/alcasar.sh |
---|
18,7 → 18,7 |
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal) |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares : |
# Coovachilli, freeradius, mariaDB, lighttpd, netfilter, dansguardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump |
# Coovachilli, freeradius, mariaDB, lighttpd, netfilter, e2guardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump |
# Options : |
# -i or --install |
34,7 → 34,7 |
# init_db : Initilization of radius database managed with MariaDB |
# freeradius : FreeRadius initialisation |
# chilli : coovachilli initialisation (+authentication page) |
# dansguardian : DansGuardian filtering HTTP proxy configuration |
# e2guardian : E2Guardian filtering HTTP proxy configuration |
# antivirus : HAVP + libclamav configuration |
# tinyproxy : little proxy for user filtered with "WL + antivirus" and "antivirus" |
# ulogd : log system in userland (match NFLOG target of iptables) |
41,7 → 41,7 |
# nfsen : Configuration of Nfsen Netflow grapher |
# dnsmasq : Name server configuration |
# vnstat : little network stat daemon |
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter) |
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for e2guardian and for Netfilter) |
# cron : Logs export + watchdog + connexion statistics |
# fail2ban : Fail2ban IDS installation and configuration |
# gammu_smsd : Autoregister addon via SMS (gammu-smsd) |
61,7 → 61,7 |
DIR_BLACKLIST="$DIR_INSTALL/blacklist" # install directory (with blacklist files) |
DIR_SAVE="/var/Save" # backup directory (traceability_log, user_db, security_log) |
DIR_WEB="/var/www/html" # directory of Lighttpd |
DIR_DG="/etc/dansguardian" # directory of DansGuardian |
DIR_DG="/etc/e2guardian" # directory of E2Guardian |
DIR_ACC="$DIR_WEB/acc" # directory of the 'ALCASAR Control Center' |
DIR_DEST_BIN="/usr/local/bin" # directory of ALCASAR scripts |
DIR_DEST_ETC="/usr/local/etc" # directory of ALCASAR conf files |
1225,52 → 1225,52 |
} # End of chilli () |
################################################################## |
## Function "dansguardian" ## |
## Function "e2guardian" ## |
## - Set the parameters of this HTML proxy (as controler) ## |
################################################################## |
dansguardian () |
e2guardian () |
{ |
mkdir -p /var/dansguardian /var/log/dansguardian |
chown -R dansguardian /var/dansguardian /var/log/dansguardian |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dansguardian -c /etc/dansguardian/dansguardian.conf?g" /lib/systemd/system/dansguardian.service |
$SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/dansguardian.service |
[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default |
mkdir -p /var/e2guardian /var/log/e2guardian |
chown -R e2guardian /var/e2guardian /var/log/e2guardian |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/e2guardian -c /etc/e2guardian/e2guardian.conf?g" /lib/systemd/system/e2guardian.service |
$SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/e2guardian.service |
[ -e $DIR_DG/e2guardian.conf.default ] || cp $DIR_DG/e2guardian.conf $DIR_DG/e2guardian.conf.default |
# By default the filter is off |
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/dansguardian.conf |
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/e2guardian.conf |
# French deny HTML page |
$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf |
$SED "s?^language =.*?language = french?g" $DIR_DG/e2guardian.conf |
# Listen only on LAN side |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/e2guardian.conf |
# DG send its flow to HAVP |
$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf |
$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/e2guardian.conf |
# replace the default deny HTML page |
cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/ |
cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html |
cp -f $DIR_CONF/template.html /usr/share/e2guardian/languages/ukenglish/ |
cp -f $DIR_CONF/template-fr.html /usr/share/e2guardian/languages/french/template.html |
# Don't log |
$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/dansguardian.conf |
$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/e2guardian.conf |
# # Change the default report page |
$SED "s?^accessdeniedaddress =.*?accessdeniedaddress = http://$HOSTNAME.$DOMAIN?g" $DIR_DG/dansguardian.conf |
