/alcasar.sh |
---|
224,14 → 224,17 |
fi |
fi |
# Test free space on /var |
free_space=`df -BG --output=avail /var|tail -1|tr -d '[:space:]G'` |
if [ $free_space -lt 10 ] |
if [ ! -d /var/log/netflow/porttracker ] |
then |
if [ $Lang == "fr" ] |
then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)" |
else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)" |
free_space=`df -BG --output=avail /var|tail -1|tr -d '[:space:]G'` |
if [ $free_space -lt 10 ] |
then |
if [ $Lang == "fr" ] |
then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)" |
else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)" |
fi |
exit 0 |
fi |
exit 0 |
fi |
# Detect external/internal interfaces |
239,8 → 242,8 |
EXTIF=$(/usr/sbin/ip route list | awk '/^default / {print $5}') |
if [ -z "$EXTIF" ]; then |
if [ "$Lang" == 'fr' ] |
then echo "Aucune passerelle par défaut configurée" |
else echo "No default gateway configured" |
then echo -n "Aucune passerelle par défaut configurée" |
else echo -n "No default gateway configured" |
fi |
exit 1 |
fi |
1072,8 → 1075,6 |
# under the terms of the GNU General Public License as published by |
# the Free Software Foundation; either version 2 of the License, or |
# (at your option) any later version. |
# This unit launches coova-chilli a captive portal |
[Unit] |
Description=chilli is a captive portal daemon |
After=network.target |
1485,15 → 1486,32 |
########################################################## |
## Function "nfsen" ## |
## - configure NetFlow collector (nfcapd) ## |
## - configure NetFlow grapher (nfsen-ng) ## |
## - install the nfsen grapher ## |
## - install the two plugins porttracker & surfmap ## |
########################################################## |
nfsen() |
{ |
groupadd -f nfcapd |
useradd -r -g nfcapd -s /bin/false -c "system user for nfcapd" nfcapd |
# nfcapd unit for systemd |
cat << EOF > /lib/systemd/system/nfcapd.service |
tar xzf ./conf/nfsen/nfsen-*.tar.gz -C /tmp/ |
# Add PortTracker plugin |
for i in /var/www/html/acc/manager/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins |
do |
[ ! -d $i ] && mkdir -p $i && chown -R apache:apache $i |
done |
$SED "s?^my \$PORTSDBDIR =.*?my \$PORTSDBDIR = \"/var/log/netflow/porttracker\";?g" /tmp/nfsen-*/contrib/PortTracker/PortTracker.pm |
# use of our conf file and init unit |
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-*/etc/ |
# Installation of nfsen (we change a little 'install.pl in order not to ask the user for the perl version) |
DirTmp=$(pwd) |
cd /tmp/nfsen-*/ || { echo "Unable to find nfsen directory"; exit 1; } |
/usr/bin/perl install.pl /tmp/nfsen-*/etc/nfsen.conf |
/usr/bin/perl install.pl /tmp/nfsen-*/etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable" |
# Create RRD DB for porttracker (only in it still doesn't exist) |
cp contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/ |
cp contrib/PortTracker/PortTracker.php /var/www/html/acc/manager/nfsen/plugins/ |
if [ "$(ls -A "/var/log/netflow/porttracker" 2>&1)" = "" ]; then sudo -u apache nftrack -I -d /var/log/netflow/porttracker; else echo "RRD DB already exists"; fi |
chmod -R 770 /var/log/netflow/porttracker |
# nfsen unit for systemd |
cat << EOF > /lib/systemd/system/nfsen.service |
# This file is part of systemd. |
# |
# systemd is free software; you can redistribute it and/or modify it |
1501,24 → 1519,42 |
