/scripts/alcasar-daemon.sh |
---|
10,7 → 10,7 |
conf_file="/usr/local/etc/alcasar.conf" |
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off) |
SSH=${SSH:=off} |
SERVICES="mysqld lighttpd ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat" |
SERVICES="mysqld lighttpd ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat" |
nb_available_srv=`echo $SERVICES|wc -w` |
function ServiceTest () { |
/scripts/alcasar-urpmi.sh |
---|
14,7 → 14,7 |
# The kernel version we compile netflow for |
KERNEL="kernel-server-4.14.30-3.mga6-1-1.mga6" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional" |
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional" |
rpm_repository_sync () |
{ |
/scripts/alcasar-iptables.sh |
---|
42,7 → 42,7 |
SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2` |
SSH_ADMIN_FROM=${SSH_ADMIN_FROM:="0.0.0.0/0.0.0.0"} # WAN IP address to reduce ssh access (all ip allowed on LAN side) |
IPTABLES="/sbin/iptables" |
IP_REHABILITEES="/etc/e2guardian/lists/exceptioniplist" # Rehabilitated IP |
IP_REHABILITEES="/etc/dansguardian/lists/exceptioniplist" # Rehabilitated IP |
SITE_DIRECT="/usr/local/etc/alcasar-site-direct" # Site Direct (no havp and no filtrage) for user BL |
# Sauvegarde des SET des utilisateurs connectés si ils existent |
159,8 → 159,8 |
# Mark packets that attempt to directly access a server without authentication with proxy client to reject them in INPUT rules |
#$IPTABLES -A PREROUTING -t mangle -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp -m tcp --dport 80 -m string --string 'GET http' --algo bm --from 50 --to 70 -j MARK --set-mark 10 |
# Marquage (et journalisation) des paquets qui tentent d'accéder directement au 8080 (E2Guardian) pour pouvoir les rejeter en INPUT |
# Mark (and log) the direct attempts to TCP port 8090 (e2guardian) in order to REJECT them in INPUT rules |
# Marquage (et journalisation) des paquets qui tentent d'accéder directement au 8080 (DansGuardian) pour pouvoir les rejeter en INPUT |
# Mark (and log) the direct attempts to TCP port 8090 (dansguardian) in order to REJECT them in INPUT rules |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -p tcp -d $PRIVATE_IP -m tcp --dport 8080 -j NFLOG --nflog-group 1 --nflog-prefix "RULE direct-proxy -- DENY " |
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -d $PRIVATE_IP -p tcp -m tcp --dport 8080 -j MARK --set-mark 1 |
211,8 → 211,8 |
# Redirect HTTP of 'havp_wl' users who want IP not in the WL to ALCASAR ('access denied' page) |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_wl src -m set ! --match-set wl_ip_allowed dst -p tcp --dport http -j REDIRECT --to-port 80 |
# Redirection des requêtes HTTP sortantes des usagers 'havp_bl' vers E2Guardian |
# Redirect outbound HTTP requests of "BL" users to E2Guardian (transparent proxy) |
# Redirection des requêtes HTTP sortantes des usagers 'havp_bl' vers DansGuardian |
# Redirect outbound HTTP requests of "BL" users to DansGuardian (transparent proxy) |
# $IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl src -m set ! --match-set site_direct dst ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080 |
# Redirection des requêtes HTTP sortantes des usager 'havp_wl' et 'havp' vers Tinyproxy |
257,12 → 257,12 |
# Conntrack on INPUT |
$IPTABLES -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT |
# On interdit les connexions directes au port utilisé par E2Guardian (8080). Les packets concernés ont été marqués et loggués dans la table mangle (PREROUTING) |
# Deny direct connections on E2Guardian port (8080). The concerned paquets have been marked and logged in mangle table (PREROUTING) |
# On interdit les connexions directes au port utilisé par DansGuardian (8080). Les packets concernés ont été marqués et loggués dans la table mangle (PREROUTING) |
# Deny direct connections on DansGuardian port (8080). The concerned paquets have been marked and logged in mangle table (PREROUTING) |
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport 8080 -m mark --mark 1 -j REJECT --reject-with tcp-reset |
# Autorisation des connexions légitimes à E2Guardian |
# Allow connections for E2Guardian |
# Autorisation des connexions légitimes à DansGuardian |
# Allow connections for DansGuardian |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8080 -m conntrack --ctstate NEW --syn -j ACCEPT |
# On interdit les connexions directes au port utilisé par tinyproxy (8090). Les packets concernés ont été marqués et loggués dans la table mangle (PREROUTING) |
452,8 → 452,8 |
