Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 611 → Rev 612

/alcasar.sh
49,6 → 49,7
DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts
DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin
DIR_DEST_ETC="/usr/local/etc" # répertoire des fichiers de conf
FIC_CONF="$DIR_DEST_ETC/alcasar.conf" # fichier de conf d'alcasar
FIC_PARAM="/root/ALCASAR-parameters.txt" # fichier texte résumant les paramètres d'installation
FIC_PASSWD="/root/ALCASAR-passwords.txt" # fichier texte contenant les mots de passe et secrets partagés
# ******* DBMS parameters - paramètres SGBD ********
211,22 → 212,22
# On crée aléatoirement les mots de passe et les secrets partagés
rm -f $FIC_PASSWD
grubpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de protection du menu Grub
echo -n "mot de passe de protection du menu de démarrage (GRUB) : " > $FIC_PASSWD
echo -n "Password to protect the boot menu (GRUB) : " > $FIC_PASSWD
echo "$grubpwd" >> $FIC_PASSWD
md5_grubpwd=`/usr/bin/md5pass $grubpwd`
$SED "/^password.*/d" /boot/grub/menu.lst
$SED "1ipassword --md5 $md5_grubpwd" /boot/grub/menu.lst
mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de l'administrateur Mysqld
echo -n "compte et mot de passe de l'administrateur Mysqld : " >> $FIC_PASSWD
echo -n "Name and password of MYSQL administrator : " >> $FIC_PASSWD
echo "root / $mysqlpwd" >> $FIC_PASSWD
radiuspwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # mot de passe de l'utilisateur Mysqld (utilisé par freeradius)
echo -n "compte et mot de passe de l'utilisateur Mysqld : " >> $FIC_PASSWD
echo -n "Name and password of MYSQL user : " >> $FIC_PASSWD
echo "$DB_USER / $radiuspwd" >> $FIC_PASSWD
secretuam=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # secret partagé entre intercept.php et coova-chilli
echo -n "secret partagé entre le script 'intercept.php' et coova-chilli : " >> $FIC_PASSWD
echo -n "Shared secret between the script 'intercept.php' and coova-chilli : " >> $FIC_PASSWD
echo "$secretuam" >> $FIC_PASSWD
secretradius=`cat /dev/urandom | tr -dc [:alnum:] | head -c8` # secret partagé entre coova-chilli et FreeRadius
echo -n "secret partagé entre coova-chilli et FreeRadius : " >> $FIC_PASSWD
echo -n "Shared secret between coova-chilli and FreeRadius : " >> $FIC_PASSWD
echo "$secretradius" >> $FIC_PASSWD
chmod 640 $FIC_PASSWD
# On installe les scripts et fichiers de configuration d'ALCASAR
240,19 → 241,30
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
# On génère le début du fichier récapitulatif
# generate FIC_PARAM and FIC_CONF
cat <<EOF > $FIC_PARAM
################################################
## ##
## ALCASAR Parameters ##
## ##
################################################
##########################################
## ##
## ALCASAR Parameters ##
## ##
##########################################
 
- Install date : $DATE
- Version : $VERSION
- Organism : $ORGANISME
EOF
chmod o-rwx $FIC_PARAM
cat <<EOF > $FIC_CONF
##########################################
## ##
## ALCASAR Parameters ##
## ##
##########################################
 
INSTALL_DATE=$DATE
VERSION=$VERSION
ORGANISM=$ORGANISME
EOF
chmod o-rwx $FIC_PARAM $FIC_CONF
} # End of init ()
 
