BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 1150

  → / @ 1154

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

No changes between revisions

Ignore whitespace Rev 1150 → Rev 1154

/VERSION
1,0 → 0,0
2.7.1
2.7

/conf/nfsen/nfsen.conf
0,0 → 1,301
##############################
#
# NfSen master config file
#
# $Id: nfsen-dist.conf 22 2007-11-20 12:27:38Z phaag $
#
# Configuration of NfSen:
# Set all the values to fit your NfSen setup and run the 'install.pl'
# script from the nfsen distribution directory.
#
# The syntax must conform to Perl syntax.
#
##############################
#
# NfSen default layout:
# Any scripts, modules or profiles are installed by default under $BASEDIR.
# However, you may change any of these settings to fit your requested layout.
#
# Required for default layout
$BASEDIR = "/usr";
#
# Where to install the NfSen binaries
$BINDIR="${BASEDIR}/bin";
#
# Where to install the NfSen Perl modules
$LIBEXECDIR="${BASEDIR}/libexec";
#
# Where to install the config files
$CONFDIR="${BASEDIR}/etc";
#
# NfSen html pages directory:
# All php scripts will be installed here.
# URL: Entry point for nfsen: http://<webserver>/nfsen/nfsen.php
$HTMLDIR = "/var/www/nfsen";
#
# Where to install the docs
$DOCDIR="${HTMLDIR}/doc";
#
# Var space for NfSen
$VARDIR="/var/";
# directory for all pid files
$PIDDIR="$VARDIR/run";
#
# Filter directory
$FILTERDIR="$VARDIR/filters";
#
# FORMATDIR for custom printing formats
$FORMATDIR="$VARDIR/fmt";
#
#
# The Profiles stat directory, where all profile information
# RRD DBs and png pictures of the profile are stored
$PROFILESTATDIR="$VARDIR/log/nfsen/profiles-stat";
#
# The Profiles directory, where all netflow data is stored
$PROFILEDATADIR="$VARDIR/log/nfsen/profiles-data";
#
# Where go all the backend plugins
$BACKEND_PLUGINDIR="${BASEDIR}/share/nfsen/plugins";
#
# Where go all the frontend plugins
$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";
#
# nfdump tools path
$PREFIX = '/usr/bin';
#
# nfsend communication socket
# $COMMSOCKET = "$PIDDIR/nfsen.comm";
# BASEDIR unrelated vars:
#
# Run nfcapd as this user
# This may be a different or the same uid than your web server.
# Note: This user must be in group $WWWGROUP, otherwise nfcapd
# is not able to write data files!
$USER = "apache";
# user and group of the web server process
# All netflow processing will be done with this user
$WWWUSER = "apache";
$WWWGROUP = "apache";
# Receive buffer size for nfcapd - see man page nfcapd(1)
$BUFFLEN = 200000;
# list of extensions for each collector. See argument -T
# for nfcapd(1) for more detailes.
# defaults to empty -> compatible to nfdump-1.5.8
# $EXTENSIONS = '';
# Example:
# $EXTENSIONS = 'all';
# $EXTENSIONS = '+3,+4';
#
# Directory sub hierarchy layout:
# Possible layouts:
#
# 0 default no hierachy levels - flat layout - compatible with pre NfSen versions
# 1 %Y/%m/%d year/month/day
# 2 %Y/%m/%d/%H year/month/day/hour
# 3 %Y/%W/%u year/week_of_year/day_of_week
# 4 %Y/%W/%u/%H year/week_of_year/day_of_week/hour
# 5 %Y/%j year/day-of-year
# 6 %Y/%j/%H year/day-of-year/hour
# 7 %Y-%m-%d year-month-day
# 8 %Y-%m-%d/%H year-month-day/hour
$SUBDIRLAYOUT = 7;
# Compress flows while collecting 0 or 1
$ZIPcollected = 1;
# Compress flows in profiles 0 or 1
$ZIPprofiles = 1;
# Interrupt expire -- not yet enabled as not yet fully tested
#$InterruptExpire = 0;
# number of nfprofile processes to spawn during the profiling phase
# depends on how busy your system is and how many CPUs you have
# on very busy systems increase it to a higher value
$PROFILERS = 2;
# if the PROFILEDATADIR is filled up to this percentage, a warning message will be printed.
# set to 0 to disable the test
$DISKLIMIT = 98;
# number of nfprofile processes to spawn during the profiling phase
$PROFILERS = 6;
# Netflow sources
# Define an ident string, port and colour per netflow source
#
# Required parameters:
# ident identifies this netflow source. e.g. the router name,
# Upstream provider name etc.
# port nfcapd listens on this port for netflow data for this source
# set port to '0' if you do not want a collector to be started
# col colour in nfsen graphs for this source
#
# Optional parameters
# type Collector type needed for this source. Can be 'netflow' or 'sflow'. Default is netflow
# optarg Optional args to the collector at startup
#
# Syntax:
# 'ident' => { 'port' => '<portnum>', 'col' => '<colour>', 'type' => '<type>' }
# Ident strings must be 1 to 19 characters long only, containing characters [a-zA-Z0-9_].
%sources = (
'ipt_netflow' => { 'port' => '2055', 'col' => '#0000ff', 'type' => 'netflow' },
);
#
# Low water mark: When expiring files, delete files until
# size = $low_water % of max_size
# typically 90
$low_water = 90;
#
# syslog facility for periodic jobs
# nfsen uses level 'debug', 'info', 'warning' and 'err'
# Note: nfsen is very chatty for level 'debug' and 'info'
# For normal operation, you may set the logging level in syslog.conf
# to warning or error unless you want to debug NfSen
$syslog_facility = 'local3';
#
# SYSLOG mess
# Log socket type: Most *NIX such as LINUX and *BSD are fine with 'unix'
# which is the default. You need to change that to 'stream' or 'inet' for
# some Solaris version 8/9, AIX and others ..
# You may set it to undef to prevent calling Sys::Syslog::setlogsock at all
# ( works for Solaris 10 and newer Sys::Syslog module
#
# If not defined at all, 'unix' is assumed unless for Solaris, which defaults to 'stream'
# $LogSocket = 'unix';
#
# Plugins
# Plugins extend NfSen for the purpose of:
# Periodic data processing, alerting-condition and alerting-action
# For data processing a plugin may run for any profile or for a specific profile only.
# Syntax: [ 'profile list', 'module' ]
# profile list: ',' separated list of profiles ( 'profilegroup/profilename' ),
# or '*' for any profile, '!' for no profile
# module: Perl Module name, equal to plugin name
# The profile list '!' make sense for plugins, which only provide alerting functions
#
# The module follows the standard Perl module conventions, with at least one
# function: Init(). See demoplugin.pm for a simple template.
#
# A file with the same name in the FRONTEND_PLUGINDIR and .php extension is automatically
# recongized as frontend plugin.
#
# Plugins are installed under
# $BACKEND_PLUGINDIR and $FRONTEND_PLUGINDIR
@plugins = (
# profile # module
[ 'ALCASAR','PortTracker' ],
);
%PluginConf = (
# For plugin demoplugin
demoplugin => {
# scalar
param2 => 42,
# hash
param1 => { 'key' => 'value' },
},
# for plugin otherplugin
otherplugin => [
# array
'mary had a little lamb'
],
);
#
# Alert module: email alerting:
# Use this from address
$MAIL_FROM = 'your@from.example.net';
# Use this SMTP server
$SMTP_SERVER = 'localhost';
# Use this email body:
# You may have multiple lines of text.
# Var substitution:
# @alert@ replaced by alert name
# @timeslot@ replaced by timeslot alert triggered
$MAIL_BODY = q{
Alert '@alert@' triggered at timeslot @timeslot@
};
######################################################
#
# For the NfSen simulator include the section below.
#
######################################################
#
# Nfsen Simulator
# The simulator requires, that you have already installed
# and configured NfSen. The simulation is based on already
# pre-colleted data, which you may get from another live
# NfSen system.
#
# Steps to setup the NfSen simulator:
# 1. Configure the sources of the live profile with the
# same names of the NfSen system, you take netflow data
# for the simulation. Set the port for each netflow source
# to 0 to prevent a collector to be started.
# Install NfSen with this config in a seperate directory
# 2. Copy the pre-collected data into the appropriate
# netflow directory of the live profile.
# 3. Configure the simulator using the parameters below
# Enable Simulation mode => $SIMmode = 1
# Configure the time window of the pre-collected data.
# tstart => Start of time window. yyyymmddhhmm
# tbegin => Optional parameter. Start of simulation
# profile exists already between tstart - tbegin
# tend => End of time window. yyyymmddhhmm
# cycletime => simulation time in seconds of a 5min slot
# Setting cycletime = 0 processes the cycles as fast as
# possible. Please note, if you test plugings, your
# cycletime needs to be at least the time required to
# process all plugins.
# 4. Start nfsen: ../nfsen start
# Simulation starts
#
# The simulator runs from tstart to tend and stops when tend
# is reached. You may stop the simulation at any given time
# using ./nfsen stop. To continue the simulation start NfSen
# again: ./nfsen start. You may reset the simulator at any
# given time using ./nfsen abort-reset. This stops the sumulation
# and rolls back to tstart. All profiles/alerts are deleted,
# so you may start from scratch again.
#
# Configure simulator parameters
#
# $SIMmode = 1;
# %sim = (
# 'tstart' => '200707100000', # Simulation data available from July 10th 2007 00:00
# 'tbegin' => '200707110000', # Simulation begins at July 11th 2007 00:00
# 'tend' => '200707112355', # Simulation ends at July 11th 2007 23:55
# 'cycletime' => '30', # 30s per 5min slot
# );
1;

/conf/nfsen/nfsen-1.3.6p1.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property

/conf/nfsen/nfsen-init~
0,0 → 1,35
#!/bin/sh
#
# chkconfig: 345 90 10
#
# Init script launching the nfsen service at the startup.
. /etc/init.d/functions
# Include nfcapd defaults if available
if [ -f /etc/sysconfig/nfsen ] ; then
. /etc/sysconfig/nfsen
fi
case "$1" in
start)
/usr/bin/nfsen start
;;
stop)
/usr/bin/nfsen stop
;;
restart)
/usr/bin/nfsen restart
;;
status)
/usr/bin/nfsen status
exit 4
;;
*)
gprintf "Usage: %s {start|stop|status|restart}\n" "$N"
;;
esac
exit 0