# Allow DNS requests to identified DNS servers |
$IPTABLES -A OUTPUT -o $EXTIF -d $DNSSERVERS -p udp --dport domain -m conntrack --ctstate NEW -j ACCEPT |
# On autorise les requêtes HTTP avec log Netflow (en provenance de E2guardian) |
# HTTPS requests are allowed with netflow log (from E2guardian) |
# On autorise les requêtes HTTP avec log Netflow (en provenance de Dansguardian) |
# HTTPS requests are allowed with netflow log (from Dansguardian) |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT |
/scripts/alcasar-rpm-download.sh |
---|
13,7 → 13,7 |
# The kernel version we compile netflow for |
KERNEL="kernel-server-4.14.20-1.mga6-1-1.mga6" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional" |
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional" |
rpm_repository_sync () |
{ |
/scripts/alcasar-uninstall.sh |
---|
101,17 → 101,17 |
[ -e /lib/systemd/system/chilli.service ] && rm /lib/systemd/system/chilli.service && echo -n "4" |
} |
e2guardian () |
dansguardian () |
{ |
echo -en "(8) : " |
[ -d /var/e2guardian ] && rm -rf /var/e2guardian && echo -n "1, " |
[ -e /etc/e2guardian/e2guardian.conf.default ] && mv /etc/e2guardian/e2guardian.conf.default /etc/e2guardian/e2guardian.conf && echo -n "2, " |
[ -e /etc/e2guardian/lists/bannedphraselist.default ] && mv /etc/e2guardian/lists/bannedphraselist.default /etc/e2guardian/lists/bannedphraselist && echo -n "3, " |
[ -e /etc/e2guardian/e2guardianf1.conf.default ] && mv /etc/e2guardian/e2guardianf1.conf.default /etc/e2guardian/e2guardianf1.conf && echo -n "4, " |
[ -e /etc/e2guardian/lists/bannedextensionlist.default ] && mv /etc/e2guardian/lists/bannedextensionlist.default /etc/e2guardian/lists/bannedextensionlist && echo -n "5, " |
[ -e /etc/e2guardian/lists/bannedmimetypelist.default ] && mv /etc/e2guardian/lists/bannedmimetypelist.default /etc/e2guardian/lists/bannedmimetypelist && echo -n "6, " |
[ -e /etc/e2guardian/lists/exceptioniplist.default ] && mv /etc/e2guardian/lists/exceptioniplist.default /etc/e2guardian/lists/exceptioniplist && echo -n "7, " |
[ -e /etc/e2guardian/lists/bannedsitelist.default ] && mv /etc/e2guardian/lists/bannedsitelist.default /etc/e2guardian/lists/bannedsitelist && echo -n "8" |
[ -d /var/dansguardian ] && rm -rf /var/dansguardian && echo -n "1, " |
[ -e /etc/dansguardian/dansguardian.conf.default ] && mv /etc/dansguardian/dansguardian.conf.default /etc/dansguardian/dansguardian.conf && echo -n "2, " |
[ -e /etc/dansguardian/lists/bannedphraselist.default ] && mv /etc/dansguardian/lists/bannedphraselist.default /etc/dansguardian/lists/bannedphraselist && echo -n "3, " |
[ -e /etc/dansguardian/dansguardianf1.conf.default ] && mv /etc/dansguardian/dansguardianf1.conf.default /etc/dansguardian/dansguardianf1.conf && echo -n "4, " |
[ -e /etc/dansguardian/lists/bannedextensionlist.default ] && mv /etc/dansguardian/lists/bannedextensionlist.default /etc/dansguardian/lists/bannedextensionlist && echo -n "5, " |
[ -e /etc/dansguardian/lists/bannedmimetypelist.default ] && mv /etc/dansguardian/lists/bannedmimetypelist.default /etc/dansguardian/lists/bannedmimetypelist && echo -n "6, " |
[ -e /etc/dansguardian/lists/exceptioniplist.default ] && mv /etc/dansguardian/lists/exceptioniplist.default /etc/dansguardian/lists/exceptioniplist && echo -n "7, " |
[ -e /etc/dansguardian/lists/bannedsitelist.default ] && mv /etc/dansguardian/lists/bannedsitelist.default /etc/dansguardian/lists/bannedsitelist && echo -n "8" |
} |
antivirus () |
285,7 → 285,7 |
echo "----------------------------------------------------------------------------" |
echo "** Uninstall/Désinstallation d'ALCASAR **" |
echo "----------------------------------------------------------------------------" |
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian dnsmasq sshd chilli" |
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian dnsmasq sshd chilli" |
/usr/local/bin/alcasar-logout.sh all # logout everybody |
else |
echo "--------------------------------------------------------------------------" |
292,7 → 292,7 |
echo "** update/mise à jour d'ALCASAR **" |
