/alcasar.sh |
---|
49,6 → 49,7 |
DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts |
DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin |
DIR_DEST_ETC="/usr/local/etc" # répertoire des fichiers de conf |
FIC_CONF="$DIR_DEST_ETC/alcasar.conf" # fichier de conf d'alcasar |
FIC_PARAM="/root/ALCASAR-parameters.txt" # fichier texte résumant les paramètres d'installation |
FIC_PASSWD="/root/ALCASAR-passwords.txt" # fichier texte contenant les mots de passe et secrets partagés |
# ******* DBMS parameters - paramètres SGBD ******** |
211,22 → 212,22 |
# On crée aléatoirement les mots de passe et les secrets partagés |
rm -f $FIC_PASSWD |
grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de protection du menu Grub |
echo -n "mot de passe de protection du menu de démarrage (GRUB) : " > $FIC_PASSWD |
echo -n "Password to protect the boot menu (GRUB) : " > $FIC_PASSWD |
echo "$grubpwd" >> $FIC_PASSWD |
md5_grubpwd=`/usr/bin/md5pass $grubpwd` |
$SED "/^password.*/d" /boot/grub/menu.lst |
$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst |
mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de l'administrateur Mysqld |
echo -n "compte et mot de passe de l'administrateur Mysqld : " >> $FIC_PASSWD |
echo -n "Name and password of MYSQL administrator : " >> $FIC_PASSWD |
echo "root / $mysqlpwd" >> $FIC_PASSWD |
radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de l'utilisateur Mysqld (utilisé par freeradius) |
echo -n "compte et mot de passe de l'utilisateur Mysqld : " >> $FIC_PASSWD |
echo -n "Name and password of MYSQL user : " >> $FIC_PASSWD |
echo "$DB_USER / $radiuspwd" >> $FIC_PASSWD |
secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # secret partagé entre intercept.php et coova-chilli |
echo -n "secret partagé entre le script 'intercept.php' et coova-chilli : " >> $FIC_PASSWD |
echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $FIC_PASSWD |
echo "$secretuam" >> $FIC_PASSWD |
secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # secret partagé entre coova-chilli et FreeRadius |
echo -n "secret partagé entre coova-chilli et FreeRadius : " >> $FIC_PASSWD |
echo -n "Shared secret between coova-chilli and FreeRadius : " >> $FIC_PASSWD |
echo "$secretradius" >> $FIC_PASSWD |
chmod 640 $FIC_PASSWD |
# On installe les scripts et fichiers de configuration d'ALCASAR |
240,19 → 241,30 |
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh |
$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh |
$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh |
# On génère le début du fichier récapitulatif |
# generate FIC_PARAM and FIC_CONF |
cat <<EOF > $FIC_PARAM |
################################################ |
## ## |
## ALCASAR Parameters ## |
## ## |
################################################ |
########################################## |
## ## |
## ALCASAR Parameters ## |
## ## |
########################################## |
- Install date : $DATE |
- Version : $VERSION |
- Organism : $ORGANISME |
EOF |
chmod o-rwx $FIC_PARAM |
cat <<EOF > $FIC_CONF |
########################################## |
## ## |
## ALCASAR Parameters ## |
## ## |
########################################## |
INSTALL_DATE=$DATE |
