Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 2771 → Rev 2770

/alcasar.sh
224,14 → 224,17
fi
fi
# Test free space on /var
free_space=`df -BG --output=avail /var|tail -1|tr -d '[:space:]G'`
if [ $free_space -lt 10 ]
if [ ! -d /var/log/netflow/porttracker ]
then
if [ $Lang == "fr" ]
then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)"
else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"
free_space=`df -BG --output=avail /var|tail -1|tr -d '[:space:]G'`
if [ $free_space -lt 10 ]
then
if [ $Lang == "fr" ]
then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)"
else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)"
fi
exit 0
fi
exit 0
fi
 
# Detect external/internal interfaces
239,8 → 242,8
EXTIF=$(/usr/sbin/ip route list | awk '/^default / {print $5}')
if [ -z "$EXTIF" ]; then
if [ "$Lang" == 'fr' ]
then echo "Aucune passerelle par défaut configurée"
else echo "No default gateway configured"
then echo -n "Aucune passerelle par défaut configurée"
else echo -n "No default gateway configured"
fi
exit 1
fi
1072,8 → 1075,6
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
 
# This unit launches coova-chilli a captive portal
[Unit]
Description=chilli is a captive portal daemon
After=network.target
1485,15 → 1486,32
 
##########################################################
## Function "nfsen" ##
## - configure NetFlow collector (nfcapd) ##
## - configure NetFlow grapher (nfsen-ng) ##
## - install the nfsen grapher ##
## - install the two plugins porttracker & surfmap ##
##########################################################
nfsen()
{
groupadd -f nfcapd
useradd -r -g nfcapd -s /bin/false -c "system user for nfcapd" nfcapd
# nfcapd unit for systemd
cat << EOF > /lib/systemd/system/nfcapd.service
tar xzf ./conf/nfsen/nfsen-*.tar.gz -C /tmp/
# Add PortTracker plugin
for i in /var/www/html/acc/manager/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
do
[ ! -d $i ] && mkdir -p $i && chown -R apache:apache $i
done
$SED "s?^my \$PORTSDBDIR =.*?my \$PORTSDBDIR = \"/var/log/netflow/porttracker\";?g" /tmp/nfsen-*/contrib/PortTracker/PortTracker.pm
# use of our conf file and init unit
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-*/etc/
# Installation of nfsen (we change a little 'install.pl in order not to ask the user for the perl version)
DirTmp=$(pwd)
cd /tmp/nfsen-*/ || { echo "Unable to find nfsen directory"; exit 1; }
/usr/bin/perl install.pl /tmp/nfsen-*/etc/nfsen.conf
/usr/bin/perl install.pl /tmp/nfsen-*/etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable"
# Create RRD DB for porttracker (only in it still doesn't exist)
cp contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
cp contrib/PortTracker/PortTracker.php /var/www/html/acc/manager/nfsen/plugins/
if [ "$(ls -A "/var/log/netflow/porttracker" 2>&1)" = "" ]; then sudo -u apache nftrack -I -d /var/log/netflow/porttracker; else echo "RRD DB already exists"; fi
chmod -R 770 /var/log/netflow/porttracker
# nfsen unit for systemd
cat << EOF > /lib/systemd/system/nfsen.service
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
1501,24 → 1519,42
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
 
# This unit launches nfcapd (a Netflow collector).
# This unit launches nfsen (a Netflow grapher).
[Unit]
Description=Netflow Capture Daemon
After=network-online.target iptables.service
Description= NfSen init script
After=network.target iptables.service
 
[Service]
Type=exec
PIDFile=/run/nfcapd/nfcapd.pid
ExecStart=/usr/bin/nfcapd -w -D -b 127.0.0.1 -p 2055 -u nfcapd -g nfcapd -B 200000 -t 300 -S 7 -z -P /var/run/nfcapd/nfcapd.pid -I alcasar_netflow -l /var/log/nfsen/profile-data/live/alcasar_netflow
ExecReload=/bin/kill -HUP $MAINPID
Type=oneshot
RemainAfterExit=yes
PIDFile=/var/run/nfsen/nfsen.pid
ExecStartPre=/bin/mkdir -p /var/run/nfsen
ExecStartPre=/bin/chown apache:apache /var/run/nfsen
ExecStart=/usr/bin/nfsen start
ExecStop=/usr/bin/nfsen stop
ExecReload=/usr/bin/nfsen restart
TimeoutSec=0
 
