BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 1824

  → / @ 1827

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

No changes between revisions

Ignore whitespace Rev 1824 → Rev 1827

/conf/rpms/havp-init.diff
8,7 → 8,7
+# description: starts HAVP the High Availability Antivirus Proxy
+#
-HAVP_BIN=/usr/local/sbin/havp
-HAVP_BIN=/usr/local/bin/havp
-HAVP_CONFIG=/usr/local/etc/havp/havp.config
+HAVP_BIN=/usr/sbin/havp
+HAVP_CONFIG=/etc/havp/havp.config

/conf/sudoers
12,17 → 12,17
User_Alias ADMWEB=apache # web admin account
# Cmnd alias specification
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/sbin/alcasar-dhcp.sh # network commands
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh # network commands
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment
Cmnd_Alias BYPASS=/usr/local/sbin/alcasar-bypass.sh # authentication bypass
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # to manage users in command line
Cmnd_Alias SQL=/usr/local/sbin/alcasar-mysql.sh # to export users database
Cmnd_Alias SQL=/usr/local/bin/alcasar-mysql.sh # to export users database
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # to create conf backup file
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # to export/save the log files
Cmnd_Alias BL=/usr/local/sbin/alcasar-bl.sh,/usr/local/sbin/alcasar-havp.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/sbin/alcasar-url_filter.sh # to manage the filtering system
Cmnd_Alias NF=/usr/local/sbin/alcasar-nf.sh,/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # to manage the firewall
Cmnd_Alias LOGOUT=/usr/local/sbin/alcasar-logout.sh # to disconnect the users
Cmnd_Alias UAM=/usr/local/sbin/alcasar-uamallowed.sh # to manage the trusted websites (uamallowed)
Cmnd_Alias BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-havp.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter.sh # to manage the filtering system
Cmnd_Alias NF=/usr/local/bin/alcasar-nf.sh,/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # to manage the firewall
Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # to disconnect the users
Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # to manage the trusted websites (uamallowed)
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # to manage the linux services
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem
Cmnd_Alias SSL=/usr/bin/openssl,/usr/local/bin/alcasar-importcert.sh # to manage the certificates

/scripts/sbin/alcasar-certificates.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property

/scripts/sbin/alcasar-version.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property

/scripts/sbin/alcasar-mysql.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property

/scripts/sbin/alcasar-url_filter.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property

/scripts/sbin/alcasar-logout.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property

/scripts/sbin/alcasar-uninstall.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property

/scripts/sbin/alcasar-profil.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property

/scripts/sbin/alcasar-dns-local.sh
File deleted
Property changes:
Deleted: svn:eol-style
-native
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property

/scripts/sbin/alcasar-load_balancing.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property

/scripts/sbin/alcasar-bl.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property

/scripts/sbin/alcasar-dhcp.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property

/scripts/sbin/alcasar-bypass.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property

/scripts/sbin/alcasar-https.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property

/scripts/sbin/alcasar-rpm-download.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property

/scripts/sbin/alcasar-nf.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property

/scripts/alcasar-archive.sh
96,7 → 96,7
# make an archive
archive
# Saving of the database
/usr/local/sbin/alcasar-mysql.sh --dump
/usr/local/bin/alcasar-mysql.sh --dump
# Encryption of the archive
if [ -e /tmp/$FILE ]; then
if [ $CRYPT -eq "1" ]; then
127,7 → 127,7
cd /var/log/nfsen/profiles-data/live/alcasar_netflow
find . -mtime -$gap -name 'nfcapd.[0-9]*' | xargs tar -cf /tmp/live/traceability-ALL-$NOW.tar;
# Saving of the database
/usr/local/sbin/alcasar-mysql.sh --dump
/usr/local/bin/alcasar-mysql.sh --dump
mv $(echo $(ls -rt $DIR_BASE/alcasar-users-database-*.sql.gz | tail -n 1 -)) /tmp/live/
cp /var/log/firewall/traceability.log /tmp/live/traceability-HTTP-$NOW.log
tar -czf $DIR_ARCHIVE/traceability-$NOW.tar.gz /tmp/live/*

/scripts/alcasar-bl.sh
0,0 → 1,240
#/bin/bash
# $Id$
# alcasar-bl.sh
# by Franck BOUIJOUX and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian)
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian)
DIR_CONF="/usr/local/etc"
CONF_FILE="$DIR_CONF/alcasar.conf"
private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address
DIR_tmp="/tmp/blacklists"
FILE_tmp="/tmp/filesfilter.txt"
FILE_ip_tmp="/tmp/filesipfilter.txt"
DIR_DG="/etc/dansguardian/lists"
DIR_DG_BL="$DIR_DG/blacklists"
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" #' ' WL '
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" # ' ' BL enabled categories
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled" # ' ' WL enabled categories
OSSI_DOMAINS_WL="$DIR_DG/blacklists/ossi/domains_wl" # Domain names for the ossi category
DIR_SHARE="/usr/local/share"
DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl" # all the BL in the DNSMASQ format
DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl" # all the WL ' ' '
DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the domains BL (only enabled categories)
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' ' '
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories)
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf" # conf file of dnsmasq-blacklist
DNS1=`grep "DNS1" $CONF_FILE | cut -d '=' -f 2` # server DNS1 (for WL domain names)
BL_SERVER="dsi.ut-capitole.fr"
SED="/bin/sed -i"
# enable/disable the BL & WL categories
function cat_choice (){
# saving ossi category
mkdir $DIR_tmp
cp $DIR_IP_BL/ossi $DIR_tmp
if [ -d $DIR_IP_BL_ENABLED ]
then
for file in `ls -1 $DIR_IP_BL_ENABLED | grep -v "^ossi-*"`
do
rm -f $DIR_IP_BL_ENABLED/$file
done
else
mkdir $DIR_IP_BL_ENABLED
chown apache $DIR_IP_BL_ENABLED
fi
if [ -d $DIR_DNS_BL_ENABLED ]
then
for file in `ls -1 $DIR_DNS_BL_ENABLED | grep -v "^ossi-*"`
do
rm -f $DIR_DNS_BL_ENABLED/$file
done
else
mkdir $DIR_DNS_BL_ENABLED
chown apache $DIR_DNS_BL_ENABLED
fi
rm -rf $DIR_DNS_WL_ENABLED # cleaning for dnsmasq and iptables
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG
$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines)
mkdir $DIR_DNS_WL_ENABLED
# process the file $BL_CATEGORIES with the choice of categories
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
do
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE
ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE
# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # Blacklisted domains are managed by dnsmasq
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist
done
sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp
mv $FILE_tmp $BL_CATEGORIES
# process the file $WL_CATEGORIES with the choice of categories
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`
do
$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES
ln -sf $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE
done
sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp
mv $FILE_tmp $WL_CATEGORIES
# restoring ip files and ossi category
mv $DIR_tmp/ossi $DIR_IP_BL
chown apache $DIR_IP_BL/ossi
rm -rf $DIR_tmp
}
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload }"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
args="-h"
fi
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
# Retrieve Toulouse BL
-download | --download)
rm -rf /tmp/con_ok.html
`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`
if [ ! -e /tmp/con_ok.html ]
then
echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable"
else
rm -rf /tmp/con_ok.html $DIR_tmp
mkdir $DIR_tmp
wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz
md5sum $DIR_tmp/blacklists.tar.gz | cut -d" " -f1 > $DIR_tmp/md5sum
chown -R apache:apache $DIR_tmp
fi
;;
# enable/disable categories (used only during the alcasar install process)
-cat_choice | --cat_choice)
cat_choice
;;
# Adapt Toulouse BL to ALCASAR architecture (dnsmasq + DG + iptables)
-adapt | --adapt)
echo -n "Toulouse BlackList migration process. Please wait : "
if [ ! -e $DIR_SHARE/ossi-ip-wl ]
then
touch $DIR_SHARE/ossi-ip-wl
chown apache $DIR_SHARE/ossi-ip-wl
fi
if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL
then
[ -d $DIR_DG_BL/ossi ] && mv $DIR_DG_BL/ossi $DIR_tmp
[ -e $DIR_IP_BL/ossi ] && mv $DIR_IP_BL/ossi $DIR_tmp/ossi-ip-bl
rm -rf $DIR_DG_BL $DIR_IP_BL
mkdir $DIR_DG_BL $DIR_IP_BL
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/
fi
rm -f $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED
rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL
touch $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED
mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL
chown -R dansguardian:apache $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED
chmod -R g+w $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED
find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist
$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix
for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files
do
categorie=`echo $dir_categorie|cut -d "/" -f6`
categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie $DIR_DG_BL/global_usage | grep ^DEFAULT_TYPE | cut -d":" -f2 | tr -d " \t"`
if [ "$categorie_type" == "white" ]
then
echo "$dir_categorie" >> $WL_CATEGORIES
echo `basename $dir_categorie` >> $WL_CATEGORIES_ENABLED # by default all WL are enabled
fi
echo "$dir_categorie" >> $BL_CATEGORIES # By default all categories are in BL
done
rm -f $FILE_tmp
# Verify that the enabled categories are effectively in the BL (need after an update of the BL)
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
do
ok=`grep /$ENABLE_CATEGORIE$ $BL_CATEGORIES|wc -l`
if [ $ok != "1" ]
then
$SED "/^$ENABLE_CATEGORIE$/d" $BL_CATEGORIES_ENABLED
fi
done
# Creation of DNSMASQ and Iptables BL and WL
for LIST in $BL_CATEGORIES $WL_CATEGORIES # for each list (bl and wl)
do
for PATH_FILE in `cat $LIST` # for each category
do
DOMAINE=`basename $PATH_FILE`
echo -n "$DOMAINE, "
if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist
then
touch $PATH_FILE/urls
chown dansguardian:apache $PATH_FILE/urls
fi
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors
# extract ip addresses for iptables
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add blacklist_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp
# for dnsmask, remove IP addesses, accented characters and commented lines.
egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp
$SED "/[äâëêïîöôüû]/d" $FILE_tmp
$SED "/^#.*/d" $FILE_tmp
if [ "$LIST" == "$BL_CATEGORIES" ]
then
# adapt to the dnsmasq syntax for the blacklist
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE
else
# adapt to the dnsmasq syntax for the whitelist
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf
fi
done
done
rm -f $FILE_tmp $FILE_ip_tmp
# Restoring ossi file of BL IP
[ -e $DIR_tmp/ossi-ip-bl ] && mv $DIR_tmp/ossi-ip-bl $DIR_IP_BL/ossi
rm -rf $DIR_tmp
echo
;;
# reload when categories are changed
-reload | --reload)
# for DG
chown -R dansguardian:apache $DIR_DG_BL/ossi
chmod -R g+w $DIR_DG_BL/ossi
cat_choice
# for dnsmasq (rehabited domain names)
if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ]
then
for i in `cat $DIR_DG/exceptionsitelist`
do
$SED "/$i/d" $DIR_DNS_BL/*
done
fi
cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_BL/ossi.conf
$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_BL/ossi.conf
cp -f $OSSI_DOMAINS_WL $DIR_DNS_WL/ossi.conf
$SED "s?.*?server=/&/$DNS1?g" $DIR_DNS_WL/ossi.conf
ln -s $DIR_DNS_WL/ossi.conf $DIR_DNS_WL_ENABLED/ossi
/usr/bin/systemctl restart dnsmasq-blacklist
/usr/bin/systemctl restart dnsmasq-whitelist
/usr/local/bin/alcasar-iptables.sh
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
exit 1
;;
esac
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id Author Date
\ No newline at end of property

