Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 2930 → Rev 2931

/CHANGELOG
3,6 → 3,7
********** ALCASAR CHANGELOG **********
-------------------- 3.5.3 --------------------
CHANGES
- add the favicon in status page
- add another filter when importing the blacklist to remove line beginning with a dot
- improve tcpdump filter when IoT live captures option is enable
- improve ISO file process (EFI + USB) : Thanks to Pierre RIVAULT
10,7 → 11,7
- improve "alcasar-CA.sh" script : can create server certificate for every hostname (not only alcasar.localdomain)
- kernel 5.10.14 + coova-chilli 1.6 + nfdump 1.6.22
BUGS
- Fix a display bug in ACC activity page
- Fix a display bug in ACC activity & stat page
- Add the CA chain certificates in Coova in order to allow authentication with the last versions of Chrome/Edge
- When blacklisted, display the categories even if the domain name contains a private prefix (ie mycompagny.whereby.com)
WEB
/conf/sudoers
14,23 → 14,24
 
# Cmnd alias specification
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh # network commands
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # to manage users in command line
Cmnd_Alias SQL=/usr/local/bin/alcasar-mysql.sh # to export users database
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # to create conf backup file
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # to export/save the log files
Cmnd_Alias BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter_wl.sh,/usr/local/bin/alcasar-url_filter_bl.sh # to manage the filtering system
Cmnd_Alias NF=/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # to manage the firewall
Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # to disconnect the users
Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # to manage the trusted websites (uamallowed)
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # to manage the linux services
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem
Cmnd_Alias SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh,/usr/local/bin/alcasar-ldap.sh --import-cert * # to manage the certificates
Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # to manage htdigest groups
Cmnd_Alias LOG_GEN=/usr/local/bin/alcasar-generate_log.sh # to create log PDF from ACC
Cmnd_Alias LDAP=/usr/local/bin/alcasar-ldap.sh # to enable/disable LDAP connection
Cmnd_Alias IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh # to enable/disable raw capture of Iot (pcap) --> in activity ACC page
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # manage users in command line
Cmnd_Alias SQL=/usr/local/bin/alcasar-mysql.sh # export users database
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # create conf backup file
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # export/save the log files
Cmnd_Alias BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter_wl.sh,/usr/local/bin/alcasar-url_filter_bl.sh # manage the filtering system
Cmnd_Alias NF=/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # manage the firewall
Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # disconnect the users
Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # manage the trusted websites (uamallowed)
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # manage the linux services
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # manage the SMS subsystem
Cmnd_Alias SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh,/usr/local/bin/alcasar-ldap.sh --import-cert * # manage the certificates
Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # manage htdigest groups
Cmnd_Alias LOG_GEN=/usr/local/bin/alcasar-generate_log.sh # create log PDF from ACC
Cmnd_Alias LDAP=/usr/local/bin/alcasar-ldap.sh # enable/disable LDAP connection
Cmnd_Alias IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh # enable/disable raw capture of Iot (pcap) --> in activity ACC page
Cmnd_Alias WIFI4EU=/usr/local/bin/alcasar-wifi4eu.sh # enable/disable wifi4eu integration (logo + snippet)
 
# Defaults specification
# Defaults syslog=auth
50,6 → 51,6
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
 
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN,LDAP,IOT_CAPTURE
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN,LDAP,IOT_CAPTURE,WIFI4EU
ADMIN LAN_ORG=(root) NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE,SSL
SMS LAN_ORG=(root) NOPASSWD: GAMMU
/scripts/alcasar-wifi4eu.sh
0,0 → 1,40
#!/bin/bash
 
# alcasar-wifi4eu.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# active ou désactive l'affichage du logo WIFI4EU (+ intégration de leur échantillon de code)
# enable or disable the display of WIFI4EU logo (+ integration of their snippet)
 
SED="/bin/sed -i"
CONF_FILE="/usr/local/etc/alcasar.conf"
HOSTNAME=$(grep ^HOSTNAME= $CONF_FILE | cut -d'=' -f2)
DOMAIN=$(grep ^DOMAIN= $CONF_FILE | cut -d'=' -f2)
 
usage="Usage: alcasar-wifi4eu.sh {--on | -on} | {--off | -off}"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
echo "$usage"
exit 1
fi
 
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
--off | -off)
$SED "s?^WIFI4EU=.*?WIFI4EU=off?" $CONF_FILE
;;
--on | -on)
$SED "s?^WIFI4EU=.*?WIFI4EU=on?" $CONF_FILE
;;
*)
echo "Argument inconnu : $1"
echo "$usage"
exit 1
;;
esac
Property changes:
Added: svn:eol-style
+native
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
/web/acc/admin/services.php
155,19 → 155,18
if (($action == "start")||($action == "stop")||($action == "restart")){
if ($service != "wifi4eu") { exec("sudo /usr/bin/systemctl $action ".escapeshellarg($service), $retval, $retstatus); }
if ($service == "wifi4eu"){
if ($action == "stop"){
file_put_contents(CONF_FILE, str_replace('WIFI4EU=on', 'WIFI4EU=off', file_get_contents(CONF_FILE)));
// exec("sudo /usr/local/bin/alcasar-wifi4eu.sh -off");
if ($action == "stop"){ // see POST fonction (below) to start this service
exec("sudo /usr/local/bin/alcasar-wifi4eu.sh -off");
}
}
if ($service == "sshd"){
if ($action == "start"){
exec("sudo /usr/bin/systemctl enable ".escapeshellarg($service)); // in order to keep that conf for SSH at next reboot
file_put_contents(CONF_FILE, str_replace('SSH=off', 'SSH=on', file_get_contents(CONF_FILE)));
//exec("sudo /usr/bin/systemctl enable ".escapeshellarg($service));
file_put_contents(CONF_FILE, str_replace('SSH=off', 'SSH=on', file_get_contents(CONF_FILE))); // in order to keep that conf for SSH at next reboot
exec("sudo /usr/local/bin/alcasar-iptables.sh");
}
if ($action == "stop"){
exec("sudo /usr/bin/systemctl disable ".escapeshellarg($service)); // in order to keep that conf for SSH at next reboot
//exec("sudo /usr/bin/systemctl disable ".escapeshellarg($service));
file_put_contents(CONF_FILE, str_replace('SSH=on', 'SSH=off', file_get_contents(CONF_FILE)));
exec("sudo /usr/local/bin/alcasar-iptables.sh");
}
207,9 → 206,9
// WIFI4EU
//-------------------------------
if (isset($_POST['wifi4eu'])){
file_put_contents(CONF_FILE, str_replace('WIFI4EU=off', 'WIFI4EU=on', file_get_contents(CONF_FILE)));
// file_put_contents(CONF_FILE, preg_replace('^WIFI4EU_CODE=*', 'WIFI4EU_code=$_POST[\'wifi4eu\']', file_get_contents(CONF_FILE)));
// exec("sudo /usr/local/bin/alcasar-wifi4eu.sh -on");
//file_put_contents(CONF_FILE, preg_replace('/^WIFI4EU_CODE=*/', 'WIFI4EU_CODE='.$_POST['wifi4eu'], file_get_contents(CONF_FILE)));
file_put_contents(CONF_FILE, preg_replace('/^WIFI4EU_CODE=.*/', 'WIFI4EU_CODE=REXY', file_get_contents(CONF_FILE)));
exec("sudo /usr/local/bin/alcasar-wifi4eu.sh -on");
}
//-------------------------------
// Actions on system