# the Free Software Foundation; either version 2 of the License, or |
# (at your option) any later version. |
# This unit launches nfcapd (a Netflow collector). |
# This unit launches nfsen (a Netflow grapher). |
[Unit] |
Description=Netflow Capture Daemon |
After=network-online.target iptables.service |
Description= NfSen init script |
After=network.target iptables.service |
[Service] |
Type=exec |
PIDFile=/run/nfcapd/nfcapd.pid |
ExecStart=/usr/bin/nfcapd -w -D -b 127.0.0.1 -p 2055 -u nfcapd -g nfcapd -B 200000 -t 300 -S 7 -z -P /var/run/nfcapd/nfcapd.pid -I alcasar_netflow -l /var/log/nfsen/profile-data/live/alcasar_netflow |
ExecReload=/bin/kill -HUP $MAINPID |
Type=oneshot |
RemainAfterExit=yes |
PIDFile=/var/run/nfsen/nfsen.pid |
ExecStartPre=/bin/mkdir -p /var/run/nfsen |
ExecStartPre=/bin/chown apache:apache /var/run/nfsen |
ExecStart=/usr/bin/nfsen start |
ExecStop=/usr/bin/nfsen stop |
ExecReload=/usr/bin/nfsen restart |
TimeoutSec=0 |
[Install] |
WantedBy=multi-user.target |
EOF |
[ -e /var/log/nfsen/profile-data/live/alcasar_netflow ] || mkdir -p /var/log/nfsen/profile-data/live/alcasar_netflow |
[ -e /var/run/nfcapd ] || mkdir -p /var/run/nfcapd |
chown -R nfcapd:nfcapd /var/log/nfsen/profile-data/live/alcasar_netflow /var/run/nfcapd |
# chown -R apache:apache /var/www/html/acc/manager/nfsen-ng |
# Add the listen port to collect netflow packet (nfcapd) |
$SED 's?$ziparg $extensions.*?$ziparg $extensions -b 127.0.0.1";?g' /usr/libexec/NfSenRC.pm |
# expire delay for the profile "live" |
/usr/bin/systemctl start nfsen |
/bin/nfsen -m live -e 62d 2>/dev/null |
# add SURFmap plugin (waiting for new technical solution) |
# see https://adullact.net/forum/forum.php?thread_id=319545&forum_id=1601&group_id=450 |
# cp $DIR_CONF/nfsen/SURFmap_*.tar.gz /tmp/ |
# cp $DIR_CONF/nfsen/GeoLiteCity* /tmp/ |
# tar xzf /tmp/SURFmap_*.tar.gz -C /tmp/ |
# cd /tmp/ |
# /usr/bin/sh SURFmap/install.sh (no more used since Google sells the access to googleMap API) |
# clear the installation |
# rm -rf /tmp/SURFmap* |
rm -rf /tmp/nfsen-* |
cd $DirTmp || { echo "Unable to find $DirTmp directory"; exit 1; } |
chown -R apache:apache /var/www/html/acc/manager/nfsen /usr/share/nfsen /var/log/nfsen |
} # End of nfsen() |
########################################################### |
1901,10 → 1937,7 |
# Automatic renew the Let's Encrypt certificate (daily --> see "cron.daily") |
@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1 |
EOF |
cat <<EOF > /etc/cron.d/alcasar-nfcapd-expire |
# Remove netflow files older than one year |
@daily root /usr/bin/nfexpire -e /var/log/nfsen/profile-data/live/alcasar_netflow -t 365d |
EOF |
# removing the users crons |
rm -f /var/spool/cron/* |
} # End of cron() |
2201,7 → 2234,7 |
EOF |
/usr/bin/systemctl daemon-reload |
# processes launched at boot time (Systemctl) |
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd |
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfsen e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd |
do |
/usr/bin/systemctl -q enable $i.service |
done |
/conf/nfsen/nfsen-ng.tar.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/nfsen/GeoLiteCity.dat.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/conf/nfsen/GeoLiteCityv6.dat.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/conf/nfsen/nfsen-1.3.8.tar.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/conf/nfsen/patch1.diff |
---|
0,0 → 1,31 |
--- Nfcomm.pm.origin |
+++ Nfcomm.pm |
@@ -261,0 +262,25 @@ sub RunNfdump { |
