BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /alcasar.sh/ @ 3192

  → /alcasar.sh/ @ 3193

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 3192 → Rev 3193

/alcasar.sh/alcasar.sh
909,8 → 909,6
[ -e $DIR_SAVE/security/acc_access.log ] || touch $DIR_SAVE/security/acc_access.log
chown root:apache $DIR_SAVE/security/acc_access.log
chmod 664 $DIR_SAVE/security/acc_access.log
# Copy IEEE-MAC-manuf list (origin from sanitized nmac file : see linuxnet.ca)
cp $DIR_CONF/nmap-mac-prefixes /usr/local/share/
} # End of ACC()
#############################################################
921,11 → 919,12
{
[ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default
$SED "s?^pool.*?pool fr.pool.ntp.org iburst?g" /etc/ntp.conf
$SED '$ainterface ignore wildcard' /etc/ntp.conf
$SED '$ainterface listen lo' /etc/ntp.conf
$SED '$ainterface listen $INTIF' /etc/ntp.conf
echo "interface ignore wildcard" >> /etc/ntp.conf
echo "interface listen lo" >> /etc/ntp.conf
echo "interface listen $INTIF" >> /etc/ntp.conf
# Synchronize now
ntpdate fr.pool.ntp.org &
sleep 2 # wait for time server responce
} # End of time_server()
#####################################################################
1270,7 → 1269,7
################################################################
## "e2guardian" ##
## - Set the parameters of this HTML proxy (as controler) ##
## - Set the parameters of this HTTP proxy (as controler) ##
################################################################
e2guardian()
{
1284,15 → 1283,18
[ -e $DIR_DG/e2guardian.conf.default ] || cp $DIR_DG/e2guardian.conf $DIR_DG/e2guardian.conf.default
# French deny HTML page
$SED "s?^language =.*?language = 'french'?g" $DIR_DG/e2guardian.conf
# +++ listen & loop prevention on loopback
$SED "s?^#checkip = 127.0.0.1.*?checkip = 127.0.0.1?g" $DIR_DG/e2guardian.conf
# 2 filtergroups (8080 & 8090)
$SED "s?^filtergroups =.*?filtergroups = 2?g" $DIR_DG/e2guardian.conf
# Listen on 8080 (HTTP for BL users) only on LAN side
$SED "s?^filterip =.*?filterip = $PRIVATE_IP?g" $DIR_DG/e2guardian.conf
$SED "s?^filterports =.*?filterports = 8080?g" $DIR_DG/e2guardian.conf
# Listen on 8090 (HTTP for WL/AV users) only on LAN side
$SED "/^filterip = $PRIVATE_IP/a filterip = $PRIVATE_IP" $DIR_DG/e2guardian.conf
$SED "/^filterports = 8080/a filterports = 8090" $DIR_DG/e2guardian.conf
# E2guardian doesn't listen transparently on 8443 (HTTPS) (only in future version)
$SED "s?^#filtergroups =.*?filtergroups = 2?g" $DIR_DG/e2guardian.conf
# Listen on LAN only
$SED "s?^#filterip =.*?filterip = $PRIVATE_IP?g" $DIR_DG/e2guardian.conf
# Listen on 8080 (group1 : BL users on HTTP)
$SED "s?^#filterports = 8080.*?filterports = 8080?g" $DIR_DG/e2guardian.conf
# Listen on 8081 (group2 : previously AV users --> to be redefine)
# $SED "/^filterip = $PRIVATE_IP/a filterip = $PRIVATE_IP" $DIR_DG/e2guardian.conf
$SED "s?^#filterports = 8081.*?filterports = 8081?g" $DIR_DG/e2guardian.conf
