/alcasar.sh |
---|
411,6 → 411,8 |
logfile /var/log/ntp.log |
EOF |
chown -R ntp:ntp /etc/ntp |
# synchronisation horaire |
ntpd -q -g & |
# Renseignement des fichiers hosts.allow et hosts.deny |
[ -e /etc/hosts.allow.default ] || cp /etc/hosts.allow /etc/hosts.allow.default |
cat <<EOF > /etc/hosts.allow |
460,7 → 462,7 |
# Configuration et sécurisation Apache |
[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default |
$SED "s?^#ServerName.*?ServerName $PRIVATE_IP?g" /etc/httpd/conf/httpd.conf |
$SED "s?^Listen.*?#Listen 127.0.0.1:80?g" /etc/httpd/conf/httpd.conf |
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf |
$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf |
$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf |
$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf |
473,6 → 475,16 |
</html> |
EOF |
echo "- URL d'accès au centre de gestion : https://$PRIVATE_IP" >> $FIC_PARAM |
# On crée le VirtualHost pour l'accès au port 80 (redirection après filtrage) |
FIC_VIRTUAL=`find /etc/httpd/conf -type f -name *default_vhosts*` |
[ -e /etc/httpd/conf/vhosts.default ] || cp $FIC_VIRTUAL /etc/httpd/conf/vhosts.default |
cat <<EOF > $FIC_VIRTUAL |
NameVirtualHost *:80 |
<VirtualHost *:80> |
ServerName $HOSTNAME |
DocumentRoot $DIR_WEB/redirect |
</VirtualHost> |
EOF |
# Définition du premier compte lié au profil 'admin' |
if [ "$mode" = "install" ] |
then |
498,8 → 510,6 |
# Création des fichiers de clés des deux autres profils (backup + manager) contenant ce compte |
$DIR_DEST_SBIN/alcasar-profil.sh -list |
fi |
# synchronisation horaire |
ntpd -q -g & |
# Sécurisation du centre |
rm -f /etc/httpd/conf/webapps.d/* |
cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf |
590,9 → 600,10 |
{ |
$SED "s?ifcfg-eth.?ifcfg-$INTIF?g" $DIR_DEST_BIN/alcasar-CA.sh |
$DIR_DEST_BIN/alcasar-CA.sh $mode |
MOD_SSL=`find /etc/httpd/conf -type f -name *default_ssl*` |
$SED "s?localhost.crt?alcasar.crt?g" $MOD_SSL |
$SED "s?localhost.key?alcasar.key?g" $MOD_SSL |
FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl*` |
[ -e /etc/httpd/conf/vhosts-ssl.default ] || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default |
$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL |
$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL |
chown -R root:apache /etc/pki |
chmod -R 750 /etc/pki |
} # End AC () |
/scripts/alcasar-iptables.sh |
---|
62,11 → 62,10 |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp --icmp-type 0 -j ACCEPT |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp --icmp-type 8 -j ACCEPT |
# On ajoute ici les règles spécifiques de filtrage réseau --> dans /usr/local/sbin/alcasar-iptables-local.sh |
# On ajoute ici les règles spécifiques de filtrage réseau |
if [ -f /usr/local/etc/alcasar-iptables-local.sh ]; then |
. /usr/local/etc/alcasar-iptables-local.sh |
fi |
# On autorise le transfert de flux dans les deux sens (avec log sur les demandes de connexion sortantes) |
# On ajoute ici les règles de filtrage réseau |
if [ -f /usr/local/bin/alcasar-iptables-filter.sh ]; then |
. /usr/local/bin/alcasar-iptables-filter.sh |
80,6 → 79,7 |
$IPTABLES -A INPUT -i $TUNIF -p udp --dport domain -j ACCEPT |
$IPTABLES -A INPUT -i $TUNIF -p udp --dport ntp -j ACCEPT |
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport https -j ACCEPT |
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport http -j ACCEPT |
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport ssh -j ACCEPT |
################## FILTRAGE PARTICULIER ################## |
# Administration à distance par exemple : |
/scripts/sbin/alcasar-uninstall.sh |
---|
24,12 → 24,14 |
sleep 1 |
# gestion |
echo -en "\n- gestion(5) : " |
echo -en "\n- gestion(7) : " |
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, " |
[ -e /etc/httpd/conf/httpd.conf.default ] && mv /etc/httpd/conf/httpd.conf.default /etc/httpd/conf/httpd.conf && echo -n "2, " |
[ -e /etc/php.ini.default ] && mv /etc/php.ini.default /etc/php.ini && echo -n "3, " |
[ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf && echo -n "4, " |
[ -e /var/www/error/include/bottom.html.default ] && mv /var/www/error/include/bottom.html.default /var/www/error/include/bottom.html && echo -n "5 " |
[ -e /etc/httpd/conf/vhosts.default ] && FIC_VIRTUAL=`find /etc/httpd/conf -type f -name *default_vhosts*` && mv /etc/httpd/conf/vhosts.default $FIC_VIRTUAL && echo -n "4, " |
[ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl*` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL && echo -n "5, " |
[ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf && echo -n "6, " |
[ -e /var/www/error/include/bottom.html.default ] && mv /var/www/error/include/bottom.html.default /var/www/error/include/bottom.html && echo -n "7" |
sleep 1 |
# CA |
/gestion/admin/web_filter.php |