##################################################################
335,17 → 347,14
echo -e "- DNS servers :\t\t\t$DNS1 and $DNS2" >> $FIC_PARAM
echo -e "- LAN IP address ($INTIF) :\t$PRIVATE_IP_MASK" >> $FIC_PARAM
echo -e "- Dynamic IP addresses (DHCP) :\tfrom $PRIVATE_DYN_FIRST_IP to $PRIVATE_DYN_LAST_IP" >> $FIC_PARAM
echo "#### ALCASAR Network parameters ####" > $DIR_DEST_ETC/alcasar-network
echo "# Lauch the script 'alcasar-network.sh' after your changes" >> $DIR_DEST_ETC/alcasar-network
echo "# Lancez le script 'alcasar-network.sh' après vos modifications" >> $DIR_DEST_ETC/alcasar-network
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $DIR_DEST_ETC/alcasar-network
echo "GW=$PUBLIC_GATEWAY" >> $DIR_DEST_ETC/alcasar-network
echo "DNS1=$DNS1" >> $DIR_DEST_ETC/alcasar-network
echo "DNS2=$DNS2" >> $DIR_DEST_ETC/alcasar-network
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $DIR_DEST_ETC/alcasar-network
echo "DHCP=on" >> $DIR_DEST_ETC/alcasar-network
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $DIR_DEST_ETC/alcasar-network
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $DIR_DEST_ETC/alcasar-network
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $FIC_CONF
echo "GW=$PUBLIC_GATEWAY" >> $FIC_CONF
echo "DNS1=$DNS1" >> $FIC_CONF
echo "DNS2=$DNS2" >> $FIC_CONF
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $FIC_CONF
echo "DHCP=on" >> $FIC_CONF
echo "DHCP_FIRST=$PRIVATE_DYN_FIRST_IP" >> $FIC_CONF
echo "DHCP_LAST=$PRIVATE_DYN_LAST_IP" >> $FIC_CONF
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
# Configuration réseau
cat <<EOF > /etc/sysconfig/network
1256,9 → 1265,13
# sshd écoute côté LAN et WAN
$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config
$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config
# sshd n'est pas lancé automatiquement au démarrage
# Put the default value in conf file (sshd, QOS, protocols filter and dns filter are off)(web antivirus is on)
/sbin/chkconfig --del sshd
echo "SSH=off" >> $DIR_DEST_ETC/alcasar-network
echo "SSH=off" >> $FIC_CONF
echo "QOS=off" >> $FIC_CONF
echo "PROTOCOLS_FILTERING=off" >> $FIC_CONF
echo "DNS_FILTERING=off" >> $FIC_CONF
echo "WEB_ANTIVIRUS=on" >> $FIC_CONF
# Coloration des prompts
[ -e /etc/bashrc.default ] || cp /etc/bashrc /etc/bashrc.default
cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
/conf/sudoers
20,7 → 20,7
Cmnd_Alias GHOST=/usr/local/bin/alcasar-mondo.sh # pour générer une image iso du serveur
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-log-export.sh # pour exporter/sauvegarder les fichiers journaux
Cmnd_Alias BL=/usr/local/sbin/alcasar-bl.sh,/usr/local/sbin/alcasar-havp.sh # pour gérer le filtrage WEB (blacklists, whitelist et antivirus)
Cmnd_Alias NF=/usr/local/sbin/alcasar-nf.sh # pour gérer le filtrage réseau
Cmnd_Alias NF=/usr/local/sbin/alcasar-nf.sh,/usr/local/bin/alcasar-iptables.sh # pour gérer le filtrage réseau
Cmnd_Alias LOGOUT=/usr/local/sbin/alcasar-logout.sh # pour déconnecter les usagers
Cmnd_Alias UAM=/usr/local/sbin/alcasar-uamallowed.sh # pour gérer les site de confiance (uamallowed)
Cmnd_Alias SERVICE=/sbin/service,/usr/bin/killall,/sbin/chkconfig # pour gérer les services
/CHANGELOG
1,7 → 1,8
# $Id$
 
************ CHANGELOG ***********
- add automatic network parameters update script (/usr/local/sbin/alcasar-network.sh + /usr/local/etc/alcasar-network)
- if activate, sshd listen both on LAN and on WAN
- add a central conf file (/usr/local/etc/alcasar.conf)
- add the equipment name in the activity window when MAC authenticate
- improve the script which display and close users open sessions
- allow change of alcasar IP private address during install stage
/scripts/alcasar-iptables.sh
9,22 → 9,23
# 3 for exterior access attempts.
# The French Security Agency (ANSSI) rules was applied by 'alcasar.sh' script
 
private_ip_mask=`grep PRIVATE_IP /usr/local/etc/alcasar-network|cut -d"=" -f2`
conf_file="/usr/local/etc/alcasar.conf"
private_ip_mask=`grep PRIVATE_IP $conf_file|cut -d"=" -f2`
private_network=`/bin/ipcalc -n $private_ip_mask|cut -d"=" -f2` # LAN IP address (ie.: 192.168.182.0)
private_prefix=`/bin/ipcalc -p $private_ip_mask|cut -d"=" -f2` # LAN prefix (ie. 24)
dns1=`grep DNS1 /usr/local/etc/alcasar-network|cut -d"=" -f2` # first public DNS server
dns2=`grep DNS2 /usr/local/etc/alcasar-network|cut -d"=" -f2` # second public DNS server
 
