Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1338 → Rev 1339

/conf/nfsen/nfsen.service
13,7 → 13,6
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/bash /usr/local/bin/alcasar-iptables.sh
ExecStart=/usr/bin/nfsen start
ExecStop=/usr/bin/nfsen stop
ExecRestart=/usr/bin/nfsen restart
/scripts/alcasar-iptables.sh
1,7 → 1,7
#!/bin/bash
# $Id$
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
# This script write the netfilter rules for ALCASAR
# This script writes the netfilter rules for ALCASAR
# Rexy - 3abtux - CPN
#
# Reminders
30,6 → 30,7
DNS_FILTERING=`grep DNS_FILTERING= $conf_file|cut -d"=" -f2` # DNS and URLs filter (on/off)
DNS_FILTERING=${DNS_FILTERING:=off}
BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP
BL_IP_OSSI="/usr/local/share/iptables-bl/ossi" # ossi categoty
QOS=`grep QOS= $conf_file|cut -d"=" -f2` # QOS (on/off)
QOS=${QOS:=off}
SSH=`grep SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off)
44,8 → 45,8
INTIF="eth1"
TUNIF="tun0" # listen device for chilli daemon
IPTABLES="/sbin/iptables"
IP_REHABILITEES="/etc/dansguardian/lists/exceptioniplist" # Rehabilitated IP
 
 
# loading of NetFlow probe (ipt_NETFLOW kernel module)
modprobe ipt_NETFLOW destination=127.0.0.1:2055
 
76,21 → 77,6
# destroy all SET
ipset destroy
 
# Création et peuplement du SET alcasar_ip_blocked
# creation and first populating of alcasar_ip_blocked SET
ipset create alcasar_ip_blocked hash:net hashsize 1024
if [ -s /usr/local/etc/alcasar-ip-blocked ]; then
while read ip_line
do
ip_on=`echo $ip_line|cut -b1`
if [ $ip_on != "#" ]
then
ip_blocked=`echo $ip_line|cut -d" " -f1`
ipset add alcasar_ip_blocked $ip_blocked
fi
done < /usr/local/etc/alcasar-ip-blocked
fi
 
# Création et initialisation du SET authenticated_ip (dynamiquement peuplé par les scripts conup/condown)
# creation and initialization of authenticated_ip_ SET (populated dynamicly by conup/condown scripts)
ipset create authenticated_ip hash:net hashsize 1024
107,25 → 93,27
done
IFS=$OLDIFS
 
# Calcul de la taille du SET blacklist_ip_blocked
# Computing the length of the blacklist_ip_blocked set
# Calcul de la taille de l'ipset
cd $BL_IP_CAT
ipset_length=$(wc -l * | awk '{print $1}' | tail -n 1)
ipset_length=$(($(wc -l * | awk '{print $1}' | tail -n 1)+$(wc -l $BL_IP_OSSI | awk '{print $1}')))
 
# Ajout du delta (ip entrées manuellement)
# Addition of the delta (ip entered manually)
((ipset_length=$ipset_length+10))
 
# Création du fichier ipset temporaire, remplissage, chargement et suppression
echo "create blacklist_ip_blocked hash:net family inet hashsize 1024 maxelem $ipset_length" > ipset_save
# Création du fichier set temporaire, remplissage, chargement et suppression
echo "create blacklist_ip_blocked hash:net family inet hashsize 1024 maxelem $ipset_length" > /tmp/ipset_save
for category in `ls -1 | cut -d '@' -f1`
do
cat $BL_IP_CAT/$category >> ipset_save
cat $BL_IP_CAT/$category >> /tmp/ipset_save
done
ipset -! restore < ipset_save
rm -f ipset_save
cat $BL_IP_OSSI >> /tmp/ipset_save
ipset -! restore < /tmp/ipset_save
rm -f /tmp/ipset_save
 
# Sauvegarde de tous les ipset (pour restaurer après redémarrage)
# Extraction des ip réhabilitées
for ip in $(cat $IP_REHABILITEES)
do
ipset del blacklist_ip_blocked $ip
done
 