VERSION=$VERSION |
ORGANISM=$ORGANISME |
EOF |
chmod o-rwx $FIC_PARAM $FIC_CONF |
} # End of init () |
################################################################## |
335,17 → 347,14 |
echo -e "- DNS servers :\t\t\t$DNS1 and $DNS2" >> $FIC_PARAM |
echo -e "- LAN IP address ($INTIF) :\t$PRIVATE_IP_MASK" >> $FIC_PARAM |
echo -e "- Dynamic IP addresses (DHCP) :\tfrom $PRIVATE_DYN_FIRST_IP to $PRIVATE_DYN_LAST_IP" >> $FIC_PARAM |
echo "#### ALCASAR Network parameters ####" > $DIR_DEST_ETC/alcasar-network |
echo "# Lauch the script 'alcasar-network.sh' after your changes" >> $DIR_DEST_ETC/alcasar-network |
echo "# Lancez le script 'alcasar-network.sh' après vos modifications" >> $DIR_DEST_ETC/alcasar-network |
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $DIR_DEST_ETC/alcasar-network |
echo "GW=$PUBLIC_GATEWAY" >> $DIR_DEST_ETC/alcasar-network |
echo "DNS1=$DNS1" >> $DIR_DEST_ETC/alcasar-network |
echo "DNS2=$DNS2" >> $DIR_DEST_ETC/alcasar-network |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $DIR_DEST_ETC/alcasar-network |
echo "DHCP=on" >> $DIR_DEST_ETC/alcasar-network |
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $DIR_DEST_ETC/alcasar-network |
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $DIR_DEST_ETC/alcasar-network |
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $FIC_CONF |
echo "GW=$PUBLIC_GATEWAY" >> $FIC_CONF |
echo "DNS1=$DNS1" >> $FIC_CONF |
echo "DNS2=$DNS2" >> $FIC_CONF |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $FIC_CONF |
echo "DHCP=on" >> $FIC_CONF |
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $FIC_CONF |
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $FIC_CONF |
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default |
# Configuration réseau |
cat <<EOF > /etc/sysconfig/network |
1256,9 → 1265,13 |
# sshd écoute côté LAN et WAN |
$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config |
$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config |
# sshd n'est pas lancé automatiquement au démarrage |
# Put the default value in conf file (sshd, QOS, protocols filter and dns filter are off)(web antivirus is on) |
/sbin/chkconfig --del sshd |
echo "SSH=off" >> $DIR_DEST_ETC/alcasar-network |
echo "SSH=off" >> $FIC_CONF |
echo "QOS=off" >> $FIC_CONF |
echo "PROTOCOLS_FILTERING=off" >> $FIC_CONF |
echo "DNS_FILTERING=off" >> $FIC_CONF |
echo "WEB_ANTIVIRUS=on" >> $FIC_CONF |
# Coloration des prompts |
[ -e /etc/bashrc.default ] || cp /etc/bashrc /etc/bashrc.default |
cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc |
/conf/sudoers |
---|
20,7 → 20,7 |
Cmnd_Alias GHOST=/usr/local/bin/alcasar-mondo.sh # pour générer une image iso du serveur |
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-log-export.sh # pour exporter/sauvegarder les fichiers journaux |
Cmnd_Alias BL=/usr/local/sbin/alcasar-bl.sh,/usr/local/sbin/alcasar-havp.sh # pour gérer le filtrage WEB (blacklists, whitelist et antivirus) |
Cmnd_Alias NF=/usr/local/sbin/alcasar-nf.sh # pour gérer le filtrage réseau |
Cmnd_Alias NF=/usr/local/sbin/alcasar-nf.sh,/usr/local/bin/alcasar-iptables.sh # pour gérer le filtrage réseau |
Cmnd_Alias LOGOUT=/usr/local/sbin/alcasar-logout.sh # pour déconnecter les usagers |
