Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1520 → Rev 1521

/scripts/alcasar-conf.sh
262,10 → 262,12
# Logout everybody
$DIR_SBIN/alcasar-logout.sh all
# Services stop
echo -n "Stop services : "
for i in ntpd httpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist chilli network
do
systemctl stop $i && echo "$i stopped"
systemctl stop $i && echo -n "$i, "
done
echo
fi
 
# /etc/hosts
279,8 → 281,8
$SED "s?^NETMASK=.*?NETMASK=$PUBLIC_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
$SED "s?^GATEWAY=.*?GATEWAY=$PUBLIC_GATEWAY?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
# INTIF config (for bypass mode only)
$SED "s?^IPADDR=.?IPADDR=$PRIVATE_IP?" /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
$SED "s?^NETMASK=.?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
$SED "s?^IPADDR=.*?IPADDR=$PRIVATE_IP?" /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
$SED "s?^NETMASK=.*?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/default-ifcfg-$INTIF
# NTP server
$SED "/127.0.0.1/!s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap?g" /etc/ntp.conf
# host.allow
329,13 → 331,14
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
then
# Services start
systemctl start network
$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode # apply DHCP mode and start coova
for i in dnsmasq httpd tinyproxy ntpd
do
systemctl start $i && echo "$i started"
done
$DIR_SBIN/alcasar-bl.sh -reload # restart DG, dnsmasq-blacklist dnsmasq-whitelist & iptables
systemctl start network && echo -n "Start service : network" && sleep 1
$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode && echo -n ", coova" # apply DHCP mode and start coova
for i in dnsmasq httpd tinyproxy ntpd
do
sleep 1
systemctl start $i && echo -n ", $i"
done
$DIR_SBIN/alcasar-bl.sh -reload && echo ", dnsmasq-blacklist, dnsmasq-whitelist, iptables"
fi
# Start / Stop SSH Daemon
ssh_active=`grep SSH= $CONF_FILE|cut -d"=" -f2`
/scripts/sbin/alcasar-bypass.sh
27,10 → 27,7
;;
--on | -on)
/usr/local/sbin/alcasar-logout.sh all
for i in chilli
do
if (pgrep $i) > /dev/null ; then /usr/bin/systemctl stop $i.service ; fi
done
/usr/bin/systemctl stop chilli
cp /etc/sysconfig/network-scripts/default-ifcfg-$INTIF /etc/sysconfig/network-scripts/ifcfg-$INTIF
ifup $INTIF
sh /usr/local/bin/alcasar-iptables-bypass.sh
51,7 → 48,7
# activation of the "daemon-watchdog" every 18'
cat << EOF > /etc/cron.d/alcasar-daemon-watchdog
# activation du "chien de garde" (daemon-watchdog) toutes les 18'
*/18 * * * * root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
*/18 * * * * root /usr/local/bin/alcasar-daemon.sh > /dev/null 2>&1
EOF
echo "L'authentification et le filtrage sont actifs"
echo "Authentication and filtering system are enabled"
/scripts/sbin/alcasar-uninstall.sh
120,7 → 120,7
echo -en "\n- tinyproxy(2) : "
if [ -e /etc/init.d/tinyproxy ]
then
[ -e /etc/tinyproxy/tinyproxy.conf.default ] && mv /etc/tinyproxy/tinyproxy.conf.default /etc/tinyproxy.conf && echo -n "1, "
[ -e /etc/tinyproxy/tinyproxy.conf.default ] && mv /etc/tinyproxy/tinyproxy.conf.default /etc/tinyproxy/tinyproxy.conf && echo -n "1, "
userdel -r tinyproxy 2>/dev/null && echo -n "2"
else echo -n "uninstalled"
fi
/web/acc/admin/net_filter.php
File deleted
/web/acc/admin/net_filter2.php
File deleted
/web/acc/admin/bl_filter.php
68,10 → 68,8
