| /scripts/alcasar-iptables.sh |
|---|
| 11,14 → 11,23 |
| conf_file="/usr/local/etc/alcasar.conf" |
| private_ip_mask=`grep PRIVATE_IP $conf_file|cut -d"=" -f2` |
| private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
| private_network=`/bin/ipcalc -n $private_ip_mask|cut -d"=" -f2` # LAN IP address (ie.: 192.168.182.0) |
| private_prefix=`/bin/ipcalc -p $private_ip_mask|cut -d"=" -f2` # LAN prefix (ie. 24) |
| dns1=`grep DNS1 $conf_file|cut -d"=" -f2` # first public DNS server |
| dns1=${dns1:=208.67.220.220} |
| dns2=`grep DNS2 $conf_file|cut -d"=" -f2` # second public DNS server |
| PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING $conf_file|cut -d"=" -f2` # Network protocols filter (yes/no) |
| DNS_FILTERING=`grep DNS_FILTERING $conf_file|cut -d"=" -f2` # DNS and URLs filter (yes/no) |
| QOS=`grep QOS $conf_file|cut -d"=" -f2` # QOS (yse/no) |
| SSH=`grep SSH $conf_file|cut -d"=" -f2` # sshd active (yes/no) |
| dns2=${dns2:=208.67.222.222} |
| PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING $conf_file|cut -d"=" -f2` # Network protocols filter (on/off) |
| PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off} |
| DNS_FILTERING=`grep DNS_FILTERING $conf_file|cut -d"=" -f2` # DNS and URLs filter (on/off) |
| DNS_FILTERING=${DNS_FILTERING:=off} |
| QOS=`grep QOS $conf_file|cut -d"=" -f2` # QOS (on/off) |
| QOS=${QOS:=off} |
| SSH=`grep SSH $conf_file|cut -d"=" -f2` # sshd active (on/off) |
| SSH=${SSH:=off} |
| LDAP=`grep LDAP $conf_file|cut -d"=" -f2` # ldap external server active (on/off) |
| LDAP=${LDAP:=off} |
| PRIVATE_NETWORK_MASK=$private_network/$private_prefix # Lan IP address + prefix (192.168.182.0/24) |
| PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
| DNSSERVERS="$dns1,$dns2" # first and second DNS IP servers addresses |
| 236,16 → 245,22 |
| # On autorise les requêtes DNS vers les serveurs DNS identifiés |
| # Allow DNS requests to identified DNS servers |
| $IPTABLES -A OUTPUT -o $EXTIF -d $DNSSERVERS -p udp --dport domain -m state --state NEW -j ACCEPT |
| # On autorise les requêtes http sortantes |
| # On autorise les requêtes HTTP sortantes |
| # HTTP requests are allowed |
| $IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT |
| # On autorise les requêtes ntp |
| # On autorise les requêtes NTP |
| # NTP requests are allowed |
| $IPTABLES -A OUTPUT -o $EXTIF -p udp --dport ntp -j ACCEPT |
| # On autorise les requêtes ICMP (ping) |
| # ICMP (ping) requests are allowed |
| $IPTABLES -A OUTPUT -o $EXTIF -p icmp --icmp-type 8 -j ACCEPT |
| # On autorise les requêtes LDAP si un serveur externe est configué |
| # LDAP requests are allowed if an external server is declared |
| if [ $LDAP = on ] |
| then |
| $IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ldap -j ACCEPT |
| $IPTABLES -A OUTPUT -o $EXTIF -p udp --dport ldap -j ACCEPT |
| fi |
| # Traduction dynamique d'adresse en sortie |
| # Dynamic NAT on EXTIF |
| $IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE |
| /scripts/sbin/alcasar-nf.sh |
|---|
| 10,7 → 10,7 |
| FIC_EXCEPTIONS="/usr/local/etc/alcasar-filter-exceptions" |
| FIC_CONF="/usr/local/etc/alcasar.conf" |
| usage="Usage: alcasar-nf.sh {--on or -on} | {--off | -off} " |
| usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off} | {-conf}" |
| nb_args=$# |
| args=$1 |
| if [ $nb_args -eq 0 ] |
| 23,26 → 23,29 |
| echo "$usage" |
| exit 0 |
| ;; |
| -on|-on) |
| # activation du filtrage réseau |
| $SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF |
| # tri du fichier de services |
| $SED "/^$/d" $FIC_SERVICES # suppression lignes vides |
| -on|-on) # enable protocols filter |
| # sort service file |
| $SED "/^$/d" $FIC_SERVICES # delete empty lines |
| sort -k2n $FIC_SERVICES > /tmp/alcasar-services-sort |
| mv -f /tmp/alcasar-services-sort $FIC_SERVICES |
| chown root:apache $FIC_SERVICES |
| chmod 660 $FIC_SERVICES |
