/CHANGELOG |
---|
5,6 → 5,7 |
-------------------- 3.2.1 -------------------- |
NEWS |
- Linux kernel 4.14.18 |
- Replace Apache with Lighttpd |
ACC |
12,6 → 13,7 |
BUGS |
- alcasar.sh : Fix exiting on wrong hardware architecture |
- Fix broken fail2ban configuration |
SECU |
/alcasar.sh |
---|
18,7 → 18,7 |
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal) |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares : |
# Coovachilli, freeradius, mariaDB, apache, netfilter, dansguardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump |
# Coovachilli, freeradius, mariaDB, lighttpd, netfilter, dansguardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump |
# Options : |
# -i or --install |
60,7 → 60,7 |
DIR_SCRIPTS="$DIR_INSTALL/scripts" # install directory (with script files) |
DIR_BLACKLIST="$DIR_INSTALL/blacklist" # install directory (with blacklist files) |
DIR_SAVE="/var/Save" # backup directory (traceability_log, user_db, security_log) |
DIR_WEB="/var/www/html" # directory of APACHE |
DIR_WEB="/var/www/html" # directory of Lighttpd |
DIR_DG="/etc/dansguardian" # directory of DansGuardian |
DIR_ACC="$DIR_WEB/acc" # directory of the 'ALCASAR Control Center' |
DIR_DEST_BIN="/usr/local/bin" # directory of ALCASAR scripts |
714,7 → 714,7 |
################################################################## |
## Function "ACC" ## |
## - installation of then ALCASAR Control Center (ACC) ) ## |
## - configuration of the web server (Apache) ## |
## - configuration of the web server (Lighttpd) ## |
## - creation of the first ACC admin account ## |
## - secure the access ## |
################################################################## |
764,196 → 764,53 |
$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini |
$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini |
$SED "s?^allow_url_fopen.*?allow_url_fopen = Off?" /etc/php.ini |
# Configuring & sécuring Apache |
# Configuring & securing Lighttpd |
rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README* |
[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default |
$SED "s?^#ServerName.*?ServerName $HOSTNAME.$DOMAIN?g" /etc/httpd/conf/httpd.conf |
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf |
$SED "s?Options Indexes.*?Options -Indexes?g" /etc/httpd/conf/httpd.conf |
echo "ServerTokens Prod" >> /etc/httpd/conf/httpd.conf |
echo "ServerSignature Off" >> /etc/httpd/conf/httpd.conf |
[ -e /etc/httpd/conf/modules.d/00_base.conf.default ] || cp /etc/httpd/conf/modules.d/00_base.conf /etc/httpd/conf/modules.d/00_base.conf.default |
$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/modules.d/00_base.conf |
$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/modules.d/00_base.conf |
$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/modules.d/00_base.conf |
$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/modules.d/00_base.conf |
$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/modules.d/00_base.conf |
$SED "s?^LoadModule speling_module.*?#LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/modules.d/00_base.conf |
[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] || cp /etc/httpd/conf/conf.d/ssl.conf /etc/httpd/conf/conf.d/ssl.conf.default |
echo "Listen $PRIVATE_IP:443" > /etc/httpd/conf/conf.d/ssl.conf # Listen only on INTIF |
echo "SSLProtocol all -SSLv2 -SSLv3" >> /etc/httpd/conf/conf.d/ssl.conf # exclude vulnerable protocols |
echo "SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" >> /etc/httpd/conf/conf.d/ssl.conf # Define the cipher suite |
echo "SSLHonorCipherOrder on" >> /etc/httpd/conf/conf.d/ssl.conf # The Browser must respect the order of the cipher suite |
echo "SSLPassPhraseDialog builtin" >> /etc/httpd/conf/conf.d/ssl.conf # in case of passphrase the dialog will be perform on stdin |
echo "SSLSessionCache \"shmcb:/run/httpd/ssl_scache(512000)\"" >> /etc/httpd/conf/conf.d/ssl.conf # default cache size |
echo "SSLSessionCacheTimeout 300" >> /etc/httpd/conf/conf.d/ssl.conf # default cache time in seconds |
# Error page management |
[ -e /etc/httpd/conf/conf.d/multilang-errordoc.conf.default ] || cp /etc/httpd/conf/conf.d/multilang-errordoc.conf /etc/httpd/conf/conf.d/multilang-errordoc.conf.default |
cat <<EOF > /etc/httpd/conf/conf.d/multilang-errordoc.conf |
Alias /error/ "/var/www/html/" |
<Directory "/usr/share/httpd/error"> |
AllowOverride None |
Options IncludesNoExec |
AddOutputFilter Includes html |
AddHandler type-map var |
Require all granted |
LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr |
ForceLanguagePriority Prefer Fallback |
</Directory> |
ErrorDocument 400 /error/error.php?error=400 |
ErrorDocument 401 /error/error.php?error=401 |
ErrorDocument 403 /error/error.php?error=403 |
ErrorDocument 404 /error/index.php |
ErrorDocument 405 /error/error.php?error=405 |
ErrorDocument 408 /error/error.php?error=408 |
ErrorDocument 410 /error/error.php?error=410 |
ErrorDocument 411 /error/error.php?error=411 |
ErrorDocument 412 /error/error.php?error=412 |
ErrorDocument 413 /error/error.php?error=413 |
ErrorDocument 414 /error/error.php?error=414 |
ErrorDocument 415 /error/error.php?error=415 |
ErrorDocument 500 /error/error.php?error=500 |
ErrorDocument 501 /error/error.php?error=501 |
ErrorDocument 502 /error/error.php?error=502 |
ErrorDocument 503 /error/error.php?error=503 |
ErrorDocument 506 /error/error.php?error=506 |
EOF |
[ -e /usr/share/httpd/error/include/top.html.default ] || cp /usr/share/httpd/error/include/top.html /usr/share/httpd/error/include/top.html.default |
$SED "s?background-color.*?background-color: #EFEFEF; }?g" /usr/share/httpd/error/include/top.html |
[ -e /usr/share/httpd/error/include/bottom.html.default ] || cp /usr/share/httpd/error/include/bottom.html /usr/share/httpd/error/include/bottom.html.default |
cat <<EOF > /usr/share/httpd/error/include/bottom.html |
</body> |
</html> |
EOF |
[ -e /etc/lighttpd/lighttpd.conf.default ] || cp /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.default |
[ -e /etc/lighttpd/modules.conf.default ] || cp /etc/lighttpd/modules.conf /etc/lighttpd/modules.conf.default |
[ -e /etc/lighttpd/conf.d/fastcgi.conf.default ] || cp /etc/lighttpd/conf.d/fastcgi.conf /etc/lighttpd/conf.d/fastcgi.conf.default |
[ -e /etc/php-fpm.conf ] || cp /etc/php-fpm.conf /etc/php-fpm.conf.default |
[ -d /etc/lighttpd/vhosts.d ] || mkdir /etc/lighttpd/vhosts.d |