+ #backward compatibility for filter checks |
+ if ( $args =~ s/(.*)\s?\-o\s+\"fmt:([^\"]*)\"\s?(.*)// ) { |
+ $$opts{'format'} = $2; |
+ $args = $1." ".$3; |
+ } |
+ my $format = $$opts{'format'}; |
+ if ( exists $$opts{'format'} and $$opts{'format'} ) { |
+ my @_tmp; |
+ foreach my $line ( split(/[^%a-z]/, $$opts{'format'}) ) { |
+ next if $line !~ /^\%/; |
+ |
+ unless ( $line =~ /^\%ff|ts|te|tr|td|pr|exp|eng|sa|da|sap|dap|sp|dp|sn|dn|nh|nhb|ra|sas|das|nas|pas|in|out|pkt|ipkt|opkt|byt|ibyt|obyt|fl|flg|tos|stos|dtos|dir|smk|dmk|fwd|svln|dvln|ismc|odmc|idmc|osmc|mpls1|mpls2|mpls3|mpls4|mpls5|mpls6|mpls7|mpls8|mpls9|mpls10|mpls|bps|pps|bpp|nfc|evt|xevt|msec|iacl|eacl|xsa|xda|xsp|xdp|xsap|xdap|uname|nevt|ivrf|evrf|nsa|nda|nsp|ndp|pbstart|pbend|pbstep|pbsize|cl|sl|al$/ ) { |
+ print $socket $EODATA; |
+ print $socket "ERR Illegal characters in format\n"; |
+ return; |
+ } |
+ } |
+ if ( $format =~ /[^\s!-~\n]+/ || $format =~ /['"`\\]/ ) { |
+ print $socket $EODATA; |
+ print $socket "ERR Illegal characters in format\n"; |
+ return; |
+ } |
+ $format = "-o \"fmt:".$$opts{'format'}."\""; |
+ } |
+ |
@@ -320 +345 @@ sub RunNfdump { |
- my $pid = open(NFDUMP, "$NfConf::PREFIX/nfdump $args '$filter' 2>&1|"); |
+ my $pid = open(NFDUMP, "$NfConf::PREFIX/nfdump $args $format '$filter' 2>&1|"); |
/conf/nfsen/patch2.diff |
---|
0,0 → 1,33 |
--- install.pl.origin |
+++ install.pl |
@@ -553,7 +553,7 @@ sub UpgradeProfiles { |
if( ! -f "$NfConf::PROFILEDATADIR/$profilepath/$channel/.nfstat") { |
# no shadow profile, but missing channel stat |
print "Rebuilding profile stats for '$profilegroup/$profilename'\n"; |
- NfProfile::DoRebuild(\%profileinfo, $profilename, $profilegroup, $profilepath, 1, 0); |
+ NfProfile::DoRebuild(*STDOUT, \%profileinfo, $profilename, $profilegroup, $profilepath, 1, 0); |
NfProfile::WriteProfile(\%profileinfo); |
} |
# make sure it's own by nfsen_uid after the rebuild |
diff --git a/libexec/NfProfile.pm b/libexec/NfProfile.pm |
index 1ca7436..d58fcd2 100644 |
--- libexec/NfProfile.pm.origin |
+++ libexec/NfProfile.pm |
@@ -3441,7 +3441,7 @@ sub CheckProfiles { |
} else { |
$profileinfo{'type'} = 1; |
} |
- my $status = DoRebuild(\%profileinfo, $profile, $profilegroup, $profilepath, 0, 0); |
+ my $status = DoRebuild(*STDOUT, \%profileinfo, $profile, $profilegroup, $profilepath, 0, 0); |
syslog('err', "Rebuilded profile '$profile' in group '$profilegroup': $status "); |
} |
if ( -f "$NfConf::PROFILESTATDIR/$profilepath/.CANCELED" ) { |
@@ -3453,7 +3453,7 @@ sub CheckProfiles { |
} else { |
$profileinfo{'type'} = 1; |
} |
- my $status = DoRebuild(\%profileinfo, $profile, $profilegroup, $profilepath, 0, 0); |
+ my $status = DoRebuild(*STDOUT, \%profileinfo, $profile, $profilegroup, $profilepath, 0, 0); |
syslog('err', "Rebuilded profile '$profile' in group '$profilegroup': $status "); |
} |
if ( $profileinfo{'locked'} ) { |
/conf/nfsen/Readme.alcasar |
---|
0,0 → 1,21 |
Just change the install script in order it doesn't ask for a perl version |
Line 94 |
------------- Before --------- |
if ( defined $whichperl ) { |
print "Perl to use: [$whichperl] "; |
chomp($ans = <STDIN>); |
if ( length $ans ) { |
$whichperl = $ans; |
} |
} else { |
print "No Perl found in your PATH. Please specify where to find perl [] "; |
chomp($whichperl = <STDIN>); |
} |
------------- After --------- |
if ( !defined $whichperl ) { |
print "No Perl found in your PATH. Please specify where to find perl [] "; |