Cmnd_Alias UAM=/usr/local/sbin/alcasar-uamallowed.sh # pour gérer les site de confiance (uamallowed) |
Cmnd_Alias SERVICE=/sbin/service,/usr/bin/killall,/sbin/chkconfig # pour gérer les services |
/CHANGELOG |
---|
1,7 → 1,8 |
# $Id$ |
************ CHANGELOG *********** |
- add automatic network parameters update script (/usr/local/sbin/alcasar-network.sh + /usr/local/etc/alcasar-network) |
- if activate, sshd listen both on LAN and on WAN |
- add a central conf file (/usr/local/etc/alcasar.conf) |
- add the equipment name in the activity window when MAC authenticate |
- improve the script which display and close users open sessions |
- allow change of alcasar IP private address during install stage |
/scripts/alcasar-iptables.sh |
---|
9,22 → 9,23 |
# 3 for exterior access attempts. |
# The French Security Agency (ANSSI) rules was applied by 'alcasar.sh' script |
private_ip_mask=`grep PRIVATE_IP /usr/local/etc/alcasar-network|cut -d"=" -f2` |
conf_file="/usr/local/etc/alcasar.conf" |
private_ip_mask=`grep PRIVATE_IP $conf_file|cut -d"=" -f2` |
private_network=`/bin/ipcalc -n $private_ip_mask|cut -d"=" -f2` # LAN IP address (ie.: 192.168.182.0) |
private_prefix=`/bin/ipcalc -p $private_ip_mask|cut -d"=" -f2` # LAN prefix (ie. 24) |
dns1=`grep DNS1 /usr/local/etc/alcasar-network|cut -d"=" -f2` # first public DNS server |
dns2=`grep DNS2 /usr/local/etc/alcasar-network|cut -d"=" -f2` # second public DNS server |
IPTABLES="/sbin/iptables" |
PROTO_FILTERING="no" |
DNS_FILTERING="no" |
QOS="no" |
dns1=`grep DNS1 $conf_file|cut -d"=" -f2` # first public DNS server |
dns2=`grep DNS2 $conf_file|cut -d"=" -f2` # second public DNS server |
PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING $conf_file|cut -d"=" -f2` # Network protocols filter (yes/no) |
DNS_FILTERING=`grep DNS_FILTERING $conf_file|cut -d"=" -f2` # DNS and URLs filter (yes/no) |
QOS=`grep QOS $conf_file|cut -d"=" -f2` # QOS (yse/no) |
SSH=`grep SSH $conf_file|cut -d"=" -f2` # sshd active (yes/no) |
PRIVATE_NETWORK_MASK=$private_network/$private_prefix # Lan IP address + prefix (192.168.182.0/24) |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
DNSSERVERS="$dns1,$dns2" # first and second DNS IP servers addresses |
EXTIF="eth0" |
INTIF="eth1" |
TUNIF="tun0" # listen card for chilli daemon |
PRIVATE_NETWORK_MASK=$private_network/$private_prefix # Lan IP address + prefix (192.168.182.0/24) |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
DNSSERVERS="$dns1,$dns2" # first and second DNS IP servers addresses |
IPTABLES="/sbin/iptables" |
# Effacement des règles existantes |
# Flush all existing rules |
96,7 → 97,7 |
# If DNS filter is activate # |
############################### |
# Redirection des flux DNS vers le port 54 (dns+blackhole) sauf pour les IP en exceptions |
if [ $DNS_FILTERING = "yes" ]; then |
if [ $DNS_FILTERING = on ]; then |
# Compute exception IP |
nb_exceptions=`wc -w /usr/local/etc/alcasar-filter-exceptions | cut -d" " -f1` |
if [ $nb_exceptions != "0" ] |
112,7 → 113,7 |
# If protocols filter is activate # |
##################################### |
# filtrage de protocoles sauf pour les IP en exceptions |
if [ $PROTO_FILTERING = "yes" ]; then |