# Sauvegarde de tous les set (pour restaurer après redémarrage)
ipset save > /etc/sysconfig/ipset_save
 
#############################
157,9 → 145,6
fi
$IPTABLES -A PREROUTING -t nat -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 54
fi
# Redirection des requêtes HTTP des IP admin bannies vers ALCASAR (page 'accès interdit')
# Redirect HTTP requests of admin banned ip to ALCASAR (access deny window)
$IPTABLES -A PREROUTING -t nat -i $TUNIF -s $PRIVATE_NETWORK_MASK -m set --match-set alcasar_ip_blocked dst -p tcp --dport http -j REDIRECT --to-port http
 
# Redirection des requêtes HTTP des IP de la blacklist vers ALCASAR (page 'accès interdit')
# Redirect HTTP requests of blacklist ip to ALCASAR (access deny window)
270,15 → 255,9
$IPTABLES -A FORWARD -i $TUNIF -p udp --dport domain -j REJECT --reject-with icmp-port-unreachable
$IPTABLES -A FORWARD -i $TUNIF -p tcp --dport domain -j REJECT --reject-with tcp-reset
 
# Blocage des IPs du SET alcasar_ip_blocked
# Deny IPs of the SET alcasar_ip_blocked
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set alcasar_ip_blocked dst -p icmp -j REJECT --reject-with icmp-port-unreachable
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set alcasar_ip_blocked dst -p udp -j REJECT --reject-with icmp-port-unreachable
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set alcasar_ip_blocked dst -p tcp -j REJECT --reject-with tcp-reset
 
# Blocage des IPs du SET blacklist_ip_blocked
# Deny IPs of the SET blacklist_ip_blocked
if [ $DNS_FILTERING = on ]; then
# Blocage des IPs du SET blacklist_ip_blocked
# Deny IPs of the SET blacklist_ip_blocked
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set blacklist_ip_blocked -p icmp -j REJECT --reject-with icmp-port-unreachable
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set blacklist_ip_blocked dst -p udp -j REJECT --reject-with icmp-port-unreachable
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set blacklist_ip_blocked -p tcp -j REJECT --reject-with tcp-reset
/scripts/sbin/alcasar-bl.sh
36,10 → 36,15
 
# enable/disable the BL & WL categories
function cat_choice (){
# saving ip files and ossi category
mkdir $DIR_tmp
cp $DIR_IP_BL_ENABLED/ossi-* $DIR_tmp
cp $DIR_IP_BL/ossi $DIR_tmp
rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED # cleaning for dnsmasq and iptables
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG
$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines)
mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED
chown apache $DIR_IP_BL_ENABLED
# process the file $BL_CATEGORIES with the choice of categories
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
do
61,6 → 66,11
done
sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp
mv $FILE_tmp $WL_CATEGORIES
# restoring ip files and ossi category
mv $DIR_tmp/ossi $DIR_IP_BL
chown apache $DIR_IP_BL/ossi
mv $DIR_tmp/ossi-* $DIR_IP_BL_ENABLED
rm -rf $DIR_tmp
}
function bl_enable (){
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf
134,6 → 144,8
# Adapt Toulouse BL to ALCASAR architecture (dnsmasq + DG + iptables)
-adapt | --adapt)
echo -n "Toulouse BlackList migration process. Please wait : "
# Saving ossi category
cp $DIR_IP_BL/ossi $DIR_tmp
if [ -f $DIR_tmp/blacklists.tar.gz ]
then
[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp
141,7 → 153,6
mkdir $DIR_DG_BL
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/
rm -rf $DIR_tmp
fi
rm -f $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED
rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL
188,7 → 199,7
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors
# retrieve the ip addresses for iptables
# create an ipset save for the selected category
# create an set save for the selected category
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add blacklist_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp
 
