summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xinstaller/opengnsys_installer.sh16
-rwxr-xr-xinstaller/opengnsys_update.sh20
-rwxr-xr-xserver/bin/checkperms2
3 files changed, 35 insertions, 3 deletions
diff --git a/installer/opengnsys_installer.sh b/installer/opengnsys_installer.sh
index 66cf0ad8..b62b0f50 100755
--- a/installer/opengnsys_installer.sh
+++ b/installer/opengnsys_installer.sh
@@ -1376,6 +1376,7 @@ function copyInterfaceAdm ()
return $hayErrores
}
+
####################################################################
### Funciones instalacion cliente opengnsys
####################################################################
@@ -1409,6 +1410,18 @@ function copyClientFiles()
}
+# Crear certificados para la firma de cargadores de arranque.
+function createCerts ()
+{
+ local SSLCFGDIR=$INSTALL_TARGET/client/etc/ssl
+ echoAndLog "${FUNCNAME}(): creating certificate files"
+ mkdir -p $SSLCFGDIR/{certs,private}
+ openssl req -new -x509 -newkey rsa:2048 -keyout $SSLCFGDIR/private/opengnsys.key -out $SSLCFGDIR/certs/opengnsys.crt -nodes -days 3650 -subj "/CN=OpenGnsys/"
+ openssl x509 -in $SSLCFGDIR/certs/opengnsys.crt -out $SSLCFGDIR/certs/opengnsys.cer -outform DER
+ echoAndLog "${FUNCNAME}(): certificate successfully created"
+}
+
+
# Crear cliente OpenGnsys.
function clientCreate()
{
@@ -1803,6 +1816,9 @@ if [ $? -ne 0 ]; then
errorAndLog "Error creating client structure"
fi
+# Crear certificado para firmar cargadores
+createCerts
+
# Crear la estructura del cliente de OpenGnsys.
for i in $OGLIVE; do
if ! clientCreate "$i"; then
diff --git a/installer/opengnsys_update.sh b/installer/opengnsys_update.sh
index 1e58bfe6..f8cee6eb 100755
--- a/installer/opengnsys_update.sh
+++ b/installer/opengnsys_update.sh
@@ -169,7 +169,7 @@ function autoConfigure()
:
fi
for service in apache2 httpd; do
- [ -d /etc/$service ] && APACHECFGDIR="/etc/$service"
+ [ -d "/etc/$service" ] && APACHECFGDIR="/etc/$service"
if $SERVICESTATUS &>/dev/null; then APACHESERV="$service"; fi
done
for service in dhcpd dhcpd3-server isc-dhcp-server; do
@@ -546,6 +546,19 @@ EOT
echoAndLog "${FUNCNAME}(): client files successfully updated"
}
+# Crear certificado para la firma de cargadores de arranque, si es necesario.
+function createCerts ()
+{
+ local SSLCFGDIR=$INSTALL_TARGET/client/etc/ssl
+ mkdir -p $SSLCFGDIR/{certs,private}
+ if [ ! -f $SSLCFGDIR/private/opengnsys.key ]; then
+ echoAndLog "${FUNCNAME}(): creating certificate files"
+ openssl req -new -x509 -newkey rsa:2048 -keyout $SSLCFGDIR/private/opengnsys.key -out $SSLCFGDIR/certs/opengnsys.crt -nodes -days 3650 -subj "/CN=OpenGnsys/"
+ openssl x509 -in $SSLCFGDIR/certs/opengnsys.crt -out $SSLCFGDIR/certs/opengnsys.cer -outform DER
+ echoAndLog "${FUNCNAME}(): certificate successfully created"
+ fi
+}
+
# Configurar HTTPS y exportar usuario y grupo del servicio Apache.
function apacheConfiguration ()
{
@@ -1215,11 +1228,12 @@ fi
# Configurar Rsync.
rsyncConfigure
-# Actualizar ficheros del cliente
+# Actualizar ficheros del cliente.
updateClientFiles
+createCerts
updateInterfaceAdm
-# Actualizar páqinas web
+# Actualizar páqinas web.
apacheConfiguration
updateWebFiles
if [ $? -ne 0 ]; then
diff --git a/server/bin/checkperms b/server/bin/checkperms
index a148b60f..424c1b48 100755
--- a/server/bin/checkperms
+++ b/server/bin/checkperms
@@ -44,6 +44,8 @@ find $OPENGNSYS_DIR/images -maxdepth 1 -exec chown :$OPENGNSYS_USER {} \;
find $OPENGNSYS_DIR/images -maxdepth 1 -type d -exec chmod 775 {} \;
find $OPENGNSYS_DIR/images -maxdepth 1 -type f -exec chmod 664 {} \;
find $OPENGNSYS_DIR/client/{interfaceAdm,scripts} ! -name "*.txt" -exec chmod +x {} \;
+chown -R $OPENGNSYS_USER:$OPENGNSYS_USER $OPENGNSYS_DIR/client/etc/ssl/private
+chmod -R go-rwx $OPENGNSYS_USER:$OPENGNSYS_USER $OPENGNSYS_DIR/client/etc/ssl/private
chown $OPENGNSYS_USER:$OPENGNSYS_USER $OPENGNSYS_DIR/client/interfaceAdm/CambiarAcceso
chmod 700 $OPENGNSYS_DIR/client/interfaceAdm/CambiarAcceso
chown root:root $OPENGNSYS_DIR/etc/{ogAdmServer,ogAdmAgent}*.cfg