if [ $PROTOCOLS_FILTERING = on ]; then |
# Compute exception IP |
nb_exceptions=`wc -w /usr/local/etc/alcasar-filter-exceptions | cut -d" " -f1` |
if [ $nb_exceptions != "0" ] |
152,7 → 153,7 |
######################## |
# If QOS is activate # |
######################## |
if [ $QOS = "yes" ] && [ -e /usr/local/etc/alcasar-iptables-qos.sh ]; then |
if [ $QOS = on ] && [ -e /usr/local/etc/alcasar-iptables-qos.sh ]; then |
. /usr/local/etc/alcasar-iptables-qos.sh |
fi |
172,10 → 173,8 |
$IPTABLES -A INPUT -i $TUNIF -d $PRIVATE_IP -p tcp --dport https -j ACCEPT |
$IPTABLES -A INPUT -i $TUNIF -d $PRIVATE_IP -p tcp --dport http -j ACCEPT |
$IPTABLES -A INPUT -i $TUNIF -d $PRIVATE_IP -p tcp --dport 3990 -j ACCEPT |
# SSHD rules if activate |
ssh_active=`grep SSH /usr/local/etc/alcasar-network|cut -d"=" -f2` |
if [ $ssh_active = "on" ] |
if [ $SSH = on ] |
then |
Admin_from_IP="0.0.0.0/0.0.0.0" # Une @IP fixe peut-être fournie pour restreindre l'accès en ssh depuis l'extérieur (ex: 80.22.21.53/24) ( 0.0.0.0/0.0.0.0 = de n'importe où ! ) |
$IPTABLES -A INPUT -i $TUNIF -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-LAN -- ACCEPT" |
/scripts/alcasar-conf.sh |
---|
42,7 → 42,6 |
# Sauvegarde du logo |
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE |
# Sauvegarde des fichiers exploités par dansguardian |
cp -f /etc/dansguardian/dansguardian.conf $DIR_UPDATE |
cp -f /etc/dansguardian/lists/exceptioniplist $DIR_UPDATE |
cp -f /etc/dansguardian/lists/exceptionsitelist $DIR_UPDATE |
cp -f /etc/dansguardian/lists/bannedsitelist $DIR_UPDATE |
49,11 → 48,9 |
cp -f /etc/dansguardian/lists/exceptionurllist $DIR_UPDATE |
cp -f /etc/dansguardian/lists/bannedurllist $DIR_UPDATE |
cp -rf /etc/dansguardian/lists/blacklists/ossi $DIR_UPDATE |
# sauvegarde des fichiers : de filtrage, d'exception, digest, etc. |
# sauvegarde des fichiers : de conf, de filtrage, d'exception, digest, etc. |
mkdir $DIR_UPDATE/etc/ |
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/ |
# sauvegarde du fichier alcasar-iptables.sh (pour savoir si on filtre les protocoles) |
cp -f $DIR_BIN/alcasar-iptables.sh $DIR_UPDATE |
# particularité des versions |
# si version < 2.1 |
if ([ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 1 ])) |
96,6 → 93,8 |
chmod -R 750 /etc/pki |
# Import de la dernière base usagers |
mysql -u$DB_USER -p$radiuspwd < `ls $DIR_UPDATE/radius*` |
# Récupération des paramêtres locaux (fichier de conf, règles de filtrage, fichiers d'exception, comptes de gestion, etc.) |
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/ |
# Récupération des fichiers de Dansguardian |
[ -e $DIR_UPDATE/exceptioniplist ] && cp -f $DIR_UPDATE/exceptioniplist /etc/dansguardian/lists/ |
[ -e $DIR_UPDATE/exceptionsitelist ] && cp -f $DIR_UPDATE/exceptionsitelist /etc/dansguardian/lists/ |
106,21 → 105,17 |
chown -R dansguardian:apache /etc/dansguardian/lists |
chmod -R g+rw /etc/dansguardian/lists |
# On active/désactive la BL |
active_bl=`cat $DIR_UPDATE/dansguardian.conf|grep ^reportinglevel|cut -d" " -f3` |
$SED "s/^reportinglevel =.*/reportinglevel = $active_bl/g" /etc/dansguardian/dansguardian.conf |
DNS_FILTERING=`grep DNS_FILTERING $conf_file|cut -d"=" -f2` # DNS and URLs filter (yes/no) |
