Скрипт для автоматизации установки и запуска связки Zentyal + MyDLP + Webmin + SAMS2 в Ubuntu Linux. Скрипт запускается с правами root и рассчитан на работу в Ubuntu 12.04. Для других систем скрипт может использоваться как заметка о том, что не забыть при установке. #!/bin/sh
# INSTALL SCRIPT PROXY ALLURGROUP
export DEBIAN_FRONTEND=noninteractive
echo "INSTALL DLP COMPLITE"
wget -q http://keys.zentyal.org/zentyal-3.2-archive.asc -O- | apt-key add -
apt-get install -y -q python-software-properties
add-apt-repository -y ppa:zentyal/3.2
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get -y -q install zentyal
DEBIAN_FRONTEND=noninteractive apt-get -y -q --force-yes install language-pack-zentyal-ru
echo "ZENTYAL INSTALL COMPLITE PLEASE GO TO HTTPS://IP:4443"
sed 's/443/4443/' /var/lib/zentyal/conf/nginx.conf > /var/lib/zentyal/conf/nginx.conf.new &
sleep 5
mv /var/lib/zentyal/conf/nginx.conf.new /var/lib/zentyal/conf/nginx.conf
sleep 5
killall nginx
netstat -an | grep 443
echo "use mysql;" > proxy.sql
echo 'update user set password=PASSWORD("")' "where User='root';" >> proxy.sql
echo "flush privileges;" >> proxy.sql
echo "quit" >> proxy.sql
/etc/init.d/mysql stop &
sleep 5
mysqld_safe --skip-grant-tables &
sleep 5
mysql -u root < proxy.sql &
sleep 5
/etc/init.d/mysql stop &
sleep 5
/etc/init.d/mysql start &
sleep 5
echo "deb ftp://ftp.linux.org.tr/mydlp/ubuntu precise main" >> /etc/apt/sources.list
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get -y -q --force-yes install mydlp mydlp-appliance
echo 'LANG=ru_RU.UTF-8' > /etc/default/locale
echo 'LANGUAGE=ru_RU.UTF-8' >> /etc/default/locale
echo 'LC_CTYPE="ru_RU.UTF-8"' >> /etc/default/locale
echo 'LC_NUMERIC="ru_RU.UTF-8"' >> /etc/default/locale
echo 'LC_TIME="ru_RU.UTF-8"' >> /etc/default/locale
echo 'LC_COLLATE="ru_RU.UTF-8"' >> /etc/default/locale
echo 'LC_MONETARY="ru_RU.UTF-8"' >> /etc/default/locale
echo 'LC_MESSAGES="ru_RU.UTF-8"' >> /etc/default/locale
echo 'LC_PAPER="ru_RU.UTF-8"' >> /etc/default/locale
echo 'LC_NAME="ru_RU.UTF-8"' >> /etc/default/locale
echo 'LC_ADDRESS="ru_RU.UTF-8"' >> /etc/default/locale
echo 'LC_TELEPHONE="ru_RU.UTF-8"' >> /etc/default/locale
echo 'LC_MEASUREMENT="ru_RU.UTF-8"' >> /etc/default/locale
echo 'LC_IDENTIFICATION="ru_RU.UTF-8"' >> /etc/default/locale
echo 'LC_ALL=ru_RU.UTF-8' >> /etc/default/locale
echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc
DEBIAN_FRONTEND=noninteractive apt-get -y -q --force-yes update
DEBIAN_FRONTEND=noninteractive apt-get -y -q --force-yes install webmin
DEBIAN_FRONTEND=noninteractive apt-get -y -q --force-yes install make g++ libtool build-essential autoconf automake ssl-cert \
libmysqlclient-dev libpcre3 libpcre3-dev php5 php5-cli php5-common php5-dev php5-mcrypt \
php5-imagick php5-mysql php5-gd php5-ldap php-fpdf libapache2-mod-php5 libldap2-dev
DEBIAN_FRONTEND=noninteractive apt-get -y -q --force-yes install krb5-user krb5-config libkrb53 krb5-locales libgssapi-krb5-2
DEBIAN_FRONTEND=noninteractive apt-get -y -q --force-yes install samba samba-common winbind
DEBIAN_FRONTEND=noninteractive apt-get -y -q --force-yes install ntp
