BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 2453

  → / @ 2454

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

No changes between revisions

Ignore whitespace Rev 2453 → Rev 2454

/alcasar.sh
1,14 → 1,14
#!/bin/bash
# $Id$
# $Id$
# alcasar.sh
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
# Ce programme est un logiciel libre ; This software is free and open source
# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence.
# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ;
# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE.
# Voir la Licence Publique Générale GNU pour plus de détails.
# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence.
# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ;
# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE.
# Voir la Licence Publique Générale GNU pour plus de détails.
# team@alcasar.net
18,7 → 18,7
# Script d'installation d'ALCASAR (Application Libre pour le Contrôle d'Accès Sécurisé et Authentifié au Réseau)
# ALCASAR est architecturé autour d'une distribution Linux Mageia minimaliste et les logiciels libres suivants :
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
# Coovachilli, freeradius, mariaDB, apache, netfilter, dansguardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump
# Options :
39,7 → 39,7
# antivirus : HAVP + libclamav configuration
# tinyproxy : little proxy for user filtered with "WL + antivirus" and "antivirus"
# ulogd : log system in userland (match NFLOG target of iptables)
# nfsen : Configuration of Nfsen Netflow grapher
# nfsen : Configuration of Nfsen Netflow grapher
# dnsmasq : Name server configuration
# vnstat : little network stat daemon
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
55,7 → 55,7
Lang=`echo $LANG|cut -c 1-2`
mode="install"
# ******* Files parameters - paramètres fichiers *********
DIR_INSTALL=`pwd` # current directory
DIR_INSTALL=`pwd` # current directory
DIR_CONF="$DIR_INSTALL/conf" # install directory (with conf files)
DIR_SCRIPTS="$DIR_INSTALL/scripts" # install directory (with script files)
DIR_BLACKLIST="$DIR_INSTALL/blacklist" # install directory (with blacklist files)
135,17 → 135,17
for i in $*
do
if [ "`echo $i|grep distribution|cut -d'=' -f1`" == "distribution" ]
then
then
DISTRIBUTION=`echo $i|cut -d"=" -f2`
unknown_os=`expr $unknown_os + 1`
fi
if [ "`echo $i|grep version|cut -d'=' -f1`" == "version" ]
then
then
CURRENT_VERSION=`echo $i|cut -d"=" -f2`
unknown_os=`expr $unknown_os + 1`
fi
if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ]
then
then
ARCH=`echo $i|cut -d"=" -f2`
unknown_os=`expr $unknown_os + 1`
fi
177,7 → 177,7
fi
read response
done
if [ "$response" = "n" ] || [ "$response" = "N" ]
if [ "$response" = "n" ] || [ "$response" = "N" ]
then
rm -f /tmp/alcasar-conf*
else
195,7 → 195,7
then
echo
if [ $Lang == "fr" ]
then
then
echo "La mise à jour automatique d'ALCASAR ne peut pas être réalisée."
echo "1 - Effectuez une sauvegarde des fichiers de traçabilité et de la base des usagers via l'ACC"
echo "2 - Installez Linux-Mageia 6.0 (64bits) et ALCASAR (cf. doc d'installation)"
208,7 → 208,7
fi
else
if [ $Lang == "fr" ]
then
then
echo "L'installation d'ALCASAR ne peut pas être réalisée."
else
echo "The installation of ALCASAR can't be performed."
216,7 → 216,7
fi
echo
if [ $Lang == "fr" ]
then
then
echo "Le système d'exploitation doit être remplacé (Mageia6-64bits)"
else
echo "The OS must be replaced (Mageia6-64bits)"
245,11 → 245,11
IF_INTERFACES=`ls ifcfg-*|cut -d"-" -f2|grep -v "^lo"|cut -d"*" -f1`
for i in $IF_INTERFACES
do
IP_INTERFACE=`/usr/sbin/ip link|grep $i`
IP_INTERFACE=`/usr/sbin/ip link|grep $i`
if [ -z "$IP_INTERFACE" ]
then
rm -f ifcfg-$i
if [ $Lang == "fr" ]
then echo "Suppression : ifcfg-$i"
else echo "Deleting : ifcfg-$i"
258,13 → 258,13
done
cd $DIR_INSTALL
echo -n "."
# Test Ethernet NIC links state
# Test Ethernet NIC links state
DOWN_IF=`/usr/sbin/ip link|grep "NO-CARRIER"|cut -d":" -f2|tr -d " "|grep -v "^w"`
for i in $DOWN_IF
do
echo $i
if [ $Lang == "fr" ]
then
then
echo "Échec"
echo "Le lien réseau de la carte $i n'est pas actif."
echo "Assurez-vous que cette carte est bien connectée à un équipement (commutateur, A.P., etc.)"
283,7 → 283,7
if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
then
if [ $Lang == "fr" ]
then
then
echo "Échec"
echo "La carte réseau connectée à Internet ($EXTIF) n'est pas correctement configurée."
echo "Renseignez les champs suivants dans le fichier '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
307,7 → 307,7
# Test if default GW is set on EXTIF (router or ISP provider equipment)
if [ `ip route list|grep $EXTIF|grep -c ^default` -ne "1" ] ; then
if [ $Lang == "fr" ]
then
then
echo "Échec"
echo "Vous n'avez pas configuré l'accès à Internet ou le câble réseau n'est pas sur la bonne carte."
echo "Réglez ce problème puis relancez ce script."
322,9 → 322,9
# Test if default GW is alive
arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $PUBLIC_GATEWAY|grep response|cut -d" " -f2`
if [ $(expr $arp_reply) -eq 0 ]
then
then
if [ $Lang == "fr" ]
then
then
echo "Échec"
echo "Le routeur de sortie ou la Box Internet ($PUBLIC_GATEWAY) ne répond pas."
echo "Réglez ce problème puis relancez ce script."
342,7 → 342,7
if [ ! -e /tmp/con_ok.html ]
then
if [ $Lang == "fr" ]
then
then
echo "La tentative de connexion vers Internet a échoué (google.fr)."
echo "Vérifiez que la carte $EXTIF est bien connectée au routeur du FAI."
echo "Vérifiez la validité des adresses IP des DNS."
371,9 → 371,9
ORGANISME=!
PTN='^[a-zA-Z0-9-]*$'
until [[ $(expr $ORGANISME : $PTN) -gt 0 ]]
do
do
if [ $Lang == "fr" ]
then echo -n "Entrez le nom de votre organisme : "
then echo -n "Entrez le nom de votre organisme : "
else echo -n "Enter the name of your organism : "
fi
read ORGANISME
388,17 → 388,17
rm -f $PASSWD_FILE
echo "##### ALCASAR ($ORGANISME) security passwords #####" > $PASSWD_FILE
grub2pwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c8`
pbkdf2=`( echo $grub2pwd ; echo $grub2pwd ) | \
LC_ALL=C /usr/bin/grub2-mkpasswd-pbkdf2 | \
grep -v '[eE]nter password:' | \
sed -e "s/PBKDF2 hash of your password is //"`
echo "GRUB2_PASSWORD=$pbkdf2" > /boot/grub2/user.cfg
[ -e /root/grub.default ] || cp /etc/grub.d/10_linux /root/grub.default
cp -f $DIR_CONF/grub-10_linux /etc/grub.d/10_linux # Request password only on menu editing attempts (not when selecting an entry)
chmod 0600 /boot/grub2/user.cfg
pbkdf2=`( echo $grub2pwd ; echo $grub2pwd ) | \
LC_ALL=C /usr/bin/grub2-mkpasswd-pbkdf2 | \
grep -v '[eE]nter password:' | \
sed -e "s/PBKDF2 hash of your password is //"`
echo "GRUB2_PASSWORD=$pbkdf2" > /boot/grub2/user.cfg
[ -e /root/grub.default ] || cp /etc/grub.d/10_linux /root/grub.default
cp -f $DIR_CONF/grub-10_linux /etc/grub.d/10_linux # Request password only on menu editing attempts (not when selecting an entry)
chmod 0600 /boot/grub2/user.cfg
echo "# Login name and password to protect GRUB2 boot menu (!!!qwerty keyboard) : " > $PASSWD_FILE
echo "GRUB2_user=root" >> $PASSWD_FILE
echo "GRUB2_password=$grub2pwd" >> $PASSWD_FILE
echo "GRUB2_user=root" >> $PASSWD_FILE
echo "GRUB2_password=$grub2pwd" >> $PASSWD_FILE
mysqlpwd=`cat /dev/urandom | tr -dc [:alnum:] | head -c16`
echo "# Login name and Password of MariaDB administrator:" >> $PASSWD_FILE
echo "db_root=$mysqlpwd" >> $PASSWD_FILE
475,10 → 475,10
read PRIVATE_IP_MASK
done
else
PRIVATE_IP_MASK=$DEFAULT_PRIVATE_IP_MASK
PRIVATE_IP_MASK=$DEFAULT_PRIVATE_IP_MASK
fi
else
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= conf/etc/alcasar.conf|cut -d"=" -f2`
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= conf/etc/alcasar.conf|cut -d"=" -f2`
rm -rf conf/etc/alcasar.conf
fi
# Define LAN side global parameters
490,9 → 490,9
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # ALCASAR private ip address (consultation LAN side)
if [ $PRIVATE_IP == $PRIVATE_NETWORK ] # when entering network address instead of ip address
then
PRIVATE_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`
PRIVATE_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`
PRIVATE_IP_MASK=`echo $PRIVATE_IP/$PRIVATE_PREFIX`
fi
fi
private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4` # last octet of LAN address
PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1` # second network address (ex.: 192.168.182.2)
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24
526,7 → 526,7
SUB=`echo ${i:0:2}`
if [ $SUB = "wl" ]
then WIFIF=$i
elif [ "$i" != "$INTIF" ] && [ $SUB != "ww" ]
elif [ "$i" != "$INTIF" ] && [ $SUB != "ww" ]
then LANIF=$i
fi
done
536,8 → 536,8
elif [ -n "$LANIF" ]
then echo "LANIF=$LANIF" >> $CONF_FILE
fi
#########################################################################################################
#########################################################################################################
IP_SETTING=`grep BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` # IP setting (static or dynamic)
if [ $IP_SETTING == "dhcp" ]
then
590,7 → 590,7
USERCTL=no
MTU=$MTU
EOF
else
else
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
DEVICE=$EXTIF
BOOTPROTO=static
666,7 → 666,7
USERCTL=no
EOF
fi
#########################################################################################################
#########################################################################################################
# Renseignement des fichiers hosts.allow et hosts.deny
[ -e /etc/hosts.allow.default ] || cp /etc/hosts.allow /etc/hosts.allow.default
cat <<EOF > /etc/hosts.allow
691,7 → 691,7
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default
$SED "s?\[ -f \$IPTABLES_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test (flush all rules & policies)
#
#
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
} # End of network ()
819,7 → 819,7
do
header_install
if [ $Lang == "fr" ]
then
then
echo ""
echo "Définissez un premier compte d'administration d'ALCASAR :"
echo
869,7 → 869,7
Allow from $PRIVATE_NETWORK_MASK
require valid-user
AuthType digest
AuthName "ALCASAR Control Center (ACC)"
AuthName "ALCASAR Control Center (ACC)"
AuthDigestDomain $HOSTNAME.$DOMAIN
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
AuthUserFile $DIR_DEST_ETC/digest/key_all
884,7 → 884,7
Allow from $PRIVATE_NETWORK_MASK
require valid-user
AuthType digest
AuthName "ALCASAR Control Center (ACC)"
AuthName "ALCASAR Control Center (ACC)"
AuthDigestDomain $HOSTNAME.$DOMAIN
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
AuthUserFile $DIR_DEST_ETC/digest/key_admin
899,7 → 899,7
Allow from $PRIVATE_NETWORK_MASK
require valid-user
AuthType digest
AuthName "ALCASAR Control Center (ACC)"
AuthName "ALCASAR Control Center (ACC)"
AuthDigestDomain $HOSTNAME.$DOMAIN
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
AuthUserFile $DIR_DEST_ETC/digest/key_manager
914,7 → 914,7
Allow from $PRIVATE_NETWORK_MASK
require valid-user
AuthType digest
AuthName "ALCASAR Control Center (ACC)"
AuthName "ALCASAR Control Center (ACC)"
AuthDigestDomain $HOSTNAME.$DOMAIN
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
AuthUserFile $DIR_DEST_ETC/digest/key_backup
930,7 → 930,7
Allow from $PRIVATE_NETWORK_MASK
require valid-user
AuthType digest
AuthName "ALCASAR Control Center (ACC)"
AuthName "ALCASAR Control Center (ACC)"
AuthDigestDomain $HOSTNAME.$DOMAIN
AuthUserFile $DIR_DEST_ETC/digest/key_backup
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
1050,7 → 1050,7
$MYSQL="GRANT ALL PRIVILEGES ON *.* TO root@'localhost' IDENTIFIED BY '$mysqlpwd';"
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --execute"
$MYSQL="DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;"
$MYSQL="CONNECT mysql;DELETE from user where User='';DELETE FROM user WHERE User='root' AND Host NOT IN ('localhost','127.0.0.1','::1');FLUSH PRIVILEGES;"
$MYSQL="CONNECT mysql;DELETE from user where User='';DELETE FROM user WHERE User='root' AND Host NOT IN ('localhost','127.0.0.1','::1');FLUSH PRIVILEGES;"
# Create 'radius' database
$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES;"
# Add an empty radius database structure
1088,24 → 1088,24
ipaddr = 127.0.0.1
secret = $secretradius
shortname = chilli
nas_type = other
nas_type = other
}
EOF
# Set Virtual server (remvove all except "alcasar virtual site")
rm -f /etc/raddb/sites-enabled/*
cp $DIR_CONF/radius/alcasar-radius /etc/raddb/sites-available/alcasar
cp $DIR_CONF/radius/alcasar-radius /etc/raddb/sites-available/alcasar
chown radius:apache /etc/raddb/sites-available/alcasar
chmod 660 /etc/raddb/sites-available/alcasar
ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
# INFO : To connect from outside (EAP), add the EAP virtual server (link in sites-enabled) and inner-tunnel modules (link in mods-enabled)
# INFO : To connect from outside (EAP), add the EAP virtual server (link in sites-enabled) and inner-tunnel modules (link in mods-enabled)
# Set modules
# Set modules
# Set only usefull modules for ALCASAR (ldap is enabled only via ACC)
rm -rf /etc/raddb/mods-enabled/*
for mods in sql sqlcounter attr_filter expiration logintime pap expr
do
ln -s /etc/raddb/mods-available/$mods /etc/raddb/mods-enabled/$mods
done
rm -rf /etc/raddb/mods-enabled/*
for mods in sql sqlcounter attr_filter expiration logintime pap expr
do
ln -s /etc/raddb/mods-available/$mods /etc/raddb/mods-enabled/$mods
done
# Configure SQL mod
[ -e /etc/raddb/mods-available/sql.default ] || cp /etc/raddb/mods-available/sql /etc/raddb/mods-available/sql.default
$SED "s?^[\t ]*driver =.*?driver = \"rlm_sql_mysql\"?g" /etc/raddb/mods-available/sql
1115,7 → 1115,7
$SED "s?^#[\t ]*port =.*?port = \"3306\"?g" /etc/raddb/mods-available/sql
$SED "s?^#[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/mods-available/sql
$SED "s?^#[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/mods-available/sql
# queries.conf modifications : case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.
# queries.conf modifications : case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.
[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] || cp /etc/raddb/mods-config/sql/main/mysql/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf.default
