bpfire/lfs/configroot

###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

###############################################################################
# Definitions
###############################################################################

include Config

VER        = ipfire

THISAPP    = configroot
DIR_APP    = $(DIR_SRC)/$(THISAPP)
TARGET     = $(DIR_INFO)/$(THISAPP)

###############################################################################
# Top-level Rules
###############################################################################

install : $(TARGET)

check :

download :

md5 :

###############################################################################
# Installation Details
###############################################################################

$(TARGET) :
	@$(PREBUILD)

	# Create all directories
	for i in addon-lang auth backup ca captive certs connscheduler crls ddns dhcp dhcpc dns dnsforward \
			ethernet extrahd/bin fwlogs fwhosts firewall isdn key langs logging mac main \
			menu.d modem optionsfw \
			ovpn patches pakfire portfw ppp private proxy/advanced/cre \
			proxy/calamaris/bin qos/bin red remote sensors suricata time \
			updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin vpn \
			wakeonlan wireless ; do \
	        mkdir -p $(CONFIG_ROOT)/$$i; \
	done

	# Touch empty files
	for i in auth/users backup/include.user backup/exclude.user \
	    captive/settings captive/agb.txt captive/clients captive/voucher_out certs/index.txt certs/index.txt.attr ddns/config ddns/settings ddns/ipcache dhcp/settings \
	    dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dns/servers dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
	    ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/locationblock firewall/input firewall/outgoing \
	    fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customlocationgrp fwlogs/ipsettings fwlogs/portsettings \
	    isdn/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \
	    ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
	    ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
	    qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \
	    vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
	    touch $(CONFIG_ROOT)/$$i; \
	done

	# Copy initial configfiles
	cp $(DIR_SRC)/config/cfgroot/header.pl			$(CONFIG_ROOT)/
	cp $(DIR_SRC)/config/cfgroot/general-functions.pl	$(CONFIG_ROOT)/
	cp $(DIR_SRC)/config/cfgroot/network-functions.pl	$(CONFIG_ROOT)/
	cp $(DIR_SRC)/config/cfgroot/location-functions.pl		$(CONFIG_ROOT)/
	cp $(DIR_SRC)/config/cfgroot/ids-functions.pl		$(CONFIG_ROOT)/
	cp $(DIR_SRC)/config/cfgroot/lang.pl			$(CONFIG_ROOT)/
	cp $(DIR_SRC)/config/cfgroot/countries.pl		$(CONFIG_ROOT)/
	cp $(DIR_SRC)/config/cfgroot/graphs.pl			$(CONFIG_ROOT)/
	cp $(DIR_SRC)/config/cfgroot/modem-lib.pl		$(CONFIG_ROOT)/
	cp $(DIR_SRC)/config/cfgroot/advoptions-list		$(CONFIG_ROOT)/dhcp/advoptions-list
	cp $(DIR_SRC)/config/cfgroot/connscheduler-lib.pl	$(CONFIG_ROOT)/connscheduler/lib.pl
	cp $(DIR_SRC)/config/cfgroot/connscheduler.conf		$(CONFIG_ROOT)/connscheduler
	cp $(DIR_SRC)/config/extrahd/*				$(CONFIG_ROOT)/extrahd/bin/
	cp $(DIR_SRC)/config/cfgroot/sensors-settings		$(CONFIG_ROOT)/sensors/settings
	cp $(DIR_SRC)/config/menu/*				$(CONFIG_ROOT)/menu.d/
	cp $(DIR_SRC)/config/cfgroot/modem-defaults		$(CONFIG_ROOT)/modem/defaults
	cp $(DIR_SRC)/config/cfgroot/modem-settings		$(CONFIG_ROOT)/modem/settings
	cp $(DIR_SRC)/config/cfgroot/proxy-acl			$(CONFIG_ROOT)/proxy/acl-1.4
	cp $(DIR_SRC)/config/qos/*						$(CONFIG_ROOT)/qos/bin/
	cp $(DIR_SRC)/config/cfgroot/main-settings		$(CONFIG_ROOT)/main/settings
	cp $(DIR_SRC)/config/cfgroot/manualpages		$(CONFIG_ROOT)/main/
	cp $(DIR_SRC)/config/cfgroot/ssh-settings		$(CONFIG_ROOT)/remote/settings
	cp $(DIR_SRC)/config/cfgroot/time-settings		$(CONFIG_ROOT)/time/settings
	cp $(DIR_SRC)/config/cfgroot/logging-settings	$(CONFIG_ROOT)/logging/settings
	cp $(DIR_SRC)/config/cfgroot/ethernet-vlans		$(CONFIG_ROOT)/ethernet/vlans
	cp $(DIR_SRC)/langs/list						$(CONFIG_ROOT)/langs/
	cp $(DIR_SRC)/config/firewall/convert-xtaccess	/usr/sbin/convert-xtaccess
	cp $(DIR_SRC)/config/firewall/convert-outgoingfw	/usr/sbin/convert-outgoingfw
	cp $(DIR_SRC)/config/firewall/convert-dmz	/usr/sbin/convert-dmz
	cp $(DIR_SRC)/config/firewall/convert-portfw	/usr/sbin/convert-portfw
	cp $(DIR_SRC)/config/firewall/p2protocols		$(CONFIG_ROOT)/firewall/p2protocols
	cp $(DIR_SRC)/config/firewall/firewall-policy	/usr/sbin/firewall-policy
	cp $(DIR_SRC)/config/fwhosts/icmp-types			$(CONFIG_ROOT)/fwhosts/icmp-types
	cp $(DIR_SRC)/config/fwhosts/customservices		$(CONFIG_ROOT)/fwhosts/customservices
	cp $(DIR_SRC)/config/fwhosts/customservices             $(CONFIG_ROOT)/fwhosts/customservices.default
	# Oneliner configfiles
	echo  "ENABLED=off"		> $(CONFIG_ROOT)/vpn/settings
	echo  "01"			> $(CONFIG_ROOT)/certs/serial
	echo  "nameserver    1.2.3.4"	> $(CONFIG_ROOT)/ppp/fake-resolv.conf
	echo  "DROPNEWNOTSYN=on"	>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "DROPINPUT=on"		>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "DROPFORWARD=on"		>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "FWPOLICY=DROP"		>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "FWPOLICY1=DROP"		>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "FWPOLICY2=DROP"		>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "DROPPORTSCAN=on"		>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "DROPOUTGOING=on"		>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "DROPSAMBA=off"		>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "DROPPROXY=off"		>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "SHOWREMARK=on"		>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "SHOWCOLORS=on"		>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "SHOWTABLES=off"		>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "SHOWDROPDOWN=off"	>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "DROPWIRELESSINPUT=on"	>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "DROPWIRELESSFORWARD=on"	>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "DROPSPOOFEDMARTIAN=on"	>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "DROPHOSTILE=on"		>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "LOGDROPCTINVALID=on"	>> $(CONFIG_ROOT)/optionsfw/settings
	echo  "POLICY=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
	echo  "POLICY1=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
	echo  "USE_ISP_NAMESERVERS=on"  >> $(CONFIG_ROOT)/dns/settings
	echo  "TREE=$(PAKFIRE_TREE)"    >> $(CONFIG_ROOT)/pakfire/settings

