Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2520 → Rev 2521

/alcasar.sh
18,7 → 18,7
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
 
# Coovachilli, freeradius, mariaDB, lighttpd, netfilter, dansguardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump
# Coovachilli, freeradius, mariaDB, lighttpd, netfilter, e2guardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump
 
# Options :
# -i or --install
34,7 → 34,7
# init_db : Initilization of radius database managed with MariaDB
# freeradius : FreeRadius initialisation
# chilli : coovachilli initialisation (+authentication page)
# dansguardian : DansGuardian filtering HTTP proxy configuration
# e2guardian : E2Guardian filtering HTTP proxy configuration
# antivirus : HAVP + libclamav configuration
# tinyproxy : little proxy for user filtered with "WL + antivirus" and "antivirus"
# ulogd : log system in userland (match NFLOG target of iptables)
41,7 → 41,7
# nfsen : Configuration of Nfsen Netflow grapher
# dnsmasq : Name server configuration
# vnstat : little network stat daemon
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for e2guardian and for Netfilter)
# cron : Logs export + watchdog + connexion statistics
# fail2ban : Fail2ban IDS installation and configuration
# gammu_smsd : Autoregister addon via SMS (gammu-smsd)
61,7 → 61,7
DIR_BLACKLIST="$DIR_INSTALL/blacklist" # install directory (with blacklist files)
DIR_SAVE="/var/Save" # backup directory (traceability_log, user_db, security_log)
DIR_WEB="/var/www/html" # directory of Lighttpd
DIR_DG="/etc/dansguardian" # directory of DansGuardian
DIR_DG="/etc/e2guardian" # directory of E2Guardian
DIR_ACC="$DIR_WEB/acc" # directory of the 'ALCASAR Control Center'
DIR_DEST_BIN="/usr/local/bin" # directory of ALCASAR scripts
DIR_DEST_ETC="/usr/local/etc" # directory of ALCASAR conf files
1225,52 → 1225,52
} # End of chilli ()
 
##################################################################
## Function "dansguardian" ##
## Function "e2guardian" ##
## - Set the parameters of this HTML proxy (as controler) ##
##################################################################
dansguardian ()
e2guardian ()
{
mkdir -p /var/dansguardian /var/log/dansguardian
chown -R dansguardian /var/dansguardian /var/log/dansguardian
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dansguardian -c /etc/dansguardian/dansguardian.conf?g" /lib/systemd/system/dansguardian.service
$SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/dansguardian.service
[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
mkdir -p /var/e2guardian /var/log/e2guardian
chown -R e2guardian /var/e2guardian /var/log/e2guardian
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/e2guardian -c /etc/e2guardian/e2guardian.conf?g" /lib/systemd/system/e2guardian.service
$SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/e2guardian.service
[ -e $DIR_DG/e2guardian.conf.default ] || cp $DIR_DG/e2guardian.conf $DIR_DG/e2guardian.conf.default
# By default the filter is off
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/dansguardian.conf
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/e2guardian.conf
# French deny HTML page
$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
$SED "s?^language =.*?language = french?g" $DIR_DG/e2guardian.conf
# Listen only on LAN side
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/e2guardian.conf
# DG send its flow to HAVP
$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf
$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/e2guardian.conf
# replace the default deny HTML page
cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
cp -f $DIR_CONF/template.html /usr/share/e2guardian/languages/ukenglish/
cp -f $DIR_CONF/template-fr.html /usr/share/e2guardian/languages/french/template.html
# Don't log
$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/dansguardian.conf
$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/e2guardian.conf
# # Change the default report page
$SED "s?^accessdeniedaddress =.*?accessdeniedaddress = http://$HOSTNAME.$DOMAIN?g" $DIR_DG/dansguardian.conf
$SED "s?^accessdeniedaddress =.*?accessdeniedaddress = http://$HOSTNAME.$DOMAIN?g" $DIR_DG/e2guardian.conf
# Disable HTML content control
$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf
$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/e2guardian.conf
cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
# Disable URL control with regex
cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
# Configure Dansguardian for large site
# Configure E2guardian for large site
# Minimum number of processus to handle connections
$SED "s?^minchildren =.*?minchildren = 15?g" $DIR_DG/dansguardian.conf
$SED "s?^minchildren =.*?minchildren = 15?g" $DIR_DG/e2guardian.conf
# Maximum number of processus to handle connections
$SED "s?^maxchildren =.*?maxchildren = 200?g" $DIR_DG/dansguardian.conf
$SED "s?^maxchildren =.*?maxchildren = 200?g" $DIR_DG/e2guardian.conf
# Run at least 8 daemons
$SED "s?^minsparechildren =.*?minsparechildren = 8?g" $DIR_DG/dansguardian.conf
$SED "s?^minsparechildren =.*?minsparechildren = 8?g" $DIR_DG/e2guardian.conf
# minimum number of processes to spawn
$SED "s?^preforkchildren =.*?preforkchildren = 10?g" $DIR_DG/dansguardian.conf
$SED "s?^preforkchildren =.*?preforkchildren = 10?g" $DIR_DG/e2guardian.conf
# maximum age of a child process before it croaks it
$SED "s?^maxagechildren =.*?maxagechildren = 1000?g" $DIR_DG/dansguardian.conf
$SED "s?^maxagechildren =.*?maxagechildren = 1000?g" $DIR_DG/e2guardian.conf
# Disable download files control
[ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
[ -e $DIR_DG/e2guardianf1.conf.default ] || cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf1.conf.default
$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/e2guardianf1.conf
[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
touch $DIR_DG/lists/bannedextensionlist
1283,7 → 1283,7
# Keep a copy of URL & domain filter configuration files
[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
} # End of dansguardian ()
} # End of e2guardian ()
 