PARENT_SCRIPT=$0 |
export PARENT_SCRIPT |
if [ $active_bl -eq "-1" ] |
then $DIR_SBIN/alcasar-bl.sh --off |
else $DIR_SBIN/alcasar-bl.sh --on |
if [ $DNS_FILTERING -eq "on" ] |
then |
$DIR_SBIN/alcasar-bl.sh --on |
else |
$DIR_SBIN/alcasar-bl.sh --off |
fi |
# Récupération des paramêtres locaux (règles de filtrage, fichiers d'exception, comptes de gestion, etc.) |
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/ |
# Prise en compte des comptes de gestion (admin + manager + backup) |
$DIR_SBIN/alcasar-profil.sh --list |
# On active/désactive le filtrage de protocoles |
active_filter=`cat $DIR_UPDATE/alcasar-iptables.sh|grep ^FILTERING|cut -d"=" -f2` |
$SED "s/^FILTERING=.*/FILTERING=$active_filter/g" $DIR_BIN/alcasar-iptables.sh |
# On applique les paramètres réseau |
... |
# Effacement du répertoire d'update |
/scripts/sbin/alcasar-nf.sh |
---|
8,6 → 8,7 |
SED="/bin/sed -i" |
FIC_SERVICES="/usr/local/etc/alcasar-services" |
FIC_EXCEPTIONS="/usr/local/etc/alcasar-filter-exceptions" |
FIC_CONF="/usr/local/etc/alcasar.conf" |
usage="Usage: alcasar-nf.sh {--on or -on} | {--off | -off} " |
nb_args=$# |
24,7 → 25,7 |
;; |
-on|-on) |
# activation du filtrage réseau |
$SED "s?^PROTO_FILTERING.*?PROTO_FILTERING=\"yes\"?g" /usr/local/bin/alcasar-iptables.sh |
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF |
# tri du fichier de services |
$SED "/^$/d" $FIC_SERVICES # suppression lignes vides |
sort -k2n $FIC_SERVICES > /tmp/alcasar-services-sort |
39,7 → 40,7 |
;; |
--off|-off) |
# désactivation du filtrage réseau |
$SED "s?^PROTO_FILTERING.*?PROTO_FILTERING=\"no\"?g" /usr/local/bin/alcasar-iptables.sh |
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $FIC_CONF |
/usr/local/bin/alcasar-iptables.sh |
;; |
*) |
/scripts/sbin/alcasar-bl.sh |
---|
4,6 → 4,7 |
# Script de gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via dansguardian) |
# By 3abtux & rexy |
CONF_FILE="/usr/local/etc/alcasar.conf" |
DIR_tmp="/tmp/blacklists" |
FILE_tmp="/tmp/fileFilter.txt" |
DIR_DG="/etc/dansguardian/lists" |
102,7 → 103,7 |
cat_choice |
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf |
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # Enable 'safesearch' |
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=\"yes\"?g" /usr/local/bin/alcasar-iptables.sh |
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=on?g" $CONF_FILE |
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # on ne relance lors d'une install |
then |
service dansguardian restart |
115,7 → 116,7 |
rm -rf $DIR_DNS_FILTER_ENABLED/* |
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf |
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist # Disable 'safesearch' |
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=\"no\"?g" /usr/local/bin/alcasar-iptables.sh |
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE |
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # on ne relance lors d'une install |
then |
service dansguardian restart |
/scripts/sbin/alcasar-havp.sh |
---|
23,6 → 23,7 |
--on|-on) |
# activation havp |
$SED "s/^proxyport =.*/proxyport = 8090/g" /etc/dansguardian/dansguardian.conf |
$SED "s/^WEB_ANTIVIRUS=.*/WEB_ANTIVIRUS=on/g" /usr/local/etc/alcasar.conf |
