diff options
-rwxr-xr-x | installer/opengnsys_installer.sh | 16 | ||||
-rwxr-xr-x | installer/opengnsys_update.sh | 20 | ||||
-rwxr-xr-x | server/bin/checkperms | 2 |
3 files changed, 35 insertions, 3 deletions
diff --git a/installer/opengnsys_installer.sh b/installer/opengnsys_installer.sh index 66cf0ad8..b62b0f50 100755 --- a/installer/opengnsys_installer.sh +++ b/installer/opengnsys_installer.sh @@ -1376,6 +1376,7 @@ function copyInterfaceAdm () return $hayErrores } + #################################################################### ### Funciones instalacion cliente opengnsys #################################################################### @@ -1409,6 +1410,18 @@ function copyClientFiles() } +# Crear certificados para la firma de cargadores de arranque. +function createCerts () +{ + local SSLCFGDIR=$INSTALL_TARGET/client/etc/ssl + echoAndLog "${FUNCNAME}(): creating certificate files" + mkdir -p $SSLCFGDIR/{certs,private} + openssl req -new -x509 -newkey rsa:2048 -keyout $SSLCFGDIR/private/opengnsys.key -out $SSLCFGDIR/certs/opengnsys.crt -nodes -days 3650 -subj "/CN=OpenGnsys/" + openssl x509 -in $SSLCFGDIR/certs/opengnsys.crt -out $SSLCFGDIR/certs/opengnsys.cer -outform DER + echoAndLog "${FUNCNAME}(): certificate successfully created" +} + + # Crear cliente OpenGnsys. function clientCreate() { @@ -1803,6 +1816,9 @@ if [ $? -ne 0 ]; then errorAndLog "Error creating client structure" fi +# Crear certificado para firmar cargadores +createCerts + # Crear la estructura del cliente de OpenGnsys. for i in $OGLIVE; do if ! clientCreate "$i"; then diff --git a/installer/opengnsys_update.sh b/installer/opengnsys_update.sh index 1e58bfe6..f8cee6eb 100755 --- a/installer/opengnsys_update.sh +++ b/installer/opengnsys_update.sh @@ -169,7 +169,7 @@ function autoConfigure() : fi for service in apache2 httpd; do - [ -d /etc/$service ] && APACHECFGDIR="/etc/$service" + [ -d "/etc/$service" ] && APACHECFGDIR="/etc/$service" if $SERVICESTATUS &>/dev/null; then APACHESERV="$service"; fi done for service in dhcpd dhcpd3-server isc-dhcp-server; do @@ -546,6 +546,19 @@ EOT echoAndLog "${FUNCNAME}(): client files successfully updated" } +# Crear certificado para la firma de cargadores de arranque, si es necesario. +function createCerts () +{ + local SSLCFGDIR=$INSTALL_TARGET/client/etc/ssl + mkdir -p $SSLCFGDIR/{certs,private} + if [ ! -f $SSLCFGDIR/private/opengnsys.key ]; then + echoAndLog "${FUNCNAME}(): creating certificate files" + openssl req -new -x509 -newkey rsa:2048 -keyout $SSLCFGDIR/private/opengnsys.key -out $SSLCFGDIR/certs/opengnsys.crt -nodes -days 3650 -subj "/CN=OpenGnsys/" + openssl x509 -in $SSLCFGDIR/certs/opengnsys.crt -out $SSLCFGDIR/certs/opengnsys.cer -outform DER + echoAndLog "${FUNCNAME}(): certificate successfully created" + fi +} + # Configurar HTTPS y exportar usuario y grupo del servicio Apache. function apacheConfiguration () { @@ -1215,11 +1228,12 @@ fi # Configurar Rsync. rsyncConfigure -# Actualizar ficheros del cliente +# Actualizar ficheros del cliente. updateClientFiles +createCerts updateInterfaceAdm -# Actualizar páqinas web +# Actualizar páqinas web. apacheConfiguration updateWebFiles if [ $? -ne 0 ]; then diff --git a/server/bin/checkperms b/server/bin/checkperms index a148b60f..424c1b48 100755 --- a/server/bin/checkperms +++ b/server/bin/checkperms @@ -44,6 +44,8 @@ find $OPENGNSYS_DIR/images -maxdepth 1 -exec chown :$OPENGNSYS_USER {} \; find $OPENGNSYS_DIR/images -maxdepth 1 -type d -exec chmod 775 {} \; find $OPENGNSYS_DIR/images -maxdepth 1 -type f -exec chmod 664 {} \; find $OPENGNSYS_DIR/client/{interfaceAdm,scripts} ! -name "*.txt" -exec chmod +x {} \; +chown -R $OPENGNSYS_USER:$OPENGNSYS_USER $OPENGNSYS_DIR/client/etc/ssl/private +chmod -R go-rwx $OPENGNSYS_USER:$OPENGNSYS_USER $OPENGNSYS_DIR/client/etc/ssl/private chown $OPENGNSYS_USER:$OPENGNSYS_USER $OPENGNSYS_DIR/client/interfaceAdm/CambiarAcceso chmod 700 $OPENGNSYS_DIR/client/interfaceAdm/CambiarAcceso chown root:root $OPENGNSYS_DIR/etc/{ogAdmServer,ogAdmAgent}*.cfg |