# for dnsmask, remove IP addesses, accented characters and commented lines.
207,6 → 218,9
done
done
rm -f $FILE_tmp $FILE_ip_tmp
# Restoring ossi category
mv $DIR_tmp/ossi $DIR_IP_BL
rm -rf $DIR_tmp
echo
;;
# reload when categories are changed
/web/acc/admin/bl_filter.php
15,6 → 15,12
if ($list[strlen($list)-1] != "\n") { $list[strlen($list)]="\n";} ;} ;
return $list;
}
function form_filter_ip ($form_content)
{
$list = form_filter($form_content);
$list = preg_replace("/(.*)\n/", "add blacklist_ip_blocked $1\n", $list);
return $list;
}
# Choice of language
$Language = 'en';
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
42,24 → 48,33
$l_forbidden_dns_explain="Entrez un nom de domaine par ligne (exemple : .domaine.org)";
$l_allowed_dns="Noms de domaine autorisés";
$l_one_dns="Entrez un nom de domaine par ligne (exemple : .domaine.org)";
$l_maj_rehabilitated="Noms de domaine ou URLs réhabilités";
$l_maj_rehabilitated="Noms de domaine ou IP réhabilités";
$l_rehabilitated_dns="Noms de domaine réhabilités";
$l_rehabilitated_dns_explain="Entrez ici des noms de domaine bloqués par la liste noire <BR> que vous souhaitez réhabiliter.";
$l_add_to_bl="Noms de domaine ou URLs ajoutés à la liste noire";
$l_add_to_wl="Noms de domaine ou URLs ajoutés à la liste blanche";
$l_forbidden_url="URL filtrés";
$l_forbidden_url_explain="Entrez une URL par ligne (exemple : www.domaine.org/perso/index.htm)";
$l_allowed_url="URL authorisés";
$l_rehabilitated_url="URL réhabilités";
$l_rehabilitated_url_explain="Entrez ici des URL bloquées par la liste noire <BR> que vous souhaitez réhabiliter.";
$l_one_url="Entrez une URL par ligne (exemple : www.domaine.org/perso/index.htm)";
$l_add_to_bl="Noms de domaine ou IP ajoutés à la liste noire";
$l_add_to_wl="Noms de domaine ou IP ajoutés à la liste blanche";
$l_forbidden_ip="IP filtrés";
$l_forbidden_ip_explain="Entrez une IP par ligne (exemple : 123.123.123.123)<br/>ou une ADRESSE RESEAU (exemple : 123.123.0.0/16)";
$l_allowed_ip="IP authorisées";
$l_rehabilitated_ip="IP réhabilitées";
$l_rehabilitated_ip_explain="Entrez ici des IP bloquées par la liste noire <BR> que vous souhaitez réhabiliter.";
$l_one_ip="Entrez une IP par ligne (exemple : 123.123.123.123)";
$l_record="Enregistrer les modifications";
$l_wait="Une fois validées, 30 secondes sont nécessaires pour traiter vos modifications";
$l_wait="Une fois validées, 10 secondes sont nécessaires pour traiter vos modifications";
$l_ip_filtering="Filtrer les URLs contenant une adresse IP au lieu d'un nom de domaine (ex: http://25.56.58.59/index.htm)";
$l_safe_searching="Activer le contrôle scolaire/parental des moteurs de recherche : google, yahoo, bing, metacrawler et Youtube.";
$l_safe_youtube="Pour Youtube, entrez votre identifiant ici : ";
$l_youtube_id="(<a href='http://www.youtube.com/education_signup' target='cat_help' onclick=window.open('http://www.youtube.com/education_signup','cat_help','width=800,height=600,toolbar=no,scrollbars=yes,resizable=yes') title='Youtube for school'>lien pour créer un identifiant Youtube (Id)</a>)";
$l_error_open_file="Erreur d'ouverture du fichier";
$l_ip_file_title="Fichier d'IP";
$l_file_list="Liste des fichiers IP";
$l_add_ip_file="Ajouter un fichier d'IP (une IP par ligne)";
$l_file_name="Nom du fichier";
$l_file_remove="Supprimer";
$l_error_upload="Erreur d'envoi du fichier d'ip";