$SED "s?^accessdeniedaddress =.*?accessdeniedaddress = http://$HOSTNAME.$DOMAIN?g" $DIR_DG/e2guardian.conf |
# Disable HTML content control |
$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf |
$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/e2guardian.conf |
cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas) |
# Disable URL control with regex |
cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas) |
# Configure Dansguardian for large site |
# Configure E2guardian for large site |
# Minimum number of processus to handle connections |
$SED "s?^minchildren =.*?minchildren = 15?g" $DIR_DG/dansguardian.conf |
$SED "s?^minchildren =.*?minchildren = 15?g" $DIR_DG/e2guardian.conf |
# Maximum number of processus to handle connections |
$SED "s?^maxchildren =.*?maxchildren = 200?g" $DIR_DG/dansguardian.conf |
$SED "s?^maxchildren =.*?maxchildren = 200?g" $DIR_DG/e2guardian.conf |
# Run at least 8 daemons |
$SED "s?^minsparechildren =.*?minsparechildren = 8?g" $DIR_DG/dansguardian.conf |
$SED "s?^minsparechildren =.*?minsparechildren = 8?g" $DIR_DG/e2guardian.conf |
# minimum number of processes to spawn |
$SED "s?^preforkchildren =.*?preforkchildren = 10?g" $DIR_DG/dansguardian.conf |
$SED "s?^preforkchildren =.*?preforkchildren = 10?g" $DIR_DG/e2guardian.conf |
# maximum age of a child process before it croaks it |
$SED "s?^maxagechildren =.*?maxagechildren = 1000?g" $DIR_DG/dansguardian.conf |
$SED "s?^maxagechildren =.*?maxagechildren = 1000?g" $DIR_DG/e2guardian.conf |
# Disable download files control |
[ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default |
$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf |
[ -e $DIR_DG/e2guardianf1.conf.default ] || cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf1.conf.default |
$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/e2guardianf1.conf |
[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default |
[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default |
touch $DIR_DG/lists/bannedextensionlist |
1283,7 → 1283,7 |
# Keep a copy of URL & domain filter configuration files |
[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default |
[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default |
} # End of dansguardian () |
} # End of e2guardian () |
################################################################## |
## Function "antivirus" ## |
1631,12 → 1631,12 |
[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default |
touch $DIR_DG/lists/exceptionsitelist |
touch $DIR_DG/lists/exceptionurllist |
# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian |
# On crée la configuration de base du filtrage de domaine et d'URL pour E2guardian |
cat <<EOF > $DIR_DG/lists/bannedurllist |
# Dansguardian filter config for ALCASAR |
# E2guardian filter config for ALCASAR |
EOF |
cat <<EOF > $DIR_DG/lists/bannedsitelist |
# Dansguardian domain filter config for ALCASAR |
# E2guardian domain filter config for ALCASAR |
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée) |
#** |
# block all SSL and CONNECT tunnels |
1667,7 → 1667,7 |
cp $DIR_BLACKLIST/$x $DIR_DG/lists/blacklists/ossi-bl-$x/domains |
echo "ossi-bl-$x" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled |
done |
chown -R dansguardian:apache $DIR_DG |
chown -R e2guardian:apache $DIR_DG |
chown -R root:apache $DIR_DEST_SHARE |
chmod -R g+rw $DIR_DG $DIR_DEST_SHARE |
# adapt the Toulouse BL to ALCASAR architecture |
1995,7 → 1995,7 |
# Log compression |
$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf |
# actualisation des fichiers logs compressés |
for dir in firewall dansguardian lighttpd |
for dir in firewall e2guardian lighttpd |
do |
find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \; |
done |
2025,7 → 2025,7 |
WantedBy=multi-user.target |
EOF |
# processes launched at boot time (Systemctl) |
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd |
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd |
do |
/usr/bin/systemctl -q enable $i.service |
done |
2241,7 → 2241,7 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3` |
mode="update" |
fi |
for func in init network ACC CA time_server init_db freeradius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install |