IPTABLES="/sbin/iptables"
PROTO_FILTERING="no"
DNS_FILTERING="no"
QOS="no"
dns1=`grep DNS1 $conf_file|cut -d"=" -f2` # first public DNS server
dns2=`grep DNS2 $conf_file|cut -d"=" -f2` # second public DNS server
PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING $conf_file|cut -d"=" -f2` # Network protocols filter (yes/no)
DNS_FILTERING=`grep DNS_FILTERING $conf_file|cut -d"=" -f2` # DNS and URLs filter (yes/no)
QOS=`grep QOS $conf_file|cut -d"=" -f2` # QOS (yse/no)
SSH=`grep SSH $conf_file|cut -d"=" -f2` # sshd active (yes/no)
PRIVATE_NETWORK_MASK=$private_network/$private_prefix # Lan IP address + prefix (192.168.182.0/24)
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address
DNSSERVERS="$dns1,$dns2" # first and second DNS IP servers addresses
EXTIF="eth0"
INTIF="eth1"
TUNIF="tun0" # listen card for chilli daemon
PRIVATE_NETWORK_MASK=$private_network/$private_prefix # Lan IP address + prefix (192.168.182.0/24)
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address
DNSSERVERS="$dns1,$dns2" # first and second DNS IP servers addresses
IPTABLES="/sbin/iptables"
 
# Effacement des règles existantes
# Flush all existing rules
96,7 → 97,7
# If DNS filter is activate #
###############################
# Redirection des flux DNS vers le port 54 (dns+blackhole) sauf pour les IP en exceptions
if [ $DNS_FILTERING = "yes" ]; then
if [ $DNS_FILTERING = on ]; then
# Compute exception IP
nb_exceptions=`wc -w /usr/local/etc/alcasar-filter-exceptions | cut -d" " -f1`
if [ $nb_exceptions != "0" ]
112,7 → 113,7
# If protocols filter is activate #
#####################################
# filtrage de protocoles sauf pour les IP en exceptions
if [ $PROTO_FILTERING = "yes" ]; then
if [ $PROTOCOLS_FILTERING = on ]; then
# Compute exception IP
nb_exceptions=`wc -w /usr/local/etc/alcasar-filter-exceptions | cut -d" " -f1`
if [ $nb_exceptions != "0" ]
152,7 → 153,7
########################
# If QOS is activate #
########################
if [ $QOS = "yes" ] && [ -e /usr/local/etc/alcasar-iptables-qos.sh ]; then
if [ $QOS = on ] && [ -e /usr/local/etc/alcasar-iptables-qos.sh ]; then
. /usr/local/etc/alcasar-iptables-qos.sh
fi
 
172,10 → 173,8
$IPTABLES -A INPUT -i $TUNIF -d $PRIVATE_IP -p tcp --dport https -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -d $PRIVATE_IP -p tcp --dport http -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -d $PRIVATE_IP -p tcp --dport 3990 -j ACCEPT
 
