/scripts/alcasar-CA.sh |
---|
5,7 → 5,7 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY |
# This script is distributed under the Gnu General Public License (GPL) |
# |
# Some ideas from "nessus-mkcert" script written by Renaud Deraison <deraison@cvs.nessus.org> |
# Some ideas from "nessus-mkcert" script written by Renaud Deraison <deraison@cvs.nessus.org> |
# and Michel Arboi <arboi@alussinan.org> |
# |
DIR_TMP=${TMPDIR-/tmp}/alcasar-mkcert.$$ |
170,7 → 170,7 |
hostname_len=`echo $hostname| wc -c` |
if [ $hostname_len -gt 36 ]; |
then |
hostname=`echo $hostname | cut -d '.' -f 1` |
hostname=`echo $hostname | cut -d '.' -f 1` |
fi |
CAMAIL=ca@$hostname |
/scripts/alcasar-activity_report.sh |
---|
150,7 → 150,7 |
elif [ $(echo $LINE_HTML | grep 'XXMAJCLAMAVXX' | wc -l) -eq 1 ] |
then |
VALUE=$(date -d @$(rpm -qa --queryformat "%{installtime} %{name}\n" | grep -E "clamav-db" | cut -d' ' -f1 ) "+%Y-%m-%d %H:%M:%S") |
VALUE=$(date -d @$(rpm -qa --queryformat "%{installtime} %{name}\n" | grep -E "clamav-db" | cut -d' ' -f1 ) "+%Y-%m-%d %H:%M:%S") |
echo ${LINE_HTML/XXMAJCLAMAVXX/$VALUE} >> $HTML_REPORT |
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ] |
202,7 → 202,7 |
while read LOG_BL |
do |
if [ $(echo $LOG_BL | grep config | grep $PRIVATE_IP | wc -c) -ge 1 ] |
then |
then |
#find the current blacklisted category |
website_bl=$(echo $LOG_BL | cut -d' ' -f6) |
250,7 → 250,7 |
TS_FILE=$(echo $LINE | cut -d':' -f1) |
if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ] |
then |
then |
COUNT_BL_INSTALLATION=$((COUNT_BL_INSTALLATION+1)) |
fi |
272,41 → 272,41 |
cat $MODEL_CHARTJS | while read LINE_JS |
do |
#name of variable |
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ] |
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXCONFXX/$CONF_BL_INSTALLATION} >> $HTML_REPORT |
#chart type |
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ] |
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT |
#chart title |
elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ] |
then |
then |
echo ${LINE_JS/XXTITLEXX/"Sites bloqués au total"} >> $HTML_REPORT |
#chart data |
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ] |
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXDATAXX/$VALUE_BL_INSTALLATION_DATA} >> $HTML_REPORT |
#color |
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ] |
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT |
#labels |
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ] |
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXLABELSXX/$VALUE_BL_INSTALLATION_LABEL} >> $HTML_REPORT |
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ] |
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT |
#display value of Y axis, only useful for chart bar |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ] |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ] |
then |
echo "" >> $HTML_REPORT |
#display value of Y axis, only useful for chart bar |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ] |
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ] |
then |
echo "" >> $HTML_REPORT |
elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ] |
elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ] |
then |
echo "\"Nombre de site bloqué par la blacklist\"" >> $HTML_REPORT |
else |
339,7 → 339,7 |
TS_FILE=$(echo $LINE | cut -d':' -f1) |
#select only elements between DATE_1 and DATE_2 |
if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ] |
then |
then |
echo $LINE >> $TMP_BL_WEEK |
fi |
done |
364,10 → 364,10 |
done |
#get other categories (sum them all) |
if [ $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc) -gt 0 ] |
if [ $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc) -gt 0 ] |
then |
VALUE_BL_DATA="$VALUE_BL_DATA $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc)" |
VALUE_BL_LABEL="$VALUE_BL_LABEL 'autre ($(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc))'" |
VALUE_BL_DATA="$VALUE_BL_DATA $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc)" |
VALUE_BL_LABEL="$VALUE_BL_LABEL 'autre ($(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc))'" |
fi |
#create chart pie in html file with javascript (chartjs.com) |
381,11 → 381,11 |
cat $MODEL_CHARTJS | while read LINE_JS |
do |
#variable name |
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ] |
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXCONFXX/$CONF_BL} >> $HTML_REPORT |
#chart type |
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ] |
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXTYPEXX/pie} >> $HTML_REPORT |
#graph title |
393,19 → 393,19 |
then |
echo ${LINE_JS/XXTITLEXX/"Sites bloqués cette semaine"} >> $HTML_REPORT |
#chart data |
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ] |
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXDATAXX/$VALUE_BL_DATA} >> $HTML_REPORT |
#color |
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ] |
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT |
#labels |
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ] |
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXLABELSXX/$VALUE_BL_LABEL} >> $HTML_REPORT |
#display legend, only useful for chart pie |
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ] |
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ] |
then |
echo ${LINE_JS/XXLEGENDXX/true} >> $HTML_REPORT |
#display value of Y axis, only useful for chart bar |
/scripts/alcasar-archive.sh |
---|
5,12 → 5,12 |
# by Franck BOUIJOUX and REXY |
# This script is distributed under the Gnu General Public License (GPL) |
# Script permettant |
# Script permettant |
# - d'exporter dans un seul fichier les logs de traçabilités et la base des usagers (à des fins d'archivages). |
# - Une fonction de chiffrement des logs a été implémentée dans ce script. Lisez la documentation d'exploitation pour l'activer. |
# - nettoyage des archives supérieures à 1 an (365 jours) |
# This script allows |
# This script allows |
# - export in one file the log files and user's base (in order to archive them). |
# - a cypher fonction allows to protect these files. Read the exploitation documentation to enable it. |
# - delete backup files older than one year (365 days) |
21,14 → 21,14 |
#DIR_SERVICE="squid httpd firewall" # répertoires contenant des logs utiles à exporter |
DIR_BASE="$DIR_SAVE/base" # répertoire de sauvegarde de la base de données usagers |
DIR_ARCHIVE="$DIR_SAVE/archive" # répertoire de sauvegarde des archives de log |
NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment |
NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment |
DIR_TMP="/tmp/traceability-$NOW" # Répertoire temporaire d'export |
FILE="traceability-$NOW.tar.gz" # Nom du fichier de l'archive |
EXPIRE_DAY=365 # Nbre de jour avant suppression des fichiers journaux |
CRYPT="0" # chiffrement des logs ( 0=non / 1=oui) --> Si oui alors la signature est automatiquement activée |
# log files encryption ( 0=no / 1=yes) --> if yes, the signature is automaticly enabled |
# log files encryption ( 0=no / 1=yes) --> if yes, the signature is automaticly enabled |
SIGN="0" # Signature/empreinte des logs ( 0=non / 1=oui ) ATTENTION : nécessite la clé privée !!! |
# Signature of log files ( 0=no / 1=yes ) ATTENTION : need the private key !!! |
# Signature of log files ( 0=no / 1=yes ) ATTENTION : need the private key !!! |
GPG_USER="" # utilisateur autorisé à déchiffrer les logs. Sa clé publique doit être connu dans le portefeuille gnupg de root (/root/.gnupg) |
# user allowed to decrypt the log files. Its public key must be known in the root keyring (/root/.gnupg) |
44,9 → 44,9 |
function cleanup() { |
# Nettoyage des fichiers archives |
cd $DIR_SAVE |
find . \( -mtime +$EXPIRE_DAY \) -a \( -name '*.gz' -o -name '*.sql' -o -name '' -o -name 'gpg' \) -exec rm -f {} \; |
# Nettoyage des fichiers archives |
cd $DIR_SAVE |
find . \( -mtime +$EXPIRE_DAY \) -a \( -name '*.gz' -o -name '*.sql' -o -name '' -o -name 'gpg' \) -exec rm -f {} \; |
} # end function cleanup |
56,30 → 56,30 |
} # end function crypt |
function archive() { |
mkdir -p $DIR_ARCHIVE |
mkdir -p $DIR_TMP |
nb_files=`ls $DIR_LOG/firewall/traceability.log*.gz 2>/dev/null | wc -w` |
if [ $nb_files -ne 0 ]; then |
mv $(echo $(ls -rt $DIR_LOG/firewall/traceability.log*.gz | tail -n 1 -)) $DIR_TMP/traceability-HTTP-$NOW.gz |