cp -f $DIR_CONF/radius/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf
chown -R radius:radius /etc/raddb/mods-config/sql/main/mysql/queries.conf
1152,7 → 1152,7
/usr/bin/systemctl daemon-reload
# Allow apache to change some conf files (ie : ldap on/off)
chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available
} # End freeradius ()
#############################################################################
1195,10 → 1195,10
# description: CoovaChilli
### BEGIN INIT INFO
# Provides: chilli
# Required-Start: network
# Should-Start:
# Required-Start: network
# Should-Start:
# Required-Stop: network
# Should-Stop:
# Should-Stop:
# Default-Start: 2 3 5
# Default-Stop:
# Description: CoovaChilli access controller
1217,7 → 1217,7
prog="chilli"
case \$1 in
start)
if [ -f \$pidfile ] ; then
if [ -f \$pidfile ] ; then
gprintf "chilli is already running"
else
gprintf "Starting \$prog: "
1226,9 → 1226,9
/usr/sbin/modprobe tun >/dev/null 2>&1
echo 1 > /proc/sys/net/ipv4/ip_forward
[ -e /dev/net/tun ] || {
(cd /dev;
mkdir net;
cd net;
(cd /dev;
mkdir net;
cd net;
mknod tun c 10 200)
}
ifconfig $INTIF 0.0.0.0
1254,13 → 1254,13
;;
stop)
if [ -f \$pidfile ] ; then
if [ -f \$pidfile ] ; then
gprintf "Shutting down \$prog: "
killproc /usr/sbin/chilli
RETVAL=\$?
[ \$RETVAL = 0 ] && rm -f \$pidfile
[ -e \$current_users_file ] && rm -f \$current_users_file
else
else
gprintf "chilli is not running"
fi
;;
1279,7 → 1279,7
#DHCP Options : rfc2132
#dhcp option value will be convert in hexa.
#NTP option (or 'option 42') is like :
#
#
# Code Len Address 1 Address 2
# +-----+-----+-----+-----+-----+-----+-----+-----+--
# | 42 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
1346,7 → 1346,7
chilli_exist=`grep -c ^chilli: /etc/passwd`
if [ "$chilli_exist" == "1" ]
then
userdel -r chilli 2>/dev/null
userdel -r chilli 2>/dev/null
fi
groupadd -f chilli
useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
1363,7 → 1363,7
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dansguardian -c /etc/dansguardian/dansguardian.conf?g" /lib/systemd/system/dansguardian.service
$SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/dansguardian.service
[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
# By default the filter is off
# By default the filter is off
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/dansguardian.conf
# French deny HTML page
$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
1395,7 → 1395,7
$SED "s?^preforkchildren =.*?preforkchildren = 10?g" $DIR_DG/dansguardian.conf
# maximum age of a child process before it croaks it
$SED "s?^maxagechildren =.*?maxagechildren = 1000?g" $DIR_DG/dansguardian.conf
# on désactive par défaut le contrôle de téléchargement de fichiers
[ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
1417,14 → 1417,14
## Fonction "antivirus" ##
## - configuration of havp, libclamav and freshclam ##
##################################################################
antivirus ()
antivirus ()
{
# create 'havp' user
havp_exist=`grep -c ^havp: /etc/passwd`
if [ "$havp_exist" == "1" ]
then
userdel -r havp 2>/dev/null
groupdel havp 2>/dev/null
userdel -r havp 2>/dev/null
groupdel havp 2>/dev/null
fi
groupadd -f havp
useradd -r -g havp -s /bin/false -c "system user for havp (antivirus proxy)" havp
1471,13 → 1471,13
## Fonction "tinyproxy" ##
## - configuration of tinyproxy (proxy between filterde users and havp) ##
##########################################################################
tinyproxy ()
tinyproxy ()
{
tinyproxy_exist=`grep -c ^tinyproxy: /etc/passwd`
if [ "$tinyproxy_exist" == "1" ]
then
userdel -r tinyproxy 2>/dev/null
groupdel tinyproxy 2>/dev/null
userdel -r tinyproxy 2>/dev/null
groupdel tinyproxy 2>/dev/null
fi
groupadd -f tinyproxy
useradd -r -g tinyproxy -s /bin/false -c "system user for tinyproxy" tinyproxy
1596,7 → 1596,7
PIDFile=/var/run/nfsen/nfsen.pid
ExecStartPre=/bin/mkdir -p /var/run/nfsen
ExecStartPre=/bin/chown apache:apache /var/run/nfsen
ExecStart=/usr/bin/nfsen start
ExecStart=/usr/bin/nfsen start
ExecStop=/usr/bin/nfsen stop
ExecReload=/usr/bin/nfsen restart
TimeoutSec=0
1605,7 → 1605,7
WantedBy=multi-user.target
EOF
# Add the listen port to collect netflow packet (nfcapd)
$SED "s?'\$ziparg $extensions.*?\$ziparg $extensions -b 127.0.0.1;'?g" /usr/libexec/NfSenRC.pm
$SED "s?'\$ziparg $extensions.*?\$ziparg $extensions -b 127.0.0.1;'?g" /usr/libexec/NfSenRC.pm
# expire delay for the profile "live"
/usr/bin/systemctl start nfsen
/bin/nfsen -m live -e 62d 2>/dev/null
1643,8 → 1643,8
{
[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if "alcasar-bypass" is on.
[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
cat << EOF > /etc/dnsmasq.conf
[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
cat << EOF > /etc/dnsmasq.conf
# Configuration file for "dnsmasq in forward mode"
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions
listen-address=$PRIVATE_IP
1712,7 → 1712,7
bogus-priv
filterwin2k
ipset=/#/wl_ip_allowed # dynamicly add the resolv IP address in the Firewall rules
address=/#/$PRIVATE_IP # for Domain name without local resolution (WL)
address=/#/$PRIVATE_IP # for Domain name without local resolution (WL)
EOF
# 4th dnsmasq listen on udp 56 ("blackhole")
cat << EOF > /etc/dnsmasq-blackhole.conf
1826,8 → 1826,8
EOF
[ -e /etc/anacrontab.default ] || cp /etc/anacrontab /etc/anacrontab.default
cat <<EOF >> /etc/anacrontab
7 8 cron.MysqlDump nice /etc/cron.d/alcasar-mysql
7 10 cron.logExport nice /etc/cron.d/alcasar-archive
7 8 cron.MysqlDump nice /etc/cron.d/alcasar-mysql
7 10 cron.logExport nice /etc/cron.d/alcasar-archive
7 20 cron.importClean nice /etc/cron.d/alcasar-clean_import
EOF
1841,16 → 1841,16
# Archive des logs et de la base de données (tous les lundi à 5h35)
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now
EOF
cat << EOF > /etc/cron.d/alcasar-ticket-clean
cat <<EOF > /etc/cron.d/alcasar-ticket-clean
# suppression des fichiers de mots de passe (imports massifs par fichier) et des ticket PDF d'utilisateur
30 * * * * root $DIR_DEST_BIN/alcasar-ticket-clean.sh
EOF
cat << EOF > /etc/cron.d/alcasar-distrib-updates
cat <<EOF > /etc/cron.d/alcasar-distrib-updates
# mise à jour automatique de la distribution tous les jours 3h30
30 3 * * * root /usr/sbin/urpmi --auto-update --auto 2>&1
EOF
cat << EOF > /etc/cron.d/alcasar-connections-stats
cat <<EOF > /etc/cron.d/alcasar-connections-stats
# Connection stats update (accounting). These Perl scripts are from "dialup_admin" (cf. wiki.freeradius.org/Dialup_admin).
# 'alcasar-tot_stats' (everyday at 01h01 pm) : aggregating the daily connections of users (write in the table 'totacct')
# 'alcasar-monthly_tot_stat' (everyday at 01h05 pm) : aggregating the monthly connections of users (write in table 'mtotacct')
1863,7 → 1863,7
15 1 1 * * root $DIR_DEST_BIN/alcasar-clean_radacct > /dev/null 2>&1
35 5 * * 0 root $DIR_DEST_BIN/alcasar-activity_report.sh > /dev/null 2>&1
EOF
cat << EOF > /etc/cron.d/alcasar-watchdog
cat <<EOF > /etc/cron.d/alcasar-watchdog
# run the "watchdog" every 3'
# empty the IPSET of the whitelisted IP (loaded dynamically with dnsmasq-whitelist) when every whitelisted users are logged out (every sunday at 0h05
*/10 * * * * root $DIR_DEST_BIN/alcasar-watchdog.sh > /dev/null 2>&1
1871,7 → 1871,7
#* * * * * root $DIR_DEST_BIN/alcasar-watchdog-hl.sh > /dev/null 2>&1
EOF
# Enabling the watchdog every 18'
cat << EOF > /etc/cron.d/alcasar-daemon-watchdog
cat <<EOF > /etc/cron.d/alcasar-daemon-watchdog
# activate the daemon-watchdog after boot process
@reboot root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
# activate the daemon-watchdog every 18'
1879,8 → 1879,8
EOF
# Enabling category update from rsync
cat << EOF > /etc/cron.d/alcasar-rsync-bl
# Automatic update of BL via rsync every 12 hours. The categories are listed in the file '/usr/local/etc/update_cat.conf' (no sync if empty).
cat <<EOF > /etc/cron.d/alcasar-rsync-bl
# Automatic update of BL via rsync every 12 hours. The categories are listed in the file '/usr/local/etc/update_cat.conf' (no sync if empty).
0 */12 * * * root $DIR_DEST_BIN/alcasar-bl.sh --update_cat > /dev/null 2>&1
EOF
1959,7 → 1959,7
;ResetFrequency = 300
;HardResetFrequency = 120
CheckSecurity = 1
CheckSecurity = 1
CheckSignal = 1
CheckBattery = 0
EOF
2011,7 → 2011,7
/var/log/netflow/porttracker root.apache 770
/var/log/netflow/porttracker/* root.apache 660
EOF
# apply now hourly & daily checks
# apply now hourly & daily checks
/usr/sbin/msec
/etc/cron.weekly/msec
2099,12 → 2099,12
echo "SSH_ADMIN_FROM=0.0.0.0/0.0.0.0" >> $CONF_FILE
echo "LDAP=off" >> $CONF_FILE
echo "LDAP_SERVER=127.0.0.1" >> $CONF_FILE
echo "LDAP_BASE=ou=my_lan;dc=server_name;dc=localdoamin" >> $CONF_FILE
echo "LDAP_UID=sAMAccountName" >> $CONF_FILE
echo "LDAP_FILTER=" >> $CONF_FILE
echo "LDAP_USER=alcasar" >> $CONF_FILE
echo "LDAP_PASSWORD=" >> $CONF_FILE
echo "MULTIWAN=off" >> $CONF_FILE
echo "LDAP_BASE=ou=my_lan;dc=server_name;dc=localdoamin" >> $CONF_FILE
echo "LDAP_UID=sAMAccountName" >> $CONF_FILE
echo "LDAP_FILTER=" >> $CONF_FILE
echo "LDAP_USER=alcasar" >> $CONF_FILE
echo "LDAP_PASSWORD=" >> $CONF_FILE
echo "MULTIWAN=off" >> $CONF_FILE
echo "FAILOVER=30" >> $CONF_FILE
echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE
echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE
2125,7 → 2125,7
# actualisation des fichiers logs compressés
for dir in firewall dansguardian httpd
do
find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
done
# create the alcasar-load_balancing unit
cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
2157,13 → 2157,13
do
/usr/bin/systemctl -q enable $i.service
done
# disable processes at boot time (Systemctl)
for i in ulogd gpm
do
/usr/bin/systemctl -q disable $i.service
done
# Apply French Security Agency (ANSSI) rules
# ignore ICMP broadcast (smurf attack)
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" > /etc/sysctl.d/alcasar.conf
2180,7 → 2180,7
echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.d/alcasar.conf
# set conntrack timer to 1h (3600s) instead of 5 weeks
echo "net.netfilter.nf_conntrack_tcp_timeout_established = 3600" >> /etc/sysctl.d/alcasar.conf
# disable log_martians (ALCASAR is often installed between two private network addresses)
# disable log_martians (ALCASAR is often installed between two private network addresses)
echo "net.ipv4.conf.all.log_martians = 0" >> /etc/sysctl.d/alcasar.conf
# disable iptables_helpers
echo "net.netfilter.nf_conntrack_helper = 0" >> /etc/sysctl.d/alcasar.conf
2199,21 → 2199,21
$SED "s?^GRUB_DISTRIBUTOR=.*?GRUB_DISTRIBUTOR=ALCASAR?g" /etc/default/grub
[ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default
vm_vga=`lsmod | egrep -c "virtio|vmwgfx"` # test if in VM
if [ $vm_vga == 0 ] # is not a VM
if [ $vm_vga == 0 ] # is not a VM
then
cp -f $DIR_CONF/banner /etc/mageia-release # ALCASAR ASCII-Art
echo >> /etc/mageia-release
$SED "s?^GRUB_CMDLINE_LINUX_DEFAULT=\"?&vga=791 ?" /etc/default/grub
fi
if [ $Lang == "fr" ]
then
echo "Bienvenue sur ALCASAR V$VERSION" >> /etc/mageia-release
echo "Connectez-vous à l'URL 'https://alcasar.localdomain/acc'" >> /etc/mageia-release
else
echo "Welcome on ALCASAR V$VERSION" >> /etc/mageia-release
echo "Connect to 'https://alcasar.localdomain/acc'" >> /etc/mageia-release
fi
/usr/bin/update-grub2
cp -f $DIR_CONF/banner /etc/mageia-release # ALCASAR ASCII-Art
echo >> /etc/mageia-release
$SED "s?^GRUB_CMDLINE_LINUX_DEFAULT=\"?&vga=791 ?" /etc/default/grub
fi
if [ $Lang == "fr" ]
then
echo "Bienvenue sur ALCASAR V$VERSION" >> /etc/mageia-release
echo "Connectez-vous à l'URL 'https://alcasar.localdomain/acc'" >> /etc/mageia-release
else
echo "Welcome on ALCASAR V$VERSION" >> /etc/mageia-release
echo "Connect to 'https://alcasar.localdomain/acc'" >> /etc/mageia-release
fi
/usr/bin/update-grub2
# Load and apply the previous conf file
if [ "$mode" = "update" ]
then
2222,7 → 2222,7
PARENT_SCRIPT=`basename $0`
export PARENT_SCRIPT # to avoid stop&start process during the installation process
$DIR_DEST_BIN/alcasar-conf.sh --apply
$DIR_DEST_BIN/alcasar-file-clean.sh # Clean & sort conf files. Add uamallowed domains to the dns-blackhole conf
$DIR_DEST_BIN/alcasar-file-clean.sh # Clean & sort conf files. Add uamallowed domains to the dns-blackhole conf
$SED "s?^INSTALL_DATE=.*?INSTALL_DATE=$DATE?g" $CONF_FILE
$SED "s?^VERSION=.*?VERSION=$VERSION?g" $CONF_FILE
fi
2249,7 → 2249,7
echo "- Le centre de controle d'ALCASAR (ACC) est à l'adresse http://alcasar.localdomain"
echo
echo " Appuyez sur 'Entrée' pour continuer"
else
else
echo "# End of ALCASAR install process #"
echo "# #"
echo "# Application Libre pour le Contrôle Authentifié et Sécurisé #"
2321,7 → 2321,7
# Uninstall the running version
$DIR_SCRIPTS/alcasar-uninstall.sh -update
fi
# Test if manual update
# Test if manual update
if [ -e /tmp/alcasar-conf*.tar.gz ] && [ "$mode" == "install" ]
then
header_install
2338,13 → 2338,13
else echo -n "Do you want to use it (Y/n)?";
fi
read response
if [ "$response" = "n" ] || [ "$response" = "N" ]
if [ "$response" = "n" ] || [ "$response" = "N" ]
then rm -f /tmp/alcasar-conf*
fi
done
fi
# Test if update
if [ -e /tmp/alcasar-conf* ]
if [ -e /tmp/alcasar-conf* ]
then
if [ $Lang == "fr" ]
then echo "#### Installation avec mise à jour ####";
2351,7 → 2351,7
else echo "#### Installation with update ####";
fi
# Extract the central configuration file
tar -xf /tmp/alcasar-conf* conf/etc/alcasar.conf
tar -xf /tmp/alcasar-conf* conf/etc/alcasar.conf
ORGANISME=`grep ^ORGANISM= conf/etc/alcasar.conf|cut -d"=" -f2`
PREVIOUS_VERSION=`grep ^VERSION= conf/etc/alcasar.conf|cut -d"=" -f2`
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
2387,7 → 2387,7
if [ "$response" = "o" ] || [ "$response" = "O" ] || [ "$response" = "Y" ] || [ "$response" = "y" ]
then
$DIR_SCRIPTS/alcasar-conf.sh --create
else
else
rm -f /tmp/alcasar-conf*
fi
# Uninstall the running version

