ChatchaiJ · June 17, 2025 02:14
diff --git a/ocsiniventory-ubuntu-lts.sh b/ocsiniventory-ubuntu-lts.sh
 #!/bin/sh

 # version 2024-08-02.1

 [ $(id -u) != 0 ] && { echo "Need root privileges"; exit; }

 ### ----- OCSinventory Server/Reports ----- ###

 if [ -z "${SERVER_NAME}" ]; then
 	if [ -z "$1" ]; then
 		echo "Usage: $0 FQDN"
 		exit
 	else
 		SERVER_NAME=$1
 	fi
 fi

 AUTH_USER=${AUTH_USER:-"user"}
 AUTH_PASS=${AUTH_PASS:-"pass"}
 AUTH_NAME=${AUTH_NAME:-"Restricted Area"}

 DB_NAME=${DB_NAME:-"ocs"}
 DB_USER=${DB_USER:-"ocs"}
 DB_PASSWD=${DB_PASSWD:-"ocs"}
 CERT_PASSWD=${CERT_PASSWD:-"secret"}

 REPORTS_DIR="/usr/share/ocsinventory-reports"
 OCSBASE_NEW="${REPORTS_DIR}/files/ocsbase_new.sql"
 APACHE_OCSSVR_CONF="/etc/apache2/conf-available/ocsinventory-server.conf"
 OCS_AGENT_CFG="/etc/ocsinventory/ocsinventory-agent.cfg"
 export DEBIAN_FRONTEND=noninteractive

 apt-get update
 apt-get -y dist-upgrade
 apt-get -y install ocsinventory-server ocsinventory-reports mariadb-server composer python3-trustme

 ## This will run by ocsinventory-reports/install.php line 130 ##

 echo "drop database if exists ${DB_NAME}; create database ${DB_NAME};" | mysql
 echo "grant all privileges on ${DB_NAME}.* to '${DB_USER}'@'localhost' identified by '${DB_PASSWD}';" | mysql

 cat ${OCSBASE_NEW} | mysql -u${DB_USER} -p${DB_PASSWD} ${DB_NAME}

 ## Try manually update database       ##
 ## Still not working, don't know why. ##

 #	UPDATEDB_DIR="${REPORTS_DIR}/files/update"
 #	GUI_VERSION=$(	echo "select tvalue from config where name='GUI_VERSION';"	|\
 #					mysql -u${DB_USER} -p${DB_PASSWD} ${DB_NAME}				|\
 #					tail -1	)
 #	LAST_DB=$(	ls -t ${UPDATEDB_DIR} | cut -f1 -d. | tail -1 )
 #	NEXT_DB=$(expr ${GUI_VERSION} + 1)
 #	for UPDATE_ID in $(seq ${NEXT_DB} ${LAST_DB}); do
 #		cat ${UPDATEDB_DIR}/${UPDATE_ID}.sql
 #	done	|	mysql -u${DB_USER} -p${DB_PASSWD} ${DB_NAME}
 #
 #	echo "update config set tvalue='${LAST_DB}' where name='GUI_VERSION';" |\
 #	mysql -u${DB_USER} -p${DB_PASSWD} ${DB_NAME}
 #	
 #	sed -i -e "s/^define('GUI_VER', .\+)/define('GUI_VER', '${LAST_DB}');/"

 cd ${REPORTS_DIR}
 COMPOSER_ALLOW_SUPERUSER=1 composer install

 ## --- DB config -- ##

 cat << _END_ > /etc/ocsinventory/dbconfig.inc.php
 <?php
 define("DB_NAME", "${DB_NAME}");
 define("SERVER_READ","localhost");
 define("SERVER_WRITE","localhost");
 define("SERVER_PORT","3306");
 define("COMPTE_BASE","${DB_USER}");
 define("PSWD_BASE","${DB_PASSWD}");
 define("ENABLE_SSL","0");
 define("SSL_MODE","");
 define("SSL_KEY","");
 define("SSL_CERT","");
 define("CA_CERT","");
 ?>
 _END_