for func in init network ACC CA time_server init_db freeradius chilli e2guardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq BL cron fail2ban gammu_smsd msec letsencrypt post_install |
do |
$func |
if [ $DEBUG_ALCASAR == "on" ] |
/conf/template-fr.html |
---|
803,7 → 803,7 |
Contactez votre responsable informatique (RSSI/OSSI), si vous pensez que ce filtrage est abusif. |
<br><br><br><br> |
<font size=1> |
Filtré par <B>ALCASAR - DansGuardian</B> |
Filtré par <B>ALCASAR - E2Guardian</B> |
</td> |
</tr> |
</table> |
823,7 → 823,7 |
You need to remove the space between the - and the variable to use them |
in your HTML. They are there above so extra processing is not required. |
More example templates are likely to be found on the DansGuardian web site |
More example templates are likely to be found on the E2Guardian web site |
on the Extras page. |
Daniel Barron 2002-03-27 |
/conf/template.html |
---|
805,7 → 805,7 |
If you have any queries contact your ICT Co-ordinator or Network Manager. |
<br><br><br><br> |
<font size=1> |
Filtered by <B>ALCASAR - DansGuardian</B> |
Filtered by <B>ALCASAR - E2Guardian</B> |
</td> |
</tr> |
</table> |
823,7 → 823,7 |
You need to remove the space between the - and the variable to use them |
in your HTML. They are there above so extra processing is not required. |
More example templates are likely to be found on the DansGuardian web site |
More example templates are likely to be found on the E2Guardian web site |
on the Extras page. |
Daniel Barron 2002-03-27 |
/scripts/alcasar-activity_report.sh |
---|
156,7 → 156,7 |
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ] |
then |
VALUE=$(cat /etc/dansguardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6) |
VALUE=$(cat /etc/e2guardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6) |
echo ${LINE_HTML/XXMAJBLXX/$VALUE} >> $HTML_REPORT |
elif [ $(echo $LINE_HTML | grep 'XXRPMXX' | wc -l) -eq 1 ] |
165,7 → 165,7 |
#get timestamp of X day ago. Then we get every packets chich have been updated since this date. |
if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ] |
then |
PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget' |
PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|e2guardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget' |
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR |
do |
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1) |
/scripts/alcasar-bl.sh |
---|
6,8 → 6,8 |
# by Franck BOUIJOUX and Richard REY |
# This script is distributed under the Gnu General Public License (GPL) |
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian) |
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian) |
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via E2guardian) |
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (E2guardian) |
DIR_CONF="/usr/local/etc" |
CONF_FILE="$DIR_CONF/alcasar.conf" |
18,7 → 18,7 |
DIR_WL_tmp="/tmp/whitelists" |
FILE_tmp="/tmp/filesfilter.txt" |
FILE_ip_tmp="/tmp/filesipfilter.txt" |
DIR_DG="/etc/dansguardian/lists" |
DIR_DG="/etc/e2guardian/lists" |
DIR_DG_BL="$DIR_DG/blacklists" |
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories |
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" # ' ' WL categories |
65,7 → 65,7 |
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` |
do |
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES |
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES |
ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE |
ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE |
# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # Blacklisted domains are managed by dnsmasq |
82,7 → 82,7 |
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED` |
do |
$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES |
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES |
ln -sf $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE |
done |
sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp |
154,7 → 154,7 |
rm -rf $DIR_DG_BL $DIR_IP_BL |
mkdir $DIR_DG_BL $DIR_IP_BL |
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/ |
chown -R dansguardian:apache $DIR_DG |
chown -R e2guardian:apache $DIR_DG |
chmod -R 770 $DIR_DG |
# Add the two local categories (ossi-bl & ossi-wl) to the usage file |
# Add the custom categories (ossi-tor_nodes) to the usage file |
238,7 → 238,7 |