cp $DIR_CONF/lighttpd/conf.d/fastcgi.conf /etc/lighttpd/conf.d/fastcgi.conf |
cp $DIR_CONF/lighttpd/vhosts.d/alcasar.conf /etc/lighttpd/vhosts.d/alcasar.conf |
$SED "s?^;listen\.owner.*?listen\.owner = apache?g" /etc/php-fpm.conf |
$SED "s?^;listen\.group.*?listen\.group = apache?g" /etc/php-fpm.conf |
$SED "s?^;listen\.mode.*?listen\.mode = 0660?g" /etc/php-fpm.conf |
$SED "s?^server\.use-ipv6.*?server\.use-ipv6 = \"disable\"?g" /etc/lighttpd/lighttpd.conf |
$SED "s?^#server\.bind.*?server\.bind = \"$HOSTNAME.$DOMAIN\"?g" /etc/lighttpd/lighttpd.conf |
$SED "s?^#server\.tag.*?server\.tag = \"\"?g" /etc/lighttpd/lighttpd.conf |
echo "include \"vhosts.d/alcasar.conf\"" >> /etc/lighttpd/lighttpd.conf |
$SED "s?^#[ ]*\"mod_auth\",.*? \"mod_auth\",?g" /etc/lighttpd/modules.conf |
$SED "s?^#[ ]*\"mod_alias\",.*? \"mod_alias\",?g" /etc/lighttpd/modules.conf |
$SED "s?^#[ ]*\"mod_redirect\",.*? \"mod_redirect\",?g" /etc/lighttpd/modules.conf |
$SED "s?^#include \"conf.d/fastcgi.conf\".*?include \"conf.d/fastcgi.conf\"?g" /etc/lighttpd/modules.conf |
$SED "s?^server\.bind.*?server\.bind = \"$HOSTNAME.$DOMAIN\"?g" /etc/lighttpd/lighttpd.conf |
$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$HOSTNAME.$DOMAIN"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf |
$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$HOSTNAME.$DOMAIN\"/g" /etc/lighttpd/vhosts.d/alcasar.conf |
/usr/bin/systemctl start lighttpd |
# Définition du premier compte lié au profil 'admin' |
if [ "$mode" = "install" ] |
then |
header_install |
admin_portal=! |
PTN='^[a-zA-Z0-9-]*$' |
until [[ $(expr $admin_portal : $PTN) -gt 0 ]] |
do |
header_install |
if [ $Lang == "fr" ] |
then |
echo "" |
echo "Définissez un premier compte d'administration d'ALCASAR :" |
echo |
echo -n "Nom : " |
else |
echo "" |
echo "Define the first account allow to administrate ALCASAR :" |
echo |
echo -n "Account : " |
fi |
read admin_portal |
if [ "$admin_portal" == "" ] |
then |
admin_portal=! |
fi |
done |
# Creation of keys file for the admin account ("admin") |
[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest |
mkdir -p $DIR_DEST_ETC/digest |
chmod 755 $DIR_DEST_ETC/digest |
until [ -s $DIR_DEST_ETC/digest/key_admin ] |
do |
/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin "ALCASAR Control Center (ACC)" $admin_portal |
done |
$DIR_DEST_BIN/alcasar-profil.sh --list |
do |
$DIR_DEST_BIN/alcasar-profil.sh --add admin |
done |
fi |
# ACC partitioning |
rm -f /etc/httpd/conf/webapps.d/alcasar* |
cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf |
<Directory $DIR_WEB> |
AllowOverride None |
Order deny,allow |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/ |
</Directory> |
<Directory $DIR_WEB/certs> |
AddType application/x-x509-ca-cert crt |
</Directory> |
<Directory $DIR_ACC> |
SSLRequireSSL |
AllowOverride None |
Order deny,allow |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
require valid-user |
AuthType digest |
AuthName "ALCASAR Control Center (ACC)" |
AuthDigestDomain $HOSTNAME.$DOMAIN |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_DEST_ETC/digest/key_all |
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/ |
</Directory> |
<Directory $DIR_ACC/admin> |
SSLRequireSSL |
AllowOverride None |
Order deny,allow |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
require valid-user |
AuthType digest |
AuthName "ALCASAR Control Center (ACC)" |
AuthDigestDomain $HOSTNAME.$DOMAIN |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_DEST_ETC/digest/key_admin |
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/ |
</Directory> |
<Directory $DIR_ACC/manager> |
SSLRequireSSL |
AllowOverride None |
Order deny,allow |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
require valid-user |
AuthType digest |
AuthName "ALCASAR Control Center (ACC)" |
AuthDigestDomain $HOSTNAME.$DOMAIN |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_DEST_ETC/digest/key_manager |
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/ |
</Directory> |
<Directory $DIR_ACC/backup> |
SSLRequireSSL |
AllowOverride None |
Order deny,allow |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
require valid-user |
AuthType digest |
AuthName "ALCASAR Control Center (ACC)" |
AuthDigestDomain $HOSTNAME.$DOMAIN |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_DEST_ETC/digest/key_backup |
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/ |
</Directory> |
Alias /save/ "$DIR_SAVE/" |
<Directory $DIR_SAVE> |
SSLRequireSSL |
Options Indexes |
Order deny,allow |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
require valid-user |
AuthType digest |
AuthName "ALCASAR Control Center (ACC)" |
AuthDigestDomain $HOSTNAME.$DOMAIN |
AuthUserFile $DIR_DEST_ETC/digest/key_backup |
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/ |
</Directory> |
EOF |
# Launch after coova (in order to wait tun0 to be up) |
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/httpd.service |
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/lighttpd.service |
# Log file for ACC access imputability |
[ -e /var/Save/security/acc_access.log ] || touch /var/Save/security/acc_access.log |
chown root:apache /var/Save/security/acc_access.log |
962,33 → 819,12 |
########################################################################## |
## Fonction "CA" ## |
## - Creating the CA and the server certificate (apache) ## |
## - Creating the CA and the server certificate (lighttpd) ## |
########################################################################## |
CA () |
{ |
$DIR_DEST_BIN/alcasar-CA.sh |
FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf` |
[ -e /etc/httpd/conf/vhosts-ssl.default ] || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default |
cat <<EOF > $FIC_VIRTUAL_SSL |
# default SSL virtual host, used for all HTTPS requests that do not |
# match a ServerName or ServerAlias in any <VirtualHost> block. |
<VirtualHost _default_:443> |
# general configuration |
ServerAdmin root@localhost |
ServerName $HOSTNAME.$DOMAIN |
# SSL configuration |
SSLEngine on |
SSLCertificateFile /etc/pki/tls/certs/alcasar.crt |
SSLCertificateKeyFile /etc/pki/tls/private/alcasar.key |
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt |
CustomLog logs/ssl_request_log \ |
"%t %{SSL_PROTOCOL}x %{SSL_CIPHER}x [%h] \"%r\" %b" |
ErrorLog logs/ssl_error_log |
ErrorLogFormat "[%t] [%m:%l] [client %a] %M" |
</VirtualHost> |
EOF |