$Language = strtolower(substr(chop($Langue[0]),0,2)); }
if($Language == 'fr'){
$l_bl="Liste noire";
$l_wl="Liste blanche";
$l_list_version="Version de la liste : ";
$l_bl_categories="Sélectionnez les catégories à filtrer";
$l_wl_categories="Sélectionnez les catégories à autoriser";
$l_download_bl="Télécharger la dernière version";
$l_fingerprint="L'empreinte numérique du fichier téléchargé est : ";
$l_fingerprint2="Vérifiez-là en suivant ce lien (ligne 'blacklists.tar.gz') : ";
80,17 → 78,13
$l_warning="Temps estimé : une minute.";
$l_specific_filtering="Filtrage special";
$l_forbidden_dns="Noms de domaine filtrés";
$l_forbidden_dns_explain="Entrez un nom de domaine par ligne (exemple : .domaine.org)";
$l_allowed_dns="Noms de domaine autorisés";
$l_one_dns="Entrez un nom de domaine par ligne (exemple : .domaine.org)";
$l_maj_rehabilitated="Noms de domaine ou IP réhabilités";
$l_rehabilitated_dns="Noms de domaine réhabilités";
$l_rehabilitated_dns_explain="Entrez ici des noms de domaine bloqués par la liste noire <BR> que vous souhaitez réhabiliter.";
$l_add_to_bl="Noms de domaine ou IP ajoutés à la liste noire";
$l_add_to_wl="Noms de domaine ou IP ajoutés à la liste blanche";
$l_forbidden_ip="IP filtrés";
$l_forbidden_ip_explain="Entrez une IP par ligne (exemple : 123.123.123.123)<br/>ou une ADRESSE RESEAU (exemple : 123.123.0.0/16)";
$l_allowed_ip="IP authorisées";
$l_rehabilitated_ip="IP réhabilitées";
$l_rehabilitated_ip_explain="Entrez ici des IP bloquées par la liste noire <BR> que vous souhaitez réhabiliter.";
$l_one_ip="Entrez une IP par ligne (exemple : 123.123.123.123)";
117,10 → 111,8
}
else {
$l_bl="BlackList";
$l_wl="WhiteList";
$l_list_version="List version : ";
$l_bl_categories="Select the categories to filter";
$l_wl_categories="Select the categories to allow";
$l_download_bl="Download the last version";
$l_fingerprint="The digital fingerprint of the downloaded blacklist is : ";
$l_fingerprint2="Verify it with this link (line 'blacklists.tar.gz') : ";
129,7 → 121,6
$l_warning="Estimated time : one minute.";
$l_specific_filtering="Specific filtering";
$l_forbidden_dns="Filtered domain names";
$l_forbidden_dns_explain="Enter one domain name per row (exemple : .domain.org)";
$l_allowed_dns="Allowed domain names";
$l_one_dns="Enter one domain name per row (example : .domain.org)";
$l_maj_rehabilitated="Domain names or IP rehabilitated";
136,10 → 127,8
$l_rehabilitated_dns="Rehabilitated domain names";
$l_rehabilitated_dns_explain="Enter here domain names that are blocked by the blacklist <BR> and you want to rehabilitate.";
$l_add_to_bl="Domain names or IP to add to blacklist";
$l_add_to_wl="Domain names or IP to add to whitelist";
$l_forbidden_ip="Filtered IP";
$l_forbidden_ip_explain="Enter one IP per row (example : 123.123.123.123)<br/>or a NETWORK ADDRESS (example : 123.123.0.0/16)";
$l_allowed_ip="Allowed IP";
$l_rehabilitated_ip="Rehabilitated IP";
$l_rehabilitated_ip_explain="Enter here IP that are blocked by the blacklist <BR> and you want to rehabilitate.";
$l_one_ip="Enter one IP per row (example : 123.123.123.123)";
167,11 → 156,8
$dir_etc="/usr/local/etc/";
$dir_dg="/etc/dansguardian/lists/";
$dir_bl_ip="/usr/local/share/iptables-bl/";
$file_wl_ip="/usr/local/share/ossi-ip-wl";
$bl_categories=$dir_etc."alcasar-bl-categories";
$bl_categories_enabled=$dir_etc."alcasar-bl-categories-enabled";
