/alcasar.sh |
---|
224,8 → 224,6 |
fi |
fi |
# Test free space on /var |
if [ ! -d /var/log/netflow/porttracker ] |
then |
free_space=`df -BG --output=avail /var|tail -1|tr -d '[:space:]G'` |
if [ $free_space -lt 10 ] |
then |
235,7 → 233,6 |
fi |
exit 0 |
fi |
fi |
# Detect external/internal interfaces |
if [ -z "$EXTIF" ]; then |
242,8 → 239,8 |
EXTIF=$(/usr/sbin/ip route list | awk '/^default / {print $5}') |
if [ -z "$EXTIF" ]; then |
if [ "$Lang" == 'fr' ] |
then echo -n "Aucune passerelle par défaut configurée" |
else echo -n "No default gateway configured" |
then echo "Aucune passerelle par défaut configurée" |
else echo "No default gateway configured" |
fi |
exit 1 |
fi |
1075,6 → 1072,8 |
# under the terms of the GNU General Public License as published by |
# the Free Software Foundation; either version 2 of the License, or |
# (at your option) any later version. |
# This unit launches coova-chilli a captive portal |
[Unit] |
Description=chilli is a captive portal daemon |
After=network.target |
1486,32 → 1485,15 |
########################################################## |
## Function "nfsen" ## |
## - install the nfsen grapher ## |
## - install the two plugins porttracker & surfmap ## |
## - configure NetFlow collector (nfcapd) ## |
## - configure NetFlow grapher (nfsen-ng) ## |
########################################################## |
nfsen() |
{ |
tar xzf ./conf/nfsen/nfsen-*.tar.gz -C /tmp/ |
# Add PortTracker plugin |
for i in /var/www/html/acc/manager/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins |
do |
[ ! -d $i ] && mkdir -p $i && chown -R apache:apache $i |
done |
$SED "s?^my \$PORTSDBDIR =.*?my \$PORTSDBDIR = \"/var/log/netflow/porttracker\";?g" /tmp/nfsen-*/contrib/PortTracker/PortTracker.pm |
# use of our conf file and init unit |
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-*/etc/ |
# Installation of nfsen (we change a little 'install.pl in order not to ask the user for the perl version) |
DirTmp=$(pwd) |
cd /tmp/nfsen-*/ || { echo "Unable to find nfsen directory"; exit 1; } |
/usr/bin/perl install.pl /tmp/nfsen-*/etc/nfsen.conf |
/usr/bin/perl install.pl /tmp/nfsen-*/etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable" |
# Create RRD DB for porttracker (only in it still doesn't exist) |
cp contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/ |
cp contrib/PortTracker/PortTracker.php /var/www/html/acc/manager/nfsen/plugins/ |
if [ "$(ls -A "/var/log/netflow/porttracker" 2>&1)" = "" ]; then sudo -u apache nftrack -I -d /var/log/netflow/porttracker; else echo "RRD DB already exists"; fi |
chmod -R 770 /var/log/netflow/porttracker |
# nfsen unit for systemd |
cat << EOF > /lib/systemd/system/nfsen.service |
groupadd -f nfcapd |
useradd -r -g nfcapd -s /bin/false -c "system user for nfcapd" nfcapd |
# nfcapd unit for systemd |
cat << EOF > /lib/systemd/system/nfcapd.service |
# This file is part of systemd. |
# |
# systemd is free software; you can redistribute it and/or modify it |
1519,42 → 1501,24 |
# the Free Software Foundation; either version 2 of the License, or |
# (at your option) any later version. |
# This unit launches nfsen (a Netflow grapher). |
# This unit launches nfcapd (a Netflow collector). |
[Unit] |
Description= NfSen init script |
After=network.target iptables.service |
Description=Netflow Capture Daemon |
After=network-online.target iptables.service |
[Service] |
Type=oneshot |
RemainAfterExit=yes |
PIDFile=/var/run/nfsen/nfsen.pid |
ExecStartPre=/bin/mkdir -p /var/run/nfsen |