$l_remove="Supprimer";
$l_submit="Envoyer";
$l_nb_ip="Nombre d'IP";
}
else {
$l_title1="Domain names and URL filtering";
83,27 → 98,37
$l_forbidden_dns_explain="Enter one domain name per row (exemple : .domain.org)";
$l_allowed_dns="Allowed domain names";
$l_one_dns="Enter one domain name per row (example : .domain.org)";
$l_maj_rehabilitated="Domain names or URLs rehabilitated";
$l_maj_rehabilitated="Domain names or IP rehabilitated";
$l_rehabilitated_dns="Rehabilitated domain names";
$l_rehabilitated_dns_explain="Enter here domain names that are blocked by the blacklist <BR> and you want to rehabilitate.";
$l_add_to_bl="Domain names or URLs to add to blacklist";
$l_add_to_wl="Domain names or URLs to add to whitelist";
$l_forbidden_url="Filtered URL";
$l_forbidden_url_explain="Enter one URL per row (example : www.domaine.org/perso/index.htm)";
$l_allowed_url="Allowed URL";
$l_rehabilitated_url="Rehabilitated URL";
$l_rehabilitated_url_explain="Enter here URL that are blocked by the blacklist <BR> and you want to rehabilitate.";
$l_one_url="Enter one URL per row (example : www.domaine.org/perso/index.htm)";
$l_add_to_bl="Domain names or IP to add to blacklist";
$l_add_to_wl="Domain names or IP to add to whitelist";
$l_forbidden_ip="Filtered IP";
$l_forbidden_ip_explain="Enter one IP per row (example : 123.123.123.123)<br/>or a NETWORK ADDRESS (example : 123.123.0.0/16)";
$l_allowed_ip="Allowed IP";
$l_rehabilitated_ip="Rehabilitated IP";
$l_rehabilitated_ip_explain="Enter here IP that are blocked by the blacklist <BR> and you want to rehabilitate.";
$l_one_ip="Enter one IP per row (example : 123.123.123.123)";
$l_record="Save changes";
$l_wait="Once validated, 30 seconds is necessary to compute your modifications";
$l_wait="Once validated, 10 seconds is necessary to compute your modifications";
$l_ip_filtering="Filtering URLs that contain an IP address instead of a domain name (ie: http://25.56.58.59/index.htm)";
$l_safe_searching="Enabling school/parental control for the search engines google, yahoo, bing, metacrawler and Youtube.";
$l_safe_youtube="For Youtube, enter your ID here : ";
$l_youtube_id="(<a href='http://www.youtube.com/education_signup' target='cat_help' onclick=window.open('http://www.youtube.com/education_signup','cat_help','width=800,height=600,toolbar=no,scrollbars=yes,resizable=yes') title='Youtube for school'>link to create a Youtube Id</a>)";
$l_error_open_file="Error opening file";
$l_error_open_file="Error opening file";
$l_ip_file_title="IP files";
$l_file_list="IP files list";
$l_add_ip_file="Add a file of IP (one IP per line)";
$l_file_name="Filename";
$l_file_remove="Remove";
$l_error_upload="Error during the upload process";
$l_remove="Delete";
$l_submit="Submit";
$l_nb_ip="Number of IP";
}
$dir_etc="/usr/local/etc/";
$dir_dg="/etc/dansguardian/lists/";
$dir_bl_ip="/usr/local/share/iptables-bl/";
$bl_categories=$dir_etc."alcasar-bl-categories";
$bl_categories_enabled=$dir_etc."alcasar-bl-categories-enabled";
$wl_categories=$dir_etc."alcasar-wl-categories";
113,6 → 138,7
$urlregex_file=$dir_dg."urlregexplist";
$bannedsite_file=$dir_dg."bannedsitelist";
$dir_tmp="/tmp/blacklists";
$upload_dir = "/usr/local/share/iptables-bl-enabled/";
# default values
if (is_file ($conf_file))
{
161,7 → 187,6
$line=str_replace('chk-','',$key)."\n";
fwrite($pointeur,$line);
}
echo "$key<br/>";
}
fclose($pointeur);