service dansguardian reload |
service havp start |
;; |
29,6 → 30,7 |
--off|-off) |
# désactivation du filtrage |
$SED "s/^proxyport =.*/proxyport = 3128/g" /etc/dansguardian/dansguardian.conf |
$SED "s/^WEB_ANTIVIRUS=.*/WEB_ANTIVIRUS=off/g" /usr/local/etc/alcasar.conf |
service dansguardian reload |
service havp stop |
;; |
/web/acc/admin/dns_filter.php |
---|
15,10 → 15,6 |
if ($list[strlen($list)-1] != "\n") { $list[strlen($list)]="\n";} ;} ; |
return $list; |
} |
$bl_categories="/usr/local/etc/alcasar-bl-categories"; |
$bl_categories_enabled="/usr/local/etc/alcasar-bl-categories-enabled"; |
$dir_blacklist="/etc/dansguardian/lists/blacklist/"; |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
76,6 → 72,10 |
$l_record="Save changes"; |
$l_wait="Once validated, 30 seconds is necessary to compute your modifications"; |
} |
$bl_categories="/usr/local/etc/alcasar-bl-categories"; |
$bl_categories_enabled="/usr/local/etc/alcasar-bl-categories-enabled"; |
$dir_blacklist="/etc/dansguardian/lists/blacklist/"; |
$conf_file="/usr/local/etc/alcasar.conf"; |
if (isset($_POST['choix'])){ $choix=$_POST['choix']; } else { $choix=""; } |
switch ($choix) |
{ |
136,23 → 136,21 |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0> |
<tr><td valign="middle" align="left"> |
<?php |
$pointeur = fopen("/etc/dansguardian/dansguardian.conf", "r"); |
$result_filter = false; $out=0; |
if ($pointeur) |
# default values |
if (is_file ($conf_file)) |
{ |
while (!feof($pointeur)) |
$tab=file($conf_file); |
if ($tab) |
{ |
$ligne = fgets($pointeur); |
if (preg_match("/^reportinglevel = 3/", $ligne, $r)) |
foreach ($tab as $line) |
{ |
$result_filter = true; |
$out++; |
$field=explode("=", $line); |
if ($field[0] == "DNS_FILTERING") {$DNS_FILTERING=trim($field[1]);} |
} |
if ($out == 2) break; |
} |
} |
fclose($pointeur); |
if ($result_filter) |
} |
} |
else { echo "$l_error_open_file $conf_file";} |
if ($DNS_FILTERING == "on") |
{ |
echo "<CENTER><H3>$l_dnsfilter_on</H3></CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
169,7 → 167,7 |
echo "</FORM>"; |
echo "</td></tr>"; |
echo "</TABLE>"; |
if ($result_filter) require ('dns_filter2.php'); |
if ($DNS_FILTERING == "on") require ('dns_filter2.php'); |
?> |
</BODY> |
</HTML> |
/web/acc/admin/network.php |
---|
79,7 → 79,7 |
define ("ALCASAR_CHILLI", "/etc/chilli.conf"); |
define ("ALCASAR_ETH0", "/etc/sysconfig/network-scripts/default-ifcfg-eth0"); |
define ("ALCASAR_ETH1", "/etc/sysconfig/network-scripts/ifcfg-eth1"); |
define ("ALCASAR_NETWORK", "/usr/local/etc/alcasar-network"); |
define ("CONF_FILE", "/usr/local/etc/alcasar.conf"); |
/******************************************************************** |
* TEST DES FICHIERS DE CONFIGURATION * |
*********************************************************************/ |
108,12 → 108,12 |
if ($service == "sshd"){ |
if ($action == "start"){ |
exec("sudo /sbin/chkconfig --add $service"); |
file_put_contents(ALCASAR_NETWORK, str_replace('SSH=off', 'SSH=on', file_get_contents(ALCASAR_NETWORK))); |
file_put_contents(CONF_FILE, str_replace('SSH=off', 'SSH=on', file_get_contents(CONF_FILE))); |
exec ("sudo /usr/local/bin/alcasar-iptables.sh"); |
