/CHANGELOG |
---|
9,6 → 9,7 |
- user login name can be accentuated |
- A first BL category (malware) can be update on the fly via rsync |
- Wildcard certificate can be used |
- a blacklist custom file is added (TOR nodes) |
ACC - freeradius-web framework has been removed |
- all SQL PHP functions have been rewritten (thanks Clément Siccardi & Raphaël PION for this huge work) |
/alcasar.sh |
---|
56,6 → 56,7 |
DIR_INSTALL=`pwd` # current directory |
DIR_CONF="$DIR_INSTALL/conf" # install directory (with conf files) |
DIR_SCRIPTS="$DIR_INSTALL/scripts" # install directory (with script files) |
DIR_BLACKLIST="$DIR_INSTALL/blacklist" # install directory (with blacklist files) |
DIR_SAVE="/var/Save" # backup directory (traceability_log, user_db, security_log) |
DIR_WEB="/var/www/html" # directory of APACHE |
DIR_DG="/etc/dansguardian" # directory of DansGuardian |
1598,7 → 1599,7 |
# copy the Toulouse university BL in order to be adapted to ALCASAR architecture (alcasar-bl.sh -adapt) |
rm -rf $DIR_DG/lists/blacklists |
mkdir -p /tmp/blacklists |
cp $DIR_CONF/blacklists.tar.gz /tmp/blacklists/ |
cp $DIR_BLACKLIST/blacklists.tar.gz /tmp/blacklists/ |
# creation of file for the rehabilited domains and urls |
[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default |
[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default |
1633,10 → 1634,10 |
mkdir -p $DIR_DG/lists/blacklists/ossi-wl |
touch $DIR_DG/lists/blacklists/ossi-wl/domains |
# add custom ALCASAR BL files |
for x in $(ls $DIR_CONF | grep "^ossi-*") |
for x in $(ls $DIR_BLACKLIST | grep -v "^blacklist") |
do |
mkdir $DIR_DG/lists/blacklists/$x |
cp $DIR_CONF/$x $DIR_DG/lists/blacklists/$x/domains |
mkdir $DIR_DG/lists/blacklists/ossi-bl-$x |
cp $DIR_BLACKLIST/$x $DIR_DG/lists/blacklists/ossi-bl-$x/domains |
done |
chown -R dansguardian:apache $DIR_DG $DIR_DEST_SHARE |
chmod -R g+rw $DIR_DG $DIR_DEST_SHARE |
/conf/rpms/rpm-build-howto |
---|
File deleted |
Property changes: |
Deleted: svn:keywords |
-Id Date Author |
\ No newline at end of property |
/conf/rpms/i586/ipt-netflow-2.2-1.mga5.i586.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/i586/dnsmasq-base-2.75-1.mga6.i586.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/i586/nfdump-1.6.9-0.i586.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/i586/coova-chilli-1.3.1-4.mga5.i586.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/i586/wget-1.17.1-2.mga6.i586.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/i586/dnsmasq-2.75-1.mga6.i586.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/i586/havp-0.92a-1.1.mga4.i586.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/havp-0.92a-1.1.spec |
---|
File deleted |
/conf/rpms/coova-chilli-1.3.0-1.spec |
---|
File deleted |
/conf/rpms/x86_64/dnsmasq-2.75-1.mga6.x86_64.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/x86_64/havp-0.92a-1.mga5.x86_64.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/x86_64/ipt-netflow-2.2-1.mga5.x86_64.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/x86_64/dnsmasq-base-2.75-1.mga6.x86_64.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/x86_64/nfdump-1.6.9-0.x86_64.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/x86_64/coova-chilli-1.3.1-4.mga5.x86_64.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/x86_64/wget-1.17.1-2.mga6.x86_64.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/coova-chilli-1.3.0.spec |
---|
File deleted |
/conf/rpms/coova-chilli-1.3.1.spec |
---|
File deleted |
/conf/rpms/ipt-netflow.spec |
---|
File deleted |
/conf/rpms/havp-init.diff |
---|
File deleted |
/conf/blacklists.tar.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/blacklist-MD5SUM.lst |
---|
File deleted |
/conf/ossi-tor_nodes |
---|
File deleted |
/scripts/alcasar-bl.sh |
---|
42,7 → 42,7 |
mkdir -p $DIR_tmp |
for LIST in $DIR_IP_BL_ENABLED $DIR_DNS_BL_ENABLED $DIR_IP_WL_ENABLED $DIR_DNS_WL_ENABLED |
do |
if [ ! -e $LIST ] # installation of ALCASAR |
if [ ! -e $LIST ] # only on install stage |
then |
mkdir $LIST |
else |
74,7 → 74,8 |
# add ossi categories |
for OSSI_CATEGORIE in `ls $DIR_DNS_BL | grep ossi` |
do |
ln -sf $DIR_DNS_BL/$OSSI_CATEGORIE $DIR_DNS_BL_ENABLED/$OSSI_CATEGORIE |
OSSI_CATEGORIE_SHORT=`echo $OSSI_CATEGORIE|cut -d"." -f1` |
ln -sf $DIR_DNS_BL/$OSSI_CATEGORIE $DIR_DNS_BL_ENABLED/$OSSI_CATEGORIE_SHORT |
