Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 307 → Rev 308

/scripts/alcasar-dnsfilter-activate.sh
File deleted
Property changes:
Deleted: svn:eol-style
-native
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property
/scripts/alcasar-dnsfilter-import.sh
File deleted
Property changes:
Deleted: svn:eol-style
-native
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property
/scripts/etc/alcasar-filter-exceptions
File deleted
/scripts/etc/alcasar-bl-categories
0,0 → 1,18
adult
agressif
dangerous_material
dating
drogue
gambling
hacking
malware
marketingware
mixed_adult
phishing
redirector
sect
strict_redirector
strong_redirector
tricheur
warez
ossi
/scripts/sbin/alcasar-bl.sh
1,13 → 1,19
#/bin/sh
# $Id$
 
# Gestion des Blacklists/Whitelists
# Script de gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via dansguardian)
# By 3abtux & rexy
 
DIR_tmp="/root/blacklists"
DIR_tmp="/tmp/blacklists"
FILE_tmp="/tmp/fileFilter.txt"
BL_CATEGORIES=/usr/local/etc/alcasar-bl-categories
DIR_DANSGUARDIAN="/etc/dansguardian/lists/"
DIR_DNS_FILTER_AVAILABLE="/usr/local/etc/alcasar-dnsfilter-available"
DIR_DNS_FILTER_ENABLE="/usr/local/etc/alcasar-dnsfilter-enabled"
IP_RETOUR="127.0.0.1"
BL_SERVER="cri.univ-tlse1.fr"
SED="/bin/sed -i"
 
# Récupération de l'archive de la BL Toulouse
function transfert () {
mkdir -p $DIR_tmp
cd $DIR_tmp
14,15 → 20,50
wget http://$BL_SERVER/blacklists/download/blacklists.tar.gz
}
 
# Décompression de la BL (en conservant la WL)
function install () {
[ -d $DIR_DANSGUARDIAN ] || mkdir -p $DIR_DANSGUARDIAN
[ -d $DIR_DANSGUARDIAN/blacklists/ossi ] && mv -f $DIR_DANSGUARDIAN/blacklists/ossi $DIR_tmp
tar zxvf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DANSGUARDIAN
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DANSGUARDIAN
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DANSGUARDIAN/blacklists/
cd /root
rm -rf $DIR_tmp
}
 
# Adaptation de la BL Toulouse à la structure Dnsmasq
function adapt () {
# On récupère le nom des répertoire (catégories)
find $DIR_DANSGUARDIAN -type f -name domains > $FILE_tmp
# On supprime le suffice "/domains"
$SED "s?\/domains??g" $FILE_tmp
rm -f $DIR_DNS_FILTER_AVAILABLE/*
echo -n "Adaptation de la BL Toulouse. Veuillez patienter : "
# On copie les fichiers de domaine pour chaque catégorie
for PATH_FILE in `cat $FILE_tmp`
do
DOMAINE=`basename $PATH_FILE`
echo -n "."
# suppression des @IP, des lignes commentées et des caractères bizarres comme les ô et û ö ü
# cela supprime quelques domaines ... qui restent filtrés par dansguardian
egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > /tmp/dnsmasq-bl.tmp
$SED "/[äâëêïîöôüû]/d" /tmp/dnsmasq-bl.tmp
$SED "/^#.*/d" /tmp/dnsmasq-bl.tmp
# Mise en forme dnsmasq
$SED "s?.*?address=/&/$IP_RETOUR?g" /tmp/dnsmasq-bl.tmp
mv /tmp/dnsmasq-bl.tmp $DIR_DNS_FILTER_AVAILABLE/$DOMAINE.conf
done
rm -f $FILE_tmp
echo
}
 