/scripts/alcasar-CA.sh
5,7 → 5,7
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
#
# Some ideas from "nessus-mkcert" script written by Renaud Deraison <deraison@cvs.nessus.org>
# Some ideas from "nessus-mkcert" script written by Renaud Deraison <deraison@cvs.nessus.org>
# and Michel Arboi <arboi@alussinan.org>
#
DIR_TMP=${TMPDIR-/tmp}/alcasar-mkcert.$$
170,7 → 170,7
hostname_len=`echo $hostname| wc -c`
if [ $hostname_len -gt 36 ];
then
hostname=`echo $hostname | cut -d '.' -f 1`
hostname=`echo $hostname | cut -d '.' -f 1`
fi
CAMAIL=ca@$hostname

/scripts/alcasar-activity_report.sh
150,7 → 150,7
elif [ $(echo $LINE_HTML | grep 'XXMAJCLAMAVXX' | wc -l) -eq 1 ]
then
VALUE=$(date -d @$(rpm -qa --queryformat "%{installtime} %{name}\n" | grep -E "clamav-db" | cut -d' ' -f1 ) "+%Y-%m-%d %H:%M:%S")
VALUE=$(date -d @$(rpm -qa --queryformat "%{installtime} %{name}\n" | grep -E "clamav-db" | cut -d' ' -f1 ) "+%Y-%m-%d %H:%M:%S")
echo ${LINE_HTML/XXMAJCLAMAVXX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ]
202,7 → 202,7
while read LOG_BL
do
if [ $(echo $LOG_BL | grep config | grep $PRIVATE_IP | wc -c) -ge 1 ]
then
then
#find the current blacklisted category
website_bl=$(echo $LOG_BL | cut -d' ' -f6)
250,7 → 250,7
TS_FILE=$(echo $LINE | cut -d':' -f1)
if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
then
then
COUNT_BL_INSTALLATION=$((COUNT_BL_INSTALLATION+1))
fi
272,41 → 272,41
cat $MODEL_CHARTJS | while read LINE_JS
do
#name of variable
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
then
echo ${LINE_JS/XXCONFXX/$CONF_BL_INSTALLATION} >> $HTML_REPORT
#chart type
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
then
echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT
#chart title
elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
then
then
echo ${LINE_JS/XXTITLEXX/"Sites bloqués au total"} >> $HTML_REPORT
#chart data
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
then
echo ${LINE_JS/XXDATAXX/$VALUE_BL_INSTALLATION_DATA} >> $HTML_REPORT
#color
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
then
echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
#labels
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
then
echo ${LINE_JS/XXLABELSXX/$VALUE_BL_INSTALLATION_LABEL} >> $HTML_REPORT
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
then
echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT
#display value of Y axis, only useful for chart bar
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
then
echo "" >> $HTML_REPORT
#display value of Y axis, only useful for chart bar
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
then
echo "" >> $HTML_REPORT
elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
then
echo "\"Nombre de site bloqué par la blacklist\"" >> $HTML_REPORT
else
339,7 → 339,7
TS_FILE=$(echo $LINE | cut -d':' -f1)
#select only elements between DATE_1 and DATE_2
if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
then
then
echo $LINE >> $TMP_BL_WEEK
fi
done
364,10 → 364,10
done
#get other categories (sum them all)
if [ $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc) -gt 0 ]
if [ $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc) -gt 0 ]
then
VALUE_BL_DATA="$VALUE_BL_DATA $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc)"
VALUE_BL_LABEL="$VALUE_BL_LABEL 'autre ($(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc))'"
VALUE_BL_DATA="$VALUE_BL_DATA $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc)"
VALUE_BL_LABEL="$VALUE_BL_LABEL 'autre ($(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc))'"
fi
#create chart pie in html file with javascript (chartjs.com)
381,11 → 381,11
cat $MODEL_CHARTJS | while read LINE_JS
do
#variable name
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
then
echo ${LINE_JS/XXCONFXX/$CONF_BL} >> $HTML_REPORT
#chart type
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
then
echo ${LINE_JS/XXTYPEXX/pie} >> $HTML_REPORT
#graph title
393,19 → 393,19
then
echo ${LINE_JS/XXTITLEXX/"Sites bloqués cette semaine"} >> $HTML_REPORT
#chart data
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
then
echo ${LINE_JS/XXDATAXX/$VALUE_BL_DATA} >> $HTML_REPORT
#color
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
then
echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
#labels
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
then
echo ${LINE_JS/XXLABELSXX/$VALUE_BL_LABEL} >> $HTML_REPORT
#display legend, only useful for chart pie
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
then
echo ${LINE_JS/XXLEGENDXX/true} >> $HTML_REPORT
#display value of Y axis, only useful for chart bar