chomp($whichperl = <STDIN>); |
} |
/conf/nfsen/nfsen.conf |
---|
0,0 → 1,300 |
############################## |
# |
# NfSen master config file |
# |
# $Id: nfsen-dist.conf 22 2007-11-20 12:27:38Z phaag $ |
# |
# Configuration of NfSen: |
# Set all the values to fit your NfSen setup and run the 'install.pl' |
# script from the nfsen distribution directory. |
# |
# The syntax must conform to Perl syntax. |
# |
############################## |
# |
# NfSen default layout: |
# Any scripts, modules or profiles are installed by default under $BASEDIR. |
# However, you may change any of these settings to fit your requested layout. |
# |
# Required for default layout |
$BASEDIR = "/usr"; |
# |
# Where to install the NfSen binaries |
$BINDIR="${BASEDIR}/bin"; |
# |
# Where to install the NfSen Perl modules |
$LIBEXECDIR="${BASEDIR}/libexec"; |
# |
# Where to install the config files |
$CONFDIR="/etc"; |
# |
# NfSen html pages directory: |
# All php scripts will be installed here. |
# URL: Entry point for nfsen: http://<webserver>/nfsen/nfsen.php |
$HTMLDIR = "/var/www/html/acc/manager/nfsen"; |
# |
# Where to install the docs |
$DOCDIR="${HTMLDIR}/doc"; |
# |
# Var space for NfSen |
$VARDIR="/var"; |
# directory for all pid files |
$PIDDIR="$VARDIR/run/nfsen"; |
# |
# Filter directory |
$FILTERDIR="$VARDIR/filters"; |
# |
# FORMATDIR for custom printing formats |
$FORMATDIR="$VARDIR/fmt"; |
# |
# |
# The Profiles stat directory, where all profile information |
# RRD DBs and png pictures of the profile are stored |
$PROFILESTATDIR="$VARDIR/log/nfsen/profiles-stat"; |
# |
# The Profiles directory, where all netflow data is stored |
$PROFILEDATADIR="$VARDIR/log/nfsen/profiles-data"; |
# |
# Where go all the backend plugins |
$BACKEND_PLUGINDIR="${BASEDIR}/share/nfsen/plugins"; |
# |
# Where go all the frontend plugins |
$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins"; |
# |
# nfdump tools path |
$PREFIX = '/usr/bin'; |
# |
# nfsend communication socket |
# $COMMSOCKET = "$PIDDIR/nfsen.comm"; |
# BASEDIR unrelated vars: |
# |
# Run nfcapd as this user |
# This may be a different or the same uid than your web server. |
# Note: This user must be in group $WWWGROUP, otherwise nfcapd |
# is not able to write data files! |
$USER = "apache"; |
# user and group of the web server process |
# All netflow processing will be done with this user |
$WWWUSER = "apache"; |
$WWWGROUP = "apache"; |
# Receive buffer size for nfcapd - see man page nfcapd(1) |
$BUFFLEN = 200000; |
# list of extensions for each collector. See argument -T |
# for nfcapd(1) for more detailes. |
# defaults to empty -> compatible to nfdump-1.5.8 |
# $EXTENSIONS = ''; |
# Example: |
# $EXTENSIONS = 'all'; |
# $EXTENSIONS = '+3,+4'; |
# |
# Directory sub hierarchy layout: |
# Possible layouts: |
# |
# 0 default no hierachy levels - flat layout - compatible with pre NfSen versions |
# 1 %Y/%m/%d year/month/day |
# 2 %Y/%m/%d/%H year/month/day/hour |
# 3 %Y/%W/%u year/week_of_year/day_of_week |
# 4 %Y/%W/%u/%H year/week_of_year/day_of_week/hour |
# 5 %Y/%j year/day-of-year |
# 6 %Y/%j/%H year/day-of-year/hour |
# 7 %Y-%m-%d year-month-day |
# 8 %Y-%m-%d/%H year-month-day/hour |
$SUBDIRLAYOUT = 7; |
# Compress flows while collecting 0 or 1 |
$ZIPcollected = 1; |
# Compress flows in profiles 0 or 1 |
$ZIPprofiles = 1; |
# Interrupt expire -- not yet enabled as not yet fully tested |
#$InterruptExpire = 0; |
