/VERSION |
---|
1,0 → 0,0 |
2.8a |
2.7.1 |
/conf/nfsen/nfsen-init |
---|
File deleted |
/conf/nfsen/PortTracker.pm |
---|
File deleted |
/conf/nfsen/nfsen.conf |
---|
File deleted |
/conf/nfsen/nfsen-1.3.6p1.tar.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/CHANGELOG |
---|
1,8 → 1,17 |
# $Id$ |
************ CHANGELOG *********** |
---------------------- 2.7.1 ----------------- |
BUGs |
- Fix multi-users voucher |
- Fix a mageia2 bug in network function |
NEWS |
- Add 2 examples of "uamalowed and uamdomain" files with several microsoft update domains |
- Show the blacklist category in "Acces denied" page |
- Watchdog : don't disconnect MAC auth equipments even if they can't be reached (arping) |
---------------------- 2.7 ----------------- |
BUGs - some corrections in the connection popup |
BUGs |
- some corrections in the connection popup |
- test if categories enabled of the BL are effectively in the BL (need after an update of the BL) |
NEWS |
- Installation with Mageia2 |
27,7 → 36,7 |
- show the GPL |
---------------------- 2.6.0.1 ----------------- |
Bugs |
- the deleted library fpdf has been restored |
- the deleted library fpdf has been restored |
- the mysqld and radiusd services are restarted when ALCASAR is launched |
---------------------- 2.6 -------------------- |
Bugs |
/scripts/sbin/alcasar-uninstall.sh |
---|
15,7 → 15,7 |
echo "-----------------------------------------------------------------------------" |
echo |
#services_stop |
for i in squid ntpd iptables ulogd dansguardian chilli httpd radiusd freshclam havp dnsmasq mysqld named dhcpd nfsen |
for i in squid ntpd iptables ulogd dansguardian chilli httpd radiusd freshclam havp dnsmasq mysqld named dhcpd |
do |
[ -e /etc/init.d/$i ] && /sbin/chkconfig --del $i && /etc/init.d/$i stop && killall $i 2>/dev/null |
done |
132,6 → 132,11 |
fi |
sleep 1 |
#awstats |
echo -en "\n- awstats(1) : " |
[ -e /etc/awstats/awstats.conf.default ] && mv /etc/awstats/awstats.conf.default /etc/awstats/awstats.conf && echo -n "1" |
sleep 1 |
#DnsMasq |
echo -en "\n- dnsmasq(4) : " |
if [ -e /etc/init.d/dnsmasq ] |
172,6 → 177,7 |
[ -e /etc/cron.d/alcasar-clean_log ] && rm -f /etc/cron.d/alcasar-clean_log && echo -n "5, " |
[ -e /etc/cron.d/alcasar-clean_import ] && rm -f /etc/cron.d/alcasar-clean_import && echo -n "6, " |
[ -e /etc/cron.d/alcasar-distrib-updates ] && rm -f /etc/cron.d/alcasar-distrib-updates && echo -n "7, " |
[ -e /etc/cron.d/awstats ] && rm -f /etc/cron.d/awstats && echo -n "8, " |
[ -e /etc/cron.d/freeradius-web ] && rm -f /etc/cron.d/freeradius-web && echo -n "9, " |
[ -e /etc/cron.d/alcasar-watchdog ] && rm -f /etc/cron.d/alcasar-watchdog && echo -n "10" |
rm -f /etc/cron.d/coova /etc/cron.d/alcasar-bl_download |
219,4 → 225,4 |
echo |
# suppression des exceptions de mises à jours ( coova-chilli et freeradius) |
sed -i '/coova.*/d' /etc/urpmi/skip.list |
sed -i '/coova.*/d' /etc/urpmi/skip.list |
/scripts/sbin/alcasar-dhcp.sh |
---|
67,7 → 67,7 |
$SED "s?^DHCP.*?DHCP=off?g" $ALCASAR_CONF_FILE |
if [ "$EXT_DHCP_IP" != "none" ] |
then |
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcprelayagent.*?dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
else |
84,7 → 84,7 |
$SED "s?^dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
$SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE |
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=none?g" $ALCASAR_CONF_FILE |
99,7 → 99,7 |
$SED "s?^dynip.*?dynip\t\t$PRIVATE_DYN_IP?g" $CHILLI_CONF_FILE |
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_DYN_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_DYN_FIRST_IP,$PRIVATE_DYN_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE |
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=none?g" $ALCASAR_CONF_FILE |
/scripts/alcasar-watchdog.sh |
---|
4,7 → 4,6 |
# alcasar-watchdog.sh |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet |
# il déconnecte les usagers dont |
# - les équipements réseau ne répondent plus |
12,7 → 11,7 |
# This script tells users that Internet access is down |
# it logs out users whose |
# - PCs are quiet |
# - MAC address are in used by other systems (usurped) |
# - MAC address is used by other systems (usurped) |
EXTIF="eth0" |
INTIF="eth1" |
19,7 → 18,8 |
conf_file="/usr/local/etc/alcasar.conf" |
private_ip_mask=`grep PRIVATE_IP= $conf_file|cut -d"=" -f2` |
private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1` # @ip du portail (côté LAN) |
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1} |
tmp_file="/tmp/watchdog.txt" |
DIR_WEB="/var/www/html" |
Index_Page="$DIR_WEB/index.php" |
27,7 → 27,7 |
IFS=$'\n' |
function lan_down_alert () |
# users are redirected on ALCASAR IP address if LAN Pb detected |
# users are redirected on ALCASAR IP address if a LAN problem is detected |
{ |
case $LAN_DOWN in |
"1") |
42,7 → 42,7 |
;; |
esac |
net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l` |
if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas). |
if [ $net_pb = "0" ] # user alert |
then |
/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page |
/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf |
123,7 → 123,7 |
done |
rm $tmp_file |
fi |
# on traite chaque équipements connus de chilli |
# process each equipment known by chilli |
for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"` |
do |
active_ip=`echo $system |cut -d" " -f2` |
130,16 → 130,20 |
active_session=`echo $system |cut -d" " -f5` |
active_mac=`echo $system | cut -d" " -f1` |
active_user=`echo $system |cut -d" " -f6` |
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes) |
# process only equipment with an authenticated user |
if [[ $(expr $active_session) -eq 1 ]] |
then |
then |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l` |
# on stocke les adresses IP des stations muettes |
# store @IP of quiet equipments |
if [[ $(expr $arp_reply) -eq 0 ]] |
then |
echo "$active_ip $active_mac $active_user" >> $tmp_file |
PTN='^[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]$' |
if [[ $(expr $active_user : $PTN) -eq 0 ]] # don't process @mac auth equipments |
then |
echo "$active_ip $active_mac $active_user" >> $tmp_file |
fi |
fi |
# on deconnecte l'usager d'une stations usurpée (@MAC) |
# disconnect users whose equipement is usurped (@MAC) |
if [[ $(expr $arp_reply) -gt 2 ]] |
then |
echo "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/logs/security/watchdog.log |
/scripts/alcasar-archive.sh |
---|
6,12 → 6,12 |