}
174,14 → 199,14
fputs($fichier, form_filter($_POST['BL_rehabilited_domains']));
fclose($fichier);
unset($_POST['BL_rehabilited_domains']);
$fichier=fopen($dir_dg."blacklists/ossi/urls","w+");
fputs($fichier, form_filter($_POST['OSSI_bl_urls']));
$fichier=fopen($dir_bl_ip."ossi","w+");
fputs($fichier, form_filter_ip($_POST['OSSI_bl_ip']));
fclose($fichier);
unset($_POST['OSSI_bl_urls']);
$fichier=fopen($dir_dg."exceptionurllist","w+");
fputs($fichier, form_filter($_POST['BL_rehabilited_urls']));
unset($_POST['OSSI_bl_ip']);
$fichier=fopen($dir_dg."exceptioniplist","w+");
fputs($fichier, form_filter($_POST['BL_rehabilited_ip']));
fclose($fichier);
unset($_POST['BL_rehabilited_urls']);
unset($_POST['BL_rehabilited_ip']);
exec ("sudo /usr/local/sbin/alcasar-bl.sh --reload");
break;
case 'MAJ_cat_wl' :
222,7 → 247,34
file_put_contents($conf_file, str_replace("YOUTUBE_ID=$YOUTUBE_ID", "YOUTUBE_ID=$New_ID", file_get_contents($conf_file)));
$YOUTUBE_ID=$New_ID;
exec ("sudo /usr/local/sbin/alcasar-url_filter.sh $safesearch $pureip");
break;
break;
case 'MAJ_ip_file_delete' :
foreach($_POST as $fichier => $value)
{
if($fichier != "choix")
{
exec("rm -rf $upload_dir$fichier");
}
}
exec ("sudo /usr/local/bin/alcasar-iptables.sh");
break;
case 'MAJ_ip_file_upload' :
$nom = basename($_FILES['fichier_ip']['name']);
# Si un fichier a été choisi
if(!empty($nom))
{
# On l'upload
if(move_uploaded_file($_FILES['fichier_ip']['tmp_name'], $upload_dir."ossi-".$nom))
{
exec("sed -i \"s/^/add blacklist_ip_blocked /g\" $upload_dir\ossi-$nom"); # On crée la sauvegarde du set
}
else
{
echo $l_error_upload;
}
}
exec ("sudo /usr/local/bin/alcasar-iptables.sh");
break;
}
?>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0>
/web/acc/admin/bl_filter2.php
16,6 → 16,14
echo "$filename doesn't exist";
}
}
function echo_ip_file ($filename)
{
exec("cat $filename | cut -d ' ' -f3", $resultat);
for($i=0; $i<exec("wc -l $filename"); $i++)
{
echo $resultat[$i]."\n";
}
}
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th>
46,7 → 54,7
?>
</FORM>
</td></tr>
</table>
</table><br/>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo $l_bl; ?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
68,14 → 76,17
if ($ligne)
{
if ($cols == 1) { echo "<tr>";}
$categorie=trim(basename($ligne));
echo "<td><a href='bl_categories_help.php?liste=bl&cat=$categorie' target='cat_help' onclick=window.open('bl_categories_help.php','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>$categorie</a><br>";
echo "<input type='checkbox' name='chk-$categorie'";
// si la ligne est commentée -> categorie non selectionnée
if (preg_match('/^#/',$ligne, $r)) { echo ">";}
else { echo "checked>"; }
echo "</td>";
$cols++;
$categorie=trim(basename($ligne));
if($categorie != "ossi")
{
echo "<td><a href='bl_categories_help.php?liste=bl&cat=$categorie' target='cat_help' onclick=window.open('bl_categories_help.php','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>$categorie</a><br>";
echo "<input type='checkbox' name='chk-$categorie'";
// si la ligne est commentée -> categorie non selectionnée
if (preg_match('/^#/',$ligne, $r)) { echo ">";}
else { echo "checked>"; }
echo "</td>";
$cols++;
}
if ($cols > 10) {
echo "</tr>";
$cols=1; }
89,34 → 100,58
echo "</td></tr>";
echo "<tr><td valign='middle' align='left' colspan=10>";
echo "<center><b>$l_maj_rehabilitated</b></center></td></tr>";
