/alcasar.sh |
---|
468,7 → 468,6 |
echo "EXT_DHCP_IP=none" >> $CONF_FILE |
echo "RELAY_DHCP_IP=none" >> $CONF_FILE |
echo "RELAY_DHCP_PORT=none" >> $CONF_FILE |
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE |
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default |
# config network |
cat <<EOF > /etc/sysconfig/network |
1272,7 → 1271,7 |
groupdel tinyproxy 2>/dev/null |
fi |
groupadd -f tinyproxy |
useradd -r -g tinyproxy -s /bin/false -c "system user for tinyproxy" tinyproxy |
useradd -r -g tinyproxy -s /bin/false -c "system user for tinyproxy" havp |
mkdir -p /var/log/tinyproxy /var/run/tinyproxy |
chown -R tinyproxy:tinyproxy /var/log/tinyproxy /var/run/tinyproxy |
[ -e /etc/tinyproxy/tinyproxy.conf.default ] || cp /etc/tinyproxy/tinyproxy.conf /etc/tinyproxy/tinyproxy.conf.default |
/scripts/alcasar-iptables.sh |
---|
320,54 → 320,51 |
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT |
# If protocols filter is activate |
if [ $PROTOCOLS_FILTERING = on ]; then |
# Compute uamallowed IP (IP address of equipments connected between ALCASAR and Internet (DMZ, own servers, ...) |
nb_uamallowed=`wc -l /usr/local/etc/alcasar-uamallowed | cut -d" " -f1` |
if [ $nb_uamallowed != "0" ] |
then |
while read ip_allowed_line |
do |
ip_allowed=`echo $ip_allowed_line|cut -d"\"" -f2` |
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ULOG --ulog-prefix "RULE IP-allowed -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ACCEPT |
done < /usr/local/etc/alcasar-uamallowed |
fi |
# Autorisation du HTTP et des protocoles non commentés |
# Allow HTTP and non comment protocols |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport http -m state --state NEW -j ULOG --ulog-prefix "RULE F_TCP-$svc_name -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport http -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport http -m state --state NEW -j ACCEPT |
while read svc_line |
do |
svc_on=`echo $svc_line|cut -b1` |
if [ $svc_on != "#" ] |
then |
svc_name=`echo $svc_line|cut -d" " -f1` |
svc_port=`echo $svc_line|cut -d" " -f2` |
if [ $svc_name = "icmp" ] |
then |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp -j ACCEPT |
else |
#if [ $PROTOCOLS_FILTERING = on ]; then |
# # Compute uamallowed IP (IP address of equipments connected between ALCASAR and Internet (DMZ, own servers, ...) |
# nb_uamallowed=`wc -l /usr/local/etc/alcasar-uamallowed | cut -d" " -f1` |
# if [ $nb_uamallowed != "0" ] |
# then |
# while read ip_allowed_line |
# do |
# ip_allowed=`echo $ip_allowed_line|cut -d"\"" -f2` |
# $IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ULOG --ulog-prefix "RULE IP-allowed -- ACCEPT " |
# $IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j NETFLOW |
# $IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ACCEPT |
# done < /usr/local/etc/alcasar-uamallowed |
# fi |
# # Autorisation des protocoles non commentés |
# # Allow non comment protocols |
# while read svc_line |
# do |
# svc_on=`echo $svc_line|cut -b1` |
# if [ $svc_on != "#" ] |
# then |
# svc_name=`echo $svc_line|cut -d" " -f1` |
# svc_port=`echo $svc_line|cut -d" " -f2` |
# if [ $svc_name = "icmp" ] |
# then |
# $IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp -j NETFLOW |
# $IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp -j ACCEPT |
# else |
# |
# $IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j ULOG --ulog-prefix "RULE F_TCP-$svc_name -- ACCEPT " |
# $IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j NETFLOW |
# $IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j ACCEPT |
# $IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j ULOG --ulog-prefix "RULE F_UDP-$svc_name -- ACCEPT " |
# $IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j