chown -R root:apache /etc/pki |
chmod -R 750 /etc/pki |
} # End of CA () |
1935,7 → 1771,7 |
[ -e /lib/systemd/system/fail2ban.service.default ] || cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default |
$SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /usr/lib/systemd/system/fail2ban.service |
$SED '/Type=/a\PIDFile=/var/run/fail2ban/fail2ban.pid' /usr/lib/systemd/system/fail2ban.service |
$SED '/After=*/c After=syslog.target network.target httpd.service' /usr/lib/systemd/system/fail2ban.service |
$SED '/After=*/c After=syslog.target network.target lighttpd.service' /usr/lib/systemd/system/fail2ban.service |
} # End fail2ban() |
################################################################## |
2146,7 → 1982,7 |
# Log compression |
$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf |
# actualisation des fichiers logs compressés |
for dir in firewall dansguardian httpd |
for dir in firewall dansguardian lighttpd |
do |
find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \; |
done |
2176,7 → 2012,7 |
WantedBy=multi-user.target |
EOF |
# processes launched at boot time (Systemctl) |
for i in alcasar-load_balancing mysqld httpd ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd |
for i in alcasar-load_balancing mysqld lighttpd ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd |
do |
/usr/bin/systemctl -q enable $i.service |
done |
/conf/fail2ban.sh |
---|
108,8 → 108,7 |
backend = auto |
filter = alcasar_mod-evasive |
action = iptables-allports[name=alcasar_mod-evasive] |
logpath = /var/log/httpd/error_log |
/var/log/httpd/ssl_error_log |
logpath = /var/log/lighttpd/access.log |
maxretry = 2 |
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force) |
130,8 → 129,8 |
backend = auto |
filter = alcasar_acc |
action = iptables-allports[name=alcasar_acc] |
logpath = /var/log/httpd/ssl_error_log |
maxretry = 5 |
logpath = /var/log/lighttpd/access.log |
maxretry = 6 |
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager |
[alcasar_intercept] |
141,7 → 140,7 |
backend = auto |
filter = alcasar_intercept |
action = iptables-allports[name=alcasar_intercept] |
logpath = /var/log/httpd/ssl_request_log |
logpath = /var/log/lighttpd/access.log |
maxretry = 5 |
# Bannissement sur tout les port après 5 échecs de changement de mot de passe |
153,7 → 152,7 |
backend = auto |
filter = alcasar_change-pwd |
action = iptables-allports[name=alcasar_change-pwd] |
logpath = /var/log/httpd/ssl_request_log |
logpath = /var/log/lighttpd/access.log |
maxretry = 5 |
EOF |
184,7 → 183,7 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = \[client <HOST>:[0-9]+\] .*client denied by server configuration |
failregex = <HOST> .+\] "[^"]+" 403 |
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
211,7 → 210,7 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = \[auth_digest:error\] \[client <HOST>:[0-9]+\] .*ALCASAR Control Center \(ACC\) |
failregex = <HOST> .+\] "[^"]+" 401 |
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]] |
240,7 → 239,7 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = \[<HOST>\] \"GET \/intercept\.php\?res=failed\&reason=reject |
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject |
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
268,7 → 267,7 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = \[<HOST>\] \"POST \/password\.php |
failregex = <HOST> .* \"POST \/password\.php |
# Option: ignoreregex |
/conf/lighttpd/conf.d/fastcgi.conf |
---|
0,0 → 1,16 |
# FastCGI Module |
# --------------- |
# |
# http://www.lighttpd.net/documentation/fastcgi.html |
# |
server.modules += ( "mod_fastcgi" ) |
fastcgi.server = ( |
".php" => ( |
"localhost" => ( |
"socket" => "/var/lib/php-fpm/php-fpm.sock", |
"broken-scriptfilename" => "enable" |
) |
) |
) |
/conf/lighttpd/vhosts.d/alcasar.conf |
---|
0,0 → 1,89 |
$HTTP["url"] =~ ".*" { |
# Disabling directory listing as default setting |
dir-listing.activate = "disable" |
} |
# If a wrong url is used, displaying homepage for unprivileged users |
$HTTP["url"] !~ "^/(acc|save)/" { |
server.error-handler-404 = "/" |
} |
# Error pages |
server.errorfile-prefix = "/var/www/html/errors/error-" |
$SERVER["socket"] == "alcasar.localdomain:443" { |
ssl.engine = "enable" |
ssl.pemfile = "/etc/pki/tls/private/alcasar.pem" |
ssl.use-sslv2 = "disable" |
ssl.use-sslv3 = "disable" |
ssl.use-compression = "disable" |
ssl.honor-cipher-order = "enable" |
ssl.cipher-list = "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" |
var.server_name = "alcasar.localdomain" |
server.name = server_name |
server.document-root = "/var/www/html" |
} |
$HTTP["scheme"] == "https" { |
alias.url = ( |
"/save" => "/var/Save" |
) |
# Digest authentication configuration |
auth.backend = "htdigest" |
auth.debug = 1 |
auth.require = ( |
"/acc/" => |
( |
"method" => "digest", |
"realm" => "ALCASAR Control Center (ACC)", |
"require" => "valid-user" |
), |
"/save/" => |
( |
"method" => "digest", |
"realm" => "ALCASAR Control Center (ACC)", |
"require" => "valid-user" |
) |
) |
$HTTP["url"] =~ "^/(acc|save)/" { |
# Setting digest files according access permissions |
$HTTP["url"] =~ "^/acc/" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_all" |
$HTTP["url"] =~ "^/acc/admin" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_admin" |
} |
$HTTP["url"] =~ "^/acc/manager/" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_manager" |
} |
$HTTP["url"] =~ "^/acc/backup/" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup" |
} |
} |
$HTTP["url"] =~ "^/save" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup" |
# Enabling directory listing |
dir-listing.activate = "enable" |
} |
} |
} |
$HTTP["scheme"] == "http" { |
# Force HTTPS for privileged users |
$HTTP["url"] =~ "^/(acc|save|(intercept|password).php)" { |
$HTTP["host"] =~ ".*" { |
url.redirect = (".*" => "https://%0$0") |
} |
} |
} |
/scripts/alcasar-CA.sh |
---|
17,6 → 17,7 |
SRVREQ=$DIR_CERT/alcasar.req |
SRVKEY=$DIR_CERT/private/alcasar.key |
SRVCERT=$DIR_CERT/certs/alcasar.crt |
SRVPEM=$DIR_CERT/private/alcasar.pem |
SRVCHAIN=$DIR_CERT/certs/server-chain.crt |
CACERT_LIFETIME="1460" |
218,6 → 219,7 |
openssl ca -config $DIR_TMP/ssl.conf -name AlcasarCA -batch -days $SRVCERT_LIFETIME -in $SRVREQ -out $SRVCERT 2>> $DIR_TMP/openssl-log |
rm -f $SRVREQ |
cp -f $SRVCERT $SRVCHAIN # in order to simplify the official intranet certificate import process |