echo "--------------------------------------------------------------------------" |
# dnsmasq & sshd should stay on to allow remote update |
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian chilli" |
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update |
fi |
326,7 → 326,7 |
/usr/bin/systemctl reload sshd |
fi |
echo "Reset ALCASAR main functions : " |
for func in init ACC CA time_server init_db freeradius chilli e2guardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq cron fail2ban gammu_smsd msec letsencrypt post_install |
for func in init ACC CA time_server init_db freeradius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq cron fail2ban gammu_smsd msec letsencrypt post_install |
do |
echo -en "\n- $func " |
$func |
/scripts/alcasar-activity_report.sh |
---|
156,7 → 156,7 |
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ] |
then |
VALUE=$(cat /etc/e2guardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6) |
VALUE=$(cat /etc/dansguardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6) |
echo ${LINE_HTML/XXMAJBLXX/$VALUE} >> $HTML_REPORT |
elif [ $(echo $LINE_HTML | grep 'XXRPMXX' | wc -l) -eq 1 ] |
165,7 → 165,7 |
#get timestamp of X day ago. Then we get every packets chich have been updated since this date. |
if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ] |
then |
PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|e2guardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget' |
PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget' |
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR |
do |
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1) |
/scripts/alcasar-conf.sh |
---|
21,7 → 21,7 |
DIR_BIN="/usr/local/bin" # scripts directory |
DIR_ETC="/usr/local/etc" # conf directory |
DIR_SHARE="/usr/local/share" # data directory |
DIR_BLACKLIST="/etc/e2guardian/lists/blacklists" # Toulouse BL directory |
DIR_BLACKLIST="/etc/dansguardian/lists/blacklists" # Toulouse BL directory |
CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
87,12 → 87,12 |
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE |
# backup BL/WL custom files |
mkdir $DIR_UPDATE/custom_bl |
cp -f /etc/e2guardian/lists/exceptioniplist $DIR_UPDATE/custom_bl/ |
cp -f /etc/e2guardian/lists/urlregexplist $DIR_UPDATE/custom_bl/ |
cp -f /etc/e2guardian/lists/exceptionsitelist $DIR_UPDATE/custom_bl/ |
cp -f /etc/e2guardian/lists/bannedsitelist $DIR_UPDATE/custom_bl/ |
cp -f /etc/e2guardian/lists/exceptionurllist $DIR_UPDATE/custom_bl/ |
cp -f /etc/e2guardian/lists/bannedurllist $DIR_UPDATE/custom_bl/ |
cp -f /etc/dansguardian/lists/exceptioniplist $DIR_UPDATE/custom_bl/ |
cp -f /etc/dansguardian/lists/urlregexplist $DIR_UPDATE/custom_bl/ |
cp -f /etc/dansguardian/lists/exceptionsitelist $DIR_UPDATE/custom_bl/ |
cp -f /etc/dansguardian/lists/bannedsitelist $DIR_UPDATE/custom_bl/ |
cp -f /etc/dansguardian/lists/exceptionurllist $DIR_UPDATE/custom_bl/ |
cp -f /etc/dansguardian/lists/bannedurllist $DIR_UPDATE/custom_bl/ |
cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null |
# backup of different conf files (main conf file, filtering, digest, etc) |
mkdir $DIR_UPDATE/etc/ |
134,15 → 134,15 |
# Retrieve local parameters |
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/ |
# Retrieve BL/WL custom files |
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/e2guardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/bannedsitelist /etc/e2guardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/exceptionurllist /etc/e2guardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/bannedurllist /etc/e2guardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/dansguardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/dansguardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/dansguardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/bannedsitelist /etc/dansguardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/exceptionurllist /etc/dansguardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/bannedurllist /etc/dansguardian/lists/ |
cp -rf $DIR_UPDATE/custom_bl/ossi-* $DIR_BLACKLIST/ 2>/dev/null |
chown -R e2guardian:apache /etc/e2guardian/lists |
chmod -R g+rw /etc/e2guardian/lists |
chown -R dansguardian:apache /etc/dansguardian/lists |
chmod -R g+rw /etc/dansguardian/lists |
