Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 1156 → Rev 1157

/VERSION
1,0 → 0,0
2.8a
2.7.1
/conf/nfsen/nfsen-init
File deleted
/conf/nfsen/PortTracker.pm
File deleted
/conf/nfsen/nfsen.conf
File deleted
/conf/nfsen/nfsen-1.3.6p1.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/CHANGELOG
1,8 → 1,17
# $Id$
 
************ CHANGELOG ***********
---------------------- 2.7.1 -----------------
BUGs
- Fix multi-users voucher
- Fix a mageia2 bug in network function
NEWS
- Add 2 examples of "uamalowed and uamdomain" files with several microsoft update domains
- Show the blacklist category in "Acces denied" page
- Watchdog : don't disconnect MAC auth equipments even if they can't be reached (arping)
---------------------- 2.7 -----------------
BUGs - some corrections in the connection popup
BUGs
- some corrections in the connection popup
- test if categories enabled of the BL are effectively in the BL (need after an update of the BL)
NEWS
- Installation with Mageia2
27,7 → 36,7
- show the GPL
---------------------- 2.6.0.1 -----------------
Bugs
- the deleted library fpdf has been restored
- the deleted library fpdf has been restored
- the mysqld and radiusd services are restarted when ALCASAR is launched
---------------------- 2.6 --------------------
Bugs
/scripts/sbin/alcasar-uninstall.sh
15,7 → 15,7
echo "-----------------------------------------------------------------------------"
echo
#services_stop
for i in squid ntpd iptables ulogd dansguardian chilli httpd radiusd freshclam havp dnsmasq mysqld named dhcpd nfsen
for i in squid ntpd iptables ulogd dansguardian chilli httpd radiusd freshclam havp dnsmasq mysqld named dhcpd
do
[ -e /etc/init.d/$i ] && /sbin/chkconfig --del $i && /etc/init.d/$i stop && killall $i 2>/dev/null
done
132,6 → 132,11
fi
sleep 1
 
#awstats
echo -en "\n- awstats(1) : "
[ -e /etc/awstats/awstats.conf.default ] && mv /etc/awstats/awstats.conf.default /etc/awstats/awstats.conf && echo -n "1"
sleep 1
 
#DnsMasq
echo -en "\n- dnsmasq(4) : "
if [ -e /etc/init.d/dnsmasq ]
172,6 → 177,7
[ -e /etc/cron.d/alcasar-clean_log ] && rm -f /etc/cron.d/alcasar-clean_log && echo -n "5, "
[ -e /etc/cron.d/alcasar-clean_import ] && rm -f /etc/cron.d/alcasar-clean_import && echo -n "6, "
[ -e /etc/cron.d/alcasar-distrib-updates ] && rm -f /etc/cron.d/alcasar-distrib-updates && echo -n "7, "
[ -e /etc/cron.d/awstats ] && rm -f /etc/cron.d/awstats && echo -n "8, "
[ -e /etc/cron.d/freeradius-web ] && rm -f /etc/cron.d/freeradius-web && echo -n "9, "
[ -e /etc/cron.d/alcasar-watchdog ] && rm -f /etc/cron.d/alcasar-watchdog && echo -n "10"
rm -f /etc/cron.d/coova /etc/cron.d/alcasar-bl_download
219,4 → 225,4
echo
 
# suppression des exceptions de mises à jours ( coova-chilli et freeradius)
sed -i '/coova.*/d' /etc/urpmi/skip.list
sed -i '/coova.*/d' /etc/urpmi/skip.list
/scripts/sbin/alcasar-dhcp.sh
67,7 → 67,7
$SED "s?^DHCP.*?DHCP=off?g" $ALCASAR_CONF_FILE
if [ "$EXT_DHCP_IP" != "none" ]
then
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcprelayagent.*?dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
else
84,7 → 84,7
$SED "s?^dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE
$SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=none?g" $ALCASAR_CONF_FILE
99,7 → 99,7
$SED "s?^dynip.*?dynip\t\t$PRIVATE_DYN_IP?g" $CHILLI_CONF_FILE
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_DYN_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_DYN_FIRST_IP,$PRIVATE_DYN_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=none?g" $ALCASAR_CONF_FILE
/scripts/alcasar-watchdog.sh
4,7 → 4,6
# alcasar-watchdog.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet
# il déconnecte les usagers dont
# - les équipements réseau ne répondent plus
12,7 → 11,7
# This script tells users that Internet access is down
# it logs out users whose
# - PCs are quiet
# - MAC address are in used by other systems (usurped)
# - MAC address is used by other systems (usurped)
 
EXTIF="eth0"
INTIF="eth1"
19,7 → 18,8
conf_file="/usr/local/etc/alcasar.conf"
private_ip_mask=`grep PRIVATE_IP= $conf_file|cut -d"=" -f2`
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address
PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1` # @ip du portail (côté LAN)
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1}
tmp_file="/tmp/watchdog.txt"
DIR_WEB="/var/www/html"
Index_Page="$DIR_WEB/index.php"
27,7 → 27,7
IFS=$'\n'
 
function lan_down_alert ()
# users are redirected on ALCASAR IP address if LAN Pb detected
# users are redirected on ALCASAR IP address if a LAN problem is detected
{
case $LAN_DOWN in
"1")
42,7 → 42,7
;;
esac
net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l`
if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas).
if [ $net_pb = "0" ] # user alert
then
/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page
/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf
123,7 → 123,7
done
rm $tmp_file
fi
# on traite chaque équipements connus de chilli
# process each equipment known by chilli
for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
do
active_ip=`echo $system |cut -d" " -f2`
130,16 → 130,20
active_session=`echo $system |cut -d" " -f5`
active_mac=`echo $system | cut -d" " -f1`
active_user=`echo $system |cut -d" " -f6`
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes)
# process only equipment with an authenticated user
if [[ $(expr $active_session) -eq 1 ]]
then
then
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l`
# on stocke les adresses IP des stations muettes
# store @IP of quiet equipments
if [[ $(expr $arp_reply) -eq 0 ]]
then
echo "$active_ip $active_mac $active_user" >> $tmp_file
PTN='^[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]$'
if [[ $(expr $active_user : $PTN) -eq 0 ]] # don't process @mac auth equipments
then
echo "$active_ip $active_mac $active_user" >> $tmp_file
fi
fi
# on deconnecte l'usager d'une stations usurpée (@MAC)
# disconnect users whose equipement is usurped (@MAC)
if [[ $(expr $arp_reply) -gt 2 ]]
then
echo "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/logs/security/watchdog.log
/scripts/alcasar-archive.sh
6,12 → 6,12
# This script is distributed under the Gnu General Public License (GPL)
 