if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist |
then |
touch $PATH_FILE/urls |
chown dansguardian:apache $PATH_FILE/urls |
chown e2guardian:apache $PATH_FILE/urls |
fi |
cp $PATH_FILE/domains $FILE_tmp |
clean_split # clean ossi custom files & split them for dnsmasq and for iptables |
294,7 → 294,7 |
done |
/usr/bin/systemctl restart dnsmasq-whitelist |
/usr/bin/systemctl restart dnsmasq-blacklist |
/usr/bin/systemctl restart dansguardian |
/usr/bin/systemctl restart e2guardian |
/usr/local/bin/alcasar-iptables.sh |
else |
echo -n "/usr/local/etc/update_cat.conf is empty ..." |
350,7 → 350,7 |
if [ $enabled == "1" ] |
then |
$SED "/\/$ossi_categorie$/d" $WL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $WL_CATEGORIES |
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ossi_categorie" $WL_CATEGORIES |
ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie |
ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie |
fi |
363,7 → 363,7 |
if [ $enabled == "1" ] |
then |
$SED "/\/$ossi_categorie$/d" $BL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $BL_CATEGORIES |
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ossi_categorie" $BL_CATEGORIES |
ln -sf $DIR_DNS_BL/$ossi_categorie.conf $DIR_DNS_BL_ENABLED/$ossi_categorie |
ln -sf $DIR_IP_BL/$ossi_categorie $DIR_IP_BL_ENABLED/$ossi_categorie |
fi |
/scripts/alcasar-conf.sh |
---|
21,7 → 21,7 |
DIR_BIN="/usr/local/bin" # scripts directory |
DIR_ETC="/usr/local/etc" # conf directory |
DIR_SHARE="/usr/local/share" # data directory |
DIR_BLACKLIST="/etc/dansguardian/lists/blacklists" # Toulouse BL directory |
DIR_BLACKLIST="/etc/e2guardian/lists/blacklists" # Toulouse BL directory |
CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
87,12 → 87,12 |
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE |
# backup BL/WL custom files |
mkdir $DIR_UPDATE/custom_bl |
cp -f /etc/dansguardian/lists/exceptioniplist $DIR_UPDATE/custom_bl/ |
cp -f /etc/dansguardian/lists/urlregexplist $DIR_UPDATE/custom_bl/ |
cp -f /etc/dansguardian/lists/exceptionsitelist $DIR_UPDATE/custom_bl/ |
cp -f /etc/dansguardian/lists/bannedsitelist $DIR_UPDATE/custom_bl/ |
cp -f /etc/dansguardian/lists/exceptionurllist $DIR_UPDATE/custom_bl/ |
cp -f /etc/dansguardian/lists/bannedurllist $DIR_UPDATE/custom_bl/ |
cp -f /etc/e2guardian/lists/exceptioniplist $DIR_UPDATE/custom_bl/ |
cp -f /etc/e2guardian/lists/urlregexplist $DIR_UPDATE/custom_bl/ |
cp -f /etc/e2guardian/lists/exceptionsitelist $DIR_UPDATE/custom_bl/ |
cp -f /etc/e2guardian/lists/bannedsitelist $DIR_UPDATE/custom_bl/ |
cp -f /etc/e2guardian/lists/exceptionurllist $DIR_UPDATE/custom_bl/ |
cp -f /etc/e2guardian/lists/bannedurllist $DIR_UPDATE/custom_bl/ |
cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null |
# backup of different conf files (main conf file, filtering, digest, etc) |
mkdir $DIR_UPDATE/etc/ |
134,15 → 134,15 |
# Retrieve local parameters |
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/ |
# Retrieve BL/WL custom files |
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/dansguardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/dansguardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/dansguardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/bannedsitelist /etc/dansguardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/exceptionurllist /etc/dansguardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/bannedurllist /etc/dansguardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/e2guardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/bannedsitelist /etc/e2guardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/exceptionurllist /etc/e2guardian/lists/ |
cp -f $DIR_UPDATE/custom_bl/bannedurllist /etc/e2guardian/lists/ |
cp -rf $DIR_UPDATE/custom_bl/ossi-* $DIR_BLACKLIST/ 2>/dev/null |
chown -R dansguardian:apache /etc/dansguardian/lists |
chmod -R g+rw /etc/dansguardian/lists |
chown -R e2guardian:apache /etc/e2guardian/lists |
chmod -R g+rw /etc/e2guardian/lists |
# Adapt DNS/URL filtering |
PARENT_SCRIPT=`basename $0` |
export PARENT_SCRIPT |
360,7 → 360,7 |
# tinyproxy |
$SED "s?^Listen.*?Listen $PRIVATE_IP?g" /etc/tinyproxy/tinyproxy.conf |