/scripts/alcasar-archive.sh
5,12 → 5,12
# by Franck BOUIJOUX and REXY
# This script is distributed under the Gnu General Public License (GPL)
# Script permettant
# Script permettant
# - d'exporter dans un seul fichier les logs de traçabilités et la base des usagers (à des fins d'archivages).
# - Une fonction de chiffrement des logs a été implémentée dans ce script. Lisez la documentation d'exploitation pour l'activer.
# - nettoyage des archives supérieures à 1 an (365 jours)
# This script allows
# This script allows
# - export in one file the log files and user's base (in order to archive them).
# - a cypher fonction allows to protect these files. Read the exploitation documentation to enable it.
# - delete backup files older than one year (365 days)
21,14 → 21,14
#DIR_SERVICE="squid httpd firewall" # répertoires contenant des logs utiles à exporter
DIR_BASE="$DIR_SAVE/base" # répertoire de sauvegarde de la base de données usagers
DIR_ARCHIVE="$DIR_SAVE/archive" # répertoire de sauvegarde des archives de log
NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment
NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment
DIR_TMP="/tmp/traceability-$NOW" # Répertoire temporaire d'export
FILE="traceability-$NOW.tar.gz" # Nom du fichier de l'archive
EXPIRE_DAY=365 # Nbre de jour avant suppression des fichiers journaux
CRYPT="0" # chiffrement des logs ( 0=non / 1=oui) --> Si oui alors la signature est automatiquement activée
# log files encryption ( 0=no / 1=yes) --> if yes, the signature is automaticly enabled
# log files encryption ( 0=no / 1=yes) --> if yes, the signature is automaticly enabled
SIGN="0" # Signature/empreinte des logs ( 0=non / 1=oui ) ATTENTION : nécessite la clé privée !!!
# Signature of log files ( 0=no / 1=yes ) ATTENTION : need the private key !!!
# Signature of log files ( 0=no / 1=yes ) ATTENTION : need the private key !!!
GPG_USER="" # utilisateur autorisé à déchiffrer les logs. Sa clé publique doit être connu dans le portefeuille gnupg de root (/root/.gnupg)
# user allowed to decrypt the log files. Its public key must be known in the root keyring (/root/.gnupg)
44,9 → 44,9
function cleanup() {
# Nettoyage des fichiers archives
cd $DIR_SAVE
find . \( -mtime +$EXPIRE_DAY \) -a \( -name '*.gz' -o -name '*.sql' -o -name '' -o -name 'gpg' \) -exec rm -f {} \;
# Nettoyage des fichiers archives
cd $DIR_SAVE
find . \( -mtime +$EXPIRE_DAY \) -a \( -name '*.gz' -o -name '*.sql' -o -name '' -o -name 'gpg' \) -exec rm -f {} \;
} # end function cleanup
56,30 → 56,30
} # end function crypt
function archive() {
mkdir -p $DIR_ARCHIVE
mkdir -p $DIR_TMP
nb_files=`ls $DIR_LOG/firewall/traceability.log*.gz 2>/dev/null | wc -w`
if [ $nb_files -ne 0 ]; then
mv $(echo $(ls -rt $DIR_LOG/firewall/traceability.log*.gz | tail -n 1 -)) $DIR_TMP/traceability-HTTP-$NOW.gz
fi
nb_files=`ls $DIR_BASE/alcasar-users-database-*.sql.gz 2>/dev/null | wc -w`
if [ $nb_files -ne 0 ]; then
mv $(echo $(ls -rt $DIR_BASE/alcasar-users-database-*.sql.gz | tail -n 1 -)) $DIR_TMP/
fi
cd /var/log/nfsen/profiles-data/live/alcasar_netflow
nb_files=`find . -mtime -7 -name 'nfcapd.[0-9]*' | wc -l`
if [ $nb_files -ne 0 ]; then
find . -mtime -7 -name 'nfcapd.[0-9]*' | xargs tar -cf $DIR_TMP/traceability-ALL-$NOW.tar;
fi
cd /tmp/
nb_files=`ls traceability-$NOW/* 2>/dev/null | wc -w`
if [ $nb_files -ne 0 ]; then
tar cvzf /tmp/$FILE traceability-$NOW/*
else echo "no file to archive"
fi
mkdir -p $DIR_ARCHIVE
mkdir -p $DIR_TMP
nb_files=`ls $DIR_LOG/firewall/traceability.log*.gz 2>/dev/null | wc -w`
if [ $nb_files -ne 0 ]; then
mv $(echo $(ls -rt $DIR_LOG/firewall/traceability.log*.gz | tail -n 1 -)) $DIR_TMP/traceability-HTTP-$NOW.gz
fi
nb_files=`ls $DIR_BASE/alcasar-users-database-*.sql.gz 2>/dev/null | wc -w`
if [ $nb_files -ne 0 ]; then
mv $(echo $(ls -rt $DIR_BASE/alcasar-users-database-*.sql.gz | tail -n 1 -)) $DIR_TMP/
fi
cd /var/log/nfsen/profiles-data/live/alcasar_netflow
nb_files=`find . -mtime -7 -name 'nfcapd.[0-9]*' | wc -l`
if [ $nb_files -ne 0 ]; then
find . -mtime -7 -name 'nfcapd.[0-9]*' | xargs tar -cf $DIR_TMP/traceability-ALL-$NOW.tar;
fi
cd /tmp/
nb_files=`ls traceability-$NOW/* 2>/dev/null | wc -w`
if [ $nb_files -ne 0 ]; then
tar cvzf /tmp/$FILE traceability-$NOW/*
else echo "no file to archive"
fi
} # end archive
# Core script
# Core script
case $args in
-\? | -h* | --h*)
echo "$usage"
98,17 → 98,17
# Saving of the database
/usr/local/bin/alcasar-mysql.sh --dump
# Encryption of the archive
if [ -e /tmp/$FILE ]; then
if [ -e /tmp/$FILE ]; then
if [ $CRYPT -eq "1" ]; then
{
# 1 ) chiffrement/signature =1 ==> gpg --encrypt avec test de la clé présente
gpg --output $DIR_ARCHIVE/$FILE-crypt.gpg --armor --encrypt --recipient $GPG_USER /tmp/$FILE
gpg --output $DIR_ARCHIVE/$FILE-crypt.gpg --armor --encrypt --recipient $GPG_USER /tmp/$FILE
}
elif [ $SIGN -eq "1" ]; then
{
# 2) signature = 1 Chiffrement = 0 --> gpg --encrypt idem test de la clé présente
gpg --output $DIR_ARCHIVE/$FILE-sign.gpg --sign --recipient $GPG_USER /tmp/$FILE
gpg --output $DIR_ARCHIVE/$FILE-sign.gpg --sign --recipient $GPG_USER --detach-sign /tmp/$FILE
# 2) signature = 1 Chiffrement = 0 --> gpg --encrypt idem test de la clé présente
gpg --output $DIR_ARCHIVE/$FILE-sign.gpg --sign --recipient $GPG_USER /tmp/$FILE
gpg --output $DIR_ARCHIVE/$FILE-sign.gpg --sign --recipient $GPG_USER --detach-sign /tmp/$FILE
}
else
{
122,10 → 122,10
;;
--live | -l)
mkdir -p $DIR_ARCHIVE
mkdir -p /tmp/live
mkdir -p /tmp/live
gap=7
cd /var/log/nfsen/profiles-data/live/alcasar_netflow
find . -mtime -$gap -name 'nfcapd.[0-9]*' | xargs tar -cf /tmp/live/traceability-ALL-$NOW.tar;
find . -mtime -$gap -name 'nfcapd.[0-9]*' | xargs tar -cf /tmp/live/traceability-ALL-$NOW.tar;
# Saving of the database
/usr/local/bin/alcasar-mysql.sh --dump
mv $(echo $(ls -rt $DIR_BASE/alcasar-users-database-*.sql.gz | tail -n 1 -)) /tmp/live/

/scripts/alcasar-bl.sh
27,8 → 27,8
DIR_SHARE="/usr/local/share"
DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl" # all the BL in the DNSMASQ format
DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl" # all the WL ' ' '
DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL
DIR_IP_WL="$DIR_SHARE/iptables-wl" # IP ossi disabled WL
DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL
DIR_IP_WL="$DIR_SHARE/iptables-wl" # IP ossi disabled WL
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the domains BL (only enabled categories)
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' '
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories)
61,10 → 61,10
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG
$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines)
# process the file $BL_CATEGORIES with the choice of categories
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
# process the file $BL_CATEGORIES with the choice of categories
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
do
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE
ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE
78,10 → 78,10
chown root:apache $BL_CATEGORIES $BL_CATEGORIES_ENABLED
chmod 660 $BL_CATEGORIES $BL_CATEGORIES_ENABLED
# process the file $WL_CATEGORIES with the choice of categories
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`
# process the file $WL_CATEGORIES with the choice of categories
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`
do
$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES
$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES
ln -sf $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE
done
115,7 → 115,7
args=$1
if [ $nb_args -eq 0 ]
then
args="-h"
args="-h"
fi
case $args in
-\? | -h* | --h*)
129,7 → 129,7
if [ ! -e /tmp/con_ok.html ]
then
echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable"
else
else
rm -rf /tmp/con_ok.html $DIR_tmp
mkdir $DIR_tmp
wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz
146,7 → 146,7
echo -n "Adaptation process of Toulouse University blackList. Please wait : "
if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL
then
# keep custom files (ossi)
# keep custom files (ossi)
for x in $(ls -1 $DIR_DG_BL | grep "^ossi-*")
do
mv $DIR_DG_BL/$x $DIR_tmp
158,7 → 158,7
chmod -R 770 $DIR_DG
# Add the two local categories (ossi-bl & ossi-wl) to the usage file
# Add the custom categories (ossi-tor_nodes) to the usage file
cat << EOF >> $DIR_DG_BL/global_usage
cat << EOF >> $DIR_DG_BL/global_usage
NAME: ossi-bl
DEFAULT_TYPE: black
204,7 → 204,7
categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie$ $DIR_DG_BL/global_usage | grep ^DEFAULT_TYPE | cut -d":" -f2 | tr -d " \t"`
if [ "$categorie_type" == "white" ]
then
echo "$dir_categorie" >> $WL_CATEGORIES
echo "$dir_categorie" >> $WL_CATEGORIES
else
echo "$dir_categorie" >> $BL_CATEGORIES
fi
211,19 → 211,19
done
rm -f $FILE_tmp
# Verify that the enabled categories are effectively in the BL (need after an update of the BL)
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
do
ok=`grep /$ENABLE_CATEGORIE$ $BL_CATEGORIES|wc -l`
if [ $ok != "1" ]
if [ $ok != "1" ]
then
$SED "/^$ENABLE_CATEGORIE$/d" $BL_CATEGORIES_ENABLED
fi
done
# Verify that the enabled categories are effectively in the WL (need after an update of the WL)
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`
do
ok=`grep /$ENABLE_CATEGORIE$ $WL_CATEGORIES|wc -l`
if [ $ok != "1" ]
if [ $ok != "1" ]
then
$SED "/^$ENABLE_CATEGORIE$/d" $WL_CATEGORIES_ENABLED
fi
235,22 → 235,22
do
DOMAIN=`basename $PATH_FILE`
echo -n "$DOMAIN, "
if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist
if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist
then
touch $PATH_FILE/urls
chown dansguardian:apache $PATH_FILE/urls
fi
cp $PATH_FILE/domains $FILE_tmp
cp $PATH_FILE/domains $FILE_tmp
clean_split # clean ossi custom files & split them for dnsmasq and for iptables
if [ "$LIST" == "$BL_CATEGORIES" ]
then
# adapt to the dnsmasq syntax for the blacklist
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
else
# adapt to the dnsmasq syntax for the whitelist
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
fi
done
257,7 → 257,7
done
echo
chown -R root:apache $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
chmod 770 $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
chmod 770 $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
chmod -f 660 $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL/* $DIR_DNS_WL/* $DIR_IP_BL/* $DIR_IP_WL/*
rm -f $FILE_tmp $FILE_ip_tmp
rm -rf $DIR_tmp
281,12 → 281,12
if [ $black == "1" ]
then
# adapt to the dnsmasq syntax for the blacklist
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
else
# adapt to the dnsmasq syntax for the whitelist
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
mv $FILE_ip_tmp $DIR_IP_WL/$DOMAIN
fi
297,9 → 297,9
/usr/bin/systemctl restart dansguardian
/usr/local/bin/alcasar-iptables.sh
else
echo -n "/usr/local/etc/update_cat.conf is empty ..."
echo -n "/usr/local/etc/update_cat.conf is empty ..."
fi
echo
echo
;;
# reload when selected categories are changed or when ossi change his custom files
-reload | --reload)
343,13 → 343,13
then
# adapt the file to the dnsmasq syntax and enable it if needed
# for the WL
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_WL/$ossi_categorie.conf
mv $FILE_ip_tmp $DIR_IP_WL/$ossi_categorie
enabled=`grep ^$ossi_categorie$ $WL_CATEGORIES_ENABLED | wc -l`
if [ $enabled == "1" ]
then
$SED "/\/$ossi_categorie$/d" $WL_CATEGORIES
$SED "/\/$ossi_categorie$/d" $WL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $WL_CATEGORIES
ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie
ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie
356,13 → 356,13
fi
else
# for the BL
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_BL/$ossi_categorie.conf
mv $FILE_ip_tmp $DIR_IP_BL/$ossi_categorie
enabled=`grep ^$ossi_categorie$ $BL_CATEGORIES_ENABLED | wc -l`
if [ $enabled == "1" ]
then
$SED "/\/$ossi_categorie$/d" $BL_CATEGORIES
$SED "/\/$ossi_categorie$/d" $BL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $BL_CATEGORIES
ln -sf $DIR_DNS_BL/$ossi_categorie.conf $DIR_DNS_BL_ENABLED/$ossi_categorie
ln -sf $DIR_IP_BL/$ossi_categorie $DIR_IP_BL_ENABLED/$ossi_categorie

/scripts/alcasar-bypass.sh
32,8 → 32,8
ifup $INTIF
sh /usr/local/bin/alcasar-iptables-bypass.sh
DHCP=`grep ^DHCP= $CONF_FILE|cut -d"=" -f2`
if [ $DHCP != off ]
then
if [ $DHCP != off ]
then
$SED "/^#dhcp-range=/s/^#//" /etc/dnsmasq.conf # dnsmasq become the DHCP server
$SED "/^#dhcp-option=/s/^#//" /etc/dnsmasq.conf
$SED "/^#domain=/s/^#//" /etc/dnsmasq.conf
41,7 → 41,7
/usr/bin/systemctl restart dnsmasq
fi
rm -f /etc/cron.d/alcasar-daemon-watchdog # don't restart daemons (specially coova)
rm -f /etc/cron.d/alcasar-daemon-watchdog # don't restart daemons (specially coova)
echo "ALCASAR est en mode 'bypass'"
echo "ALCASAR is in 'bypass' mode"
;;
48,7 → 48,7
--off | -off)
cp -f /etc/sysconfig/network-scripts/default-ifcfg-$INTIF /etc/sysconfig/network-scripts/ifcfg-$INTIF
ifup $INTIF
$SED "s?^dhcp-range=.*?#&?g" /etc/dnsmasq.conf # dnsmasq is no more the DHCP server (it's coova)
$SED "s?^dhcp-range=.*?#&?g" /etc/dnsmasq.conf # dnsmasq is no more the DHCP server (it's coova)
$SED "s?^dhcp-option=.*?#&?g" /etc/dnsmasq.conf
$SED "s?^domain=.*?#&?g" /etc/dnsmasq.conf
$SED "/^#no-dhcp-interface/s/^#//" /etc/dnsmasq.conf