# Script permettant
# - d'exporter les logs de traçabilités et la base des usagers à des fins d'archivages.
# - d'exporter dans un seul fichier les logs de traçabilités et la base des usagers (à des fins d'archivages).
# - Une fonction de chiffrement des logs a été implémentée dans ce script. Lisez la documentation d'exploitation pour l'activer.
# - nettoyage des archives supérieures à 1 an (365 jours)
 
# This script allows
# - export log files and user's base in order to archive them.
# - export in one file the log files and user's base (in order to archive them).
# - a cypher fonction allows to protect these files. Read the exploit documentation to enable it.
# - delete backup files older than one year (365 days)
 
27,7 → 27,7
EXPIRE_DAY=365 # Nbre de jour avant suppression des fichiers journaux
CRYPT="0" # chiffrement des logs ( 0=non / 1=oui --> Signature = 1(implicite))
SIGN="0" # Signature/empreinte des logs ( 0=non / 1=oui ) ATTENTION : nécessite la clé privée !!!
GPG_USER="OSSI-CIRISI-Lyon" # utilisateur autorisé à déchiffrer les logs. Sa clé publique doit être connu dans le portefeuille gnupg de root (/root/.gnupg)
GPG_USER="" # utilisateur autorisé à déchiffrer les logs. Sa clé publique doit être connu dans le portefeuille gnupg de root (/root/.gnupg)
 
usage="Usage: alcasar-archive.sh {--clean or -c} | {--now or -n}"
 
90,15 → 90,12
}
fi
rm -rf /tmp/archive-*
chown apache:apache $TO_SAVE/
chown root:apache $DIR_ARCHIVE/*
;;
--update | -u)
# Mise à niveau de l'architecture d'export/archivage
[ -d /tmp/save ] || mkdir -p /tmp/save
[ -d $DIR_ARCHIVE/ ] || mkdir -p $DIR_ARCHIVE/ # utile une seule fois mais crée le répertoire si nécessaire
# copie de l'archive au cas où ...
rm -f $(ls *[0-9]) # effacer les fichiers n'ayant pas été compressés
mv $TO_SAVE/firewall/tracabilite-* $DIR_ARCHIVE/.
;;
*)
echo "Unknown argument :$1";
/scripts/alcasar-iptables-bypass.sh
72,10 → 72,9
if [ $SSH = on ]
then
$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-LAN -- ACCEPT"
$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -j ACCEPT
$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW --syn -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-WAN -- ACCEPT"
$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport ssh -m state --state ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW -j ACCEPT
fi
 
# Insertion de règles locales
/scripts/alcasar-iptables.sh
45,9 → 45,6
TUNIF="tun0" # listen device for chilli daemon
IPTABLES="/sbin/iptables"
 
#lancement du module kernel ipt_NETFLOW (module iptables)
modprobe ipt_NETFLOW destination=127.0.0.1:2055
 
# Effacement des règles existantes
# Flush all existing rules
$IPTABLES -F
135,7 → 132,6
 
# On autorise les retours de connexions légitimes par INPUT
# Conntrack on INPUT
#$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j NETFLOW
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
# On interdit les connexions directes au port utilisé par DansGuardian (8080). Les packets concernés ont été marqués dans la table mangle (PREROUTING)
158,8 → 154,6
fi
# Autorisation des connexions légitimes à DansGuardian
# Allow connections for DansGuardian
#Flux netflow des requêtes HTTP à destination de DansGuardian
#$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8080 -j NETFLOW
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8080 -m state --state NEW --syn -j ACCEPT
 
# On interdit les connexions directes au port UDP 54. Les packets concernés ont été marqués dans la table mangle (PREROUTING)
255,6 → 249,7
#fi
 
# Autorisation des retours de connexions légitimes
# Allow conntrack
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 
# If protocols filter is activate
266,7 → 261,6
while read ip_exception
do
$IPTABLES -A FORWARD -i $TUNIF -s $ip_exception -m state --state NEW -j ULOG --ulog-prefix "RULE IP-exception -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -s $ip_exception -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $ip_exception -m state --state NEW -j ACCEPT
done < /usr/local/etc/alcasar-filter-exceptions
fi
278,7 → 272,6
do
ip_allowed=`echo $ip_allowed_line|cut -d"\"" -f2`
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ULOG --ulog-prefix "RULE IP-allowed -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ACCEPT
done < /usr/local/etc/alcasar-uamallowed
fi
293,15 → 286,11
svc_port=`echo $svc_line|cut -d" " -f2`
if [ $svc_name = "icmp" ]
then
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp -j ACCEPT
else
 
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j ULOG --ulog-prefix "RULE F_TCP-$svc_name -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j ULOG --ulog-prefix "RULE F_UDP-$svc_name -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j ACCEPT
fi
fi
322,19 → 311,18
# Autorisation des connections sortant du LAN
# Allow forward connections with log
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j ULOG --ulog-prefix "RULE F_all -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j ACCEPT
 
#############################
# OUTPUT #
#############################
# SSHD rules if activate
if [ $SSH = on ]
then
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport ssh -m state --state ESTABLISHED -j ACCEPT
fi
# On laisse tout sortir sur toutes les cartes sauf celle qui est connectée sur l'extérieur
# Everything is allowed but traffic through outside network interface
 
# On autorise les retours de connexions légitimes par OUTPUT
# Conntrack on OUTPUT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
# On laisse tout sortir sur INTIF
# Everything is allowed only on INTIF
$IPTABLES -A OUTPUT ! -o $EXTIF -j ACCEPT
 
# On autorise les requêtes DNS vers les serveurs DNS identifiés
343,7 → 331,6
 
# On autorise les requêtes HTTP sortantes
# HTTP requests are allowed
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
 
# On autorise les requêtes FTP
350,7 → 337,6
# FTP requests are allowed
modprobe ip_conntrack_ftp
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
 
# On autorise les requêtes NTP
# NTP requests are allowed
370,7 → 356,6
# $IPTABLES -A INPUT -p udp -s $LDAP_IP -m multiports --sports ldap,ldaps -m state --state ESTABLISHED -j ACCEPT
fi
 
 
#############################
# POSTROUTING #
#############################
/scripts/alcasar-conf.sh
386,6 → 386,8
$SED "s?^\$organisme = .*?\$organisme = \"$ORGANISME\";?g" /var/www/html/intercept.php /var/www/html/status.php
# dhcp (coova + dnsmasq)
$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode
# awstat
$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf
# dnsmasq
$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf
for i in /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf
/scripts/alcasar-urpmi.sh
12,7 → 12,8
VERSION="2"
ARCH="i586"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="sudo freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb logwatch ntp bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy php-mbstring perl-rrdtool perl-MailTools perl-Socket6 php-sockets kernel-desktop-3.4.45-1.mga2-1-1.mga2"
PACKAGES="sudo freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb logwatch ntp awstats bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy php-mbstring"
 
rpm_repository_sync ()
{
cat <<EOF > /etc/urpmi/urpmi.cfg
227,20 → 228,4
[ -e /tmp/chilli.conf ] && mv /tmp/chilli.conf /etc/
# Clean the RPM cache
urpmi --clean
 