$wl_categories=$dir_etc."alcasar-wl-categories";
$wl_categories_enabled=$dir_etc."alcasar-wl-categories-enabled";
$conf_file=$dir_etc."alcasar.conf";
$dir_blacklist=$dir_dg."blacklist/";
$urlregex_file=$dir_dg."urlregexplist";
240,32 → 226,6
unset($_POST['BL_rehabilited_ip']);
exec ("sudo /usr/local/sbin/alcasar-bl.sh --reload");
break;
case 'MAJ_cat_wl' :
$tab=file($wl_categories_enabled);
if ($tab)
{
$pointeur=fopen($wl_categories_enabled, "w+");
foreach ($_POST as $key => $value)
{
if (strstr($key,'chk-'))
{
$line=str_replace('chk-','',$key)."\n";
fwrite($pointeur,$line);
}
}
fclose($pointeur);
}
else {echo "$l_error_open_file $wl_categories_enabled";}
$fichier=fopen($dir_dg."blacklists/ossi/domains_wl","w+");
fputs($fichier, form_filter($_POST['OSSI_wl_domains']));
fclose($fichier);
unset($_POST['OSSI_wl_domains']);
$fichier=fopen($file_wl_ip, "w+");
fputs($fichier, form_filter_ip($_POST['OSSI_wl_ip'], "white"));
fclose($fichier);
unset($_POST['OSSI_wl_ip']);
exec ("sudo /usr/local/sbin/alcasar-bl.sh --reload");
break;
case 'Specific_filtering' :
$pureip="-pureip_off"; $safesearch="-safesearch_off"; ;
foreach ($_POST as $key => $value)
422,7 → 382,7
echo "<tr><td valign='middle' align='left' colspan=10>";
echo "<center><b>$l_add_to_bl</b></center></td></tr>";
echo "<tr><td width=50% colspan=5 align=center>";
echo "<H3>$l_forbidden_dns</H3>$l_forbidden_dns_explain<BR>";
echo "<H3>$l_forbidden_dns</H3>$l_one_dns<BR>";
echo "<textarea name='OSSI_bl_domains' rows=3 cols=40>";
echo_file ($dir_dg."blacklists/ossi/domains");
echo "</textarea></td>";
433,7 → 393,7
echo "</textarea></td></tr><tr><td colspan=10>";
echo "<input type='submit' value='$l_record'>";
echo "</form> ($l_wait)";
echo "</table></td><br/>";
echo "</td></tr></table><br/>";
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo $l_personal_file_title; ?></th></tr>
461,65 → 421,6
echo "</table><br/>";
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo $l_wl; ?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</table>
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1>
<tr><td valign="middle" align="left" colspan=10>
<FORM action='bl_filter.php' method=POST>
<input type='hidden' name='choix' value='MAJ_cat_wl'>
<?php
echo "<center>";
$nbDomainNames = exec ("wc -l /usr/local/share/dnsmasq-wl/* | tail -n 1 | awk '{print $1}'");
$nbUrl = 0;
$nbIp = 0;
echo "<b>$l_nbDomainNames</b> $nbDomainNames, <b>$l_nbUrl</b> $nbUrl, <b>$l_nbIp</b> $nbIp<br/>";
echo "$l_wl_categories</center></td></tr>";
//on lit et on interprete le fichier de catégories
$cols=1;
if (file_exists($wl_categories))
{
$pointeur=fopen($wl_categories,"r");
while (!feof ($pointeur))
{
$ligne=fgets($pointeur, 4096);
if ($ligne)
{
if ($cols == 1) { echo "<tr>";}
$categorie=trim(basename($ligne));
echo "<td><a href='bl_categories_help.php?liste=wl&cat=$categorie' target='cat_help' onclick=window.open('bl_categories_help.php','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>$categorie</a><br>";
echo "<input type='checkbox' name='chk-$categorie'";
// si la ligne est commentée -> categorie non selectionnée
if (preg_match('/^#/',$ligne, $r)) { echo ">";}
else { echo "checked>"; }
echo "</td>";
$cols++;
if ($cols > 10) {
echo "</tr>";
$cols=1; }
}
}
fclose($pointeur);
}
else {
echo "$l_error_open_file $wl_categories";
}
echo "<tr><td valign='middle' align='left' colspan=10>";