##################################################################
## Function "antivirus" ##
1631,12 → 1631,12
[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
touch $DIR_DG/lists/exceptionsitelist
touch $DIR_DG/lists/exceptionurllist
# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian
# On crée la configuration de base du filtrage de domaine et d'URL pour E2guardian
cat <<EOF > $DIR_DG/lists/bannedurllist
# Dansguardian filter config for ALCASAR
# E2guardian filter config for ALCASAR
EOF
cat <<EOF > $DIR_DG/lists/bannedsitelist
# Dansguardian domain filter config for ALCASAR
# E2guardian domain filter config for ALCASAR
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
#**
# block all SSL and CONNECT tunnels
1667,7 → 1667,7
cp $DIR_BLACKLIST/$x $DIR_DG/lists/blacklists/ossi-bl-$x/domains
echo "ossi-bl-$x" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
done
chown -R dansguardian:apache $DIR_DG
chown -R e2guardian:apache $DIR_DG
chown -R root:apache $DIR_DEST_SHARE
chmod -R g+rw $DIR_DG $DIR_DEST_SHARE
# adapt the Toulouse BL to ALCASAR architecture
1995,7 → 1995,7
# Log compression
$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
# actualisation des fichiers logs compressés
for dir in firewall dansguardian lighttpd
for dir in firewall e2guardian lighttpd
do
find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
done
2025,7 → 2025,7
WantedBy=multi-user.target
EOF
# processes launched at boot time (Systemctl)
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd
do
/usr/bin/systemctl -q enable $i.service
done
2241,7 → 2241,7
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3`
mode="update"
fi
for func in init network ACC CA time_server init_db freeradius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install
for func in init network ACC CA time_server init_db freeradius chilli e2guardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install
do
$func
if [ $DEBUG_ALCASAR == "on" ]
/conf/template-fr.html
803,7 → 803,7
Contactez votre responsable informatique (RSSI/OSSI), si vous pensez que ce filtrage est abusif.
<br><br><br><br>
<font size=1>
Filtr&eacute; par <B>ALCASAR - DansGuardian</B>
Filtr&eacute; par <B>ALCASAR - E2Guardian</B>
</td>
</tr>
</table>
823,7 → 823,7
You need to remove the space between the - and the variable to use them
in your HTML. They are there above so extra processing is not required.
 
More example templates are likely to be found on the DansGuardian web site
More example templates are likely to be found on the E2Guardian web site
on the Extras page.
 
Daniel Barron 2002-03-27
/conf/template.html
805,7 → 805,7
If you have any queries contact your ICT Co-ordinator or Network Manager.
<br><br><br><br>
<font size=1>
Filtered by <B>ALCASAR - DansGuardian</B>
Filtered by <B>ALCASAR - E2Guardian</B>
</td>
</tr>
</table>
823,7 → 823,7
You need to remove the space between the - and the variable to use them
in your HTML. They are there above so extra processing is not required.
 