#Keep only kernel-desktop-3.4.45-1.mga2-1-1.mga2 version, and remove all others
kernelVersion=$(rpm -qa | grep "kernel-desktop")
for i in $kernelVersion
do
if [ ! $i = "kernel-desktop-3.4.45-1.mga2-1-1.mga2" ];then
urpme $i
fi
done
 
#Fix the kernel version to : kernel-desktop-3.4.45-1.mga2-1-1.mga2
echo "/^kernel-desktop/" > /etc/urpmi/skip.list
 
#update tht kernel modules list
depmod -a
 
exit 0
/readme.txt
1,6 → 1,6
$Id: readme-2.0.txt 581 2011-04-21 16:59:59Z richard $
 
Alcasar-2.7
Alcasar-2.7.1
 
*********** English **********
- New installation : Need the CD dual architecture (32b and 64b) of Linux Mageia2 (Mageia-2-dual-CD.iso).
/web/acc/menu.php
38,9 → 38,9
$l_stat_user_day = "usager/jour";
$l_stat_con = "connexions";
$l_stat_daily ="usage journalier";
$l_stat_web ="traffic WEB";
$l_firewall ="parefeu";
$l_menu="Menu";
$l_moniteur="Moniteur Système";
}
else {
$Language = 'en';
64,9 → 64,9
$l_stat_user_day = "user/day";
$l_stat_con = "connections";
$l_stat_daily ="daily use";
$l_stat_web ="WEB traffic";
$l_firewall ="firewall";
$l_menu="Main";
$l_moniteur="System Monitor";
}
echo "
<TABLE width=\"100%\" border=0 cellspacing=0 cellpadding=0>
148,7 → 148,7
fclose($fp);
printf("%d", $nb);
?>
<br>depuis le 20/01/2013<br></center></td></tr>
<br>depuis le 99/99/9999<br></center></td></tr>
</TABLE>
</td></tr>
</TABLE>
/web/acc/stat.php
3,13 → 3,13
$select[0]="$l_stat_user_day";
$select[1]="$l_stat_con";
$select[2]="$l_stat_daily";
$select[3]="$l_firewall";
$select[4]="$l_moniteur";
$select[3]="$l_stat_web";
$select[4]="$l_firewall";
$fich[0]="manager/htdocs/user_stats.php";
$fich[1]="manager/htdocs/accounting.php";
$fich[2]="manager/htdocs/stats.php";
$fich[3]="admin/firewallEyes/index.html";
$fich[4]="/nfsen";
$fich[3]="awstats/";
$fich[4]="admin/firewallEyes/index.html";
$j=0;
while ($j != count($select))
{
/web/acc/about.htm
70,7 → 70,7
<TABLE width="100%" border="1" cellspacing="0" cellpadding="0">
<TR>
<TD align="center"><A HREF=javascript:ouvrir("http://www.linux.org")><img border="0" src="/images/footer_linux.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.mandriva.com")><img border="0" src="/images/footer_mandriva.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.mageia.org")><img border="0" src="/images/footer_mageia.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.coova.org/CoovaChilli")><img border="0" src="/images/footer_coova.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.freeradius.org")><img border="0" src="/images/footer_freeradius.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.mysql.com")><img border="0" src="/images/footer_mysql.png"></A></TD>
/web/acc/manager/htdocs/ticket_user.php
1,4 → 1,5
<?php
require_once('/var/www/html/acc/manager/lib/alcasar/ticketspdf.class.php');
// ticket d'impression (thank's to Geoffroy MUSITELLI)
//--recupération des variables provenant du formulaire
$langue_imp=utf8_decode($_POST["langue_imp"]);
15,8 → 16,11
case 'fr':
$l_title_imp = "TICKET D'ACCÈS INTERNET";
$l_footer_imp = "Généré par ALCASAR";
$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.).";
$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter.";
//$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.).";
//$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter.";
$l_explain = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte
(mot de passe, certificat, etc.).
Entrer 'logout' dans votre navigateur pour vous déconnecter.";
$l_login_imp = "Utilisateur :";
$l_password_imp = "Mot de passe :";
$l_max_all_session_imp="Durée totale autorisée :";
26,12 → 30,16
$l_expiration_imp="Date d'expiration :";
$l_unlimited="Illimitée";
$l_without="Aucune";
$l_duplicate="Duplicata";
break;
case 'de':
$l_title_imp = "INTERNETZUGANG TICKET";
$l_footer_imp = "Präsentiert von ALCASAR";
$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.).";
$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen.";
//$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.).";
//$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen.";
$l_explain = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.).
Geben Sie 'logout' in Ihrem Browser zu trennen.
";
$l_login_imp = "Login :";
$l_password_imp = "Passwort :";
$l_max_all_session_imp="Maximale erlaubt Dauer :";
41,12 → 49,15
$l_expiration_imp="Verfallsdatum :";
$l_unlimited="Unbegrentz";
$l_without="Ohne";
$l_duplicate="Duplikat";
break;
case 'nl':
$l_title_imp = "ONTVANGST INTERNET";
$l_footer_imp = "Powered by ALCASAR";
$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.).";
$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken.";
//$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.).";
//$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken.";
$l_explain = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.).
Voer 'logout' in uw browser de verbinding te verbreken.";
$l_login_imp = "Gebruikers :";
$l_password_imp = "Wachtwoord :";
$l_max_all_session_imp="Totaal toegestane tijd :";
56,12 → 67,15
$l_expiration_imp="Vervaldatum :";
$l_unlimited="Onbeperkte";
$l_without="Ohne";
$l_duplicate="Duplicaat";
break;
case 'es':
$l_title_imp = "BONO INTERNET";
$l_footer_imp = "Desarrollado por ALCASAR";
$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.).";
$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar.";
//$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.).";
//$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar.";
$l_explain = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.).
Escribe 'logout' de su navegador para desconectar.";
$l_login_imp = "Usuario :";
$l_password_imp = "Contraseña :";
$l_max_all_session_imp="Tiempo total permitido :";
71,12 → 85,15
$l_expiration_imp="Fecha de caducidad :";
$l_unlimited="Ilimitado";
$l_without="Sin";
$l_duplicate="Duplicado";
break;
case 'it':
$l_title_imp = "RICEVIMENTO INTERNET";
$l_footer_imp = "Powered by ALCASAR";
$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc).";
$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi.";
//$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc).";
//$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi.";
$l_explain = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc).
Inserisci 'logout' nel tuo browser per disconnettersi.";
$l_login_imp = "Utenti :";
$l_password_imp = "Password :";
$l_max_all_session_imp="Tempo totale consentito:";
86,12 → 103,15
$l_expiration_imp="Data di scadenza :";
$l_unlimited="Illimitato";
$l_without="Senza";
$l_duplicate="Duplicato";
break;
case 'pt':
$l_title_imp = "BILHETE DE ACESSO À INTERNET";
$l_footer_imp = "Desenvolvido por ALCASAR";
$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc).";
$l_explain2_imp = "Digite 'logout' no seu navegador para desligar.";
//$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc).";
//$l_explain2_imp = "Digite 'logout' no seu navegador para desligar.";
$l_explain = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc).
Digite 'logout' no seu navegador para desligar.";
$l_login_imp = "Usuário :";
$l_password_imp = "Senha :";
$l_max_all_session_imp="Tempo máximo de toda conexão :";
101,12 → 121,15
$l_expiration_imp="Data de vencimento :";
$l_unlimited="Ilimitado";
$l_without="Sem";
$l_duplicate="Duplicado";
break;
default:
$l_title_imp = "INTERNET ACCESS TICKET";
$l_footer_imp = "Powered by ALCASAR";
$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.).";
$l_explain2_imp = "Enter 'logout' in your browser to disconnect.";
//$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.).";
//$l_explain2_imp = "Enter 'logout' in your browser to disconnect.";
$l_explain = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.).
Enter 'logout' in your browser to disconnect.";
$l_login_imp = "Login :";
$l_password_imp = "Password :";
$l_max_all_session_imp="Total time allowed :";
116,145 → 139,47
$l_expiration_imp="Expiration date :";
$l_unlimited="Unlimited";
$l_without="Without";
$l_duplicate="Duplicate";
break;
}
/* Si les valeurs de durée sont égal à '-' remplissage avec la valeur 'Illimitée'*/
if ($sto_imp=='-'){ $sto_imp=$l_unlimited;}
if ($mas_imp=='-'){ $mas_imp=$l_unlimited;}
if ($mds_imp=='-'){ $mds_imp=$l_unlimited;}
if ($mms_imp=='-'){ $mms_imp=$l_unlimited;}
//création de la classe PDF pour faire l'entête et pieds de page
require('../lib/fpdf/fpdf.php');
class PDF extends FPDF
{
//Entête
function Header()
{
global $l_title_imp;
//Logo coordonnées x , y, largeur de l'image
$this->Image('../../../images/logo-alcasar.png',30,15,30);
$this->Image('../../../images/organisme.png',150,15,25);
//Police Arial gras 15
$this->SetFont('Arial','B',18);
//couleur de l'écriture en rouge
$this->SetTextColor(250,1,10);
//Titre largeur cellule x , hauteur y, texte, bordure 0 , Indique où déplace la prochaine position courante 0 droite, centré C
$this->Cell(190,10,utf8_decode($l_title_imp),0,0,'C');
//Saut de ligne
$this->Ln(25);
}
//Pied de page
function Footer()
{
global $l_footer_imp;
//Positionnement à 1,5 cm du bas
$this->SetY(-15);
//Police Arial italique 8
$this->SetFont('Arial','I',8);
$this->Cell(200,20,utf8_decode($l_footer_imp),0,0,'C');
}
//fonction rectangle
//Rectangle : x, y : coin supérieur gauche du rectangle.w, h : largeur et hauteur. r : rayon des coins arrondis.
//style : comme celui de Rect() : F, D (défaut), FD ou DF.
function RoundedRect($x, $y, $w, $h, $r, $style = '')
{
$k = $this->k;
$hp = $this->h;
if($style=='F')
$op='f';
elseif($style=='FD' or $style=='DF')
$op='B';
else
$op='S';
$MyArc = 4/3 * (sqrt(2) - 1);
$this->_out(sprintf('%.2F %.2F m',($x+$r)*$k,($hp-$y)*$k ));
$xc = $x+$w-$r ;
$yc = $y+$r;
$this->_out(sprintf('%.2F %.2F l', $xc*$k,($hp-$y)*$k ));
// Ajout d'un ticket sur la fiche PDF
 