echo "<center><b>$l_add_to_wl</b></center></td></tr>";
echo "<tr><td width=50% colspan=5 align=center>";
echo "<H3>$l_allowed_dns</H3>$l_forbidden_dns_explain<BR>";
echo "<textarea name='OSSI_wl_domains' rows=3 cols=40>";
echo_file ($dir_dg."blacklists/ossi/domains_wl");
echo "</textarea></td>";
echo "<td width=50% colspan=5 align=center>";
echo "<H3>$l_allowed_ip</H3>$l_forbidden_ip_explain<BR>";
echo "<textarea name='OSSI_wl_ip' rows=3 cols=40>";
echo_ip_file ($file_wl_ip);
echo "</textarea></td></tr><tr><td colspan=10>";
echo "<input type='submit' value='$l_record'></form></td></tr>";
?>
</TABLE><br/>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo $l_specific_filtering; ?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</table>
/web/acc/admin/protocols_filter.php
0,0 → 1,196
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><!-- written by Rexy -->
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<TITLE>Network Filter</TITLE>
<link rel="stylesheet" href="/css/style.css" type="text/css">
</HEAD>
<body>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0>
<?
# Choice of language
$Language = 'en';
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
$Language = strtolower(substr(chop($Langue[0]),0,2)); }
if($Language == 'fr'){
$l_remove="Retirer de la liste";
$l_title_proto = "Filtrage de protocoles r&eacute;seau";
$l_protocolsfilter_on="Le filtrage de protocoles r&eacute;seau est actuellement activ&eacute;";
$l_protocolsfilter_off="Le filtrage de protocoles réseau est actuellement désactiv&eacute";
$l_switch_on="Activer le filtrage";
$l_switch_off="D&eacute;sactiver le filtrage";
$l_comment_on="&Agrave; l'exclusion du WEB (port 80), les protocoles r&eacute;seaux sont interdits.<BR>Choisissez ci-dessous les protocoles que vous autorisez";
$l_comment_off="(tous les protocoles réseau sont autoris&eacute;s)";
$l_protocols="Protocoles autoris&eacute;s";
$l_error_open_file="Erreur d'ouverture du fichier";
$l_port="Numéro de port";
$l_proto="Nom du protocole";
$l_enabled="Autoris&eacute;";
$l_add_to_list="Ajouter &agrave; la liste";
$l_save="Enregistrer les modifications";
}
else {
$l_remove="Remove from list";
$l_title_proto = "Network protocols filter";
$l_protocolsfilter_on="Actually, the network protocols filter is enable";
$l_protocolsfilter_off="Actually, the network protocols filter is disable";
$l_switch_on="Switch the Filter on";
$l_switch_off="Switch the Filter off";
$l_comment_on="(choose the authorized network protocols)";
$l_comment_on="Except for the WEB (port 80), all protocols are blocked.<BR>Choose in the list below, the protocols you want authorize";
$l_comment_off="(all the network protocols are allowed for authenticated users)";
$l_protocols="Authorize protocols";
$l_error_open_file="Error opening the file";
$l_port="Port number";
$l_proto="protocol name";
$l_enabled="Authorized";
$l_add_to_list="Add to the list";
$l_save="Save changes";
}
/********************
* TEST CONF FILES *
*********************/
define ("SERVICES_LIST", "/usr/local/etc/alcasar-services");
define ("CONF_FILE", "/usr/local/etc/alcasar.conf");
$conf_files=array(SERVICES_LIST,CONF_FILE);
foreach ($conf_files as $file){
if (!file_exists($file)){
exit("Requested file ".$file." isn't present");}
if (!is_readable($file)){
exit("Can't read the file ".$file);}
}
