Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2863 → Rev 2864

/alcasar.sh
1540,7 → 1540,6
# Configuration file of ALCASAR main domains for $INTIF
cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
server:
local-zone: "$DOMAIN" static
local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"
local-data-ptr: "$PRIVATE_IP $HOSTNAME.$DOMAIN"
EOF
1552,8 → 1551,9
access-control-view: 127.0.0.1/8 lo
view:
name: "lo"
local-zone: "$DOMAIN" static
local-data: "$HOSTNAME A 127.0.0.1"
local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1"
local-data-ptr: "127.0.0.1 $HOSTNAME.$DOMAIN"
view-first: yes
EOF
 
1635,7 → 1635,7
include: /usr/local/share/unbound-wl-enabled/*
forward-zone:
name: "."
forward-addr: 127.0.0.1@55
forward-addr: 127.0.0.1@53
EOF
 
# Configuration file for $INTIF of blackhole unbound
1647,9 → 1647,6
name: "$INTIF"
local-zone: "." redirect
local-data: ". A $PRIVATE_IP"
local-zone: "$DOMAIN" static
local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"
local-data-ptr: "$PRIVATE_IP $HOSTNAME.$DOMAIN"
EOF
 
# Configuration file for blackhole unbound
2136,7 → 2133,7
/usr/bin/systemctl -q disable $i.service
done
 
# Apply French Security Agency (ANSSI) rules
# Apply some security rules (some are from French cybersecurity Agency - ANSSI)
# ignore ICMP broadcast (smurf attack)
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" > /etc/sysctl.d/alcasar.conf
# ignore ICMP errors bogus
2165,6 → 2162,10
echo "net.ipv6.conf.default.autoconf = 0" >> /etc/sysctl.d/alcasar.conf
# switch to multi-users runlevel (instead of x11)
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# disable Core dump file
[ -e /etc/security/limits.conf.default ] || cp /etc/security/limits.conf /etc/security/limits.conf.default
$SED "/^# End of file.*/i*\tsoft\tcore\t0\n*\thard\tcore\t0" /etc/security/limits.conf
 
# GRUB2 modifications (Wait time : 3s - ALCASAR entry - VGA=791 - Change the default banner
[ -e /etc/default/grub.default ] || cp /etc/default/grub /etc/default/grub.default
$SED "s?^GRUB_TIMEOUT=.*?GRUB_TIMEOUT=3?g" /etc/default/grub