/conf/nfsen/nfsen-init
0,0 → 1,42
#!/bin/sh
#
# chkconfig: 345 90 10
# description : Init script launching the nfsen service at the startup.
### BEGIN INIT INFO
# Provides: nfsen
# Should-Start: ntp
# Should-Stop:
# Default-Start: 3 4 5
# Description: Init script launching the nfsen service at the startup.
### END INIT INFO
. /etc/init.d/functions
# Include nfcapd defaults if available
if [ -f /etc/sysconfig/nfsen ] ; then
. /etc/sysconfig/nfsen
fi
case "$1" in
start)
/usr/bin/nfsen start
;;
stop)
/usr/bin/nfsen stop
;;
restart)
/usr/bin/nfsen restart
;;
status)
/usr/bin/nfsen status
exit 4
;;
*)
gprintf "Usage: %s {start|stop|status|restart}\n" "$N"
;;
esac
exit 0

/conf/nfsen/PortTracker.pm
0,0 → 1,322
#!/usr/bin/perl
#
# Copyright (c) 2004, SWITCH - Teleinformatikdienste fuer Lehre und Forschung
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of SWITCH nor the names of its contributors may be
# used to endorse or promote products derived from this software without
# specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# $Author: peter $
#
# $Id: PortTracker.pm 27 2011-12-29 12:53:29Z peter $
#
# $LastChangedRevision: 27 $
# Demo plugin for NfSen
#
# This plugin demonstrates the use of plugins
package PortTracker;
use strict;
use NfSen;
use NfConf;
#
# The plugin may send any messages to syslog
# Do not initialize syslog, as this is done by
# the main process nfsen-run
use Sys::Syslog;
our $VERSION = 130;
our %cmd_lookup = (
'get-portgraph' => \&GetPortGraph,
'get-topN' => \&GetTopN,
);
my ( $nftrack, $PROFILEDATADIR );
my $PORTSDBDIR = "/var/log/netflow/porttracker";
my $EODATA = ".\n";
# colours used in graphs
# if more than 12 graphs are drawn ( does this really make sense ? )
# the same colours are used again
my @colour = (
'#ff0000', '#ff8000', '#ffff00', '#80ff00', '#00ff00',
'#00ff80', '#00ffff', '#0080ff', '#0000ff', '#8000ff',
'#ff00ff', '#ff0080'
);
sub GetTopN {
my $socket = shift;
my $opts = shift;
my $interval;
if ( !exists $$opts{'interval'} ) {
$interval = 1;
} else {
$interval = $$opts{'interval'};
}
print $socket ".Get topN ports\n";
my $statfile = $interval == 24 ? 'portstat24.txt' : 'portstat.txt';
print $socket ".topN ports $PORTSDBDIR/$statfile\n";
if ( !open STAT, "$PORTSDBDIR/$statfile" ) {
print $socket $EODATA;
print $socket "ERR Open statfile '$PORTSDBDIR/$statfile': $!\n";
return;
}
print $socket ".topN read ports\n";
while ( <STAT> ) {
chomp;
print $socket "_topN=$_\n";
}
print $socket $EODATA;
print $socket "OK Command completed\n",
} # End of GetPortGraph
sub GetPortGraph {
my $socket = shift;
my $opts = shift;
# get all arguments:
# Example:
# proto typw logscale light tstart tend topN track_list
# tcp flows 0 0 1116495000 1116581400 '22 445 135 1433' '80 143'
if ( !exists $$opts{'arg'} ) {
print $socket $EODATA;
print $socket "ERR Missing Arguments.\n";
}
my $ARGS = $$opts{'arg'};
my $proto = shift @$ARGS; # 'tcp' or 'udp'
my $type = shift @$ARGS; # 'flows', 'packets' or 'bytes'
my $logscale = shift @$ARGS; # 0 or 1
my $stacked = shift @$ARGS; # 0 or 1
my $light = shift @$ARGS; # 0 or 1
my $tstart = shift @$ARGS; # start time - UNIX format
my $tend = shift @$ARGS; # end time - UNIX format
my $topN = shift @$ARGS; # TopN port list: string: ' ' separated port list
my $track_list = shift @$ARGS; # Static track port list: string: ' ' separated port list
my $skip_list = shift @$ARGS; # Static skip port list: string: ' ' separated port list
if ( !defined $proto || !defined $type || !defined $logscale || !defined $stacked ||
!defined $light || !defined $tstart || !defined $tend || !defined $topN ||
!defined $track_list || !defined $skip_list ) {
print $socket $EODATA;
print $socket "ERR Argument Error.\n";
return;
}
my @skipPorts = split '-', $skip_list;
my @topN = split '-', $topN;
my @track_list = split '-', $track_list;
# remove the common ports in both lists from the dynamic topN list
my %_tmp;
@_tmp{@track_list} = @track_list;
delete @_tmp{@topN};
@track_list = sort keys %_tmp;
# %_tmp = ();
# @_tmp{@topN} = @topN;
# delete @_tmp{@skipPorts};
# @topN = keys %_tmp;
%_tmp = ();
my @_tmp;
@_tmp{@skipPorts} = @skipPorts;
foreach my $port ( @topN ) {
push @_tmp, $port unless exists $_tmp{$port};
}
@topN = @_tmp;
my $datestr = scalar localtime($tstart) . " - " . scalar localtime($tend);
my $title = uc($proto) . " " . ucfirst($type);
my @DEFS = ();
# Compile rrd args
my @rrdargs = ();
push @rrdargs, "-"; # output graphics to stdout
foreach my $port ( @topN, @track_list ) {
# assemble filename
my $fileident = $port >> 10;
my $rrdfile = "$PORTSDBDIR/${proto}-${type}-$fileident.rrd";
# which ident in this rrd file
my $ident = $port & 1023; # 0x0000001111111111 mask
push @rrdargs, "DEF:Port${port}=$rrdfile:p${ident}:AVERAGE";
}
push @rrdargs, "--start", "$tstart";
push @rrdargs, "--end", "$tend";
push @rrdargs, "--title", "$datestr - $title" unless $light;
push @rrdargs, "--vertical-label", "$title" unless $light;
# lin or log graph?
push @rrdargs, "--logarithmic" if $logscale;
if ( $light ) {
push @rrdargs, "-w";
push @rrdargs, "288";
push @rrdargs, "-h";
push @rrdargs, "150";
push @rrdargs, "--no-legend"; # no legend in small pictures
} else {
push @rrdargs, "-w";
push @rrdargs, "576";
push @rrdargs, "-h";
push @rrdargs, "300";
}
my $i=0;
my $area_set = 0;
my $n = scalar @topN;
push @rrdargs, "COMMENT:Top $n Ports\\n";
if ( $stacked && scalar @topN ) {
my $port = shift @topN;
push @rrdargs, "AREA:Port${port}$colour[$i]:Port ${port}";
$i++;
$area_set = 1;
foreach my $port ( @topN ) {
push @rrdargs, "STACK:Port${port}$colour[$i]:Port ${port}";
$i++;
}
} else {
foreach my $port ( @topN ) {
push @rrdargs, "LINE1:Port${port}$colour[$i]:Port ${port}";
$i++;
}
}
if ( scalar @track_list) {
push @rrdargs, "COMMENT:\\n";
push @rrdargs, "COMMENT:\\n";
push @rrdargs, "COMMENT:Tracked Ports\\n";
}
if ( $stacked && scalar @track_list) {
if ( !$area_set ) {
my $port = shift @track_list;
push @rrdargs, "AREA:Port${port}$colour[$i]:Port ${port}";
$i++;
}
foreach my $port ( @track_list ) {
push @rrdargs, "STACK:Port${port}$colour[$i]:Port ${port}";
$i++;
}
} else {
foreach my $port ( @track_list ) {
push @rrdargs, "LINE2:Port${port}$colour[$i]:Port ${port}";
$i++;
}
}
if ( scalar @skipPorts) {
push @rrdargs, "COMMENT:\\n";
push @rrdargs, "COMMENT:\\n";
my $portlist = join ',', @skipPorts;
push @rrdargs, "COMMENT:Skipped Ports $portlist\\n";
}
my ($averages,$xsize,$ysize) = RRDs::graph( @rrdargs );
if (my $ERROR = RRDs::error) {
print "ERROR: $ERROR\n";
}
} # End of GenPortGraph
sub nftrack_execute {
my $command = shift;
syslog('debug', $command);
my $ret = system($command);
if ( $ret == - 1 ) {
syslog('err', "Failed to execute nftrack: $!\n");
} elsif ($ret & 127) {
syslog('err', "nftrack died with signal %d, %s coredump\n", ($ret & 127), ($ret & 128) ? 'with' : 'without');
} else {
syslog('debug', "nftrack exited with value %d\n", $ret >> 8);
}
} # End of nftrack_execute
#
# Periodic function
# input: hash reference including the items:
# 'profile' profile name
# 'profilegroup' profile group
# 'timeslot' time of slot to process: Format yyyymmddHHMM e.g. 200503031200
sub run {
my $argref = shift;
my $profile = $$argref{'profile'};
my $profilegroup = $$argref{'profilegroup'};
my $timeslot = $$argref{'timeslot'};
syslog('debug', "PortTracker run: Profile: $profile, Time: $timeslot");
my %profileinfo = NfProfile::ReadProfile($profile);
my $netflow_sources = "$PROFILEDATADIR/$profile/$profileinfo{'sourcelist'}";
#
# process all sources of this profile at once
my $command = "$nftrack -L $NfConf::syslog_facility -M $netflow_sources -r nfcapd.$timeslot -d $PORTSDBDIR -A -t $timeslot -s -p -w $PORTSDBDIR/portstat.txt";
nftrack_execute($command);
$command = "$nftrack -d $PORTSDBDIR -S -p -w $PORTSDBDIR/portstat24.txt";
nftrack_execute($command);
#
# Process the output and notify the duty team
syslog('debug', "PortTracker run: Done.");
} # End of run
sub Init {
syslog("info", "PortTracker: Init");
# Init some vars
$nftrack = "$NfConf::PREFIX/nftrack";
$PROFILEDATADIR = "$NfConf::PROFILEDATADIR";
return 1;
}
sub Cleanup {
syslog("info", "PortTracker Cleanup");
# not used here
}
1;

