#!/bin/sh

CONFIG_FILE="/etc/packetprotector.conf"

#########################
# setup USB directories 
#########################

USB_D=/mnt/disc0_1/packetprotector/
USB_D2=/mnt/disc0_1/packetprotector_home/

# cleanup /packetprotector[_home]
[ -e /packetprotector ] && rm -r /packetprotector
[ -e /packetprotector_home ] && rm -r /packetprotector_home

# symlink USB directory to /packetprotector[_home]
if [ -d $USB_D ] ; then
	ln -s $USB_D /packetprotector
fi
if [ -d $USB_D2 ] ; then
	ln -s $USB_D2 /packetprotector_home
else
	mkdir /mnt/disc0_1/packetprotector_home/
	ln -s $USB_D2 /packetprotector_home
fi

USB_D=/packetprotector

####################
# clean tmp dir
####################

[ -d $USB_D ] && rm -rf /packetprotector/tmp/*

####################
# setup .profile
####################

if [ -d $USB_D ] ; then
	echo "export LD_LIBRARY_PATH=/packetprotector/usr/lib/:/packetprotector/usr/lib/freeradius/" > /tmp/.profile
	echo "export PATH=$PATH:/packetprotector/usr/sbin:/packetprotector_home/usr/bin:/packetprotector_home/usr/sbin" >> /tmp/.profile
fi

####################
# setup CA
####################

cd /etc/easy-rsa
if ([ -s keys/ca.crt ] && [ -s keys/ca.key ] && [ -s keys/server.crt ] && [ -s keys/server.key ]) ; then
	echo "CA initialized"
else
	. ./vars
	./build-ca-batch
	./build-key-server-batch server
	./build-key-radius-batch radius
fi	

if [ -s keys/crl.pem ] ; then
	echo "CRL found"
else
	. ./vars
	cp openssl-revoked.cnf openssl-client.cnf
	./build-key-pass-batch examplerevokedcert
	rm openssl-client.cnf
	./revoke-full examplerevokedcert
fi

if [ -s keys/dh1024.pem ] ; then
	echo "dh1024.pem found"
else
	. ./vars
	./build-dh &
fi	

if [ ! -h /www/ca.crt ] ; then
	ln -s /etc/easy-rsa/keys/ca.crt /www/ca.crt
fi


####################
# setup webif
####################

if [ -d $USB_D/www ] ; then
	rm /usr/lib/webif/webif.sh
	rm /www/cgi-bin/webif/.categories
	rm /www/cgi-bin/webif/*.sh
	rm -r /www/cgi-bin/webif/vpn
	ln -s $USB_D/usr/lib/webif/webif.sh /usr/lib/webif/webif.sh
	ln -s $USB_D/www/cgi-bin/webif/.categories /www/cgi-bin/webif/.categories

	if [ ! -d /www/cgi-bin/webif/vpn ] ; then
		mkdir /www/cgi-bin/webif/vpn
	fi
	grep -v '^nobody:' /etc/shadow | cut -d: -f1,2 > /www/cgi-bin/webif/vpn/.htpasswd
	chmod 600 /www/cgi-bin/webif/vpn/.htpasswd
	ln -s $USB_D/www/cgi-bin/webif/vpn/VPNconnect.sh /www/cgi-bin/webif/vpn/VPNconnect.sh

	cd $USB_D/www/cgi-bin/webif
	for i in *.sh; do
		ln -s $USB_D/www/cgi-bin/webif/$i /www/cgi-bin/webif/$i
	done
else
        rm /usr/lib/webif/webif.sh
        rm /www/cgi-bin/webif/.categories
        rm /www/cgi-bin/webif/*.sh
	rm -rf /www/cgi-bin/webif/vpn
	ln -s /rom/usr/lib/webif/webif.sh /usr/lib/webif/webif.sh
	ln -s /rom/www/cgi-bin/webif/.categories /www/cgi-bin/webif/.categories
	cd /rom/www/cgi-bin/webif
	for i in *.sh; do
		ln -s /rom/www/cgi-bin/webif/$i /www/cgi-bin/webif/$i
	done
fi

###################################
# only run if the packetprotector 
# directory is present
###################################

if [ -d $USB_D ] ; then

   ####################
   # setup crontab
   ####################

   echo "0 3 * * * $USB_D/usr/sbin/snortlogrotate.sh > /dev/null" > /etc/crontabs/root
   echo "0 4 * * * $USB_D/usr/sbin/logrotate.sh > /dev/null" >> /etc/crontabs/root
   echo "*/1 * * * * $USB_D/usr/sbin/nas_check > /dev/null" >> /etc/crontabs/root

   ####################
   # setup firewall
   ####################

   SNORT_INLINE=`grep "snort-inline=" $CONFIG_FILE | cut -d "=" -f 2`

   if [ "X$SNORT_INLINE" = "X1" ] ; then
	$USB_D/etc/init.d/firewall-IPS
   else
	$USB_D/etc/init.d/firewall
   fi

   ####################
   # setup IDS and IPS
   ####################

   $USB_D/etc/init.d/snort-config

   SNORT=`grep "snort=" $CONFIG_FILE | cut -d "=" -f 2`
   if [ "X$SNORT" = "X1" ] ; then
	$USB_D/etc/init.d/snort
   fi

   SNORT_INLINE=`grep "snort-inline=" $CONFIG_FILE | cut -d "=" -f 2`
   if [ "X$SNORT_INLINE" = "X1" ] ; then
        $USB_D/etc/init.d/snort-inline
   fi

   ####################
   # setup OpenVPN
   ####################

   OPENVPN=`grep "openvpn=" $CONFIG_FILE | cut -d "=" -f 2`
   if ([ -s /etc/easy-rsa/keys/dh1024.pem ] && [ "X$OPENVPN" = "X1" ]) ; then
        $USB_D/etc/init.d/openvpn-config
        $USB_D/etc/init.d/openvpn
   fi

   ####################
   # setup RADIUS
   ####################

   FREERADIUS=`grep "freeradius=" $CONFIG_FILE | cut -d "=" -f 2`

   if ([ -s /etc/easy-rsa/keys/dh1024.pem ] && [ "X$FREERADIUS" = "X1" ]) ; then
	$USB_D/etc/init.d/radiusd start
   fi

   ####################
   # setup dynamic DNS
   ####################

   DDNS_SERVICE_TYPE=`egrep "^service-type=" /etc/ez-ipupdate.conf | cut -d "=" -f 2`

   if [ "$DDNS_SERVICE_TYPE" != "disabled" ] ; then
	$USB_D/usr/sbin/ez-ipupdate -c /etc/ez-ipupdate.conf	
   fi

   ####################
   # setup Samba 
   ####################

   SAMBA=`grep "samba=" $CONFIG_FILE | cut -d "=" -f 2`
   PATH=$PATH:/packetprotector/usr/sbin
   $USB_D/etc/init.d/samba-config
   $USB_D/etc/init.d/samba start

fi