# DG + BL |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/e2guardian/e2guardian.conf |
# Watchdog |
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh |
# Prompts |
/scripts/alcasar-daemon.sh |
---|
10,7 → 10,7 |
conf_file="/usr/local/etc/alcasar.conf" |
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off) |
SSH=${SSH:=off} |
SERVICES="mysqld lighttpd ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat" |
SERVICES="mysqld lighttpd ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat" |
nb_available_srv=`echo $SERVICES|wc -w` |
function ServiceTest () { |
/scripts/alcasar-iptables.sh |
---|
42,7 → 42,7 |
SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2` |
SSH_ADMIN_FROM=${SSH_ADMIN_FROM:="0.0.0.0/0.0.0.0"} # WAN IP address to reduce ssh access (all ip allowed on LAN side) |
IPTABLES="/sbin/iptables" |
IP_REHABILITEES="/etc/dansguardian/lists/exceptioniplist" # Rehabilitated IP |
IP_REHABILITEES="/etc/e2guardian/lists/exceptioniplist" # Rehabilitated IP |
SITE_DIRECT="/usr/local/etc/alcasar-site-direct" # Site Direct (no havp and no filtrage) for user BL |
# Sauvegarde des SET des utilisateurs connectés si ils existent |
159,8 → 159,8 |
# Mark packets that attempt to directly access a server without authentication with proxy client to reject them in INPUT rules |
#$IPTABLES -A PREROUTING -t mangle -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp -m tcp --dport 80 -m string --string 'GET http' --algo bm --from 50 --to 70 -j MARK --set-mark 10 |
# Marquage (et journalisation) des paquets qui tentent d'accéder directement au 8080 (DansGuardian) pour pouvoir les rejeter en INPUT |
# Mark (and log) the direct attempts to TCP port 8090 (dansguardian) in order to REJECT them in INPUT rules |
# Marquage (et journalisation) des paquets qui tentent d'accéder directement au 8080 (E2Guardian) pour pouvoir les rejeter en INPUT |
# Mark (and log) the direct attempts to TCP port 8090 (e2guardian) in order to REJECT them in INPUT rules |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -p tcp -d $PRIVATE_IP -m tcp --dport 8080 -j NFLOG --nflog-group 1 --nflog-prefix "RULE direct-proxy -- DENY " |
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -d $PRIVATE_IP -p tcp -m tcp --dport 8080 -j MARK --set-mark 1 |
211,8 → 211,8 |
# Redirect HTTP of 'havp_wl' users who want IP not in the WL to ALCASAR ('access denied' page) |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_wl src -m set ! --match-set wl_ip_allowed dst -p tcp --dport http -j REDIRECT --to-port 80 |
# Redirection des requêtes HTTP sortantes des usagers 'havp_bl' vers DansGuardian |
# Redirect outbound HTTP requests of "BL" users to DansGuardian (transparent proxy) |
# Redirection des requêtes HTTP sortantes des usagers 'havp_bl' vers E2Guardian |
# Redirect outbound HTTP requests of "BL" users to E2Guardian (transparent proxy) |
# $IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl src -m set ! --match-set site_direct dst ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080 |
# Redirection des requêtes HTTP sortantes des usager 'havp_wl' et 'havp' vers Tinyproxy |
257,12 → 257,12 |
# Conntrack on INPUT |
$IPTABLES -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT |
# On interdit les connexions directes au port utilisé par DansGuardian (8080). Les packets concernés ont été marqués et loggués dans la table mangle (PREROUTING) |
# Deny direct connections on DansGuardian port (8080). The concerned paquets have been marked and logged in mangle table (PREROUTING) |
# On interdit les connexions directes au port utilisé par E2Guardian (8080). Les packets concernés ont été marqués et loggués dans la table mangle (PREROUTING) |
# Deny direct connections on E2Guardian port (8080). The concerned paquets have been marked and logged in mangle table (PREROUTING) |
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport 8080 -m mark --mark 1 -j REJECT --reject-with tcp-reset |
# Autorisation des connexions légitimes à DansGuardian |
# Allow connections for DansGuardian |
# Autorisation des connexions légitimes à E2Guardian |
# Allow connections for E2Guardian |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8080 -m conntrack --ctstate NEW --syn -j ACCEPT |
# On interdit les connexions directes au port utilisé par tinyproxy (8090). Les packets concernés ont été marqués et loggués dans la table mangle (PREROUTING) |
452,8 → 452,8 |