/**********************************
* Read ALCASAR CONF_FILE *
***********************************/
$ouvre=fopen(CONF_FILE,"r");
if ($ouvre){
while (!feof ($ouvre))
{
$tampon = fgets($ouvre, 4096);
if (strpos($tampon,"=")!==false){
$tmp = explode("=",$tampon);
$conf[$tmp[0]] = $tmp[1];
}
}
fclose($ouvre);
}
 
if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";}
switch ($choix)
{
case 'NF_On' :
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on");
break;
case 'NF_Off' :
exec ("sudo /usr/local/sbin/alcasar-nf.sh -off");
break;
case 'new_port' :
if ((trim($_POST['add_port']) != "80") and ($_POST['add_port'] != "") and ($_POST['add_proto'] != "") and (is_numeric($_POST['add_port'])))
{
$_POST['add_proto'] = str_replace (CHR(32),"-",$_POST['add_proto']);
$tab=file(SERVICES_LIST);
$insert = true;
if ($tab) // file isn't empty
{
foreach ($tab as $line) //test if port doesn't already exist
{
$proto_f=explode(" ", $line);
if (trim($_POST['add_port']) == trim($proto_f[1])) {$insert = false;}
}
}
if ($insert == true)
{
$line = "\n" . "#" . trim($_POST['add_proto']) . " " . trim($_POST['add_port']);
$pointeur=fopen(SERVICES_LIST,"a");
fwrite ($pointeur, $line);
fclose ($pointeur);
exec ("sudo /usr/local/bin/alcasar-file-clean.sh");
}
}
break;
case 'change_port' :
$tab=file(SERVICES_LIST);
if ($tab)
{
// authorize/block protocols
$pointeur=fopen(SERVICES_LIST,"w+");
foreach ($tab as $ligne)
{
$proto_f=explode(" ", $ligne);
$name_svc1=trim($proto_f[0],"#");
$actif = False; $remove_line = false;
foreach ($_POST as $key => $value)
{
if (strstr($key,'del-'))
{
$name_svc2 = str_replace('del-','',$key);
if ($name_svc1 == $name_svc2)
{
$remove_line = True;
}
}
if (strstr($key,'chk-'))
{
$name_svc2 = str_replace('chk-','',$key);
if ($name_svc1 == $name_svc2)
{
$actif = True;
break;
}
}
}
if (! $remove_line)
{
if (! $actif) { $line="#$name_svc1 $proto_f[1]";}
else { $line="$name_svc1 $proto_f[1]";}
fwrite($pointeur,$line);
}
}
fclose($pointeur);
}
exec ("sudo /usr/local/bin/alcasar-iptables.sh -on");
break;
}
# default values
if (is_file (CONF_FILE))
{
$tab=file(CONF_FILE);
if ($tab)
{
foreach ($tab as $line)
{
$field=explode("=", $line);
if ($field[0] == "PROTOCOLS_FILTERING") {$PROTOCOLS_FILTERING=trim($field[1]);}
}
}
}
?>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0>
<tr><th><?echo "$l_title_proto";?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</table>
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0>
<tr>
<?
if ($PROTOCOLS_FILTERING == "on")
{
echo "<td colspan=\"2\" valign=\"middle\" align=\"left\">";
echo "<CENTER><H3>$l_protocolsfilter_on</H3>$l_comment_on</CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<input type=hidden name='choix' value=\"NF_Off\">";
echo "<input type=submit value=\"$l_switch_off\">";
echo "</FORM></td></tr>";
require ('protocols_filter2.php');
}
else
{
echo "<td valign=\"middle\" align=\"left\">";
echo "<CENTER><H3>$l_protocolsfilter_off</H3>$l_comment_off</CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<input type=hidden name='choix' value=\"NF_On\">";
echo "<input type=submit value=\"$l_switch_on\">";
echo "</FORM></td></tr>";
echo "</table></body></html>";
}
?>
/web/acc/admin/protocols_filter2.php
0,0 → 1,49
<tr><td valign="middle" align="center">
<form action='protocols_filter.php' method='POST'>
<table cellspacing=2 cellpadding=3 border=1>
<?