/scripts/alcasar-bypass.sh
0,0 → 1,69
#!/bin/bash
# $Id$
# alcasar-bypass.sh
# by 3abtux and Rexy
# This script is distributed under the Gnu General Public License (GPL)
# activation / désactivation du contournement de l'authentification et du filtrage WEB
# enable / disable the bypass of authenticate process and filtering
usage="Usage: alcasar-bypass.sh {--on or -on } | {--off or -off}"
SED="/bin/sed -i"
CONF_FILE="/usr/local/etc/alcasar.conf"
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
nb_args=1
args="-h"
fi
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
--on | -on)
/usr/local/bin/alcasar-logout.sh all
/usr/bin/systemctl stop chilli
cp -f /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF /etc/sysconfig/network-scripts/ifcfg-$INTIF
ifup $INTIF
sh /usr/local/bin/alcasar-iptables-bypass.sh
DHCP=`grep ^DHCP= $CONF_FILE|cut -d"=" -f2`
if [ $DHCP != off ]
then
$SED "s?^#route.*?&?g" /etc/dnsmasq.conf # dnsmasq become the DHCP server
$SED "s?^no-dhcp-interface.*?#&?g" /etc/dnsmasq.conf #
/usr/bin/systemctl restart dnsmasq
fi
rm -f /etc/cron.d/alcasar-daemon-watchdog # don't restart daemons (specially coova)
echo "ALCASAR est en mode 'bypass'"
echo "ALCASAR is in 'bypass' mode"
;;
--off | -off)
cp -f /etc/sysconfig/network-scripts/default-ifcfg-$INTIF /etc/sysconfig/network-scripts/ifcfg-$INTIF
ifup $INTIF
$SED "s?^route.*?#&?g" /etc/dnsmasq.conf #
$SED "s?^#no-dhcp-interface=$INTIF?no-dhcp-interface=$INTIF?g" /etc/dnsmasq.conf
$SED "s?^#no-dhcp-interface=tun0?no-dhcp-interface=tun0?g" /etc/dnsmasq.conf
$SED "s?^#no-dhcp-interface=lo?no-dhcp-interface=lo?g" /etc/dnsmasq.conf
/usr/bin/systemctl restart dnsmasq
/usr/bin/systemctl start chilli
sh /usr/local/bin/alcasar-iptables.sh
# activation of the "daemon-watchdog" every 18'
cat << EOF > /etc/cron.d/alcasar-daemon-watchdog
# activation du "chien de garde" (daemon-watchdog) toutes les 18'
*/18 * * * * root /usr/local/bin/alcasar-daemon.sh > /dev/null 2>&1
EOF
echo "L'authentification et le filtrage sont actifs"
echo "Authentication and filtering system are enabled"
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
exit 1
;;
esac
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id Author Date
\ No newline at end of property

/scripts/alcasar-certificates.sh
0,0 → 1,115
#!/bin/sh
# Id: $Id$
# alcasar-certificates.sh
# by Franck BOUIJOUX and REXY
# This script is distributed under the Gnu General Public License (GPL)
# Script permettant
# - d'exporter les certificats d'un serveur pour les transposer sur un autre.
# This script allows
# - export certificates server to move them.
DIR_EXPORT="/root/Certificats"
DIR_PKI="/etc/pki"
DIR_SAVE="/root/PKI_SAVE"
DIR_IMPORT="/root/Certificats"
usage="Usage: alcasar-certificates.sh {--export or -x} | {--import or -i <FileOfCertificate.tar.gz>} "
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
nb_args=1
args="-h"
fi
NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment
FILE="certificates-$NOW"
DIR_SAVE=$DIR_SAVE-$NOW
# Function of export
function certs_export() {
# Export of CA Certificate
cd /root
tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
# Export of server Certificate
tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}
gzip $FILE.tar
echo "Le ficher des certificats exportés est : $FILE.tar.gz"
} # end function export
function archive() {
# Sauvegarde de la pki actuelle
[ -d $DIR_SAVE ] || mkdir $DIR_SAVE
# Save of CA Certificate
cd $DIR_PKI/CA/
cp alcasar-ca.crt $DIR_SAVE/.
cp private/alcasar-ca.key $DIR_SAVE/.
# Save of server Certificate
cd $DIR_PKI/tls
cp certs/alcasar.crt $DIR_SAVE/.
cp private/alcasar.key $DIR_SAVE/.
cp certs/server-chain.crt $DIR_SAVE/.
} # end function archive
function import() {
echo "Would you like to Import New Certificates in ALCASAR ?"
read response
if [ $response = "y" ] || [ $response = "o" ] || [ $response = "Y" ] || [ $response = "O" ]
then
[ -d $DIR_IMPORT ] || mkdir $DIR_IMPORT
rm -rf $DIR_IMPORT/*
# Import of CA Certificate
tar xzvf $1 --directory=$DIR_IMPORT
echo "Import new certificates in ALCASAR !!!"
cp -r $DIR_IMPORT/* /.
chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}
# Service apache restart
service httpd restart
else
echo "You are not import new certificates !!!"
exit 0
fi
} # end import
# Core script
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
--export | -x)
archive
certs_export
;;
--import | -i)
nb_args=$#
if [ $nb_args -eq 1 ]
then
echo "Il faut passer un fichier de certificat en paramètre !!!"
exit 0
fi
import $2
;;
*)
echo "Unknown argument :$1";
echo "$usage"
exit 1
;;
esac
exit 0
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property

/scripts/alcasar-conf.sh
19,7 → 19,6
DIR_UPDATE="/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour
DIR_WEB="/var/www/html" # répertoire du centre de gestion
DIR_BIN="/usr/local/bin" # répertoire des scripts d'admin
DIR_SBIN="/usr/local/sbin" # répertoire des scripts d'admin
DIR_ETC="/usr/local/etc" # répertoire des fichiers de conf
CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file
VERSION="/var/www/html/VERSION" # contient la version en cours
69,7 → 68,7
[ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE
mkdir $DIR_UPDATE
# backup the users database
$DIR_SBIN/alcasar-mysql.sh -dump
$DIR_BIN/alcasar-mysql.sh -dump
cp /var/Save/base/`ls -1t /var/Save/base|head -1` $DIR_UPDATE
# backup the logo
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
138,14 → 137,14
# Adapt DNS/URL filtering
PARENT_SCRIPT=`basename $0`
export PARENT_SCRIPT
$DIR_SBIN/alcasar-bl.sh -adapt
$DIR_SBIN/alcasar-bl.sh -reload
$DIR_BIN/alcasar-bl.sh -adapt
$DIR_BIN/alcasar-bl.sh -reload
# retrieve dnsmasq general config file
[ -e $DIR_UPDATE/dnsmasq ] && cp -f $DIR_UPDATE/dnsmasq /etc/sysconfig/dnsmasq \
&& chown root.root /etc/sysconfig/dnsmasq \
&& chmod 644 /etc/sysconfig/dnsmasq
# admin profile update (admin + manager + backup)
$DIR_SBIN/alcasar-profil.sh --list
$DIR_BIN/alcasar-profil.sh --list
# Start / Stop SSH Daemon
ssh_active=`grep SSH= $CONF_FILE|cut -d"=" -f2`
if [ $ssh_active = "on" ]
221,23 → 220,24
then
if [ $DHCP_mode = "off" ]
then
$DIR_SBIN/alcasar-dhcp.sh --off
$DIR_BIN/alcasar-dhcp.sh --off
fi
# Implementation of the local DNS
$DIR_SBIN/alcasar-dns-local.sh --$INT_DNS_active
$DIR_BIN/alcasar-dns-local.sh --$INT_DNS_active
# Implementation of the authentification LDAP
# $DIR_SBIN/alcasar-ldap.sh --$INT_LDAP_active
# $DIR_BIN/alcasar-ldap.sh --$INT_LDAP_active
# Logout everybody
$DIR_SBIN/alcasar-logout.sh all
$DIR_BIN/alcasar-logout.sh all
# Services stop
echo -n "Stop services : "
for i in ntpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist chilli network httpd
for i in ntpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist chilli network
do
/usr/bin/systemctl stop $i && echo -n "$i, "
done
/usr/bin/kill -s SIGSTOP $(pidof httpd)
echo
fi
330,13 → 330,15
then
# Services start
/usr/bin/systemctl start network && echo -n "Start service : network" && sleep 1
$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode && echo -n ", coova" # apply DHCP mode and start coova
for i in dnsmasq tinyproxy ntpd httpd
$DIR_BIN/alcasar-dhcp.sh -$DHCP_mode && echo -n ", coova" # apply DHCP mode and start coova
for i in dnsmasq tinyproxy ntpd
do
sleep 1
/usr/bin/systemctl start $i && echo -n ", $i"
done
$DIR_SBIN/alcasar-bl.sh -reload && echo ", dnsmasq-blacklist, dnsmasq-whitelist, iptables"
$DIR_BIN/alcasar-bl.sh -reload && echo ", dnsmasq-blacklist, dnsmasq-whitelist, iptables,"
/usr/bin/kill -s SIGCONT $(pidof httpd)
/usr/bin/systemctl reload httpd && echo -n ", httpd"
fi
# Start / Stop SSH Daemon
ssh_active=`grep SSH= $CONF_FILE|cut -d"=" -f2`