NETFLOW |
# $IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j ACCEPT |
# fi |
# fi |
# done < /usr/local/etc/alcasar-services |
# # Rejet explicite des autres protocoles |
# # reject the others protocols |
# $IPTABLES -A FORWARD -i $TUNIF -j ULOG --ulog-prefix "RULE F_filter -- REJECT " |
# $IPTABLES -A FORWARD -i $TUNIF -p tcp -j REJECT --reject-with tcp-reset |
# $IPTABLES -A FORWARD -i $TUNIF -p udp -j REJECT --reject-with icmp-port-unreachable |
# $IPTABLES -A FORWARD -i $TUNIF -p icmp -j REJECT |
#fi |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j ULOG --ulog-prefix "RULE F_TCP-$svc_name -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j ACCEPT |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j ULOG --ulog-prefix "RULE F_UDP-$svc_name -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j ACCEPT |
fi |
fi |
done < /usr/local/etc/alcasar-services |
# Rejet explicite des autres protocoles |
# reject the others protocols |
$IPTABLES -A FORWARD -i $TUNIF -j ULOG --ulog-prefix "RULE F_filter -- REJECT " |
$IPTABLES -A FORWARD -i $TUNIF -p tcp -j REJECT --reject-with tcp-reset |
$IPTABLES -A FORWARD -i $TUNIF -p udp -j REJECT --reject-with icmp-port-unreachable |
$IPTABLES -A FORWARD -i $TUNIF -p icmp -j REJECT |
fi |
# If QOS is activate # |
if [ $QOS = on ] && [ -e /usr/local/etc/alcasar-iptables-qos.sh ]; then |
. /usr/local/etc/alcasar-iptables-qos.sh |
/scripts/sbin/alcasar-uninstall.sh |
---|
129,6 → 129,8 |
fi |
sleep 1 |
#param_ulogd |
echo -en "\n- ulogd(6) : " |
i=0 |
152,7 → 154,7 |
then |
[ -e /etc/sysconfig/dnsmasq.default ] && mv /etc/sysconfig/dnsmasq.default /etc/sysconfig/dnsmasq && echo -n "1, " |
[ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf && echo -n "2, " |
i=2 |
i=0 |
for list in blacklist whitelist blackhole |
do |
i=`expr $i + 1` |
211,11 → 213,11 |
sleep 1 |
#network |
echo -en "\n- network(8) : " |
echo -en "\n- network(9) : " |
hostname localhost |
CONF_FILE="/usr/local/etc/alcasar.conf" |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
i=0 |
for nic in $EXTIF $INTIF |
do |
228,7 → 230,8 |
[ -e /etc/ntp.conf.default ] && mv /etc/ntp.conf.default /etc/ntp.conf && echo -n "5, " |
[ -e /etc/hosts.allow.default ] && mv /etc/hosts.allow.default /etc/hosts.allow && echo -n "6, " |
[ -e /etc/hosts.deny.default ] && mv /etc/hosts.deny.default /etc/hosts.deny && echo -n "7, " |
[ -e /etc/modprobe.preload.default ] && mv /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "8" |
[ -e /etc/sysconfig/iptables ] && rm -f /etc/sysconfig/iptables && echo -n "8, " |
[ -e /etc/modprobe.preload.default ] && mv /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "9" |
/sbin/ifup $EXTIF |
sleep 1 |
259,3 → 262,5 |
done |
echo |
#suppression des exceptions de mises à jours ( coova-chilli et freeradius) |
sed -i '/coova.*/d' /etc/urpmi/skip.list |
/scripts/sbin/alcasar-bl.sh |
---|
105,6 → 105,9 |
exit 0 |
;; |
# Retrieve Toulouse BL |
-cat_choice | --cat_choice) |
cat_choice |
;; |
-download | --download) |
rm -rf /tmp/con_ok.html |
`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html` |
119,10 → 122,6 |
chown -R apache:apache $DIR_tmp |
fi |
;; |
# enable/disable categories (used only during the alcasar install process) |
-cat_choice | --cat_choice) |
cat_choice |
;; |
# Adapt Toulouse BL to ALCASAR architecture (dnsmasq + DG + iptables) |
-adapt | --adapt) |
echo -n "Toulouse BlackList migration process. Please wait : " |
225,9 → 224,7 |
cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_BL/ossi.conf |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_BL/ossi.conf |
cp -f $DIR_DG_BL/ossi/domains_wl $DIR_DNS_WL/ossi.conf |
systemctl restart dnsmasq-blacklist |