| # vérification de présence du fichier d'exception |
| # vérify exception file |
| [ -e $FIC_EXCEPTIONS ] || touch $FIC_EXCEPTIONS |
| chown root:apache $FIC_EXCEPTIONS |
| chmod 664 $FIC_EXCEPTIONS |
| $SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF |
| /usr/local/bin/alcasar-iptables.sh |
| ;; |
| --off|-off) |
| # désactivation du filtrage réseau |
| --off|-off) # disable protocols filter |
| $SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $FIC_CONF |
| /usr/local/bin/alcasar-iptables.sh |
| ;; |
| --conf|-conf) |
| PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING $FIC_CONF|cut -d"=" -f2` # Network protocols filter (on/off) |
| PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off} |
| /usr/local/bin/alcasar-iptables.sh |
| ;; |
| *) |
| echo "Argument inconnu :$1"; |
| echo "$usage" |
| /scripts/sbin/alcasar-uninstall.sh |
|---|
| 47,8 → 47,9 |
| sleep 1 |
| #init_db |
| echo -en "\n- init_db(1) : " |
| [ -e /etc/my.cnf.default ] && mv -f /etc/my.cnf.default /etc/my.cnf && echo -n "1" |
| echo -en "\n- init_db(2) : " |
| [ -e /etc/my.cnf.default ] && mv -f /etc/my.cnf.default /etc/my.cnf && echo -n "1, " |
| [ -e /etc/init.d/mysqld.default ] && mv -f /etc/init.d/mysqld.default /etc/init.d/mysqld && echo -n "2" |
| rm -rf /var/lib/mysql* |
| sleep 1 |
| /scripts/sbin/alcasar-bl.sh |
|---|
| 85,7 → 85,27 |
| echo ".Include<$DIR_DG_BL/$i/urls>" >> $DIR_DG/bannedurllist |
| done |
| } |
| usage="Usage: alcasar-bl.sh {-on or --on} | { -off or --off } | { -download or --download } | { -reload - --reload }" |
| function bl_enable (){ |
| $SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf |
| $SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # Enable 'safesearch' |
| if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage |
| then |
| service dansguardian restart |
| service dnsmasq restart |
| /usr/local/bin/alcasar-iptables.sh |
| fi |
| } |
| function bl_disable (){ |
| rm -rf $DIR_DNS_FILTER_ENABLED/* |
| $SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf |
| $SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist # Disable 'safesearch' |
| if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage |
| then |
| service dansguardian restart |
| /usr/local/bin/alcasar-iptables.sh |
| fi |
| } |
| usage="Usage: alcasar-bl.sh {-on or --on} | { -off or --off } | { -download or --download } | { -reload or --reload } | { -conf or --conf}" |
| nb_args=$# |
| args=$1 |
| if [ $nb_args -eq 0 ] |
| 101,28 → 121,24 |
| # activation du filtrage |
| -on | --on) |
| cat_choice |
| $SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf |
| $SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # Enable 'safesearch' |
| $SED "s?^DNS_FILTERING.*?DNS_FILTERING=on?g" $CONF_FILE |
| if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # on ne relance lors d'une install |
| then |
| service dansguardian restart |
| service dnsmasq restart |
| /usr/local/bin/alcasar-iptables.sh |
| fi |
| bl_enable |
| ;; |
| # désactivation du filtrage |
| -off | --off) |
| rm -rf $DIR_DNS_FILTER_ENABLED/* |
| $SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf |
| $SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist # Disable 'safesearch' |
| $SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE |
| if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # on ne relance lors d'une install |
| then |
| service dansguardian restart |
| /usr/local/bin/alcasar-iptables.sh |
| bl_disable |
| ;; |
| -conf | --conf) |
| DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off) |
| DNS_FILTERING=${DNS_FILTERING:=off} |
| if [ $DNS_FILTERING = on ]; then |
| cat_choice |
| bl_enable |
| else |
| bl_disable |
| fi |
| ;; |
| ;; |
| # Mise a jour de la blacklist 'Toulouse' et adaptation à dansguardian et dnsmasq |
| -download | --download) |
| rm -rf /tmp/con_ok.html |