/scripts/alcasar-dhcp.sh
0,0 → 1,90
#/bin/bash
# $Id$
# alcasar-dhcp.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
# active ou desactive le service DHCP sur le réseau de consultation
# enable or disable the DHCP service on consultation LAN
SED="/bin/sed -i"
CHILLI_CONF_FILE="/etc/chilli.conf"
ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf"
DNSMASQ_CONF_FILE="/etc/dnsmasq.conf"
# define DHCP parameters (LAN side)
PRIVATE_IP_MASK=`grep PRIVATE_IP $ALCASAR_CONF_FILE|cut -d"=" -f2`
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24)
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2`
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2`
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # ie.: 2=classe B, 3=classe C
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255)
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1)
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254)
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX
EXT_DHCP_IP=`grep EXT_DHCP_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse du serveur DHCP externe
RELAY_DHCP_IP=`grep RELAY_DHCP_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse de l'agent Relay : IP interne (défaut 192.168.182.1) dans le cas de DHCP dans le LAN de consultation
RELAY_DHCP_IP=${RELAY_DHCP_IP:=$PRIVATE_IP} # IP externe (défaut x.y.z.t) dans le cas de DHCP du côté WAN
RELAY_DHCP_PORT=`grep RELAY_DHCP_PORT $ALCASAR_CONF_FILE|cut -d"=" -f2` # Port de redirection vers le relay DHCP : 67 par défaut
RELAY_DHCP_PORT=${RELAY_DHCP_PORT:=67}
usage="Usage: alcasar-dhcp.sh {--on | -on} | {--off | -off}"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
echo "$usage"
exit 1
fi
case $args in
-\? | -h | --h)
echo "$usage"
exit 0
;;
--off|-off) # disable DHCP service
$SED "s?.*statip.*?statip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE
$SED "s?^#nodynip.*?nodynip?g" $CHILLI_CONF_FILE
$SED "s?^dynip.*?#dynip?g" $CHILLI_CONF_FILE
$SED "s?^#dynip.*?#dynip?g" $CHILLI_CONF_FILE
$SED "s?^DHCP.*?DHCP=off?g" $ALCASAR_CONF_FILE
if [ "$EXT_DHCP_IP" != "none" ]
then
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcprelayagent.*?dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
else
$SED "s?.*dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
fi
/usr/bin/systemctl restart chilli
;;
--on|-on) # enable DHCP service on all range of IP addresses
$SED "s?^.*statip.*?#statip?g" $CHILLI_CONF_FILE
$SED "s?^nodynip.*?#nodynip?g" $CHILLI_CONF_FILE
$SED "s?^DHCP.*?DHCP=on?g" $ALCASAR_CONF_FILE
$SED "s?^dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE
$SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=$EXT_DHCP_IP?g" $ALCASAR_CONF_FILE
$SED "s?^RELAY_DHCP_IP.*?RELAY_DHCP_IP=$RELAY_DHCP_IP?g" $ALCASAR_CONF_FILE
$SED "s?^RELAY_DHCP_PORT.*?RELAY_DHCP_PORT=$RELAY_DHCP_PORT?g" $ALCASAR_CONF_FILE
/usr/bin/systemctl restart chilli
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
exit 1
;;
esac
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id Author Date
\ No newline at end of property

/scripts/alcasar-dns-local.sh
0,0 → 1,63
#/bin/bash
# $Id: alcasar-dhcp.sh 1484 2014-11-11 23:14:36Z richard $
# alcasar-dns-interne.sh
# by Rexy - 3abtux
# This script is distributed under the Gnu General Public License (GPL)
# active ou desactive la redirection du service DNS sur le réseau de consultation
# enable or disable the redirector of internal DNS service on consultation LAN
SED="/bin/sed -i"
ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf"
DNSMASQ_CONF_FILE="/etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf"
DNSMASQ_CONF_LOCAL_FILE="/usr/local/etc/alcasar-dns-name"
# define DNS parameters (LAN side)
INT_DNS_DOMAIN=`grep INT_DNS_DOMAIN $ALCASAR_CONF_FILE|cut -d"=" -f2` # Nom du domaine DNS interne
INT_DNS_IP=`grep INT_DNS_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse du serveur DNS interne
INT_DNS_ACTIVE=`grep INT_DNS_ACTIVE $ALCASAR_CONF_FILE|cut -d"=" -f2` # Activation de la redirection DNS interne
usage="Usage: alcasar-dns-interne.sh {--on | -on} | {--off | -off}"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
echo "$usage"
exit 1
fi
case $args in
-\? | -h | --h)
echo "$usage"
exit 0
;;
--off|-off) # disable DNS redirector
$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE
$SED "s?^server.*?#&?g" $DNSMASQ_CONF_LOCAL_FILE
$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=off?g" $ALCASAR_CONF_FILE
/usr/bin/systemctl restart dnsmasq
/usr/bin/systemctl restart dnsmasq-blacklist
/usr/bin/systemctl restart dnsmasq-blackhole
/usr/bin/systemctl restart dnsmasq-whitelist
;;
--on|-on) # enable DHCP service on all range of IP addresses
$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE
$SED "s?^server=/.*?server=/$INT_DNS_DOMAIN/$INT_DNS_IP?g" $DNSMASQ_CONF_LOCAL_FILE
$SED "s?^#server=/.*?server=/$INT_DNS_DOMAIN/$INT_DNS_IP?g" $DNSMASQ_CONF_LOCAL_FILE
$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=on?g" $ALCASAR_CONF_FILE
/usr/bin/systemctl restart dnsmasq
/usr/bin/systemctl restart dnsmasq-blacklist
/usr/bin/systemctl restart dnsmasq-blackhole
/usr/bin/systemctl restart dnsmasq-whitelist
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
exit 1
;;
esac
Property changes:
Added: svn:eol-style
+native
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property

/scripts/alcasar-https.sh
0,0 → 1,44
#/bin/bash
# $Id$
# alcasar-dhcp.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
# active ou désactive le chiffrement sur les flux d'authentification
# enable or disable encryption on authentication flows
SED="/bin/sed -i"
CHILLI_CONF_FILE="/etc/chilli.conf"
INTERCEPT_FILE="/var/www/html/intercept.php"
usage="Usage: alcasar-https.sh {--on | -on} | {--off | -off}"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
echo "$usage"
exit 1
fi
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
--off|-off) # disable HTTPS
$SED "/# If https not use/,/}/s?^?#?" $INTERCEPT_FILE
$SED "s?uamserver.*?uamserver\thttp://alcasar.localdomain/intercept.php?" $CHILLI_CONF_FILE
/usr/bin/systemctl restart chilli
;;
--on|-on) # enable HTTPS
$SED "/## If https not use/,/#}/s?^#??" $INTERCEPT_FILE
$SED "s?uamserver.*?uamserver\thttps://alcasar.localdomain/intercept.php?" $CHILLI_CONF_FILE
/usr/bin/systemctl restart chilli
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
exit 1
;;
esac
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id Author Date
\ No newline at end of property

/scripts/alcasar-iptables.sh
153,6 → 153,13
#############################
# PREROUTING #
#############################
# Redirection des requetes DNS des utilisateurs non connectés dans le DNS-Blackhole
# Redirect users not connected DNS requests in DNS-Blackhole
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 56
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 56
# Marquage des paquets qui tentent d'accéder directement à un serveur sans authentification en mode proxy pour pouvoir les rejeter en INPUT
# Mark packets that attempt to directly access a server without authentication with proxy client to reject them in INPUT rules
#$IPTABLES -A PREROUTING -t mangle -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp -m tcp --dport 80 -m string --string 'GET http' --algo bm --from 50 --to 70 -j MARK --set-mark 10
212,11 → 219,6
# Redirect NTP request in local NTP server
$IPTABLES -A PREROUTING -t nat -i $TUNIF -s $PRIVATE_NETWORK_MASK ! -d $PRIVATE_IP -p udp --dport ntp -j REDIRECT --to-port 123
# Redirection des requetes DNS des utilisateurs non connectés dans le DNS-Blackhole
# Redirect users not connected DNS requests in DNS-Blackhole
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 56
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 56
#############################
# INPUT #
#############################

