BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 493

  → / @ 497

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

No changes between revisions

Ignore whitespace Rev 493 → Rev 497

/alcasar.sh
875,42 → 875,45
##################################################################
param_dansguardian ()
{
DIR_DG="/etc/dansguardian"
mkdir /var/dansguardian
chown dansguardian /var/dansguardian
[ -e /etc/dansguardian/dansguardian.conf.default ] || cp /etc/dansguardian/dansguardian.conf /etc/dansguardian/dansguardian.conf.default
[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
# Le filtrage est désactivé par défaut
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" $DIR_DG/dansguardian.conf
# la page d'interception est en français
$SED "s?^language =.*?language = french?g" /etc/dansguardian/dansguardian.conf
$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
# on limite l'écoute de Dansguardian côté LAN
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
# on chaîne Dansguardian au proxy antivirus HAVP
$SED "s?^proxyport.*?proxyport = 8090?g" /etc/dansguardian/dansguardian.conf
$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf
# on remplace la page d'interception (template)
cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
# on ne loggue que les deny (pour le reste, on a squid)
$SED "s?^loglevel =.*?loglevel = 1?g" /etc/dansguardian/dansguardian.conf
$SED "s?^loglevel =.*?loglevel = 1?g" $DIR_DG/dansguardian.conf
# on désactive par défaut le controle de contenu des pages html
$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" /etc/dansguardian/dansguardian.conf
cp /etc/dansguardian/lists/bannedphraselist /etc/dansguardian/lists/bannedphraselist.default
$SED "s?^[^#]?#&?g" /etc/dansguardian/lists/bannedphraselist # (on commente ce qui ne l'est pas)
$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf
cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
# on désactive par défaut le contrôle d'URL par expressions régulières
cp /etc/dansguardian/lists/bannedregexpurllist /etc/dansguardian/lists/bannedregexpurllist.default
$SED "s?^[^#]?#&?g" /etc/dansguardian/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
# on désactive par défaut le contrôle de téléchargement de fichiers
[ -e /etc/dansguardian/dansguardianf1.conf.default ] || cp /etc/dansguardian/dansguardianf1.conf /etc/dansguardian/dansguardianf1.conf.default
$SED "s?^blockdownloads =.*?blockdownloads = off?g" /etc/dansguardian/dansguardianf1.conf
[ -e /etc/dansguardian/lists/bannedextensionlist.default ] || mv /etc/dansguardian/lists/bannedextensionlist /etc/dansguardian/lists/bannedextensionlist.default
[ -e /etc/dansguardian/lists/bannedmimetypelist.default ] || mv /etc/dansguardian/lists/bannedmimetypelist /etc/dansguardian/lists/bannedmimetypelist.default
touch /etc/dansguardian/lists/bannedextensionlist
touch /etc/dansguardian/lists/bannedmimetypelist
# on vide la liste des @IP du Lan ne subissant pas le filtrage WEB
[ -e /etc/dansguardian/lists/exceptioniplist.default ] || mv /etc/dansguardian/lists/exceptioniplist /etc/dansguardian/lists/exceptioniplist.default
touch /etc/dansguardian/lists/exceptioniplist
# on garde une copie des fichiers de configuration du filtrage d'URL et de domaine
[ -e /etc/dansguardian/lists/bannedsitelist.default ] || mv /etc/dansguardian/lists/bannedsitelist /etc/dansguardian/lists/bannedsitelist.default
[ -e /etc/dansguardian/lists/bannedurllist.default ] || mv /etc/dansguardian/lists/bannedurllist /etc/dansguardian/lists/bannedurllist.default
[ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
touch $DIR_DG/lists/bannedextensionlist
touch $DIR_DG/lists/bannedmimetypelist
# 'Safesearch' regex actualisation
$SED "s?images?search?g" /etc/
# empty LAN IP list that won't be WEB filtered
[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
touch $DIR_DG/lists/exceptioniplist
# Keep a copy of URL & domain filter configuration files
[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
} # End of param_dansguardian ()
##################################################################
961,6 → 964,7
$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
$SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
$SED "s?^DNSSERVERS=.*?PRIVATE_IP=\"$DNS1,$DNS2\"?g" $DIR_DEST_BIN/alcasar-iptables.sh
chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
# création du fichier d'exception au filtrage
touch /usr/local/etc/alcasar-filter-exceptions
1242,7 → 1246,7
done
# pour éviter les alertes de dépendance avec le service 'netfs'.
$SED "s?^# Required-Start.*?# Required-Start: \$local_fs \$network?g" /etc/init.d/mysqld
$SED "s?^# Required-Stop.*?# Required-Stop: $local_fs $network?g" /etc/init.d/mysqld
$SED "s?^# Required-Stop.*?# Required-Stop: \$local_fs \$network?g" /etc/init.d/mysqld
# On affecte le niveau de sécurité du système : type "fileserver"
$SED "s?BASE_LEVEL=.*?BASE_LEVEL=fileserver?g" /etc/security/msec/security.conf
# On supprime la vérification du mode promiscious des interfaces réseaux ( nombreuses alertes sur eth1 dûes à Tun0 )
1306,8 → 1310,8
echo "- Lisez attentivement la documentation d'exploitation"
echo
echo "- L'interface de gestion est consultable à partir de n'importe quel poste"
echo " situé sur le réseau de consultation à l'URL https://$PRIVATE_IP "
echo " ou à l'URL https://alcasar "
echo " situé sur le réseau de consultation à l'URL http://alcasar"
echo " ou à l'URL http://$PRIVATE_IP"
echo
echo " Appuyez sur 'Entrée' pour continuer"
read a