echo "<tr><td colspan=5 align=center>";
echo "<tr><td width=50% colspan=5 align=center>";
echo "<H3>$l_rehabilitated_dns</H3>$l_rehabilitated_dns_explain<BR>$l_one_dns<BR>";
echo "<textarea name='BL_rehabilited_domains' rows=3 cols=40>";
echo_file ($dir_dg."exceptionsitelist");
echo "</textarea></td>";
echo "<td colspan=5 align=center>";
echo "<H3>$l_rehabilitated_url</H3>$l_rehabilitated_url_explain<BR>$l_one_url<BR>";
echo "<textarea name='BL_rehabilited_urls' rows=3 cols=40>";
echo_file ($dir_dg."exceptionurllist");
echo "</textarea></td></tr><tr><td colspan=10>";
echo "<td width=50% colspan=5 align=center>";
echo "<H3>$l_rehabilitated_ip</H3>$l_rehabilitated_ip_explain<BR>$l_one_ip<BR>";
echo "<textarea name='BL_rehabilited_ip' rows=3 cols=40>";
echo_file ($dir_dg."exceptioniplist");
echo "</textarea></td></tr><tr><td width=50% colspan=10>";
echo "<tr><td valign='middle' align='left' colspan=10>";
echo "<center><b>$l_add_to_bl</b></center></td></tr>";
echo "<tr><td colspan=5 align=center>";
echo "<tr><td width=50% colspan=5 align=center>";
echo "<H3>$l_forbidden_dns</H3>$l_forbidden_dns_explain<BR>";
echo "<textarea name='OSSI_bl_domains' rows=3 cols=40>";
echo_file ($dir_dg."blacklists/ossi/domains");
echo "</textarea></td>";
echo "<td colspan=5 align=center>";
echo "<H3>$l_forbidden_url</H3>$l_forbidden_url_explain<BR>";
echo "<textarea name='OSSI_bl_urls' rows=3 cols=40>";
echo_file ($dir_dg."blacklists/ossi/urls");
echo "<td width=50% colspan=5 align=center>";
echo "<H3>$l_forbidden_ip</H3>$l_forbidden_ip_explain<BR>";
echo "<textarea name='OSSI_bl_ip' rows=3 cols=40>";
echo_ip_file ($dir_bl_ip."ossi");
echo "</textarea></td></tr><tr><td colspan=10>";
echo "<input type='submit' value='$l_record'>";
echo "</form> ($l_wait)";
echo "</table></td><br/>";
?>
</td></tr>
</TABLE>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo $l_ip_file_title; ?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</table>
<table width="100%" border=1 cellspacing=0 cellpadding=1>
<form action='bl_filter.php' method='POST'>
<input type='hidden' name='choix' value='MAJ_ip_file_delete'>
<?php
echo "<tr><td width=50% colspan=5 align=center>";
echo "<H3>$l_file_list</H3>";
echo "<table cellspacing=2 cellpadding=3 border=1><tr><th>$l_file_name<th>$l_nb_ip<th>$l_file_remove</tr>";
exec("cd $upload_dir && ls ossi-*", $fichiersIp);
foreach($fichiersIp as $fichier => $value)
{
echo "<tr><td><center>".exec("sed 's/^.....//g' <<< $value")."</center></td><td><center>".exec("wc -l $upload_dir$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>";
}
echo "</table><br/></td></form><form action='bl_filter.php' method='POST' enctype='multipart/form-data'>";
echo "<input type='hidden' name='choix' value='MAJ_ip_file_upload'><td width=50% colspan=5 align=center>";
echo "<H3>$l_add_ip_file</H3>";
echo "<input type='file' name='fichier_ip'>";
echo "<input type='submit' value='$l_submit'>";
echo "</td></tr>";
echo "</form>";
echo "</table><br/>";
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo $l_wl; ?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</table>
157,21 → 192,21
}
echo "<tr><td valign='middle' align='left' colspan=10>";
echo "<center><b>$l_add_to_wl</b></center></td></tr>";
echo "<tr><td colspan=5 align=center>";
echo "<tr><td width=50% colspan=5 align=center>";
echo "<H3>$l_allowed_dns</H3>$l_forbidden_dns_explain<BR>";