# Allow DNS requests to identified DNS servers |
$IPTABLES -A OUTPUT -o $EXTIF -d $DNSSERVERS -p udp --dport domain -m conntrack --ctstate NEW -j ACCEPT |
# On autorise les requêtes HTTP avec log Netflow (en provenance de Dansguardian) |
# HTTPS requests are allowed with netflow log (from Dansguardian) |
# On autorise les requêtes HTTP avec log Netflow (en provenance de E2guardian) |
# HTTPS requests are allowed with netflow log (from E2guardian) |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT |
/scripts/alcasar-rpm-download.sh |
---|
13,7 → 13,7 |
# The kernel version we compile netflow for |
KERNEL="kernel-server-4.14.20-1.mga6-1-1.mga6" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional" |
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional" |
rpm_repository_sync () |
{ |
/scripts/alcasar-uninstall.sh |
---|
101,17 → 101,17 |
[ -e /lib/systemd/system/chilli.service ] && rm /lib/systemd/system/chilli.service && echo -n "4" |
} |
dansguardian () |
e2guardian () |
{ |
echo -en "(8) : " |
[ -d /var/dansguardian ] && rm -rf /var/dansguardian && echo -n "1, " |
[ -e /etc/dansguardian/dansguardian.conf.default ] && mv /etc/dansguardian/dansguardian.conf.default /etc/dansguardian/dansguardian.conf && echo -n "2, " |
[ -e /etc/dansguardian/lists/bannedphraselist.default ] && mv /etc/dansguardian/lists/bannedphraselist.default /etc/dansguardian/lists/bannedphraselist && echo -n "3, " |
[ -e /etc/dansguardian/dansguardianf1.conf.default ] && mv /etc/dansguardian/dansguardianf1.conf.default /etc/dansguardian/dansguardianf1.conf && echo -n "4, " |
[ -e /etc/dansguardian/lists/bannedextensionlist.default ] && mv /etc/dansguardian/lists/bannedextensionlist.default /etc/dansguardian/lists/bannedextensionlist && echo -n "5, " |
[ -e /etc/dansguardian/lists/bannedmimetypelist.default ] && mv /etc/dansguardian/lists/bannedmimetypelist.default /etc/dansguardian/lists/bannedmimetypelist && echo -n "6, " |
[ -e /etc/dansguardian/lists/exceptioniplist.default ] && mv /etc/dansguardian/lists/exceptioniplist.default /etc/dansguardian/lists/exceptioniplist && echo -n "7, " |
[ -e /etc/dansguardian/lists/bannedsitelist.default ] && mv /etc/dansguardian/lists/bannedsitelist.default /etc/dansguardian/lists/bannedsitelist && echo -n "8" |
[ -d /var/e2guardian ] && rm -rf /var/e2guardian && echo -n "1, " |
[ -e /etc/e2guardian/e2guardian.conf.default ] && mv /etc/e2guardian/e2guardian.conf.default /etc/e2guardian/e2guardian.conf && echo -n "2, " |
[ -e /etc/e2guardian/lists/bannedphraselist.default ] && mv /etc/e2guardian/lists/bannedphraselist.default /etc/e2guardian/lists/bannedphraselist && echo -n "3, " |
[ -e /etc/e2guardian/e2guardianf1.conf.default ] && mv /etc/e2guardian/e2guardianf1.conf.default /etc/e2guardian/e2guardianf1.conf && echo -n "4, " |
[ -e /etc/e2guardian/lists/bannedextensionlist.default ] && mv /etc/e2guardian/lists/bannedextensionlist.default /etc/e2guardian/lists/bannedextensionlist && echo -n "5, " |
[ -e /etc/e2guardian/lists/bannedmimetypelist.default ] && mv /etc/e2guardian/lists/bannedmimetypelist.default /etc/e2guardian/lists/bannedmimetypelist && echo -n "6, " |
[ -e /etc/e2guardian/lists/exceptioniplist.default ] && mv /etc/e2guardian/lists/exceptioniplist.default /etc/e2guardian/lists/exceptioniplist && echo -n "7, " |
[ -e /etc/e2guardian/lists/bannedsitelist.default ] && mv /etc/e2guardian/lists/bannedsitelist.default /etc/e2guardian/lists/bannedsitelist && echo -n "8" |
} |
antivirus () |
285,7 → 285,7 |
echo "----------------------------------------------------------------------------" |
echo "** Uninstall/Désinstallation d'ALCASAR **" |
echo "----------------------------------------------------------------------------" |
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian dnsmasq sshd chilli" |
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian dnsmasq sshd chilli" |
/usr/local/bin/alcasar-logout.sh all # logout everybody |
else |
echo "--------------------------------------------------------------------------" |
292,7 → 292,7 |
echo "** update/mise à jour d'ALCASAR **" |
echo "--------------------------------------------------------------------------" |