/CHANGELOG
2,6 → 2,7
************ CHANGELOG ***********
---- 2.1a ----
- intégration du filtrage 'safesearch' (filtrage des réponses des moteurs de recherche).
- installation à partir d'un mandriva 2010.2
- travail d'HAVP en mémoire plutôt que sur le disque
- distinction des fichiers de log (traçabilité - ssh - accès exterieur)

/scripts/alcasar-urpmi.sh
1,14 → 1,27
#!/bin/sh
# $Id$
# script de mise à jour de la distribution
# script de mise en place des dépots RPM
# 3abtux & rexy
# changelog :
# + Fait une mise à niveau du système actuel
# + vérifie que la version actuelle du système est compatible
# + remplace les médias puis met à jour
VERSION="2010.2"
ARCH="i586"
# For french ALCASARistes
MIRRORLIST1="http://ftp.free.fr/pub/Distributions_Linux/MandrivaLinux/official/$VERSION/$ARCH"
# For International install
MIRRORLIST2="http://api.mandriva.com/mirrors/basic.$VERSION.$ARCH.list"
MIRROR_NBR=2
rpm_repository_sync ()
{
echo ${!MIRRORLIST}
urpmi.removemedia -a
urpmi.addmedia --wget --probe-synthesis --mirrorlist ${!MIRRORLIST} main /media/main/release
urpmi.addmedia --wget --update --probe-synthesis --mirrorlist ${!MIRRORLIST} main_updates /media/main/updates
urpmi.addmedia --wget --probe-synthesis --mirrorlist ${!MIRRORLIST} contrib /media/contrib/release
urpmi.addmedia --wget --update --probe-synthesis --mirrorlist ${!MIRRORLIST} contrib_updates /media/contrib/updates
}
# extract the current Mandriva version and hardware architecture (i586 ou X64)
fic=`cat /etc/product.id`
old="$IFS"
34,30 → 47,42
fi
done
IFS="$old"
###########################
# For International install
#MIRRORLIST="http://api.mandriva.com/mirrors/basic.$VERSION.$ARCH.list"
# For french ALCASARistes
MIRRORLIST="http://ftp.free.fr/pub/Distributions_Linux/MandrivaLinux/official/$VERSION/$ARCH"
############################
urpmi.removemedia -a
urpmi.addmedia --wget --probe-synthesis --mirrorlist $MIRRORLIST main /media/main/release
urpmi.addmedia --wget --update --probe-synthesis --mirrorlist $MIRRORLIST main_updates /media/main/updates
urpmi.addmedia --wget --probe-synthesis --mirrorlist $MIRRORLIST contrib /media/contrib/release
urpmi.addmedia --wget --update --probe-synthesis --mirrorlist $MIRRORLIST contrib_updates /media/contrib/updates
nb_repository=`cat /etc/urpmi/urpmi.cfg|grep mirrorlist|wc -l`
if [ "$nb_repository" != "4" ]
then
echo
echo "Une erreur a été détectée lors de la synchronisation des dépots."
echo "Relancez l'installation ultérieurement."
echo "Si vous rencontrez à nouveau ce problème, modifier la variable MIRRORLIST du fichier 'scripts/alcasar-urpmi.sh'"
echo "An error occurs when synchronising repositories"
echo "Try an other install later."
echo "If this problem occurs again, change the MIRRORLIST variable in the file 'scripts/alcasar-urpmi.sh'"
exit 1
fi
# update testing and download RPM in cache
# Set the RPM repository
try_nb="0"; nb_repository="0"
while [ "$nb_repository" != "4" ]
do
try_nb=`expr $try_nb + 1`
MIRRORLIST="MIRRORLIST$try_nb"
rpm_repository_sync
nb_repository=`cat /etc/urpmi/urpmi.cfg|grep mirrorlist|wc -l`
if [ "$nb_repository" != "4" ]
then
echo "Une erreur a été détectée lors de la synchronisation avec le dépot N°$try_nb."