cat $SRVKEY $SRVCERT > $SRVPEM |
chmod a+r $CACERT $SRVCERT $SRVCHAIN |
# Link certs in ALCASAR Control Center |
/scripts/alcasar-activity_report.sh |
---|
165,7 → 165,7 |
#get timestamp of X day ago. Then we get every packets chich have been updated since this date. |
if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ] |
then |
PACKAGE='php|apache|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget' |
PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget' |
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR |
do |
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1) |
/scripts/alcasar-archive.sh |
---|
18,7 → 18,7 |
DIR_SAVE="/var/Save" # répertoire accessible par webs |
DIR_LOG="/var/log" # répertoire local des log |
#DIR_SERVICE="squid httpd firewall" # répertoires contenant des logs utiles à exporter |
#DIR_SERVICE="squid lighttpd firewall" # répertoires contenant des logs utiles à exporter |
DIR_BASE="$DIR_SAVE/base" # répertoire de sauvegarde de la base de données usagers |
DIR_ARCHIVE="$DIR_SAVE/archive" # répertoire de sauvegarde des archives de log |
NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment |
/scripts/alcasar-certificates.sh |
---|
43,7 → 43,7 |
# Export of server Certificate |
tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt} |
gzip $FILE.tar |
echo "Le ficher des certificats exportés est : $FILE.tar.gz" |
echo "Le fichier des certificats exportés est : $FILE.tar.gz" |
} # end function export |
73,13 → 73,16 |
# Import of CA Certificate |
tar xzvf $1 --directory=$DIR_IMPORT |
cat $DIR_PKI/tls/private/alcasar.key $DIR_PKI/tls/certs/alcasar.crt > $DIR_PKI/tls/private/alcasar.pem |
echo "Import new certificates in ALCASAR !!!" |
cp -r $DIR_IMPORT/* /. |
chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key} |
chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt} |
chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.crt} |
# Service apache restart |
service httpd restart |
chmod 750 $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key} |
chmod 750 $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.crt} |
service lighttpd restart |
else |
echo "You are not import new certificates !!!" |
exit 0 |
/scripts/alcasar-conf.sh |
---|
125,6 → 125,7 |
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official |
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/ |
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/ |
cat /etc/pki/tls/private/alcasar.key /etc/pki/tls/certs/alcasar.crt > /etc/pki/tls/private/alcasar.pem |
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist |
chown -R root:apache /etc/pki |
chmod -R 750 /etc/pki |
252,11 → 253,10 |
$DIR_BIN/alcasar-logout.sh all |
# Services stop |
echo -n "Stop services : " |
for i in ntpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist dnsmasq-blackhole chilli network |
for i in ntpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist dnsmasq-blackhole chilli network lighttpd |
do |
/usr/bin/systemctl stop $i && echo -n "$i, " |
done |
/usr/bin/kill -s SIGSTOP $(pidof httpd) |
echo |
fi |
# EXTIF config |
324,16 → 324,10 |
[ `grep ^HTTPS_LOGIN= $CONF_FILE | cut -d'=' -f2` == "on" ] && chilli_login_protocol="https" || chilli_login_protocol="http" |
$SED "s/^uamserver.*/uamserver\t$chilli_login_protocol:\/\/$HOSTNAME.$DOMAIN\/intercept.php/" /etc/chilli.conf |
$SED "s/^radiusnasid.*/radiusnasid\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf |
# Set hostname in Apache |
$SED "s/^ServerName.*/ServerName $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/httpd.conf |
$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$HOSTNAME.$DOMAIN\//g" /etc/httpd/conf/webapps.d/alcasar.conf |
$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/webapps.d/alcasar.conf |
$SED "s/^ ServerName.*/ ServerName $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default |
# Alcasar Control Center (ACC) |
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf |
FIC_MOD_SSL=`find /etc/httpd/conf/ -type f -name ssl.conf` |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL |
$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf |
# Set hostname in Lighttpd |
$SED "s?^server\.bind.*?server\.bind = \"$HOSTNAME.$DOMAIN\"?g" /etc/lighttpd/lighttpd.conf |
$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$HOSTNAME.$DOMAIN"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf |
$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$HOSTNAME.$DOMAIN\"/g" /etc/lighttpd/vhosts.d/alcasar.conf |
# FreeRADIUS Web |
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf |
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf |
384,8 → 378,7 |
/usr/bin/systemctl start $i && echo -n ", $i" |
done |
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", dnsmasq-blacklist, dnsmasq-whitelist, iptables" |
/usr/bin/kill -s SIGCONT $(pidof httpd) |
/usr/bin/systemctl reload httpd && echo -n ", httpd" |
/usr/bin/systemctl restart lighttpd && echo -n ", lighttpd" |
fi |
# Start / Stop SSH Daemon |
ssh_active=`grep ^SSH= $CONF_FILE|cut -d"=" -f2` |
/scripts/alcasar-daemon.sh |
---|
10,7 → 10,7 |
conf_file="/usr/local/etc/alcasar.conf" |
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off) |
SSH=${SSH:=off} |
SERVICES="mysqld httpd ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat" |
SERVICES="mysqld lighttpd ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat" |
nb_available_srv=`echo $SERVICES|wc -w` |
function ServiceTest () { |
/scripts/alcasar-importcert.sh |
---|
40,6 → 40,9 |
then |
mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt |
fi |
cat $DIR_CERT/private/alcasar.key $DIR_CERT/certs/alcasar.crt > $DIR_CERT/private/alcasar.pem |
chown root:apache $DIR_CERT/private/alcasar.pem |
chmod 750 $DIR_CERT/private/alcasar.pem |
} |
function domainName() # change the domain name in the conf files |
80,12 → 83,15 |
cp $cert $DIR_CERT/certs/alcasar.crt |
cp $key $DIR_CERT/private/alcasar.key |
cat $DIR_CERT/private/alcasar.key $DIR_CERT/certs/alcasar.crt > $DIR_CERT/private/alcasar.pem |
chown root:apache $DIR_CERT/certs/alcasar.crt |
chown root:apache $DIR_CERT/private/alcasar.key |
chown root:apache $DIR_CERT/private/alcasar.pem |
chmod 750 $DIR_CERT/certs/alcasar.crt |
chmod 750 $DIR_CERT/private/alcasar.key |
chmod 750 $DIR_CERT/private/alcasar.pem |
if [ "$sc" != "" ] |
then |
164,7 → 170,7 |
fi |
domainName $cert |