/scripts/alcasar-load_balancing.sh
0,0 → 1,407
#!/bin/bash
# $Id$
# Generic Load balancer for multiple WAN links - version 1.1 (04 Feb 2011)
# (c) 2011 Pau Oliva Fora - http://pof.eslack.org
#
# Licensed under GPLv3 - for full terms see:
# http://www.gnu.org/licenses/gpl-3.0.html
#
# Adapted and debugged (adr et ping -S) by ALCASAR Team (3abtux@alcasar.net)
# (c) 2013 3abtux - http://www.alcasar.net
#
# Specify each WAN link in a separate column, example:
# In this example we have 3 wan links (vlanXXX interfaces) attached to a single
# physical interface because we use a vlan-enabled switch between the balancer
# machine and the ADSL routers we want to balance. The weight parameter should
# be kept to a low integer.
#
#
# Modified by ALCASAR team :
prog="alcasar-load_balancing.sh"
pidfile="/var/run/alcasar-load_balancing.pid"
###############################
# MAIN PARAMETERs Configuration
###############################
DIR_ETC="/usr/local/etc"
CONF_FILE="$DIR_ETC/alcasar.conf"
MULTIWAN=`grep MULTIWAN= $CONF_FILE|cut -d"=" -f2`
MULTIWAN=${MULTIWAN:=off}
FAILOVER=`grep FAILOVER= $CONF_FILE|cut -d"=" -f2`
FAILOVER=${FAILOVER:=30}
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
# space separated list of public IPs to ping in watchdog mode
# set this to some public ip addresses pingable and always on.
TESTIPS="8.8.8.8 192.0.32.10"
# set to 1 when testing, set to 0 when happy with the results
VERBOSE=0
# CONFIGURATION ENDS HERE
###############################
if [ $(whoami) != "root" ]; then
echo "You must be root to run this!" ; echo ; exit 1
fi
# Adapter for ALCASAR project
CONF_FILE="/usr/local/etc/alcasar.conf"
# Virtual interfaces creating
function create_eth () {
routecmd="ip route replace default scope global"
NBIFACE=`grep "^WAN" $CONF_FILE | wc -l` # Nbre interfaces virtuelles
i=0
while [ $i -le $NBIFACE ]
do
INT="WAN$i"
echo $INT
ACTIVE=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $1}'` # Active
WT=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # WEIGHT
WT=${WT:-1}
IP=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $3}' | cut -d"/" -f1` # @IP
if [ $i -ne 0 ]; then
[ -e /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i ] && ifdown $EXTIF:$i && rm -f /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i
IFACE=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $2}'` # IFACE
IP_NET=`grep "^$INT=" $CONF_FILE | awk -F'"' '{print $2}' | awk -F, '{ print $3}'` # IP
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`"
GW=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW
MTU=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $6}'` # MTU
# Config $EXTIF:$i (Internet)
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i
DEVICE=$IFACE
BOOTPROTO=static
IPADDR=`echo $IP | cut -d"/" -f1`
NETMASK=`ipcalc -m $IP_NET | cut -d= -f2`
NETWORK=`ipcalc -n $IP_NET | cut -d= -f2`
MTU=$MTU
ONBOOT=yes
NOZEROCONF=yes
MII_NOT_SUPPORTED=yes
IPV6INIT=no
IPV6TO4INIT=no
ACCOUNTING=no
USERCTL=no
EOF
echo "ifup $EXTIF:$i"
ifup $EXTIF:$i
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`"
else
IFACE="$EXTIF"
IP_NET=`grep "^PUBLIC_IP=" $CONF_FILE | awk -F'=' '{print $2}'` # IP/MSK
IP=`grep "^PUBLIC_IP=" $CONF_FILE | awk -F= '{ print $2 }' | cut -d"/" -f1` # @IP
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW
# MTU=`grep "^PUBLIC_MTU=" $CONF_FILE | awk -F= '{print $2}'` # MTU
fi # End
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`"
if [ "$PARAM" == "add" ]; then
set -x
table=$(($i + 1))
ip route ${PARAM} ${NET} dev ${IFACE} src ${IP} table $table
ip route ${PARAM} default via ${GW} table $table
ip rule ${PARAM} from ${IP} table $table
set +x
fi
echo " Iface: ${IFACE}"
echo " IP: ${IP}"
echo " IP_NET: ${IP_NET}"
echo " NET: ${NET}"
echo " GW: ${GW}"
echo " Weight: ${WT}"
echo " MTU : ${MTU}"
echo
routecmd="${routecmd} nexthop via ${GW} dev ${IFACE} weight ${WT}"
i=$(($i + 1))
done # End While
if [ "$PARAM" == "add" ]; then
echo "[] Balanced routing:"
# suppress default route
ip route del default scope global
set -x
${routecmd}
set +x
echo
fi
} # end create_eth
###########################
# Fonction virtual Interfaces deleting
###########################
delete_eth () {
IFACE_COUNT=`ls -l /etc/sysconfig/network-scripts/ifcfg-$EXTIF:* | wc -l`
echo $IFACE_COUNT
while [ $IFACE_COUNT -ne 0 ]
do
i=$IFACE_COUNT
echo "ifdown $EXTIF:$i"
ifdown $EXTIF:$i
rm -f /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i
IFACE_COUNT=$(($IFACE_COUNT - 1))
done
ip route del default scope global
# ip route add default gw 192.168.1.1
}
# do not modify below this line unless you know what you're doing :)
function getvalue() {
index=$1
VAR=$2
n=1
for f in ${VAR} ; do
if [ "${n}" == "${index}" ]; then
echo "$f"
break
fi
n=$(($n++))
done
}
######################
# Fonction de FailOver
######################
function failover () {
echo "[] Watchdog started"
# 0 == all links ok, 1 == some link down
STATE=0
DOWNCOUNT_BAK=0
DOWN_BAK=""
NBIFACE=`grep "^WAN" $CONF_FILE | wc -l` # Nbre interfaces virtuelles
echo "Nombre interfaces = "$NBIFACE
WANIFACE[0]="$EXTIF"
c=0
while [ $c -le $NBIFACE ]; do
ITH=(`grep "WAN$c=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $2}'`) # IFACE
echo $ITH
WANIFACE="${WANIFACE} $ITH"
echo $WANIFACE
c=$(($c + 1))
done
echo "Liste des interfaces : "${WANIFACE[*]}
# Failover test
while : ; do
if [ $VERBOSE -eq 1 ]; then
echo "[] Sleeping, state=$STATE"
fi
sleep $FAILOVER
IFINDEX=1
DOWN="" # liste des interfaces down
DOWNCOUNT=0 # nombre d'interface down
for iface in $WANIFACE ; do
COUNT=0 # compteur de test
FAIL=0 # Nombre de fois down
# Recup de l'adresse IP dynamiquement
IP=`ifconfig $iface |grep "inet adr" |cut -f 2 -d ":" |awk '{print $1}'`
if [ $i -ne 0 ]; then
GW=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW
WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @WT
else
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW
fi
for TESTIP in $TESTIPS ; do
COUNT=$(($COUNT + 1))
ping -W 3 -I $IP -c 1 $TESTIP > /dev/null 2>&1
# ping -W 3 -I $IP -c 1 $TESTIP
# Si ping de la première adresse --> ok --> stop du test pour l'interface testée
if [ $? -eq 0 ]; then
break
else
# sinon on compte une erreur
FAIL=$(($FAIL + 1))
fi
done # End of test sur un serveur Internet
# Affichage du nombre de down
echo "FAIL=$FAIL"
# Si nombre de fois down = nombre de tests --> Iface down --> log dans fichier log avec l'heure
if [ $FAIL -eq $COUNT ]; then
echo "`date +%F-%Hh%mm%Ss` : [WARN] $iface is down!"
# Si etat différent de 1 (déjà tombé) --> changement de l'état général en default
if [ $STATE -ne 1 ]; then
echo "Switching state $STATE -> 1"
STATE=1
fi
# Rajout de l'iface dans la liste des interfaces down
DOWN="${DOWN} $IFINDEX"
echo "DOWN=$DOWN"
# Nombre d'interface down
DOWNCOUNT=$(($DOWNCOUNT + 1))
echo "DOWNCOUNT=$DOWNCOUNT"
fi
IFINDEX=$(($IFINDEX + 1))
echo "IFINDEX =$IFINDEX"
done # End Test Interface in WANIFACE
# 0 Passerelle down et état précédent différent (retour à la normale)) --> mise à la normale des passerelles
# if [ $DOWNCOUNT -eq 0 ] && [ $DOWNCOUNT -ne $DOWNCOUNT_BAK ]; then
if [ $DOWNCOUNT -eq 0 ] ; then
if [ $STATE -eq 1 ]; then
echo
echo "[] All links up and running :)"
set -x
${routecmd}
set +x
# Changement de l'état en normal
STATE=0
echo "Switching state 1 -> 0"
fi # End retour etat normal
# if no interface is down, go to the next cycle
continue
# cas ou au moins une passerelle down mais état identique au précédent Test --> rien à changer
else
if [ "$DOWN_BAK" == "$DOWN" ]; then
echo "DOWN_BAK == DOWN = $DOWN"
continue # --> état identique test precedent --> boucle suivante
# cas ou au moins une passerelle down mais état différent de test précédent --> remplacement par nouvelle règle
else
cmd="ip route replace default scope global"
IFINDEX=1
suffix=""
# Pour chaque interface --> traitement et application de la règle de routage
for iface in $WANIFACE ; do
echo "-------------------------"
echo "iface=$iface"
echo "Index = " $IFINDEX
FAILIF=0
# Pour chaque interface down -->
echo "Interfaces DOWN = $DOWN"
for lnkdwn in $DOWN ; do
echo "LINKDOWN = "$lnkdown
if [ $lnkdwn -eq $IFINDEX ]; then
FAILIF=1
break
else
continue
fi
done # End linkdown in DOWN
# Interface en etat normal --> rajout de la règle en mode nexthop
if [ $FAILIF -eq 0 ]; then
IP=`ifconfig $iface |grep "inet adr" |cut -f 2 -d ":" |awk '{print $1}'`
if [ $iface != "$EXTIF" ]; then
GW=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW
WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @GW
else
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW
fi
echo "GW=$GW"
echo "WT=$WT"
echo "suffix=$sufix"
suffix="${suffix} nexthop via ${GW} dev ${iface} weight ${WT:-1}"
fi # End interface = noFAIL
IFINDEX=$(($IFINDEX + 1))
done # End iface IN WANIFACE
# Commande globale
cmd="ip route replace default scope global $suffix"
if [ $VERBOSE -eq 1 ]; then
set -x
# echo "Avec commentaire : " ${cmd}
${cmd}
set +x
echo
else
${cmd} 2>/dev/null
echo ${cmd}
fi # end Application de la commande de routage globale
fi #
DOWN_BAK=$DOWN # Enregistrement de l'etat
fi # End
done
} # End of Failover
#################
# Main
#################
echo "[] Load balancer for multiple WAN interfaces - v2.1"
echo "[] (c) 2011 Pau Oliva Fora <pof> @eslack.org"
echo "[] (c) 2013 3abtux ALCASAR <3abtux> @alcasar.net"
echo
case $1 in
create)
create_eth
;;
delete)
delete_eth
;;
start)
if [ "$MULTIWAN" != "on" ] && [ "$MULTIWAN" != "On" ]; then
echo "The MultiGateway is not activated !"
exit 0
fi
PARAM="add"
create_eth
ip route flush cache
if [ $FAILOVER -eq 0 ]; then
echo "The MultiWAN Mode is actived but not failover connectivity !"
exit 0
fi
echo "Starting down $prog: "
pid=`pidof -x "alcasar-load_balancing.sh"`
if [ $pid != "" ]; then
echo $pid > $pidfile
fi
touch /var/lock/subsys/alcasar-load_balancing
failover
;;
stop)
PARAM="del"
echo "Shutting down $prog: "
if [ -f $pidfile ]; then
pid=`cat $pidfile`
kill -9 $pid
else
echo "$prog is not running."
exit 1
fi
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $pidfile && rm -f /var/lock/subsys/alcasar-load_balancing
echo "Delete of virtual interfaces"
delete_eth
echo "Network restart"
service network restart 2>&1 > /dev/null
ip route
;;
status)
echo "Checking $prog : "
if [ -f $pidfile ]; then
pid=`cat $pidfile`
CHECK=`ps -p $pid --no-heading | awk {'printf $1'}`
if [ "$CHECK" = "" ]; then
echo "$prog is NOT running."
else
echo "$prog is running !"
fi
else
echo "$prog is Not running."
fi
;;
fail)
failover
;;
*)
echo "Usage: $0 [start|stop|status|create|delete]" ; echo ; exit 1
;;
esac
exit 0
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id Author Date
\ No newline at end of property

/scripts/alcasar-logout.sh
0,0 → 1,54
#/bin/bash
# $Id$
# alcasar-logout.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
# Déconnexion d'un ou de tous les usagers
# Logout one user (or all users)
radiussecret=""
OLDIFS=$IFS
IFS=$'\n'
usage="Usage: alcasar-logout.sh {user_name} | {all}"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
nb_args=1
args="-h"
fi
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
all)
# Compute each equipments known by chilli
for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"`
do
logout_users=""
active_session=`echo $system |cut -d" " -f5`
active_user=`echo $system|cut -d" " -f6`
active_mac=`echo $system | cut -d" " -f1`
# Logout only authenticated users
if [[ $(expr $active_session) -eq 1 ]]
then
# Don't logout MAC authenticated
if [ "$active_mac" != "$active_user" ]
then
logout_users=$logout_users" $active_user"
/usr/sbin/chilli_query logout $active_mac
fi
fi
done
echo "All users are now logout : ($logout_users)"
;;
*)
echo "User-Name = $args" | /usr/bin/radclient 127.0.0.1:3799 40 $radiussecret
;;
esac
IFS=$OLDIFS
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id Author Date
\ No newline at end of property