echo "<textarea name='OSSI_wl_domains' rows=3 cols=40>";
echo_file ($dir_dg."blacklists/ossi/domains_wl");
echo "</textarea></td>";
echo "<td colspan=5 align=center>";
echo "<H3>$l_allowed_url</H3>$l_forbidden_url_explain<BR>";
echo "<textarea name='OSSI_wl_urls' rows=3 cols=40>";
echo "<td width=50% colspan=5 align=center>";
echo "<H3>$l_allowed_ip</H3>$l_forbidden_ip_explain<BR>";
echo "<textarea name='OSSI_wl_ip' rows=3 cols=40>";
echo_file ($dir_dg."blacklists/ossi/urls_wl");
echo "</textarea></td></tr><tr><td colspan=10>";
echo "<input type='submit' value='$l_record' disabled>";
echo "</form> (Please wait for the next vesion of ALCASAR)";
echo "</form> (Wait for a next version of ALCASAR !)";
?>
</td></tr>
</TABLE>
</TABLE><br/>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo $l_specific_filtering; ?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
241,8 → 276,7
echo "$YOUTUBE_ID'>";
}
echo " $l_youtube_id<tr><td>";
echo "<input type='submit' value='$l_record'>";
echo "<input type='submit' value='$l_record'></td></tr>";
?>
</form>
</td></tr>
</FORM>
</TABLE>
/web/acc/admin/net_filter.php
19,12 → 19,6
$l_antivir_off="L'antivirus de flux WEB est actuellement désactiv&eacute;";
$l_switch_antivir_on="Activer l'antivirus";
$l_switch_antivir_off="D&eacute;sactiver l'antivirus";
$l_title_ip_block="Filtrage d'adresses IP";
$l_ip_address="Adresses IP (ou addresse de réseau) bloquées";
$l_blocked_ip_address="Adresses IP";
$l_blocked_ip_address_comment="Commentaires";
$l_blocked="Bloquée";
$l_ip_block_explain="Liste des adresses IP (ou adresses IP de réseaux) bloquées";
$l_remove="Retirer de la liste";
$l_title_proto = "Filtrage de protocoles r&eacute;seau";
$l_netfilter_on="Le filtrage de protocoles r&eacute;seau est actuellement activ&eacute;";
47,12 → 41,6
$l_antivir_off="Actually, the WEB antivirus is off";
$l_switch_antivir_on="Switch the antivirus on";
$l_switch_antivir_off="Switch the antivirus off";
$l_title_ip_block="IP address filter";
$l_ip_address="IP address (or network IP address)";
$l_blocked_ip_address="IP addresses";
$l_blocked_ip_address_comment="Comments";
$l_blocked="Blocked";
$l_ip_block_explain="List of blocked IP addresses (or network IP adresses)";
$l_remove="Remove from list";
$l_title_proto = "Network protocols filter";
$l_netfilter_on="Actually, the network protocols filter is enable";
75,8 → 63,7
*********************/
define ("SERVICES_LIST", "/usr/local/etc/alcasar-services");
define ("CONF_FILE", "/usr/local/etc/alcasar.conf");
define ("IP_BLOCKED", "/usr/local/etc/alcasar-ip-blocked");
$conf_files=array(SERVICES_LIST,CONF_FILE,IP_BLOCKED);
$conf_files=array(SERVICES_LIST,CONF_FILE);
foreach ($conf_files as $file){
if (!file_exists($file)){
exit("Requested file ".$file." isn't present");}
138,34 → 125,6
}
}
break;
case 'new_ip' :
if (trim($_POST['add_ip']) != "")
{
$_POST['add_comment'] = str_replace (CHR(32),"-",$_POST['add_comment']);
$tab=file(IP_BLOCKED);
$insert = true;
if ($tab) // file isn't empty
{
foreach ($tab as $line) // test if IP address doesn't already exist
{
$IP_f=explode(" ", $line);
if (strcmp (trim($_POST['add_ip']),trim(trim($IP_f[0],"#"))) == 0)
{
$insert = false;
break;
}
}
}
if ($insert == true)
{
$line ="\n" . "#".trim($_POST['add_ip']) . " " . trim($_POST['add_comment']);
$pointeur=fopen(IP_BLOCKED,"a");
fwrite ($pointeur, $line);