# Adapt DNS/URL filtering |
PARENT_SCRIPT=`basename $0` |
export PARENT_SCRIPT |
360,7 → 360,7 |
# tinyproxy |
$SED "s?^Listen.*?Listen $PRIVATE_IP?g" /etc/tinyproxy/tinyproxy.conf |
# DG + BL |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/e2guardian/e2guardian.conf |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf |
# Watchdog |
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh |
# Prompts |
/scripts/alcasar-bl.sh |
---|
6,8 → 6,8 |
# by Franck BOUIJOUX and Richard REY |
# This script is distributed under the Gnu General Public License (GPL) |
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via E2guardian) |
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (E2guardian) |
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian) |
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian) |
DIR_CONF="/usr/local/etc" |
CONF_FILE="$DIR_CONF/alcasar.conf" |
18,7 → 18,7 |
DIR_WL_tmp="/tmp/whitelists" |
FILE_tmp="/tmp/filesfilter.txt" |
FILE_ip_tmp="/tmp/filesipfilter.txt" |
DIR_DG="/etc/e2guardian/lists" |
DIR_DG="/etc/dansguardian/lists" |
DIR_DG_BL="$DIR_DG/blacklists" |
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories |
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" # ' ' WL categories |
65,7 → 65,7 |
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` |
do |
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES |
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES |
ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE |
ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE |
# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # Blacklisted domains are managed by dnsmasq |
82,7 → 82,7 |
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED` |
do |
$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES |
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES |
ln -sf $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE |
done |
sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp |
154,7 → 154,7 |
rm -rf $DIR_DG_BL $DIR_IP_BL |
mkdir $DIR_DG_BL $DIR_IP_BL |
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/ |
chown -R e2guardian:apache $DIR_DG |
chown -R dansguardian:apache $DIR_DG |
chmod -R 770 $DIR_DG |
# Add the two local categories (ossi-bl & ossi-wl) to the usage file |
# Add the custom categories (ossi-tor_nodes) to the usage file |
238,7 → 238,7 |
if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist |
then |
touch $PATH_FILE/urls |
chown e2guardian:apache $PATH_FILE/urls |
chown dansguardian:apache $PATH_FILE/urls |
fi |
cp $PATH_FILE/domains $FILE_tmp |
clean_split # clean ossi custom files & split them for dnsmasq and for iptables |
294,7 → 294,7 |
done |
/usr/bin/systemctl restart dnsmasq-whitelist |
/usr/bin/systemctl restart dnsmasq-blacklist |
/usr/bin/systemctl restart e2guardian |
/usr/bin/systemctl restart dansguardian |
/usr/local/bin/alcasar-iptables.sh |
else |
echo -n "/usr/local/etc/update_cat.conf is empty ..." |
350,7 → 350,7 |
if [ $enabled == "1" ] |
then |
$SED "/\/$ossi_categorie$/d" $WL_CATEGORIES |
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ossi_categorie" $WL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $WL_CATEGORIES |
ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie |
ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie |
fi |
363,7 → 363,7 |
if [ $enabled == "1" ] |
then |
$SED "/\/$ossi_categorie$/d" $BL_CATEGORIES |
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ossi_categorie" $BL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $BL_CATEGORIES |
ln -sf $DIR_DNS_BL/$ossi_categorie.conf $DIR_DNS_BL_ENABLED/$ossi_categorie |
ln -sf $DIR_IP_BL/$ossi_categorie $DIR_IP_BL_ENABLED/$ossi_categorie |
fi |
/scripts/alcasar-url_filter_bl.sh |
---|
11,7 → 11,7 |
# Active / désactive : le filtrage des url contenant une adresse ip à la place d'un nom de domaine |
# Enable / disable : filter of urls containing ip address instead of domain name |
DIR_DG="/etc/e2guardian/lists" |
DIR_DG="/etc/dansguardian/lists" |
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf" |
CONF_FILE="/usr/local/etc/alcasar.conf" |
SED="/bin/sed -i" |
85,6 → 85,6 |
else |
$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist |
fi |
systemctl restart e2guardian |
systemctl restart dansguardian |
systemctl restart dnsmasq-blacklist |
fi |