echo "<tr><th>$l_port<th>$l_proto<th>$l_enabled<th>$l_remove</tr>";
// Read and compute the protocols list
$tab=file(SERVICES_LIST);
if ($tab) # the file isn't empty
{
foreach ($tab as $line)
{
if (trim($line) != '') # the line isn't empty
{
$proto=explode(" ", $line);
$name_svc=trim($proto[0],"#");
echo "<tr><td>$proto[1]<td>$name_svc";
echo "<td><input type='checkbox' name='chk-$name_svc'";
// if the line is commented -> protocol is not allowed
if (preg_match('/^#/',$line, $r)) {
echo ">";}
else {
echo "checked>";}
echo "<td>";
if ($name_svc != "icmp") {
echo "<input type='checkbox' name='del-$name_svc'>";}
else {
echo "&nbsp;";}
echo "</tr>";
}
}
}
?>
</table>
<input type='hidden' name='choix' value='change_port'>
<input type='submit' value='<?echo"$l_save";?>'>
</form></td><td valign='middle' align='center'>
<form action='protocols_filter.php' method='POST'>
<table cellspacing=2 cellpadding=3 border=1>
<tr><th><?echo"$l_port<th>$l_proto"?></tr>
<tr><td><input type='text' name='add_port' size='5'></td>
<td><input type='text' name='add_proto' size='10'></td>
<input type='hidden' name='choix' value='new_port'>
<td><input type='submit' value='<?echo"$l_add_to_list";?>'></td>
</tr></table>
</form>
</td></tr>
</TABLE>
</BODY>
</HTML>
/web/acc/admin/wl_filter.php
0,0 → 1,204
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><!-- written by Rexy -->
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<TITLE>ALCASAR Whitelist filtering</TITLE>
<link rel="stylesheet" href="/css/style.css" type="text/css">
</HEAD>
<body>
<?
function form_filter ($form_content)
{
// réencodage iso + format unix + rc fin de ligne (ouf...)
$list = str_replace("\r\n", "\n", utf8_decode($form_content));
if (strlen($list) != 0){
if ($list[strlen($list)-1] != "\n") { $list[strlen($list)]="\n";} ;} ;
return $list;
}
function form_filter_ip($form_content, $color)
{
//# reconstruction des ip
$list = explode("\n", form_filter($form_content));
$new_list = "";
foreach($list as &$value)
{
if(preg_match('/([0-9]{1,3}.){3}[0-9]{1,3}/', $value))
{
$new_list = $new_list.$value."\n";
}
}
if($color == "white")
{
return preg_replace("/(.*)\n/", "add whitelist_ip_allowed $1\n", $new_list);
}
else
{
return preg_replace("/(.*)\n/", "add blacklist_ip_blocked $1\n", $new_list);
}
}
function echo_file ($filename)
{
if (file_exists($filename))
{
if (filesize($filename) != 0)
{
$pointeur=fopen($filename,"r");
$tampon = fread($pointeur, filesize($filename));
fclose($pointeur);
echo $tampon;
}
}
else
{
echo "$filename doesn't exist";
}
}
function echo_ip_file ($filename)
{
exec("cat $filename | cut -d ' ' -f3", $resultat);
for($i=0; $i<exec("wc -l $filename"); $i++)
{
echo $resultat[$i]."\n";
}
}
# Choice of language
$Language = 'en';
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
$Language = strtolower(substr(chop($Langue[0]),0,2)); }
if($Language == 'fr'){
$l_wl="Liste blanche";
$l_list_version="Version de la liste : ";
$l_wl_categories="Sélectionnez les catégories à autoriser";
$l_allowed_dns="Noms de domaine autorisés";
$l_one_dns="Entrez un nom de domaine par ligne (exemple : .domaine.org)";
$l_add_to_wl="Noms de domaine ou IP ajoutés à la liste blanche";
$l_forbidden_ip_explain="Entrez une IP par ligne (exemple : 123.123.123.123)<br/>ou une adresse de réseau (exemple : 123.123.0.0/16)";