/conf/nfsen/nfsen.conf~
0,0 → 1,301
##############################
#
# NfSen master config file
#
# $Id: nfsen-dist.conf 22 2007-11-20 12:27:38Z phaag $
#
# Configuration of NfSen:
# Set all the values to fit your NfSen setup and run the 'install.pl'
# script from the nfsen distribution directory.
#
# The syntax must conform to Perl syntax.
#
##############################
#
# NfSen default layout:
# Any scripts, modules or profiles are installed by default under $BASEDIR.
# However, you may change any of these settings to fit your requested layout.
#
# Required for default layout
$BASEDIR = "/usr";
#
# Where to install the NfSen binaries
$BINDIR="${BASEDIR}/bin";
#
# Where to install the NfSen Perl modules
$LIBEXECDIR="${BASEDIR}/libexec";
#
# Where to install the config files
$CONFDIR="${BASEDIR}/etc";
#
# NfSen html pages directory:
# All php scripts will be installed here.
# URL: Entry point for nfsen: http://<webserver>/nfsen/nfsen.php
$HTMLDIR = "/var/www/nfsen";
#
# Where to install the docs
$DOCDIR="${HTMLDIR}/doc";
#
# Var space for NfSen
$VARDIR="/var/";
# directory for all pid files
$PIDDIR="$VARDIR/run";
#
# Filter directory
$FILTERDIR="$VARDIR/filters";
#
# FORMATDIR for custom printing formats
$FORMATDIR="$VARDIR/fmt";
#
#
# The Profiles stat directory, where all profile information
# RRD DBs and png pictures of the profile are stored
$PROFILESTATDIR="$VARDIR/log/nfsen/profiles-stat";
#
# The Profiles directory, where all netflow data is stored
$PROFILEDATADIR="$VARDIR/log/nfsen/profiles-data";
#
# Where go all the backend plugins
$BACKEND_PLUGINDIR="${BASEDIR}/share/nfsen/plugins";
#
# Where go all the frontend plugins
$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";
#
# nfdump tools path
$PREFIX = '/usr/bin';
#
# nfsend communication socket
# $COMMSOCKET = "$PIDDIR/nfsen.comm";
# BASEDIR unrelated vars:
#
# Run nfcapd as this user
# This may be a different or the same uid than your web server.
# Note: This user must be in group $WWWGROUP, otherwise nfcapd
# is not able to write data files!
$USER = "apache";
# user and group of the web server process
# All netflow processing will be done with this user
$WWWUSER = "apache";
$WWWGROUP = "apache";
# Receive buffer size for nfcapd - see man page nfcapd(1)
$BUFFLEN = 200000;
# list of extensions for each collector. See argument -T
# for nfcapd(1) for more detailes.
# defaults to empty -> compatible to nfdump-1.5.8
# $EXTENSIONS = '';
# Example:
# $EXTENSIONS = 'all';
# $EXTENSIONS = '+3,+4';
#
# Directory sub hierarchy layout:
# Possible layouts:
#
# 0 default no hierachy levels - flat layout - compatible with pre NfSen versions
# 1 %Y/%m/%d year/month/day
# 2 %Y/%m/%d/%H year/month/day/hour
# 3 %Y/%W/%u year/week_of_year/day_of_week
# 4 %Y/%W/%u/%H year/week_of_year/day_of_week/hour
# 5 %Y/%j year/day-of-year
# 6 %Y/%j/%H year/day-of-year/hour
# 7 %Y-%m-%d year-month-day
# 8 %Y-%m-%d/%H year-month-day/hour
$SUBDIRLAYOUT = 7;
# Compress flows while collecting 0 or 1
$ZIPcollected = 1;
# Compress flows in profiles 0 or 1
$ZIPprofiles = 1;
# Interrupt expire -- not yet enabled as not yet fully tested
#$InterruptExpire = 0;
# number of nfprofile processes to spawn during the profiling phase
# depends on how busy your system is and how many CPUs you have
# on very busy systems increase it to a higher value
$PROFILERS = 2;
# if the PROFILEDATADIR is filled up to this percentage, a warning message will be printed.
# set to 0 to disable the test
$DISKLIMIT = 98;
# number of nfprofile processes to spawn during the profiling phase
$PROFILERS = 6;
# Netflow sources
# Define an ident string, port and colour per netflow source
#
# Required parameters:
# ident identifies this netflow source. e.g. the router name,
# Upstream provider name etc.
# port nfcapd listens on this port for netflow data for this source
# set port to '0' if you do not want a collector to be started
# col colour in nfsen graphs for this source
#
# Optional parameters
# type Collector type needed for this source. Can be 'netflow' or 'sflow'. Default is netflow
# optarg Optional args to the collector at startup
#
# Syntax:
# 'ident' => { 'port' => '<portnum>', 'col' => '<colour>', 'type' => '<type>' }
# Ident strings must be 1 to 19 characters long only, containing characters [a-zA-Z0-9_].
%sources = (
'ipt_netflow' => { 'port' => '2055', 'col' => '#0000ff', 'type' => 'netflow' },
);
#
# Low water mark: When expiring files, delete files until
# size = $low_water % of max_size
# typically 90
$low_water = 90;
#
# syslog facility for periodic jobs
# nfsen uses level 'debug', 'info', 'warning' and 'err'
# Note: nfsen is very chatty for level 'debug' and 'info'
# For normal operation, you may set the logging level in syslog.conf
# to warning or error unless you want to debug NfSen
$syslog_facility = 'local3';
#
# SYSLOG mess
# Log socket type: Most *NIX such as LINUX and *BSD are fine with 'unix'
# which is the default. You need to change that to 'stream' or 'inet' for
# some Solaris version 8/9, AIX and others ..
# You may set it to undef to prevent calling Sys::Syslog::setlogsock at all
# ( works for Solaris 10 and newer Sys::Syslog module
#
# If not defined at all, 'unix' is assumed unless for Solaris, which defaults to 'stream'
# $LogSocket = 'unix';
#
# Plugins
# Plugins extend NfSen for the purpose of:
# Periodic data processing, alerting-condition and alerting-action
# For data processing a plugin may run for any profile or for a specific profile only.
# Syntax: [ 'profile list', 'module' ]
# profile list: ',' separated list of profiles ( 'profilegroup/profilename' ),
# or '*' for any profile, '!' for no profile
# module: Perl Module name, equal to plugin name
# The profile list '!' make sense for plugins, which only provide alerting functions
#
# The module follows the standard Perl module conventions, with at least one
# function: Init(). See demoplugin.pm for a simple template.
#
# A file with the same name in the FRONTEND_PLUGINDIR and .php extension is automatically
# recongized as frontend plugin.
#
# Plugins are installed under
# $BACKEND_PLUGINDIR and $FRONTEND_PLUGINDIR
@plugins = (
# profile # module
[ 'live','PortTracker' ],
);
%PluginConf = (
# For plugin demoplugin
demoplugin => {
# scalar
param2 => 42,
# hash
param1 => { 'key' => 'value' },
},
# for plugin otherplugin
otherplugin => [
# array
'mary had a little lamb'
],
);
#
# Alert module: email alerting:
# Use this from address
$MAIL_FROM = 'your@from.example.net';
# Use this SMTP server
$SMTP_SERVER = 'localhost';
# Use this email body:
# You may have multiple lines of text.
# Var substitution:
# @alert@ replaced by alert name
# @timeslot@ replaced by timeslot alert triggered
$MAIL_BODY = q{
Alert '@alert@' triggered at timeslot @timeslot@
};
######################################################
#
# For the NfSen simulator include the section below.
#
######################################################
#
# Nfsen Simulator
# The simulator requires, that you have already installed
# and configured NfSen. The simulation is based on already
# pre-colleted data, which you may get from another live
# NfSen system.
#
# Steps to setup the NfSen simulator:
# 1. Configure the sources of the live profile with the
# same names of the NfSen system, you take netflow data
# for the simulation. Set the port for each netflow source
# to 0 to prevent a collector to be started.
# Install NfSen with this config in a seperate directory
# 2. Copy the pre-collected data into the appropriate
# netflow directory of the live profile.
# 3. Configure the simulator using the parameters below
# Enable Simulation mode => $SIMmode = 1
# Configure the time window of the pre-collected data.
# tstart => Start of time window. yyyymmddhhmm
# tbegin => Optional parameter. Start of simulation
# profile exists already between tstart - tbegin
# tend => End of time window. yyyymmddhhmm
# cycletime => simulation time in seconds of a 5min slot
# Setting cycletime = 0 processes the cycles as fast as
# possible. Please note, if you test plugings, your
# cycletime needs to be at least the time required to
# process all plugins.
# 4. Start nfsen: ../nfsen start
# Simulation starts
#
# The simulator runs from tstart to tend and stops when tend
# is reached. You may stop the simulation at any given time
# using ./nfsen stop. To continue the simulation start NfSen
# again: ./nfsen start. You may reset the simulator at any
# given time using ./nfsen abort-reset. This stops the sumulation
# and rolls back to tstart. All profiles/alerts are deleted,
# so you may start from scratch again.
#
# Configure simulator parameters
#
# $SIMmode = 1;
# %sim = (
# 'tstart' => '200707100000', # Simulation data available from July 10th 2007 00:00
# 'tbegin' => '200707110000', # Simulation begins at July 11th 2007 00:00
# 'tend' => '200707112355', # Simulation ends at July 11th 2007 23:55
# 'cycletime' => '30', # 30s per 5min slot
# );
1;

/CHANGELOG
1,17 → 1,8
# $Id$
************ CHANGELOG ***********
---------------------- 2.7.1 -----------------
BUGs
- Fix multi-users voucher
- Fix a mageia2 bug in network function
NEWS
- Add 2 examples of "uamalowed and uamdomain" files with several microsoft update domains
- Show the blacklist category in "Acces denied" page
- Watchdog : don't disconnect MAC auth equipments even if they can't be reached (arping)
---------------------- 2.7 -----------------
BUGs
- some corrections in the connection popup
BUGs - some corrections in the connection popup
- test if categories enabled of the BL are effectively in the BL (need after an update of the BL)
NEWS
- Installation with Mageia2
36,7 → 27,7
- show the GPL
---------------------- 2.6.0.1 -----------------
Bugs
- the deleted library fpdf has been restored
- the deleted library fpdf has been restored
- the mysqld and radiusd services are restarted when ALCASAR is launched
---------------------- 2.6 --------------------
Bugs