# This script is distributed under the Gnu General Public License (GPL) |
# Script permettant |
# - d'exporter les logs de traçabilités et la base des usagers à des fins d'archivages. |
# - d'exporter dans un seul fichier les logs de traçabilités et la base des usagers (à des fins d'archivages). |
# - Une fonction de chiffrement des logs a été implémentée dans ce script. Lisez la documentation d'exploitation pour l'activer. |
# - nettoyage des archives supérieures à 1 an (365 jours) |
# This script allows |
# - export log files and user's base in order to archive them. |
# - export in one file the log files and user's base (in order to archive them). |
# - a cypher fonction allows to protect these files. Read the exploit documentation to enable it. |
# - delete backup files older than one year (365 days) |
27,7 → 27,7 |
EXPIRE_DAY=365 # Nbre de jour avant suppression des fichiers journaux |
CRYPT="0" # chiffrement des logs ( 0=non / 1=oui --> Signature = 1(implicite)) |
SIGN="0" # Signature/empreinte des logs ( 0=non / 1=oui ) ATTENTION : nécessite la clé privée !!! |
GPG_USER="OSSI-CIRISI-Lyon" # utilisateur autorisé à déchiffrer les logs. Sa clé publique doit être connu dans le portefeuille gnupg de root (/root/.gnupg) |
GPG_USER="" # utilisateur autorisé à déchiffrer les logs. Sa clé publique doit être connu dans le portefeuille gnupg de root (/root/.gnupg) |
usage="Usage: alcasar-archive.sh {--clean or -c} | {--now or -n}" |
90,15 → 90,12 |
} |
fi |
rm -rf /tmp/archive-* |
chown apache:apache $TO_SAVE/ |
chown root:apache $DIR_ARCHIVE/* |
;; |
--update | -u) |
# Mise à niveau de l'architecture d'export/archivage |
[ -d /tmp/save ] || mkdir -p /tmp/save |
[ -d $DIR_ARCHIVE/ ] || mkdir -p $DIR_ARCHIVE/ # utile une seule fois mais crée le répertoire si nécessaire |
# copie de l'archive au cas où ... |
rm -f $(ls *[0-9]) # effacer les fichiers n'ayant pas été compressés |
mv $TO_SAVE/firewall/tracabilite-* $DIR_ARCHIVE/. |
;; |
*) |
echo "Unknown argument :$1"; |
/scripts/alcasar-iptables-bypass.sh |
---|
72,10 → 72,9 |
if [ $SSH = on ] |
then |
$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-LAN -- ACCEPT" |
$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -j ACCEPT |
$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ACCEPT |
$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW --syn -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-WAN -- ACCEPT" |
$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport ssh -m state --state ESTABLISHED -j ACCEPT |
$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW -j ACCEPT |
fi |
# Insertion de règles locales |
/scripts/alcasar-iptables.sh |
---|
45,9 → 45,6 |
TUNIF="tun0" # listen device for chilli daemon |
IPTABLES="/sbin/iptables" |
#lancement du module kernel ipt_NETFLOW (module iptables) |
modprobe ipt_NETFLOW destination=127.0.0.1:2055 |
# Effacement des règles existantes |
# Flush all existing rules |
$IPTABLES -F |
135,7 → 132,6 |
# On autorise les retours de connexions légitimes par INPUT |
# Conntrack on INPUT |
#$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j NETFLOW |
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
# On interdit les connexions directes au port utilisé par DansGuardian (8080). Les packets concernés ont été marqués dans la table mangle (PREROUTING) |
158,8 → 154,6 |
fi |
# Autorisation des connexions légitimes à DansGuardian |
# Allow connections for DansGuardian |
#Flux netflow des requêtes HTTP à destination de DansGuardian |
#$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8080 -j NETFLOW |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8080 -m state --state NEW --syn -j ACCEPT |
# On interdit les connexions directes au port UDP 54. Les packets concernés ont été marqués dans la table mangle (PREROUTING) |
255,6 → 249,7 |
#fi |
# Autorisation des retours de connexions légitimes |
# Allow conntrack |
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT |
# If protocols filter is activate |
266,7 → 261,6 |
while read ip_exception |
do |
$IPTABLES -A FORWARD -i $TUNIF -s $ip_exception -m state --state NEW -j ULOG --ulog-prefix "RULE IP-exception -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -s $ip_exception -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $ip_exception -m state --state NEW -j ACCEPT |
done < /usr/local/etc/alcasar-filter-exceptions |
fi |
278,7 → 272,6 |
do |
ip_allowed=`echo $ip_allowed_line|cut -d"\"" -f2` |
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ULOG --ulog-prefix "RULE IP-allowed -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ACCEPT |
done < /usr/local/etc/alcasar-uamallowed |
fi |
293,15 → 286,11 |
svc_port=`echo $svc_line|cut -d" " -f2` |
if [ $svc_name = "icmp" ] |
then |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp -j ACCEPT |
else |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j ULOG --ulog-prefix "RULE F_TCP-$svc_name -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j ACCEPT |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j ULOG --ulog-prefix "RULE F_UDP-$svc_name -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j ACCEPT |
fi |
fi |
322,19 → 311,18 |
# Autorisation des connections sortant du LAN |
# Allow forward connections with log |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j ULOG --ulog-prefix "RULE F_all -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j ACCEPT |
############################# |
# OUTPUT # |
############################# |
# SSHD rules if activate |
if [ $SSH = on ] |
then |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport ssh -m state --state ESTABLISHED -j ACCEPT |
fi |
# On laisse tout sortir sur toutes les cartes sauf celle qui est connectée sur l'extérieur |
# Everything is allowed but traffic through outside network interface |
# On autorise les retours de connexions légitimes par OUTPUT |
# Conntrack on OUTPUT |
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
# On laisse tout sortir sur INTIF |
# Everything is allowed only on INTIF |
$IPTABLES -A OUTPUT ! -o $EXTIF -j ACCEPT |
# On autorise les requêtes DNS vers les serveurs DNS identifiés |
343,7 → 331,6 |
# On autorise les requêtes HTTP sortantes |
# HTTP requests are allowed |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT |
# On autorise les requêtes FTP |
350,7 → 337,6 |
# FTP requests are allowed |
modprobe ip_conntrack_ftp |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT |
$IPTABLES -A OUTPUT -o $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT |
# On autorise les requêtes NTP |
# NTP requests are allowed |
370,7 → 356,6 |