# dnsmasq & sshd should stay on to allow remote update |
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian chilli" |
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update |
fi |
326,7 → 326,7 |
/usr/bin/systemctl reload sshd |
fi |
echo "Reset ALCASAR main functions : " |
for func in init ACC CA time_server init_db freeradius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq cron fail2ban gammu_smsd msec letsencrypt post_install |
for func in init ACC CA time_server init_db freeradius chilli e2guardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq cron fail2ban gammu_smsd msec letsencrypt post_install |
do |
echo -en "\n- $func " |
$func |
/scripts/alcasar-url_filter_bl.sh |
---|
11,7 → 11,7 |
# Active / désactive : le filtrage des url contenant une adresse ip à la place d'un nom de domaine |
# Enable / disable : filter of urls containing ip address instead of domain name |
DIR_DG="/etc/dansguardian/lists" |
DIR_DG="/etc/e2guardian/lists" |
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf" |
CONF_FILE="/usr/local/etc/alcasar.conf" |
SED="/bin/sed -i" |
85,6 → 85,6 |
else |
$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist |
fi |
systemctl restart dansguardian |
systemctl restart e2guardian |
systemctl restart dnsmasq-blacklist |
fi |
/scripts/alcasar-urpmi.sh |
---|
14,7 → 14,7 |
# The kernel version we compile netflow for |
KERNEL="kernel-server-4.14.30-3.mga6-1-1.mga6" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional" |
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional" |
rpm_repository_sync () |
{ |
/web/acc/about.htm |
---|
88,7 → 88,7 |
<TD align="center"><A HREF="javascript:ouvrir('http://firewalleyes.creabilis.com')"><img border="0" src="/images/footer_firewalleyes.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.netfilter.org')"><img border="0" src="/images/footer_netfilter.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.squid-cache.org')"><img border="0" src="/images/footer_squid.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://dansguardian.org')"><img border="0" src="/images/footer_dansguardian.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://e2guardian.org')"><img border="0" src="/images/footer_e2guardian.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://thekelleys.org.uk/dnsmasq/doc.html')"><img border="0" src="/images/footer_dnsmasq.png"></A></TD> |
</TR> |
</TABLE> |
/web/acc/admin/bl_categories_help.php |
---|
3,7 → 3,7 |
<HEAD> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
<? |
$bl_dir="/etc/dansguardian/lists/blacklists/"; |
$bl_dir="/etc/e2guardian/lists/blacklists/"; |
$bl_iptables_dir="/usr/local/share/iptables-bl/"; |
$wl_iptables_dir="/usr/local/share/iptables-wl/"; |
$bl_dnsmasq_dir="/usr/local/share/dnsmasq-bl/"; |
/web/acc/admin/bl_filter.php |
---|
165,7 → 165,7 |
$l_file_state="State"; |
} |
$dir_etc="/usr/local/etc/"; |
$dir_dg="/etc/dansguardian/lists/"; |
$dir_dg="/etc/e2guardian/lists/"; |
$dir_blacklist=$dir_dg."blacklists/"; |
$dir_bl_ip="/usr/local/share/iptables-bl/"; |
$dir_bl_ip_enabled="/usr/local/share/iptables-bl-enabled/"; |
285,7 → 285,7 |
break; |
case 'MAJ_ossi_file_upload' : |
$file_name = str_replace (".", "_",basename($_FILES['fichier_ip']['name'])); |
$dest_dir = $dir_blacklist."ossi-bl-".$file_name; # /etc/dansguardian/list/blacklist/ossi-bl-XXXXXXXX |
$dest_dir = $dir_blacklist."ossi-bl-".$file_name; # /etc/e2guardian/list/blacklist/ossi-bl-XXXXXXXX |
if((!empty($file_name)) && (!file_exists($dest_dir))) |
{ |
exec("mkdir ".escapeshellarg($dest_dir)); |
309,7 → 309,7 |
?> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th> |
<?php echo $l_list_version; echo date ("F d Y", filemtime ('/etc/dansguardian/lists/blacklists/README'));?> |
<?php echo $l_list_version; echo date ("F d Y", filemtime ('/etc/e2guardian/lists/blacklists/README'));?> |
</th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
347,7 → 347,7 |
echo "<center>"; |
// total number of IP, DNS & URLs |
$nbDomainNames = exec("wc -l /usr/local/share/dnsmasq-bl/* | tail -n 1 | awk '{print $1}'"); |
$nbUrl = exec("for file in `find /etc/dansguardian/lists/blacklists/ -name 'urls'`; do nb=$((nb+$(wc -l \$file | awk '{print $1}'))); done; echo \$nb"); |
$nbUrl = exec("for file in `find /etc/e2guardian/lists/blacklists/ -name 'urls'`; do nb=$((nb+$(wc -l \$file | awk '{print $1}'))); done; echo \$nb"); |