 [ -f ${REPORTS_DIR}/install.php ] &&
 mv ${REPORTS_DIR}/install.php ${REPORTS_DIR}/install.php.orig

 ## --- apache config of ocsinventory --- ##
 sed -i -e "s/ocsweb/${DB_NAME}/" ${APACHE_OCSSVR_CONF}

 ## trustme ##
 mkdir -p /root/certificates
 cd /root/certificates

 mkdir -p /etc/apache2/ssl
 python3 -m trustme --identities ${SERVER_NAME}
 mv client.pem ca.pem
 openssl pkcs12 -export -passout "pass:${CERT_PASSWD}" -out cli-cert.p12 -inkey server.key -in server.pem
 cp server.pem server.key ca.pem /etc/apache2/ssl
 htpasswd -cb /etc/apache2/.htpasswd ${AUTH_USER} ${AUTH_PASS}

 cat << _END_ > README.txt
 1. The file 'cli-cert.p12' is a client certificate for this ocsinventory server.
   The password for cli-cert.p12 is '${CERT_PASSWD}'

 2. The ocsinventory-agent
   login: ${AUTH_USER}
   password: ${AUTH_PASS}

   for Linux (unix) agent please use ${OCS_AGENT_CFG}
 _END_

 cat << _END_ > /etc/apache2/sites-available/ocs.conf
 ServerName ${SERVER_NAME}

 <VirtualHost *:80>
 	ServerAdmin webmaster@${SERVER_NAME}
 	ServerName ${SERVER_NAME}

 	<Location /ocsinventory>
 		AuthBasicAuthoritative On
 		AuthType Basic
 		AuthName "${AUTH_NAME}"
 		AuthUserFile "/etc/apache2/.htpasswd"
 		require valid-user
 	</Location>

 	<Location /ocsreports>
 			Redirect permanent /ocsreports https://${SERVER_NAME}/ocsreports
 	</Location>

 </VirtualHost>

 <VirtualHost *:443>
 	ServerAdmin webmaster@${SERVER_NAME}
 	ServerName ${SERVER_NAME}

 	DocumentRoot /var/www/html
 	ErrorLog \${APACHE_LOG_DIR}/error.log
 	CustomLog \${APACHE_LOG_DIR}/access.log combined

 	SSLEngine on
 	SSLProtocol -all +TLSv1.2

 	SSLCertificateFile      /etc/apache2/ssl/server.pem
 	SSLCertificateKeyFile   /etc/apache2/ssl/server.key
 	SSLCACertificateFile    /etc/apache2/ssl/ca.pem

 	<Location /ocsinventory>
 		AuthBasicAuthoritative On
 		AuthType Basic
 		AuthName "Restricted Area"
 		AuthUserFile "/etc/apache2/.htpasswd"
 		require valid-user
 	</Location>

 	<Location /ocsreports>
 		SSLVerifyClient require
 		SSLVerifyDepth  10
 	</Location>

 	<FilesMatch "\\.(?:cgi|shtml|phtml|php)$">
 		SSLOptions +StdEnvVars
 	</FilesMatch>
 	<Directory /usr/lib/cgi-bin>
 		SSLOptions +StdEnvVars
 	</Directory>

 </VirtualHost>
 _END_

 a2enmod ssl
 a2dissite 000-default
 a2ensite ocs

 systemctl restart apache2

 apt-get -y install ocsinventory-agent

 B64_USER=$(echo -n "${AUTH_USER}" | base64)
 B64_PASS=$(echo -n "${AUTH_PASS}" | base64)

 cat << _END_ > /etc/ocsinventory/ocsinventory-agent.cfg
 server=https://${SERVER_NAME}/ocsinventory
 ca=/etc/apache2/ssl/ca.pem
 ssl=1
 realm="${AUTH_NAME}"
 user="${B64_USER}"
 password="${B64_PASS}"
 _END_

 DATE_STAMP=$(date "+%Y-%m-%d %H:%M:%S")
 echo "ok -- ${DATE_STAMP}" > /var/www/html/index.html
 echo "127.0.1.1	${SERVER_NAME}" >> /etc/hosts

 echo "=== DONE ==="
 echo "Please read /root/certificates/README.txt"