# number of nfprofile processes to spawn during the profiling phase |
# depends on how busy your system is and how many CPUs you have |
# on very busy systems increase it to a higher value |
$PROFILERS = 2; |
# if the PROFILEDATADIR is filled up to this percentage, a warning message will be printed. |
# set to 0 to disable the test |
$DISKLIMIT = 98; |
# number of nfprofile processes to spawn during the profiling phase |
$PROFILERS = 6; |
# Netflow sources |
# Define an ident string, port and colour per netflow source |
# |
# Required parameters: |
# ident identifies this netflow source. e.g. the router name, |
# Upstream provider name etc. |
# port nfcapd listens on this port for netflow data for this source |
# set port to '0' if you do not want a collector to be started |
# col colour in nfsen graphs for this source |
# |
# Optional parameters |
# type Collector type needed for this source. Can be 'netflow' or 'sflow'. Default is netflow |
# optarg Optional args to the collector at startup |
# |
# Syntax: |
# 'ident' => { 'port' => '<portnum>', 'col' => '<colour>', 'type' => '<type>' } |
# Ident strings must be 1 to 19 characters long only, containing characters [a-zA-Z0-9_]. |
%sources = ( |
'alcasar_netflow' => { 'port' => '2055', 'col' => '#0000ff', 'type' => 'netflow' }, |
); |
# |
# Low water mark: When expiring files, delete files until |
# size = $low_water % of max_size |
# typically 90 |
$low_water = 90; |
# |
# syslog facility for periodic jobs |
# nfsen uses level 'debug', 'info', 'warning' and 'err' |
# Note: nfsen is very chatty for level 'debug' and 'info' |
# For normal operation, you may set the logging level in syslog.conf |
# to warning or error unless you want to debug NfSen |
$syslog_facility = 'local3'; |
# |
# SYSLOG mess |
# Log socket type: Most *NIX such as LINUX and *BSD are fine with 'unix' |
# which is the default. You need to change that to 'stream' or 'inet' for |
# some Solaris version 8/9, AIX and others .. |
# You may set it to undef to prevent calling Sys::Syslog::setlogsock at all |
# ( works for Solaris 10 and newer Sys::Syslog module |
# |
# If not defined at all, 'unix' is assumed unless for Solaris, which defaults to 'stream' |
# $LogSocket = 'unix'; |
# |
# Plugins |
# Plugins extend NfSen for the purpose of: |
# Periodic data processing, alerting-condition and alerting-action |
# For data processing a plugin may run for any profile or for a specific profile only. |
# Syntax: [ 'profile list', 'module' ] |
# profile list: ',' separated list of profiles ( 'profilegroup/profilename' ), |
# or '*' for any profile, '!' for no profile |
# module: Perl Module name, equal to plugin name |
# The profile list '!' make sense for plugins, which only provide alerting functions |
# |
# The module follows the standard Perl module conventions, with at least one |
# function: Init(). See demoplugin.pm for a simple template. |
# |
# A file with the same name in the FRONTEND_PLUGINDIR and .php extension is automatically |
# recongized as frontend plugin. |
# |
# Plugins are installed under |
# $BACKEND_PLUGINDIR and $FRONTEND_PLUGINDIR |
@plugins = ( |
# profile # module |
[ 'live','PortTracker' ], |
); |
%PluginConf = ( |
# For plugin demoplugin |
demoplugin => { |
# scalar |
param2 => 42, |
# hash |
param1 => { 'key' => 'value' }, |
}, |
# for plugin otherplugin |
otherplugin => [ |
# array |
'mary had a little lamb' |
], |
); |
