/scripts/alcasar-activity_report.sh |
---|
164,7 → 164,7 |
#get timestamp of X day ago. Then we get every packets chich have been updated since this date. |
if [ "$(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l)" -gt 1 ] |
then |
PACKAGE='php|lighttpd|iptables|dnsmasq|unbound|radius|nfdump|e2guardian|clamav|ulogd|chilli|fail2ban|openssh|ipt-netflow|wget|mariadb|gnupg|openssl' |
PACKAGE='php|lighttpd|iptables|unbound|radius|nfdump|e2guardian|clamav|ulogd|chilli|fail2ban|openssh|ipt-netflow|wget|mariadb|gnupg|openssl' |
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR |
do |
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1) |
/scripts/alcasar-bl.sh |
---|
271,6 → 271,7 |
else |
# adapt to the unbound syntax for the whitelist |
$SED "s?.*?local-zone: & transparent?g" $FILE_tmp |
$SED "p; s? transparent? ipset?g" $FILE_tmp # duplicate lines to enable ipset module |
mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf |
fi |
done |
362,7 → 363,6 |
then |
/usr/bin/systemctl restart unbound-blacklist |
/usr/bin/systemctl restart unbound-whitelist |
/usr/bin/systemctl restart dnsmasq-whitelist |
/usr/bin/systemctl restart e2guardian |
/usr/local/bin/alcasar-iptables.sh |
fi |
/scripts/alcasar-conf.sh |
---|
195,6 → 195,9 |
# Apply changes between versions |
## V5.4 --> V5.5 ## |
[ -e $DIR_ETC/alcasar-iptables-local.sh ] && cp $DIR_ETC/alcasar-iptables-local.sh $DIR_ETC/alcasar-iptables-local.sh.old && cp $CURRENT_DIR/conf/etc/alcasar-iptables-local.sh $DIR_ETC/ # new rule for SMTP output flows |
## V5.5 --> V6.0 ## remove dnsmasq service |
[ -e /etc/dnsmasq-whitelist.conf ] && rm -f /etc/dnsmasq* |
[ -e /etc/systemd/system/dnsmasq-whitelist.service ] && rm -f /etc/systemd/system/dnsmasq* && urpme dnsmasq |
# Remove the update folder |
rm -rf $DIR_UPDATE |
;; |
297,7 → 300,7 |
$DIR_BIN/alcasar-logout.sh all |
# Services stop |
echo -n "Stop services : " |
for i in ntpd e2guardian unbound unbound-whitelist dnsmasq-whitelist unbound-blacklist unbound-blackhole chilli network lighttpd |
for i in ntpd e2guardian unbound unbound-whitelist unbound-blacklist unbound-blackhole chilli network lighttpd |
do |
/usr/bin/systemctl stop $i && echo -n "$i, " |
done |
372,10 → 375,6 |
$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf |
# modify the DHCP static ip file. Reserve the second IP address for INTIF (the first one is for tun0). Keep previous entries |
$SED "s?^$PRIVATE_MAC.*?$PRIVATE_MAC $PRIVATE_SECOND_IP?" $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info |
# dnsmasq-whitelist |
$SED "/^server=/d" /etc/dnsmasq-whitelist.conf |
echo "server=$DNS1" >> /etc/dnsmasq-whitelist.conf |
echo "server=$DNS2" >> /etc/dnsmasq-whitelist.conf |
# unbound |
# removing unbound configuration files |
rm -f /etc/unbound/conf.d/{forward,blacklist,whitelist,blackhole}/iface.* |
490,7 → 489,7 |
sleep 1 |
/usr/bin/systemctl start $i && echo -n ", $i" |
done |
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", unbound-blacklist, unbound-whitelist, dnsmasq-whitelist, e2guardian, iptables" |
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", unbound-blacklist, unbound-whitelist, e2guardian, iptables" |
/usr/bin/systemctl restart lighttpd && echo -n ", lighttpd" |
fi |
# Email user registration |
/scripts/alcasar-daemon.sh |
---|
15,7 → 15,7 |
LDAP=${LDAP:=off} |
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2` # INTIF name |
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2` # EXTIF name |
SERVICES="mysqld lighttpd php-fpm ntpd unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd" |
SERVICES="mysqld lighttpd php-fpm ntpd unbound unbound-blacklist unbound-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd" |
nb_available_srv=`echo $SERVICES|wc -w` |
function ServiceTest () { |
/scripts/alcasar-dns-local.sh |
---|
33,7 → 33,7 |
fi |
function restart_dns(){ |
for dns in unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole |
for dns in unbound unbound-blacklist unbound-whitelist unbound-blackhole |
do |
echo "Restarting $dns. Please wait..." |
systemctl restart $dns |
100,7 → 100,6 |
hosts_to_unbound |
;; |
--off|-off) # disable DNS redirector |
#$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE |
rm -f $LOCAL_DOMAIN_CONF_FILE |