fi |
nb_files=`ls $DIR_BASE/alcasar-users-database-*.sql.gz 2>/dev/null | wc -w` |
if [ $nb_files -ne 0 ]; then |
mv $(echo $(ls -rt $DIR_BASE/alcasar-users-database-*.sql.gz | tail -n 1 -)) $DIR_TMP/ |
fi |
cd /var/log/nfsen/profiles-data/live/alcasar_netflow |
nb_files=`find . -mtime -7 -name 'nfcapd.[0-9]*' | wc -l` |
if [ $nb_files -ne 0 ]; then |
find . -mtime -7 -name 'nfcapd.[0-9]*' | xargs tar -cf $DIR_TMP/traceability-ALL-$NOW.tar; |
fi |
cd /tmp/ |
nb_files=`ls traceability-$NOW/* 2>/dev/null | wc -w` |
if [ $nb_files -ne 0 ]; then |
tar cvzf /tmp/$FILE traceability-$NOW/* |
else echo "no file to archive" |
fi |
mkdir -p $DIR_ARCHIVE |
mkdir -p $DIR_TMP |
nb_files=`ls $DIR_LOG/firewall/traceability.log*.gz 2>/dev/null | wc -w` |
if [ $nb_files -ne 0 ]; then |
mv $(echo $(ls -rt $DIR_LOG/firewall/traceability.log*.gz | tail -n 1 -)) $DIR_TMP/traceability-HTTP-$NOW.gz |
fi |
nb_files=`ls $DIR_BASE/alcasar-users-database-*.sql.gz 2>/dev/null | wc -w` |
if [ $nb_files -ne 0 ]; then |
mv $(echo $(ls -rt $DIR_BASE/alcasar-users-database-*.sql.gz | tail -n 1 -)) $DIR_TMP/ |
fi |
cd /var/log/nfsen/profiles-data/live/alcasar_netflow |
nb_files=`find . -mtime -7 -name 'nfcapd.[0-9]*' | wc -l` |
if [ $nb_files -ne 0 ]; then |
find . -mtime -7 -name 'nfcapd.[0-9]*' | xargs tar -cf $DIR_TMP/traceability-ALL-$NOW.tar; |
fi |
cd /tmp/ |
nb_files=`ls traceability-$NOW/* 2>/dev/null | wc -w` |
if [ $nb_files -ne 0 ]; then |
tar cvzf /tmp/$FILE traceability-$NOW/* |
else echo "no file to archive" |
fi |
} # end archive |
# Core script |
# Core script |
case $args in |
-\? | -h* | --h*) |
echo "$usage" |
98,17 → 98,17 |
# Saving of the database |
/usr/local/bin/alcasar-mysql.sh --dump |
# Encryption of the archive |
if [ -e /tmp/$FILE ]; then |
if [ -e /tmp/$FILE ]; then |
if [ $CRYPT -eq "1" ]; then |
{ |
# 1 ) chiffrement/signature =1 ==> gpg --encrypt avec test de la clé présente |
gpg --output $DIR_ARCHIVE/$FILE-crypt.gpg --armor --encrypt --recipient $GPG_USER /tmp/$FILE |
gpg --output $DIR_ARCHIVE/$FILE-crypt.gpg --armor --encrypt --recipient $GPG_USER /tmp/$FILE |
} |
elif [ $SIGN -eq "1" ]; then |
{ |
# 2) signature = 1 Chiffrement = 0 --> gpg --encrypt idem test de la clé présente |
gpg --output $DIR_ARCHIVE/$FILE-sign.gpg --sign --recipient $GPG_USER /tmp/$FILE |
gpg --output $DIR_ARCHIVE/$FILE-sign.gpg --sign --recipient $GPG_USER --detach-sign /tmp/$FILE |
# 2) signature = 1 Chiffrement = 0 --> gpg --encrypt idem test de la clé présente |
gpg --output $DIR_ARCHIVE/$FILE-sign.gpg --sign --recipient $GPG_USER /tmp/$FILE |
gpg --output $DIR_ARCHIVE/$FILE-sign.gpg --sign --recipient $GPG_USER --detach-sign /tmp/$FILE |
} |
else |
{ |
122,10 → 122,10 |
;; |
--live | -l) |
mkdir -p $DIR_ARCHIVE |
mkdir -p /tmp/live |
mkdir -p /tmp/live |
gap=7 |
cd /var/log/nfsen/profiles-data/live/alcasar_netflow |
find . -mtime -$gap -name 'nfcapd.[0-9]*' | xargs tar -cf /tmp/live/traceability-ALL-$NOW.tar; |
find . -mtime -$gap -name 'nfcapd.[0-9]*' | xargs tar -cf /tmp/live/traceability-ALL-$NOW.tar; |
# Saving of the database |
/usr/local/bin/alcasar-mysql.sh --dump |
mv $(echo $(ls -rt $DIR_BASE/alcasar-users-database-*.sql.gz | tail -n 1 -)) /tmp/live/ |
/scripts/alcasar-bl.sh |
---|
27,8 → 27,8 |
DIR_SHARE="/usr/local/share" |
DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl" # all the BL in the DNSMASQ format |
DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl" # all the WL ' ' ' |
DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL |
DIR_IP_WL="$DIR_SHARE/iptables-wl" # IP ossi disabled WL |
DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL |
DIR_IP_WL="$DIR_SHARE/iptables-wl" # IP ossi disabled WL |
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the domains BL (only enabled categories) |
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' ' |
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories) |
61,10 → 61,10 |
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG |
$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines) |
# process the file $BL_CATEGORIES with the choice of categories |
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` |
# process the file $BL_CATEGORIES with the choice of categories |
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` |
do |
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES |
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES |
ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE |
ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE |
78,10 → 78,10 |
chown root:apache $BL_CATEGORIES $BL_CATEGORIES_ENABLED |
chmod 660 $BL_CATEGORIES $BL_CATEGORIES_ENABLED |
# process the file $WL_CATEGORIES with the choice of categories |
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED` |
# process the file $WL_CATEGORIES with the choice of categories |
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED` |
do |
$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES |
$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES |
ln -sf $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE |
done |
115,7 → 115,7 |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
args="-h" |
args="-h" |
fi |
case $args in |
-\? | -h* | --h*) |
129,7 → 129,7 |
if [ ! -e /tmp/con_ok.html ] |
then |
echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable" |
else |
else |
rm -rf /tmp/con_ok.html $DIR_tmp |
mkdir $DIR_tmp |
wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz |
146,7 → 146,7 |
echo -n "Adaptation process of Toulouse University blackList. Please wait : " |
if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL |
then |
# keep custom files (ossi) |
# keep custom files (ossi) |
for x in $(ls -1 $DIR_DG_BL | grep "^ossi-*") |
do |
mv $DIR_DG_BL/$x $DIR_tmp |
158,7 → 158,7 |
chmod -R 770 $DIR_DG |
# Add the two local categories (ossi-bl & ossi-wl) to the usage file |
# Add the custom categories (ossi-tor_nodes) to the usage file |
cat << EOF >> $DIR_DG_BL/global_usage |
cat << EOF >> $DIR_DG_BL/global_usage |
NAME: ossi-bl |
DEFAULT_TYPE: black |
204,7 → 204,7 |
categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie$ $DIR_DG_BL/global_usage | grep ^DEFAULT_TYPE | cut -d":" -f2 | tr -d " \t"` |
if [ "$categorie_type" == "white" ] |
then |
echo "$dir_categorie" >> $WL_CATEGORIES |
echo "$dir_categorie" >> $WL_CATEGORIES |
else |
echo "$dir_categorie" >> $BL_CATEGORIES |
fi |
211,19 → 211,19 |
done |
rm -f $FILE_tmp |
# Verify that the enabled categories are effectively in the BL (need after an update of the BL) |
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` |
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` |
do |
ok=`grep /$ENABLE_CATEGORIE$ $BL_CATEGORIES|wc -l` |
if [ $ok != "1" ] |
if [ $ok != "1" ] |
then |
$SED "/^$ENABLE_CATEGORIE$/d" $BL_CATEGORIES_ENABLED |
fi |
done |
# Verify that the enabled categories are effectively in the WL (need after an update of the WL) |
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED` |
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED` |
do |
ok=`grep /$ENABLE_CATEGORIE$ $WL_CATEGORIES|wc -l` |
if [ $ok != "1" ] |
if [ $ok != "1" ] |
then |
$SED "/^$ENABLE_CATEGORIE$/d" $WL_CATEGORIES_ENABLED |
fi |
235,22 → 235,22 |
do |
DOMAIN=`basename $PATH_FILE` |
echo -n "$DOMAIN, " |
if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist |
if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist |
then |
touch $PATH_FILE/urls |
chown dansguardian:apache $PATH_FILE/urls |
fi |
cp $PATH_FILE/domains $FILE_tmp |
cp $PATH_FILE/domains $FILE_tmp |
clean_split # clean ossi custom files & split them for dnsmasq and for iptables |
if [ "$LIST" == "$BL_CATEGORIES" ] |
then |
# adapt to the dnsmasq syntax for the blacklist |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf |
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN |
else |
# adapt to the dnsmasq syntax for the whitelist |
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp |
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf |
fi |
done |
257,7 → 257,7 |
done |
echo |
chown -R root:apache $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL |
chmod 770 $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL |
chmod 770 $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL |
chmod -f 660 $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL/* $DIR_DNS_WL/* $DIR_IP_BL/* $DIR_IP_WL/* |