# $IPTABLES -A INPUT -p udp -s $LDAP_IP -m multiports --sports ldap,ldaps -m state --state ESTABLISHED -j ACCEPT |
fi |
############################# |
# POSTROUTING # |
############################# |
/scripts/alcasar-conf.sh |
---|
386,6 → 386,8 |
$SED "s?^\$organisme = .*?\$organisme = \"$ORGANISME\";?g" /var/www/html/intercept.php /var/www/html/status.php |
# dhcp (coova + dnsmasq) |
$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode |
# awstat |
$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf |
# dnsmasq |
$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf |
for i in /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf |
/scripts/alcasar-urpmi.sh |
---|
12,7 → 12,8 |
VERSION="2" |
ARCH="i586" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="sudo freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb logwatch ntp bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy php-mbstring perl-rrdtool perl-MailTools perl-Socket6 php-sockets kernel-desktop-3.4.45-1.mga2-1-1.mga2" |
PACKAGES="sudo freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb logwatch ntp awstats bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy php-mbstring" |
rpm_repository_sync () |
{ |
cat <<EOF > /etc/urpmi/urpmi.cfg |
227,20 → 228,4 |
[ -e /tmp/chilli.conf ] && mv /tmp/chilli.conf /etc/ |
# Clean the RPM cache |
urpmi --clean |
#Keep only kernel-desktop-3.4.45-1.mga2-1-1.mga2 version, and remove all others |
kernelVersion=$(rpm -qa | grep "kernel-desktop") |
for i in $kernelVersion |
do |
if [ ! $i = "kernel-desktop-3.4.45-1.mga2-1-1.mga2" ];then |
urpme $i |
fi |
done |
#Fix the kernel version to : kernel-desktop-3.4.45-1.mga2-1-1.mga2 |
echo "/^kernel-desktop/" > /etc/urpmi/skip.list |
#update tht kernel modules list |
depmod -a |
exit 0 |
/readme.txt |
---|
1,6 → 1,6 |
$Id: readme-2.0.txt 581 2011-04-21 16:59:59Z richard $ |
Alcasar-2.7 |
Alcasar-2.7.1 |
*********** English ********** |
- New installation : Need the CD dual architecture (32b and 64b) of Linux Mageia2 (Mageia-2-dual-CD.iso). |
/web/acc/menu.php |
---|
38,9 → 38,9 |
$l_stat_user_day = "usager/jour"; |
$l_stat_con = "connexions"; |
$l_stat_daily ="usage journalier"; |
$l_stat_web ="traffic WEB"; |
$l_firewall ="parefeu"; |
$l_menu="Menu"; |
$l_moniteur="Moniteur Système"; |
} |
else { |
$Language = 'en'; |
64,9 → 64,9 |
$l_stat_user_day = "user/day"; |
$l_stat_con = "connections"; |
$l_stat_daily ="daily use"; |
$l_stat_web ="WEB traffic"; |
$l_firewall ="firewall"; |
$l_menu="Main"; |
$l_moniteur="System Monitor"; |
} |
echo " |
<TABLE width=\"100%\" border=0 cellspacing=0 cellpadding=0> |
148,7 → 148,7 |
fclose($fp); |
printf("%d", $nb); |
?> |
<br>depuis le 20/01/2013<br></center></td></tr> |
<br>depuis le 99/99/9999<br></center></td></tr> |
</TABLE> |
</td></tr> |
</TABLE> |
/web/acc/stat.php |
---|
3,13 → 3,13 |
$select[0]="$l_stat_user_day"; |
$select[1]="$l_stat_con"; |
$select[2]="$l_stat_daily"; |
$select[3]="$l_firewall"; |
$select[4]="$l_moniteur"; |
$select[3]="$l_stat_web"; |
$select[4]="$l_firewall"; |
$fich[0]="manager/htdocs/user_stats.php"; |
$fich[1]="manager/htdocs/accounting.php"; |
$fich[2]="manager/htdocs/stats.php"; |
$fich[3]="admin/firewallEyes/index.html"; |
$fich[4]="/nfsen"; |
$fich[3]="awstats/"; |
$fich[4]="admin/firewallEyes/index.html"; |
$j=0; |
while ($j != count($select)) |
{ |
/web/acc/about.htm |
---|
70,7 → 70,7 |
<TABLE width="100%" border="1" cellspacing="0" cellpadding="0"> |
<TR> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.linux.org")><img border="0" src="/images/footer_linux.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.mandriva.com")><img border="0" src="/images/footer_mandriva.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.mageia.org")><img border="0" src="/images/footer_mageia.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.coova.org/CoovaChilli")><img border="0" src="/images/footer_coova.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.freeradius.org")><img border="0" src="/images/footer_freeradius.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.mysql.com")><img border="0" src="/images/footer_mysql.png"></A></TD> |
/web/acc/manager/htdocs/ticket_user.php |
---|
1,4 → 1,5 |
<?php |
require_once('/var/www/html/acc/manager/lib/alcasar/ticketspdf.class.php'); |
// ticket d'impression (thank's to Geoffroy MUSITELLI) |
//--recupération des variables provenant du formulaire |
$langue_imp=utf8_decode($_POST["langue_imp"]); |
15,8 → 16,11 |
case 'fr': |
$l_title_imp = "TICKET D'ACCÈS INTERNET"; |
$l_footer_imp = "Généré par ALCASAR"; |
$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.)."; |
$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter."; |
//$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.)."; |
//$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter."; |
$l_explain = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte |
(mot de passe, certificat, etc.). |
Entrer 'logout' dans votre navigateur pour vous déconnecter."; |
$l_login_imp = "Utilisateur :"; |
$l_password_imp = "Mot de passe :"; |
$l_max_all_session_imp="Durée totale autorisée :"; |
26,12 → 30,16 |
$l_expiration_imp="Date d'expiration :"; |
$l_unlimited="Illimitée"; |
$l_without="Aucune"; |
$l_duplicate="Duplicata"; |
break; |
case 'de': |
$l_title_imp = "INTERNETZUGANG TICKET"; |
$l_footer_imp = "Präsentiert von ALCASAR"; |
$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.)."; |
$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen."; |
//$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.)."; |
//$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen."; |
$l_explain = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.). |
Geben Sie 'logout' in Ihrem Browser zu trennen. |
"; |
$l_login_imp = "Login :"; |
$l_password_imp = "Passwort :"; |
$l_max_all_session_imp="Maximale erlaubt Dauer :"; |
41,12 → 49,15 |
$l_expiration_imp="Verfallsdatum :"; |
$l_unlimited="Unbegrentz"; |
$l_without="Ohne"; |
$l_duplicate="Duplikat"; |
break; |
case 'nl': |
$l_title_imp = "ONTVANGST INTERNET"; |
$l_footer_imp = "Powered by ALCASAR"; |
$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.)."; |
$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken."; |
//$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.)."; |
//$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken."; |
$l_explain = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.). |
Voer 'logout' in uw browser de verbinding te verbreken."; |
$l_login_imp = "Gebruikers :"; |
$l_password_imp = "Wachtwoord :"; |