systemctl restart dnsmasq-whitelist |
/usr/local/bin/alcasar-iptables.sh |
bl_enable |
;; |
*) |
echo "Argument inconnu :$1"; |
/web/acc/admin/bl_filter.php |
---|
36,31 → 36,6 |
return preg_replace("/(.*)\n/", "add blacklist_ip_blocked $1\n", $new_list); |
} |
} |
function echo_file ($filename) |
{ |
if (file_exists($filename)) |
{ |
if (filesize($filename) != 0) |
{ |
$pointeur=fopen($filename,"r"); |
$tampon = fread($pointeur, filesize($filename)); |
fclose($pointeur); |
echo $tampon; |
} |
} |
else |
{ |
echo "$filename doesn't exist"; |
} |
} |
function echo_ip_file ($filename) |
{ |
exec("cat $filename | cut -d ' ' -f3", $resultat); |
for($i=0; $i<exec("wc -l $filename"); $i++) |
{ |
echo $resultat[$i]."\n"; |
} |
} |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
202,6 → 177,7 |
case 'Active_list' : |
exec ("sudo /usr/local/sbin/alcasar-bl.sh --adapt"); |
exec ("sudo /usr/local/sbin/alcasar-bl.sh --reload"); |
shell_exec ("nohup nice -n 10 sudo /usr/local/sbin/alcasar-bl.sh --ip_retrieving > /dev/null 2>/dev/null &"); |
break; |
case 'Reject_list' : |
unlink ("$dir_tmp/blacklists.tar.gz"); unlink ("$dir_tmp/md5sum"); |
329,268 → 305,8 |
break; |
} |
?> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th> |
<?php echo $l_list_version; echo date ("F d Y", filemtime ('/etc/dansguardian/lists/blacklists/README'));?> |
</th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left" colspan=10> |
<FORM action='bl_filter.php' method=POST> |
<?php |
if ((file_exists("$dir_tmp/blacklists.tar.gz")) && (file_exists("$dir_tmp/md5sum"))) |
{ |
echo "$l_fingerprint"; echo_file ("$dir_tmp/md5sum"); |
echo "<br>$l_fingerprint2<a href='http://dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST' target='cat_help' onclick=window.open('http://dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST','cat_help','width=600,height=150,toolbar=no,scrollbars=yes,resizable=yes') title='verify fingerprint'>dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST</a><br>"; |
echo "<input type='hidden' name='choix' value='Active_list'>"; |
echo "<input type='submit' value='$l_activate_bl'> ($l_warning)</FORM>"; |
echo "<FORM action='bl_filter.php' method=POST>"; |
echo "<input type='hidden' name='choix' value='Reject_list'>"; |
echo "<input type='submit' value='$l_reject_bl'></form>"; |
} |
else |
{ |
echo "<input type='hidden' name='choix' value='Download_list'>"; |
echo "<input type='submit' value='$l_download_bl'>"; |
echo " ($l_warning)"; |
} |
require ('bl_filter2.php'); |
?> |
</FORM> |
</td></tr> |
</table><br/> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_bl; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<table width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left" colspan=10> |
<FORM action='bl_filter.php' method=POST> |
<input type='hidden' name='choix' value='MAJ_cat_bl'> |
<?php |
echo "<center>"; |
$nbDomainNames = exec ("wc -l /usr/local/share/dnsmasq-bl/* | tail -n 1 | awk '{print $1}'"); |
$nbUrl = exec ("for file in `find /etc/dansguardian/lists/blacklists/ -name 'urls'`; do nb=$((nb+$(wc -l \$file | awk '{print $1}'))); done; echo \$nb"); |
$nbIp = exec ("wc -l /usr/local/share/iptables-bl/* | tail -n 1 | awk '{print $1}'"); |
echo "<b>$l_nbDomainNames</b> $nbDomainNames, <b>$l_nbUrl</b> $nbUrl, <b>$l_nbIp</b> $nbIp<br/>"; |
echo "$l_bl_categories</center></td></tr>"; |
//on lit et on interprete le fichier de catégories |
$cols=1; |
if (file_exists($bl_categories)) |
{ |
$pointeur=fopen($bl_categories,"r"); |
while (!feof ($pointeur)) |
{ |
$ligne=fgets($pointeur, 4096); |
if ($ligne) |
{ |
if ($cols == 1) { echo "<tr>";} |
$categorie=trim(basename($ligne)); |
if($categorie != "ossi") |
{ |