rm -f $FILE_tmp $FILE_ip_tmp |
rm -rf $DIR_tmp |
281,12 → 281,12 |
if [ $black == "1" ] |
then |
# adapt to the dnsmasq syntax for the blacklist |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf |
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN |
else |
# adapt to the dnsmasq syntax for the whitelist |
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp |
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf |
mv $FILE_ip_tmp $DIR_IP_WL/$DOMAIN |
fi |
297,9 → 297,9 |
/usr/bin/systemctl restart dansguardian |
/usr/local/bin/alcasar-iptables.sh |
else |
echo -n "/usr/local/etc/update_cat.conf is empty ..." |
echo -n "/usr/local/etc/update_cat.conf is empty ..." |
fi |
echo |
echo |
;; |
# reload when selected categories are changed or when ossi change his custom files |
-reload | --reload) |
343,13 → 343,13 |
then |
# adapt the file to the dnsmasq syntax and enable it if needed |
# for the WL |
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp |
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_WL/$ossi_categorie.conf |
mv $FILE_ip_tmp $DIR_IP_WL/$ossi_categorie |
enabled=`grep ^$ossi_categorie$ $WL_CATEGORIES_ENABLED | wc -l` |
if [ $enabled == "1" ] |
then |
$SED "/\/$ossi_categorie$/d" $WL_CATEGORIES |
$SED "/\/$ossi_categorie$/d" $WL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $WL_CATEGORIES |
ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie |
ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie |
356,13 → 356,13 |
fi |
else |
# for the BL |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_BL/$ossi_categorie.conf |
mv $FILE_ip_tmp $DIR_IP_BL/$ossi_categorie |
enabled=`grep ^$ossi_categorie$ $BL_CATEGORIES_ENABLED | wc -l` |
if [ $enabled == "1" ] |
then |
$SED "/\/$ossi_categorie$/d" $BL_CATEGORIES |
$SED "/\/$ossi_categorie$/d" $BL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $BL_CATEGORIES |
ln -sf $DIR_DNS_BL/$ossi_categorie.conf $DIR_DNS_BL_ENABLED/$ossi_categorie |
ln -sf $DIR_IP_BL/$ossi_categorie $DIR_IP_BL_ENABLED/$ossi_categorie |
/scripts/alcasar-bypass.sh |
---|
32,8 → 32,8 |
ifup $INTIF |
sh /usr/local/bin/alcasar-iptables-bypass.sh |
DHCP=`grep ^DHCP= $CONF_FILE|cut -d"=" -f2` |
if [ $DHCP != off ] |
then |
if [ $DHCP != off ] |
then |
$SED "/^#dhcp-range=/s/^#//" /etc/dnsmasq.conf # dnsmasq become the DHCP server |
$SED "/^#dhcp-option=/s/^#//" /etc/dnsmasq.conf |
$SED "/^#domain=/s/^#//" /etc/dnsmasq.conf |
41,7 → 41,7 |
/usr/bin/systemctl restart dnsmasq |
fi |
rm -f /etc/cron.d/alcasar-daemon-watchdog # don't restart daemons (specially coova) |
rm -f /etc/cron.d/alcasar-daemon-watchdog # don't restart daemons (specially coova) |
echo "ALCASAR est en mode 'bypass'" |
echo "ALCASAR is in 'bypass' mode" |
;; |
48,7 → 48,7 |
--off | -off) |
cp -f /etc/sysconfig/network-scripts/default-ifcfg-$INTIF /etc/sysconfig/network-scripts/ifcfg-$INTIF |
ifup $INTIF |
$SED "s?^dhcp-range=.*?#&?g" /etc/dnsmasq.conf # dnsmasq is no more the DHCP server (it's coova) |
$SED "s?^dhcp-range=.*?#&?g" /etc/dnsmasq.conf # dnsmasq is no more the DHCP server (it's coova) |
$SED "s?^dhcp-option=.*?#&?g" /etc/dnsmasq.conf |
$SED "s?^domain=.*?#&?g" /etc/dnsmasq.conf |
$SED "/^#no-dhcp-interface/s/^#//" /etc/dnsmasq.conf |
/scripts/alcasar-certificates.sh |
---|
6,10 → 6,10 |
# by Franck BOUIJOUX and REXY |
# This script is distributed under the Gnu General Public License (GPL) |
# Script permettant |
# Script permettant |
# - d'exporter les certificats d'un serveur pour les transposer sur un autre. |
# This script allows |
# This script allows |
# - export certificates server to move them. |
30,19 → 30,19 |
fi |
NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment |
NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment |
FILE="certificates-$NOW" |
DIR_SAVE=$DIR_SAVE-$NOW |
# Function of export |
# Function of export |
function certs_export() { |
# Export of CA Certificate |
# Export of CA Certificate |
cd /root |
tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key} |
tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key} |
# Export of server Certificate |
tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt} |
gzip $FILE.tar |
# Export of server Certificate |
tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt} |
gzip $FILE.tar |
echo "Le ficher des certificats exportés est : $FILE.tar.gz" |
} # end function export |
51,16 → 51,16 |
# Sauvegarde de la pki actuelle |
[ -d $DIR_SAVE ] || mkdir $DIR_SAVE |
# Save of CA Certificate |
# Save of CA Certificate |
cd $DIR_PKI/CA/ |
cp alcasar-ca.crt $DIR_SAVE/. |
cp private/alcasar-ca.key $DIR_SAVE/. |
cp alcasar-ca.crt $DIR_SAVE/. |
cp private/alcasar-ca.key $DIR_SAVE/. |
# Save of server Certificate |
# Save of server Certificate |
cd $DIR_PKI/tls |
cp certs/alcasar.crt $DIR_SAVE/. |
cp private/alcasar.key $DIR_SAVE/. |
cp certs/server-chain.crt $DIR_SAVE/. |
cp certs/alcasar.crt $DIR_SAVE/. |
cp private/alcasar.key $DIR_SAVE/. |
cp certs/server-chain.crt $DIR_SAVE/. |
} # end function archive |
function import() { |
71,7 → 71,7 |
[ -d $DIR_IMPORT ] || mkdir $DIR_IMPORT |
rm -rf $DIR_IMPORT/* |
# Import of CA Certificate |
# Import of CA Certificate |
tar xzvf $1 --directory=$DIR_IMPORT |
echo "Import new certificates in ALCASAR !!!" |
cp -r $DIR_IMPORT/* /. |
80,9 → 80,9 |
# Service apache restart |
service httpd restart |
else |
echo "You are not import new certificates !!!" |
exit 0 |
else |
echo "You are not import new certificates !!!" |
exit 0 |
fi |
} # end import |
101,7 → 101,7 |
if [ $nb_args -eq 1 ] |
then |
echo "Il faut passer un fichier de certificat en paramètre !!!" |
exit 0 |
exit 0 |
fi |
import $2 |
;; |
/scripts/alcasar-daemon.sh |
---|
19,7 → 19,7 |
then |
logger -i "!! $s is inactive. Activation attempt" |
echo "the $s service is disabled! trying to start it..." |
/usr/bin/systemctl start $s.service |
/usr/bin/systemctl start $s.service |
else |
nb_srv=$((nb_srv+1)) |
fi |
28,13 → 28,13 |
nb_srv=0 |
for s in $SERVICES |
do |
if [ $s != "sshd" ] |
if [ $s != "sshd" ] |
then |
ServiceTest |
else |
{ |
if [ $SSH == "ON" ] || [ $SSH == "on" ] || [ $SSH == "On" ] |
then |
then |
ServiceTest |
else |
nb_available_srv=$((nb_available_srv-1)) |
/scripts/alcasar-dhcp.sh |
---|
54,15 → 54,15 |
$SED "s?^dynip.*?#dynip?g" $CHILLI_CONF_FILE |
$SED "s?^#dynip.*?#dynip?g" $CHILLI_CONF_FILE |
$SED "s?^DHCP.*?DHCP=off?g" $ALCASAR_CONF_FILE |
if [ "$EXT_DHCP_IP" != "none" ] |
if [ "$EXT_DHCP_IP" != "none" ] |
then |
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcprelayagent.*?dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcprelayagent.*?dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
else |
$SED "s?.*dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
fi |
/usr/bin/systemctl restart chilli |
;; |
/scripts/alcasar-file-clean.sh |
---|
25,7 → 25,7 |
# remove empty lines and put rights |
for file in $ALCASAR_SERVICES $ALCASAR_IP_BLOCKED $ALCASAR_CONF $ALCASAR_UAMDOMAIN $ALCASAR_UAMALLOWED |
do |
$SED "/^$/d" $file |
$SED "/^$/d" $file |
chown root:apache $file |
chmod 660 $file |
done |
36,10 → 36,10 |
for domain in $(cat $ALCASAR_UAMDOMAIN | cut -d' ' -f1) |
do |
domain_exception="server=/$(echo $domain | cut -d'"' -f2)/#" |
sed -i "/conf-file/a$domain_exception" /etc/dnsmasq-blackhole.conf |
domain_exception="server=/$(echo $domain | cut -d'"' -f2)/#" |
sed -i "/conf-file/a$domain_exception" /etc/dnsmasq-blackhole.conf |
done |
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't restart on install stage |
then |
systemctl restart dnsmasq-blackhole |
fi |
fi |
/scripts/alcasar-generate_log.sh |
---|
35,8 → 35,8 |
if [ $nb_args -eq 1 ] |
then |
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct ORDER BY acctstarttime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';" |
SECTION_LOG="Extraction de tous les journaux" |
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct ORDER BY acctstarttime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';" |
SECTION_LOG="Extraction de tous les journaux" |
fi |
if [ $nb_args -eq 2 ] |
43,13 → 43,13 |
then |
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct WHERE acctstarttime >= '$2' ORDER BY acctstarttime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';" |
echo $QUERY |
SECTION_LOG="Extraction des journaux à partir du $2" |
