Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1924 → Rev 1925

/alcasar.sh
1626,11 → 1626,8
# change the google safesearch ("safe=strict" instead of "safe=vss")
$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
# adapt the Toulouse BL to ALCASAR architecture
# creation of the custom BL and WL categorie named "ossi" (for domain names & ip only)
if [ "$mode" != "update" ]; then
$DIR_DEST_BIN/alcasar-bl.sh --adapt
# enable the default categories
$DIR_DEST_BIN/alcasar-bl.sh --cat_choice
# creation of the custom BL and WL categorie named "ossi" (for domain names & ip only)
mkdir $DIR_DG/lists/blacklists/ossi-bl $DIR_DG/lists/blacklists/ossi-wl
touch $DIR_DG/lists/blacklists/ossi-bl/domain $DIR_DG/lists/blacklists/ossi-wl/domain
# add custom ALCASAR BL files (TOR)
1638,6 → 1635,9
mv $DIR_CONF/ossi-tor_node $DIR_DG/lists/blacklists/ossi-tor_node/domain
chown -R dansguardian:apache $DIR_DG $DIR_DEST_SHARE
chmod -R g+rw $DIR_DG $DIR_DEST_SHARE
$DIR_DEST_BIN/alcasar-bl.sh --adapt
# enable the default categories
$DIR_DEST_BIN/alcasar-bl.sh --cat_choice
fi
}
 
/scripts/alcasar-bl.sh
154,11 → 154,6
done
sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp
mv $FILE_tmp $WL_CATEGORIES
 
# restoring ip files and ossi category BL/WL
mv $DIR_tmp/ossi $DIR_IP_BL
chown apache $DIR_IP_BL/ossi
rm -rf $DIR_tmp
}
 
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload } | { -update_cat or --update_cat }"
195,26 → 190,11
# Adapt Toulouse University BL to ALCASAR architecture (dnsmasq + DG + iptables)
-adapt | --adapt)
echo -n "Adaptation process of Toulouse University blackList. Please wait : "
# keep custom files (ossi) only when updating he BL
if [ -d $DIR_IP_BL -a -d $DIR_IP_WL -a -d $DIR_DNS_BL -a -d $DIR_DNS_WL ]
then
for x in $(ls -1 $DIR_IP_BL | grep "^ossi*")
do
mv $DIR_IP_BL/$x $tmp_DIR_IP_BL
done
for x in $(ls -1 $DIR_IP_WL | grep "^ossi*")
do
mv $DIR_IP_WL/$x $tmp_DIR_IP_WL
done
for x in $(ls -1 $DIR_DNS_BL | grep "^ossi*")
do
mv $DIR_DNS_BL/$x $tmp_DIR_DNS_BL
done
for x in $(ls -1 $DIR_DNS_WL | grep "^ossi*")
do
mv $DIR_DNS_WL/$x $tmp_DIR_DNS_WL
done
fi
# keep custom files (ossi)
for x in $(ls -1 $DIR_DG_BL | grep "^ossi-*")
do
mv $DIR_DG_BL/$x $DIR_tmp
done
if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL
then
rm -rf $DIR_DG_BL $DIR_IP_BL
221,6 → 201,12
mkdir $DIR_DG_BL $DIR_IP_BL
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
fi
# Retrieve custom files (ossi)
for x in $(ls -1 $DIR_tmp | grep "^ossi-*")
do
mv $DIR_tmp/$x $DIR_DG_BL
done
 