[Install]
WantedBy=multi-user.target
EOF
[ -e /var/log/nfsen/profile-data/live/alcasar_netflow ] || mkdir -p /var/log/nfsen/profile-data/live/alcasar_netflow
[ -e /var/run/nfcapd ] || mkdir -p /var/run/nfcapd
chown -R nfcapd:nfcapd /var/log/nfsen/profile-data/live/alcasar_netflow /var/run/nfcapd
# chown -R apache:apache /var/www/html/acc/manager/nfsen-ng
# Add the listen port to collect netflow packet (nfcapd)
$SED 's?$ziparg $extensions.*?$ziparg $extensions -b 127.0.0.1";?g' /usr/libexec/NfSenRC.pm
# expire delay for the profile "live"
/usr/bin/systemctl start nfsen
/bin/nfsen -m live -e 62d 2>/dev/null
# add SURFmap plugin (waiting for new technical solution)
# see https://adullact.net/forum/forum.php?thread_id=319545&forum_id=1601&group_id=450
# cp $DIR_CONF/nfsen/SURFmap_*.tar.gz /tmp/
# cp $DIR_CONF/nfsen/GeoLiteCity* /tmp/
# tar xzf /tmp/SURFmap_*.tar.gz -C /tmp/
# cd /tmp/
# /usr/bin/sh SURFmap/install.sh (no more used since Google sells the access to googleMap API)
# clear the installation
# rm -rf /tmp/SURFmap*
rm -rf /tmp/nfsen-*
cd $DirTmp || { echo "Unable to find $DirTmp directory"; exit 1; }
chown -R apache:apache /var/www/html/acc/manager/nfsen /usr/share/nfsen /var/log/nfsen
} # End of nfsen()
 
###########################################################
1901,10 → 1937,7
# Automatic renew the Let's Encrypt certificate (daily --> see "cron.daily")
@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1
EOF
cat <<EOF > /etc/cron.d/alcasar-nfcapd-expire
# Remove netflow files older than one year
@daily root /usr/bin/nfexpire -e /var/log/nfsen/profile-data/live/alcasar_netflow -t 365d
EOF
 