SECTION_LOG="Extraction des journaux à partir du $2" |
fi |
if [ $nb_args -eq 3 ] |
then |
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct WHERE acctstarttime >= '$2' AND acctstarttime <= '$3' ORDER BY acctstoptime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';" |
SECTION_LOG="Extraction des journaux entre $2 et $3" |
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct WHERE acctstarttime >= '$2' AND acctstarttime <= '$3' ORDER BY acctstoptime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';" |
SECTION_LOG="Extraction des journaux entre $2 et $3" |
fi |
if [ $nb_args -eq 0 ] |
61,8 → 61,8 |
if [ $nb_args -gt 3 ] |
then |
echo $usage |
exit |
echo $usage |
exit |
fi |
if [ -e $TMP_SQL ] |
77,7 → 77,7 |
if [ -e $ARCHIVE_LOCATION ] |
then |
rm $ARCHIVE_LOCATION |
rm $ARCHIVE_LOCATION |
fi |
106,7 → 106,7 |
LOG_M1=$(echo $LOG_DATE1 | cut -d'-' -f2) |
LOG_D1=$(echo $LOG_DATE1 | cut -d'-' -f3 | cut -d' ' -f1) |
LOG_H1=$(echo $LOG_DATE1 | cut -d'-' -f3 | cut -d' ' -f2) |
LOG_Y2=$(echo $LOG_DATE2 | cut -d'-' -f1) |
LOG_M2=$(echo $LOG_DATE2 | cut -d'-' -f2) |
LOG_D2=$(echo $LOG_DATE2 | cut -d'-' -f3 | cut -d' ' -f1) |
115,7 → 115,7 |
DUMP=$(nfdump -O tstart -R /var/log/nfsen/profiles-data/live/alcasar_netflow/ -t $LOG_Y1/$LOG_M1/$LOG_D1.$LOG_H1-$LOG_Y2/$LOG_M2/$LOG_D2.$LOG_H2 -o "fmt:<tr><td class='numberLine'></td><td>%sa</td><td>%sp</td><td>%da</td><td>%dp</td><td>%ts</td></tr>" | tail -n +2 | head -n -4 | grep "$LOG_IP") |
if [ ! -z "$DUMP" ] |
then |
echo "<div class='container'> " >> $TMP_HTML |
echo "<div class='container'> " >> $TMP_HTML |
echo "<table class='table table-striped'>" >> $TMP_HTML |
echo "<thead>" >> $TMP_HTML |
echo "<tr>" >> $TMP_HTML |
137,7 → 137,7 |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f6) "</td>" >> $TMP_HTML |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f8) "</td>" >> $TMP_HTML |
echo "</tr></tbody></table></div>" >> $TMP_HTML |
echo "<div class='container mySpace'> " >> $TMP_HTML |
echo "<div class='container mySpace'> " >> $TMP_HTML |
echo "<table class='table table-striped'>" >> $TMP_HTML |
echo "<thead>" >> $TMP_HTML |
echo "<tr>" >> $TMP_HTML |
156,11 → 156,11 |
echo "</body>" >> $TMP_HTML |
echo "</HTML>" >> $TMP_HTML |
#inform users about that by setting the fourth bit of Filter-Id at 1. |
#inform users about that by setting the fourth bit of Filter-Id at 1. |
QUERY="SELECT username from radreply INTO OUTFILE '$TMP_USERS' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';" |
mysql -u root -p"$DB_ROOT_PW" -D radius -e "$QUERY" |
if [ -e $TMP_USERS ] && [ $(cat $TMP_USERS | wc -l) -gt 0 ] |
if [ -e $TMP_USERS ] && [ $(cat $TMP_USERS | wc -l) -gt 0 ] |
then |
for user in $(cat $TMP_USERS) |
do |
175,7 → 175,7 |
/usr/bin/7za a -tzip -p$1 -mem=AES256 $ARCHIVE_LOCATION $TMP_PDF |
chown apache:apache $ARCHIVE_LOCATION |
chown apache:apache $ARCHIVE_LOCATION |
rm $TMP_HTML |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id |
\ No newline at end of property |
/scripts/alcasar-https.sh |
---|
28,7 → 28,7 |
echo "$usage" |
exit 0 |
;; |
--off | -off) # disable HTTPS |
--off | -off) # disable HTTPS |
$SED "s?^HTTPS_LOGIN=.*?HTTPS_LOGIN=off?" $CONF_FILE |
$SED "s?^HTTPS_CHILLI=.*?HTTPS_CHILLI=off?" $CONF_FILE |
$SED "s?uamserver.*?uamserver\thttp://$HOSTNAME.$DOMAIN/intercept.php?" $CHILLI_CONF_FILE |
/scripts/alcasar-importcert.sh |
---|
57,7 → 57,7 |
domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' | sed 's/^.//'` |
echo "fqdn=$fqdn hostname=$hostname domain=$domain" |
#check fqdn format |
#check fqdn format |
if [[ "$fqdn" != "" && "$domain" != "" ]]; then |
$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf |
$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf |
/scripts/alcasar-iptables-bypass.sh |
---|
55,7 → 55,7 |
# Insertion de règles de blocage (Devel) |
# Here, we add block rules (Devel) |
if [ -s /usr/local/etc/alcasar-ip-blocked ]; then |
if [ -s /usr/local/etc/alcasar-ip-blocked ]; then |
while read ip_line |
do |
ip_on=`echo $ip_line|cut -b1` |
68,7 → 68,7 |
done < /usr/local/etc/alcasar-ip-blocked |
fi |
# SSHD rules if activate |
# SSHD rules if activate |
if [ $SSH = on ] |
then |
$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j NFLOG --nflog-group 2 --nflog-prefix "RULE ssh-from-LAN -- ACCEPT" |
79,7 → 79,7 |
# Insertion de règles locales |
# Here, we add local rules (i.e. VPN from Internet) |
if [ -f /usr/local/etc/alcasar-iptables-local.sh ]; then |
. /usr/local/etc/alcasar-iptables-local.sh |
. /usr/local/etc/alcasar-iptables-local.sh |
fi |
# on autorise les requêtes dhcp |
/scripts/alcasar-iptables.sh |
---|
7,10 → 7,10 |
# Reminders |
# There are four channels for log : |
# 1 tracability of the consultation equipment with The 'Netflow' kernel module (iptables target = NETFLOW); |
# 2 protection of ALCASAR with the Ulog group 1 (default group) |
# 2 protection of ALCASAR with the Ulog group 1 (default group) |
# 3 SSH on ALCASAR with the Ulog group 2; |
# 4 extern access attempts on ALCASAR with the Ulog group 3. |
# The bootps/dhcp (67) port is always open on tun0/INTIF by coova |
# The bootps/dhcp (67) port is always open on tun0/INTIF by coova |
CONF_FILE="/usr/local/etc/alcasar.conf" |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
35,7 → 35,7 |
DNSSERVERS="$dns1,$dns2" # first and second public DNS servers |
BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP |
WL_IP_CAT="/usr/local/share/iptables-wl-enabled" # categories files of the WhiteListed IP |
TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set |
TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set |
TMP_set_save="/tmp/ipset_save" # tmp file for blacklist and whitelist creation |
SSH=`grep ^SSH= $CONF_FILE|cut -d"=" -f2` # sshd active (on/off) |
SSH=${SSH:=off} |
129,7 → 129,7 |
ipset -! restore < $TMP_set_save |
rm -f $TMP_set_save |
# Restoration des SET des utilisateurs connectés si ils existent sinon création des SET |
# Restoration des SET des utilisateurs connectés si ils existent sinon création des SET |
# Restoring the connected users SETs if available, otherwise creating SETs |
if [ -e $TMP_users_set_save ]; |
then |
188,7 → 188,7 |
# redirect DNS of 'havp_wl' users to port 55 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_wl src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 55 |
# Journalisation HTTP_Internet des usagers 'havp_bl' (paquets SYN uniquement). Les autres protocoles sont journalisés en FORWARD par netflow. |
# Journalisation HTTP_Internet des usagers 'havp_bl' (paquets SYN uniquement). Les autres protocoles sont journalisés en FORWARD par netflow. |
# Log Internet HTTP of 'havp_bl' users" (only syn packets). Other protocols are logged in FORWARD by netflow |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl src ! -d $PRIVATE_IP -p tcp --dport http -m state --state NEW -j NFLOG --nflog-group 1 --nflog-prefix "RULE F_http -- ACCEPT " |
230,7 → 230,7 |
$IPTABLES -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP |
$IPTABLES -A INPUT -p tcp -m tcp ! --syn -m state --state NEW -j DROP |
# Si configéré, on autorise les réponses DHCP |
# Si configéré, on autorise les réponses DHCP |
# Allow DHCP answers if configured |
public_ip_mask=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` # ALCASAR WAN IP address |
if [[ "$public_ip_mask" == "dhcp" ]] |
239,7 → 239,7 |
$IPTABLES -A OUTPUT -o $EXTIF -p udp --dport 68 -j ACCEPT |
fi |
# On rejette les trame en broadcast et en multicast sur EXTIF (évite leur journalisation) |
# Drop broadcast & multicast on EXTIF to avoid log |
# Drop broadcast & multicast on EXTIF to avoid log |
$IPTABLES -A INPUT -m addrtype --dst-type BROADCAST,MULTICAST -j DROP |
# On autorise les retours de connexions légitimes par INPUT |
250,7 → 250,7 |
# Deny direct connections on DansGuardian port (8080). The concerned paquets have been marked and logged in mangle table (PREROUTING) |
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport 8080 -m mark --mark 1 -j REJECT --reject-with tcp-reset |
# Autorisation des connexions légitimes à DansGuardian |
# Autorisation des connexions légitimes à DansGuardian |
# Allow connections for DansGuardian |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8080 -m state --state NEW --syn -j ACCEPT |
258,7 → 258,7 |