ExecStartPre=/bin/chown apache:apache /var/run/nfsen |
ExecStart=/usr/bin/nfsen start |
ExecStop=/usr/bin/nfsen stop |
ExecReload=/usr/bin/nfsen restart |
TimeoutSec=0 |
Type=exec |
PIDFile=/run/nfcapd/nfcapd.pid |
ExecStart=/usr/bin/nfcapd -w -D -b 127.0.0.1 -p 2055 -u nfcapd -g nfcapd -B 200000 -t 300 -S 7 -z -P /var/run/nfcapd/nfcapd.pid -I alcasar_netflow -l /var/log/nfsen/profile-data/live/alcasar_netflow |
ExecReload=/bin/kill -HUP $MAINPID |
[Install] |
WantedBy=multi-user.target |
EOF |
# Add the listen port to collect netflow packet (nfcapd) |
$SED 's?$ziparg $extensions.*?$ziparg $extensions -b 127.0.0.1";?g' /usr/libexec/NfSenRC.pm |
# expire delay for the profile "live" |
/usr/bin/systemctl start nfsen |
/bin/nfsen -m live -e 62d 2>/dev/null |
# add SURFmap plugin (waiting for new technical solution) |
# see https://adullact.net/forum/forum.php?thread_id=319545&forum_id=1601&group_id=450 |
# cp $DIR_CONF/nfsen/SURFmap_*.tar.gz /tmp/ |
# cp $DIR_CONF/nfsen/GeoLiteCity* /tmp/ |
# tar xzf /tmp/SURFmap_*.tar.gz -C /tmp/ |
# cd /tmp/ |
# /usr/bin/sh SURFmap/install.sh (no more used since Google sells the access to googleMap API) |
# clear the installation |
# rm -rf /tmp/SURFmap* |
rm -rf /tmp/nfsen-* |
cd $DirTmp || { echo "Unable to find $DirTmp directory"; exit 1; } |
chown -R apache:apache /var/www/html/acc/manager/nfsen /usr/share/nfsen /var/log/nfsen |
[ -e /var/log/nfsen/profile-data/live/alcasar_netflow ] || mkdir -p /var/log/nfsen/profile-data/live/alcasar_netflow |
[ -e /var/run/nfcapd ] || mkdir -p /var/run/nfcapd |
chown -R nfcapd:nfcapd /var/log/nfsen/profile-data/live/alcasar_netflow /var/run/nfcapd |
# chown -R apache:apache /var/www/html/acc/manager/nfsen-ng |
} # End of nfsen() |
########################################################### |
1937,7 → 1901,10 |
# Automatic renew the Let's Encrypt certificate (daily --> see "cron.daily") |
@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1 |
EOF |
cat <<EOF > /etc/cron.d/alcasar-nfcapd-expire |
# Remove netflow files older than one year |
@daily root /usr/bin/nfexpire -e /var/log/nfsen/profile-data/live/alcasar_netflow -t 365d |
EOF |
# removing the users crons |
rm -f /var/spool/cron/* |
} # End of cron() |
2234,7 → 2201,7 |
EOF |
/usr/bin/systemctl daemon-reload |
# processes launched at boot time (Systemctl) |
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfsen e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd |
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd |
do |
/usr/bin/systemctl -q enable $i.service |
done |
/conf/nfsen/Readme.alcasar |
---|
File deleted |
/conf/nfsen/SURFmap_v3.3.1.tar.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/nfsen/nfsen-1.3.8.tar.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/nfsen/nfsen.conf |
---|
File deleted |
/conf/nfsen/GeoLiteCity.dat.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/nfsen/GeoLiteCityv6.dat.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/nfsen/patch1.diff |
---|
File deleted |
/conf/nfsen/patch2.diff |
---|
File deleted |
/conf/nfsen/nfsen-ng.tar.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/scripts/alcasar-daemon.sh |
---|
16,7 → 16,7 |
LDAP=${LDAP:=off} |
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2` # INTIF name |
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2` # EXTIF name |
SERVICES="mysqld lighttpd php-fpm ntpd havp unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd tinyproxy nfsen e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd" |
