Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 1709 → Rev 1710

/conf/sudoers
8,27 → 8,26
# Host alias specification
Host_Alias LAN_ORG=192.168.182.0/255.255.255.0,localhost #réseau de l'organisme
# User alias specification
User_Alias ADMIN=sysadmin # compte d'admin local de l'organisme
User_Alias ADMWEB=apache # compte lié à l'interface de gestion
User_Alias ADMIN=sysadmin # local admin account
User_Alias ADMWEB=apache # web admin account
 
# Cmnd alias specification
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/sbin/alcasar-dhcp.sh # commandes réseau
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # gestion des paquetages
Cmnd_Alias BYPASS=/usr/local/sbin/alcasar-bypass.sh # contournement du système d'authentification
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # pour la gestion des usagers en ligne
Cmnd_Alias SQL=/usr/local/sbin/alcasar-mysql.sh # pour exporter la base mysql
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # pour générer l'archive de configuration du serveur
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # pour exporter/sauvegarder les fichiers journaux
Cmnd_Alias BL=/usr/local/sbin/alcasar-bl.sh,/usr/local/sbin/alcasar-havp.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/sbin/alcasar-url_filter.sh # pour gérer le filtrage WEB (blacklists, whitelist et antivirus)
Cmnd_Alias NF=/usr/local/sbin/alcasar-nf.sh,/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # pour gérer le filtrage réseau
Cmnd_Alias LOGOUT=/usr/local/sbin/alcasar-logout.sh # pour déconnecter les usagers
Cmnd_Alias UAM=/usr/local/sbin/alcasar-uamallowed.sh # pour gérer les site de confiance (uamallowed)
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # pour gérer les services
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # pour gérer le service d'autoinscription par SMS
Cmnd_Alias SSL=/usr/bin/openssl # pour récupérer les info des certificats
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/sbin/alcasar-dhcp.sh # network commands
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment
Cmnd_Alias BYPASS=/usr/local/sbin/alcasar-bypass.sh # authentication bypass
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # to manage users in command line
Cmnd_Alias SQL=/usr/local/sbin/alcasar-mysql.sh # to export users database
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # to create conf backup file
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # to export/save the log files
Cmnd_Alias BL=/usr/local/sbin/alcasar-bl.sh,/usr/local/sbin/alcasar-havp.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/sbin/alcasar-url_filter.sh # to manege the filtering system
Cmnd_Alias NF=/usr/local/sbin/alcasar-nf.sh,/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # to manage the firewall
Cmnd_Alias LOGOUT=/usr/local/sbin/alcasar-logout.sh # to disconnect the users
Cmnd_Alias UAM=/usr/local/sbin/alcasar-uamallowed.sh # to manage the trusted websites (uamallowed)
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # to manage the linux services
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem
Cmnd_Alias SSL=/usr/bin/openssl,/usr/local/sbin/alcasar-importcert.sh,/usr/local/sbin/alcasar-defaultcert.sh # to manage the certificats
 
 
 
# Defaults specification
# Defaults syslog=auth
 
/scripts/alcasar-defaultcert.sh
0,0 → 1,65
#!/bin/bash
 
# alcasar-defaultcert.sh
# by Raphaël, Hugo, Clément, Bettyna
 
# This script is distributed under Gnu General Public License (GPL)
 
# Script permettant
# - de revenir au certificat par default
 
# Script allows
# - go back to the default certificate
 
SED="/bin/sed -ri"
 