/scripts/alcasar-watchdog.sh
4,6 → 4,7
# alcasar-watchdog.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet
# il déconnecte les usagers dont
# - les équipements réseau ne répondent plus
11,7 → 12,7
# This script tells users that Internet access is down
# it logs out users whose
# - PCs are quiet
# - MAC address is used by other systems (usurped)
# - MAC address are in used by other systems (usurped)
EXTIF="eth0"
INTIF="eth1"
18,8 → 19,7
conf_file="/usr/local/etc/alcasar.conf"
private_ip_mask=`grep PRIVATE_IP= $conf_file|cut -d"=" -f2`
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1` # @ip du portail (côté LAN)
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address
tmp_file="/tmp/watchdog.txt"
DIR_WEB="/var/www/html"
Index_Page="$DIR_WEB/index.php"
27,7 → 27,7
IFS=$'\n'
function lan_down_alert ()
# users are redirected on ALCASAR IP address if a LAN problem is detected
# users are redirected on ALCASAR IP address if LAN Pb detected
{
case $LAN_DOWN in
"1")
42,7 → 42,7
;;
esac
net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
if [ $net_pb = "0" ] # user alert
if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas).
then
/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page
/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf
123,7 → 123,7
done
rm $tmp_file
fi
# process each equipment known by chilli
# on traite chaque équipements connus de chilli
for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
do
active_ip=`echo $system |cut -d" " -f2`
130,20 → 130,16
active_session=`echo $system |cut -d" " -f5`
active_mac=`echo $system | cut -d" " -f1`
active_user=`echo $system |cut -d" " -f6`
# process only equipment with an authenticated user
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)
if [[ $(expr $active_session) -eq 1 ]]
then
then
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
# store @IP of quiet equipments
# on stocke les adresses IP des stations muettes
if [[ $(expr $arp_reply) -eq 0 ]]
then
PTN='^[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]$'
if [[ $(expr $active_user : $PTN) -eq 0 ]] # don't process @mac auth equipments
then
echo "$active_ip $active_mac $active_user" >> $tmp_file
fi
echo "$active_ip $active_mac $active_user" >> $tmp_file
fi
# disconnect users whose equipement is usurped (@MAC)
# on deconnecte l'usager d'une stations usurpée (@MAC)
if [[ $(expr $arp_reply) -gt 2 ]]
then
echo "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/logs/security/watchdog.log

/scripts/alcasar-archive.sh
6,12 → 6,12
# This script is distributed under the Gnu General Public License (GPL)
# Script permettant
# - d'exporter dans un seul fichier les logs de traçabilités et la base des usagers (à des fins d'archivages).
# - d'exporter les logs de traçabilités et la base des usagers à des fins d'archivages.
# - Une fonction de chiffrement des logs a été implémentée dans ce script. Lisez la documentation d'exploitation pour l'activer.
# - nettoyage des archives supérieures à 1 an (365 jours)
# This script allows
# - export in one file the log files and user's base (in order to archive them).
# - export log files and user's base in order to archive them.
# - a cypher fonction allows to protect these files. Read the exploit documentation to enable it.
# - delete backup files older than one year (365 days)
27,7 → 27,7
EXPIRE_DAY=365 # Nbre de jour avant suppression des fichiers journaux
CRYPT="0" # chiffrement des logs ( 0=non / 1=oui --> Signature = 1(implicite))
SIGN="0" # Signature/empreinte des logs ( 0=non / 1=oui ) ATTENTION : nécessite la clé privée !!!
GPG_USER="" # utilisateur autorisé à déchiffrer les logs. Sa clé publique doit être connu dans le portefeuille gnupg de root (/root/.gnupg)
GPG_USER="OSSI-CIRISI-Lyon" # utilisateur autorisé à déchiffrer les logs. Sa clé publique doit être connu dans le portefeuille gnupg de root (/root/.gnupg)
usage="Usage: alcasar-archive.sh {--clean or -c} | {--now or -n}"
90,12 → 90,15
}
fi
rm -rf /tmp/archive-*
chown root:apache $DIR_ARCHIVE/*
chown apache:apache $TO_SAVE/
;;
--update | -u)
# Mise à niveau de l'architecture d'export/archivage
[ -d /tmp/save ] || mkdir -p /tmp/save
[ -d $DIR_ARCHIVE/ ] || mkdir -p $DIR_ARCHIVE/ # utile une seule fois mais crée le répertoire si nécessaire
# copie de l'archive au cas où ...
rm -f $(ls *[0-9]) # effacer les fichiers n'ayant pas été compressés
mv $TO_SAVE/firewall/tracabilite-* $DIR_ARCHIVE/.
;;
*)
echo "Unknown argument :$1";

/scripts/alcasar-iptables-bypass.sh
72,9 → 72,10
if [ $SSH = on ]
then
$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-LAN -- ACCEPT"
$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW --syn -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-WAN -- ACCEPT"
$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport ssh -m state --state ESTABLISHED -j ACCEPT
fi
# Insertion de règles locales

/scripts/alcasar-iptables.sh
45,6 → 45,9
TUNIF="tun0" # listen device for chilli daemon
IPTABLES="/sbin/iptables"
#lancement du module kernel ipt_NETFLOW (module iptables)
modprobe ipt_NETFLOW destination=127.0.0.1:2055
# Effacement des règles existantes
# Flush all existing rules
$IPTABLES -F
132,6 → 135,7
# On autorise les retours de connexions légitimes par INPUT
# Conntrack on INPUT
#$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j NETFLOW
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# On interdit les connexions directes au port utilisé par DansGuardian (8080). Les packets concernés ont été marqués dans la table mangle (PREROUTING)
154,6 → 158,8
fi
# Autorisation des connexions légitimes à DansGuardian
# Allow connections for DansGuardian
#Flux netflow des requêtes HTTP à destination de DansGuardian
#$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8080 -j NETFLOW
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8080 -m state --state NEW --syn -j ACCEPT
# On interdit les connexions directes au port UDP 54. Les packets concernés ont été marqués dans la table mangle (PREROUTING)
249,7 → 255,6
#fi
# Autorisation des retours de connexions légitimes
# Allow conntrack
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# If protocols filter is activate
261,6 → 266,7
while read ip_exception
do
$IPTABLES -A FORWARD -i $TUNIF -s $ip_exception -m state --state NEW -j ULOG --ulog-prefix "RULE IP-exception -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -s $ip_exception -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $ip_exception -m state --state NEW -j ACCEPT
done < /usr/local/etc/alcasar-filter-exceptions
fi
272,6 → 278,7
do
ip_allowed=`echo $ip_allowed_line|cut -d"\"" -f2`
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ULOG --ulog-prefix "RULE IP-allowed -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ACCEPT
done < /usr/local/etc/alcasar-uamallowed
fi
286,11 → 293,15
svc_port=`echo $svc_line|cut -d" " -f2`
if [ $svc_name = "icmp" ]
then
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp -j ACCEPT
else
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j ULOG --ulog-prefix "RULE F_TCP-$svc_name -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j ULOG --ulog-prefix "RULE F_UDP-$svc_name -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j ACCEPT
fi
fi
311,18 → 322,19
# Autorisation des connections sortant du LAN
# Allow forward connections with log
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j ULOG --ulog-prefix "RULE F_all -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j ACCEPT
#############################
# OUTPUT #
#############################
# On autorise les retours de connexions légitimes par OUTPUT
# Conntrack on OUTPUT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# On laisse tout sortir sur INTIF
# Everything is allowed only on INTIF
# SSHD rules if activate
if [ $SSH = on ]
then
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport ssh -m state --state ESTABLISHED -j ACCEPT
fi
# On laisse tout sortir sur toutes les cartes sauf celle qui est connectée sur l'extérieur
# Everything is allowed but traffic through outside network interface
$IPTABLES -A OUTPUT ! -o $EXTIF -j ACCEPT
# On autorise les requêtes DNS vers les serveurs DNS identifiés
331,6 → 343,7
# On autorise les requêtes HTTP sortantes
# HTTP requests are allowed
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
# On autorise les requêtes FTP
337,6 → 350,7
# FTP requests are allowed
modprobe ip_conntrack_ftp
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
# On autorise les requêtes NTP
# NTP requests are allowed
356,6 → 370,7
# $IPTABLES -A INPUT -p udp -s $LDAP_IP -m multiports --sports ldap,ldaps -m state --state ESTABLISHED -j ACCEPT
fi
#############################
# POSTROUTING #
#############################

/scripts/alcasar-conf.sh
386,8 → 386,6
$SED "s?^\$organisme = .*?\$organisme = \"$ORGANISME\";?g" /var/www/html/intercept.php /var/www/html/status.php
# dhcp (coova + dnsmasq)
$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode
# awstat
$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf
# dnsmasq
$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf
for i in /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf

/scripts/alcasar-urpmi.sh
12,8 → 12,7
VERSION="2"
ARCH="i586"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="sudo freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb logwatch ntp awstats bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy php-mbstring"
PACKAGES="sudo freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb logwatch ntp bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy php-mbstring perl-rrdtool perl-MailTools perl-Socket6 php-sockets kernel-desktop-3.4.45-1.mga2-1-1.mga2"
rpm_repository_sync ()
{
cat <<EOF > /etc/urpmi/urpmi.cfg
228,4 → 227,20
[ -e /tmp/chilli.conf ] && mv /tmp/chilli.conf /etc/
# Clean the RPM cache
urpmi --clean
#Keep only kernel-desktop-3.4.45-1.mga2-1-1.mga2 version, and remove all others
kernelVersion=$(rpm -qa | grep "kernel-desktop")
for i in $kernelVersion
do
if [ ! $i = "kernel-desktop-3.4.45-1.mga2-1-1.mga2" ];then
urpme $i
fi
done
#Fix the kernel version to : kernel-desktop-3.4.45-1.mga2-1-1.mga2
echo "/^kernel-desktop/" > /etc/urpmi/skip.list
#update tht kernel modules list
depmod -a
exit 0