More example templates are likely to be found on the DansGuardian web site
More example templates are likely to be found on the E2Guardian web site
on the Extras page.
 
Daniel Barron 2002-03-27
/scripts/alcasar-activity_report.sh
156,7 → 156,7
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ]
then
VALUE=$(cat /etc/dansguardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6)
VALUE=$(cat /etc/e2guardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6)
echo ${LINE_HTML/XXMAJBLXX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXRPMXX' | wc -l) -eq 1 ]
165,7 → 165,7
#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ]
then
PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|e2guardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
do
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
/scripts/alcasar-bl.sh
6,8 → 6,8
# by Franck BOUIJOUX and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
 
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian)
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian)
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via E2guardian)
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (E2guardian)
 
DIR_CONF="/usr/local/etc"
CONF_FILE="$DIR_CONF/alcasar.conf"
18,7 → 18,7
DIR_WL_tmp="/tmp/whitelists"
FILE_tmp="/tmp/filesfilter.txt"
FILE_ip_tmp="/tmp/filesipfilter.txt"
DIR_DG="/etc/dansguardian/lists"
DIR_DG="/etc/e2guardian/lists"
DIR_DG_BL="$DIR_DG/blacklists"
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" # ' ' WL categories
65,7 → 65,7
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
do
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE
ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE
# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # Blacklisted domains are managed by dnsmasq
82,7 → 82,7
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`
do
$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES
ln -sf $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE
done
sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp
154,7 → 154,7
rm -rf $DIR_DG_BL $DIR_IP_BL
mkdir $DIR_DG_BL $DIR_IP_BL
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
chown -R dansguardian:apache $DIR_DG
chown -R e2guardian:apache $DIR_DG
chmod -R 770 $DIR_DG
# Add the two local categories (ossi-bl & ossi-wl) to the usage file
# Add the custom categories (ossi-tor_nodes) to the usage file
238,7 → 238,7
if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist
then
touch $PATH_FILE/urls
chown dansguardian:apache $PATH_FILE/urls
chown e2guardian:apache $PATH_FILE/urls
fi
cp $PATH_FILE/domains $FILE_tmp
clean_split # clean ossi custom files & split them for dnsmasq and for iptables
294,7 → 294,7
done
/usr/bin/systemctl restart dnsmasq-whitelist
/usr/bin/systemctl restart dnsmasq-blacklist
/usr/bin/systemctl restart dansguardian
/usr/bin/systemctl restart e2guardian
/usr/local/bin/alcasar-iptables.sh
else
echo -n "/usr/local/etc/update_cat.conf is empty ..."
350,7 → 350,7
if [ $enabled == "1" ]
then
$SED "/\/$ossi_categorie$/d" $WL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $WL_CATEGORIES
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ossi_categorie" $WL_CATEGORIES
ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie
ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie
fi
363,7 → 363,7
if [ $enabled == "1" ]
then
$SED "/\/$ossi_categorie$/d" $BL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $BL_CATEGORIES
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ossi_categorie" $BL_CATEGORIES
ln -sf $DIR_DNS_BL/$ossi_categorie.conf $DIR_DNS_BL_ENABLED/$ossi_categorie
ln -sf $DIR_IP_BL/$ossi_categorie $DIR_IP_BL_ENABLED/$ossi_categorie
fi
/scripts/alcasar-conf.sh
21,7 → 21,7
DIR_BIN="/usr/local/bin" # scripts directory
DIR_ETC="/usr/local/etc" # conf directory
DIR_SHARE="/usr/local/share" # data directory
DIR_BLACKLIST="/etc/dansguardian/lists/blacklists" # Toulouse BL directory
DIR_BLACKLIST="/etc/e2guardian/lists/blacklists" # Toulouse BL directory
CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
87,12 → 87,12
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
# backup BL/WL custom files
mkdir $DIR_UPDATE/custom_bl
cp -f /etc/dansguardian/lists/exceptioniplist $DIR_UPDATE/custom_bl/
cp -f /etc/dansguardian/lists/urlregexplist $DIR_UPDATE/custom_bl/
cp -f /etc/dansguardian/lists/exceptionsitelist $DIR_UPDATE/custom_bl/
cp -f /etc/dansguardian/lists/bannedsitelist $DIR_UPDATE/custom_bl/
cp -f /etc/dansguardian/lists/exceptionurllist $DIR_UPDATE/custom_bl/
cp -f /etc/dansguardian/lists/bannedurllist $DIR_UPDATE/custom_bl/
cp -f /etc/e2guardian/lists/exceptioniplist $DIR_UPDATE/custom_bl/
cp -f /etc/e2guardian/lists/urlregexplist $DIR_UPDATE/custom_bl/
cp -f /etc/e2guardian/lists/exceptionsitelist $DIR_UPDATE/custom_bl/
cp -f /etc/e2guardian/lists/bannedsitelist $DIR_UPDATE/custom_bl/
cp -f /etc/e2guardian/lists/exceptionurllist $DIR_UPDATE/custom_bl/
cp -f /etc/e2guardian/lists/bannedurllist $DIR_UPDATE/custom_bl/
cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
# backup of different conf files (main conf file, filtering, digest, etc)
mkdir $DIR_UPDATE/etc/
134,15 → 134,15
# Retrieve local parameters
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
# Retrieve BL/WL custom files
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/custom_bl/bannedsitelist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/custom_bl/exceptionurllist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/custom_bl/bannedurllist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/bannedsitelist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/exceptionurllist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/bannedurllist /etc/e2guardian/lists/
cp -rf $DIR_UPDATE/custom_bl/ossi-* $DIR_BLACKLIST/ 2>/dev/null
chown -R dansguardian:apache /etc/dansguardian/lists
chmod -R g+rw /etc/dansguardian/lists
chown -R e2guardian:apache /etc/e2guardian/lists
chmod -R g+rw /etc/e2guardian/lists
# Adapt DNS/URL filtering
PARENT_SCRIPT=`basename $0`
export PARENT_SCRIPT
360,7 → 360,7
# tinyproxy
$SED "s?^Listen.*?Listen $PRIVATE_IP?g" /etc/tinyproxy/tinyproxy.conf
# DG + BL
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/e2guardian/e2guardian.conf
# Watchdog
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh
# Prompts
/scripts/alcasar-daemon.sh
10,7 → 10,7
conf_file="/usr/local/etc/alcasar.conf"
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off)
SSH=${SSH:=off}
SERVICES="mysqld lighttpd ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat"
SERVICES="mysqld lighttpd ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat"
nb_available_srv=`echo $SERVICES|wc -w`
 