 ## --- end --- ##
	#!/bin/sh

	# version 2024-08-02.1

	[ $(id -u) != 0 ] && { echo "Need root privileges"; exit; }

	### ----- OCSinventory Server/Reports ----- ###

	if [ -z "${SERVER_NAME}" ]; then
	if [ -z "$1" ]; then
	echo "Usage: $0 FQDN"
	exit
	else
	SERVER_NAME=$1
	fi
	fi

	AUTH_USER=${AUTH_USER:-"user"}
	AUTH_PASS=${AUTH_PASS:-"pass"}
	AUTH_NAME=${AUTH_NAME:-"Restricted Area"}

	DB_NAME=${DB_NAME:-"ocs"}
	DB_USER=${DB_USER:-"ocs"}
	DB_PASSWD=${DB_PASSWD:-"ocs"}
	CERT_PASSWD=${CERT_PASSWD:-"secret"}

	REPORTS_DIR="/usr/share/ocsinventory-reports"
	OCSBASE_NEW="${REPORTS_DIR}/files/ocsbase_new.sql"
	APACHE_OCSSVR_CONF="/etc/apache2/conf-available/ocsinventory-server.conf"
	OCS_AGENT_CFG="/etc/ocsinventory/ocsinventory-agent.cfg"
	export DEBIAN_FRONTEND=noninteractive

	apt-get update
	apt-get -y dist-upgrade
	apt-get -y install ocsinventory-server ocsinventory-reports mariadb-server composer python3-trustme

	## This will run by ocsinventory-reports/install.php line 130 ##

	echo "drop database if exists ${DB_NAME}; create database ${DB_NAME};" \| mysql
	echo "grant all privileges on ${DB_NAME}.* to '${DB_USER}'@'localhost' identified by '${DB_PASSWD}';" \| mysql

	cat ${OCSBASE_NEW} \| mysql -u${DB_USER} -p${DB_PASSWD} ${DB_NAME}

	## Try manually update database ##
	## Still not working, don't know why. ##

	# UPDATEDB_DIR="${REPORTS_DIR}/files/update"
	# GUI_VERSION=$( echo "select tvalue from config where name='GUI_VERSION';" \|\
	# mysql -u${DB_USER} -p${DB_PASSWD} ${DB_NAME} \|\
	# tail -1 )
	# LAST_DB=$( ls -t ${UPDATEDB_DIR} \| cut -f1 -d. \| tail -1 )
	# NEXT_DB=$(expr ${GUI_VERSION} + 1)
	# for UPDATE_ID in $(seq ${NEXT_DB} ${LAST_DB}); do
	# cat ${UPDATEDB_DIR}/${UPDATE_ID}.sql
	# done \| mysql -u${DB_USER} -p${DB_PASSWD} ${DB_NAME}
	#
	# echo "update config set tvalue='${LAST_DB}' where name='GUI_VERSION';" \|\
	# mysql -u${DB_USER} -p${DB_PASSWD} ${DB_NAME}
	#
	# sed -i -e "s/^define('GUI_VER', .\+)/define('GUI_VER', '${LAST_DB}');/"

	cd ${REPORTS_DIR}
	COMPOSER_ALLOW_SUPERUSER=1 composer install

	## --- DB config -- ##

	cat << _END_ > /etc/ocsinventory/dbconfig.inc.php
	<?php
	define("DB_NAME", "${DB_NAME}");
	define("SERVER_READ","localhost");
	define("SERVER_WRITE","localhost");
	define("SERVER_PORT","3306");
	define("COMPTE_BASE","${DB_USER}");
	define("PSWD_BASE","${DB_PASSWD}");
	define("ENABLE_SSL","0");
	define("SSL_MODE","");
	define("SSL_KEY","");
	define("SSL_CERT","");
	define("CA_CERT","");
	?>
	_END_

	[ -f ${REPORTS_DIR}/install.php ] &&
	mv ${REPORTS_DIR}/install.php ${REPORTS_DIR}/install.php.orig