/scripts/sbin/alcasar-uninstall.sh
15,7 → 15,7
echo "-----------------------------------------------------------------------------"
echo
#services_stop
for i in squid ntpd iptables ulogd dansguardian chilli httpd radiusd freshclam havp dnsmasq mysqld named dhcpd
for i in squid ntpd iptables ulogd dansguardian chilli httpd radiusd freshclam havp dnsmasq mysqld named dhcpd nfsen
do
[ -e /etc/init.d/$i ] && /sbin/chkconfig --del $i && /etc/init.d/$i stop && killall $i 2>/dev/null
done
132,11 → 132,6
fi
sleep 1
#awstats
echo -en "\n- awstats(1) : "
[ -e /etc/awstats/awstats.conf.default ] && mv /etc/awstats/awstats.conf.default /etc/awstats/awstats.conf && echo -n "1"
sleep 1
#DnsMasq
echo -en "\n- dnsmasq(4) : "
if [ -e /etc/init.d/dnsmasq ]
177,7 → 172,6
[ -e /etc/cron.d/alcasar-clean_log ] && rm -f /etc/cron.d/alcasar-clean_log && echo -n "5, "
[ -e /etc/cron.d/alcasar-clean_import ] && rm -f /etc/cron.d/alcasar-clean_import && echo -n "6, "
[ -e /etc/cron.d/alcasar-distrib-updates ] && rm -f /etc/cron.d/alcasar-distrib-updates && echo -n "7, "
[ -e /etc/cron.d/awstats ] && rm -f /etc/cron.d/awstats && echo -n "8, "
[ -e /etc/cron.d/freeradius-web ] && rm -f /etc/cron.d/freeradius-web && echo -n "9, "
[ -e /etc/cron.d/alcasar-watchdog ] && rm -f /etc/cron.d/alcasar-watchdog && echo -n "10"
rm -f /etc/cron.d/coova /etc/cron.d/alcasar-bl_download
225,4 → 219,4
echo
# suppression des exceptions de mises à jours ( coova-chilli et freeradius)
sed -i '/coova.*/d' /etc/urpmi/skip.list
sed -i '/coova.*/d' /etc/urpmi/skip.list

/scripts/sbin/alcasar-dhcp.sh
67,7 → 67,7
$SED "s?^DHCP.*?DHCP=off?g" $ALCASAR_CONF_FILE
if [ "$EXT_DHCP_IP" != "none" ]
then
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcprelayagent.*?dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
else
84,7 → 84,7
$SED "s?^dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE
$SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=none?g" $ALCASAR_CONF_FILE
99,7 → 99,7
$SED "s?^dynip.*?dynip\t\t$PRIVATE_DYN_IP?g" $CHILLI_CONF_FILE
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_DYN_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_DYN_FIRST_IP,$PRIVATE_DYN_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=none?g" $ALCASAR_CONF_FILE

/readme.txt
1,6 → 1,6
$Id: readme-2.0.txt 581 2011-04-21 16:59:59Z richard $
Alcasar-2.7.1
Alcasar-2.7
*********** English **********
- New installation : Need the CD dual architecture (32b and 64b) of Linux Mageia2 (Mageia-2-dual-CD.iso).

/web/acc/about.htm
70,7 → 70,7
<TABLE width="100%" border="1" cellspacing="0" cellpadding="0">
<TR>
<TD align="center"><A HREF=javascript:ouvrir("http://www.linux.org")><img border="0" src="/images/footer_linux.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.mageia.org")><img border="0" src="/images/footer_mageia.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.mandriva.com")><img border="0" src="/images/footer_mandriva.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.coova.org/CoovaChilli")><img border="0" src="/images/footer_coova.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.freeradius.org")><img border="0" src="/images/footer_freeradius.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.mysql.com")><img border="0" src="/images/footer_mysql.png"></A></TD>

/web/acc/stat.php
3,13 → 3,13
$select[0]="$l_stat_user_day";
$select[1]="$l_stat_con";
$select[2]="$l_stat_daily";
$select[3]="$l_stat_web";
$select[4]="$l_firewall";
$select[3]="$l_firewall";
$select[4]="$l_moniteur";
$fich[0]="manager/htdocs/user_stats.php";
$fich[1]="manager/htdocs/accounting.php";
$fich[2]="manager/htdocs/stats.php";
$fich[3]="awstats/";
$fich[4]="admin/firewallEyes/index.html";
$fich[3]="admin/firewallEyes/index.html";
$fich[4]="/nfsen";
$j=0;
while ($j != count($select))
{