$this->_Arc($xc + $r*$MyArc, $yc - $r, $xc + $r, $yc - $r*$MyArc, $xc + $r, $yc);
$xc = $x+$w-$r ;
$yc = $y+$h-$r;
$this->_out(sprintf('%.2F %.2F l',($x+$w)*$k,($hp-$yc)*$k));
$this->_Arc($xc + $r, $yc + $r*$MyArc, $xc + $r*$MyArc, $yc + $r, $xc, $yc + $r);
$xc = $x+$r ;
$yc = $y+$h-$r;
$this->_out(sprintf('%.2F %.2F l',$xc*$k,($hp-($y+$h))*$k));
$this->_Arc($xc - $r*$MyArc, $yc + $r, $xc - $r, $yc + $r*$MyArc, $xc - $r, $yc);
$xc = $x+$r ;
$yc = $y+$r;
$this->_out(sprintf('%.2F %.2F l',($x)*$k,($hp-$yc)*$k ));
$this->_Arc($xc - $r, $yc - $r*$MyArc, $xc - $r*$MyArc, $yc - $r, $xc, $yc - $r);
$this->_out($op);
}
//fonction arc de cercle
function _Arc($x1, $y1, $x2, $y2, $x3, $y3)
{
$h = $this->h;
$this->_out(sprintf('%.2F %.2F %.2F %.2F %.2F %.2F c ', $x1*$this->k, ($h-$y1)*$this->k,
$x2*$this->k, ($h-$y2)*$this->k, $x3*$this->k, ($h-$y3)*$this->k));
}
}
// Préparation de la fiche PDF
$pdf = new ticketsPDF(2,3);
$pdf->setTicketsTitle($l_title_imp);
$pdf->setTicketsFooter($l_footer_imp);
$pdf->newTickets();
$pdf->Ln(5);
$pdf->addInfos($l_login_imp, $log_imp);
$pdf->addInfos($l_password_imp, $passwd_imp);
$pdf->Ln(5);
$pdf->addInfos($l_max_all_session_imp, $mas_imp);
$pdf->addInfos($l_session_timeout_imp, $sto_imp);
$pdf->addInfos($l_max_daily_session_imp, $mds_imp);
$pdf->addInfos($l_expiration_imp, $exp_imp);
$pdf->Ln(10);
$pdf->addComment($l_explain);
 