---|
File deleted |
/gestion/admin/web_filter2.php |
---|
File deleted |
/gestion/admin/net_filter.php |
---|
53,6 → 53,12 |
if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";} |
switch ($choix) |
{ |
case 'AV_On' : |
exec ("sudo /usr/local/sbin/alcasar-havp.sh -on"); |
break; |
case 'AV_Off' : |
exec ("sudo /usr/local/sbin/alcasar-havp.sh -off"); |
break; |
case 'NF_On' : |
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on"); |
break; |
131,8 → 137,56 |
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on"); |
break; |
} |
echo "<TABLE width=\"100%\" border=1 cellspacing=0 cellpadding=1>"; |
echo "<tr><td valign=\"middle\" align=\"left\">"; |
?> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0> |
<tr><th><?php echo "$l_title1"; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width=1 height=2></td></tr> |
</TABLE> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0> |
<tr><td valign="middle" align="left"> |
<?php |
$pointeur = fopen("/etc/dansguardian/dansguardian.conf", "r"); |
$result_antivir = false; $result_filter = false; $out=0; |
if ($pointeur) |
{ |
while (!feof($pointeur)) |
{ |
$ligne = fgets($pointeur); |
if (preg_match("/^proxyport = 8090/", $ligne, $r)) |
{ |
$result_antivir = true; |
$out++; |
} |
if (preg_match("/^reportinglevel = 3/", $ligne, $r)) |
{ |
$result_filter = true; |
$out++; |
} |
if ($out == 2) break; |
} |
} |
fclose($pointeur); |
if ($result_antivir) |
{ |
echo "<CENTER><H3>$l_antivir_on</H3></CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<input type=hidden name='choix' value=\"AV_Off\">"; |
echo "<input type=submit value=\"$l_switch_antivir_off\">"; |
} |
else |
{ |
echo "<CENTER><H3>$l_antivir_off</H3></CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<input type=hidden name='choix' value=\"AV_On\">"; |
echo "<input type=submit value=\"$l_switch_antivir_on\">"; |
} |
?> |
</FORM> |
</td></tr> |
</TABLE> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1>"; |
<tr><td valign="middle" align="left">"; |
<? |
$pointeur = fopen("/usr/local/bin/alcasar-iptables.sh", "r"); |
$result = False ; |
if ($pointeur) |
/gestion/menu.php |
---|
20,7 → 20,8 |
$l_statistics = "STATISTIQUES"; |
$l_backup = "SAUVEGARDES"; |
$l_activity = "Activité"; |
$l_network = "Réseau"; |
$l_domains = "Domaines et URLs"; |
$l_network = "Protocoles réseau"; |
$l_ldap = "Ldap/A.D."; |
$l_access_nb = "Accès au centre"; |
$l_create_user = "Créer usager"; |
44,7 → 45,8 |
$l_statistics = "STATISTICS"; |
$l_backup = "BACKUPS"; |
$l_activity = "Activity"; |
$l_network = "Network"; |
$l_network = "Network protocols"; |
$l_domains = "Domains & URLs"; |
$l_ldap = "Ldap/A.D."; |
$l_access_nb = "Access to center"; |
$l_create_user = "Create user"; |
144,7 → 146,7 |
fputs($fp, "$nb\n"); |
fclose($fp); |
?> |
<br>depuis le 99/99/9999<br></center></td></tr> |
<br>depuis le 08/10/2010<br></center></td></tr> |
</TABLE> |
</td></tr> |
</TABLE> |
/gestion/redirect/logo-alcasar.png |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/png |
Property changes: |
Added: svn:mime-type |
+image/png |
\ No newline at end of property |
/gestion/redirect/index.html |
---|
0,0 → 1,43 |
<html> |
<head> |
<title>ALCASAR - Access Denied</title> |
</head> |
<body bgcolor=#FFFFFF> |
<center> |
<table border=0 cellspacing=0 cellpadding=2 height=540 width=700> |
<tr> |
<td colspan=2 bgcolor=#FEA700 height=100 align=center> |
<font face=arial,helvetica size=6> |
<b>Accès refusé</b> |
</td> |
</tr> |
<tr> |
<td colspan=2 bgcolor=#FFFACD height=30 align=right> |
<font face=arial,helvetica size=3 color=black> |
<b>Nom de domaine filtré</b> |
</td> |
</tr> |
<tr> |
<td align=center valign=bottom width=150 bgcolor=#B0C4DE> |
<font face=arial,helvetica size=1 color=black> |
<img src="logo-alcasar.png"> |
<BR><CENTER>ALCASAR</CENTER> |
</td> |
<td width=550 bgcolor=#FFFFFF align=center valign=center> |
<font face=arial,helvetica color=black> |
<font size=3> |
<br><br><br><br> |
Vous tentez d'accéder à une ressource dont le contenu est réputé |
contenir des informations inappropriées. |
<br><br> |
Contactez votre responsable informatique (RSSI/OSSI), si vous pensez que ce filtrage est abusif. |
<br><br><br><br> |
<font size=1> |
Filtré par <B>ALCASAR</B></a> |
</td> |
</tr> |
</table> |
</body> |
</html> |
/gestion/filtering.php |
---|
1,12 → 1,10 |
<? |
$select[0]="$l_domains"; |
$select[1]="Web"; |
$select[2]=$l_network; |
$select[3]="Exceptions"; |
$select[0]="$l_domains_filter"; |
$select[1]=$l_network_filter; |
$select[2]="Exceptions"; |
$fich[0]="admin/dns_filter.php"; |
$fich[1]="admin/web_filter.php"; |
$fich[2]="admin/net_filter.php"; |
$fich[3]="admin/filter_exceptions.php"; |
$fich[1]="admin/net_filter.php"; |
$fich[2]="admin/filter_exceptions.php"; |
$j=0; |
$nb=count($select); |
while ($j != $nb) |