|
||||
echo "-- DHCP redémarré !"
|
||||
fi
|
||||
cd $SOURCE
|
||||
|
||||
# Ajout de la vérification XAROBASE
|
||||
FILE=`cat /etc/XAROBASE`
|
||||
|
||||
if [ -z $FILE ] || [ $FILE != 'INSTALLED' ];
|
||||
then
|
||||
# Ajout du motd
|
||||
echo "" > /etc/motd
|
||||
echo ' __ __ _____ ____ ____ _____ ______' >> /etc/motd
|
||||
echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|' >> /etc/motd
|
||||
echo ' \ V / / \ | |__) | | | | |_) | / \ | (___ | |__' >> /etc/motd
|
||||
echo ' > < / /\ \ | _ /| | | | _ < / /\ \ \___ \| __|' >> /etc/motd
|
||||
echo ' / . \ / ____ \| | \ \| |__| | |_) / ____ \ ____) | |____' >> /etc/motd
|
||||
echo ' /_/ \_\/_/ \_\_| \_\\____/|____/_/ \_\_____/|______|' >> /etc/motd
|
||||
echo ' _____ __ _' >> /etc/motd
|
||||
echo '/ ___| / _| |' >> /etc/motd
|
||||
echo '\ `--. ___ | |_| |___ ____ _ _ __ ___' >> /etc/motd
|
||||
echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \' >> /etc/motd
|
||||
echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/' >> /etc/motd
|
||||
echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|' >> /etc/motd
|
||||
echo -e "\n\t\t\t\t\t\t${HOSTNAME^^}" >> /etc/motd
|
||||
echo '' >> /etc/motd
|
||||
fi
|
||||
if [ $DNS == 'O' ];
|
||||
then
|
||||
echo "-- Serice DNS" >> /etc/motd
|
||||
fi
|
||||
if [ $MENTEUR == 'O' ];
|
||||
then
|
||||
echo "-- Fonctionnalité DNS menteur activé" >> /etc/motd
|
||||
fi
|
||||
if [ $DHCP == 'O' ];
|
||||
then
|
||||
echo "-- Serice DHCP" >> /etc/motd
|
||||
fi
|
||||
if [ $MAJ == 'O' ];
|
||||
then
|
||||
echo "-- Fonctionnalité de mise à jour DNS et DHCP activé" >> /etc/motd
|
||||
fi
|
||||
echo "#########################"
|
||||
echo "# Fin de l'installation #"
|
||||
echo "#########################"
|
||||
echo "Vous disposé maintenant des services suivant : "
|
||||
if [ $DNS == 'O' ];
|
||||
then
|
||||
echo "-- Service DNS"
|
||||
fi
|
||||
if [ $MENTEUR == 'O' ];
|
||||
then
|
||||
echo "-- Fonctionnalité DNS menteur activé"
|
||||
fi
|
||||
if [ $DHCP == 'O' ];
|
||||
then
|
||||
echo "-- Serice DHCP"
|
||||
fi
|
||||
if [ $MAJ == 'O' ];
|
||||
then
|
||||
echo "-- Fonctionnalité de mise à jour DNS et DHCP activé"
|
||||
fi
|
|
@ -0,0 +1,211 @@
|
|||
#!/bin/bash
|
||||
#Initialisation des variables
|
||||
SOURCE=`pwd`
|
||||
echo ' __ __ _____ ____ ____ _____ ______'
|
||||
echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|'
|
||||
echo ' \ V / / \ | |__) | | | | |_) | / \ | (___ | |__'
|
||||
echo ' > < / /\ \ | _ /| | | | _ < / /\ \ \___ \| __|'
|
||||
echo ' / . \ / ____ \| | \ \| |__| | |_) / ____ \ ____) | |____'
|
||||
echo ' /_/ \_\/_/ \_\_| \_\\____/|____/_/ \_\_____/|______|'
|
||||
echo ' _____ __ _'
|
||||
echo '/ ___| / _| |'
|
||||
echo '\ `--. ___ | |_| |___ ____ _ _ __ ___'
|
||||
echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \'
|
||||
echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/'
|
||||
echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|'
|
||||
echo ""
|
||||
echo "Programme de déploiement de service OpenVPN (V1)"
|
||||
echo ""
|
||||
read -p "Ce script s'adresse aux utilisateurs expérimentés. Voulez-vous continuer ? (O/N) : " CONFIRM
|
||||
CONFIRM=${CONFIRM^^}
|
||||
if [ $CONFIRM != 'O' ];
|
||||
then
|
||||
exit
|
||||
fi
|
||||
echo "#######################"
|
||||
echo "# Lancement du script #"
|
||||
echo "#######################"
|
||||
|
||||
# Installation des mises à jours
|
||||
echo "########################################"
|
||||
echo "# Début de la procédure de mise à jour #"
|
||||
echo "########################################"
|
||||
apt-get update
|
||||
apt-get upgrade -y
|
||||
echo "-- Mise à jour terminé !"