# removing the users crons
rm -f /var/spool/cron/*
} # End of cron()
2201,7 → 2234,7
EOF
/usr/bin/systemctl daemon-reload
# processes launched at boot time (Systemctl)
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfsen e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd
do
/usr/bin/systemctl -q enable $i.service
done
/conf/nfsen/nfsen-ng.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/nfsen/GeoLiteCity.dat.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property
/conf/nfsen/GeoLiteCityv6.dat.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property
/conf/nfsen/nfsen-1.3.8.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property
/conf/nfsen/patch1.diff
0,0 → 1,31
--- Nfcomm.pm.origin
+++ Nfcomm.pm
@@ -261,0 +262,25 @@ sub RunNfdump {
+ #backward compatibility for filter checks
+ if ( $args =~ s/(.*)\s?\-o\s+\"fmt:([^\"]*)\"\s?(.*)// ) {
+ $$opts{'format'} = $2;
+ $args = $1." ".$3;
+ }
+ my $format = $$opts{'format'};
+ if ( exists $$opts{'format'} and $$opts{'format'} ) {
+ my @_tmp;
+ foreach my $line ( split(/[^%a-z]/, $$opts{'format'}) ) {
+ next if $line !~ /^\%/;
+
+ unless ( $line =~ /^\%ff|ts|te|tr|td|pr|exp|eng|sa|da|sap|dap|sp|dp|sn|dn|nh|nhb|ra|sas|das|nas|pas|in|out|pkt|ipkt|opkt|byt|ibyt|obyt|fl|flg|tos|stos|dtos|dir|smk|dmk|fwd|svln|dvln|ismc|odmc|idmc|osmc|mpls1|mpls2|mpls3|mpls4|mpls5|mpls6|mpls7|mpls8|mpls9|mpls10|mpls|bps|pps|bpp|nfc|evt|xevt|msec|iacl|eacl|xsa|xda|xsp|xdp|xsap|xdap|uname|nevt|ivrf|evrf|nsa|nda|nsp|ndp|pbstart|pbend|pbstep|pbsize|cl|sl|al$/ ) {
+ print $socket $EODATA;
+ print $socket "ERR Illegal characters in format\n";
+ return;
+ }
+ }
+ if ( $format =~ /[^\s!-~\n]+/ || $format =~ /['"`\\]/ ) {
+ print $socket $EODATA;
+ print $socket "ERR Illegal characters in format\n";
+ return;
+ }
+ $format = "-o \"fmt:".$$opts{'format'}."\"";
+ }
+
@@ -320 +345 @@ sub RunNfdump {
- my $pid = open(NFDUMP, "$NfConf::PREFIX/nfdump $args '$filter' 2>&1|");
+ my $pid = open(NFDUMP, "$NfConf::PREFIX/nfdump $args $format '$filter' 2>&1|");
/conf/nfsen/patch2.diff
0,0 → 1,33
--- install.pl.origin
+++ install.pl
@@ -553,7 +553,7 @@ sub UpgradeProfiles {
if( ! -f "$NfConf::PROFILEDATADIR/$profilepath/$channel/.nfstat") {
# no shadow profile, but missing channel stat
print "Rebuilding profile stats for '$profilegroup/$profilename'\n";
- NfProfile::DoRebuild(\%profileinfo, $profilename, $profilegroup, $profilepath, 1, 0);
+ NfProfile::DoRebuild(*STDOUT, \%profileinfo, $profilename, $profilegroup, $profilepath, 1, 0);
NfProfile::WriteProfile(\%profileinfo);
}
# make sure it's own by nfsen_uid after the rebuild
diff --git a/libexec/NfProfile.pm b/libexec/NfProfile.pm
index 1ca7436..d58fcd2 100644
--- libexec/NfProfile.pm.origin
+++ libexec/NfProfile.pm
@@ -3441,7 +3441,7 @@ sub CheckProfiles {
} else {
$profileinfo{'type'} = 1;
}
- my $status = DoRebuild(\%profileinfo, $profile, $profilegroup, $profilepath, 0, 0);
+ my $status = DoRebuild(*STDOUT, \%profileinfo, $profile, $profilegroup, $profilepath, 0, 0);
syslog('err', "Rebuilded profile '$profile' in group '$profilegroup': $status ");
}
if ( -f "$NfConf::PROFILESTATDIR/$profilepath/.CANCELED" ) {
@@ -3453,7 +3453,7 @@ sub CheckProfiles {
} else {
$profileinfo{'type'} = 1;
}
- my $status = DoRebuild(\%profileinfo, $profile, $profilegroup, $profilepath, 0, 0);
+ my $status = DoRebuild(*STDOUT, \%profileinfo, $profile, $profilegroup, $profilepath, 0, 0);
syslog('err', "Rebuilded profile '$profile' in group '$profilegroup': $status ");
}
if ( $profileinfo{'locked'} ) {
/conf/nfsen/Readme.alcasar
0,0 → 1,21
Just change the install script in order it doesn't ask for a perl version
Line 94
 
------------- Before ---------
if ( defined $whichperl ) {
print "Perl to use: [$whichperl] ";
chomp($ans = <STDIN>);
if ( length $ans ) {
$whichperl = $ans;
}
} else {
print "No Perl found in your PATH. Please specify where to find perl [] ";
chomp($whichperl = <STDIN>);
}
 
------------- After ---------
if ( !defined $whichperl ) {
print "No Perl found in your PATH. Please specify where to find perl [] ";
chomp($whichperl = <STDIN>);
}
 
/conf/nfsen/nfsen.conf
0,0 → 1,300
##############################
#
# NfSen master config file
#
# $Id: nfsen-dist.conf 22 2007-11-20 12:27:38Z phaag $
#
# Configuration of NfSen:
# Set all the values to fit your NfSen setup and run the 'install.pl'
# script from the nfsen distribution directory.
#
# The syntax must conform to Perl syntax.
#
##############################
#
# NfSen default layout:
# Any scripts, modules or profiles are installed by default under $BASEDIR.
# However, you may change any of these settings to fit your requested layout.
 