certImport $cert $key $sc |
for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd |
for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist lighttpd |
do |
echo "restarting $services"; systemctl restart $services; sleep 1 |
done |
175,7 → 181,7 |
echo "Restoring default certificate" |
defaultCert |
defaultNdd |
for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd |
for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist lighttpd |
do |
echo "restarting $services"; systemctl restart $services; sleep 1 |
done |
/scripts/alcasar-profil.sh |
---|
8,6 → 8,7 |
# Gestion des comptes liés aux profiles |
# Manage the profil logins |
DIR_BIN="/usr/local/bin" # scripts directory |
ADM_PROFIL="admin" |
PROFILS="backup manager" |
ALL_PROFILS=`echo $ADM_PROFIL $PROFILS` |
14,7 → 15,50 |
DIR_KEY="/usr/local/etc/digest" |
SED="/bin/sed -i" |
Lang=`echo $LANG|cut -c 1-2` |
REALM="ALCASAR Control Center (ACC)" |
# génère le htdigest |
function htdigest () { |
passwdfile="$1" |
username="$2" |
[ -f "$passwdfile" ] || touch "$passwdfile" |
[ $(grep -c "${username}:${REALM}:" "$passwdfile") ] && existing_user=0 || existing_user=1 |
if [ $existing_user -eq 1 ]; then |
echo "Changing password for user $username in realm $REALM" |
else |
echo "Adding user $username in realm $REALM" |
fi |
equal=0 |
while [ $equal -eq 0 ]; do |
echo -n "New password: " |
read -s pass_1 |
echo |
echo -n "Confirm the new password: " |
read -s pass_2 |
echo |
if [ "$pass_1" != "$pass_2" ]; then |
echo -e "\nThe passwords don't match.\n" |
else |
equal=1 |
fi |
done |
digest="${username}:${REALM}:" |
digest+=$(echo -n "${username}:${REALM}:${pass_1}" | md5sum | cut -d" " -f1) |
if [ $existing_user -eq 0 ]; then |
echo "$digest" >> "$passwdfile" |
else |
sed -i "s/${username}:${REALM}:.*/${digest}/" "$passwdfile" |
fi |
} |
# liste les comptes de chaque profile |
function list () { |
for i in $ALL_PROFILS |
50,9 → 94,10 |
chmod 640 $DIR_KEY/key_* |
} |
usage="Usage: alcasar-profil.sh [-l|--list] [-a|--add] [-d|--del] [-p|--pass]" |
usage="Usage: alcasar-profil.sh [-l|--list] [-a|--add [profil]] [-d|--del] [-p|--pass]" |
nb_args=$# |
args=$1 |
arg1=$1 |
arg2=$2 |
# on met en place la structure minimale |
if [ ! -e $DIR_KEY/key_$ADM_PROFIL ] |
73,21 → 118,26 |
echo $usage |
exit 0 |
fi |
case $args in |
case $arg1 in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
--add|-a) |
# ajout d'un compte |
list |
if [ $Lang == "fr" ] |
if [ $nb_args -eq 1 ] |
then |
echo -n "Choisissez un profil ($ALL_PROFILS) : " |
# ajout d'un compte |
list |
if [ $Lang == "fr" ] |
then |
echo -n "Choisissez un profil ($ALL_PROFILS) : " |
else |
echo -n "Select a profile ($ALL_PROFILS) : " |
fi |
read profil |
else |
echo -n "Select a profile ($ALL_PROFILS) : " |
profil="$2" |
fi |
read profil |
if [ $Lang == "fr" ] |
then |
echo -n "Entrez le nom du compte à créer (profil '$profil') : " |
112,7 → 162,7 |
fi |
done |
done |
/usr/bin/htdigest $DIR_KEY/key_only_$profil "ALCASAR Control Center (ACC)" $account |
htdigest $DIR_KEY/key_only_$profil "$account" |
concat |
list |
;; |
151,8 → 201,8 |
for j in $tmp_account |
do |
if [ "$j" = "$account" ] |
then |
/usr/bin/htdigest $DIR_KEY/key_only_$i "ALCASAR Control Center (ACC)" $account |
then |
htdigest $DIR_KEY/key_only_$i "$account" |
fi |
done |
done |
159,7 → 209,7 |
concat |
;; |
--list|-l) |
# liste des comptes par profile |
# liste des comptes par profil |
list |
;; |
*) |
/scripts/alcasar-uninstall.sh |
---|
20,18 → 20,24 |
ACC () |
{ |
echo -en "(11) : " |
echo -en "(7) : " |
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, " |
[ -d /etc/freeradius-web ] && rm -rf /etc/freeradius-webl && echo -n "2, " |
[ -e /etc/php.ini.default ] && mv -f /etc/php.ini.default /etc/php.ini && echo -n "3, " |
[ -e /etc/httpd/conf/httpd.conf.default ] && mv /etc/httpd/conf/httpd.conf.default /etc/httpd/conf/httpd.conf && echo -n "4, " |
[ -e /etc/httpd/conf/modules.d/00_base.conf.default ] && mv /etc/httpd/conf/modules.d/00_base.conf.default /etc/httpd/conf/modules.d/00_base.conf && echo -n "5, " |
[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] && mv /etc/httpd/conf/conf.d/ssl.conf.default /etc/httpd/conf/conf.d/ssl.conf && echo -n "6, " |
[ -e /etc/httpd/conf/conf.d/multilang-errordoc.conf.default ] && mv /etc/httpd/conf/conf.d/multilang-errordoc.conf.default /etc/httpd/conf/conf.d/multilang-errordoc.conf && echo -n "7, " |
[ -e /usr/share/httpd/error/include/top.html.default ] && mv /usr/share/httpd/error/include/top.html.default /usr/share/httpd/error/include/top.html && echo -n "8, " |
[ -e /usr/share/httpd/error/include/bottom.html.default ] && mv /usr/share/httpd/error/include/bottom.html.default /usr/share/httpd/error/include/top.html && echo -n "9, " |
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "10, " |
[ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf && echo -n "11" |
[ -e /etc/lighttpd/lighttpd.conf.default ] && mv /etc/lighttpd/lighttpd.conf.default /etc/lighttpd/lighttpd.conf && echo -n "4, " |
[ -e /etc/lighttpd/modules.conf.default ] && mv /etc/lighttpd/modules.conf.default /etc/lighttpd/modules.conf && echo -n "5, " |
[ -e /etc/lighttpd/conf.d/fastcgi.conf.default ] && mv /etc/lighttpd/conf.d/fastcgi.conf.default /etc/lighttpd/conf.d/fastcgi.conf && echo -n "6, " |
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "7, " |
[ -e /etc/lighttpd/vhosts.d/alcasar.conf ] && rm -f /etc/lighttpd/vhosts.d/alcasar.conf && echo -n "8" |
# Removing old Apache configuration |
[ -e /etc/httpd/conf/httpd.conf.default ] && mv /etc/httpd/conf/httpd.conf.default /etc/httpd/conf/httpd.conf |
[ -e /etc/httpd/conf/modules.d/00_base.conf.default ] && mv /etc/httpd/conf/modules.d/00_base.conf.default /etc/httpd/conf/modules.d/00_base.conf |
[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] && mv /etc/httpd/conf/conf.d/ssl.conf.default /etc/httpd/conf/conf.d/ssl.conf |
[ -e /etc/httpd/conf/conf.d/multilang-errordoc.conf.default ] && mv /etc/httpd/conf/conf.d/multilang-errordoc.conf.default /etc/httpd/conf/conf.d/multilang-errordoc.conf |
[ -e /usr/share/httpd/error/include/top.html.default ] && mv /usr/share/httpd/error/include/top.html.default /usr/share/httpd/error/include/top.html |
[ -e /usr/share/httpd/error/include/bottom.html.default ] && mv /usr/share/httpd/error/include/bottom.html.default /usr/share/httpd/error/include/top.html |
[ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf |
} |
CA () |
41,7 → 47,10 |
[ -e /etc/pki/CA/private/alcasar-ca.key ] && rm -f /etc/pki/CA/private/alcasar-ca.key && echo -n "2, " |
[ -e /etc/pki/tls/certs/alcasar.crt ] && rm -f /etc/pki/tls/certs/alcasar.crt && echo -n "3, " |
[ -e /etc/pki/tls/private/alcasar.key ] && rm -f /etc/pki/tls/private/alcasar.key && echo -n "4, " |
[ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL && echo -n "5" |
[ -e /etc/pki/tls/private/alcasar.pem ] && rm -f /etc/pki/tls/private/alcasar.pem && echo -n "5" |
# Removing old Apache configuration |
[ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf*` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL |
} |
time_server () |
274,7 → 283,7 |
echo "----------------------------------------------------------------------------" |
echo "** Uninstall/Désinstallation d'ALCASAR **" |
echo "----------------------------------------------------------------------------" |
services="alcasar-load_balancing vnstat havp freshclam ntpd httpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian dnsmasq sshd chilli" |
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian dnsmasq sshd chilli" |
/usr/local/bin/alcasar-logout.sh all # logout everybody |
else |
echo "--------------------------------------------------------------------------" |
281,9 → 290,12 |
echo "** update/mise à jour d'ALCASAR **" |
echo "--------------------------------------------------------------------------" |
# dnsmasq & sshd should stay on to allow remote update |
services="alcasar-load_balancing vnstat havp freshclam ntpd httpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian chilli" |
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian chilli" |
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update |
fi |
[ -e /lib/systemd/system/httpd.service ] && services+=" httpd" |
echo "Stopping service : " |
/usr/local/bin/alcasar-sms.sh --stop |
for i in $services |
/scripts/alcasar-urpmi.sh |
---|
14,7 → 14,7 |
# The kernel version we compile netflow for |
KERNEL="kernel-server-4.14.18-1.mga6-1-1.mga6" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional" |
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional" |
rpm_repository_sync () |
{ |
214,7 → 214,7 |
else |
echo "Nettoyage du système : " |
fi |
rm_rpm="shorewall mandi squid plymouth cpupower" |
rm_rpm="shorewall mandi squid plymouth cpupower apache apache-mod_php apache-mod_ssl" |
/usr/sbin/urpme --auto -a $rm_rpm |
/usr/sbin/urpme --auto --auto-orphans |
/web/acc/about.htm |
---|
1,6 → 1,7 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
<HTML><!-- by REXY --> |
<HEAD> |
<META charset="utf-8"> |
<TITLE>bonus</TITLE> |
</HEAD> |
<BODY background="/images/linux_ksc2.jpg" TEXT="#FFFFFF" BGCOLOR="#000000"> |
78,7 → 79,7 |
<TD align="center"><A HREF="javascript:ouvrir('http://www.coova.org/CoovaChilli')"><img border="0" src="/images/footer_coova.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.freeradius.org')"><img border="0" src="/images/footer_freeradius.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.mariadb.org')"><img border="0" src="/images/footer_mariadb.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.apache.org')"><img border="0" src="/images/footer_apache.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://lighttpd.net')"><img border="0" src="/images/footer_lighttpd.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.php.net')"><img border="0" src="/images/footer_php.png"></A></TD> |
</TR> |
<TR> |
/web/acc/admin/services.php |
---|
22,7 → 22,7 |
$l_chilli = "Passerelle d'interception"; |
$l_dansguardian = "Filtre d'URL et de contenu WEB"; |
$l_mysqld = "Serveur de la base des usagers"; |
$l_httpd = "Serveur WEB (Alcasar Control Center)"; |
$l_lighttpd = "Serveur WEB (Alcasar Control Center)"; |
$l_sshd = "Accès sécurisée distant"; |
$l_freshclam = "Mise à jour de l'antivirus toutes les 2 heures"; |
$l_ntpd = "Service de mise à l'heure réseau"; |
56,7 → 56,7 |
$l_chilli = "Interception gateway"; |
$l_dansguardian = "URL and WEB content filter"; |
$l_mysqld = "User database server"; |
$l_httpd = "WEB server (ALCASAR Control Center)"; |
$l_lighttpd = "WEB server (ALCASAR Control Center)"; |
$l_sshd = "Secure remote access"; |
$l_freshclam = "Antivirus update process (every 2 hours)"; |
$l_ntpd = "Network time server"; |
130,7 → 130,7 |
// Actions on services |
//------------------------------- |
//sécurité sur les actions à réaliser |
$autorizeService = array("radiusd","chilli","dansguardian","mysqld","httpd","sshd","freshclam","ntpd","havp","tinyproxy","dnsmasq","dnsmasq-blacklist","dnsmasq-whitelist","dnsmasq-blackhole"); |
$autorizeService = array("radiusd","chilli","dansguardian","mysqld","lighttpd","sshd","freshclam","ntpd","havp","tinyproxy","dnsmasq","dnsmasq-blacklist","dnsmasq-whitelist","dnsmasq-blackhole"); |
$autorizeAction = array("start","stop","restart"); |
if (isset($_GET['service'])&&(in_array($_GET['service'], $autorizeService))) { |
163,7 → 163,7 |
$MainServiceStatus['radiusd'] = checkServiceStatus("radiusd"); |
$MainServiceStatus['chilli'] = checkServiceStatus("chilli"); |
$MainServiceStatus['mysqld'] = checkServiceStatus("mysqld"); |
$MainServiceStatus['httpd'] = checkServiceStatus("httpd"); |
$MainServiceStatus['lighttpd'] = checkServiceStatus("lighttpd"); |
$MainServiceStatus['dnsmasq'] = checkServiceStatus("dnsmasq"); |
$MainServiceStatus['ulogd_ssh'] = checkServiceStatus("ulogd-ssh"); |
$MainServiceStatus['ulogd_ext_access'] = checkServiceStatus("ulogd-ext-access"); |
/web/acc/haut.php |
---|
3,7 → 3,7 |
// Inform admin log about his last connection |
$admin_log = '/var/Save/security/acc_access.log'; |
$user_htdigest = $_SERVER['PHP_AUTH_USER']; |
$user_htdigest = $_SERVER['REMOTE_USER']; |
$date_system = date('d/m/Y H:i:s'); |
$user_ip = $_SERVER['REMOTE_ADDR']; |
$user_agent = $_SERVER['HTTP_USER_AGENT']; |
/web/acc/manager/htdocs/badusers.php |
---|
79,7 → 79,7 |
$row = da_sql_fetch_array($search,$config); |
if ($row[id] == $row_id){ |
$admin = "$row[admin]"; |
if (($admin != '-' && $_SERVER["PHP_AUTH_USER"] == $admin) || $admin == '-'){ |
if (($admin != '-' && $_SERVER["REMOTE_USER"] == $admin) || $admin == '-'){ |
$sql_servers = array(); |
if ($config[sql_extra_servers] != '') |
$sql_servers = explode(' ',$config[sql_extra_servers]); |
137,7 → 137,7 |
</tr> |
<?php |