# Permet d'activer/désactiver les catégories de la BL
function cat_choice (){
rm -rf $DIR_DNS_FILTER_ENABLE
for i in `cat $BL_CATEGORIES`
do
echo $i
done
}
usage="Usage: alcasar-bl.sh -on | -off | -download| -reload"
nb_args=$#
args=$1
36,22 → 77,22
echo "$usage"
exit 0
;;
# activation du filtrage
-on)
# activation du filtrage
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf
cat_choice
service dansguardian reload
/usr/local/bin/alcasar-dnsfilter-activate.sh
service dnsmasq restart
;;
# désactivation du filtrage
-off)
# désactivation du filtrage
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf
rm -rf $DIR_DNS_FILTER_ENABLE
service dansguardian reload
/usr/local/bin/alcasar-dnsfilter-activate.sh
service dnsmasq restart
;;
# Mise a jour de la blacklist 'Toulouse' et adaptation à dansguardian et dnsmasq
-download)
# Mise a jour de la blacklist 'Toulouse' et compilation de la base
rm -rf /tmp/con_ok.html
`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`
if [ ! -e /tmp/con_ok.html ]
62,18 → 103,23
install
chown -R dansguardian:apache $DIR_DANSGUARDIAN
chmod -R g+w $DIR_DANSGUARDIAN
service dansguardian reload
DATE=`date '+%d %B %Y - %Hh%M'`
echo "Univ-tlse du $DATE " > /var/www/html/VERSION-BL
rm -rf /tmp/con_ok.html
fi
adapt
;;
# regénération suite à modification de la BL OSSI/RSSI
-reload)
# regénération de la base OSSI/RSSI
# pour Dansguardian
chown -R dansguardian:apache $DIR_DANSGUARDIAN/blacklists/ossi
chmod -R g+w $DIR_DANSGUARDIAN/blacklists/ossi
service dansguardian reload
;;
# pour dnsmasq
cp $DIR_DANSGUARDIAN/blacklists/ossi/domains $DIR_DNS_FILTER_AVAILABLE/ossi.conf
$SED "s?.*?address=/&/$IP_RETOUR?g" $DIR_DNS_FILTER_AVAILABLE/ossi.conf
service dnsmasq reload
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
/scripts/alcasar-watchdog.sh
1,17 → 1,82
#/bin/sh
#!/bin/sh
# $Id$
# by rexy
# Ce script permet de déconnecter les usagers dont
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet
# il déconnecte les usagers dont
# - les équipementis réseau ne répondent plus
# - les adresses MAC sont usurpées
# The aim of this script is to disconnect users whose
# This script tells users that Internet access is down
# it logs out users whose
# - PCs are quiet
# - MAC address are in used by other systems (usurped)
 
EXTIF="eth0"
INTIF="eth1"
PRIVATE_IP="192.168.182.1"
tmp_file="/tmp/watchdog.txt"
Network_Pb_Page="/var/www/html/redirect/index-network-pb.php"
IFS=$'\n'
 
# Fonction appelée si un Pb de connectivité Internet
# On fait pointer les usagers sur une page d'erreur
function ext_down_alert ()
{
case $EXT_DOWN in
"1")
logger "eth0 link down"
/bin/sed -i "s?diagnostic =.*?diagnostic = eth0 link down?g" $Network_Pb_Page
;;
"2")
logger "can't contact the default router"
/bin/sed -i "s?diagnostic =.*?diagnostic = can't contact the default router?g" $Network_Pb_Page
;;
"3")
logger "can't contact the Internet DNS"
/bin/sed -i "s?diagnostic =.*?diagnostic = can't contact the Internet DNS?g" $Network_Pb_Page
;;
esac
net_pb=`cat /etc/dnsmasq.d/alcasar-dnsmasq.conf|grep "address=/#/"|wc -l`
if [ $net_pb != "1" ]
then
rm -f /var/www/html/redirect/index.php
ln -s /var/www/html/redirect/index-network-pb.php /var/www/html/redirect/index.php
/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq.d/alcasar-dnsmasq.conf
/etc/init.d/dnsmasq restart
fi
}
 
# On teste la connectivité réseau
# On teste l'état d'EXTIF
EXT_DOWN="0"
if [ "`/usr/sbin/ethtool $EXTIF|grep Link|cut -d' ' -f3`" != "yes" ]
then
EXT_DOWN="1"
fi
# si EXTIF ok, on teste la connectivité vers le routeur par défaut (Box FAI)
if [ $EXT_DOWN -eq "0" ]
then
IP_GW=`/sbin/ip route list|grep ^default|cut -d" " -f3`
arp_reply=`/usr/sbin/arping -I$EXTIF -c1 $IP_GW|grep response|cut -d" " -f2`
if [ $arp_reply -eq "0" ]
then
EXT_DOWN="2"
fi
fi
# si routeur OK, on teste la connectivité vers les DNS externes
# + tard (EXT_DOWN=3)
# si Pb réseau, on avertit les usagers
if [ $EXT_DOWN != "0" ]
then
ext_down_alert
else
# sinon, on rebascule en mode normal
net_pb=`cat /etc/dnsmasq.d/alcasar-dnsmasq.conf|grep "address=/#/"|wc -l`
if [ $net_pb -eq "1" ]
then
/bin/sed -i "s?^address=\/#\/.*?conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled?g" /etc/dnsmasq.d/alcasar-dnsmasq.conf
/etc/init.d/dnsmasq restart
fi
fi
# lecture du fichier contenant les adresses IP des stations muettes
if [ -e $tmp_file ]; then
cat $tmp_file | while read noresponse
50,3 → 115,4
fi
fi
done