Subversion Repositories ALCASAR

#/bin/sh

# $Id: alcasar-bl.sh 311 2010-11-07 22:31:52Z richard $

# Script de gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via dansguardian)

# By 3abtux & rexy

DIR_tmp="/tmp/blacklists"

FILE_tmp="/tmp/fileFilter.txt"

DIR_DANSGUARDIAN="/etc/dansguardian/lists"

BL_CATEGORIES_AVAILABLE="/usr/local/etc/alcasar-bl-categories-available"

BL_CATEGORIES_DEFAULT="/usr/local/etc/alcasar-bl-categories-default"

DIR_DNS_FILTER_AVAILABLE="/usr/local/etc/alcasar-dnsfilter-available"

DIR_DNS_FILTER_ENABLED="/usr/local/etc/alcasar-dnsfilter-enabled"

IP_RETOUR="192.168.182.1"

BL_SERVER="cri.univ-tlse1.fr"

SED="/bin/sed -i"

# Récupération de l'archive de la BL Toulouse

function transfert () {

	mkdir -p $DIR_tmp

	cd $DIR_tmp

	wget http://$BL_SERVER/blacklists/download/blacklists.tar.gz

}

# Décompression de la BL (en conservant la WL)

function install () {

	[ -d $DIR_DANSGUARDIAN ] || mkdir -p $DIR_DANSGUARDIAN

	[ -d $DIR_DANSGUARDIAN/blacklists/ossi ] && mv -f $DIR_DANSGUARDIAN/blacklists/ossi $DIR_tmp

	tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DANSGUARDIAN/

	[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DANSGUARDIAN/blacklists/

	cd /root

	rm -rf $DIR_tmp

}

# Adaptation de la BL Toulouse à la structure Dnsmasq

function adapt () {

	# On récupère le nom des répertoire (catégories)

	find $DIR_DANSGUARDIAN -type f -name domains > $BL_CATEGORIES_AVAILABLE

	# On supprime le suffice "/domains"

	$SED "s?\/domains??g" $BL_CATEGORIES_AVAILABLE

	rm -f $DIR_DNS_FILTER_AVAILABLE/*

	echo -n "Adaptation de la BL Toulouse. Veuillez patienter : "

	# On copie les fichiers de domaine pour chaque catégorie

	for PATH_FILE in `cat $BL_CATEGORIES_AVAILABLE`

	do

        	DOMAINE=`basename $PATH_FILE`

		echo -n "."

		# suppression des @IP, des lignes commentées et des caractères bizarres comme les ô et û ö ü

		egrep  -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > /tmp/dnsmasq-bl.tmp

		$SED "/[äâëêïîöôüû]/d" /tmp/dnsmasq-bl.tmp

		$SED "/^#.*/d" /tmp/dnsmasq-bl.tmp

		# Mise en forme dnsmasq

		$SED "s?.*?address=/&/$IP_RETOUR?g" /tmp/dnsmasq-bl.tmp

		mv /tmp/dnsmasq-bl.tmp $DIR_DNS_FILTER_AVAILABLE/$DOMAINE.conf

	done

	# on adapte le fichier $BL_CATEGORIES_AVAILABLE au choix de catégorie par défaut

	$SED "s?^[^#]?#&?g" $BL_CATEGORIES_AVAILABLE # on commente ce qui ne l'est pas

	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_DEFAULT`

	do

		$SED "/^.*$ENABLE_CATEGORIE/d" $BL_CATEGORIES_AVAILABLE

		$SED "1i\/etc\/dansguardian\/lists\/blacklist\/$ENABLE_CATEGORIE" $BL_CATEGORIES_AVAILABLE

	done

	echo

}

# Permet d'activer/désactiver les catégories de la BL

function cat_choice (){

	# un peu de ménage

	rm -rf $DIR_DNS_FILTER_ENABLED/*

	$SED "/\.Include/d" $DIR_DANSGUARDIAN/bannedsitelist $DIR_DANSGUARDIAN/bannedurllist

	# on affecte les catégories

	for i in `cat $BL_CATEGORIES_DEFAULT`

		do

		ln -s $DIR_DNS_FILTER_AVAILABLE/$i.conf $DIR_DNS_FILTER_ENABLED/$i

		# echo ".Include<$DIR_DANSGUARDIAN/blacklists/$i/domains>" >> $DIR_DANSGUARDIAN/bannedsitelist

		echo ".Include<$DIR_DANSGUARDIAN/blacklists/$i/urls>" >> $DIR_DANSGUARDIAN/bannedurllist

		done

}

usage="Usage: alcasar-bl.sh -on | -off | -download| -reload"

nb_args=$#

args=$1

if [ $nb_args -eq 0 ]

then

	nb_args=1

	args="-h"

fi

case $args in

	-\? | -h* | --h*)

		echo "$usage"

		exit 0

		;;

	# activation du filtrage

	-on)	

		cat_choice

		$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf

		service dansguardian restart

		service dnsmasq restart

		;;

	# désactivation du filtrage

	-off)

		rm -rf $DIR_DNS_FILTER_ENABLED/*

		$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf

		service dansguardian reload

		service dnsmasq restart

		;;

	# Mise a jour de la blacklist 'Toulouse' et adaptation à dansguardian et dnsmasq

	-download)

		rm -rf /tmp/con_ok.html

		`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`

		if [ ! -e /tmp/con_ok.html ]

		then

			echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable"

		else 

			transfert

			install

			chown -R dansguardian:apache $DIR_DANSGUARDIAN

			chmod -R g+w $DIR_DANSGUARDIAN

			DATE=`date '+%d %B %Y - %Hh%M'`

			echo "Univ-tlse du $DATE " > /var/www/html/VERSION-BL

			rm -rf /tmp/con_ok.html

		fi

		adapt

		;;		

	# regénération suite à modification de la BL secondaire

	-reload)

		# pour Dansguardian

		chown -R dansguardian:apache $DIR_DANSGUARDIAN/blacklists/ossi

		chmod -R g+w $DIR_DANSGUARDIAN/blacklists/ossi

		cat_choice

		service dansguardian reload

		# pour dnsmasq (noms de domaine réhabilités)

		if [ `wc -w $DIR_DANSGUARDIAN/exceptionsitelist|cut -d " " -f1` != "0" ]

		then

			for i in `cat $DIR_DANSGUARDIAN/exceptionsitelist`

			do

				$SED "/$i/d" $DIR_DNS_FILTER_AVAILABLE/sect.conf

			done

		fi

		$SED "s?.*?address=/&/$IP_RETOUR?g" $DIR_DNS_FILTER_AVAILABLE/ossi.conf

		service dnsmasq reload

;;

	*)

		echo "Argument inconnu :$1";

		echo "$usage"

		exit 1

		;;

esac