$auth_user = $_SERVER["PHP_AUTH_USER"]; |
$auth_user = $_SERVER["REMOTE_USER"]; |
if ($config[general_restrict_badusers_access] == 'yes'){ |
$auth_user = da_sql_escape_string($link,$auth_user); |
$extra_query = "AND admin == '$auth_user'"; |
/web/acc/manager/lib/add_badusers.php |
---|
10,8 → 10,8 |
$lockmsg_name = $attrmap['Dialup-Lock-Msg'] . '0'; |
$msg = $$lockmsg_name; |
$admin = '-'; |
if ($_SERVER["PHP_AUTH_USER"] != '') |
$admin = $_SERVER["PHP_AUTH_USER"]; |
if ($_SERVER["REMOTE_USER"] != '') |
$admin = $_SERVER["REMOTE_USER"]; |
if ($msg == '') |
echo "<b>Lock Message should not be empty</b><br>\n"; |
else{ |
/web/acc/manager/lib/sql/drivers/mysql/functions.php |
---|
18,7 → 18,7 |
{ |
if ($config['sql_use_http_credentials'] == 'yes'){ |
global $HTTP_SERVER_VARS; |
$SQL_user = $HTTP_SERVER_VARS["PHP_AUTH_USER"]; |
$SQL_user = $HTTP_SERVER_VARS["REMOTE_USER"]; |
$SQL_passwd = $HTTP_SERVER_VARS["PHP_AUTH_PW"]; |
} |
else{ |
37,7 → 37,7 |
{ |
if (isset($config['sql_use_http_credentials']) && $config['sql_use_http_credentials'] == 'yes'){ |
global $HTTP_SERVER_VARS; |
$SQL_user = $HTTP_SERVER_VARS["PHP_AUTH_USER"]; |
$SQL_user = $HTTP_SERVER_VARS["REMOTE_USER"]; |
$SQL_passwd = $HTTP_SERVER_VARS["PHP_AUTH_PW"]; |
} |
else{ |
56,7 → 56,7 |
{ |
if (isset($config['sql_use_http_credentials']) && $config['sql_use_http_credentials'] == 'yes'){ |
global $HTTP_SERVER_VARS; |
$SQL_user = $HTTP_SERVER_VARS["PHP_AUTH_USER"]; |
$SQL_user = $HTTP_SERVER_VARS["REMOTE_USER"]; |
$SQL_passwd = $HTTP_SERVER_VARS["PHP_AUTH_PW"]; |
} |
else{ |
/web/acc/manager/lib/sql/nas_list.php |
---|
15,7 → 15,7 |
} |
$link = da_sql_pconnect($config); |
if ($link){ |
$auth_user = $_SERVER["PHP_AUTH_USER"]; |
$auth_user = $_SERVER["REMOTE_USER"]; |
$extra = ''; |
if (isset($mappings[$auth_user]['nasdb'])){ |
$NAS_ARR = array(); |
/web/acc/manager/lib/xlat.php |
---|
4,7 → 4,7 |
$string = $filter; |
if ($filter != ''){ |
$string = preg_replace('/%u/',$login,$string); |
$string = preg_replace('/%U/',$_SERVER["PHP_AUTH_USER"],$string); |
$string = preg_replace('/%U/',$_SERVER["REMOTE_USER"],$string); |
$string = preg_replace('/%ma/',$mappings[$http_user]['accounting'],$string); |
$string = preg_replace('/%mu/',$mappings[$http_user]['userdb'],$string); |
$string = preg_replace('/%mn/',$mappings[$http_user]['nasdb'],$string); |
/web/acc/menu.php |
---|
37,7 → 37,7 |
fclose($file_conf); |
// Retrieve the user's profil |
$user_htdigest = $_SERVER['PHP_AUTH_USER']; |
$user_htdigest = $_SERVER['REMOTE_USER']; |
exec('sudo alcasar-profil.sh --list | cut -d":" -f2', $output); |
$admin_members = explode(' ', ltrim($output[0], " \t")); |
$backup_members = explode(' ', ltrim($output[1], " \t")); |
/web/errors/error-400.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(400))</script> |
</body> |
</html> |
/web/errors/error-401.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(401))</script> |
</body> |
</html> |
/web/errors/error-403.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(403))</script> |
</body> |
</html> |
/web/errors/error-404.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(404))</script> |
</body> |
</html> |
/web/errors/error-405.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(405))</script> |
</body> |
</html> |
/web/errors/error-408.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(408))</script> |
</body> |
</html> |
/web/errors/error-410.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(410))</script> |
</body> |
</html> |
/web/errors/error-411.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(411))</script> |
</body> |
</html> |
/web/errors/error-413.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(413))</script> |
</body> |
</html> |
/web/errors/error-414.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(414))</script> |
</body> |
</html> |
/web/errors/error-415.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(415))</script> |
</body> |
</html> |
/web/errors/error-500.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(500))</script> |
</body> |
</html> |
/web/errors/error-501.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(501))</script> |
</body> |
</html> |
/web/errors/error-502.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(502))</script> |
</body> |
</html> |
/web/errors/error-503.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(503))</script> |
</body> |
</html> |
/web/errors/error-506.html |
---|
0,0 → 1,22 |
<?php |
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $ |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<title>ALCASAR - </title> |
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css"> |
<script type="text/javascript" src="/js/i18n.js"></script> |
<script type="text/javascript" src="/js/error_translate.js"></script> |
</head> |
<body> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus"></p> |
<div id="boite_logo"><img src="/images/organisme.png"></div> |
</div> |
<div id="contenu_error"></div> |
<script type="text/javascript">setErrorMessage(getErrorTranslation(506))</script> |
</body> |
</html> |
/web/images/footer_lighttpd.png |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/png |
Property changes: |
Added: svn:mime-type |
+image/png |
\ No newline at end of property |
/web/js/error_translate.js |
---|
0,0 → 1,42 |
function getErrorTranslation(statusCode) { |
if(typeof translation == 'undefined') { |
return; |
} |
var language = (window.navigator.userLanguage || window.navigator.language).toLowerCase().split('-')[0]; |
var title = translation['error'][language] + ' ' + statusCode; |
if(!translation.hasOwnProperty(statusCode)) { |
// Setting unknown error |
statusCode = 0; |
title = translation['unknown'][language]; |
} |
if(!translation[statusCode].hasOwnProperty(language)) { |
if(translation[statusCode].hasOwnProperty('en')) { |
// Default language : english |
language = 'en'; |
} else { |
return; |
} |
} |
return { |
'title': title, |
'message': translation[statusCode][language] |
} |
} |
function setErrorMessage(data) { |
if(typeof data['title'] == 'undefined' || typeof data['message'] == 'undefined') { |
return; |
} |
var acces_controle = document.getElementById('acces_controle'); |
var contenu_error = document.getElementById('contenu_error'); |
document.title += " " + data['title']; |
acces_controle.innerHTML = data['title']; |
contenu_error.innerHTML = data['message']; |
} |