	## --- apache config of ocsinventory --- ##
	sed -i -e "s/ocsweb/${DB_NAME}/" ${APACHE_OCSSVR_CONF}

	## trustme ##
	mkdir -p /root/certificates
	cd /root/certificates

	mkdir -p /etc/apache2/ssl
	python3 -m trustme --identities ${SERVER_NAME}
	mv client.pem ca.pem
	openssl pkcs12 -export -passout "pass:${CERT_PASSWD}" -out cli-cert.p12 -inkey server.key -in server.pem
	cp server.pem server.key ca.pem /etc/apache2/ssl
	htpasswd -cb /etc/apache2/.htpasswd ${AUTH_USER} ${AUTH_PASS}

	cat << _END_ > README.txt
	1. The file 'cli-cert.p12' is a client certificate for this ocsinventory server.
	The password for cli-cert.p12 is '${CERT_PASSWD}'

	2. The ocsinventory-agent
	login: ${AUTH_USER}
	password: ${AUTH_PASS}

	for Linux (unix) agent please use ${OCS_AGENT_CFG}
	_END_

	cat << _END_ > /etc/apache2/sites-available/ocs.conf
	ServerName ${SERVER_NAME}

	<VirtualHost *:80>
	ServerAdmin webmaster@${SERVER_NAME}
	ServerName ${SERVER_NAME}

	<Location /ocsinventory>
	AuthBasicAuthoritative On
	AuthType Basic
	AuthName "${AUTH_NAME}"
	AuthUserFile "/etc/apache2/.htpasswd"
	require valid-user
	</Location>

	<Location /ocsreports>
	Redirect permanent /ocsreports https://${SERVER_NAME}/ocsreports
	</Location>

	</VirtualHost>

	<VirtualHost *:443>
	ServerAdmin webmaster@${SERVER_NAME}
	ServerName ${SERVER_NAME}

	DocumentRoot /var/www/html
	ErrorLog \${APACHE_LOG_DIR}/error.log
	CustomLog \${APACHE_LOG_DIR}/access.log combined

	SSLEngine on
	SSLProtocol -all +TLSv1.2

	SSLCertificateFile /etc/apache2/ssl/server.pem
	SSLCertificateKeyFile /etc/apache2/ssl/server.key
	SSLCACertificateFile /etc/apache2/ssl/ca.pem

	<Location /ocsinventory>
	AuthBasicAuthoritative On
	AuthType Basic
	AuthName "Restricted Area"
	AuthUserFile "/etc/apache2/.htpasswd"
	require valid-user
	</Location>

	<Location /ocsreports>
	SSLVerifyClient require
	SSLVerifyDepth 10
	</Location>

	<FilesMatch "\\.(?:cgi\|shtml\|phtml\|php)$">
	SSLOptions +StdEnvVars
	</FilesMatch>
	<Directory /usr/lib/cgi-bin>
	SSLOptions +StdEnvVars
	</Directory>

	</VirtualHost>
	_END_

	a2enmod ssl
	a2dissite 000-default
	a2ensite ocs

	systemctl restart apache2

	apt-get -y install ocsinventory-agent

	B64_USER=$(echo -n "${AUTH_USER}" \| base64)
	B64_PASS=$(echo -n "${AUTH_PASS}" \| base64)

	cat << _END_ > /etc/ocsinventory/ocsinventory-agent.cfg
	server=https://${SERVER_NAME}/ocsinventory
	ca=/etc/apache2/ssl/ca.pem
	ssl=1
	realm="${AUTH_NAME}"
	user="${B64_USER}"
	password="${B64_PASS}"
	_END_

	DATE_STAMP=$(date "+%Y-%m-%d %H:%M:%S")
	echo "ok -- ${DATE_STAMP}" > /var/www/html/index.html
	echo "127.0.1.1 ${SERVER_NAME}" >> /etc/hosts

	echo "=== DONE ==="
	echo "Please read /root/certificates/README.txt"

	## --- end --- ##