//création du constructeur pdf avec fpdf : portrait P sinon paysage L, unite mm, page A4
$pdf = new PDF('L','mm','A5');
$pdf->AliasNbPages();
//creation de la page
$pdf->Addpage();
//Couleur du texte en noir
$pdf->SetTextColor(0);
// Création du duplicata
$pdf->newTickets();
$pdf->Ln(5);
$pdf->addInfos($l_login_imp, $log_imp);
$pdf->addInfos($l_password_imp, $passwd_imp);
$pdf->Ln(5);
$pdf->addInfos($l_max_all_session_imp, $mas_imp);
$pdf->addInfos($l_session_timeout_imp, $sto_imp);
$pdf->addInfos($l_max_daily_session_imp, $mds_imp);
$pdf->addInfos($l_expiration_imp, $exp_imp);
$pdf->Ln(10);
$pdf->addComment($l_duplicate,'C');//à mettre en rouge
 
//création du cadre arrondi qui entoure le ticket d'impression
//x, y : coin supérieur gauche du rectangle.w, h : largeur et hauteur. r : rayon des coins arrondis.
//style : comme celui de Rect() : F, D (défaut), FD ou DF.
$pdf->RoundedRect(40, 32, 130, 80, 3.5, 'D');
//création utilisateur et mot de passe coordonnées x , y hauteur et largeur , texte
$pdf->Ln(5);
$pdf->SetFont('Arial','',12);
$pdf->cell(50);
$pdf->Cell(45,10,utf8_decode($l_login_imp),0,0,'R');
$pdf->SetFont('Arial','B',12);
$pdf->Cell(45,10,$log_imp,0,1,'L');
$pdf->cell(50);
$pdf->SetFont('Arial','',12);
$pdf->Cell(45,10,utf8_decode($l_password_imp),0,0,'R');
$pdf->SetFont('Arial','B',12);
$pdf->Cell(45,10,$passwd_imp,0,1,'L');
//saut de ligne
$pdf->Ln(7);
//création des attributs utilisateurs coordonnées x , y hauteur et largeur , texte
$pdf->cell(50);
$pdf->SetFont('Arial','',12);
$pdf->Cell(45,10,utf8_decode($l_max_all_session_imp),0,0,'R');
$pdf->SetFont('Arial','B',12);
if ($mas_imp == "Unlimited") $mas_imp=utf8_decode($l_unlimited);
$pdf->Cell(45,10,$mas_imp,0,1,'L');
$pdf->cell(50);
$pdf->SetFont('Arial','',12);
$pdf->Cell(45,10,utf8_decode($l_session_timeout_imp),0,0,'R');
$pdf->SetFont('Arial','B',12);
if ($sto_imp == "Unlimited") $sto_imp=utf8_decode($l_unlimited);
$pdf->Cell(45,10,$sto_imp,0,1,'L');
$pdf->cell(50);
$pdf->SetFont('Arial','',12);
$pdf->Cell(45,10,utf8_decode($l_max_daily_session_imp),0,0,'R');
$pdf->SetFont('Arial','B',12);
if ($mds_imp == "Unlimited") $mds_imp=utf8_decode($l_unlimited);
$pdf->Cell(45,10,$mds_imp,0,1,'L');
//$pdf->SetFont('Arial','',12);
//$pdf->cell(50);
//$pdf->Cell(45,10,$l_max_monthly_session_imp,0,0,'R');
//$pdf->SetFont('Arial','B',12);
//$pdf->Cell(45,10,$mms_imp,0,1,'L');
$pdf->cell(50);
$pdf->SetFont('Arial','',12);
$pdf->Cell(45,10,utf8_decode($l_expiration_imp),0,0,'R');
$pdf->SetFont('Arial','B',12);
if ($exp_imp == "Without") $exp_imp=utf8_decode($l_without);
$pdf->Cell(45,10,$exp_imp,0,1,'L');
$pdf->Ln(7);
$pdf->cell(30);
$pdf->SetFont('Arial','',8);
$pdf->Cell(0,5,utf8_decode($l_explain1_imp),0,1,'L');
$pdf->cell(30);
$pdf->SetFont('Arial','',8);
$pdf->Cell(0,5,utf8_decode($l_explain2_imp),0,1,'L');
 
// envoie du document au navigateur
$ticket_name="ticket_".$log_imp.".pdf";
$pdf->Output("ticket.pdf");
/web/acc/manager/htdocs/voucher_new.php
3,10 → 3,7
//gestion de la langue
if (is_file("../lib/langues.php"))
include("../lib/langues.php");
// for developpement purpose
// CONST ROOT = "C:/Serveurs/Alcasar-mageia/";
CONST ROOT = "/";
require(ROOT.'etc/freeradius-web/config.php');
require('/etc/freeradius-web/config.php');
if ($show == 1){
header("Location: user_admin.php?login=$login");
exit;
35,7 → 32,26
dp_cal = new Epoch('epoch_popup','popup',document.getElementById('popup_container'));
};
/*Fin calendrier*/
 
function createTickets(arg){
var nbtickets = prompt("Saisissez le nombre d'utilisateurs à créer", "");
// On test la pression sur le boutton "annuler"
if (nbtickets===null){
alert('nbtickets===null');
return false;
}
// On test la valeur saisie n'est pas un nombre
if (isNaN(nbtickets)===true){
return false;
}
// Conversion en entier de nbtickets
nbtickets = parseInt(nbtickets)
// Configuration et envoie du formulaire
arg.nbtickets.value = nbtickets
arg.action = "vouchers_new.php";
arg.submit();
return true;
}
</script>
</head>
<body>
97,13 → 113,13
$login = $saved_login;}
/* Si les valeurs de durée sont vide remplissage avec la valeur 'Illimitée'*/
/* et formatage des secondes sous le format Heure min ses*/
if ($sto_imp==''){ $sto_imp=$v_illimit;}
if ($sto_imp==''){ $sto_imp='-';}
else { $sto_imp=sec_imp($sto_imp);}
if ($mas_imp==''){ $mas_imp=$v_illimit;}
if ($mas_imp==''){ $mas_imp='-';}
else { $mas_imp=sec_imp($mas_imp);}
if ($mds_imp==''){ $mds_imp=$v_illimit;}
if ($mds_imp==''){ $mds_imp='-';}
else { $mds_imp=sec_imp($mds_imp);}
if ($mms_imp==''){ $mms_imp=$v_illimit;}
if ($mms_imp==''){ $mms_imp='-';}
else { $mms_imp=sec_imp($mms_imp);}
/*Formatage de la date afin d'être lisible dans toute les langues 'jj mm yyyy'*/
if ($Expiration!=''){ $Expiration=date("d - m - Y",strtotime($Expiration));}
356,8 → 372,13
else{
echo "<input type=submit class=button value=\"$l_create\" OnClick=\"return formControl('newuser');\">";
echo "<input type='hidden' name='nbtickets' value=''>";
echo "<br>$l_or :<br>";
echo "<input type=button class=button value=\"$l_create_multiple\" OnClick=\"return createTickets(this.form, '$l_createTicketsMSG');\">";
echo "<br>Ou :<br>";
$l_create_multiple = "Créer plusieurs tickets";
echo "<input type=button class=button value=\"$l_create_multiple\" OnClick=\"return createTickets(this.form);\">";
$l_create_multiple_comment = "<br>Remarques : lors de la création plusieurs tickets sysmultanément :<br>
- l'identifiant et le mot de passe sont générés aléatoirement,<br>
- les champs \"Nom, prénom\" et \"Adresse de couriel\" ne sont pas pris en compte.<br> ";
echo $l_create_multiple_comment;
}
?>
/web/acc/manager/htdocs/vouchers_new.php
1,8 → 1,6
<?php
// for developpement purpose
// CONST ROOT = "C:/Serveurs/Alcasar-mageia/";
CONST ROOT = "/";
require_once(ROOT.'var/www/html/acc/manager/lib/alcasar/ticketspdf.class.php');
CONST ROOT = '/';
require_once(ROOT.'/var/www/html/acc/manager/lib/alcasar/ticketspdf.class.php');
 