/scripts/alcasar-mysql.sh
0,0 → 1,139
#! /bin/bash
# $Id$
# alcasar-mysql.sh
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
# Gestion (sauvegarde / import / RAZ) de la base MySQL 'radius'. Fermeture des sessions de comptabilité ouvertes
# Management of mysql 'radius' database (save / import / RAZ). Close the accounting open sessions
rep_tr="/var/Save/base" # répertoire d'accueil des sauvegardes
ext="sql" # extension des fichiers de sauvegarde
DB_RADIUS="radius"
DB_USER="radius"
radiuspwd="MotdePasse"
new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers
fichier="alcasar-users-database-$new.$ext" # nom du fichier de sauvegarde
stop_acct ()
{
date_now=`date "+%F %X"`
echo "UPDATE radacct SET acctstoptime = '$date_now', acctterminatecause = 'Admin-Reset' WHERE acctstoptime IS NULL" | mysql -u$DB_USER -p$radiuspwd $DB_RADIUS
}
check ()
{
echo "check (and repair if needed) the database :"
mysqlcheck --databases $DB_RADIUS -u $DB_USER -p$radiuspwd --auto-repair
}
expire_user () # remove users whom expiration date has passed to 7 days
{
del_date=`date +%F`
MYSQL_USER=""
MYSQL_USER=`/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS -ss --exec "SELECT username FROM radcheck WHERE ( DATE_SUB(CURDATE(),INTERVAL 7 DAY) > STR_TO_DATE(value,'%d %M %Y')) AND attribute='Expiration';"`
for u in $MYSQL_USER
do
/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS --exec "DELETE FROM radusergroup WHERE username = '$u'; DELETE FROM radreply WHERE username = '$u'; DELETE FROM userinfo WHERE UserName = '$u'; DELETE FROM radcheck WHERE username = '$u';"
if [ $? = 0 ]
then
echo "User $u was deleted $del_date" >> /var/log/mysqld/delete_user.log
else
echo "Delete User $u : Error $del_date" >> /var/log/mysqld/delete_user.log
fi
done
}
expire_group () # remove users of group whom expiration date has passed to 7 days
{
del_date=`date +%F`
MYSQL_GROUP=""
MYSQL_GROUP=`/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS -ss --exec "SELECT groupname FROM radgroupcheck WHERE ( DATE_SUB(CURDATE(),INTERVAL 7 DAY) > STR_TO_DATE(value,'%d %M %Y')) AND attribute='Expiration';"`
for g in $MYSQL_GROUP
do
MYSQL_USERGROUP=""
MYSQL_USERGROUP=`/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS -ss --exec "SELECT username FROM radusergroup WHERE groupname = '$g';"`
for u in $MYSQL_USERGROUP
do
/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS --exec "DELETE FROM radusergroup WHERE username = '$u'; DELETE FROM radreply WHERE username = '$u'; DELETE FROM userinfo WHERE UserName = '$u'; DELETE FROM radcheck WHERE username = '$u';"
if [ $? = 0 ]
then
echo "User $u was deleted $del_date" >> /var/log/mysqld/delete_user.log
else
echo "Delete User $u : Error $del_date" >> /var/log/mysqld/delete_user.log
fi
done
/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS --exec "DELETE FROM radgroupreply WHERE groupname = '$g'; DELETE FROM radgroupcheck WHERE groupname = '$g';"
if [ $? = 0 ]
then
echo "Group $g was deleted $del_date" >> /var/log/mysqld/delete_group.log
else
echo "Delete Group $g : Error $del_date" >> /var/log/mysqld/delete_group.log
fi
done
}
usage="Usage: alcasar-mysql.sh { -d or --dump } | { -c or --check } | { -i or --import } | { -r or --raz } | { -a or --acct_stop } | [ -e or --expire_user ]"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
nb_args=1
args="-h"
fi
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
-d | --dump | -dump)
[ -d $rep_tr ] || mkdir -p $rep_tr
if [ -e $fichier ];
then rm -f $fichier
fi
check
echo "Export the database in file : $fichier"
mysqldump -u $DB_USER -p$radiuspwd --opt -BcQC $DB_RADIUS > $rep_tr/$fichier
gzip -f $rep_tr/$fichier
echo "End of export $( date "+%Hh %Mmn" )"
;;
-c | --check | -check)
check
;;
-i | --import | -import)
if [ $nb_args -ne 2 ]
then
echo "Enter a SQL file name ('.sql' or '.sql.gz')"
exit 0
else
case $2 in
*.sql.gz )
gunzip -f < $2 | mysql -u $DB_USER -p$radiuspwd
stop_acct
;;
*.sql )
mysql -u $DB_USER -p$radiuspwd < $2
stop_acct
;;
esac
fi
;;
-r | --raz | -raz)
mysqldump -u $DB_USER -p$radiuspwd --opt -BcQC $DB_RADIUS > $rep_tr/$fichier
gzip -f $rep_tr/$fichier
mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < /etc/raddb/empty-radiusd-db.sql
;;
-a | --acct_stop | -acct_stop)
stop_acct
;;
-e | --expire_user)
expire_user
expire_group
;;
*)
echo "Unknown argument :$1";
echo "$usage"
exit 1
;;
esac
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id Author Date
\ No newline at end of property

/scripts/alcasar-nf.sh
0,0 → 1,41
#/bin/bash
# $Id$
# alcasar-nf.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
# active ou desactive le filtrage de protocoles réseau
# enable or disable the network protocols filter
SED="/bin/sed -i"
CONF_FILE="/usr/local/etc/alcasar.conf"
usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off}"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
echo $usage
exit 1
fi
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
--on|-on) # enable protocols filter
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $CONF_FILE
/usr/local/bin/alcasar-iptables.sh
;;
--off|-off) # disable protocols filter
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $CONF_FILE
/usr/local/bin/alcasar-iptables.sh
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
exit 1
;;
esac
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id Author Date
\ No newline at end of property

/scripts/alcasar-profil.sh
0,0 → 1,175
#/bin/bash
# $Id$
# alcasar-profil.sh
# by Richard REY
# This script is distributed under the Gnu General Public License (GPL)
# Gestion des comptes liés aux profiles
# Manage the profil logins
ADM_PROFIL="admin"
PROFILS="backup manager"
ALL_PROFILS=`echo $ADM_PROFIL $PROFILS`
DIR_KEY="/usr/local/etc/digest"
SED="/bin/sed -i"
Lang=`echo $LANG|cut -c 1-2`
# liste les comptes de chaque profile
function list () {
for i in $ALL_PROFILS
do
if [ $Lang == "fr" ]
then
echo -n "Comptes liés au profil '$i' : "
else
echo -n "accounts linked with profile '$i' : "
fi
account_list=`cat $DIR_KEY/key_only_$i | cut -d':' -f1|sort`
for account in $account_list
do
echo -n "$account "
done
echo
done
}
# ajoute les comptes du profil "admin" aux autres profils
# crée le fichier de clés contenant tous les compte (pour l'accès au centre de gestion)
function concat () {
> $DIR_KEY/key_all
for i in $PROFILS
do
cp -f $DIR_KEY/key_only_$ADM_PROFIL $DIR_KEY/key_$i
cat $DIR_KEY/key_only_$i >> $DIR_KEY/key_$i
cat $DIR_KEY/key_only_$i >> $DIR_KEY/key_all
done
cp -f $DIR_KEY/key_only_$ADM_PROFIL $DIR_KEY/key_$ADM_PROFIL
cat $DIR_KEY/key_only_$ADM_PROFIL >> $DIR_KEY/key_all
chown -R root:apache $DIR_KEY
chmod 640 $DIR_KEY/key_*
}
usage="Usage: alcasar-profil.sh [-l|--list] [-a|--add] [-d|--del] [-p|--pass]"
nb_args=$#
args=$1
# on met en place la structure minimale
if [ ! -e $DIR_KEY/key_$ADM_PROFIL ]
then
touch $DIR_KEY/key_$ADM_PROFIL
fi
cp -f $DIR_KEY/key_$ADM_PROFIL $DIR_KEY/key_only_$ADM_PROFIL
for i in $PROFILS
do
if [ ! -e $DIR_KEY/key_only_$i ]
then
touch $DIR_KEY/key_only_$i
fi
done
concat
if [ $nb_args -eq 0 ]
then
echo $usage
exit 0
fi
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
--add|-a)
# ajout d'un compte
list
if [ $Lang == "fr" ]
then
echo -n "Choisissez un profil ($ALL_PROFILS) : "
else
echo -n "Select a profile ($ALL_PROFILS) : "
fi
read profil
if [ $Lang == "fr" ]
then
echo -n "Entrez le nom du compte à créer (profil '$profil') : "
else
echo "Enter the name of the account to create (profile '$profil') : "
fi
read account
# on teste s'il n'existe pas déjà
for i in $ALL_PROFILS
do
tmp_account=`cat $DIR_KEY/key_only_$i | cut -d':' -f1`
for j in $tmp_account
do
if [ "$j" = "$account" ]
then if [ $Lang == "fr" ]
then
echo "Ce compte existe déjà"
else
echo "This account already exists"
fi
exit 0
fi
done
done
/usr/bin/htdigest $DIR_KEY/key_only_$profil "ALCASAR Control Center (ACC)" $account
concat
list
;;
--del|-d)
# suppression d'un compte
list
if [ $Lang == "fr" ]
then
echo -n "entrez le nom du compte à supprimer : "
else
echo -n "enter the name of the account to remove : "
fi
read account
for i in $ALL_PROFILS
do
$SED "/^$account:/d" $DIR_KEY/key_only_$i
done
concat
list
;;
--pass|-p)
# changement du mot de passe d'un compte
list
if [ $Lang == "fr" ]
then
echo "Changement de mot de passe"
echo -n "Entrez le nom du compte : "
else
echo "Password change"
echo -n "Enter the name of the account : "
fi
read account
for i in $ALL_PROFILS
do
tmp_account=`cat $DIR_KEY/key_only_$i | cut -d':' -f1`
for j in $tmp_account
do
if [ "$j" = "$account" ]
then
/usr/bin/htdigest $DIR_KEY/key_only_$i "ALCASAR Control Center (ACC)" $account
fi
done
done
concat
;;
--list|-l)
# liste des comptes par profile
list
;;
*)
if [ $Lang == "fr" ]
then
echo "Argument inconnu :$1";
else
echo "Unknown argument : $i";
fi
echo "$usage"
exit 1
;;
esac
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id Author Date
\ No newline at end of property