$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=off?g" $ALCASAR_CONF_FILE |
restart_dns |
107,13 → 106,11 |
/usr/local/bin/alcasar-iptables.sh |
;; |
--off-without-restart|-off-without-restart) # disable DNS redirector |
#$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE |
rm -f $LOCAL_DOMAIN_CONF_FILE |
$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=off?g" $ALCASAR_CONF_FILE |
/usr/local/bin/alcasar-iptables.sh |
;; |
--on|-on) # enable DNS redirector |
#$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE |
cat > $LOCAL_DOMAIN_CONF_FILE << EOF |
server: |
local-zone: "$INT_DNS_DOMAIN." transparent |
126,7 → 123,6 |
/usr/local/bin/alcasar-iptables.sh |
;; |
--on-without-restart|-on-without-restart) # enable DNS redirector |
#$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE |
cat > $LOCAL_DOMAIN_CONF_FILE << EOF |
server: |
local-zone: "$INT_DNS_DOMAIN." transparent |
/scripts/alcasar-iptables.sh |
---|
165,7 → 165,7 |
done |
###### WL set ########### |
# taille fixe, car peuplé par dnsmasq / fixe length due to dnsmasq dynamic loading |
# taille fixe, car peuplé par unbound / fixe length due to unbound dynamic loading |
wl_set_length=65536 |
# Chargement Loading |
echo "create wl_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save |
/scripts/alcasar-rpm-download.sh |
---|
20,7 → 20,7 |
# "sudo" : needed after a reinstallation (to be investigated) |
# "clamav" + "clamav-db" : needed because of a lack of mutual dependance |
# "postfix" + "cyrus-sasl" + "lib64sasl2-plug-plain" : email registration method |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop" |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop" |
rpm_repository_sync () |
{ |
/scripts/alcasar-rpm.sh |
---|
21,7 → 21,7 |
# "sudo" : needed after a reinstallation (to be investigated) |
# "clamav" + "clamav-db" : needed because of a lack of mutual dependance |
# "postfix" + "cyrus-sasl" + "lib64sasl2-plug-plain" : email registration method |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-dom unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop" |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-dom unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware kernel-firmware-nonfree dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop" |
rpm_repository_sync () |
{ |
/scripts/alcasar-uninstall.sh |
---|
173,17 → 173,6 |
fi |
} |
dnsmasq () |
{ |
echo -en "(3) : " |
[ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf && echo -n "1, " |
[ -e /etc/dnsmasq-whitelist.conf ] && rm /etc/dnsmasq-whitelist.conf && echo -n "2, " |
if [ -e /etc/systemd/system/dnsmasq-whitelist.service ]; then |
rm -f /etc/systemd/system/dnsmasq-whitelist.service |
echo -n "3, " |
fi |
} |
unbound () |
{ |
echo -en "(9) : " |
327,7 → 316,7 |
echo "----------------------------------------------------------------------------" |
echo "** Uninstall/Désinstallation d'ALCASAR **" |
echo "----------------------------------------------------------------------------" |
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli" |
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist unbound-blackhole nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli" |
/usr/local/bin/alcasar-logout.sh all # logout everybody |
else |
echo "--------------------------------------------------------------------------" |
334,7 → 323,7 |
echo "** update/mise à jour d'ALCASAR **" |
echo "--------------------------------------------------------------------------" |
# unbound, iptables & sshd should stay on to allow remote update |
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist unbound-blackhole nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update + users stay connected during the update |
fi |
366,7 → 355,7 |
[ $mode == "update" ] && /usr/bin/systemctl reload sshd # reload sshd in case of remote update |
echo "Reset ALCASAR main functions : " |
for func in init ACC CA time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat unbound dnsmasq dhcpd cron fail2ban gammu_smsd msec letsencrypt mail_service post_install |
for func in init ACC CA time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat unbound dhcpd cron fail2ban gammu_smsd msec letsencrypt mail_service post_install |
do |
echo -en "\n- $func " |
$func |