Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 1936 → Rev 1938

/CHANGELOG
9,6 → 9,7
- user login name can be accentuated
- A first BL category (malware) can be update on the fly via rsync
- Wildcard certificate can be used
- a blacklist custom file is added (TOR nodes)
ACC - freeradius-web framework has been removed
- all SQL PHP functions have been rewritten (thanks Clément Siccardi & Raphaël PION for this huge work)
/alcasar.sh
56,6 → 56,7
DIR_INSTALL=`pwd` # current directory
DIR_CONF="$DIR_INSTALL/conf" # install directory (with conf files)
DIR_SCRIPTS="$DIR_INSTALL/scripts" # install directory (with script files)
DIR_BLACKLIST="$DIR_INSTALL/blacklist" # install directory (with blacklist files)
DIR_SAVE="/var/Save" # backup directory (traceability_log, user_db, security_log)
DIR_WEB="/var/www/html" # directory of APACHE
DIR_DG="/etc/dansguardian" # directory of DansGuardian
1598,7 → 1599,7
# copy the Toulouse university BL in order to be adapted to ALCASAR architecture (alcasar-bl.sh -adapt)
rm -rf $DIR_DG/lists/blacklists
mkdir -p /tmp/blacklists
cp $DIR_CONF/blacklists.tar.gz /tmp/blacklists/
cp $DIR_BLACKLIST/blacklists.tar.gz /tmp/blacklists/
# creation of file for the rehabilited domains and urls
[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
1633,10 → 1634,10
mkdir -p $DIR_DG/lists/blacklists/ossi-wl
touch $DIR_DG/lists/blacklists/ossi-wl/domains
# add custom ALCASAR BL files
for x in $(ls $DIR_CONF | grep "^ossi-*")
for x in $(ls $DIR_BLACKLIST | grep -v "^blacklist")
do
mkdir $DIR_DG/lists/blacklists/$x
cp $DIR_CONF/$x $DIR_DG/lists/blacklists/$x/domains
mkdir $DIR_DG/lists/blacklists/ossi-bl-$x
cp $DIR_BLACKLIST/$x $DIR_DG/lists/blacklists/ossi-bl-$x/domains
done
chown -R dansguardian:apache $DIR_DG $DIR_DEST_SHARE
chmod -R g+rw $DIR_DG $DIR_DEST_SHARE
/conf/rpms/rpm-build-howto
File deleted
Property changes:
Deleted: svn:keywords
-Id Date Author
\ No newline at end of property
/conf/rpms/i586/ipt-netflow-2.2-1.mga5.i586.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/i586/dnsmasq-base-2.75-1.mga6.i586.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/i586/nfdump-1.6.9-0.i586.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/i586/coova-chilli-1.3.1-4.mga5.i586.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/i586/wget-1.17.1-2.mga6.i586.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/i586/dnsmasq-2.75-1.mga6.i586.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/i586/havp-0.92a-1.1.mga4.i586.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/havp-0.92a-1.1.spec
File deleted
/conf/rpms/coova-chilli-1.3.0-1.spec
File deleted
/conf/rpms/x86_64/dnsmasq-2.75-1.mga6.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/x86_64/havp-0.92a-1.mga5.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/x86_64/ipt-netflow-2.2-1.mga5.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/x86_64/dnsmasq-base-2.75-1.mga6.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/x86_64/nfdump-1.6.9-0.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/x86_64/coova-chilli-1.3.1-4.mga5.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/x86_64/wget-1.17.1-2.mga6.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/coova-chilli-1.3.0.spec
File deleted
/conf/rpms/coova-chilli-1.3.1.spec
File deleted
/conf/rpms/ipt-netflow.spec
File deleted
/conf/rpms/havp-init.diff
File deleted
/conf/blacklists.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/blacklist-MD5SUM.lst
File deleted
/conf/ossi-tor_nodes
File deleted
/scripts/alcasar-bl.sh
42,7 → 42,7
mkdir -p $DIR_tmp
for LIST in $DIR_IP_BL_ENABLED $DIR_DNS_BL_ENABLED $DIR_IP_WL_ENABLED $DIR_DNS_WL_ENABLED
do
if [ ! -e $LIST ] # installation of ALCASAR
if [ ! -e $LIST ] # only on install stage
then
mkdir $LIST
else
74,7 → 74,8
# add ossi categories
for OSSI_CATEGORIE in `ls $DIR_DNS_BL | grep ossi`
do
ln -sf $DIR_DNS_BL/$OSSI_CATEGORIE $DIR_DNS_BL_ENABLED/$OSSI_CATEGORIE
OSSI_CATEGORIE_SHORT=`echo $OSSI_CATEGORIE|cut -d"." -f1`
ln -sf $DIR_DNS_BL/$OSSI_CATEGORIE $DIR_DNS_BL_ENABLED/$OSSI_CATEGORIE_SHORT
done
for OSSI_CATEGORIE in `ls $DIR_IP_BL | grep ossi`
do
84,7 → 85,7
sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp
mv $FILE_tmp $BL_CATEGORIES
 