# Deny direct connections on tinyproxy port (8090). The concerned paquets have been marked in mangle table (PREROUTING) |
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport 8090 -m mark --mark 2 -j REJECT --reject-with tcp-reset |
# Autorisation des connexions légitimes vers tinyproxy |
# Autorisation des connexions légitimes vers tinyproxy |
# Allow connections to tinyproxy |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8090 -m state --state NEW --syn -j ACCEPT |
294,7 → 294,7 |
# Accès direct aux services internes |
# Internal services access |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p udp --dport domain -j ACCEPT # DNS |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p udp --dport domain -j ACCEPT # DNS |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport domain -j ACCEPT # DNS |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p icmp --icmp-type 8 -j ACCEPT # Réponse ping # ping responce |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p icmp --icmp-type 0 -j ACCEPT # Requête ping # ping request |
303,7 → 303,7 |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport 3990:3991 -j ACCEPT # Requêtes de deconnexion usagers # Users logout requests |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p udp --dport ntp -j ACCEPT # Serveur local de temps # local time server |
# SSHD rules if activate |
# SSHD rules if activate |
if [ $SSH = on ] |
then |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j NFLOG --nflog-group 2 --nflog-prefix "RULE ssh-from-LAN -- ACCEPT" |
315,7 → 315,7 |
# Insertion de règles locales |
# Here, we add local rules (i.e. VPN from Internet) |
if [ -f /usr/local/etc/alcasar-iptables-local.sh ]; then |
. /usr/local/etc/alcasar-iptables-local.sh |
. /usr/local/etc/alcasar-iptables-local.sh |
fi |
# Journalisation et rejet des connexions (autres que celles autorisées) effectuées depuis le LAN |
352,11 → 352,11 |
# Allow Conntrack |
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT |
# Compute uamallowed IP (IP address of equipments connected between ALCASAR and Internet (DMZ, own servers, ...) |
# Compute uamallowed IP (IP address of equipments connected between ALCASAR and Internet (DMZ, own servers, ...) |
nb_uamallowed=`wc -l /usr/local/etc/alcasar-uamallowed | cut -d" " -f1` |
if [ $nb_uamallowed != "0" ] |
then |
while read ip_allowed_line |
while read ip_allowed_line |
do |
ip_allowed=`echo $ip_allowed_line|cut -d"\"" -f2` |
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j NETFLOW |
421,7 → 421,7 |
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_3 src -s $PRIVATE_NETWORK_MASK -p udp -m multiport ! --dports $custom_udp_protocols_list -m state --state NEW -j REJECT --reject-with icmp-port-unreachable |
fi |
# journalisation et autorisation des connections sortant du LAN |
# journalisation et autorisation des connections sortant du LAN |
# Allow forward connections with log |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j ACCEPT |
433,7 → 433,7 |
# Everything is allowed but traffic through outside network interface |
$IPTABLES -A OUTPUT ! -o $EXTIF -j ACCEPT |
# Si configéré, on autorise les requêtes DHCP |
# Si configéré, on autorise les requêtes DHCP |
# Allow DHCP requests if configured |
public_ip_mask=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` # ALCASAR WAN IP address |
if [[ "$public_ip_mask" == "dhcp" ]] |
442,7 → 442,7 |
$IPTABLES -A OUTPUT -o $EXTIF -p udp --dport 67 -j ACCEPT |
fi |
# On autorise les requêtes DNS vers les serveurs DNS identifiés |
# On autorise les requêtes DNS vers les serveurs DNS identifiés |
# Allow DNS requests to identified DNS servers |
$IPTABLES -A OUTPUT -o $EXTIF -d $DNSSERVERS -p udp --dport domain -m state --state NEW -j ACCEPT |
459,17 → 459,17 |
# RSYNC requests are allowed (to update BL of Toulouse) |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport rsync -j ACCEPT |
# On autorise les requêtes FTP |
# On autorise les requêtes FTP |
# FTP requests are allowed |
modprobe nf_conntrack_ftp |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT |
$IPTABLES -A OUTPUT -o $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT |
# On autorise les requêtes NTP |
# On autorise les requêtes NTP |
# NTP requests are allowed |
$IPTABLES -A OUTPUT -o $EXTIF -p udp --dport ntp -j ACCEPT |
# On autorise les requêtes ICMP (ping) |
# On autorise les requêtes ICMP (ping) |
# ICMP (ping) requests are allowed |
$IPTABLES -A OUTPUT -o $EXTIF -p icmp --icmp-type 8 -j ACCEPT |
489,4 → 489,3 |
$IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE |
# End of script |
/scripts/alcasar-load_balancing.sh |
---|
48,7 → 48,7 |
if [ $(whoami) != "root" ]; then |
echo "You must be root to run this!" ; echo ; exit 1 |
echo "You must be root to run this!" ; echo ; exit 1 |
fi |
# Adapter for ALCASAR project |
104,7 → 104,7 |
fi # End |
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`" |
if [ "$PARAM" == "add" ]; then |
if [ "$PARAM" == "add" ]; then |
set -x |
table=$(($i + 1)) |
ip route ${PARAM} ${NET} dev ${IFACE} src ${IP} table $table |
124,7 → 124,7 |
i=$(($i + 1)) |
done # End While |
if [ "$PARAM" == "add" ]; then |
if [ "$PARAM" == "add" ]; then |
echo "[] Balanced routing:" |
# suppress default route |
ip route del default scope global |
133,7 → 133,7 |
set +x |
echo |
fi |
} # end create_eth |
########################### |
144,7 → 144,7 |
echo $IFACE_COUNT |
while [ $IFACE_COUNT -ne 0 ] |
do |
i=$IFACE_COUNT |
i=$IFACE_COUNT |
echo "ifdown $EXTIF:$i" |
ifdown $EXTIF:$i |
rm -f /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i |
153,21 → 153,21 |
ip route del default scope global |
# ip route add default gw 192.168.1.1 |
} |
# do not modify below this line unless you know what you're doing :) |
function getvalue() { |
index=$1 |
VAR=$2 |
index=$1 |
VAR=$2 |
n=1 |
for f in ${VAR} ; do |
if [ "${n}" == "${index}" ]; then |
echo "$f" |
break |
fi |
n=$(($n++)) |
done |
n=1 |
for f in ${VAR} ; do |
if [ "${n}" == "${index}" ]; then |
echo "$f" |
break |
fi |
n=$(($n++)) |
done |
} |
###################### |
178,7 → 178,7 |
echo "[] Watchdog started" |
# 0 == all links ok, 1 == some link down |
STATE=0 |
DOWNCOUNT_BAK=0 |
DOWN_BAK="" |
NBIFACE=`grep "^WAN" $CONF_FILE | wc -l` # Nbre interfaces virtuelles |
195,12 → 195,12 |
echo "Liste des interfaces : "${WANIFACE[*]} |
# Failover test |
while : ; do |
if [ $VERBOSE -eq 1 ]; then |
echo "[] Sleeping, state=$STATE" |
fi |
sleep $FAILOVER |
IFINDEX=1 |
DOWN="" # liste des interfaces down |
DOWNCOUNT=0 # nombre d'interface down |
214,7 → 214,7 |
WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @WT |
else |
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW |
fi |
fi |
for TESTIP in $TESTIPS ; do |
COUNT=$(($COUNT + 1)) |
ping -W 3 -I $IP -c 1 $TESTIP > /dev/null 2>&1 |
222,7 → 222,7 |
# Si ping de la première adresse --> ok --> stop du test pour l'interface testée |
if [ $? -eq 0 ]; then |
break |
else |
else |
# sinon on compte une erreur |
FAIL=$(($FAIL + 1)) |
fi |
248,7 → 248,7 |
echo "IFINDEX =$IFINDEX" |
done # End Test Interface in WANIFACE |
# 0 Passerelle down et état précédent différent (retour à la normale)) --> mise à la normale des passerelles |
# 0 Passerelle down et état précédent différent (retour à la normale)) --> mise à la normale des passerelles |
# if [ $DOWNCOUNT -eq 0 ] && [ $DOWNCOUNT -ne $DOWNCOUNT_BAK ]; then |
if [ $DOWNCOUNT -eq 0 ] ; then |
if [ $STATE -eq 1 ]; then |
279,13 → 279,13 |
echo "iface=$iface" |
echo "Index = " $IFINDEX |
FAILIF=0 |
# Pour chaque interface down --> |
# Pour chaque interface down --> |
echo "Interfaces DOWN = $DOWN" |
for lnkdwn in $DOWN ; do |
echo "LINKDOWN = "$lnkdown |
if [ $lnkdwn -eq $IFINDEX ]; then |
FAILIF=1 |
break |
break |
else |
continue |
fi |
298,7 → 298,7 |
WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @GW |
else |
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW |
fi |
fi |
echo "GW=$GW" |
echo "WT=$WT" |
echo "suffix=$sufix" |
308,7 → 308,7 |
done # End iface IN WANIFACE |
# Commande globale |
cmd="ip route replace default scope global $suffix" |
if [ $VERBOSE -eq 1 ]; then |
set -x |
# echo "Avec commentaire : " ${cmd} |
321,7 → 321,7 |
fi # end Application de la commande de routage globale |
fi # |
DOWN_BAK=$DOWN # Enregistrement de l'etat |
fi # End |
fi # End |
done |
} # End of Failover |
336,70 → 336,70 |
echo |
case $1 in |