/web/acc/manager/htdocs/ticket_user.php
1,5 → 1,4
<?php
require_once('/var/www/html/acc/manager/lib/alcasar/ticketspdf.class.php');
// ticket d'impression (thank's to Geoffroy MUSITELLI)
//--recupération des variables provenant du formulaire
$langue_imp=utf8_decode($_POST["langue_imp"]);
16,11 → 15,8
case 'fr':
$l_title_imp = "TICKET D'ACCÈS INTERNET";
$l_footer_imp = "Généré par ALCASAR";
//$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.).";
//$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter.";
$l_explain = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte
(mot de passe, certificat, etc.).
Entrer 'logout' dans votre navigateur pour vous déconnecter.";
$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.).";
$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter.";
$l_login_imp = "Utilisateur :";
$l_password_imp = "Mot de passe :";
$l_max_all_session_imp="Durée totale autorisée :";
30,16 → 26,12
$l_expiration_imp="Date d'expiration :";
$l_unlimited="Illimitée";
$l_without="Aucune";
$l_duplicate="Duplicata";
break;
case 'de':
$l_title_imp = "INTERNETZUGANG TICKET";
$l_footer_imp = "Präsentiert von ALCASAR";
//$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.).";
//$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen.";
$l_explain = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.).
Geben Sie 'logout' in Ihrem Browser zu trennen.
";
$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.).";
$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen.";
$l_login_imp = "Login :";
$l_password_imp = "Passwort :";
$l_max_all_session_imp="Maximale erlaubt Dauer :";
49,15 → 41,12
$l_expiration_imp="Verfallsdatum :";
$l_unlimited="Unbegrentz";
$l_without="Ohne";
$l_duplicate="Duplikat";
break;
case 'nl':
$l_title_imp = "ONTVANGST INTERNET";
$l_footer_imp = "Powered by ALCASAR";
//$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.).";
//$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken.";
$l_explain = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.).
Voer 'logout' in uw browser de verbinding te verbreken.";
$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.).";
$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken.";
$l_login_imp = "Gebruikers :";
$l_password_imp = "Wachtwoord :";
$l_max_all_session_imp="Totaal toegestane tijd :";
67,15 → 56,12
$l_expiration_imp="Vervaldatum :";
$l_unlimited="Onbeperkte";
$l_without="Ohne";
$l_duplicate="Duplicaat";
break;
case 'es':
$l_title_imp = "BONO INTERNET";
$l_footer_imp = "Desarrollado por ALCASAR";
//$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.).";
//$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar.";
$l_explain = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.).
Escribe 'logout' de su navegador para desconectar.";
$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.).";
$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar.";
$l_login_imp = "Usuario :";
$l_password_imp = "Contraseña :";
$l_max_all_session_imp="Tiempo total permitido :";
85,15 → 71,12
$l_expiration_imp="Fecha de caducidad :";
$l_unlimited="Ilimitado";
$l_without="Sin";
$l_duplicate="Duplicado";
break;
case 'it':
$l_title_imp = "RICEVIMENTO INTERNET";
$l_footer_imp = "Powered by ALCASAR";
//$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc).";
//$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi.";
$l_explain = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc).
Inserisci 'logout' nel tuo browser per disconnettersi.";
$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc).";
$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi.";
$l_login_imp = "Utenti :";
$l_password_imp = "Password :";
$l_max_all_session_imp="Tempo totale consentito:";
103,15 → 86,12
$l_expiration_imp="Data di scadenza :";
$l_unlimited="Illimitato";
$l_without="Senza";
$l_duplicate="Duplicato";
break;
case 'pt':
$l_title_imp = "BILHETE DE ACESSO À INTERNET";
$l_footer_imp = "Desenvolvido por ALCASAR";
//$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc).";
//$l_explain2_imp = "Digite 'logout' no seu navegador para desligar.";
$l_explain = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc).
Digite 'logout' no seu navegador para desligar.";
$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc).";
$l_explain2_imp = "Digite 'logout' no seu navegador para desligar.";
$l_login_imp = "Usuário :";
$l_password_imp = "Senha :";
$l_max_all_session_imp="Tempo máximo de toda conexão :";
121,15 → 101,12
$l_expiration_imp="Data de vencimento :";
$l_unlimited="Ilimitado";
$l_without="Sem";
$l_duplicate="Duplicado";
break;
default:
$l_title_imp = "INTERNET ACCESS TICKET";
$l_footer_imp = "Powered by ALCASAR";
//$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.).";
//$l_explain2_imp = "Enter 'logout' in your browser to disconnect.";
$l_explain = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.).
Enter 'logout' in your browser to disconnect.";
$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.).";
$l_explain2_imp = "Enter 'logout' in your browser to disconnect.";
$l_login_imp = "Login :";
$l_password_imp = "Password :";
$l_max_all_session_imp="Total time allowed :";
139,47 → 116,145
$l_expiration_imp="Expiration date :";
$l_unlimited="Unlimited";
$l_without="Without";
$l_duplicate="Duplicate";
break;
}
/* Si les valeurs de durée sont égal à '-' remplissage avec la valeur 'Illimitée'*/
if ($sto_imp=='-'){ $sto_imp=$l_unlimited;}
if ($mas_imp=='-'){ $mas_imp=$l_unlimited;}
if ($mds_imp=='-'){ $mds_imp=$l_unlimited;}
if ($mms_imp=='-'){ $mms_imp=$l_unlimited;}
//création de la classe PDF pour faire l'entête et pieds de page
// Ajout d'un ticket sur la fiche PDF
require('../lib/fpdf/fpdf.php');
class PDF extends FPDF
{
//Entête
function Header()
{
global $l_title_imp;
//Logo coordonnées x , y, largeur de l'image
$this->Image('../../../images/logo-alcasar.png',30,15,30);
$this->Image('../../../images/organisme.png',150,15,25);
//Police Arial gras 15
$this->SetFont('Arial','B',18);
//couleur de l'écriture en rouge
$this->SetTextColor(250,1,10);
//Titre largeur cellule x , hauteur y, texte, bordure 0 , Indique où déplace la prochaine position courante 0 droite, centré C
$this->Cell(190,10,utf8_decode($l_title_imp),0,0,'C');
//Saut de ligne
$this->Ln(25);
}
//Pied de page
function Footer()
{
global $l_footer_imp;
//Positionnement à 1,5 cm du bas
$this->SetY(-15);
//Police Arial italique 8
$this->SetFont('Arial','I',8);
$this->Cell(200,20,utf8_decode($l_footer_imp),0,0,'C');
}
//fonction rectangle
//Rectangle : x, y : coin supérieur gauche du rectangle.w, h : largeur et hauteur. r : rayon des coins arrondis.
//style : comme celui de Rect() : F, D (défaut), FD ou DF.
function RoundedRect($x, $y, $w, $h, $r, $style = '')
{
$k = $this->k;
$hp = $this->h;
if($style=='F')
$op='f';
elseif($style=='FD' or $style=='DF')
$op='B';
else
$op='S';
$MyArc = 4/3 * (sqrt(2) - 1);
$this->_out(sprintf('%.2F %.2F m',($x+$r)*$k,($hp-$y)*$k ));
$xc = $x+$w-$r ;
$yc = $y+$r;
$this->_out(sprintf('%.2F %.2F l', $xc*$k,($hp-$y)*$k ));
// Préparation de la fiche PDF
$pdf = new ticketsPDF(2,3);
$pdf->setTicketsTitle($l_title_imp);
$pdf->setTicketsFooter($l_footer_imp);
$pdf->newTickets();
$pdf->Ln(5);
$pdf->addInfos($l_login_imp, $log_imp);
$pdf->addInfos($l_password_imp, $passwd_imp);
$pdf->Ln(5);
$pdf->addInfos($l_max_all_session_imp, $mas_imp);
$pdf->addInfos($l_session_timeout_imp, $sto_imp);
$pdf->addInfos($l_max_daily_session_imp, $mds_imp);
$pdf->addInfos($l_expiration_imp, $exp_imp);
$pdf->Ln(10);
$pdf->addComment($l_explain);
$this->_Arc($xc + $r*$MyArc, $yc - $r, $xc + $r, $yc - $r*$MyArc, $xc + $r, $yc);
$xc = $x+$w-$r ;
$yc = $y+$h-$r;
$this->_out(sprintf('%.2F %.2F l',($x+$w)*$k,($hp-$yc)*$k));
$this->_Arc($xc + $r, $yc + $r*$MyArc, $xc + $r*$MyArc, $yc + $r, $xc, $yc + $r);
$xc = $x+$r ;
$yc = $y+$h-$r;
$this->_out(sprintf('%.2F %.2F l',$xc*$k,($hp-($y+$h))*$k));
$this->_Arc($xc - $r*$MyArc, $yc + $r, $xc - $r, $yc + $r*$MyArc, $xc - $r, $yc);
$xc = $x+$r ;
$yc = $y+$r;
$this->_out(sprintf('%.2F %.2F l',($x)*$k,($hp-$yc)*$k ));
$this->_Arc($xc - $r, $yc - $r*$MyArc, $xc - $r*$MyArc, $yc - $r, $xc, $yc - $r);
$this->_out($op);
}
//fonction arc de cercle
function _Arc($x1, $y1, $x2, $y2, $x3, $y3)
{
$h = $this->h;
$this->_out(sprintf('%.2F %.2F %.2F %.2F %.2F %.2F c ', $x1*$this->k, ($h-$y1)*$this->k,
$x2*$this->k, ($h-$y2)*$this->k, $x3*$this->k, ($h-$y3)*$this->k));
}
}
// Création du duplicata
$pdf->newTickets();
$pdf->Ln(5);
$pdf->addInfos($l_login_imp, $log_imp);
$pdf->addInfos($l_password_imp, $passwd_imp);
$pdf->Ln(5);
$pdf->addInfos($l_max_all_session_imp, $mas_imp);
$pdf->addInfos($l_session_timeout_imp, $sto_imp);
$pdf->addInfos($l_max_daily_session_imp, $mds_imp);
$pdf->addInfos($l_expiration_imp, $exp_imp);
$pdf->Ln(10);
$pdf->addComment($l_duplicate,'C');//à mettre en rouge
//création du constructeur pdf avec fpdf : portrait P sinon paysage L, unite mm, page A4
$pdf = new PDF('L','mm','A5');
$pdf->AliasNbPages();
//creation de la page
$pdf->Addpage();
//Couleur du texte en noir
$pdf->SetTextColor(0);
//création du cadre arrondi qui entoure le ticket d'impression
//x, y : coin supérieur gauche du rectangle.w, h : largeur et hauteur. r : rayon des coins arrondis.
//style : comme celui de Rect() : F, D (défaut), FD ou DF.
$pdf->RoundedRect(40, 32, 130, 80, 3.5, 'D');
//création utilisateur et mot de passe coordonnées x , y hauteur et largeur , texte
$pdf->Ln(5);
$pdf->SetFont('Arial','',12);
$pdf->cell(50);
$pdf->Cell(45,10,utf8_decode($l_login_imp),0,0,'R');
$pdf->SetFont('Arial','B',12);
$pdf->Cell(45,10,$log_imp,0,1,'L');
$pdf->cell(50);
$pdf->SetFont('Arial','',12);
$pdf->Cell(45,10,utf8_decode($l_password_imp),0,0,'R');
$pdf->SetFont('Arial','B',12);
$pdf->Cell(45,10,$passwd_imp,0,1,'L');
//saut de ligne
$pdf->Ln(7);
//création des attributs utilisateurs coordonnées x , y hauteur et largeur , texte
$pdf->cell(50);
$pdf->SetFont('Arial','',12);
$pdf->Cell(45,10,utf8_decode($l_max_all_session_imp),0,0,'R');
$pdf->SetFont('Arial','B',12);
if ($mas_imp == "Unlimited") $mas_imp=utf8_decode($l_unlimited);
$pdf->Cell(45,10,$mas_imp,0,1,'L');
$pdf->cell(50);
$pdf->SetFont('Arial','',12);
$pdf->Cell(45,10,utf8_decode($l_session_timeout_imp),0,0,'R');
$pdf->SetFont('Arial','B',12);
if ($sto_imp == "Unlimited") $sto_imp=utf8_decode($l_unlimited);
$pdf->Cell(45,10,$sto_imp,0,1,'L');
$pdf->cell(50);
$pdf->SetFont('Arial','',12);
$pdf->Cell(45,10,utf8_decode($l_max_daily_session_imp),0,0,'R');
$pdf->SetFont('Arial','B',12);
if ($mds_imp == "Unlimited") $mds_imp=utf8_decode($l_unlimited);
$pdf->Cell(45,10,$mds_imp,0,1,'L');
//$pdf->SetFont('Arial','',12);
//$pdf->cell(50);
//$pdf->Cell(45,10,$l_max_monthly_session_imp,0,0,'R');
//$pdf->SetFont('Arial','B',12);
//$pdf->Cell(45,10,$mms_imp,0,1,'L');
$pdf->cell(50);
$pdf->SetFont('Arial','',12);
$pdf->Cell(45,10,utf8_decode($l_expiration_imp),0,0,'R');
$pdf->SetFont('Arial','B',12);
if ($exp_imp == "Without") $exp_imp=utf8_decode($l_without);
$pdf->Cell(45,10,$exp_imp,0,1,'L');
$pdf->Ln(7);
$pdf->cell(30);
$pdf->SetFont('Arial','',8);
$pdf->Cell(0,5,utf8_decode($l_explain1_imp),0,1,'L');
$pdf->cell(30);
$pdf->SetFont('Arial','',8);
$pdf->Cell(0,5,utf8_decode($l_explain2_imp),0,1,'L');
// envoie du document au navigateur
$ticket_name="ticket_".$log_imp.".pdf";
$pdf->Output("ticket.pdf");

/web/acc/manager/htdocs/voucher_new.php
3,7 → 3,10
//gestion de la langue
if (is_file("../lib/langues.php"))
include("../lib/langues.php");
require('/etc/freeradius-web/config.php');
// for developpement purpose
// CONST ROOT = "C:/Serveurs/Alcasar-mageia/";
CONST ROOT = "/";
require(ROOT.'etc/freeradius-web/config.php');
if ($show == 1){
header("Location: user_admin.php?login=$login");
exit;
32,26 → 35,7
dp_cal = new Epoch('epoch_popup','popup',document.getElementById('popup_container'));
};
/*Fin calendrier*/
function createTickets(arg){
var nbtickets = prompt("Saisissez le nombre d'utilisateurs à créer", "");
// On test la pression sur le boutton "annuler"
if (nbtickets===null){
alert('nbtickets===null');
return false;
}
// On test la valeur saisie n'est pas un nombre
if (isNaN(nbtickets)===true){
return false;
}
// Conversion en entier de nbtickets
nbtickets = parseInt(nbtickets)
// Configuration et envoie du formulaire
arg.nbtickets.value = nbtickets
arg.action = "vouchers_new.php";
arg.submit();
return true;
}
</script>
</head>
<body>
113,13 → 97,13
$login = $saved_login;}
/* Si les valeurs de durée sont vide remplissage avec la valeur 'Illimitée'*/
/* et formatage des secondes sous le format Heure min ses*/
if ($sto_imp==''){ $sto_imp='-';}
if ($sto_imp==''){ $sto_imp=$v_illimit;}
else { $sto_imp=sec_imp($sto_imp);}
if ($mas_imp==''){ $mas_imp='-';}
if ($mas_imp==''){ $mas_imp=$v_illimit;}
else { $mas_imp=sec_imp($mas_imp);}
if ($mds_imp==''){ $mds_imp='-';}
if ($mds_imp==''){ $mds_imp=$v_illimit;}
else { $mds_imp=sec_imp($mds_imp);}
if ($mms_imp==''){ $mms_imp='-';}
if ($mms_imp==''){ $mms_imp=$v_illimit;}
else { $mms_imp=sec_imp($mms_imp);}
/*Formatage de la date afin d'être lisible dans toute les langues 'jj mm yyyy'*/
if ($Expiration!=''){ $Expiration=date("d - m - Y",strtotime($Expiration));}
372,13 → 356,8
else{
echo "<input type=submit class=button value=\"$l_create\" OnClick=\"return formControl('newuser');\">";
echo "<input type='hidden' name='nbtickets' value=''>";
echo "<br>Ou :<br>";
$l_create_multiple = "Créer plusieurs tickets";
echo "<input type=button class=button value=\"$l_create_multiple\" OnClick=\"return createTickets(this.form);\">";
$l_create_multiple_comment = "<br>Remarques : lors de la création plusieurs tickets sysmultanément :<br>
- l'identifiant et le mot de passe sont générés aléatoirement,<br>
- les champs \"Nom, prénom\" et \"Adresse de couriel\" ne sont pas pris en compte.<br> ";
echo "<br>$l_or :<br>";
echo "<input type=button class=button value=\"$l_create_multiple\" OnClick=\"return createTickets(this.form, '$l_createTicketsMSG');\">";
echo $l_create_multiple_comment;
}
?>