# process the file $WL_CATEGORIES with the choice of categories
# process the file $WL_CATEGORIES with the choice of categories
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`
do
$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES
94,7 → 95,8
# add ossi categories
for OSSI_CATEGORIE in `ls $DIR_DNS_WL | grep ossi`
do
ln -sf $DIR_DNS_WL/$OSSI_CATEGORIE $DIR_DNS_WL_ENABLED/$OSSI_CATEGORIE
OSSI_CATEGORIE_SHORT=`echo $OSSI_CATEGORIE|cut -d"." -f1`
ln -sf $DIR_DNS_WL/$OSSI_CATEGORIE $DIR_DNS_WL_ENABLED/$OSSI_CATEGORIE_SHORT
done
for OSSI_CATEGORIE in `ls $DIR_IP_WL | grep ossi`
do
184,8 → 186,10
fi
rm -f $BL_CATEGORIES $WL_CATEGORIES
rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED
touch $BL_CATEGORIES $WL_CATEGORIES
mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED
chown -R root:apache $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
chmod -R g+w $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist
225,8 → 229,8
do
for PATH_FILE in `cat $LIST` # for each category
do
DOMAINE=`basename $PATH_FILE`
echo -n "$DOMAINE, "
DOMAIN=`basename $PATH_FILE`
echo -n "$DOMAIN, "
if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist
then
touch $PATH_FILE/urls
243,12 → 247,12
then
# adapt to the dnsmasq syntax for the blacklist
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE
mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
else
# adapt to the dnsmasq syntax for the whitelist
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf
mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
fi
done
done
267,9 → 271,9
PATH_FILE=$(find $DIR_DG_BL/ -type d -name $CATEGORIE) # retrieve directory name of the category
rsync -rv $URL $(dirname $PATH_FILE ) #rsync inside of the blacklist directory
# Creation of DNSMASQ and Iptables BL and WL
DOMAINE=$(basename $PATH_FILE)
# correct some synthaxes
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls
DOMAIN=$(basename $PATH_FILE)
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correction 'coma' instead of 'dot'
$SED "/^$/d" $PATH_FILE/domains $PATH_FILE/urls # remove empty lines
# extract ip addresses for iptables
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp
# for dnsmask, remove IP addresses, accentuated characters and commented lines.
281,12 → 285,13
then
# adapt to the dnsmasq syntax for the blacklist
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE
mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
else
# adapt to the dnsmasq syntax for the whitelist
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf
mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
mv $FILE_ip_tmp $DIR_IP_WL/$DOMAIN
fi
rm -f $FILE_tmp $FILE_ip_tmp
done
299,7 → 304,7
fi
echo
;;
# reload when categories are changed
# reload when selected categories are changed or when ossi change his custom files
-reload | --reload)
# for DG
cat_choice
311,6 → 316,44
$SED "/$i/d" $DIR_DNS_BL/*
done
fi
# adapt OSSI BL & WL custom files
for dir in $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIr_IP_WL
do
rm -f $dir/ossi*
done
find $DIR_DG_BL/ -type f -name domains | grep ossi > $FILE_tmp # retrieve ossi directories name where a domain file exist
$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix
for ossi_custom_dir in `cat $FILE_tmp` # create the blacklist and the whitelist files
do
ossi_categorie=`echo $ossi_custom_dir|cut -d "/" -f6`
categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$ossi_categorie $DIR_DG_BL/global_usage | grep ^DEFAULT_TYPE | cut -d":" -f2 | tr -d " \t"`
$SED "s/\.\{2,10\}/\./g" $ossi_custom_dir/domains $ossi_custom_dir/urls # correction 'coma" instead of 'dot'
$SED "/^$/d" $ossi_custom_dir/domains $ossi_custom_dir/urls # remove empty lines
# extract ip addresses for iptables
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $ossi_custom_dir/domains > $FILE_ip_tmp