#
# Required for default layout
$BASEDIR = "/usr";
 
#
# Where to install the NfSen binaries
$BINDIR="${BASEDIR}/bin";
 
#
# Where to install the NfSen Perl modules
$LIBEXECDIR="${BASEDIR}/libexec";
 
#
# Where to install the config files
$CONFDIR="/etc";
 
#
# NfSen html pages directory:
# All php scripts will be installed here.
# URL: Entry point for nfsen: http://<webserver>/nfsen/nfsen.php
$HTMLDIR = "/var/www/html/acc/manager/nfsen";
 
#
# Where to install the docs
$DOCDIR="${HTMLDIR}/doc";
 
#
# Var space for NfSen
$VARDIR="/var";
 
# directory for all pid files
$PIDDIR="$VARDIR/run/nfsen";
#
# Filter directory
$FILTERDIR="$VARDIR/filters";
#
 
# FORMATDIR for custom printing formats
$FORMATDIR="$VARDIR/fmt";
#
 
#
# The Profiles stat directory, where all profile information
# RRD DBs and png pictures of the profile are stored
$PROFILESTATDIR="$VARDIR/log/nfsen/profiles-stat";
 
#
# The Profiles directory, where all netflow data is stored
$PROFILEDATADIR="$VARDIR/log/nfsen/profiles-data";
 
#
# Where go all the backend plugins
$BACKEND_PLUGINDIR="${BASEDIR}/share/nfsen/plugins";
 
#
# Where go all the frontend plugins
$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";
 
#
# nfdump tools path
$PREFIX = '/usr/bin';
 
#
# nfsend communication socket
# $COMMSOCKET = "$PIDDIR/nfsen.comm";
 
# BASEDIR unrelated vars:
#
# Run nfcapd as this user
# This may be a different or the same uid than your web server.
# Note: This user must be in group $WWWGROUP, otherwise nfcapd
# is not able to write data files!
$USER = "apache";
 
# user and group of the web server process
# All netflow processing will be done with this user
$WWWUSER = "apache";
$WWWGROUP = "apache";
 
# Receive buffer size for nfcapd - see man page nfcapd(1)
$BUFFLEN = 200000;
 
# list of extensions for each collector. See argument -T
# for nfcapd(1) for more detailes.
# defaults to empty -> compatible to nfdump-1.5.8
# $EXTENSIONS = '';
# Example:
# $EXTENSIONS = 'all';
# $EXTENSIONS = '+3,+4';
#
# Directory sub hierarchy layout:
# Possible layouts:
#
# 0 default no hierachy levels - flat layout - compatible with pre NfSen versions
# 1 %Y/%m/%d year/month/day
# 2 %Y/%m/%d/%H year/month/day/hour
# 3 %Y/%W/%u year/week_of_year/day_of_week
# 4 %Y/%W/%u/%H year/week_of_year/day_of_week/hour
# 5 %Y/%j year/day-of-year
# 6 %Y/%j/%H year/day-of-year/hour
# 7 %Y-%m-%d year-month-day
# 8 %Y-%m-%d/%H year-month-day/hour
$SUBDIRLAYOUT = 7;
 
# Compress flows while collecting 0 or 1
$ZIPcollected = 1;
 
# Compress flows in profiles 0 or 1
$ZIPprofiles = 1;
 
# Interrupt expire -- not yet enabled as not yet fully tested
#$InterruptExpire = 0;
 
# number of nfprofile processes to spawn during the profiling phase
# depends on how busy your system is and how many CPUs you have
# on very busy systems increase it to a higher value
$PROFILERS = 2;
 
# if the PROFILEDATADIR is filled up to this percentage, a warning message will be printed.
# set to 0 to disable the test
$DISKLIMIT = 98;
 
# number of nfprofile processes to spawn during the profiling phase
$PROFILERS = 6;
 
# Netflow sources
# Define an ident string, port and colour per netflow source
#
# Required parameters:
# ident identifies this netflow source. e.g. the router name,
# Upstream provider name etc.
# port nfcapd listens on this port for netflow data for this source
# set port to '0' if you do not want a collector to be started
# col colour in nfsen graphs for this source
#
# Optional parameters
# type Collector type needed for this source. Can be 'netflow' or 'sflow'. Default is netflow
# optarg Optional args to the collector at startup
#
# Syntax:
# 'ident' => { 'port' => '<portnum>', 'col' => '<colour>', 'type' => '<type>' }
# Ident strings must be 1 to 19 characters long only, containing characters [a-zA-Z0-9_].
 