# |
# Alert module: email alerting: |
# Use this from address |
$MAIL_FROM = 'your@from.example.net'; |
# Use this SMTP server |
$SMTP_SERVER = 'localhost'; |
# Use this email body: |
# You may have multiple lines of text. |
# Var substitution: |
# @alert@ replaced by alert name |
# @timeslot@ replaced by timeslot alert triggered |
$MAIL_BODY = q{ |
Alert '@alert@' triggered at timeslot @timeslot@ |
}; |
###################################################### |
# |
# For the NfSen simulator include the section below. |
# |
###################################################### |
# |
# Nfsen Simulator |
# The simulator requires, that you have already installed |
# and configured NfSen. The simulation is based on already |
# pre-colleted data, which you may get from another live |
# NfSen system. |
# |
# Steps to setup the NfSen simulator: |
# 1. Configure the sources of the live profile with the |
# same names of the NfSen system, you take netflow data |
# for the simulation. Set the port for each netflow source |
# to 0 to prevent a collector to be started. |
# Install NfSen with this config in a seperate directory |
# 2. Copy the pre-collected data into the appropriate |
# netflow directory of the live profile. |
# 3. Configure the simulator using the parameters below |
# Enable Simulation mode => $SIMmode = 1 |
# Configure the time window of the pre-collected data. |
# tstart => Start of time window. yyyymmddhhmm |
# tbegin => Optional parameter. Start of simulation |
# profile exists already between tstart - tbegin |
# tend => End of time window. yyyymmddhhmm |
# cycletime => simulation time in seconds of a 5min slot |
# Setting cycletime = 0 processes the cycles as fast as |
# possible. Please note, if you test plugings, your |
# cycletime needs to be at least the time required to |
# process all plugins. |
# 4. Start nfsen: ../nfsen start |
# Simulation starts |
# |
# The simulator runs from tstart to tend and stops when tend |
# is reached. You may stop the simulation at any given time |
# using ./nfsen stop. To continue the simulation start NfSen |
# again: ./nfsen start. You may reset the simulator at any |
# given time using ./nfsen abort-reset. This stops the sumulation |
# and rolls back to tstart. All profiles/alerts are deleted, |
# so you may start from scratch again. |
# |
# Configure simulator parameters |
# |
# $SIMmode = 1; |
# %sim = ( |
# 'tstart' => '200707100000', # Simulation data available from July 10th 2007 00:00 |
# 'tbegin' => '200707110000', # Simulation begins at July 11th 2007 00:00 |
# 'tend' => '200707112355', # Simulation ends at July 11th 2007 23:55 |
# 'cycletime' => '30', # 30s per 5min slot |
# ); |
/conf/nfsen/SURFmap_v3.3.1.tar.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/scripts/alcasar-urpmi.sh |
---|
15,7 → 15,7 |
KERNEL="kernel-server-5.3.7-4.mga7-1-1.mga7" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
# perl-Socket6 : needed by nfsen |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-rrd unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch tinyproxy vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server wkhtmltopdf tcpdump" |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav perl-rrdtool perl-MailTools fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch tinyproxy vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server wkhtmltopdf perl-Socket6 tcpdump" |
rpm_repository_sync () |
{ |