SERVICES="mysqld lighttpd php-fpm ntpd havp unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd tinyproxy nfcapd e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd" |
nb_available_srv=`echo $SERVICES|wc -w` |
function ServiceTest () { |
/scripts/alcasar-uninstall.sh |
---|
118,14 → 118,16 |
antivirus () |
{ |
echo -en "(5) : " |
echo -en "(6) : " |
if [ -e /etc/init.d/havp ] |
then |
[ -e /etc/havp/havp.config.default ] && mv /etc/havp/havp.config.default /etc/havp/havp.config && echo -n "1, " |
userdel -r havp 2>/dev/null && echo -n "2, " |
[ -d /var/run/havp ] && rm -rf /var/run/havp && echo -n "2, " |
[ -e /etc/init.d/havp.default ] && mv /etc/init.d/havp.default /etc/init.d/havp && echo -n "3, " |
[ -e /lib/systemd/system/havp.service ] && rm /lib/systemd/system/havp.service && echo -n "4, " |
[ -e /etc/freshclam.conf.default ] && mv /etc/freshclam.conf.default /etc/freshclam.conf && echo -n "5" |
[ -e /etc/freshclam.conf.default ] && mv /etc/freshclam.conf.default /etc/freshclam.conf && echo -n "5, " |
userdel -r havp 2>/dev/null && echo -n "6" |
else echo -n "already uninstalled" |
fi |
} |
132,11 → 134,12 |
tinyproxy () |
{ |
echo -en "(2) : " |
echo -en "(3) : " |
if [ -e /etc/init.d/tinyproxy ] |
then |
[ -e /etc/tinyproxy/tinyproxy.conf.default ] && mv /etc/tinyproxy/tinyproxy.conf.default /etc/tinyproxy/tinyproxy.conf && echo -n "1, " |
userdel -r tinyproxy 2>/dev/null && echo -n "2" |
[ -d /var/run/tinyproxy ] && rm -rf /var/run/tinyproxy && echo -n "2, " |
userdel -r tinyproxy 2>/dev/null && echo -n "3" |
else echo -n "already uninstalled" |
fi |
} |
156,8 → 159,9 |
nfsen () |
{ |
# we don't remove user "nfcapd" & nfcapd folders in order to keep data when updating |
echo -en "(1) : " |
[ -e /lib/systemd/system/nfsen.service ] && rm -f /lib/systemd/system/nfsen.service && echo -n "1" |
[ -e /lib/systemd/system/nfcapd.service ] && rm -f /lib/systemd/system/nfcapd.service && echo -n "1" |
} |
vnstat () |
291,7 → 295,7 |
echo "----------------------------------------------------------------------------" |
echo "** Uninstall/Désinstallation d'ALCASAR **" |
echo "----------------------------------------------------------------------------" |
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli" |
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli" |
/usr/local/bin/alcasar-logout.sh all # logout everybody |
else |
echo "--------------------------------------------------------------------------" |
298,11 → 302,9 |
echo "** update/mise à jour d'ALCASAR **" |
echo "--------------------------------------------------------------------------" |
# unbound, iptables & sshd should stay on to allow remote update |
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update |
fi |
old_services=" dnsmasq dnsmasq-blacklist dnsmasq-blackhole" |
services+=$old_services |
echo "Stopping services : " |
/usr/local/bin/alcasar-sms.sh --stop |
/scripts/alcasar-urpmi.sh |
---|
15,7 → 15,7 |
KERNEL="kernel-server-5.3.7-4.mga7-1-1.mga7" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
# perl-Socket6 : needed by nfsen |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav perl-rrdtool perl-MailTools fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch tinyproxy vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server wkhtmltopdf perl-Socket6 tcpdump" |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-rrd unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch tinyproxy vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server wkhtmltopdf tcpdump" |
rpm_repository_sync () |
{ |