DIR_CERT="/etc/pki/tls"
 
usage="Usage: alcasar-defaultcert.sh. Ce script permet de revenir au certificat par default"
 
nb_args=$#
args=$1
 
function defaultNdd()
{
$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
}
 
function defaultCert()
{
cd $DIR_CERT
rm private/alcasar.key
rm certs/alcasar.crt
mv certs/alcasar.crt.old certs/alcasar.crt
mv private/alcasar.key.old private/alcasar.key
if [ -f certs/server-chain.crt.old ]
then
rm certs/server-chain.crt
mv certs/server-chain.crt.old certs/server-chain.crt
fi
}
 
if [ $nb_args != 0 ]
then
nb_args=1
args="-h"
fi
 
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
esac
if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
then
echo "Back to the original certificate"
defaultCert
defaultNdd
systemctl restart chilli.service
systemctl restart httpd.service
fi
Property changes:
Added: svn:eol-style
+native
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
/scripts/alcasar-importcert.sh
0,0 → 1,132
#!/bin/sh
 
# alcasar-importcert.sh
# by Raphaël, Hugo, Clément, Bettyna
 
# This script is distributed under the Gnu General Public License (GPL)
 
# Script permettant
# - d'importer des certificats sur Alcasar
 
# This script allows
# - to import certificate in Alcasar
 
SED="/bin/sed -ri"
 
DIR_CERT="/etc/pki/tls"
 
usage="Usage: alcasar-importcert.sh -i YourCertificate.crt -k YourAlcasar.key -c Chaîne.com"
 
nb_args=$#
args=$1
args1=$3
args2=$5
cert=$2
key=$4
sc=$6
 
function domainName() # change the domain name in the conf files
{
 
ndd=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
echo $ndd
if [ "$ndd" != "" ]
then
$SED "s/^DOMAIN=.*/DOMAIN=$ndd/g" /usr/local/etc/alcasar.conf
$SED "s/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.$ndd/g" /etc/hosts
$SED "s/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.$ndd/g" /etc/chilli.conf
$SED "s/^domain.*/domain\t\t$ndd/g" /etc/chilli.conf
$SED "s/^ServerName.*/ServerName alcasar.$ndd/g" /etc/httpd/conf/httpd.conf
fi
}
 
function certImport()
{
cd $DIR_CERT
if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ]
then
echo "Backup of old cert (alcasar.crt)"
mv certs/alcasar.crt certs/alcasar.crt.old
fi
if [ ! -f "/etc/pki/tls/private/alcasar.key.old" ]
then
echo "Backup of old private key (alcasar.key)"
mv private/alcasar.key private/alcasar.key.old
fi
cp $cert certs/alcasar.crt
cp $key private/alcasar.key
 
chown root:apache certs/alcasar.crt
chown root:apache private/alcasar.key
 
chmod 750 certs/alcasar.crt
chmod 750 private/alcasar.key
 
if [ "$sc" != "" ]
then
echo "cert-chain exists"
if [ ! -f "/etc/pki/tls/certs/server-chain.crt.old" ]
then
echo "Backup of old cert-chain (server-chain.crt)"
mv certs/server-chain.crt certs/server-chain.crt.old
fi
cp $sc certs/server-chain.crt
chown root:apache certs/server-chain.crt
chmod 750 certs/server-chain.crt
fi
}
 
if [ $nb_args -eq 0 ] || [ "$cert" == "" ] || [ "$key" == "" ]
then
nb_args=1
args="-h"
fi
 
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
-i)
echo "You want import the certificate: $2"
;;
*)
echo "Unknown argument: $1"
echo "$usage"
exit 1
;;
esac
 
case $args1 in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
-k)
echo "With the private key: $4"
;;
*)
echo "Unknown argument: $3"
echo "$usage"
exit 1
;;
esac
 
if [ "$args2" == "-c" ]
then
echo "And the cert-chain: $6"
if [ "$sc" == "" ]
then
echo "! Can't find the file of the chain-cert"
fi
else
echo "Without a cert-chain"
sc=""
fi
 
domainName
certImport $cert $key $sc
systemctl restart chilli.service
systemctl restart httpd.service
Property changes:
Added: svn:eol-style
+native
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
/web/acc/admin/network.php
2,9 → 2,8
/* written by steweb57 & Rexy */
 
