/conf/sudoers |
---|
8,27 → 8,26 |
# Host alias specification |
Host_Alias LAN_ORG=192.168.182.0/255.255.255.0,localhost #réseau de l'organisme |
# User alias specification |
User_Alias ADMIN=sysadmin # compte d'admin local de l'organisme |
User_Alias ADMWEB=apache # compte lié à l'interface de gestion |
User_Alias ADMIN=sysadmin # local admin account |
User_Alias ADMWEB=apache # web admin account |
# Cmnd alias specification |
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/sbin/alcasar-dhcp.sh # commandes réseau |
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # gestion des paquetages |
Cmnd_Alias BYPASS=/usr/local/sbin/alcasar-bypass.sh # contournement du système d'authentification |
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # pour la gestion des usagers en ligne |
Cmnd_Alias SQL=/usr/local/sbin/alcasar-mysql.sh # pour exporter la base mysql |
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # pour générer l'archive de configuration du serveur |
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # pour exporter/sauvegarder les fichiers journaux |
Cmnd_Alias BL=/usr/local/sbin/alcasar-bl.sh,/usr/local/sbin/alcasar-havp.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/sbin/alcasar-url_filter.sh # pour gérer le filtrage WEB (blacklists, whitelist et antivirus) |
Cmnd_Alias NF=/usr/local/sbin/alcasar-nf.sh,/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # pour gérer le filtrage réseau |
Cmnd_Alias LOGOUT=/usr/local/sbin/alcasar-logout.sh # pour déconnecter les usagers |
Cmnd_Alias UAM=/usr/local/sbin/alcasar-uamallowed.sh # pour gérer les site de confiance (uamallowed) |
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # pour gérer les services |
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # pour gérer le service d'autoinscription par SMS |
Cmnd_Alias SSL=/usr/bin/openssl # pour récupérer les info des certificats |
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/sbin/alcasar-dhcp.sh # network commands |
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment |
Cmnd_Alias BYPASS=/usr/local/sbin/alcasar-bypass.sh # authentication bypass |
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # to manage users in command line |
Cmnd_Alias SQL=/usr/local/sbin/alcasar-mysql.sh # to export users database |
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # to create conf backup file |
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # to export/save the log files |
Cmnd_Alias BL=/usr/local/sbin/alcasar-bl.sh,/usr/local/sbin/alcasar-havp.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/sbin/alcasar-url_filter.sh # to manege the filtering system |
Cmnd_Alias NF=/usr/local/sbin/alcasar-nf.sh,/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # to manage the firewall |
Cmnd_Alias LOGOUT=/usr/local/sbin/alcasar-logout.sh # to disconnect the users |
Cmnd_Alias UAM=/usr/local/sbin/alcasar-uamallowed.sh # to manage the trusted websites (uamallowed) |
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # to manage the linux services |
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem |
Cmnd_Alias SSL=/usr/bin/openssl,/usr/local/sbin/alcasar-importcert.sh,/usr/local/sbin/alcasar-defaultcert.sh # to manage the certificats |
# Defaults specification |
# Defaults syslog=auth |
/scripts/alcasar-defaultcert.sh |
---|
0,0 → 1,65 |
#!/bin/bash |
# alcasar-defaultcert.sh |
# by Raphaël, Hugo, Clément, Bettyna |
# This script is distributed under Gnu General Public License (GPL) |
# Script permettant |
# - de revenir au certificat par default |
# Script allows |
# - go back to the default certificate |
SED="/bin/sed -ri" |
DIR_CERT="/etc/pki/tls" |
usage="Usage: alcasar-defaultcert.sh. Ce script permet de revenir au certificat par default" |
nb_args=$# |