echo "<td><a href='bl_categories_help.php?liste=bl&cat=$categorie' target='cat_help' onclick=window.open('bl_categories_help.php','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>$categorie</a><br>"; |
echo "<input type='checkbox' name='chk-$categorie'"; |
// si la ligne est commentée -> categorie non selectionnée |
if (preg_match('/^#/',$ligne, $r)) { echo ">";} |
else { echo "checked>"; } |
echo "</td>"; |
$cols++; |
} |
if ($cols > 10) { |
echo "</tr>"; |
$cols=1; } |
} |
} |
fclose($pointeur); |
} |
else { |
echo "$l_error_open_file $bl_categories"; |
} |
echo "</td></tr>"; |
echo "<tr><td valign='middle' align='left' colspan=10>"; |
echo "<center><b>$l_maj_rehabilitated</b></center></td></tr>"; |
echo "<tr><td width=50% colspan=5 align=center>"; |
echo "<H3>$l_rehabilitated_dns</H3>$l_rehabilitated_dns_explain<BR>$l_one_dns<BR>"; |
echo "<textarea name='BL_rehabilited_domains' rows=3 cols=40>"; |
echo_file ($dir_dg."exceptionsitelist"); |
echo "</textarea></td>"; |
echo "<td width=50% colspan=5 align=center>"; |
echo "<H3>$l_rehabilitated_ip</H3>$l_rehabilitated_ip_explain<BR>$l_one_ip<BR>"; |
echo "<textarea name='BL_rehabilited_ip' rows=3 cols=40>"; |
echo_file ($dir_dg."exceptioniplist"); |
echo "</textarea></td></tr><tr><td width=50% colspan=10>"; |
echo "<tr><td valign='middle' align='left' colspan=10>"; |
echo "<center><b>$l_add_to_bl</b></center></td></tr>"; |
echo "<tr><td width=50% colspan=5 align=center>"; |
echo "<H3>$l_forbidden_dns</H3>$l_forbidden_dns_explain<BR>"; |
echo "<textarea name='OSSI_bl_domains' rows=3 cols=40>"; |
echo_file ($dir_dg."blacklists/ossi/domains"); |
echo "</textarea></td>"; |
echo "<td width=50% colspan=5 align=center>"; |
echo "<H3>$l_forbidden_ip</H3>$l_forbidden_ip_explain<BR>"; |
echo "<textarea name='OSSI_bl_ip' rows=3 cols=40>"; |
echo_ip_file ($dir_bl_ip."ossi"); |
echo "</textarea></td></tr><tr><td colspan=10>"; |
echo "<input type='submit' value='$l_record'>"; |
echo "</form> ($l_wait)"; |
echo "</table></td><br/>"; |
?> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_personal_file_title; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<table width="100%" border=1 cellspacing=0 cellpadding=1> |
<form action='bl_filter.php' method='POST'> |
<input type='hidden' name='choix' value='MAJ_ip_file_delete'> |
<?php |
echo "<tr><td width=50% colspan=5 align=center>"; |
echo "<H3>$l_file_list</H3>"; |
echo "<table cellspacing=2 cellpadding=3 border=1><tr><th>$l_file_name<th>$l_nb_ip<th>$l_nb_domain_names<th>$l_file_remove</tr>"; |
exec("cd $upload_dir_ip && ls ossi-*", $fichiersIp); |
foreach($fichiersIp as $fichier => $value) |
{ |
echo "<tr><td><center>".exec("sed 's/^.....//g' <<< $value")."</center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>"; |
} |
echo "</table><br/></td></form><form action='bl_filter.php' method='POST' enctype='multipart/form-data'>"; |
echo "<input type='hidden' name='choix' value='MAJ_ip_file_upload'><td width=50% colspan=5 align=center>"; |
echo "<H3>$l_add_file</H3>"; |
echo "<input type='file' name='fichier_ip'>"; |
echo "<input type='submit' value='$l_submit'>"; |
echo "</td></tr>"; |
echo "</form>"; |
echo "</table><br/>"; |
?> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_wl; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left" colspan=10> |
<FORM action='bl_filter.php' method=POST> |
<input type='hidden' name='choix' value='MAJ_cat_wl'> |
<?php |
echo "<center>"; |
$nbDomainNames = exec ("wc -l /usr/local/share/dnsmasq-wl/* | tail -n 1 | awk '{print $1}'"); |
$nbUrl = 0; |
$nbIp = 0; |
echo "<b>$l_nbDomainNames</b> $nbDomainNames, <b>$l_nbUrl</b> $nbUrl, <b>$l_nbIp</b> $nbIp<br/>"; |
echo "$l_wl_categories</center></td></tr>"; |