function ServiceTest () {
/scripts/alcasar-iptables.sh
42,7 → 42,7
SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2`
SSH_ADMIN_FROM=${SSH_ADMIN_FROM:="0.0.0.0/0.0.0.0"} # WAN IP address to reduce ssh access (all ip allowed on LAN side)
IPTABLES="/sbin/iptables"
IP_REHABILITEES="/etc/dansguardian/lists/exceptioniplist" # Rehabilitated IP
IP_REHABILITEES="/etc/e2guardian/lists/exceptioniplist" # Rehabilitated IP
SITE_DIRECT="/usr/local/etc/alcasar-site-direct" # Site Direct (no havp and no filtrage) for user BL
 
# Sauvegarde des SET des utilisateurs connectés si ils existent
159,8 → 159,8
# Mark packets that attempt to directly access a server without authentication with proxy client to reject them in INPUT rules
#$IPTABLES -A PREROUTING -t mangle -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp -m tcp --dport 80 -m string --string 'GET http' --algo bm --from 50 --to 70 -j MARK --set-mark 10
 
# Marquage (et journalisation) des paquets qui tentent d'accéder directement au 8080 (DansGuardian) pour pouvoir les rejeter en INPUT
# Mark (and log) the direct attempts to TCP port 8090 (dansguardian) in order to REJECT them in INPUT rules
# Marquage (et journalisation) des paquets qui tentent d'accéder directement au 8080 (E2Guardian) pour pouvoir les rejeter en INPUT
# Mark (and log) the direct attempts to TCP port 8090 (e2guardian) in order to REJECT them in INPUT rules
$IPTABLES -A PREROUTING -t nat -i $TUNIF -p tcp -d $PRIVATE_IP -m tcp --dport 8080 -j NFLOG --nflog-group 1 --nflog-prefix "RULE direct-proxy -- DENY "
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -d $PRIVATE_IP -p tcp -m tcp --dport 8080 -j MARK --set-mark 1
 