} |
if ($action == "stop"){ |
exec("sudo /sbin/chkconfig --del $service"); |
file_put_contents(ALCASAR_NETWORK, str_replace('SSH=on', 'SSH=off', file_get_contents(ALCASAR_NETWORK))); |
file_put_contents(CONF_FILE, str_replace('SSH=on', 'SSH=off', file_get_contents(CONF_FILE))); |
exec ("sudo /usr/local/bin/alcasar-iptables.sh"); |
} |
} |
/web/acc/admin/net_filter.php |
---|
8,7 → 8,6 |
<body> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0> |
<? |
$services_list="/usr/local/etc/alcasar-services"; |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
56,10 → 55,8 |
$l_add_to_list="Add to the list"; |
$l_save_modif="Save modifications"; |
} |
echo " |
<tr><th>$l_title_antivir</th></tr> |
<tr bgcolor=\"#FFCC66\"><td><img src=\"/images/pix.gif\" width=1 height=2></td></tr> |
</TABLE>"; |
$services_list="/usr/local/etc/alcasar-services"; |
$conf_file="/usr/local/etc/alcasar.conf"; |
if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";} |
switch ($choix) |
{ |
147,33 → 144,30 |
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on"); |
break; |
} |
# default values |
if (is_file ($conf_file)) |
{ |
$tab=file($conf_file); |
if ($tab) |
{ |
foreach ($tab as $line) |
{ |
$field=explode("=", $line); |
if ($field[0] == "PROTOCOLS_FILTERING") {$PROTOCOLS_FILTERING=trim($field[1]);} |
if ($field[0] == "WEB_ANTIVIRUS") {$WEB_ANTIVIRUS=trim($field[1]);} |
} |
} |
} |
else { echo "$l_error_open_file $conf_file";} |
echo "<tr><th>$l_title_antivir</th></tr>"; |
?> |
<tr bgcolor=#FFCC66><td><img src=/images/pix.gif width=1 height=2></td></tr> |
</TABLE> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0> |
<tr><td valign="middle" align="left"> |
<?php |
$pointeur = fopen("/etc/dansguardian/dansguardian.conf", "r"); |
$antivir_filter = false; $DG_filter = false; $out=0; |
if ($pointeur) |
if ($WEB_ANTIVIRUS == "on") |
{ |
while (!feof($pointeur)) |
{ |
$ligne = fgets($pointeur); |
if (preg_match("/^proxyport = 8090/", $ligne, $r)) |
{ |
$antivir_filter = true; |
$out++; |
} |
if (preg_match("/^reportinglevel = 3/", $ligne, $r)) // non utilisé mais on garde pour l'exemple |
{ |
$DG_filter = true; |
$out++; |
} |
if ($out == 2) break; |
} |
} |
fclose($pointeur); |
if ($antivir_filter) |
{ |
echo "<CENTER><H3>$l_antivir_on</H3></CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<input type=hidden name='choix' value=\"AV_Off\">"; |
197,23 → 191,8 |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0> |
<tr><td valign="middle" align="left"> |
<? |
$pointeur = fopen("/usr/local/bin/alcasar-iptables.sh", "r"); |
$result = False ; |
if ($pointeur) |
if ($PROTOCOLS_FILTERING == "on") |
{ |
while (!feof($pointeur)) |
{ |
$ligne = fgets($pointeur); |
if (preg_match('/^PROTO_FILTERING="yes"/', $ligne, $r)) |
{ |
$result = True ; |
break; |
} |
} |
} |
fclose($pointeur); |
if ($result) |
{ |
echo "<CENTER><H3>$l_netfilter_on</H3>$l_comment_on</CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<input type=hidden name='choix' value=\"NF_Off\">"; |
229,7 → 208,7 |
echo "</FORM>"; |
echo "</td></tr>"; |
echo "</TABLE>"; |
if ($result) require ('net_filter2.php'); |
if ($PROTOCOLS_FILTERING == "on") require ('net_filter2.php'); |
?> |
</BODY> |
</HTML> |