/scripts/alcasar-certificates.sh
6,10 → 6,10
# by Franck BOUIJOUX and REXY
# This script is distributed under the Gnu General Public License (GPL)
# Script permettant
# Script permettant
# - d'exporter les certificats d'un serveur pour les transposer sur un autre.
# This script allows
# This script allows
# - export certificates server to move them.
30,19 → 30,19
fi
NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment
NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment
FILE="certificates-$NOW"
DIR_SAVE=$DIR_SAVE-$NOW
# Function of export
# Function of export
function certs_export() {
# Export of CA Certificate
# Export of CA Certificate
cd /root
tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
# Export of server Certificate
tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}
gzip $FILE.tar
# Export of server Certificate
tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}
gzip $FILE.tar
echo "Le ficher des certificats exportés est : $FILE.tar.gz"
} # end function export
51,16 → 51,16
# Sauvegarde de la pki actuelle
[ -d $DIR_SAVE ] || mkdir $DIR_SAVE
# Save of CA Certificate
# Save of CA Certificate
cd $DIR_PKI/CA/
cp alcasar-ca.crt $DIR_SAVE/.
cp private/alcasar-ca.key $DIR_SAVE/.
cp alcasar-ca.crt $DIR_SAVE/.
cp private/alcasar-ca.key $DIR_SAVE/.
# Save of server Certificate
# Save of server Certificate
cd $DIR_PKI/tls
cp certs/alcasar.crt $DIR_SAVE/.
cp private/alcasar.key $DIR_SAVE/.
cp certs/server-chain.crt $DIR_SAVE/.
cp certs/alcasar.crt $DIR_SAVE/.
cp private/alcasar.key $DIR_SAVE/.
cp certs/server-chain.crt $DIR_SAVE/.
} # end function archive
function import() {
71,7 → 71,7
[ -d $DIR_IMPORT ] || mkdir $DIR_IMPORT
rm -rf $DIR_IMPORT/*
# Import of CA Certificate
# Import of CA Certificate
tar xzvf $1 --directory=$DIR_IMPORT
echo "Import new certificates in ALCASAR !!!"
cp -r $DIR_IMPORT/* /.
80,9 → 80,9
# Service apache restart
service httpd restart
else
echo "You are not import new certificates !!!"
exit 0
else
echo "You are not import new certificates !!!"
exit 0
fi
} # end import
101,7 → 101,7
if [ $nb_args -eq 1 ]
then
echo "Il faut passer un fichier de certificat en paramètre !!!"
exit 0
exit 0
fi
import $2
;;

/scripts/alcasar-daemon.sh
19,7 → 19,7
then
logger -i "!! $s is inactive. Activation attempt"
echo "the $s service is disabled! trying to start it..."
/usr/bin/systemctl start $s.service
/usr/bin/systemctl start $s.service
else
nb_srv=$((nb_srv+1))
fi
28,13 → 28,13
nb_srv=0
for s in $SERVICES
do
if [ $s != "sshd" ]
if [ $s != "sshd" ]
then
ServiceTest
else
{
if [ $SSH == "ON" ] || [ $SSH == "on" ] || [ $SSH == "On" ]
then
then
ServiceTest
else
nb_available_srv=$((nb_available_srv-1))

/scripts/alcasar-dhcp.sh
54,15 → 54,15
$SED "s?^dynip.*?#dynip?g" $CHILLI_CONF_FILE
$SED "s?^#dynip.*?#dynip?g" $CHILLI_CONF_FILE
$SED "s?^DHCP.*?DHCP=off?g" $ALCASAR_CONF_FILE
if [ "$EXT_DHCP_IP" != "none" ]
if [ "$EXT_DHCP_IP" != "none" ]
then
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcprelayagent.*?dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcprelayagent.*?dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
else
$SED "s?.*dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?.*dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
fi
/usr/bin/systemctl restart chilli
;;

/scripts/alcasar-file-clean.sh
25,7 → 25,7
# remove empty lines and put rights
for file in $ALCASAR_SERVICES $ALCASAR_IP_BLOCKED $ALCASAR_CONF $ALCASAR_UAMDOMAIN $ALCASAR_UAMALLOWED
do
$SED "/^$/d" $file
$SED "/^$/d" $file
chown root:apache $file
chmod 660 $file
done
36,10 → 36,10
for domain in $(cat $ALCASAR_UAMDOMAIN | cut -d' ' -f1)
do
domain_exception="server=/$(echo $domain | cut -d'"' -f2)/#"
sed -i "/conf-file/a$domain_exception" /etc/dnsmasq-blackhole.conf
domain_exception="server=/$(echo $domain | cut -d'"' -f2)/#"
sed -i "/conf-file/a$domain_exception" /etc/dnsmasq-blackhole.conf
done
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't restart on install stage
then
systemctl restart dnsmasq-blackhole
fi
fi

/scripts/alcasar-generate_log.sh
35,8 → 35,8
if [ $nb_args -eq 1 ]
then
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct ORDER BY acctstarttime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
SECTION_LOG="Extraction de tous les journaux"
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct ORDER BY acctstarttime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
SECTION_LOG="Extraction de tous les journaux"
fi
if [ $nb_args -eq 2 ]
43,13 → 43,13
then
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct WHERE acctstarttime >= '$2' ORDER BY acctstarttime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
echo $QUERY
SECTION_LOG="Extraction des journaux à partir du $2"
SECTION_LOG="Extraction des journaux à partir du $2"
fi
if [ $nb_args -eq 3 ]
then
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct WHERE acctstarttime >= '$2' AND acctstarttime <= '$3' ORDER BY acctstoptime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
SECTION_LOG="Extraction des journaux entre $2 et $3"
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct WHERE acctstarttime >= '$2' AND acctstarttime <= '$3' ORDER BY acctstoptime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
SECTION_LOG="Extraction des journaux entre $2 et $3"
fi
if [ $nb_args -eq 0 ]
61,8 → 61,8
if [ $nb_args -gt 3 ]
then
echo $usage
exit
echo $usage
exit
fi
if [ -e $TMP_SQL ]
77,7 → 77,7
if [ -e $ARCHIVE_LOCATION ]
then
rm $ARCHIVE_LOCATION
rm $ARCHIVE_LOCATION
fi
106,7 → 106,7
LOG_M1=$(echo $LOG_DATE1 | cut -d'-' -f2)
LOG_D1=$(echo $LOG_DATE1 | cut -d'-' -f3 | cut -d' ' -f1)
LOG_H1=$(echo $LOG_DATE1 | cut -d'-' -f3 | cut -d' ' -f2)
LOG_Y2=$(echo $LOG_DATE2 | cut -d'-' -f1)
LOG_M2=$(echo $LOG_DATE2 | cut -d'-' -f2)
LOG_D2=$(echo $LOG_DATE2 | cut -d'-' -f3 | cut -d' ' -f1)
115,7 → 115,7
DUMP=$(nfdump -O tstart -R /var/log/nfsen/profiles-data/live/alcasar_netflow/ -t $LOG_Y1/$LOG_M1/$LOG_D1.$LOG_H1-$LOG_Y2/$LOG_M2/$LOG_D2.$LOG_H2 -o "fmt:<tr><td class='numberLine'></td><td>%sa</td><td>%sp</td><td>%da</td><td>%dp</td><td>%ts</td></tr>" | tail -n +2 | head -n -4 | grep "$LOG_IP")
if [ ! -z "$DUMP" ]
then
echo "<div class='container'> " >> $TMP_HTML
echo "<div class='container'> " >> $TMP_HTML
echo "<table class='table table-striped'>" >> $TMP_HTML
echo "<thead>" >> $TMP_HTML
echo "<tr>" >> $TMP_HTML
137,7 → 137,7
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f6) "</td>" >> $TMP_HTML
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f8) "</td>" >> $TMP_HTML
echo "</tr></tbody></table></div>" >> $TMP_HTML
echo "<div class='container mySpace'> " >> $TMP_HTML
echo "<div class='container mySpace'> " >> $TMP_HTML
echo "<table class='table table-striped'>" >> $TMP_HTML
echo "<thead>" >> $TMP_HTML
echo "<tr>" >> $TMP_HTML
156,11 → 156,11
echo "</body>" >> $TMP_HTML
echo "</HTML>" >> $TMP_HTML
#inform users about that by setting the fourth bit of Filter-Id at 1.
#inform users about that by setting the fourth bit of Filter-Id at 1.
QUERY="SELECT username from radreply INTO OUTFILE '$TMP_USERS' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
mysql -u root -p"$DB_ROOT_PW" -D radius -e "$QUERY"
if [ -e $TMP_USERS ] && [ $(cat $TMP_USERS | wc -l) -gt 0 ]
if [ -e $TMP_USERS ] && [ $(cat $TMP_USERS | wc -l) -gt 0 ]
then
for user in $(cat $TMP_USERS)
do
175,7 → 175,7
/usr/bin/7za a -tzip -p$1 -mem=AES256 $ARCHIVE_LOCATION $TMP_PDF
chown apache:apache $ARCHIVE_LOCATION
chown apache:apache $ARCHIVE_LOCATION
rm $TMP_HTML
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id
\ No newline at end of property

/scripts/alcasar-https.sh
28,7 → 28,7
echo "$usage"
exit 0
;;
--off | -off) # disable HTTPS
--off | -off) # disable HTTPS
$SED "s?^HTTPS_LOGIN=.*?HTTPS_LOGIN=off?" $CONF_FILE
$SED "s?^HTTPS_CHILLI=.*?HTTPS_CHILLI=off?" $CONF_FILE
$SED "s?uamserver.*?uamserver\thttp://$HOSTNAME.$DOMAIN/intercept.php?" $CHILLI_CONF_FILE

/scripts/alcasar-importcert.sh
57,7 → 57,7
domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' | sed 's/^.//'`
echo "fqdn=$fqdn hostname=$hostname domain=$domain"
#check fqdn format
#check fqdn format
if [[ "$fqdn" != "" && "$domain" != "" ]]; then
$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf

/scripts/alcasar-iptables-bypass.sh
55,7 → 55,7
# Insertion de règles de blocage (Devel)
# Here, we add block rules (Devel)
if [ -s /usr/local/etc/alcasar-ip-blocked ]; then
if [ -s /usr/local/etc/alcasar-ip-blocked ]; then
while read ip_line
do
ip_on=`echo $ip_line|cut -b1`
68,7 → 68,7
done < /usr/local/etc/alcasar-ip-blocked
fi
# SSHD rules if activate
# SSHD rules if activate
if [ $SSH = on ]
then
$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j NFLOG --nflog-group 2 --nflog-prefix "RULE ssh-from-LAN -- ACCEPT"
79,7 → 79,7
# Insertion de règles locales
# Here, we add local rules (i.e. VPN from Internet)
if [ -f /usr/local/etc/alcasar-iptables-local.sh ]; then
. /usr/local/etc/alcasar-iptables-local.sh
. /usr/local/etc/alcasar-iptables-local.sh
fi
# on autorise les requêtes dhcp