%sources = (
'alcasar_netflow' => { 'port' => '2055', 'col' => '#0000ff', 'type' => 'netflow' },
);
 
#
# Low water mark: When expiring files, delete files until
# size = $low_water % of max_size
# typically 90
$low_water = 90;
 
#
# syslog facility for periodic jobs
# nfsen uses level 'debug', 'info', 'warning' and 'err'
# Note: nfsen is very chatty for level 'debug' and 'info'
# For normal operation, you may set the logging level in syslog.conf
# to warning or error unless you want to debug NfSen
$syslog_facility = 'local3';
 
#
# SYSLOG mess
# Log socket type: Most *NIX such as LINUX and *BSD are fine with 'unix'
# which is the default. You need to change that to 'stream' or 'inet' for
# some Solaris version 8/9, AIX and others ..
# You may set it to undef to prevent calling Sys::Syslog::setlogsock at all
# ( works for Solaris 10 and newer Sys::Syslog module
#
# If not defined at all, 'unix' is assumed unless for Solaris, which defaults to 'stream'
# $LogSocket = 'unix';
 
#
# Plugins
# Plugins extend NfSen for the purpose of:
# Periodic data processing, alerting-condition and alerting-action
# For data processing a plugin may run for any profile or for a specific profile only.
# Syntax: [ 'profile list', 'module' ]
# profile list: ',' separated list of profiles ( 'profilegroup/profilename' ),
# or '*' for any profile, '!' for no profile
# module: Perl Module name, equal to plugin name
# The profile list '!' make sense for plugins, which only provide alerting functions
#
# The module follows the standard Perl module conventions, with at least one
# function: Init(). See demoplugin.pm for a simple template.
#
# A file with the same name in the FRONTEND_PLUGINDIR and .php extension is automatically
# recongized as frontend plugin.
#
# Plugins are installed under
# $BACKEND_PLUGINDIR and $FRONTEND_PLUGINDIR
 
@plugins = (
# profile # module
[ 'live','PortTracker' ],
);
 
%PluginConf = (
# For plugin demoplugin
demoplugin => {
# scalar
param2 => 42,
# hash
param1 => { 'key' => 'value' },
},
# for plugin otherplugin
otherplugin => [
# array
'mary had a little lamb'
],
);
 
#
# Alert module: email alerting:
# Use this from address
$MAIL_FROM = 'your@from.example.net';
 
# Use this SMTP server
$SMTP_SERVER = 'localhost';
 
# Use this email body:
# You may have multiple lines of text.
# Var substitution:
# @alert@ replaced by alert name
# @timeslot@ replaced by timeslot alert triggered
$MAIL_BODY = q{
Alert '@alert@' triggered at timeslot @timeslot@
};
 
######################################################
#
# For the NfSen simulator include the section below.
#
######################################################
#
# Nfsen Simulator
# The simulator requires, that you have already installed
# and configured NfSen. The simulation is based on already
# pre-colleted data, which you may get from another live
# NfSen system.
#
# Steps to setup the NfSen simulator:
# 1. Configure the sources of the live profile with the
# same names of the NfSen system, you take netflow data
# for the simulation. Set the port for each netflow source
# to 0 to prevent a collector to be started.
# Install NfSen with this config in a seperate directory
# 2. Copy the pre-collected data into the appropriate
# netflow directory of the live profile.
# 3. Configure the simulator using the parameters below
# Enable Simulation mode => $SIMmode = 1
# Configure the time window of the pre-collected data.
# tstart => Start of time window. yyyymmddhhmm
# tbegin => Optional parameter. Start of simulation
# profile exists already between tstart - tbegin
# tend => End of time window. yyyymmddhhmm
# cycletime => simulation time in seconds of a 5min slot
# Setting cycletime = 0 processes the cycles as fast as
# possible. Please note, if you test plugings, your
# cycletime needs to be at least the time required to
# process all plugins.
# 4. Start nfsen: ../nfsen start
# Simulation starts
#
# The simulator runs from tstart to tend and stops when tend
# is reached. You may stop the simulation at any given time
# using ./nfsen stop. To continue the simulation start NfSen
# again: ./nfsen start. You may reset the simulator at any
# given time using ./nfsen abort-reset. This stops the sumulation
# and rolls back to tstart. All profiles/alerts are deleted,
# so you may start from scratch again.
#
# Configure simulator parameters
#
# $SIMmode = 1;
# %sim = (
# 'tstart' => '200707100000', # Simulation data available from July 10th 2007 00:00
# 'tbegin' => '200707110000', # Simulation begins at July 11th 2007 00:00
# 'tend' => '200707112355', # Simulation ends at July 11th 2007 23:55
# 'cycletime' => '30', # 30s per 5min slot
# );
 