args=$1 |
function defaultNdd() |
{ |
$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf |
$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts |
$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf |
$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf |
$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf |
} |
function defaultCert() |
{ |
cd $DIR_CERT |
rm private/alcasar.key |
rm certs/alcasar.crt |
mv certs/alcasar.crt.old certs/alcasar.crt |
mv private/alcasar.key.old private/alcasar.key |
if [ -f certs/server-chain.crt.old ] |
then |
rm certs/server-chain.crt |
mv certs/server-chain.crt.old certs/server-chain.crt |
fi |
} |
if [ $nb_args != 0 ] |
then |
nb_args=1 |
args="-h" |
fi |
case $args in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
esac |
if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ] |
then |
echo "Back to the original certificate" |
defaultCert |
defaultNdd |
systemctl restart chilli.service |
systemctl restart httpd.service |
fi |
Property changes: |
Added: svn:eol-style |
+native |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
/scripts/alcasar-importcert.sh |
---|
0,0 → 1,132 |
#!/bin/sh |
# alcasar-importcert.sh |
# by Raphaël, Hugo, Clément, Bettyna |
# This script is distributed under the Gnu General Public License (GPL) |
# Script permettant |
# - d'importer des certificats sur Alcasar |
# This script allows |
# - to import certificate in Alcasar |
SED="/bin/sed -ri" |
DIR_CERT="/etc/pki/tls" |
usage="Usage: alcasar-importcert.sh -i YourCertificate.crt -k YourAlcasar.key -c Chaîne.com" |
nb_args=$# |
args=$1 |
args1=$3 |
args2=$5 |
cert=$2 |
key=$4 |
sc=$6 |
function domainName() # change the domain name in the conf files |
{ |
ndd=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p') |
echo $ndd |
if [ "$ndd" != "" ] |
then |
$SED "s/^DOMAIN=.*/DOMAIN=$ndd/g" /usr/local/etc/alcasar.conf |
$SED "s/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.$ndd/g" /etc/hosts |
$SED "s/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.$ndd/g" /etc/chilli.conf |
$SED "s/^domain.*/domain\t\t$ndd/g" /etc/chilli.conf |
$SED "s/^ServerName.*/ServerName alcasar.$ndd/g" /etc/httpd/conf/httpd.conf |
fi |
} |
function certImport() |
{ |
cd $DIR_CERT |
if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ] |
then |
echo "Backup of old cert (alcasar.crt)" |
mv certs/alcasar.crt certs/alcasar.crt.old |
fi |
if [ ! -f "/etc/pki/tls/private/alcasar.key.old" ] |
then |
echo "Backup of old private key (alcasar.key)" |
mv private/alcasar.key private/alcasar.key.old |
fi |
cp $cert certs/alcasar.crt |
cp $key private/alcasar.key |
chown root:apache certs/alcasar.crt |
chown root:apache private/alcasar.key |
chmod 750 certs/alcasar.crt |
chmod 750 private/alcasar.key |
if [ "$sc" != "" ] |
then |
echo "cert-chain exists" |
if [ ! -f "/etc/pki/tls/certs/server-chain.crt.old" ] |
then |
echo "Backup of old cert-chain (server-chain.crt)" |
mv certs/server-chain.crt certs/server-chain.crt.old |
fi |
cp $sc certs/server-chain.crt |
chown root:apache certs/server-chain.crt |
chmod 750 certs/server-chain.crt |
fi |
} |
if [ $nb_args -eq 0 ] || [ "$cert" == "" ] || [ "$key" == "" ] |
then |
nb_args=1 |
args="-h" |
fi |
case $args in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
-i) |
echo "You want import the certificate: $2" |
;; |
*) |
echo "Unknown argument: $1" |
echo "$usage" |
exit 1 |
;; |
esac |
case $args1 in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
-k) |
echo "With the private key: $4" |
;; |
*) |
echo "Unknown argument: $3" |
echo "$usage" |
exit 1 |
;; |
esac |
if [ "$args2" == "-c" ] |
then |
echo "And the cert-chain: $6" |
if [ "$sc" == "" ] |
then |
echo "! Can't find the file of the chain-cert" |
fi |
else |
echo "Without a cert-chain" |