/scripts/alcasar-iptables.sh
7,10 → 7,10
# Reminders
# There are four channels for log :
# 1 tracability of the consultation equipment with The 'Netflow' kernel module (iptables target = NETFLOW);
# 2 protection of ALCASAR with the Ulog group 1 (default group)
# 2 protection of ALCASAR with the Ulog group 1 (default group)
# 3 SSH on ALCASAR with the Ulog group 2;
# 4 extern access attempts on ALCASAR with the Ulog group 3.
# The bootps/dhcp (67) port is always open on tun0/INTIF by coova
# The bootps/dhcp (67) port is always open on tun0/INTIF by coova
CONF_FILE="/usr/local/etc/alcasar.conf"
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
35,7 → 35,7
DNSSERVERS="$dns1,$dns2" # first and second public DNS servers
BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP
WL_IP_CAT="/usr/local/share/iptables-wl-enabled" # categories files of the WhiteListed IP
TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set
TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set
TMP_set_save="/tmp/ipset_save" # tmp file for blacklist and whitelist creation
SSH=`grep ^SSH= $CONF_FILE|cut -d"=" -f2` # sshd active (on/off)
SSH=${SSH:=off}
129,7 → 129,7
ipset -! restore < $TMP_set_save
rm -f $TMP_set_save
# Restoration des SET des utilisateurs connectés si ils existent sinon création des SET
# Restoration des SET des utilisateurs connectés si ils existent sinon création des SET
# Restoring the connected users SETs if available, otherwise creating SETs
if [ -e $TMP_users_set_save ];
then
188,7 → 188,7
# redirect DNS of 'havp_wl' users to port 55
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_wl src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 55
# Journalisation HTTP_Internet des usagers 'havp_bl' (paquets SYN uniquement). Les autres protocoles sont journalisés en FORWARD par netflow.
# Journalisation HTTP_Internet des usagers 'havp_bl' (paquets SYN uniquement). Les autres protocoles sont journalisés en FORWARD par netflow.
# Log Internet HTTP of 'havp_bl' users" (only syn packets). Other protocols are logged in FORWARD by netflow
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl src ! -d $PRIVATE_IP -p tcp --dport http -m state --state NEW -j NFLOG --nflog-group 1 --nflog-prefix "RULE F_http -- ACCEPT "
230,7 → 230,7
$IPTABLES -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPTABLES -A INPUT -p tcp -m tcp ! --syn -m state --state NEW -j DROP
# Si configéré, on autorise les réponses DHCP
# Si configéré, on autorise les réponses DHCP
# Allow DHCP answers if configured
public_ip_mask=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` # ALCASAR WAN IP address
if [[ "$public_ip_mask" == "dhcp" ]]
239,7 → 239,7
$IPTABLES -A OUTPUT -o $EXTIF -p udp --dport 68 -j ACCEPT
fi
# On rejette les trame en broadcast et en multicast sur EXTIF (évite leur journalisation)
# Drop broadcast & multicast on EXTIF to avoid log
# Drop broadcast & multicast on EXTIF to avoid log
$IPTABLES -A INPUT -m addrtype --dst-type BROADCAST,MULTICAST -j DROP
# On autorise les retours de connexions légitimes par INPUT
250,7 → 250,7
# Deny direct connections on DansGuardian port (8080). The concerned paquets have been marked and logged in mangle table (PREROUTING)
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport 8080 -m mark --mark 1 -j REJECT --reject-with tcp-reset
# Autorisation des connexions légitimes à DansGuardian
# Autorisation des connexions légitimes à DansGuardian
# Allow connections for DansGuardian
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8080 -m state --state NEW --syn -j ACCEPT
258,7 → 258,7
# Deny direct connections on tinyproxy port (8090). The concerned paquets have been marked in mangle table (PREROUTING)
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport 8090 -m mark --mark 2 -j REJECT --reject-with tcp-reset
# Autorisation des connexions légitimes vers tinyproxy
# Autorisation des connexions légitimes vers tinyproxy
# Allow connections to tinyproxy
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8090 -m state --state NEW --syn -j ACCEPT
294,7 → 294,7
# Accès direct aux services internes
# Internal services access
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p udp --dport domain -j ACCEPT # DNS
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p udp --dport domain -j ACCEPT # DNS
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport domain -j ACCEPT # DNS
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p icmp --icmp-type 8 -j ACCEPT # Réponse ping # ping responce
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p icmp --icmp-type 0 -j ACCEPT # Requête ping # ping request
303,7 → 303,7
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport 3990:3991 -j ACCEPT # Requêtes de deconnexion usagers # Users logout requests
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p udp --dport ntp -j ACCEPT # Serveur local de temps # local time server
# SSHD rules if activate
# SSHD rules if activate
if [ $SSH = on ]
then
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j NFLOG --nflog-group 2 --nflog-prefix "RULE ssh-from-LAN -- ACCEPT"
315,7 → 315,7
# Insertion de règles locales
# Here, we add local rules (i.e. VPN from Internet)
if [ -f /usr/local/etc/alcasar-iptables-local.sh ]; then
. /usr/local/etc/alcasar-iptables-local.sh
. /usr/local/etc/alcasar-iptables-local.sh
fi
# Journalisation et rejet des connexions (autres que celles autorisées) effectuées depuis le LAN
352,11 → 352,11
# Allow Conntrack
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# Compute uamallowed IP (IP address of equipments connected between ALCASAR and Internet (DMZ, own servers, ...)
# Compute uamallowed IP (IP address of equipments connected between ALCASAR and Internet (DMZ, own servers, ...)
nb_uamallowed=`wc -l /usr/local/etc/alcasar-uamallowed | cut -d" " -f1`
if [ $nb_uamallowed != "0" ]
then
while read ip_allowed_line
while read ip_allowed_line
do
ip_allowed=`echo $ip_allowed_line|cut -d"\"" -f2`
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j NETFLOW
421,7 → 421,7
$IPTABLES -A FORWARD -i $TUNIF -m set --match-set proto_3 src -s $PRIVATE_NETWORK_MASK -p udp -m multiport ! --dports $custom_udp_protocols_list -m state --state NEW -j REJECT --reject-with icmp-port-unreachable
fi
# journalisation et autorisation des connections sortant du LAN
# journalisation et autorisation des connections sortant du LAN
# Allow forward connections with log
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j NETFLOW
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j ACCEPT
433,7 → 433,7
# Everything is allowed but traffic through outside network interface
$IPTABLES -A OUTPUT ! -o $EXTIF -j ACCEPT
# Si configéré, on autorise les requêtes DHCP
# Si configéré, on autorise les requêtes DHCP
# Allow DHCP requests if configured
public_ip_mask=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` # ALCASAR WAN IP address
if [[ "$public_ip_mask" == "dhcp" ]]
442,7 → 442,7
$IPTABLES -A OUTPUT -o $EXTIF -p udp --dport 67 -j ACCEPT
fi
# On autorise les requêtes DNS vers les serveurs DNS identifiés
# On autorise les requêtes DNS vers les serveurs DNS identifiés
# Allow DNS requests to identified DNS servers
$IPTABLES -A OUTPUT -o $EXTIF -d $DNSSERVERS -p udp --dport domain -m state --state NEW -j ACCEPT
459,17 → 459,17
# RSYNC requests are allowed (to update BL of Toulouse)
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport rsync -j ACCEPT
# On autorise les requêtes FTP
# On autorise les requêtes FTP
# FTP requests are allowed
modprobe nf_conntrack_ftp
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
# On autorise les requêtes NTP
# On autorise les requêtes NTP
# NTP requests are allowed
$IPTABLES -A OUTPUT -o $EXTIF -p udp --dport ntp -j ACCEPT
# On autorise les requêtes ICMP (ping)
# On autorise les requêtes ICMP (ping)
# ICMP (ping) requests are allowed
$IPTABLES -A OUTPUT -o $EXTIF -p icmp --icmp-type 8 -j ACCEPT
489,4 → 489,3
$IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE
# End of script

/scripts/alcasar-load_balancing.sh
48,7 → 48,7
if [ $(whoami) != "root" ]; then
echo "You must be root to run this!" ; echo ; exit 1
echo "You must be root to run this!" ; echo ; exit 1
fi
# Adapter for ALCASAR project
104,7 → 104,7
fi # End
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`"
if [ "$PARAM" == "add" ]; then
if [ "$PARAM" == "add" ]; then
set -x
table=$(($i + 1))
ip route ${PARAM} ${NET} dev ${IFACE} src ${IP} table $table
124,7 → 124,7
i=$(($i + 1))
done # End While
if [ "$PARAM" == "add" ]; then
if [ "$PARAM" == "add" ]; then
echo "[] Balanced routing:"
# suppress default route
ip route del default scope global
133,7 → 133,7
set +x
echo
fi
} # end create_eth
###########################
144,7 → 144,7
echo $IFACE_COUNT
while [ $IFACE_COUNT -ne 0 ]
do
i=$IFACE_COUNT
i=$IFACE_COUNT
echo "ifdown $EXTIF:$i"
ifdown $EXTIF:$i
rm -f /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i
153,21 → 153,21
ip route del default scope global
# ip route add default gw 192.168.1.1
}
# do not modify below this line unless you know what you're doing :)
function getvalue() {
index=$1
VAR=$2
index=$1
VAR=$2
n=1
for f in ${VAR} ; do
if [ "${n}" == "${index}" ]; then
echo "$f"
break
fi
n=$(($n++))
done
n=1
for f in ${VAR} ; do
if [ "${n}" == "${index}" ]; then
echo "$f"
break
fi
n=$(($n++))
done
}
######################
178,7 → 178,7
echo "[] Watchdog started"
# 0 == all links ok, 1 == some link down
STATE=0
DOWNCOUNT_BAK=0
DOWN_BAK=""
NBIFACE=`grep "^WAN" $CONF_FILE | wc -l` # Nbre interfaces virtuelles
195,12 → 195,12
echo "Liste des interfaces : "${WANIFACE[*]}
# Failover test
while : ; do
if [ $VERBOSE -eq 1 ]; then
echo "[] Sleeping, state=$STATE"
fi
sleep $FAILOVER
IFINDEX=1
DOWN="" # liste des interfaces down
DOWNCOUNT=0 # nombre d'interface down
214,7 → 214,7
WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @WT
else
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW
fi
fi
for TESTIP in $TESTIPS ; do
COUNT=$(($COUNT + 1))
ping -W 3 -I $IP -c 1 $TESTIP > /dev/null 2>&1
222,7 → 222,7
# Si ping de la première adresse --> ok --> stop du test pour l'interface testée
if [ $? -eq 0 ]; then
break
else
else
# sinon on compte une erreur
FAIL=$(($FAIL + 1))
fi
248,7 → 248,7
echo "IFINDEX =$IFINDEX"
done # End Test Interface in WANIFACE
# 0 Passerelle down et état précédent différent (retour à la normale)) --> mise à la normale des passerelles
# 0 Passerelle down et état précédent différent (retour à la normale)) --> mise à la normale des passerelles
# if [ $DOWNCOUNT -eq 0 ] && [ $DOWNCOUNT -ne $DOWNCOUNT_BAK ]; then
if [ $DOWNCOUNT -eq 0 ] ; then
if [ $STATE -eq 1 ]; then
279,13 → 279,13
echo "iface=$iface"
echo "Index = " $IFINDEX
FAILIF=0
# Pour chaque interface down -->
# Pour chaque interface down -->
echo "Interfaces DOWN = $DOWN"
for lnkdwn in $DOWN ; do
echo "LINKDOWN = "$lnkdown
if [ $lnkdwn -eq $IFINDEX ]; then
FAILIF=1
break
break
else
continue
fi
298,7 → 298,7
WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @GW
else
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW
fi
fi
echo "GW=$GW"
echo "WT=$WT"
echo "suffix=$sufix"
308,7 → 308,7
done # End iface IN WANIFACE
# Commande globale
cmd="ip route replace default scope global $suffix"
if [ $VERBOSE -eq 1 ]; then
set -x
# echo "Avec commentaire : " ${cmd}
321,7 → 321,7
fi # end Application de la commande de routage globale
fi #
DOWN_BAK=$DOWN # Enregistrement de l'etat
fi # End
fi # End
done
} # End of Failover
336,70 → 336,70
echo
case $1 in
create)
create_eth
create)
create_eth
;;
delete)
delete_eth
delete)
delete_eth
;;
start)
if [ "$MULTIWAN" != "on" ] && [ "$MULTIWAN" != "On" ]; then
start)
if [ "$MULTIWAN" != "on" ] && [ "$MULTIWAN" != "On" ]; then
echo "The MultiGateway is not activated !"
exit 0
fi
PARAM="add"
create_eth
ip route flush cache
if [ $FAILOVER -eq 0 ]; then
PARAM="add"
create_eth
ip route flush cache
if [ $FAILOVER -eq 0 ]; then
echo "The MultiWAN Mode is actived but not failover connectivity !"
exit 0
fi
echo "Starting down $prog: "
pid=`pidof -x "alcasar-load_balancing.sh"`
if [ $pid != "" ]; then
echo $pid > $pidfile
fi
touch /var/lock/subsys/alcasar-load_balancing
failover
echo "Starting down $prog: "
pid=`pidof -x "alcasar-load_balancing.sh"`
if [ $pid != "" ]; then
echo $pid > $pidfile
fi
touch /var/lock/subsys/alcasar-load_balancing
failover
;;
stop)
stop)
PARAM="del"
echo "Shutting down $prog: "
if [ -f $pidfile ]; then
pid=`cat $pidfile`
kill -9 $pid
else
echo "$prog is not running."
exit 1
fi
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $pidfile && rm -f /var/lock/subsys/alcasar-load_balancing
echo "Delete of virtual interfaces"
delete_eth
echo "Network restart"
service network restart 2>&1 > /dev/null
ip route
if [ -f $pidfile ]; then
pid=`cat $pidfile`
kill -9 $pid
else
echo "$prog is not running."
exit 1
fi
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $pidfile && rm -f /var/lock/subsys/alcasar-load_balancing
echo "Delete of virtual interfaces"
delete_eth
echo "Network restart"
service network restart 2>&1 > /dev/null
ip route
;;
status)
echo "Checking $prog : "
if [ -f $pidfile ]; then
pid=`cat $pidfile`
CHECK=`ps -p $pid --no-heading | awk {'printf $1'}`
if [ "$CHECK" = "" ]; then
echo "$prog is NOT running."
else
echo "$prog is running !"
fi
else
echo "$prog is Not running."
fi
echo "Checking $prog : "
if [ -f $pidfile ]; then
pid=`cat $pidfile`
CHECK=`ps -p $pid --no-heading | awk {'printf $1'}`
if [ "$CHECK" = "" ]; then
echo "$prog is NOT running."
else
echo "$prog is running !"
fi
else
echo "$prog is Not running."
fi
;;
fail)
failover
fail)
failover
;;
*)
*)
echo "Usage: $0 [start|stop|status|create|delete]" ; echo ; exit 1
;;
esac