/web/acc/manager/htdocs/vouchers_new.php
1,6 → 1,8
<?php
CONST ROOT = '/';
require_once(ROOT.'/var/www/html/acc/manager/lib/alcasar/ticketspdf.class.php');
// for developpement purpose
// CONST ROOT = "C:/Serveurs/Alcasar-mageia/";
CONST ROOT = "/";
require_once(ROOT.'var/www/html/acc/manager/lib/alcasar/ticketspdf.class.php');
/*
TODO :
77,8 → 79,8
case 'fr':
$l_title_imp = "TICKET D'ACCÈS INTERNET";
$l_footer_imp = "Généré par ALCASAR";
//$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.).";
//$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter.";
//$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.).";
//$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter.";
$l_explain = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte
(mot de passe, certificat, etc.).
Entrer 'logout' dans votre navigateur pour vous déconnecter.";
95,8 → 97,8
case 'de':
$l_title_imp = "INTERNETZUGANG TICKET";
$l_footer_imp = "Präsentiert von ALCASAR";
//$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.).";
//$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen.";
//$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.).";
//$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen.";
$l_explain = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.).
Geben Sie 'logout' in Ihrem Browser zu trennen.
";
113,8 → 115,8
case 'nl':
$l_title_imp = "ONTVANGST INTERNET";
$l_footer_imp = "Powered by ALCASAR";
//$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.).";
//$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken.";
//$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.).";
//$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken.";
$l_explain = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.).
Voer 'logout' in uw browser de verbinding te verbreken.";
$l_login_imp = "Gebruikers :";
130,8 → 132,8
case 'es':
$l_title_imp = "BONO INTERNET";
$l_footer_imp = "Desarrollado por ALCASAR";
//$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.).";
//$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar.";
//$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.).";
//$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar.";
$l_explain = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.).
Escribe 'logout' de su navegador para desconectar.";
$l_login_imp = "Usuario :";
147,8 → 149,8
case 'it':
$l_title_imp = "RICEVIMENTO INTERNET";
$l_footer_imp = "Powered by ALCASAR";
//$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc).";
//$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi.";
//$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc).";
//$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi.";
$l_explain = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc).
Inserisci 'logout' nel tuo browser per disconnettersi.";
$l_login_imp = "Utenti :";
164,8 → 166,8
case 'pt':
$l_title_imp = "BILHETE DE ACESSO À INTERNET";
$l_footer_imp = "Desenvolvido por ALCASAR";
//$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc).";
//$l_explain2_imp = "Digite 'logout' no seu navegador para desligar.";
//$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc).";
//$l_explain2_imp = "Digite 'logout' no seu navegador para desligar.";
$l_explain = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc).
Digite 'logout' no seu navegador para desligar.";
$l_login_imp = "Usuário :";
181,8 → 183,8
default:
$l_title_imp = "INTERNET ACCESS TICKET";
$l_footer_imp = "Powered by ALCASAR";
//$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.).";
//$l_explain2_imp = "Enter 'logout' in your browser to disconnect.";
$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.).";
$l_explain2_imp = "Enter 'logout' in your browser to disconnect.";
$l_explain = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.).
Enter 'logout' in your browser to disconnect.";
$l_login_imp = "Login :";
256,8 → 258,8
// création des variables d'impression
$login_imp = $login;
$passwd1_imp = $passwd;
// encryption du mot de passe (pas besoins, déjà présent dans le fichier create_user.php)
//$passwd = da_encrypt($passwd);
// encryption du mot de passe
$passwd = da_encrypt($passwd);
// test si l'usager existe
if (is_file("../lib/$config[general_lib_type]/user_info.php"))

/web/acc/admin/services.php
7,8 → 7,8
$Language = strtolower(substr(chop($Langue[0]),0,2)); }
if($Language == 'fr'){
$l_services_title = "Configuration des services";
$l_main_services = "Services principaux";
$l_opt_services = "Services optionnels";
$l_main_services = "Services réseau principaux";
$l_opt_services = "Services réseau optionnels";
$l_service_title = "Nom du service";
$l_service_start = "Démarrer";
$l_service_stop = "Arrêter";
30,8 → 30,8
$l_ntpd = "Service de mise à l'heure réseau";
} else {
$l_services_title = "Services configuration";
$l_main_services = "Main services";
$l_opt_services = "Optional services";
$l_main_services = "Main network services";
$l_opt_services = "Optional network services";
$l_service_title = "Service name";
$l_service_start = "Start";
$l_service_stop = "Stop";

/web/acc/menu.php
38,9 → 38,9
$l_stat_user_day = "usager/jour";
$l_stat_con = "connexions";
$l_stat_daily ="usage journalier";
$l_stat_web ="traffic WEB";
$l_firewall ="parefeu";
$l_menu="Menu";
$l_moniteur="Moniteur Système";
}
else {
$Language = 'en';
64,9 → 64,9
$l_stat_user_day = "user/day";
$l_stat_con = "connections";
$l_stat_daily ="daily use";
$l_stat_web ="WEB traffic";
$l_firewall ="firewall";
$l_menu="Main";
$l_moniteur="System Monitor";
}
echo "
<TABLE width=\"100%\" border=0 cellspacing=0 cellpadding=0>
148,7 → 148,7
fclose($fp);
printf("%d", $nb);
?>
<br>depuis le 99/99/9999<br></center></td></tr>
<br>depuis le 20/01/2013<br></center></td></tr>
</TABLE>
</td></tr>
</TABLE>