$l_max_all_session_imp="Totaal toegestane tijd :"; |
56,12 → 67,15 |
$l_expiration_imp="Vervaldatum :"; |
$l_unlimited="Onbeperkte"; |
$l_without="Ohne"; |
$l_duplicate="Duplicaat"; |
break; |
case 'es': |
$l_title_imp = "BONO INTERNET"; |
$l_footer_imp = "Desarrollado por ALCASAR"; |
$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.)."; |
$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar."; |
//$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.)."; |
//$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar."; |
$l_explain = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.). |
Escribe 'logout' de su navegador para desconectar."; |
$l_login_imp = "Usuario :"; |
$l_password_imp = "Contraseña :"; |
$l_max_all_session_imp="Tiempo total permitido :"; |
71,12 → 85,15 |
$l_expiration_imp="Fecha de caducidad :"; |
$l_unlimited="Ilimitado"; |
$l_without="Sin"; |
$l_duplicate="Duplicado"; |
break; |
case 'it': |
$l_title_imp = "RICEVIMENTO INTERNET"; |
$l_footer_imp = "Powered by ALCASAR"; |
$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc)."; |
$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi."; |
//$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc)."; |
//$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi."; |
$l_explain = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc). |
Inserisci 'logout' nel tuo browser per disconnettersi."; |
$l_login_imp = "Utenti :"; |
$l_password_imp = "Password :"; |
$l_max_all_session_imp="Tempo totale consentito:"; |
86,12 → 103,15 |
$l_expiration_imp="Data di scadenza :"; |
$l_unlimited="Illimitato"; |
$l_without="Senza"; |
$l_duplicate="Duplicato"; |
break; |
case 'pt': |
$l_title_imp = "BILHETE DE ACESSO À INTERNET"; |
$l_footer_imp = "Desenvolvido por ALCASAR"; |
$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc)."; |
$l_explain2_imp = "Digite 'logout' no seu navegador para desligar."; |
//$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc)."; |
//$l_explain2_imp = "Digite 'logout' no seu navegador para desligar."; |
$l_explain = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc). |
Digite 'logout' no seu navegador para desligar."; |
$l_login_imp = "Usuário :"; |
$l_password_imp = "Senha :"; |
$l_max_all_session_imp="Tempo máximo de toda conexão :"; |
101,12 → 121,15 |
$l_expiration_imp="Data de vencimento :"; |
$l_unlimited="Ilimitado"; |
$l_without="Sem"; |
$l_duplicate="Duplicado"; |
break; |
default: |
$l_title_imp = "INTERNET ACCESS TICKET"; |
$l_footer_imp = "Powered by ALCASAR"; |
$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.)."; |
$l_explain2_imp = "Enter 'logout' in your browser to disconnect."; |
//$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.)."; |
//$l_explain2_imp = "Enter 'logout' in your browser to disconnect."; |
$l_explain = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.). |
Enter 'logout' in your browser to disconnect."; |
$l_login_imp = "Login :"; |
$l_password_imp = "Password :"; |
$l_max_all_session_imp="Total time allowed :"; |
116,145 → 139,47 |
$l_expiration_imp="Expiration date :"; |
$l_unlimited="Unlimited"; |
$l_without="Without"; |
$l_duplicate="Duplicate"; |
break; |
} |
/* Si les valeurs de durée sont égal à '-' remplissage avec la valeur 'Illimitée'*/ |
if ($sto_imp=='-'){ $sto_imp=$l_unlimited;} |
if ($mas_imp=='-'){ $mas_imp=$l_unlimited;} |
if ($mds_imp=='-'){ $mds_imp=$l_unlimited;} |
if ($mms_imp=='-'){ $mms_imp=$l_unlimited;} |
//création de la classe PDF pour faire l'entête et pieds de page |
require('../lib/fpdf/fpdf.php'); |
class PDF extends FPDF |
{ |
//Entête |
function Header() |
{ |
global $l_title_imp; |
//Logo coordonnées x , y, largeur de l'image |
$this->Image('../../../images/logo-alcasar.png',30,15,30); |
$this->Image('../../../images/organisme.png',150,15,25); |
//Police Arial gras 15 |
$this->SetFont('Arial','B',18); |
//couleur de l'écriture en rouge |
$this->SetTextColor(250,1,10); |
//Titre largeur cellule x , hauteur y, texte, bordure 0 , Indique où déplace la prochaine position courante 0 droite, centré C |
$this->Cell(190,10,utf8_decode($l_title_imp),0,0,'C'); |
//Saut de ligne |
$this->Ln(25); |
} |
//Pied de page |
function Footer() |
{ |
global $l_footer_imp; |
//Positionnement à 1,5 cm du bas |
$this->SetY(-15); |
//Police Arial italique 8 |
$this->SetFont('Arial','I',8); |
$this->Cell(200,20,utf8_decode($l_footer_imp),0,0,'C'); |
} |
//fonction rectangle |
//Rectangle : x, y : coin supérieur gauche du rectangle.w, h : largeur et hauteur. r : rayon des coins arrondis. |
//style : comme celui de Rect() : F, D (défaut), FD ou DF. |
function RoundedRect($x, $y, $w, $h, $r, $style = '') |
{ |
$k = $this->k; |
$hp = $this->h; |
if($style=='F') |
$op='f'; |
elseif($style=='FD' or $style=='DF') |
$op='B'; |
else |
$op='S'; |
$MyArc = 4/3 * (sqrt(2) - 1); |
$this->_out(sprintf('%.2F %.2F m',($x+$r)*$k,($hp-$y)*$k )); |
$xc = $x+$w-$r ; |
$yc = $y+$r; |
$this->_out(sprintf('%.2F %.2F l', $xc*$k,($hp-$y)*$k )); |
// Ajout d'un ticket sur la fiche PDF |
$this->_Arc($xc + $r*$MyArc, $yc - $r, $xc + $r, $yc - $r*$MyArc, $xc + $r, $yc); |
$xc = $x+$w-$r ; |
$yc = $y+$h-$r; |
$this->_out(sprintf('%.2F %.2F l',($x+$w)*$k,($hp-$yc)*$k)); |
$this->_Arc($xc + $r, $yc + $r*$MyArc, $xc + $r*$MyArc, $yc + $r, $xc, $yc + $r); |
$xc = $x+$r ; |
$yc = $y+$h-$r; |
$this->_out(sprintf('%.2F %.2F l',$xc*$k,($hp-($y+$h))*$k)); |
$this->_Arc($xc - $r*$MyArc, $yc + $r, $xc - $r, $yc + $r*$MyArc, $xc - $r, $yc); |
$xc = $x+$r ; |
$yc = $y+$r; |
$this->_out(sprintf('%.2F %.2F l',($x)*$k,($hp-$yc)*$k )); |
$this->_Arc($xc - $r, $yc - $r*$MyArc, $xc - $r*$MyArc, $yc - $r, $xc, $yc - $r); |
$this->_out($op); |
} |
//fonction arc de cercle |
function _Arc($x1, $y1, $x2, $y2, $x3, $y3) |
{ |
$h = $this->h; |
$this->_out(sprintf('%.2F %.2F %.2F %.2F %.2F %.2F c ', $x1*$this->k, ($h-$y1)*$this->k, |
$x2*$this->k, ($h-$y2)*$this->k, $x3*$this->k, ($h-$y3)*$this->k)); |
} |
} |
// Préparation de la fiche PDF |
$pdf = new ticketsPDF(2,3); |
$pdf->setTicketsTitle($l_title_imp); |
$pdf->setTicketsFooter($l_footer_imp); |
$pdf->newTickets(); |
$pdf->Ln(5); |
$pdf->addInfos($l_login_imp, $log_imp); |
$pdf->addInfos($l_password_imp, $passwd_imp); |
$pdf->Ln(5); |
$pdf->addInfos($l_max_all_session_imp, $mas_imp); |
$pdf->addInfos($l_session_timeout_imp, $sto_imp); |
$pdf->addInfos($l_max_daily_session_imp, $mds_imp); |
$pdf->addInfos($l_expiration_imp, $exp_imp); |
$pdf->Ln(10); |
$pdf->addComment($l_explain); |
//création du constructeur pdf avec fpdf : portrait P sinon paysage L, unite mm, page A4 |