/********************
* TEST CONF FILES *
* CONF FILES EXIST *
*********************/
//define ("ALCASAR_CHILLI", "/etc/chilli.conf");
define ("CONF_FILE", "/usr/local/etc/alcasar.conf");
define ("ETHERS_FILE", "/usr/local/etc/alcasar-ethers");
$conf_files=array(CONF_FILE,ETHERS_FILE);
80,7 → 79,7
{
$tab=file(ETHERS_FILE);
$insert="True";
if ($tab) # le fichier n'est pas vide
if ($tab) # the file isn't empty
{
foreach ($tab as $line) # verify that MAC or IP addresses doesn't exist
{
138,8 → 137,8
function internetTest(){
$host = "www.google.fr"; # Google Test
$port = "80";
//var $num; //non utilisé
//var $error; //non utilisé
//var $num; //not used
//var $error; //not used
if (! $sock = @fsockopen($host, $port, $num, $error, 5)) {
return false;
148,24 → 147,6
return true;
}
}
/********************************************************
* Lecture du fichier ALCASAR_CHILLI *
* (not need any more) *
*********************************************************/
//$ouvre=fopen(ALCASAR_CHILLI,"r");
//if ($ouvre){
// while (!feof ($ouvre))
// {
// $tampon = fgets($ouvre, 4096);
// if (strpos($tampon,"=")!==false){
// $tmp = explode("=",$tampon);
// $chilli[$tmp[0]] = $tmp[1];
// }
// }
//}else{
// exit("Erreur d'ouverture du fichier ".ALCASAR_CHILLI);
//}
//fclose($ouvre);
 
/***********************************
* Read ALCASAR_CONF_FILE *
269,6 → 250,62
echo "</td></tr>";
if (strncmp($conf["DHCP"],"on",2) == 0) { require ('network2.php');}
else { echo "</TABLE>"; }
$maxsize=100000;
?>
 
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th>Import de certificat</th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</table>
<table width="100%" border="1" cellspacing="0" cellpadding="0">
<tr><td>
<form method="post" action="network.php" enctype="multipart/form-data">
Clé privée (.key): <input type="file" name="key"/><br/>
Certificat (.crt):<input type="file" name="crt"/><br/>
Server-chain (Recommandé : .crt):<input type="file" name="sc"/>
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $maxsize ?>" /><br/>
<input type="submit" value="Valider"/>
</form>
</td><td>
<form method="post" action="network.php">
<input type="hidden" name="default"/>
<input type="submit" value="Retourner aux certificats par défaut"/>
</form>
</td>
</tr>
</table>
 
</body>
</html>
 
<?php
if(isset($_POST['default'])){
echo "Retour au certificats par défaut";
exec("sudo alcasar-defaultcert.sh");
}
if(isset($_POST['MAX_FILE_SIZE'])){
echo "changement";
$maxsize = 100000;
if(isset($_FILES['key']) && isset($_FILES['crt']) && $_FILES['key']['error'] == 0 && $_FILES['crt']['error'] == 0){
$dest = "/tmp/";
if($_FILES['key']['size'] <= $maxsize && $_FILES['crt']['size'] <= $maxsize)
{
if(pathinfo($_FILES['key']['name'])['extension'] == 'key' && pathinfo($_FILES['crt']['name'])['extension'] == 'crt')
{
$scpath = "";
if(isset($_FILES['sc']) && pathinfo($_FILES['sc']['name'])['extension'] == 'crt')
{
$scpath = $dest."server-chain.crt";
move_uploaded_file($_FILES['key']['tmp_name'], $scpath);
}
$keypath = $dest."alcasar.key";
$crtpath = $dest."alcasar.crt";
move_uploaded_file($_FILES['key']['tmp_name'], $keypath);
move_uploaded_file($_FILES['crt']['tmp_name'], $crtpath);
exec("sudo alcasar-importcert.sh -i $crtpath -k $keypath -c $scpath");
}
}
}
}
?>