fclose ($pointeur);
exec ("sudo /usr/local/bin/alcasar-file-clean.sh");
}
}
break;
case 'change_port' :
$tab=file(SERVICES_LIST);
if ($tab)
208,54 → 167,6
}
exec ("sudo /usr/local/bin/alcasar-iptables.sh -on");
break;
case 'change_ip' :
$tab=file(IP_BLOCKED);
if ($tab)
{
// authorize/block IPs
exec ("sudo /usr/sbin/ipset flush alcasar_ip_blocked");
$pointeur=fopen(IP_BLOCKED,"w+");
foreach ($tab as $ligne)
{
$ip_f=explode(" ", $ligne);
$ip_blocked1=trim($ip_f[0],"#");
$actif = False; $remove_line = false;
foreach ($_POST as $key => $value)
{
$key = str_replace ("_",".",$key); // dot are replace by '_' in post request
if (strstr($key,'del-'))
{
$ip_blocked2 = str_replace('del-','',$key);
if ($ip_blocked1 == $ip_blocked2)
{
$remove_line = True;
break;
}
}
if (strstr($key,'chk-'))
{
$ip_blocked2 = str_replace('chk-','',$key);
if ($ip_blocked1 == $ip_blocked2)
{
$actif = True;
break;
}
}
}
if (! $remove_line)
{
if (! $actif) { $line="#$ip_blocked1 $ip_f[1]";}
else
{
$line="$ip_blocked1 $ip_f[1]";
exec ("sudo /usr/sbin/ipset add alcasar_ip_blocked $ip_blocked1");
}
fwrite($pointeur,$line);
}
}
fclose($pointeur);
}
break;
}
# default values
if (is_file (CONF_FILE))
297,64 → 208,6
</td></tr>
</table>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0>
<tr><th><?echo "$l_title_ip_block";?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</table>
<table width="100%" border=1 cellspacing=0 cellpadding=1>
<tr><td colspan=2 align="center">
<?
echo "$l_ip_block_explain</td></tr>";
echo "<tr><td align='center' valign='middle'>";
echo "<FORM action='$_SERVER[PHP_SELF]' method='POST'>";
echo "<input type=hidden name='choix' value=\"IP_block_filter\">";
echo "<table cellspacing=2 cellpadding=2 border=1>";
echo "<tr><th>$l_blocked_ip_address<th>$l_blocked_ip_address_comment<th>$l_blocked<th>$l_remove</tr>";
// Read the "IP_block" file
$tab=file(IP_BLOCKED);
if ($tab) # the file isn't empty
{
foreach ($tab as $line)
{
if (trim($line) != '') # the line isn't empty
{
$blocked_ip=explode(" ", $line);
$ip_addr=trim($blocked_ip[0],"#");
$comment=trim($blocked_ip[1]);
if ($comment ==''){$comment="&nbsp;";}
echo "<tr><td>$ip_addr<td>$comment";
echo "<td><input type='checkbox' name='chk-$ip_addr'";
if (preg_match('/^#/',$line, $r)) {
echo ">";}
else {
echo "checked>";}
echo "<td>";
if (strcmp (trim($ip_addr),trim($conf["PUBLIC_IP"]))) {
echo "<input type='checkbox' name='del-$ip_addr'>";}
else {
echo "&nbsp;";}
echo "</tr>";
}
}
}
?>
</table>
<input type='hidden' name='choix' value='change_ip'>
<input type='submit' value='<?echo"$l_save";?>'>
</form></td><td valign='middle' align='center'>
<form action='<?echo"$_SERVER[PHP_SELF]"?>' method='POST'>
<table cellspacing=2 cellpadding=3 border=1>
<tr><th><?echo"$l_ip_address<th>$l_blocked_ip_address_comment";?>
<td></td></tr>
<tr><td>exemple1 : 15.25.26.27 <br>exemple2 : 18.20.20.0/24</td><td>exemple1 : CERT alert<br>exemple2 : LAN of zombies</td><td></td></tr>
<tr><td><input type='text' name='add_ip' size='17'></td>
<td><input type='text' name='add_comment' size='10'></td>
<input type='hidden' name='choix' value='new_ip'>
<td><input type='submit' value='<?echo"$l_add_to_list";?>'></td>
</tr></table>
</form>
</td></tr>
</table>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0>
<tr><th><?echo "$l_title_proto";?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</table>