$pdf = new PDF('L','mm','A5'); |
$pdf->AliasNbPages(); |
//creation de la page |
$pdf->Addpage(); |
//Couleur du texte en noir |
$pdf->SetTextColor(0); |
// Création du duplicata |
$pdf->newTickets(); |
$pdf->Ln(5); |
$pdf->addInfos($l_login_imp, $log_imp); |
$pdf->addInfos($l_password_imp, $passwd_imp); |
$pdf->Ln(5); |
$pdf->addInfos($l_max_all_session_imp, $mas_imp); |
$pdf->addInfos($l_session_timeout_imp, $sto_imp); |
$pdf->addInfos($l_max_daily_session_imp, $mds_imp); |
$pdf->addInfos($l_expiration_imp, $exp_imp); |
$pdf->Ln(10); |
$pdf->addComment($l_duplicate,'C');//à mettre en rouge |
//création du cadre arrondi qui entoure le ticket d'impression |
//x, y : coin supérieur gauche du rectangle.w, h : largeur et hauteur. r : rayon des coins arrondis. |
//style : comme celui de Rect() : F, D (défaut), FD ou DF. |
$pdf->RoundedRect(40, 32, 130, 80, 3.5, 'D'); |
//création utilisateur et mot de passe coordonnées x , y hauteur et largeur , texte |
$pdf->Ln(5); |
$pdf->SetFont('Arial','',12); |
$pdf->cell(50); |
$pdf->Cell(45,10,utf8_decode($l_login_imp),0,0,'R'); |
$pdf->SetFont('Arial','B',12); |
$pdf->Cell(45,10,$log_imp,0,1,'L'); |
$pdf->cell(50); |
$pdf->SetFont('Arial','',12); |
$pdf->Cell(45,10,utf8_decode($l_password_imp),0,0,'R'); |
$pdf->SetFont('Arial','B',12); |
$pdf->Cell(45,10,$passwd_imp,0,1,'L'); |
//saut de ligne |
$pdf->Ln(7); |
//création des attributs utilisateurs coordonnées x , y hauteur et largeur , texte |
$pdf->cell(50); |
$pdf->SetFont('Arial','',12); |
$pdf->Cell(45,10,utf8_decode($l_max_all_session_imp),0,0,'R'); |
$pdf->SetFont('Arial','B',12); |
if ($mas_imp == "Unlimited") $mas_imp=utf8_decode($l_unlimited); |
$pdf->Cell(45,10,$mas_imp,0,1,'L'); |
$pdf->cell(50); |
$pdf->SetFont('Arial','',12); |
$pdf->Cell(45,10,utf8_decode($l_session_timeout_imp),0,0,'R'); |
$pdf->SetFont('Arial','B',12); |
if ($sto_imp == "Unlimited") $sto_imp=utf8_decode($l_unlimited); |
$pdf->Cell(45,10,$sto_imp,0,1,'L'); |
$pdf->cell(50); |
$pdf->SetFont('Arial','',12); |
$pdf->Cell(45,10,utf8_decode($l_max_daily_session_imp),0,0,'R'); |
$pdf->SetFont('Arial','B',12); |
if ($mds_imp == "Unlimited") $mds_imp=utf8_decode($l_unlimited); |
$pdf->Cell(45,10,$mds_imp,0,1,'L'); |
//$pdf->SetFont('Arial','',12); |
//$pdf->cell(50); |
//$pdf->Cell(45,10,$l_max_monthly_session_imp,0,0,'R'); |
//$pdf->SetFont('Arial','B',12); |
//$pdf->Cell(45,10,$mms_imp,0,1,'L'); |
$pdf->cell(50); |
$pdf->SetFont('Arial','',12); |
$pdf->Cell(45,10,utf8_decode($l_expiration_imp),0,0,'R'); |
$pdf->SetFont('Arial','B',12); |
if ($exp_imp == "Without") $exp_imp=utf8_decode($l_without); |
$pdf->Cell(45,10,$exp_imp,0,1,'L'); |
$pdf->Ln(7); |
$pdf->cell(30); |
$pdf->SetFont('Arial','',8); |
$pdf->Cell(0,5,utf8_decode($l_explain1_imp),0,1,'L'); |
$pdf->cell(30); |
$pdf->SetFont('Arial','',8); |
$pdf->Cell(0,5,utf8_decode($l_explain2_imp),0,1,'L'); |
// envoie du document au navigateur |
$ticket_name="ticket_".$log_imp.".pdf"; |
$pdf->Output("ticket.pdf"); |
/web/acc/manager/htdocs/voucher_new.php |
---|
3,10 → 3,7 |
//gestion de la langue |
if (is_file("../lib/langues.php")) |
include("../lib/langues.php"); |
// for developpement purpose |
// CONST ROOT = "C:/Serveurs/Alcasar-mageia/"; |
CONST ROOT = "/"; |
require(ROOT.'etc/freeradius-web/config.php'); |
require('/etc/freeradius-web/config.php'); |
if ($show == 1){ |
header("Location: user_admin.php?login=$login"); |
exit; |
35,7 → 32,26 |
dp_cal = new Epoch('epoch_popup','popup',document.getElementById('popup_container')); |
}; |
/*Fin calendrier*/ |
function createTickets(arg){ |
var nbtickets = prompt("Saisissez le nombre d'utilisateurs à créer", ""); |
// On test la pression sur le boutton "annuler" |
if (nbtickets===null){ |
alert('nbtickets===null'); |
return false; |
} |
// On test la valeur saisie n'est pas un nombre |
if (isNaN(nbtickets)===true){ |
return false; |
} |
// Conversion en entier de nbtickets |
nbtickets = parseInt(nbtickets) |
// Configuration et envoie du formulaire |
arg.nbtickets.value = nbtickets |
arg.action = "vouchers_new.php"; |
arg.submit(); |
return true; |
} |
</script> |
</head> |
<body> |
97,13 → 113,13 |
$login = $saved_login;} |
/* Si les valeurs de durée sont vide remplissage avec la valeur 'Illimitée'*/ |
/* et formatage des secondes sous le format Heure min ses*/ |
if ($sto_imp==''){ $sto_imp=$v_illimit;} |
if ($sto_imp==''){ $sto_imp='-';} |
else { $sto_imp=sec_imp($sto_imp);} |
if ($mas_imp==''){ $mas_imp=$v_illimit;} |
if ($mas_imp==''){ $mas_imp='-';} |
else { $mas_imp=sec_imp($mas_imp);} |
if ($mds_imp==''){ $mds_imp=$v_illimit;} |
if ($mds_imp==''){ $mds_imp='-';} |
else { $mds_imp=sec_imp($mds_imp);} |
if ($mms_imp==''){ $mms_imp=$v_illimit;} |
if ($mms_imp==''){ $mms_imp='-';} |
else { $mms_imp=sec_imp($mms_imp);} |
/*Formatage de la date afin d'être lisible dans toute les langues 'jj mm yyyy'*/ |
if ($Expiration!=''){ $Expiration=date("d - m - Y",strtotime($Expiration));} |
356,8 → 372,13 |
else{ |
echo "<input type=submit class=button value=\"$l_create\" OnClick=\"return formControl('newuser');\">"; |
echo "<input type='hidden' name='nbtickets' value=''>"; |
echo "<br>$l_or :<br>"; |
echo "<input type=button class=button value=\"$l_create_multiple\" OnClick=\"return createTickets(this.form, '$l_createTicketsMSG');\">"; |
echo "<br>Ou :<br>"; |
$l_create_multiple = "Créer plusieurs tickets"; |
echo "<input type=button class=button value=\"$l_create_multiple\" OnClick=\"return createTickets(this.form);\">"; |
$l_create_multiple_comment = "<br>Remarques : lors de la création plusieurs tickets sysmultanément :<br> |
- l'identifiant et le mot de passe sont générés aléatoirement,<br> |
- les champs \"Nom, prénom\" et \"Adresse de couriel\" ne sont pas pris en compte.<br> "; |
echo $l_create_multiple_comment; |
} |
?> |
/web/acc/manager/htdocs/vouchers_new.php |
---|
1,8 → 1,6 |
<?php |
// for developpement purpose |
// CONST ROOT = "C:/Serveurs/Alcasar-mageia/"; |
CONST ROOT = "/"; |
require_once(ROOT.'var/www/html/acc/manager/lib/alcasar/ticketspdf.class.php'); |
CONST ROOT = '/'; |
require_once(ROOT.'/var/www/html/acc/manager/lib/alcasar/ticketspdf.class.php'); |
/* |
TODO : |
79,8 → 77,8 |
case 'fr': |
$l_title_imp = "TICKET D'ACCÈS INTERNET"; |
$l_footer_imp = "Généré par ALCASAR"; |
//$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.)."; |
//$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter."; |
//$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.)."; |
//$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter."; |