/scripts/alcasar-rpm-download.sh
0,0 → 1,145
#!/bin/bash
# $Id$
# alcasar-urpmi.sh
# by Franck BOUIJOUX and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
# récupération des RPM nécessaire dans un fichier tarball
# retrieve needed RPM in a tarball file
VERSION="4"
ARCH="i586"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap freeradius-web apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils dnsmasq rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd dkms-ipt_NETFLOW iptables-NETFLOW pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop"
rpm_repository_sync ()
{
cat <<EOF > /etc/urpmi/urpmi.cfg
{
downloader: wget
}
EOF
urpmi.addmedia --probe-synthesis --mirrorlist ${!MIRRORLIST} core /media/core/release
urpmi.addmedia --update --probe-synthesis --mirrorlist ${!MIRRORLIST} core_updates /media/core/updates
}
rpm_error ()
{
echo
echo "Relancez l'installation ultérieurement."
echo "Si vous rencontrez à nouveau ce problème, modifier les variables MIRRORLIST[1&2] du fichier 'scripts/alcasar-urpmi.sh'"
echo "Try an other install later."
echo "If this problem occurs again, change the MIRRORLIST[1&2] variables in the file 'scripts/alcasar-urpmi.sh'"
}
# extract the current architecture (i586 ou X64)
fic=`cat /etc/product.id`
old="$IFS"
IFS=","
set $fic
for i in $*
do
if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ]
then
ARCH=`echo $i|cut -d"=" -f2`
fi
done
IFS="$old"
# We prefer wget than curl
wget_exist=`rpm -qa|grep wget|wc -l`
if [ "$wget_exist" -eq "0" ]
then
urpmi --no-verify-rpm --auto ../../conf/rpms/$ARCH/wget*.rpm
fi
# Set the RPM repository
MIRROR_NBR=2
# For french ALCASARistes
MIRRORLIST1="http://www.mirrorservice.org/sites/mageia.org/pub/mageia/distrib/$VERSION/$ARCH"
# For International install
MIRRORLIST2="http://mirrors.mageia.org/api/mageia.$VERSION.$ARCH.list"
try_nb="0"; nb_repository="0"
while [ "$nb_repository" != "2" ]
do
try_nb=`expr $try_nb + 1`
MIRRORLIST="MIRRORLIST$try_nb"
rpm_repository_sync
nb_repository=`cat /etc/urpmi/urpmi.cfg|grep mirrorlist|wc -l`
if [ "$nb_repository" != "2" ]
then
echo "Une erreur a été détectée lors de la synchronisation avec le dépot N°$try_nb."
echo "An error occurs when synchronising the repositories N°$try_nb"
if [ $(expr $try_nb) -eq $MIRROR_NBR ]
then
rpm_error
exit 1
fi
echo "Voulez-vous tenter une synchronisation avec un autre dépôt?"
echo "Do you wan't to try a synchronisation with an other repository?"
response=0
PTN='^[oOnNyY]$'
until [[ $(expr $response : $PTN) -gt 0 ]]
do
read response
done
if [ "$response" = "n" ] || [ "$response" = "N" ]
then
exit 1
fi
fi
done
# delete unused RPMs
echo "Cleaning the system : "
for rm_rpm in shorewall dhcp-server cyrus-sasl distcache-server avahi mandi radeontool mondo mindi
do
/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null
echo -n "."
done
urpmi --clean
# download RPM in cache
echo "Récupération des paquetages de mise à jour. Veuillez patienter ..."
echo "Updated RPM download. Please wait ..."
echo "Il est temps d'aller prendre un café :-) "
echo "You should now take a Beer ;-) "
urpmi --auto --auto-update --quiet --test --retry 2
if [ "$?" != "0" ]
then
echo
echo "Une erreur a été détectée lors de la récupération des paquetages."
echo "An error occurs when downloading RPMS"
rpm_error
exit 1
fi
# update with cached RPM
urpmi --auto --auto-update --noclean
if [ "$?" != "0" ]
then
echo
echo "Une erreur a été détectée lors de la mise à jour des paquetages."
echo "An error occurs when updating packages"
rpm_error
exit 1
fi
# Download of ALCASAR specifics RPM in cache (and test)
echo "Récupération des paquetages complémentaires. Veuillez patienter ..."
echo "Download of complementary packages. Please wait ..."
urpmi --auto $PACKAGES --quiet --test --retry 2
if [ "$?" != "0" ]
then
echo
echo "Une erreur a été détectée lors de la récupération des paquetages complémentaires."
echo "An error occurs when downloading complementary packages"
rpm_error
exit 1
fi
echo "archive creation. Please wait..."
cd /var/cache/urpmi
tar -czf rpms-$ARCH.tar.gz rpms/
# Clean the RPM cache
urpmi --clean
mv rpms-$ARCH.tar.gz /root/
cd
echo "Your RPM archive file is /root/rpms-$ARCH.tar.gz"
exit 0
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id Author Date
\ No newline at end of property