211,8 → 211,8
# Redirect HTTP of 'havp_wl' users who want IP not in the WL to ALCASAR ('access denied' page)
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_wl src -m set ! --match-set wl_ip_allowed dst -p tcp --dport http -j REDIRECT --to-port 80
 
# Redirection des requêtes HTTP sortantes des usagers 'havp_bl' vers DansGuardian
# Redirect outbound HTTP requests of "BL" users to DansGuardian (transparent proxy)
# Redirection des requêtes HTTP sortantes des usagers 'havp_bl' vers E2Guardian
# Redirect outbound HTTP requests of "BL" users to E2Guardian (transparent proxy)
# $IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl src -m set ! --match-set site_direct dst ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080
# Redirection des requêtes HTTP sortantes des usager 'havp_wl' et 'havp' vers Tinyproxy
257,12 → 257,12
# Conntrack on INPUT
$IPTABLES -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
# On interdit les connexions directes au port utilisé par DansGuardian (8080). Les packets concernés ont été marqués et loggués dans la table mangle (PREROUTING)
# Deny direct connections on DansGuardian port (8080). The concerned paquets have been marked and logged in mangle table (PREROUTING)
# On interdit les connexions directes au port utilisé par E2Guardian (8080). Les packets concernés ont été marqués et loggués dans la table mangle (PREROUTING)
# Deny direct connections on E2Guardian port (8080). The concerned paquets have been marked and logged in mangle table (PREROUTING)
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport 8080 -m mark --mark 1 -j REJECT --reject-with tcp-reset
 
# Autorisation des connexions légitimes à DansGuardian
# Allow connections for DansGuardian
# Autorisation des connexions légitimes à E2Guardian
# Allow connections for E2Guardian
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8080 -m conntrack --ctstate NEW --syn -j ACCEPT
 
# On interdit les connexions directes au port utilisé par tinyproxy (8090). Les packets concernés ont été marqués et loggués dans la table mangle (PREROUTING)
452,8 → 452,8
# Allow DNS requests to identified DNS servers
$IPTABLES -A OUTPUT -o $EXTIF -d $DNSSERVERS -p udp --dport domain -m conntrack --ctstate NEW -j ACCEPT
 
# On autorise les requêtes HTTP avec log Netflow (en provenance de Dansguardian)
# HTTPS requests are allowed with netflow log (from Dansguardian)
# On autorise les requêtes HTTP avec log Netflow (en provenance de E2guardian)
# HTTPS requests are allowed with netflow log (from E2guardian)
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
 
/scripts/alcasar-rpm-download.sh
13,7 → 13,7
# The kernel version we compile netflow for
KERNEL="kernel-server-4.14.20-1.mga6-1-1.mga6"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional"
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional"
 
rpm_repository_sync ()
{
/scripts/alcasar-uninstall.sh
101,17 → 101,17
[ -e /lib/systemd/system/chilli.service ] && rm /lib/systemd/system/chilli.service && echo -n "4"
}
 