|
||||
|
||||
# Services à déployer
|
||||
echo "#######################"
|
||||
echo "# Services à déployer #"
|
||||
echo "#######################"
|
||||
read -p "Voulez-vous déployer le service VPN ? (O/N) : " VPN
|
||||
VPN=${VPN^^}
|
||||
|
||||
# Récupération interface
|
||||
read -p "Quel est l'interface réseau à utilisé ? : " INTERFACE
|
||||
INTERFACE=${INTERFACE,,}
|
||||
|
||||
if [ $VPN == 'O' ];
|
||||
then
|
||||
|
||||
# Installation VPN
|
||||
echo "######################################"
|
||||
echo "# Lancement de l'installation du VPN #"
|
||||
echo "######################################"
|
||||
apt-get install openssl -y
|
||||
echo "-- Installation de OpenSSL terminé !"
|
||||
apt-get install openvpn -y
|
||||
echo "-- Installation de OpenVPN terminé !"
|
||||
apt-get install easy-rsa -y
|
||||
echo "-- Installation de Easy-RSA terminé !"
|
||||
apt-get install ipcalc -y
|
||||
echo "-- Installation de IPCALC terminé !"
|
||||
apt-get install zip -y
|
||||
echo "-- Installation de ZIP terminé !"
|
||||
|
||||
# Questions VPN et définition des variables
|
||||
echo "########################"
|
||||
echo "# Configuration du VPN #"
|
||||
echo "########################"
|
||||
read -p "Entre le code pays du certificat : " KEY_COUNTRY
|
||||
KEY_COUNTRY=${KEY_COUNTRY^^}
|
||||
read -p "Entrer le département du certificat : " KEY_PROVINCE
|
||||
read -p "Entrer la ville du certificat : " KEY_CITY
|
||||
read -p "Entrer le nom de l'organisation du certificat : " KEY_ORG
|
||||
read -p "Entrer l'unité d'organisation du certificat : " KEY_OU
|
||||
read -p "Entrer l'adresse email de contact du certificat : " KEY_EMAIL
|
||||
read -p "Entrer le nom du service VPN : " VPN_NAME
|
||||
VPN_NAME=${VPN_NAME,,}
|
||||
read -p "Entrer le port du service VPN : " VPN_PORT
|
||||
read -p "Entrer l'adresse réseau du réseau VPN : " VPN_NETWORK
|
||||
read -p "Entrer le masque de votre réseau VPN : " VPN_NETMASK
|
||||
read -p "Entrer le FQDN de votre serveur : " VPN_ADRESSE
|
||||
VPN_ADRESSE=${VPN_ADRESSE,,}
|
||||
read -p "Entrer le DNS que votre client utilisera : " VPN_DNS
|
||||
read -p "Entrer le TLD de votre réseau : " VPN_TLD
|
||||
VPN_TLD=${VPN_TLD,,}
|
||||
read -p "Entre le nom du certificat client du service VPN : " VPN_USER
|
||||
VPN_USER=${VPN_USER,,}
|
||||
read -p "Voulez-vous sécuriser le certificat client par un mot de passe ? (O/N) : " VPN_USER_PASS
|
||||
VPN_USER_PASS=${VPN_USER_PASS^^}
|
||||
VPN_NETWORK=`ipcalc $VPN_NETWORK $VPN_NETMASK | grep Network | awk -F" " '{print $2}' | awk -F"/" '{print $1}'`
|
||||
INTERFACES_CONFIG=`cat /etc/network/interfaces | grep "pre-up iptables-restore < /etc/openvpn/iptables.rules"`
|
||||
VPN_IPTABLES_CONFIG='pre-up iptables-restore < /etc/openvpn/iptables.rules'
|
||||
|
||||
# Configuration DNS
|
||||
echo "###################################"
|
||||
echo "# Génération du certifiat serveur #"
|
||||
echo "###################################"
|
||||
mkdir /etc/openvpn/easy-rsa
|
||||
cp /usr/share/easy-rsa/* /etc/openvpn/easy-rsa
|
||||
echo "-- easy-rsa copié !"