# SSHD rules if activate
ssh_active=`grep SSH /usr/local/etc/alcasar-network|cut -d"=" -f2`
if [ $ssh_active = "on" ]
if [ $SSH = on ]
then
Admin_from_IP="0.0.0.0/0.0.0.0" # Une @IP fixe peut-être fournie pour restreindre l'accès en ssh depuis l'extérieur (ex: 80.22.21.53/24) ( 0.0.0.0/0.0.0.0 = de n'importe où ! )
$IPTABLES -A INPUT -i $TUNIF -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-LAN -- ACCEPT"
/scripts/alcasar-conf.sh
42,7 → 42,6
# Sauvegarde du logo
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
# Sauvegarde des fichiers exploités par dansguardian
cp -f /etc/dansguardian/dansguardian.conf $DIR_UPDATE
cp -f /etc/dansguardian/lists/exceptioniplist $DIR_UPDATE
cp -f /etc/dansguardian/lists/exceptionsitelist $DIR_UPDATE
cp -f /etc/dansguardian/lists/bannedsitelist $DIR_UPDATE
49,11 → 48,9
cp -f /etc/dansguardian/lists/exceptionurllist $DIR_UPDATE
cp -f /etc/dansguardian/lists/bannedurllist $DIR_UPDATE
cp -rf /etc/dansguardian/lists/blacklists/ossi $DIR_UPDATE
# sauvegarde des fichiers : de filtrage, d'exception, digest, etc.
# sauvegarde des fichiers : de conf, de filtrage, d'exception, digest, etc.
mkdir $DIR_UPDATE/etc/
cp -rf $DIR_ETC/* $DIR_UPDATE/etc/
# sauvegarde du fichier alcasar-iptables.sh (pour savoir si on filtre les protocoles)
cp -f $DIR_BIN/alcasar-iptables.sh $DIR_UPDATE
# particularité des versions
# si version < 2.1
if ([ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 1 ]))
96,6 → 93,8
chmod -R 750 /etc/pki
# Import de la dernière base usagers
mysql -u$DB_USER -p$radiuspwd < `ls $DIR_UPDATE/radius*`
# Récupération des paramêtres locaux (fichier de conf, règles de filtrage, fichiers d'exception, comptes de gestion, etc.)
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
# Récupération des fichiers de Dansguardian
[ -e $DIR_UPDATE/exceptioniplist ] && cp -f $DIR_UPDATE/exceptioniplist /etc/dansguardian/lists/
[ -e $DIR_UPDATE/exceptionsitelist ] && cp -f $DIR_UPDATE/exceptionsitelist /etc/dansguardian/lists/
106,21 → 105,17
chown -R dansguardian:apache /etc/dansguardian/lists
chmod -R g+rw /etc/dansguardian/lists
# On active/désactive la BL
active_bl=`cat $DIR_UPDATE/dansguardian.conf|grep ^reportinglevel|cut -d" " -f3`
$SED "s/^reportinglevel =.*/reportinglevel = $active_bl/g" /etc/dansguardian/dansguardian.conf
DNS_FILTERING=`grep DNS_FILTERING $conf_file|cut -d"=" -f2` # DNS and URLs filter (yes/no)
PARENT_SCRIPT=$0
export PARENT_SCRIPT
if [ $active_bl -eq "-1" ]
then $DIR_SBIN/alcasar-bl.sh --off
else $DIR_SBIN/alcasar-bl.sh --on
if [ $DNS_FILTERING -eq "on" ]
then
$DIR_SBIN/alcasar-bl.sh --on
else
$DIR_SBIN/alcasar-bl.sh --off
fi
# Récupération des paramêtres locaux (règles de filtrage, fichiers d'exception, comptes de gestion, etc.)
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
# Prise en compte des comptes de gestion (admin + manager + backup)
$DIR_SBIN/alcasar-profil.sh --list
# On active/désactive le filtrage de protocoles
active_filter=`cat $DIR_UPDATE/alcasar-iptables.sh|grep ^FILTERING|cut -d"=" -f2`
$SED "s/^FILTERING=.*/FILTERING=$active_filter/g" $DIR_BIN/alcasar-iptables.sh
# On applique les paramètres réseau
...
# Effacement du répertoire d'update
/scripts/sbin/alcasar-nf.sh
8,6 → 8,7
SED="/bin/sed -i"
FIC_SERVICES="/usr/local/etc/alcasar-services"
FIC_EXCEPTIONS="/usr/local/etc/alcasar-filter-exceptions"
FIC_CONF="/usr/local/etc/alcasar.conf"
 
usage="Usage: alcasar-nf.sh {--on or -on} | {--off | -off} "
nb_args=$#
24,7 → 25,7
;;
-on|-on)
# activation du filtrage réseau
$SED "s?^PROTO_FILTERING.*?PROTO_FILTERING=\"yes\"?g" /usr/local/bin/alcasar-iptables.sh
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF
# tri du fichier de services
$SED "/^$/d" $FIC_SERVICES # suppression lignes vides
sort -k2n $FIC_SERVICES > /tmp/alcasar-services-sort
39,7 → 40,7
;;
--off|-off)
# désactivation du filtrage réseau
$SED "s?^PROTO_FILTERING.*?PROTO_FILTERING=\"no\"?g" /usr/local/bin/alcasar-iptables.sh
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $FIC_CONF
/usr/local/bin/alcasar-iptables.sh
;;
*)
/scripts/sbin/alcasar-bl.sh
4,6 → 4,7
# Script de gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via dansguardian)
# By 3abtux & rexy
 