echo "An error occurs when synchronising the repositories N°$try_nb"
if [ $(expr $try_nb) -eq $MIRROR_NBR ]
then
echo
echo "Relancez l'installation ultérieurement."
echo "Si vous rencontrez à nouveau ce problème, modifier les variables MIRRORLIST[1&2] du fichier 'scripts/alcasar-urpmi.sh'"
echo "Try an other install later."
echo "If this problem occurs again, change the MIRRORLIST[1&2] variables in the file 'scripts/alcasar-urpmi.sh'"
exit 1
fi
echo "Voulez-vous tenter une synchronisation avec un autre dépôt?"
echo "Do you wan't to try a synchronisation with an other repository?"
response=0
PTN='^[oOnNyY]$'
until [[ $(expr $response : $PTN) -gt 0 ]]
do
read response
done
if [ "$response" = "n" ] || [ "$response" = "N" ]
then
exit 1
fi
fi
done
# download RPM in cache
echo "Récupération des paquetages de mise à jour. Veuillez patienter ..."
echo "Updated RPM download. Please wait ..."
echo "Il est temps d'aller prendre un café :-) "
68,10 → 93,10
echo
echo "Une erreur a été détectée lors de la récupération des paquetages."
echo "Relancez l'installation ultérieurement."
echo "Si vous rencontrez à nouveau ce problème, modifier la variable MIRRORLIST du fichier 'scripts/alcasar-urpmi.sh'"
echo "Si vous rencontrez à nouveau ce problème, modifier les variables MIRRORLIST[1&2] du fichier 'scripts/alcasar-urpmi.sh'"
echo "An error occurs when downloading"
echo "Try an other install later."
echo "If this problem occurs again, change the MIRRORLIST variable in the file 'scripts/alcasar-urpmi.sh'"
echo "If this problem occurs again, change the MIRRORLIST[1&2] variables in the file 'scripts/alcasar-urpmi.sh'"
exit 1
fi
# update with cached RPM

/scripts/sbin/alcasar-safesearch.sh
0,0 → 1,40
#/bin/sh
# $Id: alcasar-bl.sh 412 2011-01-03 21:40:09Z richard $
# enable or disable safesearch filter on DG
# active ou désactive la fonction safesearch sur DG
# By rexy
DIR_DG="/etc/dansguardian/lists"
SED="/bin/sed -i"
usage="Usage: alcasar-safesearch.sh {-on or --on} | { -off or --off }"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
nb_args=1
args="-h"
fi
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
# Safe search activation
-on | --on)
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist
service dansguardian restart
;;
# safesearch desactivation
-off | --off)
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist
service dansguardian restart
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
exit 1
;;
esac
Property changes:
Added: svn:eol-style
+native
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property

/scripts/sbin/alcasar-bl.sh
94,7 → 94,8
-on | --on)
cat_choice
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # on ne relance pas les processus d'une install
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # Enable 'safesearch'
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # on ne relance pas les processus lors d'une install
then
service dansguardian restart
service dnsmasq restart
104,6 → 105,7
-off | --off)
rm -rf $DIR_DNS_FILTER_ENABLED/*
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist # Disable 'safesearch'
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # on ne relance pas les processus lors d'une install
then
service dansguardian restart