create) |
create_eth |
create) |
create_eth |
;; |
delete) |
delete_eth |
delete) |
delete_eth |
;; |
start) |
if [ "$MULTIWAN" != "on" ] && [ "$MULTIWAN" != "On" ]; then |
start) |
if [ "$MULTIWAN" != "on" ] && [ "$MULTIWAN" != "On" ]; then |
echo "The MultiGateway is not activated !" |
exit 0 |
fi |
PARAM="add" |
create_eth |
ip route flush cache |
if [ $FAILOVER -eq 0 ]; then |
PARAM="add" |
create_eth |
ip route flush cache |
if [ $FAILOVER -eq 0 ]; then |
echo "The MultiWAN Mode is actived but not failover connectivity !" |
exit 0 |
fi |
echo "Starting down $prog: " |
pid=`pidof -x "alcasar-load_balancing.sh"` |
if [ $pid != "" ]; then |
echo $pid > $pidfile |
fi |
touch /var/lock/subsys/alcasar-load_balancing |
failover |
echo "Starting down $prog: " |
pid=`pidof -x "alcasar-load_balancing.sh"` |
if [ $pid != "" ]; then |
echo $pid > $pidfile |
fi |
touch /var/lock/subsys/alcasar-load_balancing |
failover |
;; |
stop) |
stop) |
PARAM="del" |
echo "Shutting down $prog: " |
if [ -f $pidfile ]; then |
pid=`cat $pidfile` |
kill -9 $pid |
else |
echo "$prog is not running." |
exit 1 |
fi |
RETVAL=$? |
echo |
[ $RETVAL -eq 0 ] && rm -f $pidfile && rm -f /var/lock/subsys/alcasar-load_balancing |
echo "Delete of virtual interfaces" |
delete_eth |
echo "Network restart" |
service network restart 2>&1 > /dev/null |
ip route |
if [ -f $pidfile ]; then |
pid=`cat $pidfile` |
kill -9 $pid |
else |
echo "$prog is not running." |
exit 1 |
fi |
RETVAL=$? |
echo |
[ $RETVAL -eq 0 ] && rm -f $pidfile && rm -f /var/lock/subsys/alcasar-load_balancing |
echo "Delete of virtual interfaces" |
delete_eth |
echo "Network restart" |
service network restart 2>&1 > /dev/null |
ip route |
;; |
status) |
echo "Checking $prog : " |
if [ -f $pidfile ]; then |
pid=`cat $pidfile` |
CHECK=`ps -p $pid --no-heading | awk {'printf $1'}` |
if [ "$CHECK" = "" ]; then |
echo "$prog is NOT running." |
else |
echo "$prog is running !" |
fi |
else |
echo "$prog is Not running." |
fi |
echo "Checking $prog : " |
if [ -f $pidfile ]; then |
pid=`cat $pidfile` |
CHECK=`ps -p $pid --no-heading | awk {'printf $1'}` |
if [ "$CHECK" = "" ]; then |
echo "$prog is NOT running." |
else |
echo "$prog is running !" |
fi |
else |
echo "$prog is Not running." |
fi |
;; |
fail) |
failover |
fail) |
failover |
;; |
*) |
*) |
echo "Usage: $0 [start|stop|status|create|delete]" ; echo ; exit 1 |
;; |
esac |
/scripts/alcasar-profil.sh |
---|
20,16 → 20,16 |
for i in $ALL_PROFILS |
do |
if [ $Lang == "fr" ] |
then |
then |
echo -n "Comptes liés au profil '$i' : " |
else |
echo -n "accounts linked with profile '$i' : " |
echo -n "accounts linked with profile '$i' : " |
fi |
account_list=`cat $DIR_KEY/key_only_$i | cut -d':' -f1|sort` |
for account in $account_list |
do |
echo -n "$account " |
echo -n "$account " |
done |
echo |
done |
78,11 → 78,11 |
echo "$usage" |
exit 0 |
;; |
--add|-a) |
--add|-a) |
# ajout d'un compte |
list |
if [ $Lang == "fr" ] |
then |
then |
echo -n "Choisissez un profil ($ALL_PROFILS) : " |
else |
echo -n "Select a profile ($ALL_PROFILS) : " |
92,7 → 92,7 |
then |
echo -n "Entrez le nom du compte à créer (profil '$profil') : " |
else |
echo "Enter the name of the account to create (profile '$profil') : " |
echo "Enter the name of the account to create (profile '$profil') : " |
fi |
read account |
# on teste s'il n'existe pas déjà |
/scripts/alcasar-rpm-download.sh |
---|
9,7 → 9,7 |
# retrieve needed RPM in a tarball file |
VERSION="5" |
ARCH="x86_64" |
ARCH="x86_64" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man kernel-firmware-nonfree dos2unix p7zip bc msec kernel-userspace-headers" |
43,7 → 43,7 |
for i in $* |
do |
if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ] |
then |
then |
ARCH=`echo $i|cut -d"=" -f2` |
fi |
done |
65,7 → 65,7 |
do |
try_nb=`expr $try_nb + 1` |
MIRRORLIST="MIRRORLIST$try_nb" |
rpm_repository_sync |
rpm_repository_sync |
nb_repository=`cat /etc/urpmi/urpmi.cfg|grep mirrorlist|wc -l` |
if [ "$nb_repository" != "4" ] |
then |
84,7 → 84,7 |
do |
read response |
done |
if [ "$response" = "n" ] || [ "$response" = "N" ] |
if [ "$response" = "n" ] || [ "$response" = "N" ] |
then |
exit 1 |
fi |
98,7 → 98,7 |
echo -n "." |
done |
urpmi --clean |
# download RPM in cache |
# download RPM in cache |
echo "Récupération des paquetages de mise à jour. Veuillez patienter ..." |
echo "Updated RPM download. Please wait ..." |
echo "Il est temps d'aller prendre un café :-) " |
/scripts/alcasar-sms.sh |
---|
41,9 → 41,9 |
end="%%%%%%%%%% STOP %%%%%%%%%%" |
usage="Usage: alcasar-gammu.sh |
usage="Usage: alcasar-gammu.sh |
Start Gammu-smsd : --start |
Stop Gammu-smsd : --stop |
Stop Gammu-smsd : --stop |
Process on new sms : --new_sms" |
78,7 → 78,7 |
then |
sql_add_gp="connect radius; INSERT INTO $radgp (username,groupname) VALUES ('sms','sms');" |
sql_add_gp_att="connect radius; INSERT INTO $radgpck (groupname,attribute,op,value) VALUES ('sms','Simultaneous-Use',':=',1);" |
mysql --user=$u_db --password=$p_db -B -se "$sql_add_gp" |
mysql --user=$u_db --password=$p_db -B -se "$sql_add_gp_att" |
fi |
99,11 → 99,11 |
#Suppression du numero dans la table SMS_ban_perm |
sql_remove_ban_perm="connect gammu; DELETE FROM $sms_p" |
mysql --user=$u_db --password=$p_db -B -se "$sql_remove_ban_perm WHERE SenderNumber=$1;" |
# Ajout au groupe sms |
sql_remove_gp="connect radius; DELETE FROM $radgp WHERE username='$1';" |
mysql --user=$u_db --password=$p_db -B -se "$sql_remove_gp" |
# Suppression du compte dans Radcheck |
sql_remove_compte="connect radius; DELETE FROM $rad WHERE username='$1';" |
mysql --user=$u_db --password=$p_db -B -se "$sql_remove_compte" |
136,21 → 136,21 |
# Ajout table RadCheck : creation du compte |
sql_add_pass="connect radius; INSERT INTO $rad (username,attribute,op,value) VALUES ('$1','Crypt-Password',':=','$2');" |
sql_add_expe="connect radius; INSERT INTO $rad (username,attribute,op,value) VALUES ('$1','Expiration',':=','$3');" |
mysql --user=$u_db --password=$p_db -B -se "$sql_add_pass" |
mysql --user=$u_db --password=$p_db -B -se "$sql_add_expe" |
# Ajout au groupe sms |
sql_add_gp="connect radius; INSERT INTO $radgp (username,groupname) VALUES ('$1','sms');" |
mysql --user=$u_db --password=$p_db -B -se "$sql_add_gp" |
} # end function add_acc_rad() |
function supp_num_temp() { |
# Suppression du numéro dans table SMS_ban_temp |
sql_remove_ban_temp="connect gammu; DELETE FROM $sms_t" |
mysql --user=$u_db --password=$p_db -B -se "$sql_remove_ban_temp WHERE SenderNumber=$1;" |
} # end function supp_num_temp() |
function add_num_perm() { |
# Ajout du numero table SMS_ban_perm, 0 : creation du compte |
sql_add_ban_perm="connect gammu; INSERT INTO $sms_p (SenderNumber,Perm,Expiration) VALUES ('$1',0,'$2');" |
166,34 → 166,34 |
function new_sms() { |
# Check Inbox table, manage Ban temp and perm, create account |
export salt='$1$passwd$' |
sql_select_inbox="connect gammu; SELECT ID, SenderNumber, TextDecoded FROM $inb;" |
sql_delete_inbox="connect gammu; DELETE FROM $inb" |
mysql --user=$u_db --password=$p_db -B -se "$sql_select_inbox" | while read result; |
do |
# On recupère le nombre de mots (resultat) |
nb=$(echo $result | wc -w) |
# On récupère le numéro de l'ID |
id=$(echo $result | cut -d ' ' -f1) |
numero=$(echo $result | cut -d ' ' -f2) |
if [[ $numero =~ ^\+ ]] |
if [[ $numero =~ ^\+ ]] |
then |
# On vérifie si le pays est bloqué |
# On vérifie si le pays est bloqué |
sql_select_countries="connect gammu; SELECT id FROM $SMS_c WHERE status=1" |
mysql --user=$u_db --password=$p_db -B -se "$sql_select_countries" | while read result_c; |
do |
if [[ $numero =~ ^"$result_c" ]] |
then |
then |
numero=$(echo $numero | cut -d '+' -f2) |
# On vérifie que le numéro n'est pas Ban Perm |
# On vérifie que le numéro n'est pas Ban Perm |
sql_ban_perm="connect gammu; SELECT * FROM $sms_p WHERE SenderNumber=$numero" |
result_bp=$(mysql --user=$u_db --password=$p_db -B -se "$sql_ban_perm") |
206,46 → 206,46 |
sql_add_temp="connect gammu; INSERT INTO $sms_t(SenderNumber) VALUES ('$numero');" |
mysql --user=$u_db --password=$p_db -B -se "$sql_add_temp" |
elif [ $nb -eq 3 ] # Si 3 mots : id + mot de passe + numero |
elif [ $nb -eq 3 ] # Si 3 mots : id + mot de passe + numero |
then |
export pass=$(echo $result | cut -d ' ' -f3) |
pass_salt=$(perl -e'print crypt($ARGV[0],$ARGV[1])' $pass $salt) |