/*
TODO :
79,8 → 77,8
case 'fr':
$l_title_imp = "TICKET D'ACCÈS INTERNET";
$l_footer_imp = "Généré par ALCASAR";
//$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.).";
//$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter.";
//$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.).";
//$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter.";
$l_explain = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte
(mot de passe, certificat, etc.).
Entrer 'logout' dans votre navigateur pour vous déconnecter.";
97,8 → 95,8
case 'de':
$l_title_imp = "INTERNETZUGANG TICKET";
$l_footer_imp = "Präsentiert von ALCASAR";
//$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.).";
//$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen.";
//$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.).";
//$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen.";
$l_explain = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.).
Geben Sie 'logout' in Ihrem Browser zu trennen.
";
115,8 → 113,8
case 'nl':
$l_title_imp = "ONTVANGST INTERNET";
$l_footer_imp = "Powered by ALCASAR";
//$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.).";
//$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken.";
//$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.).";
//$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken.";
$l_explain = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.).
Voer 'logout' in uw browser de verbinding te verbreken.";
$l_login_imp = "Gebruikers :";
132,8 → 130,8
case 'es':
$l_title_imp = "BONO INTERNET";
$l_footer_imp = "Desarrollado por ALCASAR";
//$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.).";
//$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar.";
//$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.).";
//$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar.";
$l_explain = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.).
Escribe 'logout' de su navegador para desconectar.";
$l_login_imp = "Usuario :";
149,8 → 147,8
case 'it':
$l_title_imp = "RICEVIMENTO INTERNET";
$l_footer_imp = "Powered by ALCASAR";
//$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc).";
//$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi.";
//$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc).";
//$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi.";
$l_explain = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc).
Inserisci 'logout' nel tuo browser per disconnettersi.";
$l_login_imp = "Utenti :";
166,8 → 164,8
case 'pt':
$l_title_imp = "BILHETE DE ACESSO À INTERNET";
$l_footer_imp = "Desenvolvido por ALCASAR";
//$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc).";
//$l_explain2_imp = "Digite 'logout' no seu navegador para desligar.";
//$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc).";
//$l_explain2_imp = "Digite 'logout' no seu navegador para desligar.";
$l_explain = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc).
Digite 'logout' no seu navegador para desligar.";
$l_login_imp = "Usuário :";
183,8 → 181,8
default:
$l_title_imp = "INTERNET ACCESS TICKET";
$l_footer_imp = "Powered by ALCASAR";
$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.).";
$l_explain2_imp = "Enter 'logout' in your browser to disconnect.";
//$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.).";
//$l_explain2_imp = "Enter 'logout' in your browser to disconnect.";
$l_explain = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.).
Enter 'logout' in your browser to disconnect.";
$l_login_imp = "Login :";
258,8 → 256,8
// création des variables d'impression
$login_imp = $login;
$passwd1_imp = $passwd;
// encryption du mot de passe
$passwd = da_encrypt($passwd);
// encryption du mot de passe (pas besoins, déjà présent dans le fichier create_user.php)
//$passwd = da_encrypt($passwd);
// test si l'usager existe
if (is_file("../lib/$config[general_lib_type]/user_info.php"))
/web/acc/admin/services.php
7,8 → 7,8
$Language = strtolower(substr(chop($Langue[0]),0,2)); }
if($Language == 'fr'){
$l_services_title = "Configuration des services";
$l_main_services = "Services réseau principaux";
$l_opt_services = "Services réseau optionnels";
$l_main_services = "Services principaux";
$l_opt_services = "Services optionnels";
$l_service_title = "Nom du service";
$l_service_start = "D&eacute;marrer";
$l_service_stop = "Arr&ecirc;ter";
30,8 → 30,8
$l_ntpd = "Service de mise à l'heure réseau";
} else {
$l_services_title = "Services configuration";
$l_main_services = "Main network services";
$l_opt_services = "Optional network services";
$l_main_services = "Main services";
$l_opt_services = "Optional services";
$l_service_title = "Service name";
$l_service_start = "Start";
$l_service_stop = "Stop";
/alcasar.sh
3,14 → 3,12
 
# alcasar.sh
 
# ALCASAR - Portail captif d'accès à l'Internet - Copyright (C) [2005] [ALcasar team - Rexy - 3abtux - ...]
# Ce programme est un logiciel libre ; vous pouvez le redistribuer et/ou le modifier au titre des clauses de la Licence Publique Générale GNU,
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
# Ce programme est un logiciel libre ; This software is free and open source
# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence.
# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ;
# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE.
# Voir la Licence Publique Générale GNU pour plus de détails.
# Vous devriez avoir reçu un exemplaire de la Licence Publique Générale GNU avec ce programme ;
# si ce n'est pas le cas, consultez : <http://www.gnu.org/licenses/>.
 
# team@alcasar.net
 
22,7 → 20,7
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
#
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes
 
# Options :
# -i or --install
41,7 → 39,7
# param_squid : Configuration du proxy squid en mode 'cache'
# param_dansguardian : Configuration de l'analyseur de contenu DansGuardian
# antivirus : Installation havp + libclamav
# param_nfsen : Configuration du grapheur nfsen pour apache
# param_awstats : Configuration de l'interface des statistiques de consultation WEB
# dnsmasq : Configuration du serveur de noms et du serveur dhcp de secours
# BL : Configuration de la BlackList
# cron : Mise en place des exports de logs (+ chiffrement)
72,7 → 70,7
DOMAIN="localdomain" # domaine local
EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI)
MTU="1500"
ETHTOOL_OPTS="speed 100 duplex full"
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"'
INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # adresse d'ALCASAR (+masque) proposée par défaut sur le réseau de consultation
# ****** Paths - chemin des commandes *******
426,7 → 424,6
ACCOUNTING=no
USERCTL=no
MTU=$MTU
#ETHTOOL_OPTS=$ETHTOOL_OPTS
EOF
# Config eth1 (consultation LAN) in normal mode
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF
439,6 → 436,7
IPV6TO4INIT=no
ACCOUNTING=no
USERCTL=no
ETHTOOL_OPTS=$ETHTOOL_OPTS
EOF
# Config of eth1 in bypass mode (see "alcasar-bypass.sh")
cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
499,8 → 497,7
# load conntrack ftp module
[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
echo "ip_conntrack_ftp" >> /etc/modprobe.preload
# load ipt_NETFLOW module
echo "ipt_NETFLOW" >> /etc/modprobe.preload
#
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
} # End of network ()
 