|
||||
echo "" > /etc/openvpn/easy-rsa/vars
|
||||
echo -e "export EASY_RSA=\"\`pwd\`\"\nexport OPENSSL=\"openssl\"\nexport PKCS11TOOL=\"pkcs11-tool\"\nexport GREP=\"grep\"\nexport KEY_CONFIG=\`\$EASY_RSA/whichopensslcnf \$EASY_RSA\`\nexport KEY_DIR=\"\$EASY_RSA/keys\"\necho NOTE: If you run ./clean-all, I will be doing a rm -rf on \$KEY_DIR\nexport PKCS11_MODULE_PATH=\"dummy\"\nexport PKCS11_PIN=\"dummy\"\nexport KEY_SIZE=1024\nexport CA_EXPIRE=3650\nexport KEY_COUNTRY=\"$KEY_COUNTRY\"\nexport KEY_PROVINCE=\"$KEY_PROVINCE\"\nexport KEY_CITY=\"$KEY_CITY\"\nexport KEY_ORG=\"$KEY_ORG\"\nexport KEY_EMAIL=\"$KEY_EMAIL\"\nexport KEY_OU=\"$KEY_OU\"\nexport KEY_NAME=\"$VPN_NAME\"" >> /etc/openvpn/easy-rsa/vars
|
||||
cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
|
||||
echo "-- easy-rsa modifié !"
|
||||
cd /etc/openvpn/easy-rsa
|
||||
source vars
|
||||
./clean-all
|
||||
./build-dh
|
||||
./pkitool --initca
|
||||
./pkitool --server $VPN_NAME
|
||||
openvpn --genkey --secret keys/ta.key
|
||||
echo "-- Certificat généré !"
|
||||
cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/easy-rsa/keys/ta.key /etc/openvpn/easy-rsa/keys/$VPN_NAME.crt /etc/openvpn/easy-rsa/keys/$VPN_NAME.key /etc/openvpn/easy-rsa/keys/dh1024.pem /etc/openvpn/
|
||||
echo "-- Copie du certificat !"
|
||||
echo "####################################"
|
||||
echo "# Copie de la configuration du VPN #"
|
||||
echo "####################################"
|
||||
mkdir /etc/openvpn/jail
|
||||
mkdir /etc/openvpn/jail/tmp
|
||||
mkdir /etc/openvpn/clientconf
|
||||
touch /etc/openvpn/$VPN_NAME.conf
|
||||
echo -e "mode server\nproto tcp\nport $VPN_PORT\ndev tun\ntopology subnet\nca ca.crt\ncert $VPN_NAME.crt\nkey $VPN_NAME.key\ndh dh1024.pem\ntls-auth ta.key 1\nkey-direction 0\ncipher AES-256-CBC\nserver $VPN_NETWORK $VPN_NETMASK\npush \"redirect-gateway def1\"\npush \"dhcp-option DNS $VPN_DNS\"\npush \"dhcp-option DOMAIN $VPN_TLD\"\nkeepalive 10 120\nclient-to-client\nuser nobody\ngroup nogroup\nchroot /etc/openvpn/jail\npersist-key\npersist-tun\ncomp-lzo\nduplicate-cn\nverb 3\nmute 20\nstatus openvpn-status.log\nlog-append /var/log/openvpn.log" >> /etc/openvpn/$VPN_NAME.conf
|
||||
echo "-- Fichiers créés !"
|
||||
echo "################################"
|
||||
echo "# Activation du routage et NAT #"
|
||||
echo "################################"
|
||||
sed -i -e "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g" /etc/sysctl.conf
|
||||
echo "-- Routage activé !"
|
||||
iptables -I FORWARD -i tun0 -j ACCEPT
|
||||
iptables -I FORWARD -o tun0 -j ACCEPT
|
||||
iptables -I INPUT -i tun0 -j ACCEPT
|
||||
iptables -I OUTPUT -o tun0 -j ACCEPT
|
||||
iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
|
||||
sh -c "iptables-save > /etc/openvpn/iptables.rules"
|
||||
if [ -z $INTERFACES_CONFIG ] || [ $INTERFACES_CONFIG != $VPN_IPTABLES_CONFIG ];
|
||||
then
|
||||
echo "pre-up iptables-restore < /etc/openvpn/iptables.rules" >> /etc/network/interfaces
|
||||
fi
|
||||
echo "-- Règles NAT activé !"
|
||||
echo "##################################"
|
||||
echo "# Génération du certifiat client #"
|
||||
echo "##################################"
|
||||
if [ $VPN_USER_PASS == 'O' ];
|
||||
then
|
||||
echo "Entrer le mot de passe du certificat client : "
|
||||
./build-key-pass $VPN_USER
|
||||
else
|
||||
./build-key $VPN_USER
|
||||
fi
|
||||
echo "-- Certificat créé !"