# for dnsmask, remove IP addesses, accented characters and commented lines.
egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $ossi_custom_dir/domains > $FILE_tmp
$SED "/[äâëêïîöôüû]/d" $FILE_tmp
$SED "/^#.*/d" $FILE_tmp
if [ "$categorie_type" == "white" ]
then
# adapt to the dnsmasq syntax for the whitelist
echo "$ossi_categorie : WL"
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_WL/$ossi_categorie.conf
ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie
mv $FILE_ip_tmp $DIR_IP_WL/$ossi_categorie
ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie
else
# adapt to the dnsmasq syntax for the blacklist
echo "$ossi_categorie : BL"
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_BL/$ossi_categorie.conf
ln -sf $DIR_DNS_BL/$ossi_categorie.conf $DIR_DNS_BL_ENABLED/$ossi_categorie
mv $FILE_ip_tmp $DIR_IP_BL/$ossi_categorie
ln -sf $DIR_IP_BL/$ossi_categorie $DIR_IP_BL_ENABLED/$ossi_categorie
fi
done
/usr/bin/systemctl restart dnsmasq-blacklist
/usr/bin/systemctl restart dnsmasq-whitelist
/usr/local/bin/alcasar-iptables.sh
/scripts/alcasar-urpmi.sh
226,7 → 226,7
# Save chilli launch script (erase with new rpm one)
[ -e /etc/chilli.conf ] && cp /etc/chilli.conf /tmp/
# Install home made RPMs
urpmi --no-verify --auto conf/rpms/$ARCH/*.rpm
urpmi --no-verify --auto rpms/$ARCH/*.rpm
# restore chilli launch script
[ -e /tmp/chilli.conf ] && mv /tmp/chilli.conf /etc/
# Clean the RPM cache
/web/acc/admin/bl_filter.php
122,7 → 122,7
$l_add_file="Ajouter un fichier";
$l_add_file_explain="Chaque ligne du fichier doit être une adresse IP ou un nom de domaine";
$l_file_name="Nom du fichier";
$l_file_remove="Supprimer";
$l_file_action="Action";
$l_error_upload="Erreur d'envoi du fichier";
$l_remove="Supprimer";
$l_submit="Envoyer";
170,7 → 170,7
$l_add_file="Add a file";
$l_add_file_explain="Each line of the file must be an IP address or a domain name";
$l_file_name="Filename";
$l_file_remove="Remove";
$l_file_action="Action";
$l_error_upload="Error during the upload process";
$l_remove="Delete";
$l_submit="Submit";
286,11 → 286,7
$action=$_POST[$fichier];
if($action == $l_remove) //delete
{
exec("rm -f $dir_ip_enabled$fichier");
exec("rm -f $dir_domain_names_enabled$fichier");
exec("rm -f $dir_ip$fichier");
exec("rm -f $dir_domain_names$fichier");
exec("rm -rf $dir_dg$fichier");
exec("rm -rf $dir_blacklist$fichier");
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
if($action == $l_disable) //disable
310,14 → 306,11
break;
case 'MAJ_ossi_file_upload' :
$nom = str_replace (".", "_",basename($_FILES['fichier_ip']['name']));
# Si un fichier a été choisi
if(!empty($nom))
{
# On l'upload
if(move_uploaded_file($_FILES['fichier_ip']['tmp_name'], $blacklist_dir."ossi-bl-".$nom))
if(move_uploaded_file($_FILES['fichier_ip']['tmp_name'], $dir_blacklist."ossi-bl-".$nom))
{
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
exec ("sudo /usr/local/bin/alcasar-iptables.sh ");
}
else
{
448,7 → 441,7
<?php
echo "<tr><td width=50% colspan=5 align=center>";
echo "<H3>$l_file_list</H3>";
echo "<table cellspacing=2 cellpadding=3 border=1><tr><th>$l_file_name<th>$l_nb_ip<th>$l_nb_domain_names<th>$l_file_state<th>$l_file_remove</tr>";
echo "<table cellspacing=2 cellpadding=3 border=1><tr><th>$l_file_name<th>$l_nb_ip<th>$l_nb_domain_names<th colspan=2>$l_file_action</tr>";
 
//list OSSI custom categories
$fichiersbl = array_diff(scandir($dir_blacklist), array('..','.','ossi-bl','ossi-wl'));
467,13 → 460,10
echo "</form>";
echo "</table><br/>";
?>
 
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo $l_specific_filtering; ?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</table>
 
 
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1>
<FORM action='bl_filter.php' method='POST'>
<input type='hidden' name='choix' value='Specific_filtering'>