/alcasar.sh
3,12 → 3,14
# alcasar.sh
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
# Ce programme est un logiciel libre ; This software is free and open source
# ALCASAR - Portail captif d'accès à l'Internet - Copyright (C) [2005] [ALcasar team - Rexy - 3abtux - ...]
# Ce programme est un logiciel libre ; vous pouvez le redistribuer et/ou le modifier au titre des clauses de la Licence Publique Générale GNU,
# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence.
# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ;
# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE.
# Voir la Licence Publique Générale GNU pour plus de détails.
# Vous devriez avoir reçu un exemplaire de la Licence Publique Générale GNU avec ce programme ;
# si ce n'est pas le cas, consultez : <http://www.gnu.org/licenses/>.
# team@alcasar.net
20,7 → 22,7
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
#
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes
# Options :
# -i or --install
39,7 → 41,7
# param_squid : Configuration du proxy squid en mode 'cache'
# param_dansguardian : Configuration de l'analyseur de contenu DansGuardian
# antivirus : Installation havp + libclamav
# param_awstats : Configuration de l'interface des statistiques de consultation WEB
# param_nfsen : Configuration du grapheur nfsen pour apache
# dnsmasq : Configuration du serveur de noms et du serveur dhcp de secours
# BL : Configuration de la BlackList
# cron : Mise en place des exports de logs (+ chiffrement)
70,7 → 72,7
DOMAIN="localdomain" # domaine local
EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI)
MTU="1500"
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'
ETHTOOL_OPTS="speed 100 duplex full"
INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # adresse d'ALCASAR (+masque) proposée par défaut sur le réseau de consultation
# ****** Paths - chemin des commandes *******
424,6 → 426,7
ACCOUNTING=no
USERCTL=no
MTU=$MTU
#ETHTOOL_OPTS=$ETHTOOL_OPTS
EOF
# Config eth1 (consultation LAN) in normal mode
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
436,7 → 439,6
IPV6TO4INIT=no
ACCOUNTING=no
USERCTL=no
ETHTOOL_OPTS=$ETHTOOL_OPTS
EOF
# Config of eth1 in bypass mode (see "alcasar-bypass.sh")
cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
497,7 → 499,8
# load conntrack ftp module
[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
echo "ip_conntrack_ftp" >> /etc/modprobe.preload
#
# load ipt_NETFLOW module
echo "ipt_NETFLOW" >> /etc/modprobe.preload
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
} # End of network ()
806,7 → 809,6
# insures that mysql is up before radius start
$SED "s?^# Should-Start.*?# Should-Start: \$network mysqld?" /etc/init.d/radiusd
$SED "s?^# Should-Stop.*?# Should-Start: \$network mysqld?" /etc/init.d/radiusd
} # End param_radius ()
##########################################################################
992,9 → 994,9
coaport 3799
include $DIR_DEST_ETC/alcasar-uamallowed
include $DIR_DEST_ETC/alcasar-uamdomain
#dhcpgateway
#dhcprelayagent
#dhcpgatewayport
#dhcpgateway\t
#dhcprelayagent\t
#dhcpgatewayport\t
EOF
# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0)
echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
1035,21 → 1037,9
$SED "s?^http_port.*?http_port 127.0.0.1:3128 transparent?g" /etc/squid/squid.conf
# Configuration du cache local
$SED "s?^#cache_dir.*?cache_dir ufs \/var\/spool\/squid 256 16 256?g" /etc/squid/squid.conf
# emplacement et formatage standard des logs
echo '#logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh' >> /etc/squid/squid.conf
echo '#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh' >> /etc/squid/squid.conf
echo "access_log /var/log/squid/access.log" >> /etc/squid/squid.conf
# compatibilité des logs avec awstats
echo "emulate_httpd_log on" >> /etc/squid/squid.conf
echo "half_closed_clients off" >> /etc/squid/squid.conf
echo "server_persistent_connections off" >> /etc/squid/squid.conf
echo "client_persistent_connections on" >> /etc/squid/squid.conf
echo "client_lifetime 1440 minutes" >> /etc/squid/squid.conf
echo "request_timeout 5 minutes" >> /etc/squid/squid.conf
echo "persistent_request_timeout 2 minutes" >> /etc/squid/squid.conf
echo "cache_mem 256 MB" >> /etc/squid/squid.conf
echo "maximum_object_size_in_memory 4096 KB" >> /etc/squid/squid.conf
echo "maximum_object_size 4096 KB" >> /etc/squid/squid.conf
# désactivation des "access log"
echo '#Disable access log' >> /etc/squid/squid.conf
echo "access_log none" >> /etc/squid/squid.conf
# anonymisation of squid version
echo "via off" >> /etc/squid/squid.conf
# remove the 'X_forwarded' http option
1191,62 → 1181,72
cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd
} # End of param_ulogd ()
##################################################################################
## Fonction param_awstats ##
## - configuration de l'interface des logs de consultation WEB (AWSTAT) ##
##################################################################################
param_awstats()
##########################################################
## Fonction param_nfsen ##
##########################################################
param_nfsen()
{
cp -rf /usr/share/awstats/www/ $DIR_ACC/awstats/
chown -R apache:apache $DIR_ACC/awstats
cp /etc/awstats/awstats.conf /etc/awstats/awstats.conf.default
$SED "s?^LogFile=.*?LogFile=\"/var/log/squid/access.log\"?g" /etc/awstats/awstats.conf
$SED "s?^LogFormat=.*?LogFormat=4?g" /etc/awstats/awstats.conf
$SED "s?^SiteDomain=.*?SiteDomain=\"$HOSTNAME\"?g" /etc/awstats/awstats.conf
$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf
$SED "s?^DNSLookup=.*?DNSLookup=0?g" /etc/awstats/awstats.conf
$SED "s?^DirData=.*?DirData=\"/var/lib/awstats\"?g" /etc/awstats/awstats.conf
$SED "s?^DirIcons=.*?DirIcons=\"/acc/awstats/icon\"?g" /etc/awstats/awstats.conf
$SED "s?^StyleSheet=.*?StyleSheet=\"/css/style.css\"?g" /etc/awstats/awstats.conf
$SED "s?^BuildReportFormat=.*?BuildReportFormat=xhtml?g" /etc/awstats/awstats.conf
$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf
$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowSummary=.*?ShowSummary=VPHB?g" /etc/awstats/awstats.conf
$SED "s?^ShowSummary=.*?ShowSummary=VPHB?g" /etc/awstats/awstats.conf
$SED "s?^ShowMonthStats=.*?ShowMonthStats=VPHB?g" /etc/awstats/awstats.conf
$SED "s?^ShowDaysOfMonthStats=.*?ShowDaysOfMonthStats=PHB?g" /etc/awstats/awstats.conf
$SED "s?^ShowDaysOfWeekStats=.*?ShowDaysOfWeekStats=PHB?g" /etc/awstats/awstats.conf
$SED "s?^ShowHoursStats=.*?ShowHoursStats=PHB?g" /etc/awstats/awstats.conf
$SED "s?^ShowDomainsStats=.*?ShowDomainsStats=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowHostsStats=.*?ShowHostsStats=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowAuthenticatedUsers=.*?ShowAuthenticatedUsers=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowRobotsStats=.*?ShowRobotsStats=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowFileTypesStats=.*?ShowFileTypesStats=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowFileSizesStats=.*?ShowFileSizesStats=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowOSStats=.*?ShowOSStats=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowScreenSizeStats=.*?ShowScreenSizeStats=0?g" /etc/awstats/awstats.conf
cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
<Directory $DIR_ACC/awstats>
SSLRequireSSL
Options ExecCGI
AddHandler cgi-script .pl
DirectoryIndex awstats.pl
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
require valid-user
AuthType digest
AuthName $HOSTNAME
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
AuthUserFile $DIR_DEST_ETC/digest/key_admin
ErrorDocument 404 https://$HOSTNAME/
#Decompression tarball
tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
#Création groupe et utilisteur
if grep "^www-data:" /etc/group > /dev/null; then
echo "Group already exists !"
else
groupadd www-data
echo "Group 'www-data' created !"
fi
if grep "^nfsen:" /etc/passwd > /dev/null; then
echo "User already exists !"
else
useradd -m nfsen
echo "User 'nfsen' created !"
fi
usermod -G www-data nfsen
#Ajout du plugin nfsen : PortTracker
mkdir -p /var/www/nfsen/plugins
chown -R nfsen:www-data /var/www/nfsen
#Ajout du plugin PortTracker
mkdir -p /var/log/netflow/porttracker
mkdir -p /usr/share/nfsen/plugins
chown -R apache:apache /usr/share/nfsen
cp -f ./conf/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
chown apache /var/log/netflow/porttracker
#Copie du fichier de conf modifié de nfsen
cp ./conf/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
#Copie du script d'initialisation de nfsen
cp ./conf/nfsen/nfsen-init /etc/init.d/nfsen
#Installation de nfsen via le scrip Perl
cd /tmp/nfsen-1.3.6p1/
/usr/bin/perl5 install.pl etc/nfsen.conf #script lancé deux fois pour corriger,
/usr/bin/perl5 install.pl etc/nfsen.conf #un problème Perl : "Semaphore introuvable"
#Création de la DB pour rrdtool
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
sudo -u apache nftrack -I -d /var/log/netflow/porttracker
chown -R apache:www-data /var/log/netflow/porttracker/
chmod -R 775 /var/log/netflow/porttracker
#Configuration du fichier de conf d'apache
if [ -f /etc/httpd/conf.d/nfsen.conf ];then
rm -f /etc/httpd/conf.d/nfsen.conf
fi
cat <<EOF >> /etc/httpd/conf.d/nfsen.conf
Alias /nfsen /var/www/nfsen
<Directory /var/www/nfsen/>
DirectoryIndex nfsen.php
Options -Indexes
AllowOverride all
order allow,deny
allow from all
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc on
php_flag track_vars on
</Directory>
SetEnv PERL5LIB /usr/share/awstats/lib:/usr/share/awstats/plugins
EOF
} # End of param_awstats ()
#Configuration du délais d'expiration des captures du profile "ALCASAR"
nfsen -m ALCASAR -e 365d
#Suppression des sources de nfsen
rm -rf /tmp/nfsen-1.3.6p1/
} # End of param_nfsen
##########################################################
## Fonction param_dnsmasq ##
1310,10 → 1310,8
# Optionnellement on pré-active les logs DNS des clients
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g" /etc/sysconfig/dnsmasq
# Optionnellement, exemple de paramètre supplémentaire pour le cache memoire
echo '#OPTIONS="$OPTIONS --cache-size=250"' >> /etc/sysconfig/dnsmasq
# Optionnellement, exemple de configuration avec un A.D.
echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.3"' >> /etc/sysconfig/dnsmasq
echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.2"' >> /etc/sysconfig/dnsmasq
} # End dnsmasq
##########################################################
1410,10 → 1408,6
# Archive des logs et de la base de données (tous les lundi à 5h35)
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
EOF
cat << EOF > /etc/cron.d/awstats
# mise à jour des stats de consultation WEB toutes les 30'
*/30 * * * * root $DIR_ACC/awstats/awstats.pl -config=localhost -update >/dev/null 2>&1
EOF
cat << EOF > /etc/cron.d/alcasar-clean_import
# suppression des fichiers de mots de passe lors d'imports massifs par fichier de plus de 24h
30 * * * * root $DIR_DEST_BIN/alcasar-import-clean.sh
1422,6 → 1416,10
# mise à jour automatique de la distribution tous les jours 3h30
30 3 * * * root /usr/sbin/urpmi --auto-update --auto 2>&1
EOF
cat << EOF > /etc/cron.d/alcasar-netflow
# mise à jour automatique du délais d'expiration des log Nertflow (tous les vendredi à 0h05)
05 0 * * 5 root /usr/bin/nfexpire -e /var/log/nfsen/profiles-data/ALCASAR/ipt_netflow/ -t 1y -w 90
EOF
# mise à jour des stats de connexion (accounting). Scripts provenant de "dialupadmin" (rpm freeradius-web) (cf. wiki.freeradius.org/Dialup_admin).
# on écrase le crontab d'origine installé par le RPM "freeradius-web" (bug remonté à qa.mandriva.com : 46739).
# 'tot_stats' (tout les jours à 01h01) : aggrégat des connexions journalières par usager (renseigne la table 'totacct')
1515,16 → 1513,31
# export des logs en 'retard' dans /var/Save/logs
/usr/local/bin/alcasar-log.sh --export
# processus lancés par défaut au démarrage
for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam
for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam nfsen
do
/sbin/chkconfig --add $i
done
cat << EOF > /etc/rc.local
/usr/local/sbin/alcasar-load_balancing.sh start &
sleep 3
service radiusd restart
EOF
# On rajoute une tempo pour relancer radius après le redémarrage de mysqld (bug en cours d'analyse)
# cat << EOF > /etc/rc.local
#!/bin/sh
#
### BEGIN INIT INFO
# Provides: rc.local
# X-Mandriva-Compat-Mode
# Default-Start: 2 3 4 5
# Short-Description: Local initialization script
# Description: This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
### END INIT INFO
#
#/etc/init.d/mysqld restart
#sleep 1
#/etc/init.d/radiusd restart
#touch /var/lock/subsys/local
#EOF
echo "/usr/local/sbin/alcasar-load_balancing.sh start &" >> /etc/rc.local
# On applique les préconisations ANSSI
# Apply French Security Agency rules
1578,7 → 1591,7
else
$SED "s?timeout_established.*?timeout_established = 3600?g" /etc/sysctl.conf
fi
# disable log_martians (ALCASAR is often installed between two private network addresses)
# suppression des log_martians (ALCASAR est souvent entre deux réseaux en adressage privée)
sysctl -w net.ipv4.conf.all.log_martians=0
# On supprime la gestion du <CTRL>+<ALT>+<SUPPR> et des Magic SysReq Keys
# ??? $SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver
1633,10 → 1646,6
chown -R root:apache $DIR_DEST_ETC/*
chmod -R 660 $DIR_DEST_ETC/*
chmod ug+x $DIR_DEST_ETC/digest
# Fix the Mageia bug in function "/etc/sysconfig/network-scripts/network-functions"
[ -e /sbin/ethtool ] || ln -s /usr/sbin/ethtool /sbin/ethtool
# Apply and save the firewall rules
sh $DIR_DEST_BIN/alcasar-iptables.sh
sleep 2
1743,6 → 1752,8
fi
# RPMs install
$DIR_SCRIPTS/alcasar-urpmi.sh
echo "Mise à jour des modules noyau installés"
depmod -a
if [ "$?" != "0" ]
then
exit 0
1792,10 → 1803,10
else
mode="install"
fi
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_awstats param_dnsmasq BL cron post_install
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron post_install
do
$func
# echo "*** 'debug' : end of function $func ***"; read a
#echo "*** 'debug' : end of function $func ***"; read a
done
;;
-u | --uninstall)