dansguardian ()
e2guardian ()
{
echo -en "(8) : "
[ -d /var/dansguardian ] && rm -rf /var/dansguardian && echo -n "1, "
[ -e /etc/dansguardian/dansguardian.conf.default ] && mv /etc/dansguardian/dansguardian.conf.default /etc/dansguardian/dansguardian.conf && echo -n "2, "
[ -e /etc/dansguardian/lists/bannedphraselist.default ] && mv /etc/dansguardian/lists/bannedphraselist.default /etc/dansguardian/lists/bannedphraselist && echo -n "3, "
[ -e /etc/dansguardian/dansguardianf1.conf.default ] && mv /etc/dansguardian/dansguardianf1.conf.default /etc/dansguardian/dansguardianf1.conf && echo -n "4, "
[ -e /etc/dansguardian/lists/bannedextensionlist.default ] && mv /etc/dansguardian/lists/bannedextensionlist.default /etc/dansguardian/lists/bannedextensionlist && echo -n "5, "
[ -e /etc/dansguardian/lists/bannedmimetypelist.default ] && mv /etc/dansguardian/lists/bannedmimetypelist.default /etc/dansguardian/lists/bannedmimetypelist && echo -n "6, "
[ -e /etc/dansguardian/lists/exceptioniplist.default ] && mv /etc/dansguardian/lists/exceptioniplist.default /etc/dansguardian/lists/exceptioniplist && echo -n "7, "
[ -e /etc/dansguardian/lists/bannedsitelist.default ] && mv /etc/dansguardian/lists/bannedsitelist.default /etc/dansguardian/lists/bannedsitelist && echo -n "8"
[ -d /var/e2guardian ] && rm -rf /var/e2guardian && echo -n "1, "
[ -e /etc/e2guardian/e2guardian.conf.default ] && mv /etc/e2guardian/e2guardian.conf.default /etc/e2guardian/e2guardian.conf && echo -n "2, "
[ -e /etc/e2guardian/lists/bannedphraselist.default ] && mv /etc/e2guardian/lists/bannedphraselist.default /etc/e2guardian/lists/bannedphraselist && echo -n "3, "
[ -e /etc/e2guardian/e2guardianf1.conf.default ] && mv /etc/e2guardian/e2guardianf1.conf.default /etc/e2guardian/e2guardianf1.conf && echo -n "4, "
[ -e /etc/e2guardian/lists/bannedextensionlist.default ] && mv /etc/e2guardian/lists/bannedextensionlist.default /etc/e2guardian/lists/bannedextensionlist && echo -n "5, "
[ -e /etc/e2guardian/lists/bannedmimetypelist.default ] && mv /etc/e2guardian/lists/bannedmimetypelist.default /etc/e2guardian/lists/bannedmimetypelist && echo -n "6, "
[ -e /etc/e2guardian/lists/exceptioniplist.default ] && mv /etc/e2guardian/lists/exceptioniplist.default /etc/e2guardian/lists/exceptioniplist && echo -n "7, "
[ -e /etc/e2guardian/lists/bannedsitelist.default ] && mv /etc/e2guardian/lists/bannedsitelist.default /etc/e2guardian/lists/bannedsitelist && echo -n "8"
}
 
antivirus ()
285,7 → 285,7
echo "----------------------------------------------------------------------------"
echo "** Uninstall/Désinstallation d'ALCASAR **"
echo "----------------------------------------------------------------------------"
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian dnsmasq sshd chilli"
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian dnsmasq sshd chilli"
/usr/local/bin/alcasar-logout.sh all # logout everybody
else
echo "--------------------------------------------------------------------------"
292,7 → 292,7
echo "** update/mise à jour d'ALCASAR **"
echo "--------------------------------------------------------------------------"
# dnsmasq & sshd should stay on to allow remote update
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian chilli"
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli"
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update
fi
 
326,7 → 326,7
/usr/bin/systemctl reload sshd
fi
echo "Reset ALCASAR main functions : "
for func in init ACC CA time_server init_db freeradius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq cron fail2ban gammu_smsd msec letsencrypt post_install
for func in init ACC CA time_server init_db freeradius chilli e2guardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq cron fail2ban gammu_smsd msec letsencrypt post_install
do
echo -en "\n- $func "
$func
/scripts/alcasar-url_filter_bl.sh
11,7 → 11,7
# Active / désactive : le filtrage des url contenant une adresse ip à la place d'un nom de domaine
# Enable / disable : filter of urls containing ip address instead of domain name
 
DIR_DG="/etc/dansguardian/lists"
DIR_DG="/etc/e2guardian/lists"
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf"
CONF_FILE="/usr/local/etc/alcasar.conf"
SED="/bin/sed -i"
85,6 → 85,6
else
$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist
fi
systemctl restart dansguardian
systemctl restart e2guardian
systemctl restart dnsmasq-blacklist
fi
/scripts/alcasar-urpmi.sh
14,7 → 14,7
# The kernel version we compile netflow for
KERNEL="kernel-server-4.14.30-3.mga6-1-1.mga6"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional"
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional"
 