CONF_FILE="/usr/local/etc/alcasar.conf"
DIR_tmp="/tmp/blacklists"
FILE_tmp="/tmp/fileFilter.txt"
DIR_DG="/etc/dansguardian/lists"
102,7 → 103,7
cat_choice
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # Enable 'safesearch'
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=\"yes\"?g" /usr/local/bin/alcasar-iptables.sh
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=on?g" $CONF_FILE
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # on ne relance lors d'une install
then
service dansguardian restart
115,7 → 116,7
rm -rf $DIR_DNS_FILTER_ENABLED/*
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist # Disable 'safesearch'
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=\"no\"?g" /usr/local/bin/alcasar-iptables.sh
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # on ne relance lors d'une install
then
service dansguardian restart
/scripts/sbin/alcasar-havp.sh
23,6 → 23,7
--on|-on)
# activation havp
$SED "s/^proxyport =.*/proxyport = 8090/g" /etc/dansguardian/dansguardian.conf
$SED "s/^WEB_ANTIVIRUS=.*/WEB_ANTIVIRUS=on/g" /usr/local/etc/alcasar.conf
service dansguardian reload
service havp start
;;
29,6 → 30,7
--off|-off)
# désactivation du filtrage
$SED "s/^proxyport =.*/proxyport = 3128/g" /etc/dansguardian/dansguardian.conf
$SED "s/^WEB_ANTIVIRUS=.*/WEB_ANTIVIRUS=off/g" /usr/local/etc/alcasar.conf
service dansguardian reload
service havp stop
;;
/web/acc/admin/dns_filter.php
15,10 → 15,6
if ($list[strlen($list)-1] != "\n") { $list[strlen($list)]="\n";} ;} ;
return $list;
}
 