export LC_TIME="en_US.UTF-8" |
expir=$(date '+%d %B %Y' -d "$time_account days") |
supp_acc_rad "$numero" |
add_acc_rad "$numero" "$pass_salt" "$expir" |
supp_num_temp "$numero" |
add_num_perm "$numero" "$expir" |
else |
else |
# Autrement, le mot de passe est trop grand ( > un mot ) |
# On incrémente d'un 1 dans la table des bans temp |
sql_add_temp="connect gammu; INSERT INTO $sms_t(SenderNumber) VALUES ('$numero');" |
mysql --user=$u_db --password=$p_db -B -se "$sql_add_temp" |
fi |
# On gère les bans temp en ban perm |
sql_select_temp="connect gammu; SELECT ID FROM $sms_t WHERE SenderNumber='$numero'" |
r_select_temp=$(mysql --user=$u_db --password=$p_db -B -se "$sql_select_temp") |
nb_ban_t=$(echo $r_select_temp| wc -w) |
if [ $nb_ban_t -ge $nb_essais ] |
then |
supp_num_temp "$numero" |
export LC_TIME="en_US.UTF-8" |
expir_f=$(date '+%d %B %Y' -d "$time_ban days") |
# Ajout du numero table SMS_ban_perm, 1 : flood |
sql_add_ban_perm="connect gammu; INSERT INTO $sms_p (SenderNumber,Perm,Expiration) VALUES ('$numero',1,'$expir_f');" |
mysql --user=$u_db --password=$p_db -B -se "$sql_add_ban_perm" |
fi |
fi |
else |
date_expiration=$(echo $result_bp | cut -d ' ' -f2,3,4) |
perm=$(echo $result_bp | cut -d ' ' -f5) |
export LC_TIME="en_US.UTF-8" |
date_script=$(date '+%d %B %Y' -d "now") |
263,7 → 263,7 |
sql_add_temp="connect gammu; INSERT INTO $sms_t(SenderNumber) VALUES ('$numero');" |
mysql --user=$u_db --password=$p_db -B -se "$sql_add_temp" |
elif [ $nb -eq 3 ] # Si 3 mots : id + mot de passe + numero |
elif [ $nb -eq 3 ] # Si 3 mots : id + mot de passe + numero |
then |
date_expiration=$(echo $result_bp | cut -d ' ' -f2,3,4) |
perm=$(echo $result_bp | cut -d ' ' -f5) |
276,7 → 276,7 |
export pass=$(echo $result | cut -d ' ' -f3) |
pass_salt=$(perl -e'print crypt($ARGV[0],$ARGV[1])' $pass $salt) |
export LC_TIME="en_US.UTF-8" |
expir=$(date '+%d %B %Y' -d "$time_account days") |
286,8 → 286,8 |
supp_num_temp "$numero" |
supp_num_perm "$numero" |
add_num_perm "$numero" "$expir" |
else |
else |
# Autrement, le mot de passe est trop grand ( > un mot ) |
# On incrémente d'un 1 dans la table des bans temp |
sql_add_temp="connect gammu; INSERT INTO $sms_t(SenderNumber) VALUES ('$numero');" |
294,26 → 294,26 |
mysql --user=$u_db --password=$p_db -B -se "$sql_add_temp" |
echo "Mot de passe incorrect, ajout du numero en ban temporaire" |
fi |
# On gère les bans temp en ban perm |
sql_select_temp="connect gammu; SELECT ID FROM $sms_t WHERE SenderNumber='$numero'" |
r_select_temp=$(mysql --user=$u_db --password=$p_db -B -se "$sql_select_temp") |
nb_ban_t=$(echo $r_select_temp| wc -w) |
if [ $nb_ban_t -ge $nb_essais ] |
then |
supp_num_perm "$numero" |
supp_num_temp "$numero" |
export LC_TIME="en_US.UTF-8" |
expir_f=$(date '+%d %B %Y' -d "$time_ban days") |
# Ajout du numero table SMS_ban_perm, 1 : flood |
sql_add_ban_perm="connect gammu; INSERT INTO $sms_p (SenderNumber,Perm,Expiration) VALUES ('$numero',1,'$expir_f');" mysql --user=$u_db --password=$p_db -B -se "$sql_add_ban_perm" |
fi |
else |
echo "Le ban de $numero est encore valide" |
fi |
echo "Le ban de $numero est encore valide" |
fi |
break |
fi |
#else |
359,7 → 359,7 |
else |
echo "gammu is already stopped" |
fi |
exit 0 |
exit 0 |
;; |
--pidof) |
/sbin/pidof gammu-smsd |
367,103 → 367,103 |
--last_nosim) |
# Récupère la dernière ligne où NOSIM est présent (error) |
cat $logfile | grep -n "NOSIM" | cut -d ':' -f1 | tail -n 1 |
exit 0 |
exit 0 |
;; |
--last_start) |
# Récupère la dernière ligne où ########## est présent (séparateur) |
cat $logfile | grep -n "##########" | cut -d ':' -f1 | tail -n 1 |
exit 0 |
exit 0 |
;; |
--last_stop) |
# Récupère la dernière ligne où %%%%%%%%%% est présent (séparateur) |
cat $logfile | grep -n "%%%%%%%%%%" | cut -d ':' -f1 | tail -n 1 |
exit 0 |
exit 0 |
;; |
--last_writeerror) |
#Récupère la dernière ligne où SECURITYERROR est présent (error) |
cat $logfile | grep -n "DEVICEWRITEERROR" | cut -d ':' -f1 | tail -n 1 |
exit 0 |
exit 0 |
;; |
--last_timeout) |
# Récupère la dernière ligne où SECURITYERROR est présent (error) |
cat $logfile | grep -n "TIMEOUT" | cut -d ':' -f1 | tail -n 1 |
exit 0 |
exit 0 |
;; |
--last_secu) |
# Récupère la dernière ligne où SECURITYERROR est présent (error) |
cat $logfile | grep -n "SECURITYERROR" | cut -d ':' -f1 | tail -n 1 |
exit 0 |
exit 0 |
;; |
--last_puk) |
# Récupère la dernière ligne où PUK est présent (error) |
cat $logfile | grep -n "UNKNOWN" | cut -d ':' -f1 | tail -n 1 |
exit 0 |
exit 0 |
;; |
#--log) |
# # Récupère le nom du fichier de log |
# cat $config | grep logfile | cut -d ' ' -f3 |
# exit 0 |
# exit 0 |
# ;; |
--connect) |
# Récupère la vitesse de co |
cat $config | grep connection | cut -d ' ' -f3 |
exit 0 |
exit 0 |
;; |
--replace_connect) |
# Edition de la vitesse de co |
sed -i "s/^connection = at.*/connection = at$2/g" $config |
exit 0 |
exit 0 |
;; |
--pin) |
# Récupère le code PIN (file de conf) |
cat $config | grep PIN | cut -d ' ' -f3 |
exit 0 |
exit 0 |
;; |
--replace_pin) |
# Edition du code PIN |
sed -i "s/^PIN =.*/PIN = $2/g" $config |
exit 0 |
exit 0 |
;; |
--try_ban) |
# Récupère le nombre d'essais avant le ban perm |
grep nb_essais= $script | head -n 1 | cut -d '=' -f2 |
exit 0 |
exit 0 |
;; |
--replace_try_ban) |
# Edition le nombre d'essais avant le ban perm |
sed -i "s/^nb_essais=.*/nb_essais=$2/g" $script |
exit 0 |
exit 0 |
;; |
--time_account) |
# Récupère la durée en jours de la session créée |
grep time_account= $script | head -n 1 | cut -d '=' -f2 |
exit 0 |
exit 0 |
;; |
--replace_time_account) |
# Edition de la durée de la session créée |
sed -i "s/^time_account=.*/time_account=$2/g" $script |
exit 0 |
exit 0 |
;; |
--time_perm) |
# Récupère la durée un jours d'un ban perm (après flood par exemple) |
grep time_ban= $script | head -n 1 | cut -d '=' -f2 |
exit 0 |
exit 0 |
;; |
--replace_time_perm) |
# Edition de la durée d'un ban perm |
sed -i "s/^time_ban=.*/time_ban=$2/g" $script |
exit 0 |
exit 0 |
;; |
--unlock_num) |
# Appel de la fonction unlock : deban un numero $2 |
unlock "$2" |
exit 0 |
exit 0 |
;; |
--change_country) |
# Permet de changer l'état de blocage d'un pays |
a="" |
for i in "$@" |
do |
do |
a=$(echo "$a $i") |
done |
a=$(echo $a | cut -d ' ' -f2-$#) |
514,12 → 514,12 |
--numero_alcasar) |
# Récupère le numero de la clé 3g (téléphone) |
grep "\$current_num=" $public_page | head -n 1 | cut -d"'" -f2 |
exit 0 |
exit 0 |
;; |
--replace_numero_alcasar) |
# Edition du numero de la clé 3g (téléphone) |
sed -i "s/\$current_num=.*/\$current_num='$2';/g" $public_page |
exit 0 |
exit 0 |
;; |
--mode) |
# Mode huawei |
/scripts/alcasar-uninstall.sh |
---|
54,12 → 54,12 |
fi |
echo "Stopping service : " |
/usr/local/bin/alcasar-sms.sh --stop |
for i in $services |
for i in $services |
do |
if [ -e /lib/systemd/system/$i.service ] |
if [ -e /lib/systemd/system/$i.service ] |
then |
/usr/bin/systemctl disable $i.service |
/usr/bin/systemctl stop $i.service 1>/dev/null |
/usr/bin/systemctl stop $i.service 1>/dev/null |
sleep 1 |
else |
echo "The service $i.service doesn't exist !" |
157,7 → 157,7 |
sleep 1 |
echo -en "\n- antivirus (5) : " |
if [ -e /etc/init.d/havp ] |
if [ -e /etc/init.d/havp ] |
then |
[ -e /etc/havp/havp.config.default ] && mv /etc/havp/havp.config.default /etc/havp/havp.config && echo -n "1, " |
userdel -r havp 2>/dev/null && echo -n "2, " |
169,7 → 169,7 |
sleep 1 |
echo -en "\n- tinyproxy (2) : " |
if [ -e /etc/init.d/tinyproxy ] |
if [ -e /etc/init.d/tinyproxy ] |
then |
[ -e /etc/tinyproxy/tinyproxy.conf.default ] && mv /etc/tinyproxy/tinyproxy.conf.default /etc/tinyproxy/tinyproxy.conf && echo -n "1, " |
userdel -r tinyproxy 2>/dev/null && echo -n "2" |
222,8 → 222,8 |
i=3 |
for filter in `ls /etc/fail2ban/filter.d/alcasar_*` |
do |
i=`expr $i + 1` |
rm $filter && echo -n "$i, " |
i=`expr $i + 1` |
rm $filter && echo -n "$i, " |
done |
[ -e /lib/systemd/system/fail2ban.service.default ] && mv /lib/systemd/system/fail2ban.service.default /lib/systemd/system/fail2ban.service && echo -n "8" |
sleep 1 |
232,8 → 232,8 |
i=1 |
for cron in `ls /etc/cron.d/alcasar-*` |
do |
rm $cron && echo -n "$i, " |
i=`expr $i + 1` |
rm $cron && echo -n "$i, " |
i=`expr $i + 1` |
done |
[ -e /etc/crontab.default ] && mv /etc/crontab.default /etc/crontab && echo -n "10, " |