rpm_repository_sync ()
{
/web/acc/about.htm
88,7 → 88,7
<TD align="center"><A HREF="javascript:ouvrir('http://firewalleyes.creabilis.com')"><img border="0" src="/images/footer_firewalleyes.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://www.netfilter.org')"><img border="0" src="/images/footer_netfilter.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://www.squid-cache.org')"><img border="0" src="/images/footer_squid.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://dansguardian.org')"><img border="0" src="/images/footer_dansguardian.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://e2guardian.org')"><img border="0" src="/images/footer_e2guardian.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://thekelleys.org.uk/dnsmasq/doc.html')"><img border="0" src="/images/footer_dnsmasq.png"></A></TD>
</TR>
</TABLE>
/web/acc/admin/bl_categories_help.php
3,7 → 3,7
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<?
$bl_dir="/etc/dansguardian/lists/blacklists/";
$bl_dir="/etc/e2guardian/lists/blacklists/";
$bl_iptables_dir="/usr/local/share/iptables-bl/";
$wl_iptables_dir="/usr/local/share/iptables-wl/";
$bl_dnsmasq_dir="/usr/local/share/dnsmasq-bl/";
/web/acc/admin/bl_filter.php
165,7 → 165,7
$l_file_state="State";
}
$dir_etc="/usr/local/etc/";
$dir_dg="/etc/dansguardian/lists/";
$dir_dg="/etc/e2guardian/lists/";
$dir_blacklist=$dir_dg."blacklists/";
$dir_bl_ip="/usr/local/share/iptables-bl/";
$dir_bl_ip_enabled="/usr/local/share/iptables-bl-enabled/";
285,7 → 285,7
break;
case 'MAJ_ossi_file_upload' :
$file_name = str_replace (".", "_",basename($_FILES['fichier_ip']['name']));
$dest_dir = $dir_blacklist."ossi-bl-".$file_name; # /etc/dansguardian/list/blacklist/ossi-bl-XXXXXXXX
$dest_dir = $dir_blacklist."ossi-bl-".$file_name; # /etc/e2guardian/list/blacklist/ossi-bl-XXXXXXXX
if((!empty($file_name)) && (!file_exists($dest_dir)))
{
exec("mkdir ".escapeshellarg($dest_dir));
309,7 → 309,7
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th>
<?php echo $l_list_version; echo date ("F d Y", filemtime ('/etc/dansguardian/lists/blacklists/README'));?>
<?php echo $l_list_version; echo date ("F d Y", filemtime ('/etc/e2guardian/lists/blacklists/README'));?>
</th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</table>
347,7 → 347,7
echo "<center>";
// total number of IP, DNS & URLs
$nbDomainNames = exec("wc -l /usr/local/share/dnsmasq-bl/* | tail -n 1 | awk '{print $1}'");
$nbUrl = exec("for file in `find /etc/dansguardian/lists/blacklists/ -name 'urls'`; do nb=$((nb+$(wc -l \$file | awk '{print $1}'))); done; echo \$nb");
$nbUrl = exec("for file in `find /etc/e2guardian/lists/blacklists/ -name 'urls'`; do nb=$((nb+$(wc -l \$file | awk '{print $1}'))); done; echo \$nb");
$nbIp = exec("wc -l /usr/local/share/iptables-bl/* | tail -n 1 | awk '{print $1}'");
echo "<b>$l_nbDomainNames</b> $nbDomainNames, <b>$l_nbUrl</b> $nbUrl, <b>$l_nbIp</b> $nbIp<br/>";
echo "$l_bl_categories</center></td></tr>";
/web/acc/admin/services.php
20,7 → 20,7
$l_service_action = "Actions";
$l_radiusd = "Serveur d'authentification et d'autorisation";
$l_chilli = "Passerelle d'interception";
$l_dansguardian = "Filtre d'URL et de contenu WEB";
$l_e2guardian = "Filtre d'URL et de contenu WEB";
$l_mysqld = "Serveur de la base des usagers";
$l_lighttpd = "Serveur WEB (Alcasar Control Center)";
$l_sshd = "Accès sécurisée distant";
57,7 → 57,7
$l_service_action = "Actions";
$l_radiusd = "Authentication and authorisation server";
$l_chilli = "Interception gateway";
$l_dansguardian = "URL and WEB content filter";
$l_e2guardian = "URL and WEB content filter";
$l_mysqld = "User database server";
$l_lighttpd = "WEB server (ALCASAR Control Center)";
$l_sshd = "Secure remote access";
136,7 → 136,7
// Actions on services
//-------------------------------
//sécurité sur les actions à réaliser
$autorizeService = ['radiusd','chilli','dansguardian','mysqld','lighttpd','sshd','freshclam','ntpd','havp','tinyproxy','dnsmasq','dnsmasq-blacklist','dnsmasq-whitelist','dnsmasq-blackhole', 'ulogd-ssh', 'ulogd-ext-access', 'ulogd-traceability','nfsen','fail2ban','vnstat'];
$autorizeService = ['radiusd','chilli','e2guardian','mysqld','lighttpd','sshd','freshclam','ntpd','havp','tinyproxy','dnsmasq','dnsmasq-blacklist','dnsmasq-whitelist','dnsmasq-blackhole', 'ulogd-ssh', 'ulogd-ext-access', 'ulogd-traceability','nfsen','fail2ban','vnstat'];
$autorizeAction = ['start','stop','restart'];
 