/scripts/alcasar-uninstall.sh
0,0 → 1,279
#!/bin/bash
# $Id$
# alcasar-uninstall.sh
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
# Désisntallation d'ALCASAR
# Uninstall ALCASAR
SED="/bin/sed -i"
clear
echo "-----------------------------------------------------------------------------"
echo "** Uninstall/Update ALCASAR **"
echo "-----------------------------------------------------------------------------"
echo
# logout all logged users
/usr/local/bin/alcasar-logout.sh all
# services_stop
echo "Stopping service : "
/usr/local/bin/alcasar-sms.sh --stop
for i in alcasar-load_balancing vnstat havp freshclam ntpd httpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian dnsmasq sshd chilli
do
if [ -e /lib/systemd/system/$i.service ]
then
/usr/bin/systemctl disable $i.service
/usr/bin/systemctl stop $i.service 1>/dev/null
sleep 1
else
echo "The service $i.service doesn't exist !"
fi
done
echo "Check the service clearing"
for i in alcasar-load_balancing vnstat havp freshclam ntpd httpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian dnsmasq sshd chilli
do
if [ `systemctl is-active $i.service` == "active" ]
then
echo "The service '$i' need to be killed"
/usr/bin/systemctl stop $i.service
killall $i
fi
done
echo "Reset ALCASAR main functions : "
#init
echo -en "\n- init(1) : "
# les fichiers situés dans /usr/local/ seront supprimés à la fin car encore utiles ici
rm -f /root/ALCASAR* && echo -n "1"
sleep 1
# gestion
echo -en "\n- gestion(10) : "
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, "
[ -e /etc/httpd/conf/httpd.conf.default ] && mv /etc/httpd/conf/httpd.conf.default /etc/httpd/conf/httpd.conf && echo -n "2, "
[ -e /etc/httpd/conf/modules.d/00_base.conf.default ] && mv /etc/httpd/conf/modules.d/00_base.conf.default /etc/httpd/conf/modules.d/00_base.conf && echo -n "3, "
[ -e /etc/php.ini.default ] && mv /etc/php.ini.default /etc/php.ini && echo -n "4, "
[ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL && echo -n "5, "
if [ -d /usr/local/etc/digest ] # v >= 2.0
then rm -rf /usr/local/etc/digest && echo -n "6, "
else echo -n "6, "
fi
[ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf && echo -n "7, "
[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] && mv /etc/httpd/conf/conf.d/ssl.conf.default /etc/httpd/conf/conf.d/ssl.conf && echo -n "8, "
[ -e /usr/share/httpd/error/include/top.html.default ] && mv /usr/share/httpd/error/include/top.html.default /usr/share/httpd/error/include/top.html && echo -n "9, "
[ -e /usr/share/httpd/error/include/bottom.html.default ] && mv /usr/share/httpd/error/include/bottom.html.default /usr/share/httpd/error/include/top.html && echo -n "10"
sleep 1
# CA
echo -en "\n- AC(4) : "
[ -e /etc/pki/CA/alcasar-ca.crt ] && rm -f /etc/pki/CA/alcasar-ca.crt && echo -n "1, "
[ -e /etc/pki/CA/private/alcasar-ca.key ] && rm -f /etc/pki/CA/private/alcasar-ca.key && echo -n "2, "
[ -e /etc/pki/tls/certs/alcasar.crt ] && rm -f /etc/pki/tls/certs/alcasar.crt && echo -n "3, "
[ -e /etc/pki/tls/private/alcasar.key ] && rm -f /etc/pki/tls/private/alcasar.key && echo -n "4"
sleep 1
#init_db
echo -en "\n- init_db(2) : "
[ -e /etc/my.cnf.default ] && mv -f /etc/my.cnf.default /etc/my.cnf && echo -n "1, "
[ -e /lib/systemd/system/mysqld.service.default ] && mv -f /lib/systemd/system/mysqld.service.default /lib/systemd/system/mysqld.service && echo -n "2"
/usr/bin/systemctl daemon-reload
rm -rf /var/lib/mysql
sleep 1
#param_radius
echo -en "\n- radius(9) : "
[ -e /etc/raddb/radiusd-db-vierge.sql ] && rm -f /etc/raddb/radiusd-db-vierge.sql && echo -n "1, "
[ -e /etc/raddb/radiusd.conf.default ] && mv /etc/raddb/radiusd.conf.default /etc/raddb/radiusd.conf && echo -n "2, "
[ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar && echo -n "3, "
[ -e /etc/raddb/sites-available/alcasar ] && rm /etc/raddb/sites-available/alcasar && echo -n "4, "
[ -e /etc/raddb/clients.conf.default ] && mv /etc/raddb/clients.conf.default /etc/raddb/clients.conf && echo -n "5, "
[ -e /etc/raddb/sql.conf.default ] && mv /etc/raddb/sql.conf.default /etc/raddb/sql.conf && echo -n "6, "
[ -e /etc/raddb/sql/mysql/dialup.conf.default ] && mv /etc/raddb/sql/mysql/dialup.conf.default /etc/raddb/sql/mysql/dialup.conf && echo -n "7, "
[ -e /etc/raddb/sql/mysql/counter.conf.default ] && mv /etc/raddb/sql/mysql/counter.conf.default /etc/raddb/sql/mysql/counter.conf && echo -n "8, "
[ -e /lib/systemd/system/radiusd.service.default ] && mv /lib/systemd/system/radiusd.service.default /lib/systemd/system/radiusd.service && echo -n "9"
sleep 1
#param_web_radius
echo -en "\n- web_radius(4) : "
[ -e /etc/freeradius-web/admin.conf.default ] && mv /etc/freeradius-web/admin.conf.default /etc/freeradius-web/admin.conf && echo -n "1, "
[ -e /etc/freeradius-web/naslist.conf ] && rm /etc/freeradius-web/naslist.conf && echo -n "2, "
[ -e /etc/freeradius-web/user_edit.attrs.default ] && mv /etc/freeradius-web/user_edit.attrs.default /etc/freeradius-web/user_edit.attrs && echo -n "3, "
[ -e /etc/freeradius-web/sql.attrmap.default ] || mv /etc/freeradius-web/sql.attrmap.default /etc/freeradius-web/sql.attrmap && echo -n "4"
sleep 1
#param_chilli
echo -en "\n- chilli(4) : "
[ -e /etc/init.d/chilli.default ] && mv /etc/init.d/chilli.default /etc/init.d/chilli && echo -n "1, "
[ -e /usr/libexec/chilli ] && rm /usr/libexec/chilli && echo -n "2, "
[ -e /etc/chilli.conf.default ] && mv /etc/chilli.conf.default /etc/chilli.conf && echo -n "3, "
[ -e /lib/systemd/system/chilli.service ] && rm /lib/systemd/system/chilli.service && echo -n "4"
sleep 1
#param_dansguardian
echo -en "\n- dansguardian(8) : "
[ -d /var/dansguardian ] && rm -rf /var/dansguardian && echo -n "1, "
[ -e /etc/dansguardian/dansguardian.conf.default ] && mv /etc/dansguardian/dansguardian.conf.default /etc/dansguardian/dansguardian.conf && echo -n "2, "
[ -e /etc/dansguardian/lists/bannedphraselist.default ] && mv /etc/dansguardian/lists/bannedphraselist.default /etc/dansguardian/lists/bannedphraselist && echo -n "3, "
[ -e /etc/dansguardian/dansguardianf1.conf.default ] && mv /etc/dansguardian/dansguardianf1.conf.default /etc/dansguardian/dansguardianf1.conf && echo -n "4, "
[ -e /etc/dansguardian/lists/bannedextensionlist.default ] && mv /etc/dansguardian/lists/bannedextensionlist.default /etc/dansguardian/lists/bannedextensionlist && echo -n "5, "
[ -e /etc/dansguardian/lists/bannedmimetypelist.default ] && mv /etc/dansguardian/lists/bannedmimetypelist.default /etc/dansguardian/lists/bannedmimetypelist && echo -n "6, "
[ -e /etc/dansguardian/lists/exceptioniplist.default ] && mv /etc/dansguardian/lists/exceptioniplist.default /etc/dansguardian/lists/exceptioniplist && echo -n "7, "
[ -e /etc/dansguardian/lists/bannedsitelist.default ] && mv /etc/dansguardian/lists/bannedsitelist.default /etc/dansguardian/lists/bannedsitelist && echo -n "8"
sleep 1
#antivirus
echo -en "\n- antivirus(5) : "
if [ -e /etc/init.d/havp ]
then
[ -e /etc/havp/havp.config.default ] && mv /etc/havp/havp.config.default /etc/havp/havp.config && echo -n "1, "
userdel -r havp 2>/dev/null && echo -n "2, "
[ `grep havp /etc/fstab|wc -l` -ne "0" ] && $SED "/havp/d" /etc/fstab # anciennes versions (mémoire tampon sur disque)
[ -e /etc/init.d/havp.default ] && mv /etc/init.d/havp.default /etc/init.d/havp && echo -n "3, "
[ -e /lib/systemd/system/havp.service.default ] && mv /lib/systemd/system/havp.service.default /lib/systemd/system/havp.service && echo -n "4, "
[ -e /etc/freshclam.conf.default ] && mv /etc/freshclam.conf.default /etc/freshclam.conf && echo -n "5"
else echo -n "uninstalled"
fi
sleep 1
#tinyproxy
echo -en "\n- tinyproxy(2) : "
if [ -e /etc/init.d/tinyproxy ]
then
[ -e /etc/tinyproxy/tinyproxy.conf.default ] && mv /etc/tinyproxy/tinyproxy.conf.default /etc/tinyproxy/tinyproxy.conf && echo -n "1, "
userdel -r tinyproxy 2>/dev/null && echo -n "2"
else echo -n "uninstalled"
fi
sleep 1
#param_ulogd
echo -en "\n- ulogd(6) : "
i=0
for log_type in traceability ssh ext-access
do
i=`expr $i + 1`
[ -e /etc/ulogd-$log_type.conf ] && rm -f /etc/ulogd-$log_type.conf && echo -n "$i, "
i=`expr $i + 1`
[ -e /lib/systemd/system/ulogd-$log_type.service ] && rm -f /lib/systemd/system/ulogd-$log_type.service && echo -n "$i, "
done
sleep 1
#nfsen
echo -en "\n- nfsen(1) : "
[ -e /lib/systemd/system/nfsen.service ] && rm -f /lib/systemd/system/nfsen.service && echo -n "1"
sleep 1
#vnstat
echo -en "\n- vnstat(1) : "
[ -e /etc/vnstat.conf.default ] && mv /etc/vnstat.conf.default /etc/vnstat.conf && echo -n "1"
sleep 1
#DnsMasq
echo -en "\n- dnsmasq(9) : "
if [ -e /lib/systemd/system/dnsmasq.service ]
then
[ -e /etc/sysconfig/dnsmasq.default ] && mv /etc/sysconfig/dnsmasq.default /etc/sysconfig/dnsmasq && echo -n "1, "
[ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf && echo -n "2, "
[ -e /lib/systemd/system/dnsmasq.service.default ] && mv /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq.service && echo -n "3, "
i=3
for list in blacklist whitelist blackhole
do
i=`expr $i + 1`
[ -e /etc/dnsmasq-$list.conf ] && rm /etc/dnsmasq-$list.conf && echo -n "$i, "
i=`expr $i + 1`
[ -e /lib/systemd/system/dnsmasq-$list.service ] && rm /lib/systemd/system/dnsmasq-$list.service && echo -n "$i, "
done
else echo -n "uninstalled"
fi
sleep 1
#BL
echo -en "\n- BL(0) : "
sleep 1
#dhcpd
echo -en "\n- dhcp-server(1) : "
if [ -e /etc/init.d/dhcpd ]
then
/usr/sbin/urpme --auto dhcp-server --auto-orphans && echo -n "1"
else echo -n "uninstalled"
fi
sleep 1
#fail2ban
echo -en "\n- fail2ban(8) : "
[ -e /etc/fail2ban/fail2ban.conf.default ] && mv /etc/fail2ban/fail2ban.conf.default /etc/fail2ban/fail2ban.conf && echo -n "1, "
[ -e /etc/fail2ban/jail.conf.default ] && mv /etc/fail2ban/jail.conf.default /etc/fail2ban/jail.conf && echo -n "2, "
[ -e /etc/fail2ban/action.d/iptables-allports.conf.default ] && mv /etc/fail2ban/action.d/iptables-allports.conf.default /etc/fail2ban/action.d/iptables-allports.conf && echo -n "3, "
[ -e /etc/fail2ban/filter.d/alcasar_mod-evasive.conf ] && rm /etc/fail2ban/filter.d/alcasar_mod-evasive.conf && echo -n "4, "
[ -e /etc/fail2ban/filter.d/alcasar_htdigest.conf ] && rm /etc/fail2ban/filter.d/alcasar_htdigest.conf && echo -n "5, "
[ -e /etc/fail2ban/filter.d/alcasar_intercept.conf ] && rm /etc/fail2ban/filter.d/alcasar_intercept.conf && echo -n "6, "
[ -e /etc/fail2ban/filter.d/alcasar_change-pwd.conf ] && rm /etc/fail2ban/filter.d/alcasar_change-pwd.conf && echo -n "7, "
[ -e /lib/systemd/system/fail2ban.service.default ] && mv /lib/systemd/system/fail2ban.service.default /lib/systemd/system/fail2ban.service && echo -n "8"
sleep 1
#cron
echo -en "\n- cron(9) : "
[ -e /etc/crontab.default ] && mv /etc/crontab.default /etc/crontab && echo -n "1, "
[ -e /etc/anacrontab.default ] && mv /etc/anacrontab.default /etc/anacrontab && echo -n "2, "
[ -e /etc/cron.d/alcasar-mysql ] && rm -f /etc/cron.d/alcasar-mysql && echo -n "3, "
[ -e /etc/cron.d/alcasar-archive ] && rm -f /etc/cron.d/alcasar-archive && echo -n "4, "
[ -e /etc/cron.d/alcasar-clean_import ] && rm -f /etc/cron.d/alcasar-clean_import && echo -n "5, "
[ -e /etc/cron.d/alcasar-distrib-updates ] && rm -f /etc/cron.d/alcasar-distrib-updates && echo -n "6, "
[ -e /etc/cron.d/freeradius-web ] && rm -f /etc/cron.d/freeradius-web && echo -n "7, "
[ -e /etc/cron.d/alcasar-watchdog ] && rm -f /etc/cron.d/alcasar-watchdog && echo -n "8, "
[ -e /etc/cron.d/alcasar-daemon-watchdog ] && rm -f /etc/cron.d/alcasar-daemon-watchdog && echo -n "9"
sleep 1
#gammu-smsd
echo -en "\n- gammu-smsd(3) : "
[ -e /etc/gammu_smsd_conf ] && rm -f /etc/gammu_smsd_conf && echo -n "1, "
[ -e /etc/udev/rules.d/66-huawei.rules ] && rm -f /etc/udev/rules.d/66-huawei.rules && echo -n "2, "
[ -e /var/log/gammu-smsd ] && rm -rf /var/log/gammu-smsd && echo -n "3"
sleep 1
#network
echo -en "\n- network(10) : "
hostname localhost
CONF_FILE="/usr/local/etc/alcasar.conf"
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
i=0
for nic in $EXTIF $INTIF
do
i=`expr $i + 1`
/sbin/ifdown $nic
[ -e /etc/sysconfig/network-scripts/default-ifcfg-$nic ] && mv -f /etc/sysconfig/network-scripts/default-ifcfg-$nic /etc/sysconfig/network-scripts/ifcfg-$nic && echo -n "$i, "
done
[ -e /etc/sysconfig/network.default ] && mv /etc/sysconfig/network.default /etc/sysconfig/network && echo -n "3, "
[ -e /etc/hosts.default ] && mv /etc/hosts.default /etc/hosts && echo -n "4, "
[ -e /etc/ntp.conf.default ] && mv /etc/ntp.conf.default /etc/ntp.conf && echo -n "5, "
[ -e /etc/hosts.allow.default ] && mv /etc/hosts.allow.default /etc/hosts.allow && echo -n "6, "
[ -e /etc/hosts.deny.default ] && mv /etc/hosts.deny.default /etc/hosts.deny && echo -n "7, "
[ -e /etc/modprobe.preload.default ] && mv /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "8, "
[ -e /lib/systemd/system/iptables.service.default ] && mv /lib/systemd/system/iptables.service.default /lib/systemd/system/iptables.service && echo -n "9, "
[ -e /usr/libexec/iptables.init.default ] && mv /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo -n "10"
/sbin/ifup $EXTIF
sleep 1
#post_install
echo -en "\n- post_install(6) : "
[ -e /etc/mageia-release.default ] && mv /etc/mageia-release.default /etc/mageia-release && echo -n "1, "
[ -e /etc/ssh/alcasar-banner-ssh ] && rm -f /etc/ssh/alcasar-banner-ssh && echo -n "2, "
[ -e /etc/ssh/sshd_config.default ] && mv /etc/ssh/sshd_config.default /etc/ssh/sshd_config && echo -n "3, "
[ -e /etc/bashrc.default ] && mv /etc/bashrc.default /etc/bashrc && echo -n "4, "
[ -e /etc/sudoers.default ] && mv /etc/sudoers.default /etc/sudoers && echo -n "5, "
[ -e /lib/systemd/system/alcasar-load_balancing.service ] && rm -f /lib/systemd/system/alcasar-load_balancing.service && echo -n "6"
sleep 1
#nettoyage (on retire les services supprimés ou remplacés dans la nouvelle version)
echo -en "\n- cleaning() : "
for rm_fic in /usr/local/bin /usr/local/etc
do
rm -rf $rm_fic/alcasar*
done
echo
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id Author Date
\ No newline at end of property