/scripts/alcasar-uninstall.sh |
---|
118,16 → 118,14 |
antivirus () |
{ |
echo -en "(6) : " |
echo -en "(5) : " |
if [ -e /etc/init.d/havp ] |
then |
[ -e /etc/havp/havp.config.default ] && mv /etc/havp/havp.config.default /etc/havp/havp.config && echo -n "1, " |
[ -d /var/run/havp ] && rm -rf /var/run/havp && echo -n "2, " |
userdel -r havp 2>/dev/null && echo -n "2, " |
[ -e /etc/init.d/havp.default ] && mv /etc/init.d/havp.default /etc/init.d/havp && echo -n "3, " |
[ -e /lib/systemd/system/havp.service ] && rm /lib/systemd/system/havp.service && echo -n "4, " |
[ -e /etc/freshclam.conf.default ] && mv /etc/freshclam.conf.default /etc/freshclam.conf && echo -n "5, " |
userdel -r havp 2>/dev/null && echo -n "6" |
[ -e /etc/freshclam.conf.default ] && mv /etc/freshclam.conf.default /etc/freshclam.conf && echo -n "5" |
else echo -n "already uninstalled" |
fi |
} |
134,13 → 132,12 |
tinyproxy () |
{ |
echo -en "(3) : " |
echo -en "(2) : " |
if [ -e /etc/init.d/tinyproxy ] |
then |
[ -e /etc/tinyproxy/tinyproxy.conf.default ] && mv /etc/tinyproxy/tinyproxy.conf.default /etc/tinyproxy/tinyproxy.conf && echo -n "1, " |
[ -d /var/run/tinyproxy ] && rm -rf /var/run/tinyproxy && echo -n "2, " |
userdel -r tinyproxy 2>/dev/null && echo -n "3" |
else echo -n "already uninstalled" |
userdel -r tinyproxy 2>/dev/null && echo -n "2" |
else echo -n "already uninstalled" |
fi |
} |
159,9 → 156,8 |
nfsen () |
{ |
# we don't remove user "nfcapd" & nfcapd folders in order to keep data when updating |
echo -en "(1) : " |
[ -e /lib/systemd/system/nfcapd.service ] && rm -f /lib/systemd/system/nfcapd.service && echo -n "1" |
[ -e /lib/systemd/system/nfsen.service ] && rm -f /lib/systemd/system/nfsen.service && echo -n "1" |
} |
vnstat () |
295,7 → 291,7 |
echo "----------------------------------------------------------------------------" |
echo "** Uninstall/Désinstallation d'ALCASAR **" |
echo "----------------------------------------------------------------------------" |
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli" |
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli" |
/usr/local/bin/alcasar-logout.sh all # logout everybody |
else |
echo "--------------------------------------------------------------------------" |
302,9 → 298,11 |
echo "** update/mise à jour d'ALCASAR **" |
echo "--------------------------------------------------------------------------" |
# unbound, iptables & sshd should stay on to allow remote update |
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
services="alcasar-load_balancing vnstat havp clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update |
fi |
old_services=" dnsmasq dnsmasq-blacklist dnsmasq-blackhole" |
services+=$old_services |
echo "Stopping services : " |
/usr/local/bin/alcasar-sms.sh --stop |
/scripts/alcasar-daemon.sh |
---|
16,7 → 16,7 |
LDAP=${LDAP:=off} |
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2` # INTIF name |
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2` # EXTIF name |
SERVICES="mysqld lighttpd php-fpm ntpd havp unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd tinyproxy nfcapd e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd" |
SERVICES="mysqld lighttpd php-fpm ntpd havp unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd tinyproxy nfsen e2guardian clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd" |
nb_available_srv=`echo $SERVICES|wc -w` |
function ServiceTest () { |