# for now we don't listen transparently on 8443 (HTTPS) (only in future version)
$SED "s?^transparenthttpsport =.*?#transparenthttpsport = 8443?g" $DIR_DG/e2guardian.conf
# Don't log
$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/e2guardian.conf
1301,15 → 1303,10
# Enable authport plugin
$SED "s?^#authplugin = '/etc/e2guardian/authplugins/port.conf'?authplugin = '/etc/e2guardian/authplugins/port.conf'?g" $DIR_DG/e2guardian.conf
$SED "s?^#mapauthtoports =.*?mapauthtoports = off?g" $DIR_DG/e2guardian.conf
# Set Max RAM cache to 10Mb
$SED "s?^maxcontentramcachescansize =.*?maxcontentramcachescansize = 10240?g" $DIR_DG/e2guardian.conf
# Set Max file size cache to 20Mb
$SED "s?^maxcontentfilecachescansize =.*?maxcontentfilecachescansize = 20480?g" $DIR_DG/e2guardian.conf
# Adapt the first group conf file
[ -e $DIR_DG/e2guardianf1.conf.default ] || cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf1.conf.default
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/e2guardianf1.conf
$SED "s/^groupname =.*/groupname = 'blacklisted users'/g" $DIR_DG/e2guardianf1.conf
$SED "s/^#htmltemplate =.*/htmltemplate = 'alcasar-e2g.html'/g" $DIR_DG/e2guardianf1.conf
# !!! Set Max RAM cache to 10Mb (for antimalware/EDR)
#$SED "s?^maxcontentramcachescansize =.*?maxcontentramcachescansize = 10240?g" $DIR_DG/e2guardian.conf
# !!! Set Max file size cache to 20Mb (for antimalware/EDR)
#$SED "s?^maxcontentfilecachescansize =.*?maxcontentfilecachescansize = 20480?g" $DIR_DG/e2guardian.conf
# copy & adapt HTML templates
cp $DIR_CONF/alcasar-e2g-fr.html /usr/share/e2guardian/languages/french/alcasar-e2g.html
1317,29 → 1314,26
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/french/alcasar-e2g.html
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html
###### ALCASAR special filtering ####
###### ALCASAR filtering for group1 (blacklisted_users) ####
# Adapt group1 conf file
[ -e $DIR_DG/e2guardianf1.conf.default ] || cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf1.conf.default
$SED "s/^#reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/e2guardianf1.conf
$SED "s/^#groupname =.*/groupname = 'blacklisted_users'/g" $DIR_DG/e2guardianf1.conf
$SED "s/^#htmltemplate =.*/htmltemplate = 'alcasar-e2g.html'/g" $DIR_DG/e2guardianf1.conf
$SED "s/^.Define LISTDIR.*/.Define LISTDIR <$DIR_DG/lists/group1/g" $DIR_DG/e2guardianf1.conf
DIR_GROUP1="$DIR_DG/lists/group1"
cp -r $DIR_DG/lists/example.group $DIR_GROUP1
chown -R e2guardian:root $DIR_GROUP1
# RAZ bannedphraselist
cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (comment what is not)
$SED "s?^[^#]?#&?g" $DIR_GROUP1/bannedphraselist # (comment what is not)
# Disable URL control with regex
cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (comment what is not)