/web/js/i18n.js |
---|
0,0 → 1,78 |
translation = { |
'error': { |
'en': "Error", |
'fr': "Erreur", |
}, |
'unknown': { |
'en': "Unknown error", |
'fr': "Erreur inconnue", |
}, |
400: { |
'en': "The HTTP request could not be understood by the server due to malformed syntax.<br>The web browser may be too recent, or the HTTP server may be too old.", |
'fr': "La requête HTTP n'a pas pu être comprise par le serveur en raison d'une syntaxe erronée.<br>Le problème peut provenir d'un navigateur web trop récent ou d'un serveur HTTP trop ancien.", |
}, |
401: { |
'en': "The request requires user authentication.<br>This means that all or a part of the requested server is protected by a password that should be given to the server to allow access to its contents.", |
'fr': "La requête nécessite une identification de l'utilisateur.<br>Concrètement, cela signifie que tout ou partie du serveur contacté est protégé par un mot de passe, qu'il faut indiquer au serveur pour pouvoir accéder à son contenu.", |
}, |
403: { |
'en': "The HTTP server understood the request, but is refusing to fulfill it.<br>This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable (for example the server is an Intranet and only the LAN machines are authorized to connect).", |
'fr': "Le serveur HTTP a compris la requête, mais refuse de la traiter.<br>Ce code est généralement utilisé lorsqu'un serveur ne souhaite pas indiquer pourquoi la requête a été rejetée, ou lorsque aucune autre réponse ne correspond (par exemple le serveur est un Intranet et seules les machines du réseau local sont autorisées à se connecter au serveur).", |
}, |
404: { |
'en': "The server has not found anything matching the requested address (URI) ( not found ).<br>This means the URL you have typed or cliked on is wrong or obsolete and does not match any document existing on the server (you may try to gradualy remove the URL components from the right to the left to eventualy retrieve an existing path).", |
'fr': "Le serveur n'a rien trouvé qui corresponde à l'adresse (URI) demandée ( non trouvé ).<br>Cela signifie que l'URL que vous avez tapée ou cliquée est mauvaise ou obsolète et ne correspond à aucun document existant sur le serveur (vous pouvez essayez de supprimer progressivement les composants de l'URL en partant de la fin pour éventuellement retrouver un chemin d'accès existant).", |
}, |
405: { |
'en': "This code is given with the Allow header and indicates that the method used by the client is not supported for this URI.", |
'fr': "Ce code indique que la méthode utilisée par le client n'est pas supportée pour cet URI.", |
}, |
408: { |
'en': "This response code means the client did not produce a full request within some predetermined time (usually specified in the server's configuration), and the server is disconnecting the network connection.", |
'fr': "Le client n'a pas présenté une requête complète pendant le délai maximal qui lui était imparti, et le serveur a abandonné la connexion.", |
}, |
410: { |
'en': "This code indicates that the requested URI no longer exists and has been permanently removed from the server.", |
'fr': "L'adresse (URI) demandée n'existe plus et a été définitivement supprimée du serveur.", |
}, |
411: { |
'en': "The server will not accept the request without a Content-Length header supplied in the request.", |
'fr': "Le serveur a besoin de connaître la taille de cette requête pour pouvoir y répondre.", |
}, |
413: { |
'en': "The server will not process the request because its entity body is too large.", |
'fr': "Le serveur ne peut traiter la requête car la taille de son contenu est trop importante.", |
}, |
414: { |
'en': "The server will not process the request because its request URI is too large.", |
'fr': "Le serveur ne peut traiter la requête car la taille de l'objet (URI) a retourner est trop importante.", |
}, |
415: { |
'en': "The server will not process the request because its entity body is in an unsupported format.", |
'fr': "Le serveur ne peut traiter la requête car son contenu est écrit dans un format non supporté.", |
}, |
500: { |
'en': "The HTTP server encountered an unexpected condition which prevented it from fulfilling the request.<br>For example this error can be caused by a serveur misconfiguration, or a resource exhausted or denied to the server on the host machine.", |
'fr': "Le serveur HTTP a rencontré une condition inattendue qui l'a empêché de traiter la requête.<br>Cette erreur peut par exemple être le résultat d'une mauvaise configuration du serveur, ou d'une ressource épuisée ou refusée au serveur sur la machine hôte.", |
}, |
501: { |
'en': "The HTTP server does not support the functionality required to fulfill the request.<br>This is the appropriate response when the server does not recognize the request method and is not capable of supporting it for any resource (either the web browser is too recent, or the HTTP server is too old).", |
'fr': "Le serveur HTTP ne supporte pas la fonctionnalité nécessaire pour traiter la requête.<br>C'est la réponse émise lorsque le serveur ne reconnaît pas la méthode indiquée dans la requête et n'est capable de la mettre en oeuvre pour aucune ressource (soit le navigateur web est trop récent, soit le serveur HTTP est trop ancien).", |
}, |
502: { |
'en': "The gateway server returned an invalid response.<br>The HTTP server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.", |
'fr': "Le serveur intermédiaire a fourni une réponse invalide.<br>Le serveur HTTP a agi en tant qu'intermédiaire (passerelle ou proxy) avec un autre serveur, et a reçu de ce dernier une réponse invalide en essayant de traiter la requête.", |
}, |
503: { |
'en': "The HTTP server is currently unable to handle the request due to a temporary overloading or maintenance of the server.<br>The implication is that this is a temporary condition which will be alleviated after some delay.", |
'fr': "Le serveur HTTP est actuellement incapable de traiter la requête en raison d'une surcharge temporaire ou d'une opération de maintenance.<br> Cela sous-entend l'existence d'une condition temporaire qui sera levée après un certain délai.", |
}, |
506: { |
'en': "Transparent content negotiation for the request results in a circular reference.", |
'fr': "Erreur de négociation transparent content negociation.", |
}, |
0: { |
'en': "Unknown error.", |
'fr': "Erreur non reconnu.", |
} |
} |