done |
for OSSI_CATEGORIE in `ls $DIR_IP_BL | grep ossi` |
do |
84,7 → 85,7 |
sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp |
mv $FILE_tmp $BL_CATEGORIES |
# process the file $WL_CATEGORIES with the choice of categories |
# process the file $WL_CATEGORIES with the choice of categories |
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED` |
do |
$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES |
94,7 → 95,8 |
# add ossi categories |
for OSSI_CATEGORIE in `ls $DIR_DNS_WL | grep ossi` |
do |
ln -sf $DIR_DNS_WL/$OSSI_CATEGORIE $DIR_DNS_WL_ENABLED/$OSSI_CATEGORIE |
OSSI_CATEGORIE_SHORT=`echo $OSSI_CATEGORIE|cut -d"." -f1` |
ln -sf $DIR_DNS_WL/$OSSI_CATEGORIE $DIR_DNS_WL_ENABLED/$OSSI_CATEGORIE_SHORT |
done |
for OSSI_CATEGORIE in `ls $DIR_IP_WL | grep ossi` |
do |
184,8 → 186,10 |
fi |
rm -f $BL_CATEGORIES $WL_CATEGORIES |
rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL |
rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED |
touch $BL_CATEGORIES $WL_CATEGORIES |
mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL |
mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED |
chown -R root:apache $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL |
chmod -R g+w $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL |
find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist |
225,8 → 229,8 |
do |
for PATH_FILE in `cat $LIST` # for each category |
do |
DOMAINE=`basename $PATH_FILE` |
echo -n "$DOMAINE, " |
DOMAIN=`basename $PATH_FILE` |
echo -n "$DOMAIN, " |
if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist |
then |
touch $PATH_FILE/urls |
243,12 → 247,12 |
then |
# adapt to the dnsmasq syntax for the blacklist |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf |
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE |
mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf |
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN |
else |
# adapt to the dnsmasq syntax for the whitelist |
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf |
mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf |
fi |
done |
done |
267,9 → 271,9 |
PATH_FILE=$(find $DIR_DG_BL/ -type d -name $CATEGORIE) # retrieve directory name of the category |
rsync -rv $URL $(dirname $PATH_FILE ) #rsync inside of the blacklist directory |
# Creation of DNSMASQ and Iptables BL and WL |
DOMAINE=$(basename $PATH_FILE) |
# correct some synthaxes |
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls |
DOMAIN=$(basename $PATH_FILE) |
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correction 'coma' instead of 'dot' |
$SED "/^$/d" $PATH_FILE/domains $PATH_FILE/urls # remove empty lines |
# extract ip addresses for iptables |
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp |
# for dnsmask, remove IP addresses, accentuated characters and commented lines. |
281,12 → 285,13 |
then |
# adapt to the dnsmasq syntax for the blacklist |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf |
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE |
mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf |
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN |
else |
# adapt to the dnsmasq syntax for the whitelist |
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf |
mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf |
mv $FILE_ip_tmp $DIR_IP_WL/$DOMAIN |
fi |
rm -f $FILE_tmp $FILE_ip_tmp |
done |
299,7 → 304,7 |
fi |
echo |
;; |
# reload when categories are changed |
# reload when selected categories are changed or when ossi change his custom files |
-reload | --reload) |
# for DG |
cat_choice |
311,6 → 316,44 |
$SED "/$i/d" $DIR_DNS_BL/* |
done |
fi |
# adapt OSSI BL & WL custom files |
for dir in $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIr_IP_WL |
do |
rm -f $dir/ossi* |
done |
find $DIR_DG_BL/ -type f -name domains | grep ossi > $FILE_tmp # retrieve ossi directories name where a domain file exist |
$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix |
for ossi_custom_dir in `cat $FILE_tmp` # create the blacklist and the whitelist files |
do |
ossi_categorie=`echo $ossi_custom_dir|cut -d "/" -f6` |
categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$ossi_categorie $DIR_DG_BL/global_usage | grep ^DEFAULT_TYPE | cut -d":" -f2 | tr -d " \t"` |
