1,4 → 1,5 |
#/bin/bash |
|
# $Id$ |
|
# alcasar-bl.sh |
14,30 → 15,38 |
private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
DIR_tmp="/tmp/blacklists" |
FILE_tmp="/tmp/fileFilter.txt" |
FILE_tmp="/tmp/filesfilter.txt" |
FILE_ip_tmp="/tmp/filesipfilter.txt" |
DIR_DG="/etc/dansguardian/lists" |
DIR_DG_BL="$DIR_DG/blacklists" |
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" |
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" |
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" |
DIR_DNS_FILTER_AVAILABLE="$DIR_CONF/alcasar-dnsfilter-available" |
DIR_DNS_FILTER_ENABLED="$DIR_CONF/alcasar-dnsfilter-enabled" |
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories |
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" #' ' WL ' |
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" # ' ' BL enabled categories |
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled" # ' ' WL enabled categories |
DIR_SHARE="/usr/local/share" |
DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl" # all the BL in the DNSMASQ format |
DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl" # all the WL ' ' ' |
DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL |
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the dnsmasq BL (only enabled categories) |
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' ' ' |
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories) |
BL_SERVER="dsi.ut-capitole.fr" |
SED="/bin/sed -i" |
|
# Permet d'activer/désactiver les catégories de la BL |
# enable/disable the BL categories |
function cat_choice (){ |
# un peu de ménage |
rm -rf $DIR_DNS_FILTER_ENABLED/* |
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist |
# on adapte le fichier $BL_CATEGORIES au choix de catégorie |
$SED "s?^[^#]?#&?g" $BL_CATEGORIES # on commente ce qui ne l'est pas |
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` # on affecte les catégories à dansguardian et dnsmasq |
rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED # cleaning for dnsmasq and iptables |
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG |
$SED "s?^[^#]?#&?g" $BL_CATEGORIES # cleaning categories file (comment all lines) |
mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED |
# process the file $BL_CATEGORIES with the choice of categories |
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` |
do |
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES |
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES |
ln -s $DIR_DNS_FILTER_AVAILABLE/$ENABLE_CATEGORIE.conf $DIR_DNS_FILTER_ENABLED/$ENABLE_CATEGORIE |
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # dansguardian s'occupe du contournement par proxy http ;-) |
ln -s $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE |
ln -s $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE |
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # we let DG filters domain in order to prevent bypass by proxy http vpn ;-) |
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist |
done |
sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp |
53,7 → 62,7 |
fi |
} |
function bl_disable (){ |
rm -rf $DIR_DNS_FILTER_ENABLED/* |
rm -rf $DIR_DNS_BL_ENABLED/* |
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf |
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage |
then |
83,18 → 92,18 |
echo "$usage" |
exit 0 |
;; |
# activation du filtrage |
# enable the filtering |
-on | --on) |
cat_choice |
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=on?g" $CONF_FILE |
bl_enable |
;; |
# désactivation du filtrage |
# disable the filtering |
-off | --off) |
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE |
bl_disable |
;; |
# Récupération de l'archive de la BL Toulouse |
# Retrieve Toulouse BL |
-download | --download) |
rm -rf /tmp/con_ok.html |
`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html` |
109,8 → 118,9 |
chown -R apache:apache $DIR_tmp |
fi |
;; |
# Adaptation de la BL de Toulouse à notre structure (dnsmasq + DG) |
# Adapt Toulouse BL to our structure (dnsmasq + DG) |
-adapt | --adapt) |
echo -n "Toulouse BlackList migration process. Please wait : " |
if [ -f $DIR_tmp/blacklists.tar.gz ] |
then |
[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp |
122,61 → 132,74 |
chown -R dansguardian:apache $DIR_DG |