/scripts/alcasar-profil.sh
20,16 → 20,16
for i in $ALL_PROFILS
do
if [ $Lang == "fr" ]
then
then
echo -n "Comptes liés au profil '$i' : "
else
echo -n "accounts linked with profile '$i' : "
echo -n "accounts linked with profile '$i' : "
fi
account_list=`cat $DIR_KEY/key_only_$i | cut -d':' -f1|sort`
for account in $account_list
do
echo -n "$account "
echo -n "$account "
done
echo
done
78,11 → 78,11
echo "$usage"
exit 0
;;
--add|-a)
--add|-a)
# ajout d'un compte
list
if [ $Lang == "fr" ]
then
then
echo -n "Choisissez un profil ($ALL_PROFILS) : "
else
echo -n "Select a profile ($ALL_PROFILS) : "
92,7 → 92,7
then
echo -n "Entrez le nom du compte à créer (profil '$profil') : "
else
echo "Enter the name of the account to create (profile '$profil') : "
echo "Enter the name of the account to create (profile '$profil') : "
fi
read account
# on teste s'il n'existe pas déjà

/scripts/alcasar-rpm-download.sh
9,7 → 9,7
# retrieve needed RPM in a tarball file
VERSION="5"
ARCH="x86_64"
ARCH="x86_64"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man kernel-firmware-nonfree dos2unix p7zip bc msec kernel-userspace-headers"
43,7 → 43,7
for i in $*
do
if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ]
then
then
ARCH=`echo $i|cut -d"=" -f2`
fi
done
65,7 → 65,7
do
try_nb=`expr $try_nb + 1`
MIRRORLIST="MIRRORLIST$try_nb"
rpm_repository_sync
rpm_repository_sync
nb_repository=`cat /etc/urpmi/urpmi.cfg|grep mirrorlist|wc -l`
if [ "$nb_repository" != "4" ]
then
84,7 → 84,7
do
read response
done
if [ "$response" = "n" ] || [ "$response" = "N" ]
if [ "$response" = "n" ] || [ "$response" = "N" ]
then
exit 1
fi
98,7 → 98,7
echo -n "."
done
urpmi --clean
# download RPM in cache
# download RPM in cache
echo "Récupération des paquetages de mise à jour. Veuillez patienter ..."
echo "Updated RPM download. Please wait ..."
echo "Il est temps d'aller prendre un café :-) "

/scripts/alcasar-sms.sh
41,9 → 41,9
end="%%%%%%%%%% STOP %%%%%%%%%%"
usage="Usage: alcasar-gammu.sh
usage="Usage: alcasar-gammu.sh
Start Gammu-smsd : --start
Stop Gammu-smsd : --stop
Stop Gammu-smsd : --stop
Process on new sms : --new_sms"
78,7 → 78,7
then
sql_add_gp="connect radius; INSERT INTO $radgp (username,groupname) VALUES ('sms','sms');"
sql_add_gp_att="connect radius; INSERT INTO $radgpck (groupname,attribute,op,value) VALUES ('sms','Simultaneous-Use',':=',1);"
mysql --user=$u_db --password=$p_db -B -se "$sql_add_gp"
mysql --user=$u_db --password=$p_db -B -se "$sql_add_gp_att"
fi
99,11 → 99,11
#Suppression du numero dans la table SMS_ban_perm
sql_remove_ban_perm="connect gammu; DELETE FROM $sms_p"
mysql --user=$u_db --password=$p_db -B -se "$sql_remove_ban_perm WHERE SenderNumber=$1;"
# Ajout au groupe sms
sql_remove_gp="connect radius; DELETE FROM $radgp WHERE username='$1';"
mysql --user=$u_db --password=$p_db -B -se "$sql_remove_gp"
# Suppression du compte dans Radcheck
sql_remove_compte="connect radius; DELETE FROM $rad WHERE username='$1';"
mysql --user=$u_db --password=$p_db -B -se "$sql_remove_compte"
136,21 → 136,21
# Ajout table RadCheck : creation du compte
sql_add_pass="connect radius; INSERT INTO $rad (username,attribute,op,value) VALUES ('$1','Crypt-Password',':=','$2');"
sql_add_expe="connect radius; INSERT INTO $rad (username,attribute,op,value) VALUES ('$1','Expiration',':=','$3');"
mysql --user=$u_db --password=$p_db -B -se "$sql_add_pass"
mysql --user=$u_db --password=$p_db -B -se "$sql_add_expe"
# Ajout au groupe sms
sql_add_gp="connect radius; INSERT INTO $radgp (username,groupname) VALUES ('$1','sms');"
mysql --user=$u_db --password=$p_db -B -se "$sql_add_gp"
} # end function add_acc_rad()
function supp_num_temp() {
# Suppression du numéro dans table SMS_ban_temp
sql_remove_ban_temp="connect gammu; DELETE FROM $sms_t"
mysql --user=$u_db --password=$p_db -B -se "$sql_remove_ban_temp WHERE SenderNumber=$1;"
} # end function supp_num_temp()
function add_num_perm() {
# Ajout du numero table SMS_ban_perm, 0 : creation du compte
sql_add_ban_perm="connect gammu; INSERT INTO $sms_p (SenderNumber,Perm,Expiration) VALUES ('$1',0,'$2');"
166,34 → 166,34
function new_sms() {
# Check Inbox table, manage Ban temp and perm, create account
export salt='$1$passwd$'
sql_select_inbox="connect gammu; SELECT ID, SenderNumber, TextDecoded FROM $inb;"
sql_delete_inbox="connect gammu; DELETE FROM $inb"
mysql --user=$u_db --password=$p_db -B -se "$sql_select_inbox" | while read result;
do
# On recupère le nombre de mots (resultat)
nb=$(echo $result | wc -w)
# On récupère le numéro de l'ID
id=$(echo $result | cut -d ' ' -f1)
numero=$(echo $result | cut -d ' ' -f2)
if [[ $numero =~ ^\+ ]]
if [[ $numero =~ ^\+ ]]
then
# On vérifie si le pays est bloqué
# On vérifie si le pays est bloqué
sql_select_countries="connect gammu; SELECT id FROM $SMS_c WHERE status=1"
mysql --user=$u_db --password=$p_db -B -se "$sql_select_countries" | while read result_c;
do
if [[ $numero =~ ^"$result_c" ]]
then
then
numero=$(echo $numero | cut -d '+' -f2)
# On vérifie que le numéro n'est pas Ban Perm
# On vérifie que le numéro n'est pas Ban Perm
sql_ban_perm="connect gammu; SELECT * FROM $sms_p WHERE SenderNumber=$numero"
result_bp=$(mysql --user=$u_db --password=$p_db -B -se "$sql_ban_perm")
206,46 → 206,46
sql_add_temp="connect gammu; INSERT INTO $sms_t(SenderNumber) VALUES ('$numero');"
mysql --user=$u_db --password=$p_db -B -se "$sql_add_temp"
elif [ $nb -eq 3 ] # Si 3 mots : id + mot de passe + numero
elif [ $nb -eq 3 ] # Si 3 mots : id + mot de passe + numero
then
export pass=$(echo $result | cut -d ' ' -f3)
pass_salt=$(perl -e'print crypt($ARGV[0],$ARGV[1])' $pass $salt)
export LC_TIME="en_US.UTF-8"
expir=$(date '+%d %B %Y' -d "$time_account days")
supp_acc_rad "$numero"
add_acc_rad "$numero" "$pass_salt" "$expir"
supp_num_temp "$numero"
add_num_perm "$numero" "$expir"
else
else
# Autrement, le mot de passe est trop grand ( > un mot )
# On incrémente d'un 1 dans la table des bans temp
sql_add_temp="connect gammu; INSERT INTO $sms_t(SenderNumber) VALUES ('$numero');"
mysql --user=$u_db --password=$p_db -B -se "$sql_add_temp"
fi
# On gère les bans temp en ban perm
sql_select_temp="connect gammu; SELECT ID FROM $sms_t WHERE SenderNumber='$numero'"
r_select_temp=$(mysql --user=$u_db --password=$p_db -B -se "$sql_select_temp")
nb_ban_t=$(echo $r_select_temp| wc -w)
if [ $nb_ban_t -ge $nb_essais ]
then
supp_num_temp "$numero"
export LC_TIME="en_US.UTF-8"
expir_f=$(date '+%d %B %Y' -d "$time_ban days")
# Ajout du numero table SMS_ban_perm, 1 : flood
sql_add_ban_perm="connect gammu; INSERT INTO $sms_p (SenderNumber,Perm,Expiration) VALUES ('$numero',1,'$expir_f');"
mysql --user=$u_db --password=$p_db -B -se "$sql_add_ban_perm"
fi
fi
else
date_expiration=$(echo $result_bp | cut -d ' ' -f2,3,4)
perm=$(echo $result_bp | cut -d ' ' -f5)
export LC_TIME="en_US.UTF-8"
date_script=$(date '+%d %B %Y' -d "now")
263,7 → 263,7
sql_add_temp="connect gammu; INSERT INTO $sms_t(SenderNumber) VALUES ('$numero');"
mysql --user=$u_db --password=$p_db -B -se "$sql_add_temp"
elif [ $nb -eq 3 ] # Si 3 mots : id + mot de passe + numero
elif [ $nb -eq 3 ] # Si 3 mots : id + mot de passe + numero
then
date_expiration=$(echo $result_bp | cut -d ' ' -f2,3,4)
perm=$(echo $result_bp | cut -d ' ' -f5)
276,7 → 276,7
export pass=$(echo $result | cut -d ' ' -f3)
pass_salt=$(perl -e'print crypt($ARGV[0],$ARGV[1])' $pass $salt)
export LC_TIME="en_US.UTF-8"
expir=$(date '+%d %B %Y' -d "$time_account days")
286,8 → 286,8
supp_num_temp "$numero"
supp_num_perm "$numero"
add_num_perm "$numero" "$expir"
else
else
# Autrement, le mot de passe est trop grand ( > un mot )
# On incrémente d'un 1 dans la table des bans temp
sql_add_temp="connect gammu; INSERT INTO $sms_t(SenderNumber) VALUES ('$numero');"
294,26 → 294,26
mysql --user=$u_db --password=$p_db -B -se "$sql_add_temp"
echo "Mot de passe incorrect, ajout du numero en ban temporaire"
fi
# On gère les bans temp en ban perm
sql_select_temp="connect gammu; SELECT ID FROM $sms_t WHERE SenderNumber='$numero'"
r_select_temp=$(mysql --user=$u_db --password=$p_db -B -se "$sql_select_temp")
nb_ban_t=$(echo $r_select_temp| wc -w)
if [ $nb_ban_t -ge $nb_essais ]
then
supp_num_perm "$numero"
supp_num_temp "$numero"
export LC_TIME="en_US.UTF-8"
expir_f=$(date '+%d %B %Y' -d "$time_ban days")
# Ajout du numero table SMS_ban_perm, 1 : flood
sql_add_ban_perm="connect gammu; INSERT INTO $sms_p (SenderNumber,Perm,Expiration) VALUES ('$numero',1,'$expir_f');" mysql --user=$u_db --password=$p_db -B -se "$sql_add_ban_perm"
fi
else
echo "Le ban de $numero est encore valide"
fi
echo "Le ban de $numero est encore valide"
fi
break
fi
#else
359,7 → 359,7
else
echo "gammu is already stopped"
fi
exit 0
exit 0
;;
--pidof)
/sbin/pidof gammu-smsd
367,103 → 367,103
--last_nosim)
# Récupère la dernière ligne où NOSIM est présent (error)
cat $logfile | grep -n "NOSIM" | cut -d ':' -f1 | tail -n 1
exit 0
exit 0
;;
--last_start)
# Récupère la dernière ligne où ########## est présent (séparateur)
cat $logfile | grep -n "##########" | cut -d ':' -f1 | tail -n 1
exit 0
exit 0
;;
--last_stop)
# Récupère la dernière ligne où %%%%%%%%%% est présent (séparateur)
cat $logfile | grep -n "%%%%%%%%%%" | cut -d ':' -f1 | tail -n 1
exit 0
exit 0
;;
--last_writeerror)
#Récupère la dernière ligne où SECURITYERROR est présent (error)
cat $logfile | grep -n "DEVICEWRITEERROR" | cut -d ':' -f1 | tail -n 1
exit 0
exit 0
;;
--last_timeout)
# Récupère la dernière ligne où SECURITYERROR est présent (error)
cat $logfile | grep -n "TIMEOUT" | cut -d ':' -f1 | tail -n 1
exit 0
exit 0
;;
--last_secu)
# Récupère la dernière ligne où SECURITYERROR est présent (error)
cat $logfile | grep -n "SECURITYERROR" | cut -d ':' -f1 | tail -n 1
exit 0
exit 0
;;
--last_puk)
# Récupère la dernière ligne où PUK est présent (error)
cat $logfile | grep -n "UNKNOWN" | cut -d ':' -f1 | tail -n 1
exit 0
exit 0
;;
#--log)
# # Récupère le nom du fichier de log
# cat $config | grep logfile | cut -d ' ' -f3
# exit 0
# exit 0
# ;;
--connect)
# Récupère la vitesse de co
cat $config | grep connection | cut -d ' ' -f3
exit 0
exit 0
;;
--replace_connect)
# Edition de la vitesse de co
sed -i "s/^connection = at.*/connection = at$2/g" $config
exit 0
exit 0
;;
--pin)
# Récupère le code PIN (file de conf)
cat $config | grep PIN | cut -d ' ' -f3
exit 0
exit 0
;;
--replace_pin)
# Edition du code PIN
sed -i "s/^PIN =.*/PIN = $2/g" $config
exit 0
exit 0
;;
--try_ban)
# Récupère le nombre d'essais avant le ban perm
grep nb_essais= $script | head -n 1 | cut -d '=' -f2
exit 0
exit 0
;;
--replace_try_ban)
# Edition le nombre d'essais avant le ban perm
sed -i "s/^nb_essais=.*/nb_essais=$2/g" $script
exit 0
exit 0
;;
--time_account)
# Récupère la durée en jours de la session créée
grep time_account= $script | head -n 1 | cut -d '=' -f2
exit 0
exit 0
;;
--replace_time_account)
# Edition de la durée de la session créée
sed -i "s/^time_account=.*/time_account=$2/g" $script
exit 0
exit 0
;;
--time_perm)
# Récupère la durée un jours d'un ban perm (après flood par exemple)
grep time_ban= $script | head -n 1 | cut -d '=' -f2
exit 0
exit 0
;;
--replace_time_perm)
# Edition de la durée d'un ban perm
sed -i "s/^time_ban=.*/time_ban=$2/g" $script
exit 0
exit 0
;;
--unlock_num)
# Appel de la fonction unlock : deban un numero $2
unlock "$2"
exit 0
exit 0
;;
--change_country)
# Permet de changer l'état de blocage d'un pays
a=""
for i in "$@"
do
do
a=$(echo "$a $i")
done
a=$(echo $a | cut -d ' ' -f2-$#)
514,12 → 514,12
--numero_alcasar)
# Récupère le numero de la clé 3g (téléphone)
grep "\$current_num=" $public_page | head -n 1 | cut -d"'" -f2
exit 0
exit 0
;;
--replace_numero_alcasar)
# Edition du numero de la clé 3g (téléphone)
sed -i "s/\$current_num=.*/\$current_num='$2';/g" $public_page
exit 0
exit 0
;;
--mode)
# Mode huawei

