| /CHANGELOG |
|---|
| 3,7 → 3,6 |
| ********** ALCASAR CHANGELOG ********** |
| CHANGES |
| - add an other filter when importing the blacklist to remove line beginning with a dot |
| - improve tcpdump filter when IoT live captures |
| BUGS |
| - Fix a display bug in ACC activity page |
| - When blacklisted, display the categories even if the domain name contains a private prefix (ie mycompagny.whereby.com) |
| /scripts/alcasar-bl.sh |
|---|
| 94,7 → 94,8 |
| # cleaning file and split it ("domains" in $FILE_tmp & "IP" in $FILE_ip_tmp) |
| function clean_split (){ |
| $SED '/^[.#]/d' $FILE_tmp # remove commented lines and lines beginning with a dot |
| $SED '/^#/d' $FILE_tmp # remove commented lines |
| $SED '/^\./d' $FILE_tmp # remove lines beginning with a dot |
| $SED '/^\s*$/d' $FILE_tmp # remove empty lines |
| $SED '/[äâëêïîöôüû@,]/d' $FILE_tmp # remove line with "chelou" characters |
| # extract ip addresses and ip networks for iptables. |
| /scripts/alcasar-iot_capture.sh |
|---|
| 31,7 → 31,7 |
| function launch |
| { |
| # capture only one @MAC, on $INTIF, max filesize=10M, without flows to PRIVATE_IP except DNS |
| sudo tcpdump "ether host $1 and (host not $PRIVATE_IP or port 53)" -i $INTIF -n -C 10 -W 1 -w /var/Save/iot_captures/$1.pcap |
| tcpdump "ether host $1 && (host $PRIVATE_IP && port 53) || host not $PRIVATE_IP" -i $INTIF -n -C 10 -W 1 -w /var/Save/iot_captures/$1.pcap |
| } |
| function flush |