sc="" |
fi |
domainName |
certImport $cert $key $sc |
systemctl restart chilli.service |
systemctl restart httpd.service |
Property changes: |
Added: svn:eol-style |
+native |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
/web/acc/admin/network.php |
---|
2,9 → 2,8 |
/* written by steweb57 & Rexy */ |
/******************** |
* TEST CONF FILES * |
* CONF FILES EXIST * |
*********************/ |
//define ("ALCASAR_CHILLI", "/etc/chilli.conf"); |
define ("CONF_FILE", "/usr/local/etc/alcasar.conf"); |
define ("ETHERS_FILE", "/usr/local/etc/alcasar-ethers"); |
$conf_files=array(CONF_FILE,ETHERS_FILE); |
80,7 → 79,7 |
{ |
$tab=file(ETHERS_FILE); |
$insert="True"; |
if ($tab) # le fichier n'est pas vide |
if ($tab) # the file isn't empty |
{ |
foreach ($tab as $line) # verify that MAC or IP addresses doesn't exist |
{ |
138,8 → 137,8 |
function internetTest(){ |
$host = "www.google.fr"; # Google Test |
$port = "80"; |
//var $num; //non utilisé |
//var $error; //non utilisé |
//var $num; //not used |
//var $error; //not used |
if (! $sock = @fsockopen($host, $port, $num, $error, 5)) { |
return false; |
148,24 → 147,6 |
return true; |
} |
} |
/******************************************************** |
* Lecture du fichier ALCASAR_CHILLI * |
* (not need any more) * |
*********************************************************/ |
//$ouvre=fopen(ALCASAR_CHILLI,"r"); |
//if ($ouvre){ |
// while (!feof ($ouvre)) |
// { |
// $tampon = fgets($ouvre, 4096); |
// if (strpos($tampon,"=")!==false){ |
// $tmp = explode("=",$tampon); |
// $chilli[$tmp[0]] = $tmp[1]; |
// } |
// } |
//}else{ |
// exit("Erreur d'ouverture du fichier ".ALCASAR_CHILLI); |
//} |
//fclose($ouvre); |
/*********************************** |
* Read ALCASAR_CONF_FILE * |
269,6 → 250,62 |
echo "</td></tr>"; |
if (strncmp($conf["DHCP"],"on",2) == 0) { require ('network2.php');} |
else { echo "</TABLE>"; } |
$maxsize=100000; |
?> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th>Import de certificat</th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<table width="100%" border="1" cellspacing="0" cellpadding="0"> |
<tr><td> |
<form method="post" action="network.php" enctype="multipart/form-data"> |
Clé privée (.key): <input type="file" name="key"/><br/> |
Certificat (.crt):<input type="file" name="crt"/><br/> |
Server-chain (Recommandé : .crt):<input type="file" name="sc"/> |
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $maxsize ?>" /><br/> |
<input type="submit" value="Valider"/> |
</form> |
</td><td> |
<form method="post" action="network.php"> |
<input type="hidden" name="default"/> |
<input type="submit" value="Retourner aux certificats par défaut"/> |
</form> |
</td> |
</tr> |
</table> |
</body> |
</html> |
<?php |
if(isset($_POST['default'])){ |
echo "Retour au certificats par défaut"; |
exec("sudo alcasar-defaultcert.sh"); |
} |
if(isset($_POST['MAX_FILE_SIZE'])){ |
echo "changement"; |
$maxsize = 100000; |
if(isset($_FILES['key']) && isset($_FILES['crt']) && $_FILES['key']['error'] == 0 && $_FILES['crt']['error'] == 0){ |
$dest = "/tmp/"; |
if($_FILES['key']['size'] <= $maxsize && $_FILES['crt']['size'] <= $maxsize) |
{ |
if(pathinfo($_FILES['key']['name'])['extension'] == 'key' && pathinfo($_FILES['crt']['name'])['extension'] == 'crt') |
{ |
$scpath = ""; |
if(isset($_FILES['sc']) && pathinfo($_FILES['sc']['name'])['extension'] == 'crt') |
{ |
$scpath = $dest."server-chain.crt"; |
move_uploaded_file($_FILES['key']['tmp_name'], $scpath); |
} |
$keypath = $dest."alcasar.key"; |
$crtpath = $dest."alcasar.crt"; |
move_uploaded_file($_FILES['key']['tmp_name'], $keypath); |
move_uploaded_file($_FILES['crt']['tmp_name'], $crtpath); |
exec("sudo alcasar-importcert.sh -i $crtpath -k $keypath -c $scpath"); |
} |
} |
} |
} |
?> |