/conf/nfsen/SURFmap_v3.3.1.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property
/scripts/alcasar-urpmi.sh
15,7 → 15,7
KERNEL="kernel-server-5.3.7-4.mga7-1-1.mga7"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
# perl-Socket6 : needed by nfsen
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-rrd unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch tinyproxy vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server wkhtmltopdf tcpdump"
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav perl-rrdtool perl-MailTools fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch tinyproxy vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server wkhtmltopdf perl-Socket6 tcpdump"
 
rpm_repository_sync ()
{
/scripts/alcasar-uninstall.sh
118,16 → 118,14
 
antivirus ()
{
echo -en "(6) : "
echo -en "(5) : "
if [ -e /etc/init.d/havp ]
then
[ -e /etc/havp/havp.config.default ] && mv /etc/havp/havp.config.default /etc/havp/havp.config && echo -n "1, "
[ -d /var/run/havp ] && rm -rf /var/run/havp && echo -n "2, "
userdel -r havp 2>/dev/null && echo -n "2, "
[ -e /etc/init.d/havp.default ] && mv /etc/init.d/havp.default /etc/init.d/havp && echo -n "3, "
[ -e /lib/systemd/system/havp.service ] && rm /lib/systemd/system/havp.service && echo -n "4, "
[ -e /etc/freshclam.conf.default ] && mv /etc/freshclam.conf.default /etc/freshclam.conf && echo -n "5, "
userdel -r havp 2>/dev/null && echo -n "6"
 
[ -e /etc/freshclam.conf.default ] && mv /etc/freshclam.conf.default /etc/freshclam.conf && echo -n "5"
else echo -n "already uninstalled"
fi
}
134,13 → 132,12
 
tinyproxy ()
{
echo -en "(3) : "
echo -en "(2) : "
if [ -e /etc/init.d/tinyproxy ]
then
[ -e /etc/tinyproxy/tinyproxy.conf.default ] && mv /etc/tinyproxy/tinyproxy.conf.default /etc/tinyproxy/tinyproxy.conf && echo -n "1, "
[ -d /var/run/tinyproxy ] && rm -rf /var/run/tinyproxy && echo -n "2, "
userdel -r tinyproxy 2>/dev/null && echo -n "3"
else echo -n "already uninstalled"
userdel -r tinyproxy 2>/dev/null && echo -n "2"
else echo -n "already uninstalled"
fi
}
 
159,9 → 156,8
 
nfsen ()
{
# we don't remove user "nfcapd" & nfcapd folders in order to keep data when updating
echo -en "(1) : "
[ -e /lib/systemd/system/nfcapd.service ] && rm -f /lib/systemd/system/nfcapd.service && echo -n "1"
[ -e /lib/systemd/system/nfsen.service ] && rm -f /lib/systemd/system/nfsen.service && echo -n "1"
}
 
vnstat ()
295,7 → 291,7
echo "----------------------------------------------------------------------------"
echo "** Uninstall/Désinstallation d'ALCASAR **"
echo "----------------------------------------------------------------------------"
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli"
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli"
/usr/local/bin/alcasar-logout.sh all # logout everybody
else
echo "--------------------------------------------------------------------------"
302,9 → 298,11
echo "** update/mise à jour d'ALCASAR **"
echo "--------------------------------------------------------------------------"
# unbound, iptables & sshd should stay on to allow remote update
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli"
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli"
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update
fi
old_services=" dnsmasq dnsmasq-blacklist dnsmasq-blackhole"
services+=$old_services
 
echo "Stopping services : "
/usr/local/bin/alcasar-sms.sh --stop
/scripts/alcasar-daemon.sh
16,7 → 16,7
LDAP=${LDAP:=off}
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2` # INTIF name
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2` # EXTIF name
SERVICES="mysqld lighttpd php-fpm ntpd havp unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd tinyproxy nfcapd e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
SERVICES="mysqld lighttpd php-fpm ntpd havp unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd tinyproxy nfsen e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
nb_available_srv=`echo $SERVICES|wc -w`
 
function ServiceTest () {