if (isset($_GET['service'])&&(in_array($_GET['service'], $autorizeService))) {
182,7 → 182,7
$FilterServiceStatus['dnsmasq-blacklist'] = checkServiceStatus("dnsmasq-blacklist");
$FilterServiceStatus['dnsmasq-whitelist'] = checkServiceStatus("dnsmasq-whitelist");
$FilterServiceStatus['dnsmasq-blackhole'] = checkServiceStatus("dnsmasq-blackhole");
$filterServiceStatus['dansguardian'] = checkServiceStatus("dansguardian");
$filterServiceStatus['e2guardian'] = checkServiceStatus("e2guardian");
$FilterServiceStatus['havp'] = checkServiceStatus("havp");
$FilterServiceStatus['tinyproxy'] = checkServiceStatus("tinyproxy");
$FilterServiceStatus['freshclam'] = checkServiceStatus("freshclam");
/web/acc/admin/wl_filter.php
137,7 → 137,7
$l_file_state="State";
}
$dir_etc="/usr/local/etc/";
$dir_dg="/etc/dansguardian/lists/";
$dir_dg="/etc/e2guardian/lists/";
$dir_blacklist=$dir_dg."blacklists/";
$dir_wl_ip="/usr/local/share/iptables-wl/";
$dir_wl_ip_enabled= "/usr/local/share/iptables-wl-enabled/";
/web/acc/phpsysinfo/includes/xml/portail.php
117,7 → 117,7
exec ("sudo /usr/local/bin/alcasar-watchdog.sh -lt");
// Get current version
$INSTALLEDVERSION = $conf['VERSION'];
$VERSIONBL = date ("F d Y", filemtime ('/etc/dansguardian/lists/blacklists/README'));
$VERSIONBL = date ("F d Y", filemtime ('/etc/e2guardian/lists/blacklists/README'));
$nbr_user = request ('user');
$nbr_grp = request ('group');
$nbr_user_online = exec ("sudo /usr/sbin/chilli_query list | cut -d\" \" -f5 | grep \"1\" | wc -l");
/web/index.php
462,7 → 462,7
if ((!$direct_access) && (!$network_pb) && (!isset($_GET['warn']))) {
$pattern = str_replace('www.', '', $_SERVER['HTTP_HOST']);
$output = [];
exec('grep -Re ' . escapeshellarg('^'.$pattern.'$') . " /etc/dansguardian/lists/blacklists/*/domains | cut -d'/' -f6", $output);
exec('grep -Re ' . escapeshellarg('^'.$pattern.'$') . " /etc/e2guardian/lists/blacklists/*/domains | cut -d'/' -f6", $output);
$lists = [];
foreach ($output as $line) {
$lists[] = $line;
/web/language/alcasar-fr.txt
366,7 → 366,7
$l_disable = "inactif";
$l_radiusd = "Serveur d'authentification et d'autorisation";
$l_chilli = "Passerelle d'interception";
$l_dansguardian = "Filtre d'URL et de contenu WEB";
$l_e2guardian = "Filtre d'URL et de contenu WEB";
$l_mysqld = "Serveur de la base de données usager";
$l_squid = "Serveur de cache WEB";
$l_dnsmasq = "Serveur DNS et filtre de domaine";