/scripts/alcasar-uninstall.sh
54,12 → 54,12
fi
echo "Stopping service : "
/usr/local/bin/alcasar-sms.sh --stop
for i in $services
for i in $services
do
if [ -e /lib/systemd/system/$i.service ]
if [ -e /lib/systemd/system/$i.service ]
then
/usr/bin/systemctl disable $i.service
/usr/bin/systemctl stop $i.service 1>/dev/null
/usr/bin/systemctl stop $i.service 1>/dev/null
sleep 1
else
echo "The service $i.service doesn't exist !"
157,7 → 157,7
sleep 1
echo -en "\n- antivirus (5) : "
if [ -e /etc/init.d/havp ]
if [ -e /etc/init.d/havp ]
then
[ -e /etc/havp/havp.config.default ] && mv /etc/havp/havp.config.default /etc/havp/havp.config && echo -n "1, "
userdel -r havp 2>/dev/null && echo -n "2, "
169,7 → 169,7
sleep 1
echo -en "\n- tinyproxy (2) : "
if [ -e /etc/init.d/tinyproxy ]
if [ -e /etc/init.d/tinyproxy ]
then
[ -e /etc/tinyproxy/tinyproxy.conf.default ] && mv /etc/tinyproxy/tinyproxy.conf.default /etc/tinyproxy/tinyproxy.conf && echo -n "1, "
userdel -r tinyproxy 2>/dev/null && echo -n "2"
222,8 → 222,8
i=3
for filter in `ls /etc/fail2ban/filter.d/alcasar_*`
do
i=`expr $i + 1`
rm $filter && echo -n "$i, "
i=`expr $i + 1`
rm $filter && echo -n "$i, "
done
[ -e /lib/systemd/system/fail2ban.service.default ] && mv /lib/systemd/system/fail2ban.service.default /lib/systemd/system/fail2ban.service && echo -n "8"
sleep 1
232,8 → 232,8
i=1
for cron in `ls /etc/cron.d/alcasar-*`
do
rm $cron && echo -n "$i, "
i=`expr $i + 1`
rm $cron && echo -n "$i, "
i=`expr $i + 1`
done
[ -e /etc/crontab.default ] && mv /etc/crontab.default /etc/crontab && echo -n "10, "
[ -e /etc/anacrontab.default ] && mv /etc/anacrontab.default /etc/anacrontab && echo -n "11"

/scripts/alcasar-url_filter_bl.sh
7,9 → 7,9
# This script is distributed under the Gnu General Public License (GPL)
# Active / désactive : safesearch des moteurs de recherche
# Enable / disable : search engines safesearch
# Enable / disable : search engines safesearch
# Active / désactive : le filtrage des url contenant une adresse ip à la place d'un nom de domaine
# Enable / disable : filter of urls containing ip address instead of domain name
# Enable / disable : filter of urls containing ip address instead of domain name
DIR_DG="/etc/dansguardian/lists"
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf"
33,11 → 33,11
exit 0
;;
# Safe search activation
-safesearch_on | --safesearch_on)
-safesearch_on | --safesearch_on)
safesearch="On"
;;
# Safe search desactivation
-safesearch_off | --safesearch_off)
-safesearch_off | --safesearch_off)
safesearch="Off"
;;
# pure_ip activation
63,7 → 63,7
# $SED "/google/d" $DNSMASQ_BL_CONF # remove old google declaration
# nossl_server=`host -ta nosslsearch.google.com|cut -d" " -f4` # retrieve google nosslsearch ip
# echo "# nosslsearch redirect server for google" >> $DNSMASQ_BL_CONF
# for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat
# for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat
# do
# echo "address=/$gg_dnsname/$nossl_server" >> $DNSMASQ_BL_CONF
# done
71,7 → 71,7
$SED "/google/d" $DNSMASQ_BL_CONF # remove old google declaration
forcesafesearch_server=`host -ta forcesafesearch.google.com|cut -d" " -f4` # retrieve google forcesafesearch ip
echo "# SafeSearch redirect server for google" >> $DNSMASQ_BL_CONF
for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat
for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat
do
echo "address=/$gg_dnsname/$forcesafesearch_server" >> $DNSMASQ_BL_CONF
done

/scripts/alcasar-url_filter_wl.sh
9,7 → 9,7
# Active / désactive : safesearch des moteurs de recherche
# Enable / disable : search engines safesearch
# Active / désactive : le filtrage des url contenant une adresse ip à la place d'un nom de domaine
# Enable / disable : filter of urls containing ip address instead of domain name
# Enable / disable : filter of urls containing ip address instead of domain name
TINY_CONF="/etc/tinyproxy/tinyproxy.conf"
DNSMASQ_WL_CONF="/etc/dnsmasq-whitelist.conf"
33,11 → 33,11
exit 0
;;
# Safe search activation
-safesearch_on | --safesearch_on)
-safesearch_on | --safesearch_on)
safesearch="On"
;;
# Safe search desactivation
-safesearch_off | --safesearch_off)
-safesearch_off | --safesearch_off)
safesearch="Off"
;;
*)
58,7 → 58,7
rm $IP_WL # remove old google declaration
fi
echo "# SafeSearch redirect server for google" >> $DNSMASQ_WL_CONF
for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat
for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat
do
echo "address=/$gg_dnsname/$forcesafesearch_server" >> $DNSMASQ_WL_CONF
done

/scripts/alcasar-urpmi.sh
5,12 → 5,12
# by 3abtux and Rexy
# This script is distributed under the Gnu General Public License (GPL)
# script de mise en place des dépots RPM
# script de mise en place des dépots RPM
# configure the RPM repository
Lang=`echo $LANG|cut -c 1-2`
VERSION="6"
ARCH="x86_64"
ARCH="x86_64"
# The kernel version we compile netflow for
KERNEL="kernel-server-4.9.56-1.mga6-1-1.mga6"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
34,7 → 34,7
{
echo
if [ $Lang == "fr" ]
then
then
echo "Relancez l'installation ultérieurement."
echo "Si vous rencontrez à nouveau ce problème, modifier les variables MIRRORLIST[1&2] du fichier 'scripts/alcasar-urpmi.sh'"
else
51,15 → 51,15
for i in $*
do
if [ "`echo $i|grep distribution|cut -d'=' -f1`" == "distribution" ]
then
then
DISTRIBUTION=`echo $i|cut -d"=" -f2`
fi
if [ "`echo $i|grep version|cut -d'=' -f1`" == "version" ]
then
then
CURRENT_VERSION=`echo $i|cut -d"=" -f2`
fi
if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ]
then
then
ARCH=`echo $i|cut -d"=" -f2`
fi
done
71,7 → 71,7
# Set the RPM repository (if not already set)
ACTIVE_REPO=`cat /etc/urpmi/urpmi.cfg|grep "mageia.org"|wc -l`
MIRROR_NBR=2
# For Europeans
# For Europeans
MIRRORLIST1="http://www.mirrorservice.org/sites/mageia.org/pub/mageia/distrib/$VERSION/$ARCH"
# For International install
MIRRORLIST2="http://mirrors.mageia.org/api/mageia.$VERSION.$ARCH.list"
80,12 → 80,12
do
try_nb=`expr $try_nb + 1`
MIRRORLIST="MIRRORLIST$try_nb"
rpm_repository_sync
rpm_repository_sync
nb_repository=`cat /etc/urpmi/urpmi.cfg|grep mirrorlist|wc -l`
if [ "$nb_repository" != "4" ]
then
if [ $Lang == "fr" ]
then
then
echo "Une erreur a été détectée lors de la synchronisation avec le dépot N°$try_nb."
else
echo "An error occurs when synchronising the repositories N°$try_nb"
96,7 → 96,7
exit 1
fi
if [ $Lang == "fr" ]
then
then
echo "Voulez-vous tenter une synchronisation avec un autre dépôt ? (O/n)"
else
echo "Do you wan't to try a synchronisation with an other repository? (Y/n)"
107,7 → 107,7
do
read response
done
if [ "$response" = "n" ] || [ "$response" = "N" ]
if [ "$response" = "n" ] || [ "$response" = "N" ]
then
exit 1
fi
116,7 → 116,7
# download the kernel used by ALCASAR and fix its version
if [ $Lang == "fr" ]
then
then
echo "Récupération du noyau Linux exploité par ALCASAR. Veuillez patienter ..."
else
echo "Download the Linux kernel used by ALCASAR. Please wait ..."
123,9 → 123,9
fi
echo "/^kernel/" > /etc/urpmi/skip.list
urpmi --auto --quiet $KERNEL
# download updated RPM in cache
# download updated RPM in cache
if [ $Lang == "fr" ]
then
then
echo "Récupération des paquetages de mise à jour. Veuillez patienter ..."
echo "Il est temps d'aller prendre un café (ou une bonne bière) ;-)"
else
137,7 → 137,7
then
echo
if [ $Lang == "fr" ]
then
then
echo "Une erreur a été détectée lors de la récupération des paquetages."
else
echo "An error occurs when downloading RPMS"
152,7 → 152,7
then
echo
if [ $Lang == "fr" ]
then
then
echo "Une erreur a été détectée lors de la mise à jour des paquetages."
else
echo "An error occurs when updating packages"
165,7 → 165,7
# Download of ALCASAR specifics RPM in cache (and test)
if [ $Lang == "fr" ]
then
then
echo "Récupération des paquetages complémentaires. Veuillez patienter ..."
else
echo "Download of complementary packages. Please wait ..."
175,7 → 175,7
then
echo
if [ $Lang == "fr" ]
then
then
echo "Une erreur a été détectée lors de la récupération des paquetages complémentaires."
else
echo "An error occurs when downloading complementary packages"
185,12 → 185,12
fi
# update with cached RPM
urpmi --auto $PACKAGES
urpmi --auto $PACKAGES
if [ "$?" != "0" ]
then
echo
if [ $Lang == "fr" ]
then
then
echo "Une erreur a été détectée lors de l'installation des paquetages complémentaires."
else
echo "An error occurs when installing complementary packages"

/scripts/alcasar-version.sh
26,7 → 26,7
MAJ="True"
fi
#compare minor number
if [ $MAJ_RUNNING_VERSION -eq $MAJ_DNS_VERSION ]
if [ $MAJ_RUNNING_VERSION -eq $MAJ_DNS_VERSION ]
then
if [ $MIN_RUNNING_VERSION -lt $MIN_DNS_VERSION ]
then
41,7 → 41,7
then
MAJ="True"
else
if [ $UPD_RUNNING_VERSION -lt $UPD_DNS_VERSION ]
if [ $UPD_RUNNING_VERSION -lt $UPD_DNS_VERSION ]
then
MAJ="True"
fi
51,8 → 51,8
fi
if [ $MAJ = "True" ]
then
then
echo "An updated version is available ($DNS_VERSION)"
else
else
echo "The Running version ($RUNNING_VERSION) is up to date"
fi

/scripts/alcasar-watchdog.sh
43,7 → 43,7
;;
esac
net_pb=`grep "network_pb = true;" $Index_Page|wc -l`
if [ $net_pb = "0" ] # user alert (only the first time)
if [ $net_pb = "0" ] # user alert (only the first time)
then
/bin/sed -i "s?^\$network_pb.*?\$network_pb = true;?g" $Index_Page
$IPTABLES -I PREROUTING -t nat -i $TUNIF -p udp --dport domain -j REDIRECT --to-port 56
145,5 → 145,5
fi
done
;;
esac
esac
IFS=$OLDIFS