/scripts/alcasar-url_filter.sh
0,0 → 1,91
#/bin/bash
# alcasar-url_filter.sh
# by REXY
# This script is distributed under the Gnu General Public License (GPL)
# Active / désactive : safesearch des moteurs de recherche ainsi que le filtrage Youtube
# Enable / disable : search engines safesearch and Youtube filtering
# Active / désactive : le filtrage des url contenant une adresse ip à la place d'un nom de domaine
# Enable / disable : filter of urls containing ip address instead of domain name
DIR_DG="/etc/dansguardian/lists"
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf"
CONF_FILE="/usr/local/etc/alcasar.conf"
SED="/bin/sed -i"
safesearch="Off"
pureip="Off"
usage="Usage: alcasar-url_filter.sh { -safesearch_on or -safesearch_off } & { -pureip_on or --pureip_off }"
nb_args=$#
if [ $nb_args -le 1 ]
then
echo "$usage"
nb_args=0
else
while [ $nb_args -ge 1 ]
do
arg=${!nb_args}
case $arg in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
# Safe search activation
-safesearch_on | --safesearch_on)
safesearch="On"
;;
# Safe search desactivation
-safesearch_off | --safesearch_off)
safesearch="Off"
;;
# pure_ip activation
-pureip_on | --pureip_on)
pureip="On"
;;
# pureip desactivation
-pureip_off | --pureip_off)
pureip="Off"
;;
*)
echo "Argument inconnu :$arg";
echo "$usage"
exit 1
;;
esac
nb_args=$(expr $nb_args - 1)
done
if [ $safesearch == "On" ]
then
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # on décommente les lignes de regles
youtube_id=`grep YOUTUBE_ID $CONF_FILE|cut -d"=" -f2`
$SED "s?\&edufilter=.*?\&edufilter=$youtube_id\"?g" $DIR_DG/urlregexplist
# add 'nosslsearch' redirection for google searching
# $SED "/google/d" $DNSMASQ_BL_CONF # remove old google declaration
# nossl_server=`host -ta nosslsearch.google.com|cut -d" " -f4` # retrieve google nosslsearch ip
# echo "# nosslsearch redirect server for google" >> $DNSMASQ_BL_CONF
# for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat
# do
# echo "address=/$gg_dnsname/$nossl_server" >> $DNSMASQ_BL_CONF
# done
# add 'SafeSearch' redirection for google searching
$SED "/google/d" $DNSMASQ_BL_CONF # remove old google declaration
forcesafesearch_server=`host -ta forcesafesearch.google.com|cut -d" " -f4` # retrieve google forcesafesearch ip
echo "# SafeSearch redirect server for google" >> $DNSMASQ_BL_CONF
for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat
do
echo "address=/$gg_dnsname/$forcesafesearch_server" >> $DNSMASQ_BL_CONF
done
else
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist
$SED "/google/d" $DNSMASQ_BL_CONF
fi
if [ $pureip == "On" ]
then
$SED "s/^\#\*ip$/*ip/g" $DIR_DG/bannedsitelist
else
$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist
fi
systemctl restart dansguardian
systemctl restart dnsmasq-blacklist
fi
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id Author Date
\ No newline at end of property

/scripts/alcasar-version.sh
0,0 → 1,59
#!/bin/bash
# $Id$
# alcasar-version-list.sh
# by Richard REY
# This script is distributed under the Gnu General Public License (GPL)
# récupère les versions d'ALCASAR (stable et développement)
# download the ALCASAR versions (stable / dev)
VERSION="/var/www/html/VERSION"
SITE_VERSION="version.alcasar.net"
MAJ="False"
DNS_VERSION_L=`dig $SITE_VERSION txt | grep ^$SITE_VERSION | cut -d"\"" -f2`
DNS_VERSION=`echo $DNS_VERSION_L|cut -d" " -f1`
MAJ_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f1`
MIN_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f2`
UPD_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f3`
RUNNING_VERSION=`cat $VERSION|cut -d" " -f1`
MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1`
MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1`
UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3`
#compare major number
if [ $MAJ_RUNNING_VERSION -lt $MAJ_DNS_VERSION ]
then
MAJ="True"
fi
#compare minor number
if [ $MAJ_RUNNING_VERSION -eq $MAJ_DNS_VERSION ]
then
if [ $MIN_RUNNING_VERSION -lt $MIN_DNS_VERSION ]
then
MAJ="True"
fi
#compare update number
if [ $MIN_DNS_VERSION -eq $MIN_RUNNING_VERSION ]
then
if [ -n "$UPD_DNS_VERSION" ]
then
if [ -z "$UPD_RUNNING_VERSION" ]
then
MAJ="True"
else
if [ $UPD_RUNNING_VERSION -lt $UPD_DNS_VERSION ]
then
MAJ="True"
fi
fi
fi
fi
fi
if [ $MAJ = "True" ]
then
echo "An updated version is available ($DNS_VERSION)"
else
echo "The Running version ($RUNNING_VERSION) is up to date"
fi
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id Author Date
\ No newline at end of property

/web/acc/admin/bl_filter.php
216,11 → 216,11
switch ($choix)
{
case 'Download_list' :
exec ("sudo /usr/local/sbin/alcasar-bl.sh --download");
exec ("sudo /usr/local/bin/alcasar-bl.sh --download");
break;
case 'Active_list' :
exec ("sudo /usr/local/sbin/alcasar-bl.sh --adapt");
exec ("sudo /usr/local/sbin/alcasar-bl.sh --reload");
exec ("sudo /usr/local/bin/alcasar-bl.sh --adapt");
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
break;
case 'Reject_list' :
unlink ("$dir_tmp/blacklists.tar.gz"); unlink ("$dir_tmp/md5sum");
256,7 → 256,7
fputs($fichier, form_filter($_POST['BL_rehabilited_ip']));
fclose($fichier);
unset($_POST['BL_rehabilited_ip']);
exec ("sudo /usr/local/sbin/alcasar-bl.sh --reload");
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
break;
case 'Specific_filtering' :
$pureip="-pureip_off"; $safesearch="-safesearch_off"; ;
269,7 → 269,7
else {$New_ID=$_POST['Youtube_ID'];}
file_put_contents($conf_file, str_replace("YOUTUBE_ID=$YOUTUBE_ID", "YOUTUBE_ID=$New_ID", file_get_contents($conf_file)));
$YOUTUBE_ID=$New_ID;
exec ("sudo /usr/local/sbin/alcasar-url_filter.sh $safesearch $pureip");
exec ("sudo /usr/local/bin/alcasar-url_filter.sh $safesearch $pureip");
break;
case 'MAJ_ip_file_delete' :
foreach($_POST as $fichier => $value)
278,7 → 278,7
{
exec("rm -rf $upload_dir_ip$fichier");
exec("rm -rf $upload_dir_domain_names$fichier");
exec ("sudo /usr/local/sbin/alcasar-bl.sh --reload");
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
}
break;
318,7 → 318,7
{
echo $l_error_upload;
}
exec ("sudo /usr/local/sbin/alcasar-bl.sh --reload");
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
break;
}

/web/acc/admin/network.php
90,10 → 90,10
switch ($choix)
{
case 'DHCP_On' :
exec ("sudo /usr/local/sbin/alcasar-dhcp.sh -on");
exec ("sudo /usr/local/bin/alcasar-dhcp.sh -on");
break;
case 'DHCP_Off' :
exec ("sudo /usr/local/sbin/alcasar-dhcp.sh -off");
exec ("sudo /usr/local/bin/alcasar-dhcp.sh -off");
break;
case 'new_mac' :
if ((trim($_POST['add_mac']) != "") and (trim($_POST['add_ip']) != ""))
318,7 → 318,7
</fieldset>
</td></tr>
<?php
echo "<td><input type='submit' value='$l_apply' disabled></td>";
echo "<td><input type='submit' value='$l_apply' ></td>";
echo "</form>";
?>
</table>

/web/acc/admin/protocols_filter.php
80,10 → 80,10
switch ($choix)
{
case 'NF_On' :
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on");
exec ("sudo /usr/local/bin/alcasar-nf.sh -on");
break;
case 'NF_Off' :
exec ("sudo /usr/local/sbin/alcasar-nf.sh -off");
exec ("sudo /usr/local/bin/alcasar-nf.sh -off");
break;
case 'new_port' :
if ((trim($_POST['add_port']) != "80") and ($_POST['add_port'] != "") and ($_POST['add_proto'] != "") and (is_numeric($_POST['add_port'])))

/web/acc/admin/services.php
145,11 → 145,11
if (isset($_POST['choix'])){
switch ($_POST['choix']){
case 'reboot' :
exec ("sudo /usr/local/sbin/alcasar-logout.sh all");
exec ("sudo /usr/local/bin/alcasar-logout.sh all");
exec ("sudo /usr/sbin/shutdown -r now");
break;
case 'halt' :
exec ("sudo /usr/local/sbin/alcasar-logout.sh all");
exec ("sudo /usr/local/bin/alcasar-logout.sh all");
exec ("sudo /usr/sbin/shutdown -h now");
break;
}

/web/acc/admin/wl_filter.php
136,7 → 136,7
fputs($fichier, form_filter_ip($_POST['OSSI_wl_ip'], "white"));
fclose($fichier);
unset($_POST['OSSI_wl_ip']);
exec ("sudo /usr/local/sbin/alcasar-bl.sh --reload");
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
break;
}
?>

/web/acc/backup/sauvegarde.php
72,7 → 72,7
if (isset($_POST['choix'])){
switch ($_POST['choix']){
case 'user_DB_backup' :
exec ("sudo /usr/local/sbin/alcasar-mysql.sh --dump");
exec ("sudo /usr/local/bin/alcasar-mysql.sh --dump");
break;
case 'traceability_backup' :
exec ("sudo /usr/local/bin/alcasar-archive.sh --live");

/web/acc/manager/htdocs/clear_opensessions.php
68,7 → 68,7
if ($clear_sessions == 1)
{
# close active sessions
exec ("sudo /usr/local/sbin/alcasar-logout.sh $login");
exec ("sudo /usr/local/bin/alcasar-logout.sh $login");
# delete open accounting sessions
$now = time();
$today_now = date("Y-m-d H:i:s",$now);

/web/acc/manager/htdocs/import_user.php
120,8 → 120,8
else { $choix = ''; }
if ($choix == "raz")
{
exec ("sudo /usr/local/sbin/alcasar-logout.sh all");
exec ("sudo /usr/local/sbin/alcasar-mysql.sh --raz");
exec ("sudo /usr/local/bin/alcasar-logout.sh all");
exec ("sudo /usr/local/bin/alcasar-mysql.sh --raz");
}
// a file is downloaded
if(isset($_FILES['import-users']) && ($_FILES['import-users']['name'] !=""))
135,7 → 135,7
else
{
$destination = '/tmp/import_file.txt';
exec ("sudo /usr/local/sbin/alcasar-mysql.sh --dump");
exec ("sudo /usr/local/bin/alcasar-mysql.sh --dump");
move_uploaded_file($_FILES['import-users']['tmp_name'], $destination);
$RS_in = file ($destination);
$da_abort=0;
229,9 → 229,9
if (($extension == 'sql') || ($extension == 'sql.gz'))
{
$destination = '/tmp/import_file.'.$extension;
exec ("sudo /usr/local/sbin/alcasar-mysql.sh --dump");
exec ("sudo /usr/local/bin/alcasar-mysql.sh --dump");
move_uploaded_file($_FILES['import-users']['tmp_name'], $destination);
exec ("sudo /usr/local/sbin/alcasar-mysql.sh --import $destination");
exec ("sudo /usr/local/bin/alcasar-mysql.sh --import $destination");
//echo "OK : $destination";
unlink ($destination);
}

/web/acc/phpsysinfo/includes/common_functions.php
127,7 → 127,7
function find_program ($strProgram) {
global $addpaths;
$arrPath = array( '/bin', '/sbin', '/usr/bin', '/usr/sbin', '/usr/local/bin', '/usr/local/sbin' );
$arrPath = array( '/bin', '/sbin', '/usr/bin', '/usr/sbin', '/usr/local/bin' );
if( isset( $addpaths ) && is_array( $addpaths ) ) {
$arrPath = array_merge( $arrPath, $addpaths );
}