//on lit et on interprete le fichier de catégories |
$cols=1; |
if (file_exists($wl_categories)) |
{ |
$pointeur=fopen($wl_categories,"r"); |
while (!feof ($pointeur)) |
{ |
$ligne=fgets($pointeur, 4096); |
if ($ligne) |
{ |
if ($cols == 1) { echo "<tr>";} |
$categorie=trim(basename($ligne)); |
echo "<td><a href='bl_categories_help.php?liste=wl&cat=$categorie' target='cat_help' onclick=window.open('bl_categories_help.php','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>$categorie</a><br>"; |
echo "<input type='checkbox' name='chk-$categorie'"; |
// si la ligne est commentée -> categorie non selectionnée |
if (preg_match('/^#/',$ligne, $r)) { echo ">";} |
else { echo "checked>"; } |
echo "</td>"; |
$cols++; |
if ($cols > 10) { |
echo "</tr>"; |
$cols=1; } |
} |
} |
fclose($pointeur); |
} |
else { |
echo "$l_error_open_file $wl_categories"; |
} |
echo "<tr><td valign='middle' align='left' colspan=10>"; |
echo "<center><b>$l_add_to_wl</b></center></td></tr>"; |
echo "<tr><td width=50% colspan=5 align=center>"; |
echo "<H3>$l_allowed_dns</H3>$l_forbidden_dns_explain<BR>"; |
echo "<textarea name='OSSI_wl_domains' rows=3 cols=40>"; |
echo_file ($dir_dg."blacklists/ossi/domains_wl"); |
echo "</textarea></td>"; |
echo "<td width=50% colspan=5 align=center>"; |
echo "<H3>$l_allowed_ip</H3>$l_forbidden_ip_explain<BR>"; |
echo "<textarea name='OSSI_wl_ip' rows=3 cols=40>"; |
echo_ip_file ($file_wl_ip); |
echo "</textarea></td></tr><tr><td colspan=10>"; |
echo "<input type='submit' value='$l_record'></form></td></tr>"; |
?> |
</TABLE><br/> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_specific_filtering; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<FORM action='bl_filter.php' method='POST'> |
<input type='hidden' name='choix' value='Specific_filtering'> |
<tr><td> |
<input type='checkbox' name='chk-ip' |
<?php |
// verify "pureip" filtering state |
if (file_exists($bannedsite_file)) |
{ |
$pointeur=fopen($bannedsite_file,"r"); |
while (!feof ($pointeur)) |
{ |
$ligne=fgets($pointeur, 4096); |
if ($ligne) |
{ |
if (preg_match('/^\*ip$/',$ligne, $r)) |
{ |
echo " checked"; |
break; |
} |
} |
} |
fclose($pointeur); |
} |
else { |
echo "$l_error_open_file $bannedsite_file"; |
} |
echo "> $l_ip_filtering"; |
?> |
</td></tr> |
<tr><td> |
<input type='checkbox' name='chk-safesearch' |
<?php |
// verify "safesearch" filtering state |
if (file_exists($urlregex_file)) |
{ |
$pointeur=fopen($urlregex_file,"r"); |
while (!feof ($pointeur)) |
{ |
$ligne=fgets($pointeur, 4096); |
if ($ligne) |
{ |
if (preg_match('/^\"\(\^http\:\/\/\[0\-9a\-z\]\+\\\.google/',$ligne, $r)) |
{ |
echo " checked"; |
break; |
} |
} |
} |
fclose($pointeur); |
} |
else { |
echo "$l_error_open_file $urlregex_file"; |
} |
echo "> $l_safe_searching"; |
echo "<br>$l_safe_youtube"; |
echo "<input type='text' name='Youtube_ID' size='30' value='"; |
if ($YOUTUBE_ID == "ABCD1234567890abcdef") // generic ID (do nothing) |
{ |
echo "'>"; |
} |
else { |
echo "$YOUTUBE_ID'>"; |
} |
echo " $l_youtube_id<tr><td>"; |
echo "<input type='submit' value='$l_record'></td></tr>"; |
?> |
</FORM> |
</TABLE> |
</BODY> |
</HTML> |
/web/acc/admin/bl_filter2.php |
---|
0,0 → 1,290 |
<?php |
function echo_file ($filename) |
{ |
if (file_exists($filename)) |
{ |
if (filesize($filename) != 0) |
{ |
$pointeur=fopen($filename,"r"); |
$tampon = fread($pointeur, filesize($filename)); |
fclose($pointeur); |
echo $tampon; |
} |
} |
else |
{ |
echo "$filename doesn't exist"; |
} |
} |
function echo_ip_file ($filename) |
{ |
exec("cat $filename | cut -d ' ' -f3", $resultat); |
for($i=0; $i<exec("wc -l $filename"); $i++) |
{ |
echo $resultat[$i]."\n"; |
} |
} |
?> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th> |