$l_allowed_ip="IP authorisées";
$l_record="Enregistrer les modifications";
$l_wait="Une fois validées, 10 secondes sont nécessaires pour traiter vos modifications";
$l_error_open_file="Erreur d'ouverture du fichier";
$l_submit="Envoyer";
$l_nb_ip="Nombre d'IP";
$l_nb_domain_names="Nombre de noms de domaine";
$l_nbDomainNames="Noms de domaine :";
$l_nbUrl="Url :";
$l_nbIp="Ip :";
}
else {
$l_wl="WhiteList";
$l_list_version="List version : ";
$l_wl_categories="Select the categories to allow";
$l_allowed_dns="Allowed domain names";
$l_one_dns="Enter one domain name per row (example : .domain.org)";
$l_add_to_wl="Domain names or IP to add to whitelist";
$l_forbidden_ip_explain="Enter one IP per row (example : 123.123.123.123)<br/>or a network address (example : 123.123.0.0/16)";
$l_allowed_ip="Allowed IP";
$l_record="Save changes";
$l_wait="Once validated, 10 seconds are necessary to compute your modifications";
$l_error_open_file="Error opening file";
$l_submit="Submit";
$l_nb_ip="Number of IP";
$l_nb_domain_names="Number of domain names";
$l_nbDomainNames="Domain names :";
$l_nbUrl="Url :";
$l_nbIp="Ip :";
}
$dir_etc="/usr/local/etc/";
$dir_dg="/etc/dansguardian/lists/";
$file_wl_ip="/usr/local/share/ossi-ip-wl";
$wl_categories=$dir_etc."alcasar-wl-categories";
$wl_categories_enabled=$dir_etc."alcasar-wl-categories-enabled";
$conf_file=$dir_etc."alcasar.conf";
if (isset($_POST['choix'])){ $choix=$_POST['choix']; } else { $choix=""; }
switch ($choix)
{
case 'MAJ_cat_wl' :
$tab=file($wl_categories_enabled);
if ($tab)
{
$pointeur=fopen($wl_categories_enabled, "w+");
foreach ($_POST as $key => $value)
{
if (strstr($key,'chk-'))
{
$line=str_replace('chk-','',$key)."\n";
fwrite($pointeur,$line);
}
}
fclose($pointeur);
}
else {echo "$l_error_open_file $wl_categories_enabled";}
$fichier=fopen($dir_dg."blacklists/ossi/domains_wl","w+");
fputs($fichier, form_filter($_POST['OSSI_wl_domains']));
fclose($fichier);
unset($_POST['OSSI_wl_domains']);
$fichier=fopen($file_wl_ip, "w+");
fputs($fichier, form_filter_ip($_POST['OSSI_wl_ip'], "white"));
fclose($fichier);
unset($_POST['OSSI_wl_ip']);
exec ("sudo /usr/local/sbin/alcasar-bl.sh --reload");
break;
}
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo $l_wl; ?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</table>
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1>
<tr><td valign="middle" align="left" colspan=10>
<FORM action='wl_filter.php' method=POST>
<input type='hidden' name='choix' value='MAJ_cat_wl'>
<?php
echo "<center>";
$nbDomainNames = exec ("wc -l /usr/local/share/dnsmasq-wl/* | tail -n 1 | awk '{print $1}'");
$nbUrl = 0;
$nbIp = 0;
echo "<b>$l_nbDomainNames</b> $nbDomainNames, <b>$l_nbUrl</b> $nbUrl, <b>$l_nbIp</b> $nbIp<br/>";
echo "$l_wl_categories</center></td></tr>";
//on lit et on interprete le fichier de catégories
$cols=1;
if (file_exists($wl_categories))
{
$pointeur=fopen($wl_categories,"r");
while (!feof ($pointeur))
{
$ligne=fgets($pointeur, 4096);
if ($ligne)
{
if ($cols == 1) { echo "<tr>";}
$categorie=trim(basename($ligne));
echo "<td><a href='bl_categories_help.php?liste=wl&cat=$categorie' target='cat_help' onclick=window.open('bl_categories_help.php','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>$categorie</a><br>";