$nbIp = exec("wc -l /usr/local/share/iptables-bl/* | tail -n 1 | awk '{print $1}'"); |
echo "<b>$l_nbDomainNames</b> $nbDomainNames, <b>$l_nbUrl</b> $nbUrl, <b>$l_nbIp</b> $nbIp<br/>"; |
echo "$l_bl_categories</center></td></tr>"; |
/web/acc/admin/services.php |
---|
20,7 → 20,7 |
$l_service_action = "Actions"; |
$l_radiusd = "Serveur d'authentification et d'autorisation"; |
$l_chilli = "Passerelle d'interception"; |
$l_dansguardian = "Filtre d'URL et de contenu WEB"; |
$l_e2guardian = "Filtre d'URL et de contenu WEB"; |
$l_mysqld = "Serveur de la base des usagers"; |
$l_lighttpd = "Serveur WEB (Alcasar Control Center)"; |
$l_sshd = "Accès sécurisée distant"; |
57,7 → 57,7 |
$l_service_action = "Actions"; |
$l_radiusd = "Authentication and authorisation server"; |
$l_chilli = "Interception gateway"; |
$l_dansguardian = "URL and WEB content filter"; |
$l_e2guardian = "URL and WEB content filter"; |
$l_mysqld = "User database server"; |
$l_lighttpd = "WEB server (ALCASAR Control Center)"; |
$l_sshd = "Secure remote access"; |
136,7 → 136,7 |
// Actions on services |
//------------------------------- |
//sécurité sur les actions à réaliser |
$autorizeService = ['radiusd','chilli','dansguardian','mysqld','lighttpd','sshd','freshclam','ntpd','havp','tinyproxy','dnsmasq','dnsmasq-blacklist','dnsmasq-whitelist','dnsmasq-blackhole', 'ulogd-ssh', 'ulogd-ext-access', 'ulogd-traceability','nfsen','fail2ban','vnstat']; |
$autorizeService = ['radiusd','chilli','e2guardian','mysqld','lighttpd','sshd','freshclam','ntpd','havp','tinyproxy','dnsmasq','dnsmasq-blacklist','dnsmasq-whitelist','dnsmasq-blackhole', 'ulogd-ssh', 'ulogd-ext-access', 'ulogd-traceability','nfsen','fail2ban','vnstat']; |
$autorizeAction = ['start','stop','restart']; |
if (isset($_GET['service'])&&(in_array($_GET['service'], $autorizeService))) { |
182,7 → 182,7 |
$FilterServiceStatus['dnsmasq-blacklist'] = checkServiceStatus("dnsmasq-blacklist"); |
$FilterServiceStatus['dnsmasq-whitelist'] = checkServiceStatus("dnsmasq-whitelist"); |
$FilterServiceStatus['dnsmasq-blackhole'] = checkServiceStatus("dnsmasq-blackhole"); |
$filterServiceStatus['dansguardian'] = checkServiceStatus("dansguardian"); |
$filterServiceStatus['e2guardian'] = checkServiceStatus("e2guardian"); |
$FilterServiceStatus['havp'] = checkServiceStatus("havp"); |
$FilterServiceStatus['tinyproxy'] = checkServiceStatus("tinyproxy"); |
$FilterServiceStatus['freshclam'] = checkServiceStatus("freshclam"); |
/web/acc/admin/wl_filter.php |
---|
137,7 → 137,7 |
$l_file_state="State"; |
} |
$dir_etc="/usr/local/etc/"; |
$dir_dg="/etc/dansguardian/lists/"; |
$dir_dg="/etc/e2guardian/lists/"; |
$dir_blacklist=$dir_dg."blacklists/"; |
$dir_wl_ip="/usr/local/share/iptables-wl/"; |
$dir_wl_ip_enabled= "/usr/local/share/iptables-wl-enabled/"; |
/web/acc/phpsysinfo/includes/xml/portail.php |
---|
117,7 → 117,7 |
exec ("sudo /usr/local/bin/alcasar-watchdog.sh -lt"); |
// Get current version |
$INSTALLEDVERSION = $conf['VERSION']; |
$VERSIONBL = date ("F d Y", filemtime ('/etc/dansguardian/lists/blacklists/README')); |
$VERSIONBL = date ("F d Y", filemtime ('/etc/e2guardian/lists/blacklists/README')); |
$nbr_user = request ('user'); |
$nbr_grp = request ('group'); |
$nbr_user_online = exec ("sudo /usr/sbin/chilli_query list | cut -d\" \" -f5 | grep \"1\" | wc -l"); |
/web/index.php |
---|
462,7 → 462,7 |
if ((!$direct_access) && (!$network_pb) && (!isset($_GET['warn']))) { |
$pattern = str_replace('www.', '', $_SERVER['HTTP_HOST']); |
$output = []; |
exec('grep -Re ' . escapeshellarg('^'.$pattern.'$') . " /etc/dansguardian/lists/blacklists/*/domains | cut -d'/' -f6", $output); |
exec('grep -Re ' . escapeshellarg('^'.$pattern.'$') . " /etc/e2guardian/lists/blacklists/*/domains | cut -d'/' -f6", $output); |
$lists = []; |
foreach ($output as $line) { |
$lists[] = $line; |
/web/language/alcasar-fr.txt |
---|
366,7 → 366,7 |
$l_disable = "inactif"; |
$l_radiusd = "Serveur d'authentification et d'autorisation"; |
$l_chilli = "Passerelle d'interception"; |
$l_dansguardian = "Filtre d'URL et de contenu WEB"; |
$l_e2guardian = "Filtre d'URL et de contenu WEB"; |
$l_mysqld = "Serveur de la base de données usager"; |
$l_squid = "Serveur de cache WEB"; |
$l_dnsmasq = "Serveur DNS et filtre de domaine"; |