rm -f $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED
rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
touch $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED
/web/acc/admin/bl_filter.php
101,14 → 101,11
$l_reject_bl="Rejeter";
$l_warning="Temps estimé : une minute.";
$l_specific_filtering="Filtrage special";
$l_forbidden_dns="Noms de domaine filtrés";
$l_one_dns="Entrez un nom de domaine par ligne (exemple : .domaine.org)";
$l_one_dns_ip="Entrez un nom de domaine ou une adresse IP ou une adresse de réseau par ligne<br>exemple (domaine) : .domaine.org - exemple (ip) : 61.54.52.56 - exemple (réseau) : 172.16.0.0/16";
$l_maj_rehabilitated="Noms de domaine ou IP réhabilités";
$l_rehabilitated_dns="Noms de domaine réhabilités";
$l_rehabilitated_dns_explain="Entrez ici des noms de domaine bloqués par la liste noire <BR> que vous souhaitez réhabiliter.";
$l_add_to_bl="Noms de domaine ou IP ajoutés à la liste noire";
$l_forbidden_ip="IP filtrées";
$l_forbidden_ip_explain="Entrez une IP par ligne (exemple : 123.123.123.123)<br/>ou une ADRESSE RESEAU (exemple : 123.123.0.0/16)";
$l_add_to_bl="Noms de domaine ou adresses IP à ajouter à la liste noire";
$l_rehabilitated_ip="IP réhabilitées";
$l_rehabilitated_ip_explain="Entrez ici des IP bloquées par la liste noire <BR> que vous souhaitez réhabiliter.";
$l_one_ip="Entrez une IP par ligne (exemple : 123.123.123.123)";
133,9 → 130,7
$l_nbDomainNames="Noms de domaine :";
$l_nbUrl="Url :";
$l_nbIp="Ip :";
$l_update_cat="Mise a jour des catégories automatiquement?";
$l_no_update_cat = "Désactiver";
$l_yes_update_cat = "Activer (Toutes les 12 heures)";
$l_update_cat="Mise a jour des catégories automatiquement toutes les 12h (seulement 'malware' actuellement)?";
$l_disable="Désactiver";
$l_enable="Activer";
$l_file_state="Etat";
152,15 → 147,12
$l_reject_bl="Reject";
$l_warning="Estimated time : one minute.";
$l_specific_filtering="Specific filtering";
$l_forbidden_dns="Filtered domain names";
$l_allowed_dns="Allowed domain names";
$l_one_dns="Enter one domain name per row (example : .domain.org)";
$l_one_dns_ip="Enter one domain name or one IP address or one network address per row <br>example (domain): .domain.org - example (ip): 61.54.56.52 - example (network) : 172.16.0.0/16";
$l_maj_rehabilitated="Domain names or IP rehabilitated";
$l_rehabilitated_dns="Rehabilitated domain names";
$l_rehabilitated_dns_explain="Enter here domain names that are blocked by the blacklist <BR> and you want to rehabilitate.";
$l_add_to_bl="Domain names or IP to add to blacklist";
$l_forbidden_ip="Filtered IP";
$l_forbidden_ip_explain="Enter one IP per row (example : 123.123.123.123)<br/>or a NETWORK ADDRESS (example : 123.123.0.0/16)";
$l_add_to_bl="Domain names or IP addresses to add to the blacklist";
$l_rehabilitated_ip="Rehabilitated IP";
$l_rehabilitated_ip_explain="Enter here IP that are blocked by the blacklist <BR> and you want to rehabilitate.";
$l_one_ip="Enter one IP per row (example : 123.123.123.123)";
185,9 → 177,7
$l_nbDomainNames="Domain names :";
$l_nbUrl="Url :";
$l_nbIp="Ip :";
$l_update_cat="Mise a jour des catégories automatiquement?";
$l_no_update_cat = "Disable";
$l_yes_update_cat = "Enable (Every 12 hours)";
$l_update_cat="Update automaticly categories every 12 hours (only 'malware' for now)?";
$l_disable="Disable";
$l_enable="Enable";
$l_file_state="State";
199,7 → 189,7
$bl_categories=$dir_etc."alcasar-bl-categories";
$bl_categories_enabled=$dir_etc."alcasar-bl-categories-enabled";
$conf_file=$dir_etc."alcasar.conf";
$dir_blacklist=$dir_dg."blacklist/";
$dir_blacklist=$dir_dg."blacklists/";
$urlregex_file=$dir_dg."urlregexplist";
$bannedsite_file=$dir_dg."bannedsitelist";
$dir_tmp="/tmp/blacklists";
327,38 → 317,38
if(!empty($nom))
{
# On l'upload
if(move_uploaded_file($_FILES['fichier_ip']['tmp_name'], $upload_dir_ip.$nom))
if(move_uploaded_file($_FILES['fichier_ip']['tmp_name'], $blacklist_dir."ossi-bl-".$nom))
{
# On extrait uniquement les ip du fichier
exec("grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' $upload_dir_ip$nom > $upload_dir_ip\ossi_ip");
// exec("grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' $upload_dir_ip$nom > $upload_dir_ip\ossi_ip");
 
# Suppression des doublons
exec("sort -u $upload_dir_ip\ossi_ip > $upload_dir_ip\ossi-$nom && rm -f $upload_dir_ip\ossi_ip");
// exec("sort -u $upload_dir_ip\ossi_ip > $upload_dir_ip\ossi-$nom && rm -f $upload_dir_ip\ossi_ip");
 
# On adapte le fichier à la sauvegarde du set
exec("sed -i \"s/^/add bl_ip_blocked /g\" $upload_dir_ip\ossi-$nom");
// exec("sed -i \"s/^/add bl_ip_blocked /g\" $upload_dir_ip\ossi-$nom");
 
# On extrait uniquement les noms de domaine
# max_tld() retourne le nombre max de charactere pour un top-level dns
exec("grep -Eo '([a-zA-Z0-9_-]+\.){1,2}[a-zA-Z]{2,".max_tld()."}' $upload_dir_ip$nom > $upload_dir_domain_names\ossi_domain_names");
// exec("grep -Eo '([a-zA-Z0-9_-]+\.){1,2}[a-zA-Z]{2,".max_tld()."}' $upload_dir_ip$nom > $upload_dir_domain_names\ossi_domain_names");
 