$SED "s/\.\{2,10\}/\./g" $ossi_custom_dir/domains $ossi_custom_dir/urls # correction 'coma" instead of 'dot' |
$SED "/^$/d" $ossi_custom_dir/domains $ossi_custom_dir/urls # remove empty lines |
# extract ip addresses for iptables |
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $ossi_custom_dir/domains > $FILE_ip_tmp |
# for dnsmask, remove IP addesses, accented characters and commented lines. |
egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $ossi_custom_dir/domains > $FILE_tmp |
$SED "/[äâëêïîöôüû]/d" $FILE_tmp |
$SED "/^#.*/d" $FILE_tmp |
if [ "$categorie_type" == "white" ] |
then |
# adapt to the dnsmasq syntax for the whitelist |
echo "$ossi_categorie : WL" |
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_WL/$ossi_categorie.conf |
ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie |
mv $FILE_ip_tmp $DIR_IP_WL/$ossi_categorie |
ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie |
else |
# adapt to the dnsmasq syntax for the blacklist |
echo "$ossi_categorie : BL" |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_BL/$ossi_categorie.conf |
ln -sf $DIR_DNS_BL/$ossi_categorie.conf $DIR_DNS_BL_ENABLED/$ossi_categorie |
mv $FILE_ip_tmp $DIR_IP_BL/$ossi_categorie |
ln -sf $DIR_IP_BL/$ossi_categorie $DIR_IP_BL_ENABLED/$ossi_categorie |
fi |
done |
/usr/bin/systemctl restart dnsmasq-blacklist |
/usr/bin/systemctl restart dnsmasq-whitelist |
/usr/local/bin/alcasar-iptables.sh |
/scripts/alcasar-urpmi.sh |
---|
226,7 → 226,7 |
# Save chilli launch script (erase with new rpm one) |
[ -e /etc/chilli.conf ] && cp /etc/chilli.conf /tmp/ |
# Install home made RPMs |
urpmi --no-verify --auto conf/rpms/$ARCH/*.rpm |
urpmi --no-verify --auto rpms/$ARCH/*.rpm |
# restore chilli launch script |
[ -e /tmp/chilli.conf ] && mv /tmp/chilli.conf /etc/ |
# Clean the RPM cache |
/web/acc/admin/bl_filter.php |
---|
122,7 → 122,7 |
$l_add_file="Ajouter un fichier"; |
$l_add_file_explain="Chaque ligne du fichier doit être une adresse IP ou un nom de domaine"; |
$l_file_name="Nom du fichier"; |
$l_file_remove="Supprimer"; |
$l_file_action="Action"; |
$l_error_upload="Erreur d'envoi du fichier"; |
$l_remove="Supprimer"; |
$l_submit="Envoyer"; |
170,7 → 170,7 |
$l_add_file="Add a file"; |
$l_add_file_explain="Each line of the file must be an IP address or a domain name"; |
$l_file_name="Filename"; |
$l_file_remove="Remove"; |
$l_file_action="Action"; |
$l_error_upload="Error during the upload process"; |
$l_remove="Delete"; |
$l_submit="Submit"; |
286,11 → 286,7 |
$action=$_POST[$fichier]; |
if($action == $l_remove) //delete |
{ |
exec("rm -f $dir_ip_enabled$fichier"); |
exec("rm -f $dir_domain_names_enabled$fichier"); |
exec("rm -f $dir_ip$fichier"); |
exec("rm -f $dir_domain_names$fichier"); |
exec("rm -rf $dir_dg$fichier"); |
exec("rm -rf $dir_blacklist$fichier"); |
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload"); |
} |
if($action == $l_disable) //disable |
310,14 → 306,11 |
break; |
case 'MAJ_ossi_file_upload' : |
$nom = str_replace (".", "_",basename($_FILES['fichier_ip']['name'])); |
# Si un fichier a été choisi |
if(!empty($nom)) |
{ |
# On l'upload |
if(move_uploaded_file($_FILES['fichier_ip']['tmp_name'], $blacklist_dir."ossi-bl-".$nom)) |
if(move_uploaded_file($_FILES['fichier_ip']['tmp_name'], $dir_blacklist."ossi-bl-".$nom)) |
{ |
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload"); |
exec ("sudo /usr/local/bin/alcasar-iptables.sh "); |
} |
else |
{ |
448,7 → 441,7 |
<?php |
echo "<tr><td width=50% colspan=5 align=center>"; |
echo "<H3>$l_file_list</H3>"; |
echo "<table cellspacing=2 cellpadding=3 border=1><tr><th>$l_file_name<th>$l_nb_ip<th>$l_nb_domain_names<th>$l_file_state<th>$l_file_remove</tr>"; |
echo "<table cellspacing=2 cellpadding=3 border=1><tr><th>$l_file_name<th>$l_nb_ip<th>$l_nb_domain_names<th colspan=2>$l_file_action</tr>"; |
//list OSSI custom categories |
$fichiersbl = array_diff(scandir($dir_blacklist), array('..','.','ossi-bl','ossi-wl')); |
467,13 → 460,10 |
echo "</form>"; |
echo "</table><br/>"; |
?> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_specific_filtering; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<FORM action='bl_filter.php' method='POST'> |
<input type='hidden' name='choix' value='Specific_filtering'> |