# Replace the default deny HTML page (only fr & uk) --> !!! search why our pages make the server crash...
# [ -e /usr/share/e2guardian/languages/french/template.html.default ] || mv /usr/share/e2guardian/languages/french/template.html /usr/share/e2guardian/languages/french/template.html.default
# cp -f $DIR_CONF/template-fr.html /usr/share/e2guardian/languages/french/template.html
# [ -e /usr/share/e2guardian/languages/ukenglish/template.html.default ] || mv /usr/share/e2guardian/languages/ukenglish/template.html /usr/share/e2guardian/languages/ukenglish/template.html.default
# cp -f $DIR_CONF/template.html /usr/share/e2guardian/languages/ukenglish/template.html
$SED "s?^[^#]?#&?g" $DIR_GROUP1/bannedregexpurllist # (comment what is not)
# Dont filtering files by extension or mime-type (empty list)
[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
touch $DIR_DG/lists/bannedextensionlist
[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
touch $DIR_DG/lists/bannedmimetypelist
# Empty LAN IP list that won't be WEB filtered
[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
touch $DIR_DG/lists/exceptioniplist
> $DIR_GROUP1/bannedextensionlist
> $DIR_GROUP1/bannedmimetypelist
# Creation of ALCASAR banned site list
[ -e $DIR_DG/lists/greysitelist.default ] || mv $DIR_DG/lists/greysitelist $DIR_DG/lists/greysitelist.default
cat <<EOF > $DIR_DG/lists/greysitelist
[ -e $DIR_GROUP1/greysitelist.default ] || mv $DIR_GROUP1/greysitelist $DIR_GROUP1/greysitelist.default
cat <<EOF > $DIR_GROUP1/greysitelist
# E2guardian filter config for ALCASAR
# In ALCASAR E2guardian filters only URLs (domains are filtered with unbound)
# block all SSL and CONNECT tunnels
1350,35 → 1344,34
*ip
EOF
# Creation of ALCASAR empty banned URLs list (filled later with Toulouse BL --> see BL function)
[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
cat <<EOF > $DIR_DG/lists/bannedurllist
# E2guardian filter config for ALCASAR
[ -e $DIR_GROUP1/bannedurllist.default ] || mv $DIR_GROUP1/bannedurllist $DIR_GROUP1/bannedurllist.default
cat <<EOF > $DIR_GROUP1/bannedurllist
# E2guardian URL filter config for ALCASAR
EOF
# Creation of files for rehabilited domains and urls
[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
touch $DIR_DG/lists/exceptionsitelist
touch $DIR_DG/lists/exceptionurllist
[ -e $DIR_GROUP1/exceptionsitelist.default ] || mv $DIR_GROUP1/exceptionsitelist $DIR_GROUP1/exceptionsitelist.default
[ -e $DIR_GROUP1/exceptionurllist.default ] || mv $DIR_GROUP1/exceptionurllist $DIR_GROUP1/exceptionurllist.default
touch $DIR_GROUP1/exceptionsitelist
touch $DIR_GROUP1/exceptionurllist
# Add Bing to the safesearch url regext list (parental control)
[ -e $DIR_DG/lists/urlregexplist.default ] || cp $DIR_DG/lists/urlregexplist $DIR_DG/lists/urlregexplist.default
cat <<EOF >> $DIR_DG/lists/urlregexplist
[ -e $DIR_GROUP1/urlregexplist.default ] || cp $DIR_GROUP1/urlregexplist $DIR_GROUP1/urlregexplist.default
cat <<EOF >> $DIR_GROUP1/urlregexplist
# Bing - add 'adlt=strict'
#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
EOF
# 'Safesearch' regex actualisation
$SED "s?images?search?g" $DIR_DG/lists/urlregexplist
$SED "s?images?search?g" $DIR_GROUP1/urlregexplist
# change the google safesearch ("safe=strict" instead of "safe=vss")
$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
$SED "s?safe=vss?safe=strict?g" $DIR_GROUP1/urlregexplist
# Create & adapt the second group conf file (av + av_wl)
# Create & adapt group2 conf file (av + av_wl)
cp $DIR_DG/e2guardianf1.conf.default $DIR_DG/e2guardianf2.conf
$SED "s?^reportinglevel =.*?reportinglevel = 3?g" $DIR_DG/e2guardianf2.conf
$SED "s?^groupname =.*?groupname = 'antimalware + whitelested users'?g" $DIR_DG/e2guardianf2.conf
$SED "s?^urllist = 'name=banned,messageno=501,path=/etc/e2guardian/lists/bannedurllist'?urllist = 'name=banned,messageno=501,path=/etc/e2guardian/lists/bannedurllist.default'?g" $DIR_DG/e2guardianf2.conf # no banned urls
$SED "s?^urllist = 'name=banned,messageno=501,path=__LISTEN__/bannedurllist'?urllist = 'name=banned,messageno=501,path=__LISTEN__/bannedurllist.default'?g" $DIR_DG/e2guardianf2.conf # no banned urls
# create log folder
mkdir -p /var/log/e2guardian
mkdir -p /var/log/e2guardian
chown -R e2guardian /etc/e2guardian /var/log/e2guardian
} # End of e2guardian()