sed 's/0.ubuntu.pool.ntp.org/192.168.10.10/g;s/1.ubuntu.pool.ntp.org/192.168.10.12/g;s/2.ubuntu.pool.ntp.org/192.168.12.10/g;s/3.ubuntu.pool.ntp.org/192.168.12.11/g' /etc/ntp.conf > /etc/ntp.conf.new &
sleep 5
mv /etc/ntp.conf.new /etc/ntp.conf &
sleep 5
/etc/init.d/ntp restart &
sleep 5
echo '[global]' > /etc/samba/smb.conf
echo 'dos charset = 866' >> /etc/samba/smb.conf
echo 'unix charset = UTF-8' >> /etc/samba/smb.conf
echo 'display charset = CP1251' >> /etc/samba/smb.conf
echo 'security = ADS' >> /etc/samba/smb.conf
echo 'workgroup = ALLURAUTO' >> /etc/samba/smb.conf
echo 'realm = example.com' >> /etc/samba/smb.conf
echo 'winbind uid = 10000-20000' >> /etc/samba/smb.conf
echo 'winbind gid = 10000-20000' >> /etc/samba/smb.conf
echo 'winbind enum users = yes' >> /etc/samba/smb.conf
echo 'winbind enum groups = yes' >> /etc/samba/smb.conf
echo 'winbind use default domain = yes' >> /etc/samba/smb.conf
echo 'local master = no' >> /etc/samba/smb.conf
echo 'client use spnego = yes' >> /etc/samba/smb.conf
echo 'ntlm auth = yes' >> /etc/samba/smb.conf
echo 'client ntlmv2 auth = yes' >> /etc/samba/smb.conf
echo 'log file = /var/log/samba/log.%m' >> /etc/samba/smb.conf
echo 'max log size = 1000' >> /etc/samba/smb.conf
echo 'syslog = 0' >> /etc/samba/smb.conf
echo '' >> /etc/samba/smb.conf
echo '[downloads]' >> /etc/samba/smb.conf
echo ' comment = MyDLP Appliance Downloads' >> /etc/samba/smb.conf
echo ' path = /usr/share/mydlp/endpoint' >> /etc/samba/smb.conf
echo ' read only = yes' >> /etc/samba/smb.conf
echo ' guest ok = yes' >> /etc/samba/smb.conf
echo ' public = yes' >> /etc/samba/smb.conf
echo ' browsable = yes' >> /etc/samba/smb.conf
echo ' writable = no' >> /etc/samba/smb.conf
echo '[libdefaults]' >> /etc/krb5.conf
echo 'default_realm = example.com' >> /etc/krb5.conf
echo 'clockskew = 300' >> /etc/krb5.conf
echo 'ticket_lifetime = 24000' >> /etc/krb5.conf
echo '# The following krb5.conf variables are only for MIT Kerberos.' >> /etc/krb5.conf
echo 'krb4_config = /etc/krb.conf' >> /etc/krb5.conf
echo 'krb4_realms = /etc/krb.realms' >> /etc/krb5.conf
echo 'kdc_timesync = 1' >> /etc/krb5.conf
echo 'ccache_type = 4' >> /etc/krb5.conf
echo 'forwardable = true' >> /etc/krb5.conf
echo 'proxiable = true' >> /etc/krb5.conf
echo'' >> /etc/krb5.conf
echo '[realms]' >> /etc/krb5.conf
echo ' example.com = {' >> /etc/krb5.conf
echo ' kdc = rwdc01.example.com' >> /etc/krb5.conf
echo ' kdc = rwdc02.example.com' >> /etc/krb5.conf
echo ' admin_server = rwdc01.example.com' >> /etc/krb5.conf
echo ' default_domain = example.com' >> /etc/krb5.conf
echo ' }' >> /etc/krb5.conf
echo '' >> /etc/krb5.conf
echo ' [domain_realm]' >> /etc/krb5.conf
echo ' .example.com = example.com' >> /etc/krb5.conf
echo ' example.com = example.com' >> /etc/krb5.conf
echo '' >> /etc/krb5.conf
echo '[login]' >> /etc/krb5.conf
echo ' krb4_convert = true' >> /etc/krb5.conf
echo ' krb4_get_tickets = false' >> /etc/krb5.conf
echo '' >> /etc/krb5.conf
echo '[logging]' >> /etc/krb5.conf
echo 'kdc = FILE:/var/log/krb5/krb5kdc.log' >> /etc/krb5.conf
echo 'admin_server = FILE:/var/log/krb5/kadmind.log' >> /etc/krb5.conf
echo 'default = SYSLOG:NOTICE:DAEMON' >> /etc/krb5.conf
DEBIAN_FRONTEND=noninteractive apt-get -y -q --force-yes install squid3-common