[ -e /etc/anacrontab.default ] && mv /etc/anacrontab.default /etc/anacrontab && echo -n "11" |
/scripts/alcasar-url_filter_bl.sh |
---|
7,9 → 7,9 |
# This script is distributed under the Gnu General Public License (GPL) |
# Active / désactive : safesearch des moteurs de recherche |
# Enable / disable : search engines safesearch |
# Enable / disable : search engines safesearch |
# Active / désactive : le filtrage des url contenant une adresse ip à la place d'un nom de domaine |
# Enable / disable : filter of urls containing ip address instead of domain name |
# Enable / disable : filter of urls containing ip address instead of domain name |
DIR_DG="/etc/dansguardian/lists" |
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf" |
33,11 → 33,11 |
exit 0 |
;; |
# Safe search activation |
-safesearch_on | --safesearch_on) |
-safesearch_on | --safesearch_on) |
safesearch="On" |
;; |
# Safe search desactivation |
-safesearch_off | --safesearch_off) |
-safesearch_off | --safesearch_off) |
safesearch="Off" |
;; |
# pure_ip activation |
63,7 → 63,7 |
# $SED "/google/d" $DNSMASQ_BL_CONF # remove old google declaration |
# nossl_server=`host -ta nosslsearch.google.com|cut -d" " -f4` # retrieve google nosslsearch ip |
# echo "# nosslsearch redirect server for google" >> $DNSMASQ_BL_CONF |
# for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat |
# for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat |
# do |
# echo "address=/$gg_dnsname/$nossl_server" >> $DNSMASQ_BL_CONF |
# done |
71,7 → 71,7 |
$SED "/google/d" $DNSMASQ_BL_CONF # remove old google declaration |
forcesafesearch_server=`host -ta forcesafesearch.google.com|cut -d" " -f4` # retrieve google forcesafesearch ip |
echo "# SafeSearch redirect server for google" >> $DNSMASQ_BL_CONF |
for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat |
for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat |
do |
echo "address=/$gg_dnsname/$forcesafesearch_server" >> $DNSMASQ_BL_CONF |
done |
/scripts/alcasar-url_filter_wl.sh |
---|
9,7 → 9,7 |
# Active / désactive : safesearch des moteurs de recherche |
# Enable / disable : search engines safesearch |
# Active / désactive : le filtrage des url contenant une adresse ip à la place d'un nom de domaine |
# Enable / disable : filter of urls containing ip address instead of domain name |
# Enable / disable : filter of urls containing ip address instead of domain name |
TINY_CONF="/etc/tinyproxy/tinyproxy.conf" |
DNSMASQ_WL_CONF="/etc/dnsmasq-whitelist.conf" |
33,11 → 33,11 |
exit 0 |
;; |
# Safe search activation |
-safesearch_on | --safesearch_on) |
-safesearch_on | --safesearch_on) |
safesearch="On" |
;; |
# Safe search desactivation |
-safesearch_off | --safesearch_off) |
-safesearch_off | --safesearch_off) |
safesearch="Off" |
;; |
*) |
58,7 → 58,7 |
rm $IP_WL # remove old google declaration |
fi |
echo "# SafeSearch redirect server for google" >> $DNSMASQ_WL_CONF |
for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat |
for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat |
do |
echo "address=/$gg_dnsname/$forcesafesearch_server" >> $DNSMASQ_WL_CONF |
done |
/scripts/alcasar-urpmi.sh |
---|
5,12 → 5,12 |
# by 3abtux and Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# script de mise en place des dépots RPM |
# script de mise en place des dépots RPM |
# configure the RPM repository |
Lang=`echo $LANG|cut -c 1-2` |
VERSION="6" |
ARCH="x86_64" |
ARCH="x86_64" |
# The kernel version we compile netflow for |
KERNEL="kernel-server-4.9.56-1.mga6-1-1.mga6" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
34,7 → 34,7 |
{ |
echo |
if [ $Lang == "fr" ] |
then |
then |
echo "Relancez l'installation ultérieurement." |
echo "Si vous rencontrez à nouveau ce problème, modifier les variables MIRRORLIST[1&2] du fichier 'scripts/alcasar-urpmi.sh'" |
else |
51,15 → 51,15 |
for i in $* |
do |
if [ "`echo $i|grep distribution|cut -d'=' -f1`" == "distribution" ] |
then |
then |
DISTRIBUTION=`echo $i|cut -d"=" -f2` |
fi |
if [ "`echo $i|grep version|cut -d'=' -f1`" == "version" ] |
then |
then |
CURRENT_VERSION=`echo $i|cut -d"=" -f2` |
fi |
if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ] |
then |
then |
ARCH=`echo $i|cut -d"=" -f2` |
fi |
done |
71,7 → 71,7 |
# Set the RPM repository (if not already set) |
ACTIVE_REPO=`cat /etc/urpmi/urpmi.cfg|grep "mageia.org"|wc -l` |
MIRROR_NBR=2 |
# For Europeans |
# For Europeans |
MIRRORLIST1="http://www.mirrorservice.org/sites/mageia.org/pub/mageia/distrib/$VERSION/$ARCH" |
# For International install |
MIRRORLIST2="http://mirrors.mageia.org/api/mageia.$VERSION.$ARCH.list" |
80,12 → 80,12 |
do |
try_nb=`expr $try_nb + 1` |
MIRRORLIST="MIRRORLIST$try_nb" |
rpm_repository_sync |
rpm_repository_sync |
nb_repository=`cat /etc/urpmi/urpmi.cfg|grep mirrorlist|wc -l` |
if [ "$nb_repository" != "4" ] |
then |
if [ $Lang == "fr" ] |
then |
then |
echo "Une erreur a été détectée lors de la synchronisation avec le dépot N°$try_nb." |
else |
echo "An error occurs when synchronising the repositories N°$try_nb" |
96,7 → 96,7 |
exit 1 |
fi |
if [ $Lang == "fr" ] |
then |
then |
echo "Voulez-vous tenter une synchronisation avec un autre dépôt ? (O/n)" |
else |
echo "Do you wan't to try a synchronisation with an other repository? (Y/n)" |
107,7 → 107,7 |
do |
read response |
done |
if [ "$response" = "n" ] || [ "$response" = "N" ] |
if [ "$response" = "n" ] || [ "$response" = "N" ] |
then |
exit 1 |
fi |
116,7 → 116,7 |
# download the kernel used by ALCASAR and fix its version |
if [ $Lang == "fr" ] |
then |
then |
echo "Récupération du noyau Linux exploité par ALCASAR. Veuillez patienter ..." |
else |
echo "Download the Linux kernel used by ALCASAR. Please wait ..." |
123,9 → 123,9 |
fi |
echo "/^kernel/" > /etc/urpmi/skip.list |
urpmi --auto --quiet $KERNEL |
# download updated RPM in cache |
# download updated RPM in cache |
if [ $Lang == "fr" ] |
then |
then |
echo "Récupération des paquetages de mise à jour. Veuillez patienter ..." |
echo "Il est temps d'aller prendre un café (ou une bonne bière) ;-)" |
else |
137,7 → 137,7 |
then |
echo |
if [ $Lang == "fr" ] |
then |
then |
echo "Une erreur a été détectée lors de la récupération des paquetages." |
else |
echo "An error occurs when downloading RPMS" |
152,7 → 152,7 |
then |
echo |
if [ $Lang == "fr" ] |
then |
then |
echo "Une erreur a été détectée lors de la mise à jour des paquetages." |
else |
echo "An error occurs when updating packages" |
165,7 → 165,7 |
# Download of ALCASAR specifics RPM in cache (and test) |
if [ $Lang == "fr" ] |
then |
then |
echo "Récupération des paquetages complémentaires. Veuillez patienter ..." |
else |
echo "Download of complementary packages. Please wait ..." |
175,7 → 175,7 |
then |
echo |
if [ $Lang == "fr" ] |
then |
then |
echo "Une erreur a été détectée lors de la récupération des paquetages complémentaires." |
else |
echo "An error occurs when downloading complementary packages" |
185,12 → 185,12 |
fi |
# update with cached RPM |
urpmi --auto $PACKAGES |
urpmi --auto $PACKAGES |
if [ "$?" != "0" ] |
then |
echo |
if [ $Lang == "fr" ] |
then |
then |
echo "Une erreur a été détectée lors de l'installation des paquetages complémentaires." |
else |
echo "An error occurs when installing complementary packages" |
/scripts/alcasar-version.sh |
---|
26,7 → 26,7 |
MAJ="True" |
fi |
#compare minor number |
if [ $MAJ_RUNNING_VERSION -eq $MAJ_DNS_VERSION ] |
if [ $MAJ_RUNNING_VERSION -eq $MAJ_DNS_VERSION ] |
then |
if [ $MIN_RUNNING_VERSION -lt $MIN_DNS_VERSION ] |
then |
41,7 → 41,7 |
then |
MAJ="True" |
else |
if [ $UPD_RUNNING_VERSION -lt $UPD_DNS_VERSION ] |
if [ $UPD_RUNNING_VERSION -lt $UPD_DNS_VERSION ] |
then |
MAJ="True" |
fi |
51,8 → 51,8 |
fi |
if [ $MAJ = "True" ] |
then |
then |
echo "An updated version is available ($DNS_VERSION)" |
else |
else |
echo "The Running version ($RUNNING_VERSION) is up to date" |
fi |
/scripts/alcasar-watchdog.sh |
---|
43,7 → 43,7 |
;; |
esac |
net_pb=`grep "network_pb = true;" $Index_Page|wc -l` |
if [ $net_pb = "0" ] # user alert (only the first time) |
if [ $net_pb = "0" ] # user alert (only the first time) |
then |
/bin/sed -i "s?^\$network_pb.*?\$network_pb = true;?g" $Index_Page |
$IPTABLES -I PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56 |
145,5 → 145,5 |
fi |
done |
;; |
esac |
esac |
IFS=$OLDIFS |