<?php echo $l_list_version; echo date ("F d Y", filemtime ('/etc/dansguardian/lists/blacklists/README'));?> |
</th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left" colspan=10> |
<FORM action='bl_filter.php' method=POST> |
<?php |
if ((file_exists("$dir_tmp/blacklists.tar.gz")) && (file_exists("$dir_tmp/md5sum"))) |
{ |
echo "$l_fingerprint"; echo_file ("$dir_tmp/md5sum"); |
echo "<br>$l_fingerprint2<a href='http://dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST' target='cat_help' onclick=window.open('http://dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST','cat_help','width=600,height=150,toolbar=no,scrollbars=yes,resizable=yes') title='verify fingerprint'>dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST</a><br>"; |
echo "<input type='hidden' name='choix' value='Active_list'>"; |
echo "<input type='submit' value='$l_activate_bl'> ($l_warning)</FORM>"; |
echo "<FORM action='bl_filter.php' method=POST>"; |
echo "<input type='hidden' name='choix' value='Reject_list'>"; |
echo "<input type='submit' value='$l_reject_bl'></form>"; |
} |
else |
{ |
echo "<input type='hidden' name='choix' value='Download_list'>"; |
echo "<input type='submit' value='$l_download_bl'>"; |
echo " ($l_warning)"; |
} |
?> |
</FORM> |
</td></tr> |
</table><br/> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_bl; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<table width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left" colspan=10> |
<FORM action='bl_filter.php' method=POST> |
<input type='hidden' name='choix' value='MAJ_cat_bl'> |
<?php |
echo "<center>"; |
$nbDomainNames = exec ("wc -l /usr/local/share/dnsmasq-bl/* | tail -n 1 | awk '{print $1}'"); |
$nbUrl = exec ("for file in `find /etc/dansguardian/lists/blacklists/ -name 'urls'`; do nb=$((nb+$(wc -l \$file | awk '{print $1}'))); done; echo \$nb"); |
$nbIp = exec ("wc -l /usr/local/share/iptables-bl/* | tail -n 1 | awk '{print $1}'"); |
echo "<b>$l_nbDomainNames</b> $nbDomainNames, <b>$l_nbUrl</b> $nbUrl, <b>$l_nbIp</b> $nbIp<br/>"; |
echo "$l_bl_categories</center></td></tr>"; |
//on lit et on interprete le fichier de catégories |
$cols=1; |
if (file_exists($bl_categories)) |
{ |
$pointeur=fopen($bl_categories,"r"); |
while (!feof ($pointeur)) |
{ |
$ligne=fgets($pointeur, 4096); |
if ($ligne) |
{ |
if ($cols == 1) { echo "<tr>";} |
$categorie=trim(basename($ligne)); |
if($categorie != "ossi") |
{ |
echo "<td><a href='bl_categories_help.php?liste=bl&cat=$categorie' target='cat_help' onclick=window.open('bl_categories_help.php','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>$categorie</a><br>"; |
echo "<input type='checkbox' name='chk-$categorie'"; |
// si la ligne est commentée -> categorie non selectionnée |
if (preg_match('/^#/',$ligne, $r)) { echo ">";} |
else { echo "checked>"; } |
echo "</td>"; |
$cols++; |
} |
if ($cols > 10) { |
echo "</tr>"; |
$cols=1; } |
} |
} |
fclose($pointeur); |
} |
else { |
echo "$l_error_open_file $bl_categories"; |
} |
echo "</td></tr>"; |
echo "<tr><td valign='middle' align='left' colspan=10>"; |
echo "<center><b>$l_maj_rehabilitated</b></center></td></tr>"; |
echo "<tr><td width=50% colspan=5 align=center>"; |
echo "<H3>$l_rehabilitated_dns</H3>$l_rehabilitated_dns_explain<BR>$l_one_dns<BR>"; |
echo "<textarea name='BL_rehabilited_domains' rows=3 cols=40>"; |
echo_file ($dir_dg."exceptionsitelist"); |
echo "</textarea></td>"; |
echo "<td width=50% colspan=5 align=center>"; |
echo "<H3>$l_rehabilitated_ip</H3>$l_rehabilitated_ip_explain<BR>$l_one_ip<BR>"; |
echo "<textarea name='BL_rehabilited_ip' rows=3 cols=40>"; |
echo_file ($dir_dg."exceptioniplist"); |
echo "</textarea></td></tr><tr><td width=50% colspan=10>"; |