mkdir -p /var/run/samba/winbindd_privileged/
chgrp proxy /var/run/samba/winbindd_privileged/
chmod 0750 /var/run/samba/winbindd_privileged/
/etc/init.d/winbind restart
mkdir squidsrc
cd squidsrc
wget http://sams2.googlecode.com/files/sams-2.0.0-rc2.tar.bz2
tar xvjf sams-2.0.0-rc2.tar.bz2
cd sams-2.0.0-rc2
source /etc/apache2/envvars
make -f Makefile.cvs
./configure
sed -i -e '6000s/absdir=.*/absdir="\/usr\/lib"/' libtool
cd src
mv samsuser.h samsuser.kmp
mv dbquery.h dbquery.kmp
mv template.h template.kmp
mv logger.h logger.kmp
mv urlgroup.h urlgroup.kmp
mv squidlogline.h squidlogline.kmp
mv dbconn.h dbconn.kmp
mv proxy.h proxy.kmp
ls -la *.kmp
sed 's/enum usrStatus/enum usrStatus : long/' samsuser.kmp > samsuser.h
sed 's/enum VarType/enum VarType : long/' dbquery.kmp > dbquery.h
sed 's/enum PeriodType/enum PeriodType : long/' template.kmp > template.h
sed 's/enum LogKind/enum LogKind : long/g;s/enum LoggerEngine/enum LoggerEngine : long/g' logger.kmp > logger.h
sed 's/enum accessType/enum accessType : long/' urlgroup.kmp > urlgroup.h
sed 's/enum logCacheResult/enum logCacheResult : long/g;s/enum logPeerStatus/enum logPeerStatus : long/g;s/enum logHTTPStatus {/enum logHTTPStatus : long {/g' squidlogline.kmp > squidlogline.h
sed 's/enum DBEngine/enum DBEngine : long/' dbconn.kmp > dbconn.h
sed 's/enum TrafficType/enum TrafficType : long/g;s/enum usrAuthType/enum usrAuthType : long/g;s/enum RedirType/enum RedirType : long/g;s/enum ParserType/enum ParserType : long/g;s/enum CharCase/enum CharCase : long/g' proxy.kmp > proxy.h
cd ..
make
make install
sed -i -e 's/DB_USER=/DB_USER=sams/' /usr/local/etc/sams2.conf
sed -i -e 's/DB_PASSWORD=/DB_PASSWORD='Meteor2014'/' /usr/local/etc/sams2.conf
sed -i -e 's/squid/squid3/' /usr/local/etc/sams2.conf
sed -i -e 's|SQUIDCACHEDIR=/usr/local/apache2|SQUIDCACHEDIR=/var/spool/squid3|' /usr/local/etc/sams2.conf
chown -R www-data:www-data /usr/local/share/sams2/
chown -R www-data:www-data /usr/local/etc/sams2.conf
chmod -R 777 /usr/local/share/sams2
echo '
Alias /sams2 /usr/local/share/sams2/
<Directory "/usr/local/share/sams2/">
Options Indexes FollowSymlinks
AllowOverride None
Require all granted
AddDefaultCharset off
</Directory>
<Location "/sams2">
Options Indexes
Order allow,deny
Allow from all
</Location>
' > /etc/apache2/sites-available/sams2.conf
echo '
Alias /sams2/doc /usr/local/share/doc/sams2-2.0.0/
<Directory "/usr/local/share/doc/sams2-2.0.0/">
Options Indexes FollowSymlinks
AllowOverride None
Require all granted
AddDefaultCharset off
</Directory>
<Location "/sams2/doc">
Options Indexes
Order allow,deny
Allow from all
</Location>
' > /etc/apache2/sites-available/doc4sams2.conf
ln -s ../sites-available/sams2.conf /etc/apache2/sites-enabled/
ln -s ../sites-available/doc4sams2.conf /etc/apache2/sites-enabled/
ln -s ../sites-available/default /etc/apache2/sites-enabled/default
sed 's/*:80/127.0.0.1:80' /etc/apache2/sites-available/mydlp > /etc/apache2/sites-available/mydlpnew
sleep 5
mv /etc/apache2/sites-available/mydlpnew > /etc/apache2/sites-available/mydlp
sleep 5
service apache2 restart
URL:
Обсуждается: https://www.opennet.ru/tips/info/2871.shtml