# Suppression des doublons
exec("sort -u $upload_dir_domain_names\ossi_domain_names > $upload_dir_domain_names\ossi-$nom && rm -f $upload_dir_domain_names\ossi_domain_names");
// exec("sort -u $upload_dir_domain_names\ossi_domain_names > $upload_dir_domain_names\ossi-$nom && rm -f $upload_dir_domain_names\ossi_domain_names");
 
# On adapte le fichier pour Dnsmasq
exec("sed -i \"s/^/address=\//g\" $upload_dir_domain_names\ossi-$nom");
exec("sed -i \"s/$/\/$PRIVATE_IP/g\" $upload_dir_domain_names\ossi-$nom");
// exec("sed -i \"s/^/address=\//g\" $upload_dir_domain_names\ossi-$nom");
// exec("sed -i \"s/$/\/$PRIVATE_IP/g\" $upload_dir_domain_names\ossi-$nom");
 
# Suppression du fichier
exec("rm -f $upload_dir_ip$nom");
// exec("rm -f $upload_dir_ip$nom");
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
exec ("sudo /usr/local/bin/alcasar-iptables.sh ");
}
else
{
echo $l_error_upload;
}
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
exec ("sudo /usr/local/bin/alcasar-iptables.sh ");
}
break;
}
452,8 → 442,8
echo "</td></tr>";
echo "<tr><td valign='middle' align='left' colspan=10>";
echo "<center>$l_update_cat
<input type='radio' name='update_cat' value=0 $update_select[0]> $l_no_update_cat
<input type='radio' name='update_cat' value=1 $update_select[1]> $l_yes_update_cat
<input type='radio' name='update_cat' value=0 $update_select[0]> $l_disable
<input type='radio' name='update_cat' value=1 $update_select[1]> $l_enable
<input type='submit' value='$l_record'></center>";
echo "</td></tr>";
echo "<tr><td valign='middle' align='left' colspan=10>";
470,16 → 460,17
echo "</textarea></td></tr><tr><td width=50% colspan=10>";
echo "<tr><td valign='middle' align='left' colspan=10>";
echo "<center><b>$l_add_to_bl</b></center></td></tr>";
echo "<tr><td width=50% colspan=5 align=center>";
echo "<H3>$l_forbidden_dns</H3>$l_one_dns<BR>";
echo "<tr><td width=100% colspan=10 align=center>";
echo "$l_one_dns_ip<BR>";
echo "<textarea name='OSSI_bl_domains' rows=3 cols=40>";
echo_file ($dir_bl_dns."ossi.conf");
echo_file ($dir_blacklist."ossi-bl/domain");
echo "</textarea></td>";
echo "<td width=50% colspan=5 align=center>";
echo "<H3>$l_forbidden_ip</H3>$l_forbidden_ip_explain<BR>";
echo "<textarea name='OSSI_bl_ip' rows=3 cols=40>";
echo_ip_file ($dir_bl_ip."ossi");
echo "</textarea></td></tr><tr><td colspan=10>";
//echo "<td width=50% colspan=5 align=center>";
//echo "<H3>$l_forbidden_ip</H3>$l_forbidden_ip_explain<BR>";
//echo "<textarea name='OSSI_bl_ip' rows=3 cols=40>";
//echo_ip_file ($dir_blacklist."ossi");
//echo "</textarea></td></tr>;
echo "</tr><tr><td colspan=10>";
echo "<input type='submit' onClick=\"this.disabled=true; this.value='$l_load';\" value='$l_record'>";
echo "</form> ($l_wait)";
echo "</td></tr></table><br/>";
499,9 → 490,9
echo "<table cellspacing=2 cellpadding=3 border=1><tr><th>$l_file_name<th>$l_nb_ip<th>$l_nb_domain_names<th>$l_file_state<th>$l_file_remove</tr>";
 
//liste des fichiers activés
$fichiersIp = array_diff(scandir($upload_dir_ip), array('ossi','ossi-ip-safesearch','..','.'));
$fichiersIp = preg_grep("/^ossi-/",$fichiersIp);
foreach($fichiersIp as $fichier => $value)
$fichiersbl = array_diff(scandir($dir_blacklist), array('..','.'));
$fichiersbl = preg_grep("/^ossi-bl",$fichiersbl);
foreach($fichiersbl as $fichier => $value)
{
if($value=='ossi-tor_node_ip')
echo "<tr><td><center><a href='bl_categories_help.php?liste=bl&cat=$value&ossi=yes&filtre=domain' target='cat_help' onclick=window.open('bl_categories_help','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>".exec("sed 's/^.....//g' <<< $value")."</a></center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_disable'></center></td><td><center><input type='submit' name='$value' value='$l_remove' disabled></center></td></tr>";