echo "<tr><td valign='middle' align='left' colspan=10>"; |
echo "<center><b>$l_add_to_bl</b></center></td></tr>"; |
echo "<tr><td width=50% colspan=5 align=center>"; |
echo "<H3>$l_forbidden_dns</H3>$l_forbidden_dns_explain<BR>"; |
echo "<textarea name='OSSI_bl_domains' rows=3 cols=40>"; |
echo_file ($dir_dg."blacklists/ossi/domains"); |
echo "</textarea></td>"; |
echo "<td width=50% colspan=5 align=center>"; |
echo "<H3>$l_forbidden_ip</H3>$l_forbidden_ip_explain<BR>"; |
echo "<textarea name='OSSI_bl_ip' rows=3 cols=40>"; |
echo_ip_file ($dir_bl_ip."ossi"); |
echo "</textarea></td></tr><tr><td colspan=10>"; |
echo "<input type='submit' value='$l_record'>"; |
echo "</form> ($l_wait)"; |
echo "</table></td><br/>"; |
?> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_personal_file_title; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<table width="100%" border=1 cellspacing=0 cellpadding=1> |
<form action='bl_filter.php' method='POST'> |
<input type='hidden' name='choix' value='MAJ_ip_file_delete'> |
<?php |
echo "<tr><td width=50% colspan=5 align=center>"; |
echo "<H3>$l_file_list</H3>"; |
echo "<table cellspacing=2 cellpadding=3 border=1><tr><th>$l_file_name<th>$l_nb_ip<th>$l_nb_domain_names<th>$l_file_remove</tr>"; |
exec("cd $upload_dir_ip && ls ossi-*", $fichiersIp); |
foreach($fichiersIp as $fichier => $value) |
{ |
echo "<tr><td><center>".exec("sed 's/^.....//g' <<< $value")."</center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>"; |
} |
echo "</table><br/></td></form><form action='bl_filter.php' method='POST' enctype='multipart/form-data'>"; |
echo "<input type='hidden' name='choix' value='MAJ_ip_file_upload'><td width=50% colspan=5 align=center>"; |
echo "<H3>$l_add_file</H3>"; |
echo "<input type='file' name='fichier_ip'>"; |
echo "<input type='submit' value='$l_submit'>"; |
echo "</td></tr>"; |
echo "</form>"; |
echo "</table><br/>"; |
?> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_wl; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left" colspan=10> |
<FORM action='bl_filter.php' method=POST> |
<input type='hidden' name='choix' value='MAJ_cat_wl'> |
<?php |
echo "<center>"; |
$nbDomainNames = exec ("wc -l /usr/local/share/dnsmasq-wl/* | tail -n 1 | awk '{print $1}'"); |
$nbUrl = 0; |
$nbIp = 0; |
echo "<b>$l_nbDomainNames</b> $nbDomainNames, <b>$l_nbUrl</b> $nbUrl, <b>$l_nbIp</b> $nbIp<br/>"; |
echo "$l_wl_categories</center></td></tr>"; |
//on lit et on interprete le fichier de catégories |
$cols=1; |
if (file_exists($wl_categories)) |
{ |
$pointeur=fopen($wl_categories,"r"); |
while (!feof ($pointeur)) |
{ |
$ligne=fgets($pointeur, 4096); |
if ($ligne) |
{ |
if ($cols == 1) { echo "<tr>";} |
$categorie=trim(basename($ligne)); |
echo "<td><a href='bl_categories_help.php?liste=wl&cat=$categorie' target='cat_help' onclick=window.open('bl_categories_help.php','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>$categorie</a><br>"; |
echo "<input type='checkbox' name='chk-$categorie'"; |
// si la ligne est commentée -> categorie non selectionnée |
if (preg_match('/^#/',$ligne, $r)) { echo ">";} |
else { echo "checked>"; } |
echo "</td>"; |
$cols++; |
if ($cols > 10) { |
echo "</tr>"; |
$cols=1; } |
} |
} |
fclose($pointeur); |
} |
else { |
echo "$l_error_open_file $wl_categories"; |
} |
echo "<tr><td valign='middle' align='left' colspan=10>"; |
echo "<center><b>$l_add_to_wl</b></center></td></tr>"; |
echo "<tr><td width=50% colspan=5 align=center>"; |
echo "<H3>$l_allowed_dns</H3>$l_forbidden_dns_explain<BR>"; |
echo "<textarea name='OSSI_wl_domains' rows=3 cols=40>"; |
echo_file ($dir_dg."blacklists/ossi/domains_wl"); |
echo "</textarea></td>"; |
echo "<td width=50% colspan=5 align=center>"; |
echo "<H3>$l_allowed_ip</H3>$l_forbidden_ip_explain<BR>"; |