809,6 → 806,7
# insures that mysql is up before radius start
$SED "s?^# Should-Start.*?# Should-Start: \$network mysqld?" /etc/init.d/radiusd
$SED "s?^# Should-Stop.*?# Should-Start: \$network mysqld?" /etc/init.d/radiusd
 
} # End param_radius ()
 
##########################################################################
994,9 → 992,9
coaport 3799
include $DIR_DEST_ETC/alcasar-uamallowed
include $DIR_DEST_ETC/alcasar-uamdomain
#dhcpgateway\t
#dhcprelayagent\t
#dhcpgatewayport\t
#dhcpgateway
#dhcprelayagent
#dhcpgatewayport
EOF
# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0)
echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
1037,9 → 1035,21
$SED "s?^http_port.*?http_port 127.0.0.1:3128 transparent?g" /etc/squid/squid.conf
# Configuration du cache local
$SED "s?^#cache_dir.*?cache_dir ufs \/var\/spool\/squid 256 16 256?g" /etc/squid/squid.conf
# désactivation des "access log"
echo '#Disable access log' >> /etc/squid/squid.conf
echo "access_log none" >> /etc/squid/squid.conf
# emplacement et formatage standard des logs
echo '#logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh' >> /etc/squid/squid.conf
echo '#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh' >> /etc/squid/squid.conf
echo "access_log /var/log/squid/access.log" >> /etc/squid/squid.conf
# compatibilité des logs avec awstats
echo "emulate_httpd_log on" >> /etc/squid/squid.conf
echo "half_closed_clients off" >> /etc/squid/squid.conf
echo "server_persistent_connections off" >> /etc/squid/squid.conf
echo "client_persistent_connections on" >> /etc/squid/squid.conf
echo "client_lifetime 1440 minutes" >> /etc/squid/squid.conf
echo "request_timeout 5 minutes" >> /etc/squid/squid.conf
echo "persistent_request_timeout 2 minutes" >> /etc/squid/squid.conf
echo "cache_mem 256 MB" >> /etc/squid/squid.conf
echo "maximum_object_size_in_memory 4096 KB" >> /etc/squid/squid.conf
echo "maximum_object_size 4096 KB" >> /etc/squid/squid.conf
# anonymisation of squid version
echo "via off" >> /etc/squid/squid.conf
# remove the 'X_forwarded' http option
1181,72 → 1191,62
cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd
} # End of param_ulogd ()
 
##########################################################
## Fonction param_nfsen ##
##########################################################
param_nfsen()
##################################################################################
## Fonction param_awstats ##
## - configuration de l'interface des logs de consultation WEB (AWSTAT) ##
##################################################################################
param_awstats()
{
#Decompression tarball
tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
#Création groupe et utilisteur
if grep "^www-data:" /etc/group > /dev/null; then
echo "Group already exists !"
else
groupadd www-data
echo "Group 'www-data' created !"
fi
if grep "^nfsen:" /etc/passwd > /dev/null; then
echo "User already exists !"
else
useradd -m nfsen
echo "User 'nfsen' created !"
fi
usermod -G www-data nfsen
#Ajout du plugin nfsen : PortTracker
mkdir -p /var/www/nfsen/plugins
chown -R nfsen:www-data /var/www/nfsen
#Ajout du plugin PortTracker
mkdir -p /var/log/netflow/porttracker
mkdir -p /usr/share/nfsen/plugins
chown -R apache:apache /usr/share/nfsen
cp -f ./conf/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
chown apache /var/log/netflow/porttracker
#Copie du fichier de conf modifié de nfsen
cp ./conf/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
#Copie du script d'initialisation de nfsen
cp ./conf/nfsen/nfsen-init /etc/init.d/nfsen
#Installation de nfsen via le scrip Perl
cd /tmp/nfsen-1.3.6p1/
/usr/bin/perl5 install.pl etc/nfsen.conf #script lancé deux fois pour corriger,
/usr/bin/perl5 install.pl etc/nfsen.conf #un problème Perl : "Semaphore introuvable"
#Création de la DB pour rrdtool
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
sudo -u apache nftrack -I -d /var/log/netflow/porttracker
chown -R apache:www-data /var/log/netflow/porttracker/
chmod -R 775 /var/log/netflow/porttracker
#Configuration du fichier de conf d'apache
if [ -f /etc/httpd/conf.d/nfsen.conf ];then
rm -f /etc/httpd/conf.d/nfsen.conf
fi
cat <<EOF >> /etc/httpd/conf.d/nfsen.conf
Alias /nfsen /var/www/nfsen
<Directory /var/www/nfsen/>
DirectoryIndex nfsen.php
Options -Indexes
AllowOverride all
order allow,deny
allow from all
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc on
php_flag track_vars on
cp -rf /usr/share/awstats/www/ $DIR_ACC/awstats/
chown -R apache:apache $DIR_ACC/awstats
cp /etc/awstats/awstats.conf /etc/awstats/awstats.conf.default
$SED "s?^LogFile=.*?LogFile=\"/var/log/squid/access.log\"?g" /etc/awstats/awstats.conf
$SED "s?^LogFormat=.*?LogFormat=4?g" /etc/awstats/awstats.conf
$SED "s?^SiteDomain=.*?SiteDomain=\"$HOSTNAME\"?g" /etc/awstats/awstats.conf
$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf
$SED "s?^DNSLookup=.*?DNSLookup=0?g" /etc/awstats/awstats.conf
$SED "s?^DirData=.*?DirData=\"/var/lib/awstats\"?g" /etc/awstats/awstats.conf
$SED "s?^DirIcons=.*?DirIcons=\"/acc/awstats/icon\"?g" /etc/awstats/awstats.conf
$SED "s?^StyleSheet=.*?StyleSheet=\"/css/style.css\"?g" /etc/awstats/awstats.conf
$SED "s?^BuildReportFormat=.*?BuildReportFormat=xhtml?g" /etc/awstats/awstats.conf
$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf
$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowSummary=.*?ShowSummary=VPHB?g" /etc/awstats/awstats.conf
$SED "s?^ShowSummary=.*?ShowSummary=VPHB?g" /etc/awstats/awstats.conf
$SED "s?^ShowMonthStats=.*?ShowMonthStats=VPHB?g" /etc/awstats/awstats.conf
$SED "s?^ShowDaysOfMonthStats=.*?ShowDaysOfMonthStats=PHB?g" /etc/awstats/awstats.conf
$SED "s?^ShowDaysOfWeekStats=.*?ShowDaysOfWeekStats=PHB?g" /etc/awstats/awstats.conf
$SED "s?^ShowHoursStats=.*?ShowHoursStats=PHB?g" /etc/awstats/awstats.conf
$SED "s?^ShowDomainsStats=.*?ShowDomainsStats=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowHostsStats=.*?ShowHostsStats=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowAuthenticatedUsers=.*?ShowAuthenticatedUsers=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowRobotsStats=.*?ShowRobotsStats=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowFileTypesStats=.*?ShowFileTypesStats=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowFileSizesStats=.*?ShowFileSizesStats=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowOSStats=.*?ShowOSStats=0?g" /etc/awstats/awstats.conf
$SED "s?^ShowScreenSizeStats=.*?ShowScreenSizeStats=0?g" /etc/awstats/awstats.conf
 
cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
<Directory $DIR_ACC/awstats>
SSLRequireSSL
Options ExecCGI
AddHandler cgi-script .pl
DirectoryIndex awstats.pl
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
require valid-user
AuthType digest
AuthName $HOSTNAME
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
AuthUserFile $DIR_DEST_ETC/digest/key_admin
ErrorDocument 404 https://$HOSTNAME/
</Directory>
SetEnv PERL5LIB /usr/share/awstats/lib:/usr/share/awstats/plugins
EOF
#Configuration du délais d'expiration des captures du profile "ALCASAR"
nfsen -m ALCASAR -e 365d
#Suppression des sources de nfsen
rm -rf /tmp/nfsen-1.3.6p1/
} # End of param_nfsen
} # End of param_awstats ()
 
##########################################################
## Fonction param_dnsmasq ##
1310,8 → 1310,10
# Optionnellement on pré-active les logs DNS des clients
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g" /etc/sysconfig/dnsmasq
# Optionnellement, exemple de paramètre supplémentaire pour le cache memoire
echo '#OPTIONS="$OPTIONS --cache-size=250"' >> /etc/sysconfig/dnsmasq
# Optionnellement, exemple de configuration avec un A.D.
echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.2"' >> /etc/sysconfig/dnsmasq
echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.3"' >> /etc/sysconfig/dnsmasq
} # End dnsmasq
 
##########################################################
1408,6 → 1410,10
# Archive des logs et de la base de données (tous les lundi à 5h35)
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
EOF
cat << EOF > /etc/cron.d/awstats
# mise à jour des stats de consultation WEB toutes les 30'
*/30 * * * * root $DIR_ACC/awstats/awstats.pl -config=localhost -update >/dev/null 2>&1
EOF
cat << EOF > /etc/cron.d/alcasar-clean_import
# suppression des fichiers de mots de passe lors d'imports massifs par fichier de plus de 24h
30 * * * * root $DIR_DEST_BIN/alcasar-import-clean.sh
1416,10 → 1422,6
# mise à jour automatique de la distribution tous les jours 3h30
30 3 * * * root /usr/sbin/urpmi --auto-update --auto 2>&1
EOF
cat << EOF > /etc/cron.d/alcasar-netflow
# mise à jour automatique du délais d'expiration des log Nertflow (tous les vendredi à 0h05)
05 0 * * 5 root /usr/bin/nfexpire -e /var/log/nfsen/profiles-data/ALCASAR/ipt_netflow/ -t 1y -w 90
EOF
# mise à jour des stats de connexion (accounting). Scripts provenant de "dialupadmin" (rpm freeradius-web) (cf. wiki.freeradius.org/Dialup_admin).
# on écrase le crontab d'origine installé par le RPM "freeradius-web" (bug remonté à qa.mandriva.com : 46739).
# 'tot_stats' (tout les jours à 01h01) : aggrégat des connexions journalières par usager (renseigne la table 'totacct')
1513,31 → 1515,16
# export des logs en 'retard' dans /var/Save/logs
/usr/local/bin/alcasar-log.sh --export
# processus lancés par défaut au démarrage
for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam nfsen
for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam
do
/sbin/chkconfig --add $i
done
 
# On rajoute une tempo pour relancer radius après le redémarrage de mysqld (bug en cours d'analyse)
# cat << EOF > /etc/rc.local
#!/bin/sh
#
### BEGIN INIT INFO
# Provides: rc.local
# X-Mandriva-Compat-Mode
# Default-Start: 2 3 4 5
# Short-Description: Local initialization script
# Description: This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
### END INIT INFO
#
#/etc/init.d/mysqld restart
#sleep 1
#/etc/init.d/radiusd restart
#touch /var/lock/subsys/local
#EOF
echo "/usr/local/sbin/alcasar-load_balancing.sh start &" >> /etc/rc.local
cat << EOF > /etc/rc.local
/usr/local/sbin/alcasar-load_balancing.sh start &
sleep 3
service radiusd restart
EOF
 
# On applique les préconisations ANSSI
# Apply French Security Agency rules
1591,7 → 1578,7
else
$SED "s?timeout_established.*?timeout_established = 3600?g" /etc/sysctl.conf
fi
# suppression des log_martians (ALCASAR est souvent entre deux réseaux en adressage privée)
# disable log_martians (ALCASAR is often installed between two private network addresses)
sysctl -w net.ipv4.conf.all.log_martians=0
# On supprime la gestion du <CTRL>+<ALT>+<SUPPR> et des Magic SysReq Keys
# ??? $SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver
1646,6 → 1633,10
chown -R root:apache $DIR_DEST_ETC/*
chmod -R 660 $DIR_DEST_ETC/*
chmod ug+x $DIR_DEST_ETC/digest
 
# Fix the Mageia bug in function "/etc/sysconfig/network-scripts/network-functions"
[ -e /sbin/ethtool ] || ln -s /usr/sbin/ethtool /sbin/ethtool
 
# Apply and save the firewall rules
sh $DIR_DEST_BIN/alcasar-iptables.sh
sleep 2
1752,8 → 1743,6
fi
# RPMs install
$DIR_SCRIPTS/alcasar-urpmi.sh
echo "Mise à jour des modules noyau installés"
depmod -a
if [ "$?" != "0" ]
then
exit 0
1803,10 → 1792,10
else
mode="install"
fi
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron post_install
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_awstats param_dnsmasq BL cron post_install
do
$func
#echo "*** 'debug' : end of function $func ***"; read a
# echo "*** 'debug' : end of function $func ***"; read a
done
;;
-u | --uninstall)