echo "<input type='checkbox' name='chk-$categorie'";
// si la ligne est commentée -> categorie non selectionnée
if (preg_match('/^#/',$ligne, $r)) { echo ">";}
else { echo "checked>"; }
echo "</td>";
$cols++;
if ($cols > 10) {
echo "</tr>";
$cols=1; }
}
}
fclose($pointeur);
}
else {
echo "$l_error_open_file $wl_categories";
}
echo "<tr><td valign='middle' align='left' colspan=10>";
echo "<center><b>$l_add_to_wl</b></center></td></tr>";
echo "<tr><td width=50% colspan=5 align=center>";
echo "<H3>$l_allowed_dns</H3>$l_one_dns<BR>";
echo "<textarea name='OSSI_wl_domains' rows=3 cols=40>";
echo_file ($dir_dg."blacklists/ossi/domains_wl");
echo "</textarea></td>";
echo "<td width=50% colspan=5 align=center>";
echo "<H3>$l_allowed_ip</H3>$l_forbidden_ip_explain<BR>";
echo "<textarea name='OSSI_wl_ip' rows=3 cols=40>";
echo_ip_file ($file_wl_ip);
echo "</textarea></td></tr><tr><td colspan=10>";
echo "<input type='submit' value='$l_record'></form></td></tr>";
?>
</TABLE><br/>
</BODY>
</HTML>
/web/acc/filtering.php
1,8 → 1,10
<?
$select[0]="$l_blacklist";
$select[1]=$l_network;
$select[1]="$l_whitelist";
$select[2]="$l_protocols";
$fich[0]="admin/bl_filter.php";
$fich[1]="admin/net_filter.php";
$fich[1]="admin/wl_filter.php";
$fich[2]="admin/protocols_filter.php";
$j=0;
$nb=count($select);
while ($j != $nb)
/web/acc/menu.php
28,7 → 28,8
$l_statistics = "STATISTIQUES";
$l_backup = "SAUVEGARDES";
$l_activity = "Activité";
$l_blacklist = "Noms de domaine et ip";
$l_blacklist = "Liste noire";
$l_whitelist = "Liste blanche";
$l_ldap = "Ldap/A.D.";
$l_access_nb = "Accès au centre";
$l_create_user = "Créer un usager";
36,7 → 37,7
$l_create_group = "Créer un groupe";
$l_edit_group = "Éditer un groupe";
$l_import_empty = "Importer / Vider";
$l_network = "Réseau";
$l_protocols = "Protocoles";
$l_stat_user_day = "usager/jour";
$l_stat_con = "connexions";
$l_stat_daily ="usage journalier";
55,7 → 56,8
$l_statistics = "STATISTICS";
$l_backup = "BACKUPS";
$l_activity = "Activity";
$l_blacklist = "Domain names and ip";
$l_blacklist = "Blacklist";
$l_whitelist = "Whitelist";
$l_ldap = "Ldap/A.D.";
$l_access_nb = "Access to center";
$l_create_user = "Create a user";
63,7 → 65,7
$l_create_group = "Create a group";
$l_edit_group = "Edit a group";
$l_import_empty = "Import / Empty";
$l_network = "Network";
$l_protocols= "Protocols";
$l_stat_user_day = "user/day";
$l_stat_con = "connections";
$l_stat_daily ="daily use";
/web/index.php
90,8 → 90,8
$connection_history.= "<ul>";
while(($row = @da_sql_fetch_array($res,$config))){
$connected = "";
if ($row[acctstoptime] == "") $connected = " ($l_connected)";
$connection_history.="<li title='$row[username] $row[acctstarttime] $row[acctstoptime] (".secondsToDuration($row[acctsessiontime]).")'>$row[acctstarttime] (".secondsToDuration($row[acctsessiontime]).") $connected</li>";
if ($row['acctstoptime'] == "") $connected = " ($l_connected)";
$connection_history.="<li title='$row[username] $row[acctstarttime] $row[acctstoptime] (".secondsToDuration($row['acctsessiontime']).")'>$row[acctstarttime] (".secondsToDuration($row[acctsessiontime]).") $connected</li>";
}
$connection_history.="</ul>";
}