echo "<textarea name='OSSI_wl_ip' rows=3 cols=40>"; |
echo_ip_file ($file_wl_ip); |
echo "</textarea></td></tr><tr><td colspan=10>"; |
echo "<input type='submit' value='$l_record'></form></td></tr>"; |
?> |
</TABLE><br/> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_specific_filtering; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<FORM action='bl_filter.php' method='POST'> |
<input type='hidden' name='choix' value='Specific_filtering'> |
<tr><td> |
<input type='checkbox' name='chk-ip' |
<?php |
// verify "pureip" filtering state |
if (file_exists($bannedsite_file)) |
{ |
$pointeur=fopen($bannedsite_file,"r"); |
while (!feof ($pointeur)) |
{ |
$ligne=fgets($pointeur, 4096); |
if ($ligne) |
{ |
if (preg_match('/^\*ip$/',$ligne, $r)) |
{ |
echo " checked"; |
break; |
} |
} |
} |
fclose($pointeur); |
} |
else { |
echo "$l_error_open_file $bannedsite_file"; |
} |
echo "> $l_ip_filtering"; |
?> |
</td></tr> |
<tr><td> |
<input type='checkbox' name='chk-safesearch' |
<?php |
// verify "safesearch" filtering state |
if (file_exists($urlregex_file)) |
{ |
$pointeur=fopen($urlregex_file,"r"); |
while (!feof ($pointeur)) |
{ |
$ligne=fgets($pointeur, 4096); |
if ($ligne) |
{ |
if (preg_match('/^\"\(\^http\:\/\/\[0\-9a\-z\]\+\\\.google/',$ligne, $r)) |
{ |
echo " checked"; |
break; |
} |
} |
} |
fclose($pointeur); |
} |
else { |
echo "$l_error_open_file $urlregex_file"; |
} |
echo "> $l_safe_searching"; |
echo "<br>$l_safe_youtube"; |
echo "<input type='text' name='Youtube_ID' size='30' value='"; |
if ($YOUTUBE_ID == "ABCD1234567890abcdef") // generic ID (do nothing) |
{ |
echo "'>"; |
} |
else { |
echo "$YOUTUBE_ID'>"; |
} |
echo " $l_youtube_id<tr><td>"; |
echo "<input type='submit' value='$l_record'></td></tr>"; |
?> |
</FORM> |
</TABLE> |
/web/acc/manager/lib/langues.php |
---|
112,8 → 112,8 |
$l_filtering = "Filtrage"; |
$l_filtering_none = "Aucun"; |
$l_filtering_havp = "Antivirus"; |
$l_filtering_havp_bl = "Blacklist + antivirus"; |
$l_filtering_havp_wl = "Whitelist + antivirus"; |
$l_filtering_havp_bl = "Antivirus + Blacklist"; |
$l_filtering_havp_wl = "Antivirus + Whitelist"; |
$l_user_exists = "existe déjà !"; |
break; |
default : |
220,8 → 220,8 |
$l_filtering = "Filtering"; |
$l_filtering_none = "None"; |
$l_filtering_havp = "Antivirus"; |
$l_filtering_havp_bl = "Blacklist + antivirus"; |
$l_filtering_havp_wl = "Whitelist + antivirus"; |
$l_filtering_havp_bl = "Antivirus + Blacklist"; |
$l_filtering_havp_wl = "Antivirus + Whitelist"; |
$l_user_exists = "already exists !"; |
break; |
} |
/conf/etc/alcasar-uamallowed-sample |
---|
1,2 → 1,12 |
uamallowed="192.168.10.21" |
uamallowed="172.16.1.0/24" |
uamallowed="activation.sls.microsoft.com" |
uamallowed="crl.microsoft.com" |
uamallowed="download.microsoft.com" |
uamallowed="download.windowsupdate.com" |
uamallowed="go.microsoft.com" |
uamallowed="ntservicepack.microsoft.com" |
uamallowed="stats.update.microsoft.com" |
uamallowed="update.microsoft.com" |
uamallowed="update.microsoft.com.nsatc.net" |
uamallowed="update.nai.com" |
uamallowed="view.atdmt.com" |
uamallowed="www.msftncsi.com" |
/conf/etc/alcasar-uamdomain-sample |
---|
3,12 → 3,8 |
uamdomain=".download.microsoft.com" |
uamdomain=".download.windowsupdate.com" |
uamdomain=".ds.download.windowsupdate.com" |
uamdomain=".microsoft.com" |
uamdomain=".update.microsoft.com" |
uamdomain=".update.microsoft.com.nsatc.net" |
uamdomain=".windowsupdate.microsoft.com" |
uamdomain="activation.sls.microsoft.com" |
uamdomain="crl.microsoft.com" |
uamdomain="go.microsoft.com" |
uamdomain="ntservicepack.microsoft.com" |
uamdomain="stats.update.microsoft.com" |
uamdomain="www.alcasar.net" |
uamdomain=".alcasar.net" |