chmod -R g+w $DIR_DG |
fi |
rm -f $BL_CATEGORIES $WL_CATEGORIES $DIR_DNS_FILTER_AVAILABLE/* |
rm -f $BL_CATEGORIES $WL_CATEGORIES |
rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL |
touch $BL_CATEGORIES $WL_CATEGORIES |
find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # On récupère le nom des répertoire (catégories) |
$SED "s?\/domains??g" $FILE_tmp # On supprime le suffixe "/domains" |
for categorie in `cat $FILE_tmp` # creation des deux fichiers de categories (BL / WL) |
mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL |
find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist |
$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix |
for dir_categorie in `cat $FILE_tmp` # create the blackist and the whitelist files |
do |
if [ -e $categorie/usage ] |
categorie=`echo $dir_categorie|cut -d "/" -f6` |
categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie $DIR_DG_BL/global_usage | grep ^DEFAULT_TYPE | cut -d":" -f2 | tr -d " \t"` |
if [ "$categorie_type" == "white" ] |
then |
is_whitelist=`grep white $categorie/usage|wc -l` |
echo "$dir_categorie" >> $WL_CATEGORIES |
echo "$dir_categorie" >> $WL_CATEGORIES_ENABLED # by default all WL are enabled |
else |
is_whitelist=0 # si le fichier 'usage' n'existe pas, on considère que la catégorie est une BL |
echo "$dir_categorie" >> $BL_CATEGORIES |
fi |
if [ $is_whitelist -eq "0" ] |
then |
echo "$categorie" >> $BL_CATEGORIES |
else |
echo "$categorie" >> $WL_CATEGORIES |
fi |
done |
rm -f $FILE_tmp |
echo -n "Toulouse BlackList migration process. Please wait : " |
for PATH_FILE in `cat $BL_CATEGORIES` # pour chaque catégorie |
# Creation of DNSMASQ BL and WL |
for LIST in $BL_CATEGORIES $WL_CATEGORIES # for each list (bl and wl) |
do |
echo -n "." |
if [ ! -f $PATH_FILE/urls ] # on crée le fichier 'urls' s'il n'existe pas |
then |
touch $PATH_FILE/urls |
chown dansguardian:apache $PATH_FILE/urls |
fi |
# suppression des @IP, de caractères acccentués et des lignes commentées |
egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > $FILE_tmp |
$SED "/[äâëêïîöôüû]/d" $FILE_tmp |
$SED "/^#.*/d" $FILE_tmp |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp # Mise en forme dnsmasq |
DOMAINE=`basename $PATH_FILE` |
mv $FILE_tmp $DIR_DNS_FILTER_AVAILABLE/$DOMAINE.conf |
for PATH_FILE in `cat $LIST` # for each category |
do |
DOMAINE=`basename $PATH_FILE` |
echo -n "$DOMAINE, " |
if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist |
then |
touch $PATH_FILE/urls |
chown dansguardian:apache $PATH_FILE/urls |
fi |
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors |
# retrieve the ip addresses for iptables |
egrep "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > $FILE_ip_tmp |
# for dnsmask, remove IP addesses, accented characters and commented lines. |
egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > $FILE_tmp |
$SED "/[äâëêïîöôüû]/d" $FILE_tmp |
$SED "/^#.*/d" $FILE_tmp |
# adapt to the dnsmasq syntax |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp |
if [ "$LIST" == "$BL_CATEGORIES" ] |
then |
mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf |
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE |
else |
mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf |
fi |
done |
done |
rm -f $FILE_tmp $FILE_ip_tmp |
echo |
;; |
# regénération suite à modification du choix des catégories |
# reload when categories are changed |
-reload | --reload) |
# pour Dansguardian |
# for DG |
chown -R dansguardian:apache $DIR_DG_BL/ossi |
chmod -R g+w $DIR_DG_BL/ossi |
cat_choice |
# pour dnsmasq (noms de domaine réhabilités) |
# for dnsmasq (noms de domaine réhabilités) |
if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ] |
then |
for i in `cat $DIR_DG/exceptionsitelist` |
do |
$SED "/$i/d" $DIR_DNS_FILTER_AVAILABLE/* |
$SED "/$i/d" $DIR_DNS_BL/* |
done |
fi |
cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_FILTER_AVAILABLE/ossi.conf |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_FILTER_AVAILABLE/ossi.conf |
cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_BL/ossi.conf |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_BL/ossi.conf |
DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off) |
DNS_FILTERING=${DNS_FILTERING:=off} |
if [ $DNS_FILTERING = on ]; then |