$bl_categories="/usr/local/etc/alcasar-bl-categories";
$bl_categories_enabled="/usr/local/etc/alcasar-bl-categories-enabled";
$dir_blacklist="/etc/dansguardian/lists/blacklist/";
# Choice of language
$Language = 'en';
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
76,6 → 72,10
$l_record="Save changes";
$l_wait="Once validated, 30 seconds is necessary to compute your modifications";
}
$bl_categories="/usr/local/etc/alcasar-bl-categories";
$bl_categories_enabled="/usr/local/etc/alcasar-bl-categories-enabled";
$dir_blacklist="/etc/dansguardian/lists/blacklist/";
$conf_file="/usr/local/etc/alcasar.conf";
if (isset($_POST['choix'])){ $choix=$_POST['choix']; } else { $choix=""; }
switch ($choix)
{
136,23 → 136,21
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0>
<tr><td valign="middle" align="left">
<?php
$pointeur = fopen("/etc/dansguardian/dansguardian.conf", "r");
$result_filter = false; $out=0;
if ($pointeur)
# default values
if (is_file ($conf_file))
{
while (!feof($pointeur))
$tab=file($conf_file);
if ($tab)
{
$ligne = fgets($pointeur);
if (preg_match("/^reportinglevel = 3/", $ligne, $r))
foreach ($tab as $line)
{
$result_filter = true;
$out++;
$field=explode("=", $line);
if ($field[0] == "DNS_FILTERING") {$DNS_FILTERING=trim($field[1]);}
}
if ($out == 2) break;
}
}
fclose($pointeur);
if ($result_filter)
}
}
else { echo "$l_error_open_file $conf_file";}
if ($DNS_FILTERING == "on")
{
echo "<CENTER><H3>$l_dnsfilter_on</H3></CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
169,7 → 167,7
echo "</FORM>";
echo "</td></tr>";
echo "</TABLE>";
if ($result_filter) require ('dns_filter2.php');
if ($DNS_FILTERING == "on") require ('dns_filter2.php');
?>
</BODY>
</HTML>
/web/acc/admin/network.php
79,7 → 79,7
define ("ALCASAR_CHILLI", "/etc/chilli.conf");
define ("ALCASAR_ETH0", "/etc/sysconfig/network-scripts/default-ifcfg-eth0");
define ("ALCASAR_ETH1", "/etc/sysconfig/network-scripts/ifcfg-eth1");
define ("ALCASAR_NETWORK", "/usr/local/etc/alcasar-network");
define ("CONF_FILE", "/usr/local/etc/alcasar.conf");
/********************************************************************
* TEST DES FICHIERS DE CONFIGURATION *
*********************************************************************/
108,12 → 108,12
if ($service == "sshd"){
if ($action == "start"){
exec("sudo /sbin/chkconfig --add $service");
file_put_contents(ALCASAR_NETWORK, str_replace('SSH=off', 'SSH=on', file_get_contents(ALCASAR_NETWORK)));
file_put_contents(CONF_FILE, str_replace('SSH=off', 'SSH=on', file_get_contents(CONF_FILE)));
exec ("sudo /usr/local/bin/alcasar-iptables.sh");
}
if ($action == "stop"){
exec("sudo /sbin/chkconfig --del $service");
file_put_contents(ALCASAR_NETWORK, str_replace('SSH=on', 'SSH=off', file_get_contents(ALCASAR_NETWORK)));
file_put_contents(CONF_FILE, str_replace('SSH=on', 'SSH=off', file_get_contents(CONF_FILE)));
exec ("sudo /usr/local/bin/alcasar-iptables.sh");
}
}
/web/acc/admin/net_filter.php
8,7 → 8,6
<body>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0>
<?
$services_list="/usr/local/etc/alcasar-services";
# Choice of language
$Language = 'en';
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
56,10 → 55,8
$l_add_to_list="Add to the list";
$l_save_modif="Save modifications";
}
echo "
<tr><th>$l_title_antivir</th></tr>
<tr bgcolor=\"#FFCC66\"><td><img src=\"/images/pix.gif\" width=1 height=2></td></tr>
</TABLE>";
$services_list="/usr/local/etc/alcasar-services";
$conf_file="/usr/local/etc/alcasar.conf";
if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";}
switch ($choix)
{
147,33 → 144,30
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on");
break;
}
# default values
if (is_file ($conf_file))
{
$tab=file($conf_file);
if ($tab)
{
foreach ($tab as $line)
{
$field=explode("=", $line);
if ($field[0] == "PROTOCOLS_FILTERING") {$PROTOCOLS_FILTERING=trim($field[1]);}
if ($field[0] == "WEB_ANTIVIRUS") {$WEB_ANTIVIRUS=trim($field[1]);}
}
}
}
else { echo "$l_error_open_file $conf_file";}
echo "<tr><th>$l_title_antivir</th></tr>";
?>
<tr bgcolor=#FFCC66><td><img src=/images/pix.gif width=1 height=2></td></tr>
</TABLE>
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0>
<tr><td valign="middle" align="left">
<?php
$pointeur = fopen("/etc/dansguardian/dansguardian.conf", "r");
$antivir_filter = false; $DG_filter = false; $out=0;
if ($pointeur)
if ($WEB_ANTIVIRUS == "on")
{
while (!feof($pointeur))
{
$ligne = fgets($pointeur);
if (preg_match("/^proxyport = 8090/", $ligne, $r))
{
$antivir_filter = true;
$out++;
}
if (preg_match("/^reportinglevel = 3/", $ligne, $r)) // non utilisé mais on garde pour l'exemple
{
$DG_filter = true;
$out++;
}
if ($out == 2) break;
}
}
fclose($pointeur);
if ($antivir_filter)
{
echo "<CENTER><H3>$l_antivir_on</H3></CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<input type=hidden name='choix' value=\"AV_Off\">";
197,23 → 191,8
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0>
<tr><td valign="middle" align="left">
<?
$pointeur = fopen("/usr/local/bin/alcasar-iptables.sh", "r");
$result = False ;
if ($pointeur)
if ($PROTOCOLS_FILTERING == "on")
{
while (!feof($pointeur))
{
$ligne = fgets($pointeur);
if (preg_match('/^PROTO_FILTERING="yes"/', $ligne, $r))
{
$result = True ;
break;
}
}
}
fclose($pointeur);
if ($result)
{
echo "<CENTER><H3>$l_netfilter_on</H3>$l_comment_on</CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<input type=hidden name='choix' value=\"NF_Off\">";
229,7 → 208,7
echo "</FORM>";
echo "</td></tr>";
echo "</TABLE>";
if ($result) require ('net_filter2.php');
if ($PROTOCOLS_FILTERING == "on") require ('net_filter2.php');
?>
</BODY>
</HTML>