	# Install snort to suricata converter.
	cp $(DIR_SRC)/config/suricata/convert-snort	/usr/sbin/convert-snort
	cp $(DIR_SRC)/config/suricata/convert-ids-modifysids-file   /usr/sbin/convert-ids-modifysids-file
	cp $(DIR_SRC)/config/suricata/convert-ids-multiple-providers /usr/sbin/convert-ids-multiple-providers

	# set converters executable
	chmod 755 /usr/sbin/convert-*

	# Make extrahd.pl executable
	chmod 755 /var/ipfire/extrahd/bin/extrahd.pl

	# Modify variables in header.pl
	sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
	    -e "s+VERSION+$(VERSION)+g" \
	    $(CONFIG_ROOT)/header.pl

	# Modify variables in general-functions.pl
	sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
	    -e "s+VERSION+$(VERSION)+g" \
	    $(CONFIG_ROOT)/general-functions.pl

	# Modify CONFIG_ROOT in lang.pl
	sed -i -e "s+CONFIG_ROOT+$(CONFIG_ROOT)+g" \
	    $(CONFIG_ROOT)/lang.pl

	# Language files
	cp $(DIR_SRC)/langs/*/cgi-bin/*.pl $(CONFIG_ROOT)/langs/

	# Configroot permissions
	chown -R nobody:nobody $(CONFIG_ROOT)
	chown      root:root   $(CONFIG_ROOT)
	for i in backup/ *.pl addon-lang/ langs/ ; do \
            chown -R root:root $(CONFIG_ROOT)/$$i; \
	done
	chown -Rv root:root $(CONFIG_ROOT)/*/bin
	chown root:nobody $(CONFIG_ROOT)/dhcpc

	@$(POSTBUILD)