$l_explain = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte |
(mot de passe, certificat, etc.). |
Entrer 'logout' dans votre navigateur pour vous déconnecter."; |
97,8 → 95,8 |
case 'de': |
$l_title_imp = "INTERNETZUGANG TICKET"; |
$l_footer_imp = "Präsentiert von ALCASAR"; |
//$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.)."; |
//$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen."; |
//$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.)."; |
//$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen."; |
$l_explain = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.). |
Geben Sie 'logout' in Ihrem Browser zu trennen. |
"; |
115,8 → 113,8 |
case 'nl': |
$l_title_imp = "ONTVANGST INTERNET"; |
$l_footer_imp = "Powered by ALCASAR"; |
//$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.)."; |
//$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken."; |
//$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.)."; |
//$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken."; |
$l_explain = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.). |
Voer 'logout' in uw browser de verbinding te verbreken."; |
$l_login_imp = "Gebruikers :"; |
132,8 → 130,8 |
case 'es': |
$l_title_imp = "BONO INTERNET"; |
$l_footer_imp = "Desarrollado por ALCASAR"; |
//$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.)."; |
//$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar."; |
//$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.)."; |
//$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar."; |
$l_explain = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.). |
Escribe 'logout' de su navegador para desconectar."; |
$l_login_imp = "Usuario :"; |
149,8 → 147,8 |
case 'it': |
$l_title_imp = "RICEVIMENTO INTERNET"; |
$l_footer_imp = "Powered by ALCASAR"; |
//$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc)."; |
//$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi."; |
//$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc)."; |
//$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi."; |
$l_explain = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc). |
Inserisci 'logout' nel tuo browser per disconnettersi."; |
$l_login_imp = "Utenti :"; |
166,8 → 164,8 |
case 'pt': |
$l_title_imp = "BILHETE DE ACESSO À INTERNET"; |
$l_footer_imp = "Desenvolvido por ALCASAR"; |
//$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc)."; |
//$l_explain2_imp = "Digite 'logout' no seu navegador para desligar."; |
//$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc)."; |
//$l_explain2_imp = "Digite 'logout' no seu navegador para desligar."; |
$l_explain = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc). |
Digite 'logout' no seu navegador para desligar."; |
$l_login_imp = "Usuário :"; |
183,8 → 181,8 |
default: |
$l_title_imp = "INTERNET ACCESS TICKET"; |
$l_footer_imp = "Powered by ALCASAR"; |
$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.)."; |
$l_explain2_imp = "Enter 'logout' in your browser to disconnect."; |
//$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.)."; |
//$l_explain2_imp = "Enter 'logout' in your browser to disconnect."; |
$l_explain = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.). |
Enter 'logout' in your browser to disconnect."; |
$l_login_imp = "Login :"; |
258,8 → 256,8 |
// création des variables d'impression |
$login_imp = $login; |
$passwd1_imp = $passwd; |
// encryption du mot de passe |
$passwd = da_encrypt($passwd); |
// encryption du mot de passe (pas besoins, déjà présent dans le fichier create_user.php) |
//$passwd = da_encrypt($passwd); |
// test si l'usager existe |
if (is_file("../lib/$config[general_lib_type]/user_info.php")) |
/web/acc/admin/services.php |
---|
7,8 → 7,8 |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'fr'){ |
$l_services_title = "Configuration des services"; |
$l_main_services = "Services réseau principaux"; |
$l_opt_services = "Services réseau optionnels"; |
$l_main_services = "Services principaux"; |
$l_opt_services = "Services optionnels"; |
$l_service_title = "Nom du service"; |
$l_service_start = "Démarrer"; |
$l_service_stop = "Arrêter"; |
30,8 → 30,8 |
$l_ntpd = "Service de mise à l'heure réseau"; |
} else { |
$l_services_title = "Services configuration"; |
$l_main_services = "Main network services"; |
$l_opt_services = "Optional network services"; |
$l_main_services = "Main services"; |
$l_opt_services = "Optional services"; |
$l_service_title = "Service name"; |
$l_service_start = "Start"; |
$l_service_stop = "Stop"; |
/alcasar.sh |
---|
3,14 → 3,12 |
# alcasar.sh |
# ALCASAR - Portail captif d'accès à l'Internet - Copyright (C) [2005] [ALcasar team - Rexy - 3abtux - ...] |
# Ce programme est un logiciel libre ; vous pouvez le redistribuer et/ou le modifier au titre des clauses de la Licence Publique Générale GNU, |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] |
# Ce programme est un logiciel libre ; This software is free and open source |
# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence. |
# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ; |
# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE. |
# Voir la Licence Publique Générale GNU pour plus de détails. |
# Vous devriez avoir reçu un exemplaire de la Licence Publique Générale GNU avec ce programme ; |
# si ce n'est pas le cas, consultez : <http://www.gnu.org/licenses/>. |
# team@alcasar.net |
22,7 → 20,7 |
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal) |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares : |
# |
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes |
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes |
# Options : |
# -i or --install |
41,7 → 39,7 |
# param_squid : Configuration du proxy squid en mode 'cache' |
# param_dansguardian : Configuration de l'analyseur de contenu DansGuardian |
# antivirus : Installation havp + libclamav |
# param_nfsen : Configuration du grapheur nfsen pour apache |
# param_awstats : Configuration de l'interface des statistiques de consultation WEB |
# dnsmasq : Configuration du serveur de noms et du serveur dhcp de secours |
# BL : Configuration de la BlackList |
# cron : Mise en place des exports de logs (+ chiffrement) |
72,7 → 70,7 |
DOMAIN="localdomain" # domaine local |
EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI) |
MTU="1500" |
ETHTOOL_OPTS="speed 100 duplex full" |
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"' |
INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation |
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # adresse d'ALCASAR (+masque) proposée par défaut sur le réseau de consultation |
# ****** Paths - chemin des commandes ******* |
426,7 → 424,6 |
ACCOUNTING=no |
USERCTL=no |
MTU=$MTU |
#ETHTOOL_OPTS=$ETHTOOL_OPTS |
EOF |
# Config eth1 (consultation LAN) in normal mode |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF |
439,6 → 436,7 |
IPV6TO4INIT=no |
ACCOUNTING=no |
USERCTL=no |
ETHTOOL_OPTS=$ETHTOOL_OPTS |
EOF |
# Config of eth1 in bypass mode (see "alcasar-bypass.sh") |
cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF |
499,8 → 497,7 |
# load conntrack ftp module |
[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default |
echo "ip_conntrack_ftp" >> /etc/modprobe.preload |
# load ipt_NETFLOW module |
echo "ipt_NETFLOW" >> /etc/modprobe.preload |
# |
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh |
} # End of network () |
809,6 → 806,7 |
# insures that mysql is up before radius start |
$SED "s?^# Should-Start.*?# Should-Start: \$network mysqld?" /etc/init.d/radiusd |
$SED "s?^# Should-Stop.*?# Should-Start: \$network mysqld?" /etc/init.d/radiusd |
} # End param_radius () |
########################################################################## |
994,9 → 992,9 |
coaport 3799 |
include $DIR_DEST_ETC/alcasar-uamallowed |
include $DIR_DEST_ETC/alcasar-uamdomain |
#dhcpgateway\t |
#dhcprelayagent\t |
#dhcpgatewayport\t |
#dhcpgateway |
#dhcprelayagent |
#dhcpgatewayport |
EOF |
# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0) |
echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers |
1037,9 → 1035,21 |
$SED "s?^http_port.*?http_port 127.0.0.1:3128 transparent?g" /etc/squid/squid.conf |
# Configuration du cache local |
$SED "s?^#cache_dir.*?cache_dir ufs \/var\/spool\/squid 256 16 256?g" /etc/squid/squid.conf |
# désactivation des "access log" |
echo '#Disable access log' >> /etc/squid/squid.conf |
echo "access_log none" >> /etc/squid/squid.conf |
# emplacement et formatage standard des logs |
echo '#logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh' >> /etc/squid/squid.conf |
echo '#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh' >> /etc/squid/squid.conf |
echo "access_log /var/log/squid/access.log" >> /etc/squid/squid.conf |
# compatibilité des logs avec awstats |
echo "emulate_httpd_log on" >> /etc/squid/squid.conf |
echo "half_closed_clients off" >> /etc/squid/squid.conf |
echo "server_persistent_connections off" >> /etc/squid/squid.conf |
echo "client_persistent_connections on" >> /etc/squid/squid.conf |
echo "client_lifetime 1440 minutes" >> /etc/squid/squid.conf |
echo "request_timeout 5 minutes" >> /etc/squid/squid.conf |
echo "persistent_request_timeout 2 minutes" >> /etc/squid/squid.conf |
echo "cache_mem 256 MB" >> /etc/squid/squid.conf |
echo "maximum_object_size_in_memory 4096 KB" >> /etc/squid/squid.conf |
echo "maximum_object_size 4096 KB" >> /etc/squid/squid.conf |
# anonymisation of squid version |
echo "via off" >> /etc/squid/squid.conf |
# remove the 'X_forwarded' http option |
1181,72 → 1191,62 |
cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd |
} # End of param_ulogd () |
########################################################## |
## Fonction param_nfsen ## |
########################################################## |
param_nfsen() |
################################################################################## |
## Fonction param_awstats ## |
## - configuration de l'interface des logs de consultation WEB (AWSTAT) ## |
################################################################################## |
param_awstats() |
{ |
#Decompression tarball |
tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/ |
#Création groupe et utilisteur |
if grep "^www-data:" /etc/group > /dev/null; then |
echo "Group already exists !" |
else |
groupadd www-data |
echo "Group 'www-data' created !" |
fi |
if grep "^nfsen:" /etc/passwd > /dev/null; then |
echo "User already exists !" |
else |
useradd -m nfsen |
echo "User 'nfsen' created !" |
fi |
usermod -G www-data nfsen |
#Ajout du plugin nfsen : PortTracker |
mkdir -p /var/www/nfsen/plugins |
chown -R nfsen:www-data /var/www/nfsen |
#Ajout du plugin PortTracker |
mkdir -p /var/log/netflow/porttracker |
mkdir -p /usr/share/nfsen/plugins |
chown -R apache:apache /usr/share/nfsen |
cp -f ./conf/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/ |
chown apache /var/log/netflow/porttracker |
#Copie du fichier de conf modifié de nfsen |
cp ./conf/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/ |
#Copie du script d'initialisation de nfsen |
cp ./conf/nfsen/nfsen-init /etc/init.d/nfsen |
#Installation de nfsen via le scrip Perl |
cd /tmp/nfsen-1.3.6p1/ |
/usr/bin/perl5 install.pl etc/nfsen.conf #script lancé deux fois pour corriger, |
/usr/bin/perl5 install.pl etc/nfsen.conf #un problème Perl : "Semaphore introuvable" |
#Création de la DB pour rrdtool |
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/ |
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/ |
sudo -u apache nftrack -I -d /var/log/netflow/porttracker |
chown -R apache:www-data /var/log/netflow/porttracker/ |
chmod -R 775 /var/log/netflow/porttracker |
#Configuration du fichier de conf d'apache |
if [ -f /etc/httpd/conf.d/nfsen.conf ];then |
rm -f /etc/httpd/conf.d/nfsen.conf |
fi |
cat <<EOF >> /etc/httpd/conf.d/nfsen.conf |
Alias /nfsen /var/www/nfsen |
<Directory /var/www/nfsen/> |
DirectoryIndex nfsen.php |
Options -Indexes |
AllowOverride all |
order allow,deny |
allow from all |
AddType application/x-httpd-php .php |
php_flag magic_quotes_gpc on |
php_flag track_vars on |
cp -rf /usr/share/awstats/www/ $DIR_ACC/awstats/ |
chown -R apache:apache $DIR_ACC/awstats |
cp /etc/awstats/awstats.conf /etc/awstats/awstats.conf.default |
$SED "s?^LogFile=.*?LogFile=\"/var/log/squid/access.log\"?g" /etc/awstats/awstats.conf |
$SED "s?^LogFormat=.*?LogFormat=4?g" /etc/awstats/awstats.conf |
$SED "s?^SiteDomain=.*?SiteDomain=\"$HOSTNAME\"?g" /etc/awstats/awstats.conf |
$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf |
$SED "s?^DNSLookup=.*?DNSLookup=0?g" /etc/awstats/awstats.conf |
$SED "s?^DirData=.*?DirData=\"/var/lib/awstats\"?g" /etc/awstats/awstats.conf |
$SED "s?^DirIcons=.*?DirIcons=\"/acc/awstats/icon\"?g" /etc/awstats/awstats.conf |
$SED "s?^StyleSheet=.*?StyleSheet=\"/css/style.css\"?g" /etc/awstats/awstats.conf |
$SED "s?^BuildReportFormat=.*?BuildReportFormat=xhtml?g" /etc/awstats/awstats.conf |
$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf |
$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowSummary=.*?ShowSummary=VPHB?g" /etc/awstats/awstats.conf |
$SED "s?^ShowSummary=.*?ShowSummary=VPHB?g" /etc/awstats/awstats.conf |
$SED "s?^ShowMonthStats=.*?ShowMonthStats=VPHB?g" /etc/awstats/awstats.conf |
$SED "s?^ShowDaysOfMonthStats=.*?ShowDaysOfMonthStats=PHB?g" /etc/awstats/awstats.conf |
$SED "s?^ShowDaysOfWeekStats=.*?ShowDaysOfWeekStats=PHB?g" /etc/awstats/awstats.conf |
$SED "s?^ShowHoursStats=.*?ShowHoursStats=PHB?g" /etc/awstats/awstats.conf |
$SED "s?^ShowDomainsStats=.*?ShowDomainsStats=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowHostsStats=.*?ShowHostsStats=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowAuthenticatedUsers=.*?ShowAuthenticatedUsers=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowRobotsStats=.*?ShowRobotsStats=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowFileTypesStats=.*?ShowFileTypesStats=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowFileSizesStats=.*?ShowFileSizesStats=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowOSStats=.*?ShowOSStats=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowScreenSizeStats=.*?ShowScreenSizeStats=0?g" /etc/awstats/awstats.conf |
cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf |
<Directory $DIR_ACC/awstats> |
SSLRequireSSL |
Options ExecCGI |
AddHandler cgi-script .pl |
DirectoryIndex awstats.pl |
Order deny,allow |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_DEST_ETC/digest/key_admin |
ErrorDocument 404 https://$HOSTNAME/ |
</Directory> |
SetEnv PERL5LIB /usr/share/awstats/lib:/usr/share/awstats/plugins |
EOF |
#Configuration du délais d'expiration des captures du profile "ALCASAR" |
nfsen -m ALCASAR -e 365d |
#Suppression des sources de nfsen |
rm -rf /tmp/nfsen-1.3.6p1/ |
} # End of param_nfsen |
} # End of param_awstats () |
########################################################## |
## Fonction param_dnsmasq ## |
1310,8 → 1310,10 |
# Optionnellement on pré-active les logs DNS des clients |
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default |
$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g" /etc/sysconfig/dnsmasq |
# Optionnellement, exemple de paramètre supplémentaire pour le cache memoire |
echo '#OPTIONS="$OPTIONS --cache-size=250"' >> /etc/sysconfig/dnsmasq |
# Optionnellement, exemple de configuration avec un A.D. |
echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.2"' >> /etc/sysconfig/dnsmasq |
echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.3"' >> /etc/sysconfig/dnsmasq |
} # End dnsmasq |
########################################################## |
1408,6 → 1410,10 |
# Archive des logs et de la base de données (tous les lundi à 5h35) |
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now |
EOF |
cat << EOF > /etc/cron.d/awstats |
# mise à jour des stats de consultation WEB toutes les 30' |
*/30 * * * * root $DIR_ACC/awstats/awstats.pl -config=localhost -update >/dev/null 2>&1 |
EOF |
cat << EOF > /etc/cron.d/alcasar-clean_import |
# suppression des fichiers de mots de passe lors d'imports massifs par fichier de plus de 24h |
30 * * * * root $DIR_DEST_BIN/alcasar-import-clean.sh |
1416,10 → 1422,6 |
# mise à jour automatique de la distribution tous les jours 3h30 |
30 3 * * * root /usr/sbin/urpmi --auto-update --auto 2>&1 |
EOF |
cat << EOF > /etc/cron.d/alcasar-netflow |
# mise à jour automatique du délais d'expiration des log Nertflow (tous les vendredi à 0h05) |
05 0 * * 5 root /usr/bin/nfexpire -e /var/log/nfsen/profiles-data/ALCASAR/ipt_netflow/ -t 1y -w 90 |
EOF |
# mise à jour des stats de connexion (accounting). Scripts provenant de "dialupadmin" (rpm freeradius-web) (cf. wiki.freeradius.org/Dialup_admin). |
# on écrase le crontab d'origine installé par le RPM "freeradius-web" (bug remonté à qa.mandriva.com : 46739). |
# 'tot_stats' (tout les jours à 01h01) : aggrégat des connexions journalières par usager (renseigne la table 'totacct') |
1513,31 → 1515,16 |
# export des logs en 'retard' dans /var/Save/logs |
/usr/local/bin/alcasar-log.sh --export |
# processus lancés par défaut au démarrage |
for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam nfsen |
for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam |
do |
/sbin/chkconfig --add $i |
done |
# On rajoute une tempo pour relancer radius après le redémarrage de mysqld (bug en cours d'analyse) |
# cat << EOF > /etc/rc.local |
#!/bin/sh |
# |
### BEGIN INIT INFO |
# Provides: rc.local |
# X-Mandriva-Compat-Mode |
# Default-Start: 2 3 4 5 |
# Short-Description: Local initialization script |
# Description: This script will be executed *after* all the other init scripts. |
# You can put your own initialization stuff in here if you don't |
# want to do the full Sys V style init stuff. |
### END INIT INFO |
# |
#/etc/init.d/mysqld restart |
#sleep 1 |
#/etc/init.d/radiusd restart |
#touch /var/lock/subsys/local |
#EOF |
echo "/usr/local/sbin/alcasar-load_balancing.sh start &" >> /etc/rc.local |
cat << EOF > /etc/rc.local |
/usr/local/sbin/alcasar-load_balancing.sh start & |
sleep 3 |
service radiusd restart |
EOF |
# On applique les préconisations ANSSI |
# Apply French Security Agency rules |
1591,7 → 1578,7 |
else |
$SED "s?timeout_established.*?timeout_established = 3600?g" /etc/sysctl.conf |
fi |
# suppression des log_martians (ALCASAR est souvent entre deux réseaux en adressage privée) |
# disable log_martians (ALCASAR is often installed between two private network addresses) |
sysctl -w net.ipv4.conf.all.log_martians=0 |
# On supprime la gestion du <CTRL>+<ALT>+<SUPPR> et des Magic SysReq Keys |
# ??? $SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver |
1646,6 → 1633,10 |
chown -R root:apache $DIR_DEST_ETC/* |
chmod -R 660 $DIR_DEST_ETC/* |
chmod ug+x $DIR_DEST_ETC/digest |
# Fix the Mageia bug in function "/etc/sysconfig/network-scripts/network-functions" |
[ -e /sbin/ethtool ] || ln -s /usr/sbin/ethtool /sbin/ethtool |
# Apply and save the firewall rules |
sh $DIR_DEST_BIN/alcasar-iptables.sh |
sleep 2 |
1752,8 → 1743,6 |
fi |
# RPMs install |
$DIR_SCRIPTS/alcasar-urpmi.sh |
echo "Mise à jour des modules noyau installés" |
depmod -a |
if [ "$?" != "0" ] |
then |
exit 0 |
1803,10 → 1792,10 |
else |
mode="install" |
fi |
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron post_install |
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_awstats param_dnsmasq BL cron post_install |
do |
$func |
#echo "*** 'debug' : end of function $func ***"; read a |
# echo "*** 'debug' : end of function $func ***"; read a |
done |
;; |
-u | --uninstall) |