|
||||
mkdir /etc/openvpn/clientconf/$VPN_USER
|
||||
cp /etc/openvpn/ca.crt /etc/openvpn/ta.key /etc/openvpn/easy-rsa/keys/$VPN_USER.crt /etc/openvpn/easy-rsa/keys/$VPN_USER.key /etc/openvpn/clientconf/$VPN_USER/
|
||||
echo "-- Certificat copié !"
|
||||
touch /etc/openvpn/clientconf/$VPN_USER/client.conf
|
||||
echo -e "client\ndev tun\nproto tcp-client\nremote $VPN_ADRESSE $VPN_PORT\nresolv-retry infinite\ncipher AES-256-CBC\nca ca.crt\ncert $VPN_USER.crt\nkey $VPN_USER.key\ntls-auth ta.key 1\nkey-direction 1\nnobind\npersist-key\npersist-tun\ncomp-lzo\nverb 3\nauth-nocache" >> /etc/openvpn/clientconf/$VPN_USER/client.conf
|
||||
cp /etc/openvpn/clientconf/$VPN_USER/client.conf /etc/openvpn/clientconf/$VPN_USER/client.ovpn
|
||||
echo "-- Configuration généré !"
|
||||
zip /etc/openvpn/clientconf/$VPN_USER.zip /etc/openvpn/clientconf/$VPN_USER/*.*
|
||||
echo "-- Archive créé !"
|
||||
fi
|
||||
|
||||
# Redémarrage des services
|
||||
echo "############################"
|
||||
echo "# Redémarrage des services #"
|
||||
echo "############################"
|
||||
if [ $VPN == 'O' ];
|
||||
then
|
||||
service openvpn restart
|
||||
echo "-- OpenVPN redémarré !"
|
||||
fi
|
||||
cd $SOURCE
|
||||
|
||||
# Ajout de la vérification XAROBASE
|
||||
FILE=`cat /etc/XAROBASE`
|
||||
|
||||
if [ -z $FILE ] || [ $FILE != 'INSTALLED' ];
|
||||
then
|
||||
# Ajout du motd
|
||||
touch /etc/XAROBASE
|
||||
echo "INSTALLED" > /etc/XAROBASE
|
||||
echo "" > /etc/motd
|
||||
echo ' __ __ _____ ____ ____ _____ ______' >> /etc/motd
|
||||
echo ' \ \ / / /\ | __ \ / __ \| _ \ /\ / ____| ____|' >> /etc/motd
|
||||
echo ' \ V / / \ | |__) | | | | |_) | / \ | (___ | |__' >> /etc/motd
|
||||
echo ' > < / /\ \ | _ /| | | | _ < / /\ \ \___ \| __|' >> /etc/motd
|
||||
echo ' / . \ / ____ \| | \ \| |__| | |_) / ____ \ ____) | |____' >> /etc/motd
|
||||
echo ' /_/ \_\/_/ \_\_| \_\\____/|____/_/ \_\_____/|______|' >> /etc/motd
|
||||
echo ' _____ __ _' >> /etc/motd
|
||||
echo '/ ___| / _| |' >> /etc/motd
|
||||
echo '\ `--. ___ | |_| |___ ____ _ _ __ ___' >> /etc/motd
|
||||
echo ' `--. \/ _ \| _| __\ \ /\ / / _` | '__/ _ \' >> /etc/motd
|
||||
echo '/\__/ / (_) | | | |_ \ V V / (_| | | | __/' >> /etc/motd
|
||||
echo '\____/ \___/|_| \__| \_/\_/ \__,_|_| \___|' >> /etc/motd
|
||||
echo -e "\n\t\t\t\t\t\t${HOSTNAME^^}" >> /etc/motd
|
||||
echo '' >> /etc/motd
|
||||
fi
|
||||
if [ $VPN == 'O' ];
|
||||
then
|
||||
echo "-- Service VPN" >> /etc/motd
|
||||
fi
|
||||
echo "#########################"
|
||||
echo "# Fin de l'installation #"
|
||||
echo "#########################"
|
||||
echo "Vous disposé maintenant des services suivant : "
|
||||
if [ $VPN == 'O' ];
|
||||
then
|
||||
echo "-- Service VPN"
|
||||
echo "Vous pouvez vous connecter au serveur avec un client grâce à l'archive présente dans /etc/openvpn/clientconf/$VPN_USER.zip"
|
||||
echo "Un redémarrage est nécessaire !"
|
||||
fi
|
|
@ -0,0 +1,6 @@
|
|||
### Scripts
|
||||
|
||||
Ce répertoire est dédié au services XAROBASE.
|
||||
|
||||
Vous retrouverez le code sources des scripts écrit sous le nom XAROBASE Software
|
||||
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue