BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /scripts @ 2682

  → /scripts @ 2688

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 2682 → Rev 2688

/scripts/alcasar-activity_report.sh
93,98 → 93,97
cat $MODEL_TABINFO | while read LINE_HTML
do
if [ "$(echo $LINE_HTML | grep 'XXORGXX' | wc -l)" -eq 1 ]
then
VALUE=$(grep ^ORGANISM= $CONF_FILE | cut -d'=' -f2-)
echo ${LINE_HTML/XXORGXX/$VALUE} >> $HTML_REPORT
if [ $(echo $LINE_HTML | grep 'XXORGXX' | wc -l) -eq 1 ]
then
VALUE=$(grep ^ORGANISM= $CONF_FILE | cut -d'=' -f2-)
echo ${LINE_HTML/XXORGXX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXINSTALLXX' | wc -l) -eq 1 ]
then
VALUE=$(grep ^INSTALL_DATE= $CONF_FILE | cut -d'=' -f2)
echo ${LINE_HTML/XXINSTALLXX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXAVERSIONXX' | wc -l) -eq 1 ]
then
VALUE=$(grep ^VERSION= $CONF_FILE | cut -d'=' -f2)
echo ${LINE_HTML/XXAVERSIONXX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXIP_PUBLICXX' | wc -l) -eq 1 ]
then
VALUE=$(grep ^PUBLIC_IP= $CONF_FILE | cut -d'=' -f2)
echo ${LINE_HTML/XXIP_PUBLICXX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXIP_PRIVEXX' | wc -l) -eq 1 ]
then
VALUE=$(grep ^PRIVATE_IP= $CONF_FILE | cut -d'=' -f2)
echo ${LINE_HTML/XXIP_PRIVEXX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXGWXX' | wc -l) -eq 1 ]
then
VALUE=$(grep ^GW= $CONF_FILE | cut -d'=' -f2)
echo ${LINE_HTML/XXGWXX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXDNS1XX' | wc -l) -eq 1 ]
then
VALUE=$(grep ^DNS1= $CONF_FILE | cut -d'=' -f2)
echo ${LINE_HTML/XXDNS1XX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXDNS2XX' | wc -l) -eq 1 ]
then
VALUE=$(grep ^DNS2= $CONF_FILE | cut -d'=' -f2)
echo ${LINE_HTML/XXDNS2XX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXHOSTXX' | wc -l) -eq 1 ]
then
VALUE=$(hostname)
echo ${LINE_HTML/XXHOSTXX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXOS_VERSIONXX' | wc -l) -eq 1 ]
then
VALUE=$( echo $(uname -r) [ $(uname -m) ] )
echo ${LINE_HTML/XXOS_VERSIONXX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXREBOOTXX' | wc -l) -eq 1 ]
then
VALUE=$(echo $(who -b | cut -d' ' -f12-))
echo ${LINE_HTML/XXREBOOTXX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXMAJCLAMAVXX' | wc -l) -eq 1 ]
then
VALUE=$(date -d @$(rpm -qa --queryformat "%{installtime} %{name}\n" | grep -E "clamav-db" | cut -d' ' -f1 ) "+%Y-%m-%d %H:%M:%S")
echo ${LINE_HTML/XXMAJCLAMAVXX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ]
then
VALUE=$(cat /etc/e2guardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6)
echo ${LINE_HTML/XXMAJBLXX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXRPMXX' | wc -l) -eq 1 ]
then
#show every ALCASAR RPM updated since X day ago
#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ]
elif [ "$(echo $LINE_HTML | grep 'XXINSTALLXX' | wc -l)" -eq 1 ]
then
PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|e2guardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
do
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
RPM_DATE=$(date -d @$(echo $RPM_TIMESTAMP) "+%Y-%m-%d %H:%M:%S")
RPM_NAME=$(echo $RPM_ALCASAR | cut -d' ' -f2)
RPM_VERSION=$(echo $RPM_ALCASAR | cut -d' ' -f3)
VALUE=$(grep ^INSTALL_DATE= $CONF_FILE | cut -d'=' -f2)
echo ${LINE_HTML/XXINSTALLXX/$VALUE} >> $HTML_REPORT
echo "<tr>" >> $HTML_REPORT
echo "<td>$RPM_NAME</td>" >> $HTML_REPORT
echo "<td>$RPM_DATE</td>" >> $HTML_REPORT
echo "<td>$RPM_VERSION</td>" >> $HTML_REPORT
echo "</tr>" >> $HTML_REPORT
done
elif [ "$(echo $LINE_HTML | grep 'XXAVERSIONXX' | wc -l)" -eq 1 ]
then
VALUE=$(grep ^VERSION= $CONF_FILE | cut -d'=' -f2)
echo ${LINE_HTML/XXAVERSIONXX/$VALUE} >> $HTML_REPORT
elif [ "$(echo $LINE_HTML | grep 'XXIP_PUBLICXX' | wc -l)" -eq 1 ]
then
VALUE=$(grep ^PUBLIC_IP= $CONF_FILE | cut -d'=' -f2)
echo ${LINE_HTML/XXIP_PUBLICXX/$VALUE} >> $HTML_REPORT
elif [ "$(echo $LINE_HTML | grep 'XXIP_PRIVEXX' | wc -l)" -eq 1 ]
then
VALUE=$(grep ^PRIVATE_IP= $CONF_FILE | cut -d'=' -f2)
echo ${LINE_HTML/XXIP_PRIVEXX/$VALUE} >> $HTML_REPORT
elif [ "$(echo $LINE_HTML | grep 'XXGWXX' | wc -l)" -eq 1 ]
then
VALUE=$(grep ^GW= $CONF_FILE | cut -d'=' -f2)
echo ${LINE_HTML/XXGWXX/$VALUE} >> $HTML_REPORT
elif [ "$(echo $LINE_HTML | grep 'XXDNS1XX' | wc -l)" -eq 1 ]
then
VALUE=$(grep ^DNS1= $CONF_FILE | cut -d'=' -f2)
echo ${LINE_HTML/XXDNS1XX/$VALUE} >> $HTML_REPORT
elif [ "$(echo $LINE_HTML | grep 'XXDNS2XX' | wc -l)" -eq 1 ]
then
VALUE=$(grep ^DNS2= $CONF_FILE | cut -d'=' -f2)
echo ${LINE_HTML/XXDNS2XX/$VALUE} >> $HTML_REPORT
elif [ "$(echo $LINE_HTML | grep 'XXHOSTXX' | wc -l)" -eq 1 ]
then
VALUE=$(hostname)
echo ${LINE_HTML/XXHOSTXX/$VALUE} >> $HTML_REPORT
elif [ "$(echo $LINE_HTML | grep 'XXOS_VERSIONXX' | wc -l)" -eq 1 ]
then
VALUE=$(echo "$(uname -r) [ $(uname -m) ]")
echo ${LINE_HTML/XXOS_VERSIONXX/$VALUE} >> $HTML_REPORT
elif [ "$(echo $LINE_HTML | grep 'XXREBOOTXX' | wc -l)" -eq 1 ]
then
VALUE=$(who -b | cut -d' ' -f12-)
echo ${LINE_HTML/XXREBOOTXX/$VALUE} >> $HTML_REPORT
elif [ "$(echo $LINE_HTML | grep 'XXMAJCLAMAVXX' | wc -l)" -eq 1 ]
then
VALUE=$(date -d "@$(rpm -qa --queryformat "%{installtime} %{name}\n" | grep -E "clamav-db" | cut -d' ' -f1 )" "+%Y-%m-%d %H:%M:%S")
echo ${LINE_HTML/XXMAJCLAMAVXX/$VALUE} >> $HTML_REPORT
elif [ "$(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l)" -eq 1 ]
then
VALUE=$(cat /etc/e2guardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6)
echo ${LINE_HTML/XXMAJBLXX/$VALUE} >> $HTML_REPORT
elif [ "$(echo $LINE_HTML | grep 'XXRPMXX' | wc -l)" -eq 1 ]
then
#show every ALCASAR RPM updated since X day ago
#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
if [ "$(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l)" -gt 1 ]
then
PACKAGE='php|lighttpd|iptables|dnsmasq|unbound|radius|tinyproxy|nfdump|e2guardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
do
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
RPM_DATE=$(date -d "@$(echo $RPM_TIMESTAMP)" "+%Y-%m-%d %H:%M:%S")
RPM_NAME=$(echo $RPM_ALCASAR | cut -d' ' -f2)
RPM_VERSION=$(echo $RPM_ALCASAR | cut -d' ' -f3)
echo "<tr>" >> $HTML_REPORT
echo "<td>$RPM_NAME</td>" >> $HTML_REPORT
echo "<td>$RPM_DATE</td>" >> $HTML_REPORT
echo "<td>$RPM_VERSION</td>" >> $HTML_REPORT
echo "</tr>" >> $HTML_REPORT
done
else
echo "<tr><td colspan=\"3\">Pas de RPM mis à jour cette semaine</td></tr>" >> $HTML_REPORT
fi
else
echo "<tr><td colspan=\"3\">Pas de RPM mis à jour cette semaine</td></tr>" >> $HTML_REPORT
echo $LINE_HTML >> $HTML_REPORT
fi
else
echo $LINE_HTML >> $HTML_REPORT
fi
done
######################BL WEBSITE SINCE INSTALLATION######################
192,45 → 191,36
#find data
#decompress every logs
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
if [ "$(ls -1 /var/log/unbound/unbound-blacklist.log.*.gz 2>/dev/null | wc -l)" -ge 1 ]
then
gunzip -d dnsmasq-blacklist.log.*.gz
gunzip -d unbound-blacklist.log.*.gz
fi
#convert logs date in timestamp and find categories of blacklisted website
for FILE in $(ls -1 /var/log/dnsmasq/ | grep 'dnsmasq-blacklist.log')
tmp_log=$(mktemp)
for FILE in /var/log/unbound/unbound-blacklist.log*
do
grep -E "info: [^ ]+ typetransparent $PRIVATE_IP" /var/log/unbound/unbound-blacklist.log > $tmp_log
while read LOG_BL
do
if [ $(echo $LOG_BL | grep config | grep $PRIVATE_IP | wc -c) -ge 1 ]
# find the current blacklisted category
website_bl=$(echo $LOG_BL | cut -d' ' -f4)
website_bl=${website_bl%?} # remove the last character
#we convert www.test.co.uk => test.co.uk to find the category of this website
if [ "$(grep -o '\.' <<< "$website_bl" | wc -l)" -ge "2" ]
then
#find the current blacklisted category
website_bl=$(echo $LOG_BL | cut -d' ' -f6)
#we convert www.test.co.uk => test.co.uk to find the category of this website
if [ $(grep -o '\.' <<< "$website_bl" | wc -l) -ge "2" ]
then
website_bl=$(echo $website_bl | cut -d'.' -f2-)
fi
website_bl=$(echo $website_bl | cut -d'.' -f2-)
fi
#get BL category
categorie_bl=$(grep -R "$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1)
if [ $(echo $categorie_bl | wc -w) -gt 1 ]
then
categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1)
fi
#Calculate its timestamp
Y=$(date -R | cut -d' ' -f4)
M=$(echo $LOG_BL | cut -d' ' -f1)
D=$(echo $LOG_BL | cut -d' ' -f2)
H=$(echo $LOG_BL | cut -d' ' -f3)
CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
echo "$CURRENT_TS:$categorie_bl:" >> $TMP_BL
fi
done < /var/log/dnsmasq/$FILE
#get BL category
categorie_bl=$(grep -Rl "$website_bl" /usr/local/share/unbound-bl-enabled/ | cut -d'/' -f6 | head -1)
CURRENT_TS=$(echo $LOG_BL | cut -d '[' -f2 | cut -d ']' -f1)
echo "$CURRENT_TS:$categorie_bl:" >> $TMP_BL
done < $tmp_log
done
rm $tmp_log
#if data exists, create this section in html document
if [ -e $TMP_BL ]
244,19 → 234,18
do
DATE_1=$TS
DATE_2=$((TS-$STEP_TS))
COUNT_BL_INSTALLATION=0
COUNT_BL_INSTALLATION=0
for LINE in $(cat $TMP_BL)
do
TS_FILE=$(echo $LINE | cut -d':' -f1)
if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
if [ "$TS_FILE" -le "$DATE_1" ] && [ "$TS_FILE" -ge "$DATE_2" ]
then
COUNT_BL_INSTALLATION=$((COUNT_BL_INSTALLATION+1))
fi
done
VALUE_BL_INSTALLATION_LABEL="'$(date -d @$DATE_2 "+%Y-%m-%d" )', $VALUE_BL_INSTALLATION_LABEL"
VALUE_BL_INSTALLATION_DATA="$COUNT_BL_INSTALLATION, $VALUE_BL_INSTALLATION_DATA"
done
273,41 → 262,41
cat $MODEL_CHARTJS | while read LINE_JS
do
#name of variable
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
if [ "$(echo $LINE_JS | grep 'XXCONFXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXCONFXX/$CONF_BL_INSTALLATION} >> $HTML_REPORT
#chart type
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXTYPEXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT
#chart title
elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXTITLEXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXTITLEXX/"Sites bloqués au total"} >> $HTML_REPORT
#chart data
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXDATAXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXDATAXX/$VALUE_BL_INSTALLATION_DATA} >> $HTML_REPORT
#color
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXCOLORXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
#labels
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXLABELSXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXLABELSXX/$VALUE_BL_INSTALLATION_LABEL} >> $HTML_REPORT
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT
#display value of Y axis, only useful for chart bar
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l)" -eq 1 ]
then
echo "" >> $HTML_REPORT
#display value of Y axis, only useful for chart bar
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l)" -eq 1 ]
then
echo "" >> $HTML_REPORT
elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXYLABELXX' | wc -l)" -eq 1 ]
then
echo "\"Nombre de site bloqué par la blacklist\"" >> $HTML_REPORT
else
321,7 → 310,7
######################DNSMASQ BLACKLIST######################
######################Unbound BLACKLIST######################
echo "Create BL website since $MAX_DAY_AGO days"
#if data exists, create BL section in html document
339,7 → 328,7
do
TS_FILE=$(echo $LINE | cut -d':' -f1)
#select only elements between DATE_1 and DATE_2
if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
if [ "$TS_FILE" -le "$DATE_1" ] && [ "$TS_FILE" -ge "$DATE_2" ]
then
echo $LINE >> $TMP_BL_WEEK
fi
346,7 → 335,7
done
#then we count every occurence for each category in TMP_BL_WEEK
for CAT in $(ls /usr/local/share/dnsmasq-bl/ -1 | cut -d'.' -f1)
for CAT in $(ls /usr/local/share/unbound-bl/ -1 | cut -d'.' -f1)
do
echo "$CAT:$(grep -o ":$CAT:" <<< "$(cat $TMP_BL_WEEK)" | wc -l):" >> $TMP_BL_WEEK_CAT
done
354,7 → 343,7
#we sort by number of occurence and we take the top 10 BL categories
for LINE in $(sort -t':' -k2 -rn $TMP_BL_WEEK_CAT | head -n 10)
do
DATA=$(echo $LINE | cut -d':' -f2)
LABEL=$(echo $LINE | cut -d':' -f1)
if [ $DATA -ne 0 ]
365,7 → 354,7
done
#get other categories (sum them all)
if [ $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc) -gt 0 ]
if [ "$(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc)" -gt 0 ]
then
VALUE_BL_DATA="$VALUE_BL_DATA $(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc)"
VALUE_BL_LABEL="$VALUE_BL_LABEL 'autre ($(cat $TMP_BL_WEEK_CAT | cut -d':' -f2 | sort -k1 -rn | tail -n+$(($(echo $VALUE_BL_DATA | wc -w)+1)) | paste -sd+ | bc))'"
382,39 → 371,39
cat $MODEL_CHARTJS | while read LINE_JS
do
#variable name
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
if [ "$(echo $LINE_JS | grep 'XXCONFXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXCONFXX/$CONF_BL} >> $HTML_REPORT
#chart type
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXTYPEXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXTYPEXX/pie} >> $HTML_REPORT
#graph title
elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXTITLEXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXTITLEXX/"Sites bloqués cette semaine"} >> $HTML_REPORT
#chart data
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXDATAXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXDATAXX/$VALUE_BL_DATA} >> $HTML_REPORT
#color
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXCOLORXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
#labels
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXLABELSXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXLABELSXX/$VALUE_BL_LABEL} >> $HTML_REPORT
#display legend, only useful for chart pie
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXLEGENDXX/true} >> $HTML_REPORT
#display value of Y axis, only useful for chart bar
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l)" -eq 1 ]
then
echo "/*" >> $HTML_REPORT
#display value of Y axis, only useful for chart bar
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l)" -eq 1 ]
then
echo "*/" >> $HTML_REPORT
else
430,12 → 419,12
echo "Create AV logs since the installation of ALCASAR"
#decompress every logs, if they exist
if [ $(ls -1 /var/log/havp/access.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
if [ "$(ls -1 /var/log/havp/access.log.*.gz 2>/dev/null | wc -l)" -ge 1 ]
then
gunzip -d access.log.*.gz
fi
for FILE in $(ls -1 /var/log/havp/ | grep 'access.log')
for FILE in /var/log/havp/access.log*
do
while read LINE_AV
do
445,8 → 434,7
H=$(echo $LINE_AV | cut -d' ' -f4)
CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
echo $CURRENT_TS >> $TMP_AV
done < /var/log/havp/$FILE
done < $FILE
done
if [ -e $TMP_AV ]
461,7 → 449,7
for TS_FILE in $(cat $TMP_AV)
do
if [ "$TS_FILE" -le "$DATE_1" -a "$TS_FILE" -ge "$DATE_2" ]
if [ "$TS_FILE" -le "$DATE_1" ] && [ "$TS_FILE" -ge "$DATE_2" ]
then
COUNT_AV=$((COUNT_AV+1))
fi
470,7 → 458,7
VALUE_AV_LABEL="'$(date -d @$DATE_2 "+%Y-%m-%d" )', $VALUE_AV_LABEL"
VALUE_AV_DATA="$COUNT_AV, $VALUE_AV_DATA"
done
#create Antivirus section in html document
NAME_AV='chart_av'
CONF_AV='config_av'
484,41 → 472,41
cat $MODEL_CHARTJS | while read LINE_JS
do
#name of variable
if [ $(echo $LINE_JS | grep 'XXCONFXX' | wc -l) -eq 1 ]
if [ "$(echo $LINE_JS | grep 'XXCONFXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXCONFXX/$CONF_AV} >> $HTML_REPORT
#chart type
elif [ $(echo $LINE_JS | grep 'XXTYPEXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXTYPEXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXTYPEXX/bar} >> $HTML_REPORT
#graph title
elif [ $(echo $LINE_JS | grep 'XXTITLEXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXTITLEXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXTITLEXX/"Menaces bloqués par l\'antivirus"} >> $HTML_REPORT
#chart data
elif [ $(echo $LINE_JS | grep 'XXDATAXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXDATAXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXDATAXX/$VALUE_AV_DATA} >> $HTML_REPORT
#color
elif [ $(echo $LINE_JS | grep 'XXCOLORXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXCOLORXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXCOLORXX/$COLOR} >> $HTML_REPORT
#labels
elif [ $(echo $LINE_JS | grep 'XXLABELSXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXLABELSXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXLABELSXX/$VALUE_AV_LABEL} >> $HTML_REPORT
elif [ $(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXLEGENDXX' | wc -l)" -eq 1 ]
then
echo ${LINE_JS/XXLEGENDXX/false} >> $HTML_REPORT
#display value of Y axis, only useful for chart bar
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXCOMMENT-BEGINXX' | wc -l)" -eq 1 ]
then
echo "" >> $HTML_REPORT
#display value of Y axis, only useful for chart bar
elif [ $(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXCOMMENT-ENDXX' | wc -l)" -eq 1 ]
then
echo "" >> $HTML_REPORT
elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
elif [ "$(echo $LINE_JS | grep 'XXYLABELXX' | wc -l)" -eq 1 ]
then
echo "\"Nombre de menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT
else
538,7 → 526,7
#create new htdigest user to consult statistique of ACC
#if user does not exist, we create him
if [ $(grep "$tmp_account:" $DIR_KEY/key_only_manager | wc -l) -lt 1 ]
if [ "$(grep "$tmp_account:" $DIR_KEY/key_only_manager | wc -l)" -lt 1 ]
then
(echo -n "$tmp_account:$realm:" && echo -n "$tmp_account:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_only_manager
(echo -n "$tmp_account:$realm:" && echo -n "$tmp_account:$realm:$password" | md5sum | awk '{print $1}' ) >> $DIR_KEY/key_manager
557,7 → 545,7
cat $TMP_STATS_2 | sed -e 's:images/pixel.gif:../../manager/htdocs/images/pixel.gif:g' >> $HTML_REPORT
#we delete our user if he still exists
if [ $(grep "$tmp_account:" $DIR_KEY/key_only_manager | wc -l) -ge 1 ]
if [ "$(grep "$tmp_account:" $DIR_KEY/key_only_manager | wc -l)" -ge 1 ]
then
$SED "/^$tmp_account:/d" $DIR_KEY/key_only_manager
$SED "/^$tmp_account:/d" $DIR_KEY/key_manager
595,7 → 583,7
echo "<h2>Connexion à l'ALCASAR Control Center (ACC)</h2>" >> $HTML_REPORT
echo "<table class=\"table table-striped\">" >> $HTML_REPORT
echo "<thead><tr><th>Date</th><th>Utilisateur</th><th>Adresse IP</th><th>Agent</th></tr></thead><tbody>" >> $HTML_REPORT
echo $ROWS >> $HTML_REPORT
echo "$ROWS" >> $HTML_REPORT
echo "</tbody></table>" >> $HTML_REPORT
640,7 → 628,7
echo "<h2>Trafic global</h2>" >> $HTML_REPORT
echo "<table class=\"table table-striped\">" >> $HTML_REPORT
echo "<thead><tr><th>Date</th><th>Entrant</th><th>Sortant</th><th>Total</th></tr></thead><tbody>" >> $HTML_REPORT
echo $ROWS >> $HTML_REPORT
echo "$ROWS" >> $HTML_REPORT
echo "</tbody></table>" >> $HTML_REPORT
698,21 → 686,21
echo "</html>" >> $HTML_REPORT
#convert html document to PDF
/usr/bin/wkhtmltopdf $HTML_REPORT $(echo $HTML_REPORT | cut -d'.' -f1).pdf
chown apache:apache $(echo $HTML_REPORT | cut -d'.' -f1).pdf
chmod 644 $(echo $HTML_REPORT | cut -d'.' -f1).pdf
mv $(echo $HTML_REPORT | cut -d'.' -f1).pdf /var/Save/activity_report/
/usr/bin/wkhtmltopdf $HTML_REPORT "$(echo $HTML_REPORT | cut -d'.' -f1).pdf"
chown apache:apache "$(echo $HTML_REPORT | cut -d'.' -f1).pdf"
chmod 644 "$(echo $HTML_REPORT | cut -d'.' -f1).pdf"
mv "$(echo $HTML_REPORT | cut -d'.' -f1).pdf" /var/Save/activity_report/
#compress every logs, if they exist
if [ $(ls -1 /var/log/havp/access.log.* 2>/dev/null | wc -l) -ge 1 ]
if [ "$(ls -1 /var/log/havp/access.log.* 2>/dev/null | wc -l)" -ge 1 ]
then
gzip /var/log/havp/access.log.*
fi
#compress every logs
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.* 2>/dev/null | wc -l) -ge 1 ]
if [ "$(ls -1 /var/log/unbound/unbound-blacklist.log.* 2>/dev/null | wc -l)" -ge 1 ]
then
gzip /var/log/dnsmasq/dnsmasq-blacklist.log.*
gzip /var/log/unbound/unbound-blacklist.log.*
fi
#remove our files

/scripts/alcasar-bl.sh
6,16 → 6,14
# by Franck BOUIJOUX and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via E2guardian)
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (E2guardian)
# Gestion de la BL pour le filtrage de domaine (via unbound) et d'URL (via E2guardian)
# Manage the BL for DnsBlackHole (unbound) and URL filtering (E2guardian)
DIR_CONF="/usr/local/etc"
CONF_FILE="$DIR_CONF/alcasar.conf"
private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address
DIR_tmp="/tmp/blacklists"
DIR_WL_tmp="/tmp/whitelists"
FILE_tmp="/tmp/filesfilter.txt"
FILE_ip_tmp="/tmp/filesipfilter.txt"
DIR_DG="/etc/e2guardian/lists"
26,15 → 24,15
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" # ' ' BL enabled categories
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled" # ' ' WL enabled categories
DIR_SHARE="/usr/local/share"
DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl" # all the BL in the DNSMASQ format
DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl" # all the WL ' ' '
DIR_DNS_BL="$DIR_SHARE/unbound-bl" # all the BL in the Unbound format
DIR_DNS_WL="$DIR_SHARE/unbound-wl" # all the WL ' ' '
DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL
DIR_IP_WL="$DIR_SHARE/iptables-wl" # IP ossi disabled WL
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the domains BL (only enabled categories)
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' '
DIR_DNS_BL_ENABLED="$DIR_SHARE/unbound-bl-enabled" # symbolic link to the domains BL (only enabled categories)
DIR_DNS_WL_ENABLED="$DIR_SHARE/unbound-wl-enabled" # ' ' ' WL ' '
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories)
DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled" # ' ' ip WL (ossi and ossi-* imported from ACC)
DNS1=`grep ^DNS1= $CONF_FILE | cut -d'=' -f2-` # server DNS1 (for WL domain names)
REHABILITATED_DNS_FILE="/etc/unbound/conf.d/blacklist/rehabilitated.conf"
BL_SERVER="dsi.ut-capitole.fr"
SED="/bin/sed -i"
47,7 → 45,7
then
mkdir $LIST
else
rm -rf $LIST/*
rm -rf ${LIST:?}/*
fi
chown root:apache $LIST
chmod 770 $LIST
69,7 → 67,7
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE
ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE
# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # Blacklisted domains are managed by dnsmasq
# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # Blacklisted domains are managed by unbound
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist
done
sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp
101,7 → 99,7
$SED '/[äâëêïîöôüû@,]/d' $FILE_tmp # remove line with "chelou" characters
# extract ip addresses for iptables.
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $FILE_tmp > $FILE_ip_tmp
# extract domain names for dnsmasq.
# extract domain names for unbound.
$SED -n '/^\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/!p' $FILE_tmp
# Retrieve max Top Level Domain for domain name synthax
#MAX_TLD=$(curl http://data.iana.org/TLD/tlds-alpha-by-domain.txt | grep -v '-' | grep -v '#' | wc -L)
142,7 → 140,7
-cat_choice | --cat_choice)
cat_choice
;;
# Adapt Toulouse University BL to ALCASAR architecture (dnsmasq + DG + iptables)
# Adapt Toulouse University BL to ALCASAR architecture (unbound + DG + iptables)
-adapt | --adapt)
echo -n "Adaptation process of Toulouse University blackList. Please wait : "
if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL
231,7 → 229,8
$SED "/^$ENABLE_CATEGORIE$/d" $WL_CATEGORIES_ENABLED
fi
done
# Creation of DNSMASQ and Iptables BL and WL
# Creation of Unbound and Iptables BL and WL
for LIST in $BL_CATEGORIES $WL_CATEGORIES # for each list (bl and wl)
do
for PATH_FILE in `cat $LIST` # for each category
244,16 → 243,16
chown e2guardian:apache $PATH_FILE/urls
fi
cp $PATH_FILE/domains $FILE_tmp
clean_split # clean ossi custom files & split them for dnsmasq and for iptables
clean_split # clean ossi custom files & split them for unbound and for iptables
if [ "$LIST" == "$BL_CATEGORIES" ]
then
# adapt to the dnsmasq syntax for the blacklist
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
# adapt to the unbound syntax for the blacklist
$SED "s?.*?local-zone: & typetransparent\nlocal-zone-tag: & blacklist?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
else
# adapt to the dnsmasq syntax for the whitelist
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
# adapt to the unbound syntax for the whitelist
$SED "s?.*?local-zone: & transparent?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
fi
done
276,27 → 275,28
URL=$(echo $LIGNE_RSYNC | cut -d' ' -f2)
PATH_FILE=$(find $DIR_DG_BL/ -type d -name $CATEGORIE) # retrieve directory name of the category
rsync -rv $URL $(dirname $PATH_FILE ) #rsync inside of the blacklist directory
# Creation of DNSMASQ and Iptables BL and WL
# Creation of unbound and Iptables BL and WL
DOMAIN=$(basename $PATH_FILE)
cp $PATH_FILE/domains $FILE_tmp
clean_split # clean ossi custom files & split them for dnsmasq and for iptables
clean_split # clean ossi custom files & split them for unbound and for iptables
black=`grep black $PATH_FILE/usage |wc -l`
if [ $black == "1" ]
then
# adapt to the dnsmasq syntax for the blacklist
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
# adapt to the unbound syntax for the blacklist
$SED "s?.*?local-zone: & typetransparent\nlocal-zone-tag: & blacklist?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
else
# adapt to the dnsmasq syntax for the whitelist
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
# adapt to the unbound syntax for the whitelist
$SED "s?.*?local-zone: & transparent?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
mv $FILE_ip_tmp $DIR_IP_WL/$DOMAIN
fi
rm -f $FILE_tmp $FILE_ip_tmp
done
/usr/bin/systemctl restart unbound-whitelist
/usr/bin/systemctl restart dnsmasq-whitelist
/usr/bin/systemctl restart dnsmasq-blacklist
/usr/bin/systemctl restart unbound-blacklist
/usr/bin/systemctl restart e2guardian
/usr/local/bin/alcasar-iptables.sh
else
308,17 → 308,16
-reload | --reload)
# for DG
cat_choice
# for dnsmasq (rehabited domain names)
if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ]
# for unbound (rehabilitated domain names)
rm -f $REHABILITATED_DNS_FILE
if [ "$(wc -w $DIR_DG/exceptionsitelist | cut -d " " -f1)" != "0" ]
then
rm -f $DIR_DNS_BL_ENABLED/authorized-ossi-bl $DIR_DNS_BL/authorized-ossi-bl.conf
touch $DIR_DNS_BL/authorized-ossi-bl.conf
for i in `cat $DIR_DG/exceptionsitelist`
do
$SED "/$i/d" $DIR_DNS_BL/*
echo "server=/$i/#" >> $DIR_DNS_BL/authorized-ossi-bl.conf
done
ln -s $DIR_DNS_BL/authorized-ossi-bl.conf $DIR_DNS_BL_ENABLED/authorized-ossi-bl
touch $REHABILITATED_DNS_FILE
while read -r domain; do
[ -z "$domain" ] && continue
echo "local-zone: $domain typetransparent" >> $REHABILITATED_DNS_FILE
echo "local-zone-tag: $domain \"\"" >> $REHABILITATED_DNS_FILE
done < $DIR_DG/exceptionsitelist
fi
# adapt OSSI BL & WL custom files
for dir in $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
341,12 → 340,12
fi
$SED "s/\r//" $ossi_custom_dir/domains $ossi_custom_dir/urls # remove Windows <CR> from custom file
cp $ossi_custom_dir/domains $FILE_tmp
clean_split # clean ossi custom files & split them for dnsmasq and for iptables
clean_split # clean ossi custom files & split them for unbound and for iptables
if [ $categorie_type == "white" ]
then
# adapt the file to the dnsmasq syntax and enable it if needed
# adapt the file to the unbound syntax and enable it if needed
# for the WL
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
$SED "s?.*?local-zone: & transparent?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_WL/$ossi_categorie.conf
mv $FILE_ip_tmp $DIR_IP_WL/$ossi_categorie
enabled=`grep ^$ossi_categorie$ $WL_CATEGORIES_ENABLED | wc -l`
359,7 → 358,7
fi
else
# for the BL
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
$SED "s?.*?local-zone: & typetransparent\nlocal-zone-tag: & blacklist?g" $FILE_tmp
mv $FILE_tmp $DIR_DNS_BL/$ossi_categorie.conf
mv $FILE_ip_tmp $DIR_IP_BL/$ossi_categorie
enabled=`grep ^$ossi_categorie$ $BL_CATEGORIES_ENABLED | wc -l`
383,7 → 382,8
chmod 660 $DIR_DNS_BL/* $DIR_DNS_WL/* $DIR_IP_BL/* $DIR_IP_WL/*
if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage
then
/usr/bin/systemctl restart dnsmasq-blacklist
/usr/bin/systemctl restart unbound-blacklist
/usr/bin/systemctl restart unbound-whitelist
/usr/bin/systemctl restart dnsmasq-whitelist
/usr/bin/systemctl restart e2guardian
/usr/local/bin/alcasar-iptables.sh

/scripts/alcasar-bypass.sh
9,7 → 9,6
# enable / disable the bypass of authentication process and WEB filtering
usage="Usage: alcasar-bypass.sh {--on or -on } | {--off or -off}"
SED="/bin/sed -i"
CONF_FILE="/usr/local/etc/alcasar.conf"
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
25,7 → 24,7
echo "$usage"
exit 0
;;
--on | -on)
--on | -on)
/usr/local/bin/alcasar-logout.sh all
/usr/bin/systemctl stop chilli
cp -f /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF /etc/sysconfig/network-scripts/ifcfg-$INTIF
34,11 → 33,7
DHCP=`grep ^DHCP= $CONF_FILE|cut -d"=" -f2`
if [ $DHCP != off ]
then
$SED "/^#dhcp-range=/s/^#//" /etc/dnsmasq.conf # dnsmasq become the DHCP server
$SED "/^#dhcp-option=/s/^#//" /etc/dnsmasq.conf
$SED "/^#domain=/s/^#//" /etc/dnsmasq.conf
$SED "s?^no-dhcp-interface.*?#&?g" /etc/dnsmasq.conf
/usr/bin/systemctl restart dnsmasq
/usr/bin/systemctl start dhcpd
fi
rm -f /etc/cron.d/alcasar-daemon-watchdog # don't restart daemons (specially coova)
48,11 → 43,7
--off | -off)
cp -f /etc/sysconfig/network-scripts/default-ifcfg-$INTIF /etc/sysconfig/network-scripts/ifcfg-$INTIF
ifup $INTIF
$SED "s?^dhcp-range=.*?#&?g" /etc/dnsmasq.conf # dnsmasq is no more the DHCP server (it's coova)
$SED "s?^dhcp-option=.*?#&?g" /etc/dnsmasq.conf
$SED "s?^domain=.*?#&?g" /etc/dnsmasq.conf
$SED "/^#no-dhcp-interface/s/^#//" /etc/dnsmasq.conf
/usr/bin/systemctl restart dnsmasq
/usr/bin/systemctl stop dhcpd
/usr/bin/systemctl start chilli
sh /usr/local/bin/alcasar-iptables.sh
# activation of the "daemon-watchdog" every 18'

/scripts/alcasar-conf.sh
14,14 → 14,12
# - load the backup of configuration files during the update process (alcasar-conf -load). If needed, it's here we update files between versions
# - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification are needed (alcasar-conf -apply)
new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers
fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde
DIR_UPDATE="/var/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour
DIR_WEB="/var/www/html" # répertoire du centre de gestion
DIR_BIN="/usr/local/bin" # scripts directory
DIR_ETC="/usr/local/etc" # conf directory
DIR_SHARE="/usr/local/share" # data directory
DIR_BLACKLIST="/etc/e2guardian/lists/blacklists" # Toulouse BL directory
DIR_E2G="/etc/e2guardian/lists" # Toulouse BL directory
DIR_BLACKLIST="$DIR_E2G/blacklists" # Toulouse BL directory
CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
34,7 → 32,6
SED="/bin/sed -i"
DNS1=`grep ^DNS1= $CONF_FILE | cut -d'=' -f2` # server DNS1 (for WL domain names)
DOMAIN=${DOMAIN:=localdomain}
DATE=`date '+%d %B %Y - %Hh%M'`
private_network_calc ()
{
41,13 → 38,11
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0)
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24)
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # classes de réseau (ex.: 2=classe B, 3=classe C)
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; # classes de réseau (ex.: 2=classe B, 3=classe C)
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.)
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255)
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast
private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4` # last octet of LAN address
PRIVATE_FIRST_IP=$PRIVATE_IP # First network address (ex.: 192.168.182.1)
PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1` # second network address (ex.: 192.168.182.2)
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254)
PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6| sed 's/:/-/g'| awk '{print toupper($0)}'` # MAC address of INTIF
66,12 → 61,12
echo "$usage"
exit 0
;;
--create|-create)
--create|-create)
[ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE
mkdir $DIR_UPDATE
# backup the users database (test to delete in future version)
$DIR_BIN/alcasar-mysql.sh --dump
cp /var/Save/base/`ls -1t /var/Save/base|head -1` $DIR_UPDATE
cp /var/Save/base/"$(ls -1t /var/Save/base|head -1)" $DIR_UPDATE
# backup the logo
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
# backup BL/WL custom files
82,7 → 77,7
cp /etc/dansguardian/lists/$i $DIR_UPDATE/custom_bl/ # before V3.3
cp -rf /etc/dansguardian/lists/blacklists/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
else
cp /etc/e2guardian/lists/$i $DIR_UPDATE/custom_bl/ # since V3.3
cp $DIR_E2G/$i $DIR_UPDATE/custom_bl/ # since V3.3
cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
fi
done
101,8 → 96,35
else
cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt
fi
# pureip & safesearch status
[ -d /etc/dansguardian ] && dg_path=/etc/dansguardian || dg_path=/etc/e2guardian
if ! grep -Eq '^WL_SAFESEARCH=' $DIR_UPDATE/etc/alcasar.conf; then
if [ -f /etc/dnsmasq-whitelist.conf ] && grep -iq "SafeSearch" /etc/dnsmasq-whitelist.conf; then
echo 'WL_SAFESEARCH=on' >> $DIR_UPDATE/etc/alcasar.conf
else
echo 'WL_SAFESEARCH=off' >> $DIR_UPDATE/etc/alcasar.conf
fi
fi
if ! grep -Eq '^BL_SAFESEARCH=' $DIR_UPDATE/etc/alcasar.conf; then
if [ -f /etc/dnsmasq-blacklist.conf ] && grep -iq "SafeSearch" /etc/dnsmasq-blacklist.conf; then
echo 'BL_SAFESEARCH=on' >> $DIR_UPDATE/etc/alcasar.conf
else
echo 'BL_SAFESEARCH=off' >> $DIR_UPDATE/etc/alcasar.conf
fi
fi
if ! grep -Eq '^BL_PUREIP=' $DIR_UPDATE/etc/alcasar.conf; then
if grep -Eq "^\*ip" $dg_path/lists/bannedsitelist; then
echo 'BL_PUREIP=on' >> $DIR_UPDATE/etc/alcasar.conf
else
echo 'BL_PUREIP=off' >> $DIR_UPDATE/etc/alcasar.conf
fi
fi
# archive file creation
cd /var/tmp
cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
tar -cf alcasar-conf.tar conf/
gzip -f alcasar-conf.tar
rm -rf $DIR_UPDATE
109,7 → 131,7
;;
--load|-load)
cd /var/tmp
cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
tar -xf alcasar-conf*.tar.gz
######################### modifications between versions #######################
# Retrieve the previous version
123,7 → 145,7
HOSTNAME=`grep ^HOSTNAME= $CONF_FILE|cut -d"=" -f2-`
domainNames="$HOSTNAME $HOSTNAME.$DOMAIN"
[ "$HOSTNAME" != 'alcasar' ] && domainNames="alcasar $domainNames"
if [ $(grep -c "$PRIVATE_IP\s$domainNames" $DIR_UPDATE/etc/hosts ) -eq 0 ]; then
if [ "$(grep -c "$PRIVATE_IP\s$domainNames" $DIR_UPDATE/etc/hosts )" -eq 0 ]; then
cat << EOF > $DIR_UPDATE/etc/hosts
127.0.0.1 localhost
$PRIVATE_IP $domainNames
130,7 → 152,7
EOF
fi
## apache & dansguardian are replaced with lighttpd & E²guardian
if [ $(rpm -qa | grep '^\(apache\|apache-mod_php\|apache-mod_ssl\|dansguardian\)-' | wc -l) -ne 0 ]; then
if [ "$(rpm -qa | grep '^\(apache\|apache-mod_php\|apache-mod_ssl\|dansguardian\)-' | wc -l)" -ne 0 ]; then
rm_rpm="apache apache-mod_php apache-mod_ssl dansguardian"
/usr/sbin/urpme --auto -a $rm_rpm 2>/dev/null
/usr/sbin/urpme --auto --auto-orphans
140,12 → 162,17
[ ! -f $DIR_UPDATE/alcasar.pem ] && (cat $DIR_UPDATE/alcasar.key; echo; cat $DIR_UPDATE/alcasar.crt) > $DIR_UPDATE/alcasar.pem
## From 3.3.0 ##
# add "SMS=off" in conf file
if [ $(grep -c '^SMS=' $DIR_UPDATE/etc/alcasar.conf) -eq 0 ]; then
if [ "$(grep -c '^SMS=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
echo "SMS=off" >> $DIR_UPDATE/etc/alcasar.conf
fi
if [ $(grep -c '^SMS_NUM=' $DIR_UPDATE/etc/alcasar.conf) -eq 0 ]; then
if [ "$(grep -c '^SMS_NUM=' $DIR_UPDATE/etc/alcasar.conf)" -eq 0 ]; then
echo "SMS_NUM=" >> $DIR_UPDATE/etc/alcasar.conf
fi
## From 3.4.0 ##
# Fix subdomain dot position (.domain.org to domain.org.) for Unbound
for file in $DIR_E2G/exceptionsitelist $DIR_BLACKLIST/ossi-bl*/domains $DIR_BLACKLIST/ossi-wl*/domains; do
[ -f $file ] && $SED "s/^\.\(.*\)$/\1./g" $file
done
###################### End of modifications between versions #######################
# Retrieve the logo
[ -e $DIR_UPDATE/organisme.png ] && cp -f $DIR_UPDATE/organisme.png $DIR_WEB/images/
155,26 → 182,26
cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
cp -f $DIR_UPDATE/alcasar.pem /etc/pki/tls/private/
cp -f $DIR_UPDATE/alcasar.pem /etc/pki/tls/private/
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
chown -R root:apache /etc/pki
chmod -R 750 /etc/pki
# Import of the users database
$DIR_BIN/alcasar-mysql.sh --import `ls $DIR_UPDATE/alcasar-users-database*`
$DIR_BIN/alcasar-mysql.sh --import "$(ls $DIR_UPDATE/alcasar-users-database*)"
# Retrieve local parameters
cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
mv -f $DIR_UPDATE/etc/hosts /etc/hosts
chmod 755 /etc/hosts
# Retrieve BL/WL custom files
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/bannedsitelist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/exceptionurllist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/bannedurllist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/exceptioniplist $DIR_E2G/
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist $DIR_E2G/
cp -f $DIR_UPDATE/custom_bl/urlregexplist $DIR_E2G/
cp -f $DIR_UPDATE/custom_bl/bannedsitelist $DIR_E2G/
cp -f $DIR_UPDATE/custom_bl/exceptionurllist $DIR_E2G/
cp -f $DIR_UPDATE/custom_bl/bannedurllist $DIR_E2G/
cp -rf $DIR_UPDATE/custom_bl/ossi-* $DIR_BLACKLIST/ 2>/dev/null
chown -R e2guardian:apache /etc/e2guardian/lists
chmod -R g+rw /etc/e2guardian/lists
chown -R e2guardian:apache $DIR_E2G
chmod -R g+rw $DIR_E2G
# Adapt DNS/URL filtering
PARENT_SCRIPT=`basename $0`
export PARENT_SCRIPT
197,9 → 224,8
--apply|-apply)
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
check=$(echo $PRIVATE_IP_MASK | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
if ! echo $PRIVATE_IP_MASK | egrep -q $PTN
then
echo "Syntax error for PRIVATE_IP_MASK ($PRIVATE_IP_MASK)"
exit 0
fi
210,9 → 236,8
PUBLIC_GATEWAY="dhcp"
else
check=$(echo $PUBLIC_IP_MASK | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
if ! echo $PUBLIC_IP_MASK | egrep -q $PTN
then
echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"
exit 0
fi
219,24 → 244,21
PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1`
PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2`
PUBLIC_GATEWAY=`grep ^GW= $CONF_FILE|cut -d"=" -f2`
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
if ! echo $PUBLIC_GATEWAY | egrep -q $PTN
then
echo "Syntax error for the Gateway IP ($PUBLIC_GATEWAY)"
exit 0
fi
fi
DNS1=`grep ^DNS1= $CONF_FILE|cut -d"=" -f2`
check=$(echo $DNS1 | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
if ! echo $DNS1 | egrep -q $PTN
then
echo "Syntax error for the IP address of the first DNS server ($DNS1)"
exit 0
fi
DNS2=`grep ^DNS2= $CONF_FILE|cut -d"=" -f2`
check=$(echo $DNS2 | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
if ! echo $DNS2 | egrep -q $PTN
then
echo "Syntax error for the IP address of the second DNS server ($DNS2)"
exit 0
fi
245,10 → 267,13
private_network_calc
INSTALL_DATE=`grep ^INSTALL_DATE= $CONF_FILE|cut -d"=" -f2`
ORGANISME=`grep ^ORGANISM= $CONF_FILE|cut -d"=" -f2-`
BL_SAFESEARCH=`grep ^BL_SAFESEARCH= $CONF_FILE|cut -d"=" -f2`
WL_SAFESEARCH=`grep ^WL_SAFESEARCH= $CONF_FILE|cut -d"=" -f2`
BL_PUREIP=`grep ^BL_PUREIP= $CONF_FILE|cut -d"=" -f2`
DHCP_mode=`grep ^DHCP= $CONF_FILE|cut -d"=" -f2`
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't launch on install stage
then
if [ $DHCP_mode = "off" ] || [ $DHCP_mode = "Off" ] || [ $DHCP_mode = "OFF" ]
if [ "$DHCP_mode" = "off" ] || [ "$DHCP_mode" = "Off" ] || [ "$DHCP_mode" = "OFF" ]
then
$DIR_BIN/alcasar-dhcp.sh --off
else
256,7 → 281,7
fi
# Set the local DNS (or not)
if [ $INT_DNS_mode = "on" ] || [ $INT_DNS_mode = "On" ] || [ $INT_DNS_mode = "ON" ]
if [ "$INT_DNS_mode" = "on" ] || [ "$INT_DNS_mode" = "On" ] || [ "$INT_DNS_mode" = "ON" ]
then
$DIR_BIN/alcasar-dns-local.sh --on
else
263,11 → 288,40
$DIR_BIN/alcasar-dns-local.sh --off
fi
# Set the pure ip option (or not)
if [ "$BL_PUREIP" = "off" ] || [ "$BL_PUREIP" = "Off" ] || [ "$BL_PUREIP" = "OFF" ]
then
bl_filter_param+="--pureip_off"
else
bl_filter_param+="--pureip_on"
fi
# Set the safesearch options (or not)
bl_filter_param=""
if [ "$BL_SAFESEARCH" = "on" ] || [ "$BL_SAFESEARCH" = "On" ] || [ "$BL_SAFESEARCH" = "ON" ]
then
bl_filter_param+="--safesearch_on "
else
bl_filter_param+="--safesearch_off "
fi
$DIR_BIN/alcasar-url_filter_bl.sh $bl_filter_param
if [ "$WL_SAFESEARCH" = "on" ] || [ "$WL_SAFESEARCH" = "On" ] || [ "$WL_SAFESEARCH" = "ON" ]
then
$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_on
else
$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_off
fi
# Reload the local dns configuration
$DIR_BIN/alcasar-dns-local.sh --reload
# Logout everybody
$DIR_BIN/alcasar-logout.sh all
$DIR_BIN/alcasar-logout.sh all
# Services stop
echo -n "Stop services : "
for i in ntpd tinyproxy e2guardian dnsmasq dnsmasq-whitelist dnsmasq-blacklist dnsmasq-blackhole chilli network lighttpd
for i in ntpd tinyproxy e2guardian unbound unbound-whitelist dnsmasq-whitelist unbound-blacklist unbound-blackhole chilli network lighttpd
do
/usr/bin/systemctl stop $i && echo -n "$i, "
done
292,7 → 346,7
MTU=$MTU
NOZEROCONF=yes
EOF
else
else
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
DEVICE=$EXTIF
BOOTPROTO=static
317,7 → 371,7
$SED "s?^NETMASK=.*?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF
# NTP server
$SED "/127.0.0.1/!s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap?g" /etc/ntp.conf
# host.allow
# host.allow
cat <<EOF > /etc/hosts.allow
ALL: LOCAL, 127.0.0.1, localhost, $PRIVATE_IP
sshd: ALL
335,9 → 389,9
# MOTD
$SED "s@'https://\(.\+\)/acc'@'https://$HOSTNAME.$DOMAIN/acc'@" /etc/mageia-release
# Lighttpd
$SED "s?^server\.bind.*?server\.bind = \"$HOSTNAME.$DOMAIN\"?g" /etc/lighttpd/lighttpd.conf
$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$HOSTNAME.$DOMAIN"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf
$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$HOSTNAME.$DOMAIN\"/g" /etc/lighttpd/vhosts.d/alcasar.conf
$SED "s?^server\.bind.*?server\.bind = \"$PRIVATE_IP\"?g" /etc/lighttpd/lighttpd.conf
$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$PRIVATE_IP"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf
$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$PRIVATE_IP\"/g" /etc/lighttpd/vhosts.d/alcasar.conf
# FreeRADIUS Web
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
344,7 → 398,7
# coova
$SED "s/^uamallowed.*/uamallowed\t$HOSTNAME,$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
[ `grep ^HTTPS_LOGIN= $CONF_FILE | cut -d'=' -f2` == "on" ] && chilli_login_protocol="https" || chilli_login_protocol="http"
[ "`grep ^HTTPS_LOGIN= $CONF_FILE | cut -d'=' -f2`" == "on" ] && chilli_login_protocol="https" || chilli_login_protocol="http"
$SED "s/^uamserver.*/uamserver\t$chilli_login_protocol:\/\/$HOSTNAME.$DOMAIN\/intercept.php/" /etc/chilli.conf
$SED "s/^radiusnasid.*/radiusnasid\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
$SED "s?^net.*?net\t\t$PRIVATE_NETWORK_MASK?g" /etc/chilli.conf
353,31 → 407,115
$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf
# modify the DHCP static ip file. Reserve the second IP address for INTIF (the first one is for tun0). Keep previous entries
$SED "s?^$PRIVATE_MAC.*?$PRIVATE_MAC $PRIVATE_SECOND_IP?" $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info
# dnsmasq
$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf /etc/dnsmasq-blackhole.conf
for i in /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf
do
$SED "/^server=/d" $i
echo "server=$DNS1" >> $i
echo "server=$DNS2" >> $i
done
$SED "s?^address=.*?address=/#/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf
for i in `ls $DIR_SHARE/dnsmasq-wl`
do
cat $DIR_SHARE/dnsmasq-wl/$i|cut -d"/" -f1,2 > /tmp/tmp_file
$SED "s/$/\/$DNS1/" /tmp/tmp_file
mv -f /tmp/tmp_file $DIR_SHARE/dnsmasq-wl/$i
done
chown root:apache $DIR_SHARE/dnsmasq-wl/*
chmod 660 $DIR_SHARE/dnsmasq-wl/*
$SED "s@^\([#]\?\)dhcp-range=.*@\1dhcp-range=$PRIVATE_SECOND_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h@" /etc/dnsmasq.conf
$SED "s@^\([#]\?\)dhcp-option=option:router.*@\1dhcp-option=option:router,$PRIVATE_IP@" /etc/dnsmasq.conf
$SED "s@^\([#]\?\)dhcp-option=option:ntp-server.*@\1dhcp-option=option:ntp-server,$PRIVATE_IP@" /etc/dnsmasq.conf
networkDomain='localdomain'
# networkDomain="$DOMAIN" (/!\ this domain (and its subdomains) will not be resolved by the external DNS servers)
$SED "s?^local=.*?local=/$networkDomain/?g" $DIR_ETC/alcasar-dns-name
$SED "s?^domain=.*?domain=$networkDomain?g" $DIR_ETC/alcasar-dns-name
# tinyproxy
# dnsmasq-whitelist
$SED "/^server=/d" /etc/dnsmasq-whitelist.conf
echo "server=$DNS1" >> /etc/dnsmasq-whitelist.conf
echo "server=$DNS2" >> /etc/dnsmasq-whitelist.conf
# unbound
# removing unbound configuration files
rm -f /etc/unbound/conf.d/{forward,blacklist,whitelist,blackhole}/iface.*
rm -f /etc/unbound/conf.d/common/forward-zone.conf
find /etc/unbound/conf.d/common/local-dns/ ! -name "global.conf" -type f -delete
# Configuration file for the dns servers forward-zone
cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf
forward-zone:
name: "."
forward-addr: $DNS1
forward-addr: $DNS2
EOF
# Configuration file of ALCASAR main domains for $INTIF
cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
server:
local-zone: "$HOSTNAME.$DOMAIN" static
local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"
local-zone: "$HOSTNAME" static
local-data: "$HOSTNAME A $PRIVATE_IP"
EOF
# Configuration file for lo of forward unbound
cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf
server:
interface: 127.0.0.1@53
access-control-view: 127.0.0.1/8 lo
view:
name: "lo"
view-first: yes
local-zone: "$HOSTNAME.$DOMAIN" static
local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1"
local-zone: "$HOSTNAME" static
local-data: "$HOSTNAME A 127.0.0.1"
local-zone: "$DOMAIN." static
local-data: "$DOMAIN. A"
EOF
if [ "$HOSTNAME" != 'alcasar' ]
then
echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
echo -e "\tlocal-zone: \"alcasar A $PRIVATE_IP\"" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf
echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf
fi
# Configuration file for $INTIF of forward unbound
cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf
server:
interface: ${PRIVATE_IP}@53
access-control-view: $PRIVATE_NETWORK_MASK $INTIF
view:
name: "$INTIF"
view-first: yes
EOF
# Configuration file for $INTIF of blacklist unbound
cat << EOF > /etc/unbound/conf.d/blacklist/iface.${INTIF}.conf
server:
interface: ${PRIVATE_IP}@54
access-control: $PRIVATE_IP_MASK allow
access-control-tag: $PRIVATE_IP_MASK "blacklist"
access-control-tag-action: $PRIVATE_IP_MASK "blacklist" redirect
access-control-tag-data: $PRIVATE_IP_MASK "blacklist" "A $PRIVATE_IP"
EOF
# Configuration file for $INTIF of whitelist unbound
cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf
server:
interface: ${PRIVATE_IP}@55
access-control: $PRIVATE_IP_MASK allow
access-control-tag: $PRIVATE_IP_MASK "whitelist"
access-control-tag-action: $PRIVATE_IP_MASK "whitelist" redirect
access-control-tag-data: $PRIVATE_IP_MASK "whitelist" "A $PRIVATE_IP"
EOF
# Configuration file for $INTIF of blackhole unbound
cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf
server:
interface: ${PRIVATE_IP}@56
access-control-view: $PRIVATE_NETWORK_MASK $INTIF
view:
name: "$INTIF"
local-zone: "." redirect
local-data: ". A $PRIVATE_IP"
EOF
# dhcpd
cat <<EOF > /etc/dhcpd.conf
ddns-update-style none;
subnet $PRIVATE_NETWORK netmask $PRIVATE_NETMASK {
option routers $PRIVATE_IP;
option subnet-mask $PRIVATE_NETMASK;
option domain-name-servers $PRIVATE_IP;
range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;
default-lease-time 21600;
max-lease-time 43200;
}
EOF
# tinyproxy
$SED "s?^Listen.*?Listen $PRIVATE_IP?g" /etc/tinyproxy/tinyproxy.conf
# DG + BL
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/e2guardian/e2guardian.conf
392,12 → 530,12
# Services start
/usr/bin/systemctl start network && echo -n "Start service : network" && sleep 1
$DIR_BIN/alcasar-dhcp.sh -$DHCP_mode && echo -n ", chilli" # apply DHCP mode and start CoovaChilli
for i in dnsmasq dnsmasq-blackhole tinyproxy ntpd
for i in unbound unbound-blackhole tinyproxy ntpd
do
sleep 1
/usr/bin/systemctl start $i && echo -n ", $i"
done
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", dnsmasq-blacklist, dnsmasq-whitelist, e2guardian, iptables"
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", unbound-blacklist, unbound-whitelist, dnsmasq-whitelist, e2guardian, iptables"
/usr/bin/systemctl restart lighttpd && echo -n ", lighttpd"
fi
# Start / Stop SSH Daemon
417,7 → 555,7
fi
fi
# Start / Stop LDAP authentification
if [ LDAP_mode = "on" ] || [ $LDAP_mode = "On" ] || [ $LDAP_mode = "ON" ]
if [ $LDAP_mode = "on" ] || [ $LDAP_mode = "On" ] || [ $LDAP_mode = "ON" ]
then
$DIR_BIN/alcasar-ldap.sh
fi
424,7 → 562,7
echo
;;
*)
echo "Argument inconnu :$1";
echo "Argument inconnu : $1";
echo "$usage"
exit 1
;;

/scripts/alcasar-daemon.sh
16,7 → 16,7
LDAP=${LDAP:=off}
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2` # INTIF name
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2` # EXTIF name
SERVICES="mysqld lighttpd php-fpm ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
SERVICES="mysqld lighttpd php-fpm ntpd havp unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
nb_available_srv=`echo $SERVICES|wc -w`
function ServiceTest () {

/scripts/alcasar-dhcp.sh
12,7 → 12,6
SED="/bin/sed -i"
CHILLI_CONF_FILE="/etc/chilli.conf"
ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf"
DNSMASQ_CONF_FILE="/etc/dnsmasq.conf"
# define DHCP parameters (LAN side)
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $ALCASAR_CONF_FILE|cut -d"=" -f2`
72,7 → 71,6
$SED "s?^DHCP.*?DHCP=on?g" $ALCASAR_CONF_FILE
$SED "s?^dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE
$SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE
87,4 → 85,3
exit 1
;;
esac

/scripts/alcasar-dns-local.sh
1,7 → 1,7
#!/bin/bash
# $Id$
# alcasar-dns-interne.sh
# alcasar-dns-local.sh
# by Rexy - 3abtux
# This script is distributed under the Gnu General Public License (GPL)
11,17 → 11,17
SED="/bin/sed -i"
ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf"
DNSMASQ_CONF_FILE="/etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf"
LOCAL_DOMAIN_CONF_FILE="/usr/local/etc/alcasar-dns-name"
LOCAL_DOMAIN_CONF_FILE="/etc/unbound/conf.d/common/local-forward/dns-redirector.conf"
LOCAL_HOSTNAME_FILE="/etc/hosts"
LOCAL_DNS_FILE="/etc/unbound/conf.d/common/local-dns/global.conf"
# define DNS parameters (LAN side)
INT_DNS_DOMAIN=`grep INT_DNS_DOMAIN $ALCASAR_CONF_FILE|cut -d"=" -f2` # Nom du domaine DNS interne
INT_DNS_DOMAIN=`grep INT_DNS_DOMAIN $ALCASAR_CONF_FILE|cut -d"=" -f2` # Nom du domaine DNS interne
INT_DNS_IP=`grep INT_DNS_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse du serveur DNS interne
INT_DNS_ACTIVE=`grep INT_DNS_ACTIVE $ALCASAR_CONF_FILE|cut -d"=" -f2` # Activation de la redirection DNS interne
INT_DNS_ACTIVE=`grep INT_DNS_ACTIVE $ALCASAR_CONF_FILE|cut -d"=" -f2` # Activation de la redirection DNS interne
usage="Usage: alcasar-dns-interne.sh {--on | -on} | {--off | -off} | {--add | -add}"
usage="Usage: alcasar-dns-local.sh {--on | -on} | {--off | -off} | {--add | -add} ip domain | {--del | -del} ip domain | {--reload | -reload}"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
29,13 → 29,31
echo "$usage"
exit 1
fi
function restart_dns(){
for dns in dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole
for dns in unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole
do
systemctl restart $dns
done
}
function hosts_to_unbound(){
# Empty the local DNS file
echo "server:" > $LOCAL_DNS_FILE
while read -r line
do
ip_address=$(echo $line | awk '{ print $1 }')
domain=$(echo $line | awk '{ print $2 }')
if ! echo $line | grep -E -q "^([0-9\.\t ]+alcasar( |$)|127\.0\.0)"
then
echo -e "\tlocal-zone: \"$domain\" redirect" >> $LOCAL_DNS_FILE
echo -e "\tlocal-data: \"$domain A $ip_address\"" >> $LOCAL_DNS_FILE
fi
done < $LOCAL_HOSTNAME_FILE
}
case $args in
-\? | -h | --h)
echo "$usage"
47,7 → 65,12
echo "$usage"
exit 1
else
# removing if already exists
$SED "/^$2\t$3/d" $LOCAL_HOSTNAME_FILE
# adding to the hosts file
echo -e "$2\t$3" >> $LOCAL_HOSTNAME_FILE
hosts_to_unbound
restart_dns
fi
;;
57,26 → 80,41
echo "$usage"
exit 1
else
$SED "/^$2\t$3/d" SLOCAL_HOSTNAME_FILE
$SED "/^$2\t$3/d" $LOCAL_HOSTNAME_FILE
hosts_to_unbound
restart_dns
fi
;;
--reload|-reload)
hosts_to_unbound
restart_dns
;;
--off|-off) # disable DNS redirector
$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE
$SED "s?^server.*?#&?g" $LOCAL_DOMAIN_CONF_FILE
#$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE
rm -f $LOCAL_DOMAIN_CONF_FILE
$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=off?g" $ALCASAR_CONF_FILE
restart_dns
# Reload firewall
/usr/local/bin/alcasar-iptables.sh
;;
--on|-on) # enable DHCP service on all range of IP addresses
$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE
$SED "s?^server=/.*?server=/$INT_DNS_DOMAIN/$INT_DNS_IP?g" $LOCAL_DOMAIN_CONF_FILE
$SED "s?^#server=/.*?server=/$INT_DNS_DOMAIN/$INT_DNS_IP?g" $LOCAL_DOMAIN_CONF_FILE
--on|-on) # enable DNS redirector
#$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE
cat > $LOCAL_DOMAIN_CONF_FILE << EOF
server:
local-zone: "$INT_DNS_DOMAIN." transparent
forward-zone:
name: "$INT_DNS_DOMAIN."
forward-addr: $INT_DNS_IP
EOF
$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=on?g" $ALCASAR_CONF_FILE
restart_dns
# Reload firewall
/usr/local/bin/alcasar-iptables.sh
;;
*)
echo "Argument inconnu :$1";
echo "Argument inconnu : $1";
echo "$usage"
exit 1
;;

/scripts/alcasar-file-clean.sh
29,17 → 29,3
chown root:apache $file
chmod 660 $file
done
#update dnsmasq-blackhole with uamallowed domains ($ALCASAR_UAMDOMAIN)
#remove old configuration
sed -i '/^server=/d' /etc/dnsmasq-blackhole.conf
for domain in $(cat $ALCASAR_UAMDOMAIN | cut -d' ' -f1)
do
domain_exception="server=/$(echo $domain | cut -d'"' -f2)/#"
sed -i "/conf-file/a$domain_exception" /etc/dnsmasq-blackhole.conf
done
if [ "$PARENT_SCRIPT" != "alcasar.sh" ] # don't restart on install stage
then
systemctl restart dnsmasq-blackhole
fi

/scripts/alcasar-importcert.sh
173,7 → 173,7
fi
domainName $cert
certImport $cert $key $sc
for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist lighttpd
for services in chilli unbound unbound-blackhole unbound-blacklist unbound-whitelist dnsmasq-whitelist lighttpd
do
echo "restarting $services"; systemctl restart $services; sleep 1
done
184,7 → 184,7
echo "Restoring default certificate"
defaultCert
defaultNdd
for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist lighttpd
for services in chilli unbound unbound-blackhole unbound-blacklist unbound-whitelist dnsmasq-whitelist lighttpd
do
echo "restarting $services"; systemctl restart $services; sleep 1
done

/scripts/alcasar-iptables.sh
33,6 → 33,8
dns1=${dns1:=208.67.220.220}
dns2=${dns2:=208.67.222.222}
DNSSERVERS="$dns1,$dns2" # first and second public DNS servers
INT_DNS_IP=`grep INT_DNS_IP $CONF_FILE|cut -d"=" -f2` # Adresse du serveur DNS interne
INT_DNS_ACTIVE=`grep INT_DNS_ACTIVE $CONF_FILE|cut -d"=" -f2` # Activation de la redirection DNS interne
BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP
WL_IP_CAT="/usr/local/share/iptables-wl-enabled" # categories files of the WhiteListed IP
TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set
45,6 → 47,12
IP_REHABILITEES="/etc/e2guardian/lists/exceptioniplist" # Rehabilitated IP
SITE_DIRECT="/usr/local/etc/alcasar-site-direct" # Site Direct (no havp and no filtrage) for user BL
# Allow requests to internal DNS if activated
if [ "$INT_DNS_ACTIVE" = "on" ]
then
DNSSERVERS="$DNSSERVERS,$INT_DNS_IP"
fi
# Sauvegarde des SET des utilisateurs connectés si ils existent
# Saving SET of connected users if it exists
ipset list not_filtered 1>/dev/null 2>&1
111,7 → 119,7
# Suppression des ip réhabilitées / Removing of rehabilitated ip
for ip in $(cat $IP_REHABILITEES)
do
ipset del bl_ip_blocked $ip
ipset -q del bl_ip_blocked $ip
done
# rajout exception havp_bl --> Site en direct pour les Utilisateurs filtrés
118,11 → 126,11
ipset create site_direct hash:net hashsize 1024
for site in $(cat $SITE_DIRECT)
do
ipset add site_direct $site
ipset add site_direct $site
done
###### WL set ###########
# taille fixe, car peupler par dnsmasq / fixe length due to dnsmasq dynamic loading
# taille fixe, car peuplé par dnsmasq / fixe length due to dnsmasq dynamic loading
wl_set_length=65536
# Chargement Loading
echo "create wl_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save
285,18 → 293,18
$IPTABLES -A INPUT -i $TUNIF -p udp --dport 56 -m mark --mark 5 -j REJECT --reject-with icmp-port-unreachable
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport 56 -m mark --mark 3 -j REJECT --reject-with tcp-reset
# autorisation des connexion légitime à DNSMASQ (avec blacklist)
# Allow connections for DNSMASQ (with blacklist)
# autorisation des connexion légitime à Unbound (avec blacklist)
# Allow connections for Unbound (with blacklist)
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p udp --dport 54 -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport 54 -j ACCEPT
# autorisation des connexion légitime à DNSMASQ (avec whitelist)
# Allow connections for DNSMASQ (with whitelist)
# autorisation des connexion légitime à Unbound (avec whitelist)
# Allow connections for Unbound (with whitelist)
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p udp --dport 55 -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport 55 -j ACCEPT
# autorisation des connexion légitime à DNSMASQ (mode blackhole)
# Allow connections for DNSMASQ (blackhole mode)
# autorisation des connexion légitime à Unbound (mode blackhole)
# Allow connections for Unbound (blackhole mode)
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p udp --dport 56 -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport 56 -j ACCEPT
386,7 → 394,7
do
svc_on=`echo $svc_line|cut -b1`
if [ $svc_on != "#" ]
then
then
svc_name=`echo $svc_line|cut -d" " -f1`
svc_port=`echo $svc_line|cut -d" " -f2`
if [ $svc_name = "icmp" ]

/scripts/alcasar-rpm-download.sh
13,7 → 13,7
# The kernel version we compile netflow for
KERNEL="kernel-server-4.14.89-1.mga6-1-1.mga6"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional"
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq dhcp-server netcat-traditional"
rpm_repository_sync ()
{
147,4 → 147,3
cd
echo "Your RPM archive file is /root/rpms-$ARCH.tar.gz"
exit 0

/scripts/alcasar-uninstall.sh
155,25 → 155,26
dnsmasq ()
{
echo -en "(6 if update ; 8 if uninstall) : "
i=0
for list in blacklist whitelist blackhole
do
i=`expr $i + 1`
[ -e /etc/dnsmasq-$list.conf ] && rm /etc/dnsmasq-$list.conf && echo -n "$i, "
i=`expr $i + 1`
[ -e /lib/systemd/system/dnsmasq-$list.service ] && rm /lib/systemd/system/dnsmasq-$list.service && echo -n "$i, "
done
echo -en "(2 if update ; 4 if uninstall) : "
[ -e /etc/dnsmasq-whitelist.conf ] && rm /etc/dnsmasq-whitelist.conf && echo -n "1, "
[ -e /lib/systemd/system/dnsmasq-whitelist.service ] && rm /lib/systemd/system/dnsmasq-whitelist.service && echo -n "2, "
if [ $mode == "full" ] # don't remove dnsmasq in update mode (DHCP + DNS !)
then
if [ -e /lib/systemd/system/dnsmasq.service ]
then
[ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf && echo -n "7, "
[ -e /lib/systemd/system/dnsmasq.service.default ] && mv /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq.service && echo -n "8"
fi
[ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf && echo -n "3, "
[ -e /lib/systemd/system/dnsmasq.service.default ] && mv /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq.service && echo -n "4"
fi
}
unbound ()
{
echo -en "(5) : "
[ -e /etc/unbound/unbound.conf.default ] && mv /etc/unbound/unbound.conf.default /etc/unbound/unbound.conf && echo -n "1, "
[ -e /etc/unbound/unbound-blacklist.conf ] && rm -f /etc/unbound/unbound-blacklist.conf && echo -n "2, "
[ -e /etc/unbound/unbound-whitelist.conf ] && rm -f /etc/unbound/unbound-whitelist.conf && echo -n "3, "
[ -e /etc/unbound/unbound-blackhole.conf ] && rm -f /etc/unbound/unbound-blackhole.conf && echo -n "4, "
[ -e /etc/unbound/conf.d ] && rm -rf /etc/unbound/conf.d && echo -n "5"
}
cron ()
{
echo -en "(11) : "
275,7 → 276,7
echo "----------------------------------------------------------------------------"
echo "** Uninstall/Désinstallation d'ALCASAR **"
echo "----------------------------------------------------------------------------"
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian dnsmasq sshd chilli"
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian dnsmasq sshd chilli"
/usr/local/bin/alcasar-logout.sh all # logout everybody
else
echo "--------------------------------------------------------------------------"
282,7 → 283,7
echo "** update/mise à jour d'ALCASAR **"
echo "--------------------------------------------------------------------------"
# dnsmasq & sshd should stay on to allow remote update
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli"
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli"
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update
fi
316,7 → 317,7
/usr/bin/systemctl reload sshd
fi
echo "Reset ALCASAR main functions : "
for func in init ACC CA time_server init_db freeradius chilli e2guardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq cron fail2ban gammu_smsd msec letsencrypt post_install
for func in init ACC CA time_server init_db freeradius chilli e2guardian antivirus tinyproxy ulogd nfsen vnstat unbound dnsmasq cron fail2ban gammu_smsd msec letsencrypt post_install
do
echo -en "\n- $func "
$func
376,4 → 377,3
done
fi
echo

/scripts/alcasar-url_filter_bl.sh
11,104 → 11,116
# Active / désactive : le filtrage des url contenant une adresse ip à la place d'un nom de domaine
# Enable / disable : filter of urls containing ip address instead of domain name
CONF_FILE="/usr/local/etc/alcasar.conf"
DIR_DG="/etc/e2guardian/lists"
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf"
CONF_FILE="/usr/local/etc/alcasar.conf"
UNBOUND_BL_DOMAIN_FILTER_CONF="/etc/unbound/conf.d/blacklist/domainfilter.conf"
SED="/bin/sed -i"
safesearch="Off"
pureip="Off"
usage="Usage: alcasar-url_filter_bl.sh { -safesearch_on or -safesearch_off } & { -pureip_on or --pureip_off }"
usage="Usage: alcasar-url_filter_bl.sh { -safesearch_on or -safesearch_off } & { -pureip_on or -pureip_off }"
nb_args=$#
googledomains="google.com. google.ad. google.ae. google.com.af. google.com.ag. google.com.ai. google.al. google.am. google.co.ao. google.com.ar. google.as. google.at. google.com.au. google.az. google.ba. google.com.bd. google.be. google.bf. google.bg. google.com.bh. google.bi. google.bj. google.com.bn. google.com.bo. google.com.br. google.bs. google.bt. google.co.bw. google.by. google.com.bz. google.ca. google.cd. google.cf. google.cg. google.ch. google.ci. google.co.ck. google.cl. google.cm. google.cn. google.com.co. google.co.cr. google.com.cu. google.cv. google.com.cy. google.cz. google.de. google.dj. google.dk. google.dm. google.com.do. google.dz. google.com.ec. google.ee. google.com.eg. google.es. google.com.et. google.fi. google.com.fj. google.fm. google.fr. google.ga. google.ge. google.gg. google.com.gh. google.com.gi. google.gl. google.gm. google.gp. google.gr. google.com.gt. google.gy. google.com.hk. google.hn. google.hr. google.ht. google.hu. google.co.id. google.ie. google.co.il. google.im. google.co.in. google.iq. google.is. google.it. google.je. google.com.jm. google.jo. google.co.jp. google.co.ke. google.com.kh. google.ki. google.kg. google.co.kr. google.com.kw. google.kz. google.la. google.com.lb. google.li. google.lk. google.co.ls. google.lt. google.lu. google.lv. google.com.ly. google.co.ma. google.md. google.me. google.mg. google.mk. google.ml. google.com.mm. google.mn. google.ms. google.com.mt. google.mu. google.mv. google.mw. google.com.mx. google.com.my. google.co.mz. google.com.na. google.com.nf. google.com.ng. google.com.ni. google.ne. google.nl. google.no. google.com.np. google.nr. google.nu. google.co.nz. google.com.om. google.com.pa. google.com.pe. google.com.pg. google.com.ph. google.com.pk. google.pl. google.pn. google.com.pr. google.ps. google.pt. google.com.py. google.com.qa. google.ro. google.ru. google.rw. google.com.sa. google.com.sb. google.sc. google.se. google.com.sg. google.sh. google.si. google.sk. google.com.sl. google.sn. google.so. google.sm. google.sr. google.st. google.com.sv. google.td. google.tg. google.co.th. google.com.tj. google.tk. google.tl. google.tm. google.tn. google.to. google.com.tr. google.tt. google.com.tw. google.co.tz. google.com.ua. google.co.ug. google.co.uk. google.com.uy. google.co.uz. google.com.vc. google.co.ve. google.vg. google.co.vi. google.com.vn. google.vu. google.ws. google.rs. google.co.za. google.co.zm. google.co.zw. google.cat."
youtubedomains="www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com"
nb_args=$#
if [ $nb_args -le 1 ]
safesearch=""
pureip=""
if [ $nb_args -lt 1 ]
then
echo "$usage"
nb_args=0
else
while [ $nb_args -ge 1 ]
exit 1
fi
while [ $nb_args -ge 1 ]
do
arg=${!nb_args}
case $arg in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
# Safe search activation
-safesearch_on | --safesearch_on)
safesearch="On"
;;
# Safe search deactivation
-safesearch_off | --safesearch_off)
safesearch="Off"
;;
# pure_ip activation
-pureip_on | --pureip_on)
pureip="On"
;;
# pureip deactivation
-pureip_off | --pureip_off)
pureip="Off"
;;
*)
echo "Argument inconnu :$arg";
echo "$usage"
exit 1
;;
esac
nb_args=$(expr $nb_args - 1)
done
if [ "$safesearch" == "On" ]
then
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # on décommente les lignes de regles
# add 'SafeSearch' redirection for google searching
google_safe_server=`host -ta forcesafesearch.google.com | grep "address" | cut -d" " -f4` # retrieve google forcesafesearch ip
# config file header
echo "server:" > $UNBOUND_BL_DOMAIN_FILTER_CONF
for domain in $googledomains
do
arg=${!nb_args}
case $arg in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
# Safe search activation
-safesearch_on | --safesearch_on)
safesearch="On"
;;
# Safe search desactivation
-safesearch_off | --safesearch_off)
safesearch="Off"
;;
# pure_ip activation
-pureip_on | --pureip_on)
pureip="On"
;;
# pureip desactivation
-pureip_off | --pureip_off)
pureip="Off"
;;
*)
echo "Argument inconnu :$arg";
echo "$usage"
exit 1
;;
esac
nb_args=$(expr $nb_args - 1)
echo -e "\tlocal-zone: \"$domain\" redirect" >> $UNBOUND_BL_DOMAIN_FILTER_CONF
echo -e "\tlocal-data: \"$domain A $google_safe_server\"" >> $UNBOUND_BL_DOMAIN_FILTER_CONF
done
if [ $safesearch == "On" ]
then
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # on décommente les lignes de regles
# add 'SafeSearch' redirection for google searching
$SED "/google/d" $DNSMASQ_BL_CONF # remove old google declaration
google_safe_server=`host -ta forcesafesearch.google.com|cut -d" " -f4` # retrieve google forcesafesearch ip
echo "# SafeSearch redirect server for google" >> $DNSMASQ_BL_CONF
for gg_dnsname in $googledomains
do
echo "address=/$gg_dnsname/$google_safe_server" >> $DNSMASQ_BL_CONF
done
# add 'SafeSearch' redirection for youtube searching
youtube_safe_server=`host -ta restrict.youtube.com | grep "address" | cut -d" " -f4` # retrieve youtube restrict ip
for domain in $youtubedomains
do
echo -e "\tlocal-zone: \"$domain\" redirect" >> $UNBOUND_BL_DOMAIN_FILTER_CONF
echo -e "\tlocal-data: \"$domain A $youtube_safe_server\"" >> $UNBOUND_BL_DOMAIN_FILTER_CONF
done
# add 'SafeSearch' redirection for bing searching
$SED "/bing/d" $DNSMASQ_BL_CONF # remove old bing declaration
bing_safe_server=`host -ta strict.bing.com | grep "address" | cut -d" " -f4` # retrieve bing strict ip
echo "# SafeSearch redirect server for bing" >> $DNSMASQ_BL_CONF
echo "address=/www.bing.com/$bing_safe_server" >> $DNSMASQ_BL_CONF
# add 'SafeSearch' redirection for bing searching
bing_safe_server=`host -ta strict.bing.com | grep "address" | cut -d" " -f4` # retrieve bing strict ip
echo -e "\tlocal-zone: \"www.bing.com\" redirect" >> $UNBOUND_BL_DOMAIN_FILTER_CONF
echo -e "\tlocal-data: \"www.bing.com A $bing_safe_server\"" >> $UNBOUND_BL_DOMAIN_FILTER_CONF
# add 'SafeSearch' redirection for youtube searching
$SED "/youtube/d" $DNSMASQ_BL_CONF # remove old youtube declaration
youtube_safe_server=`host -ta restrict.youtube.com | grep "address" | cut -d" " -f4` # retrieve youtube restrict ip
echo "# SafeSearch redirect server for youtube" >> $DNSMASQ_BL_CONF
for yt_dnsname in $youtubedomains
do
echo "address=/$yt_dnsname/$youtube_safe_server" >> $DNSMASQ_BL_CONF
done
# add 'SafeSearch' redirection for qwant searching
qwant_safe_server=`host -ta safeapi.qwant.com | grep "address" | cut -d" " -f4` # retrieve qwant strict ip
echo -e "\tlocal-zone: \"api.qwant.com\" redirect" >> $UNBOUND_BL_DOMAIN_FILTER_CONF
echo -e "\tlocal-data: \"api.qwant.com A $qwant_safe_server\"" >> $UNBOUND_BL_DOMAIN_FILTER_CONF
# add 'SafeSearch' redirection for qwant searching
$SED "/qwant/d" $DNSMASQ_BL_CONF # remove old qwant declaration
qwant_safe_server=`host -ta safeapi.qwant.com | grep "address" | cut -d" " -f4` # retrieve qwant strict ip
echo "# SafeSearch redirect server for qwant" >> $DNSMASQ_BL_CONF
echo "address=/api.qwant.com/$qwant_safe_server" >> $DNSMASQ_BL_CONF
else
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist
$SED "/google/d" $DNSMASQ_BL_CONF
$SED "/bing/d" $DNSMASQ_BL_CONF
$SED "/youtube/d" $DNSMASQ_BL_CONF
$SED "/qwant/d" $DNSMASQ_BL_CONF
fi
if [ $pureip == "On" ]
then
$SED "s/^\#\*ip$/*ip/g" $DIR_DG/bannedsitelist
$SED "s/^\#\*ips$/*ips/g" $DIR_DG/bannedsitelist
else
$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist
$SED "s/^\*ips$/#*ips/g" $DIR_DG/bannedsitelist
fi
$SED 's/^BL_SAFESEARCH=.*/BL_SAFESEARCH=on/g' $CONF_FILE
elif [ "$safesearch" == "Off" ]
then
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist
[ -e $UNBOUND_BL_DOMAIN_FILTER_CONF ] && rm -f $UNBOUND_BL_DOMAIN_FILTER_CONF
$SED 's/^BL_SAFESEARCH=.*/BL_SAFESEARCH=off/g' $CONF_FILE
fi
if [ "$pureip" == "On" ]
then
$SED "s/^\#\*ip$/*ip/g" $DIR_DG/bannedsitelist
$SED "s/^\#\*ips$/*ips/g" $DIR_DG/bannedsitelist
$SED 's/^BL_PUREIP=.*/BL_PUREIP=on/g' $CONF_FILE
elif [ "$pureip" == "Off" ]
then
$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist
$SED "s/^\*ips$/#*ips/g" $DIR_DG/bannedsitelist
$SED 's/^BL_PUREIP=.*/BL_PUREIP=off/g' $CONF_FILE
fi
systemctl restart e2guardian
systemctl restart dnsmasq-blacklist
fi
systemctl restart unbound-blacklist

/scripts/alcasar-url_filter_wl.sh
11,93 → 11,93
# Active / désactive : le filtrage des url contenant une adresse ip à la place d'un nom de domaine
# Enable / disable : filter of urls containing ip address instead of domain name
TINY_CONF="/etc/tinyproxy/tinyproxy.conf"
DNSMASQ_WL_CONF="/etc/dnsmasq-whitelist.conf"
CONF_FILE="/usr/local/etc/alcasar.conf"
UNBOUND_WL_DOMAIN_FILTER_CONF="/etc/unbound/conf.d/whitelist/domainfilter.conf"
IP_WL="/usr/local/share/iptables-wl-enabled/ossi-ip-safesearch"
CONF_FILE="/usr/local/etc/alcasar.conf"
SED="/bin/sed -i"
safesearch="Off"
usage="Usage: alcasar-url_filter_wl.sh { -safesearch_on or -safesearch_off }"
nb_args=$#
googledomains="google.com. google.ad. google.ae. google.com.af. google.com.ag. google.com.ai. google.al. google.am. google.co.ao. google.com.ar. google.as. google.at. google.com.au. google.az. google.ba. google.com.bd. google.be. google.bf. google.bg. google.com.bh. google.bi. google.bj. google.com.bn. google.com.bo. google.com.br. google.bs. google.bt. google.co.bw. google.by. google.com.bz. google.ca. google.cd. google.cf. google.cg. google.ch. google.ci. google.co.ck. google.cl. google.cm. google.cn. google.com.co. google.co.cr. google.com.cu. google.cv. google.com.cy. google.cz. google.de. google.dj. google.dk. google.dm. google.com.do. google.dz. google.com.ec. google.ee. google.com.eg. google.es. google.com.et. google.fi. google.com.fj. google.fm. google.fr. google.ga. google.ge. google.gg. google.com.gh. google.com.gi. google.gl. google.gm. google.gp. google.gr. google.com.gt. google.gy. google.com.hk. google.hn. google.hr. google.ht. google.hu. google.co.id. google.ie. google.co.il. google.im. google.co.in. google.iq. google.is. google.it. google.je. google.com.jm. google.jo. google.co.jp. google.co.ke. google.com.kh. google.ki. google.kg. google.co.kr. google.com.kw. google.kz. google.la. google.com.lb. google.li. google.lk. google.co.ls. google.lt. google.lu. google.lv. google.com.ly. google.co.ma. google.md. google.me. google.mg. google.mk. google.ml. google.com.mm. google.mn. google.ms. google.com.mt. google.mu. google.mv. google.mw. google.com.mx. google.com.my. google.co.mz. google.com.na. google.com.nf. google.com.ng. google.com.ni. google.ne. google.nl. google.no. google.com.np. google.nr. google.nu. google.co.nz. google.com.om. google.com.pa. google.com.pe. google.com.pg. google.com.ph. google.com.pk. google.pl. google.pn. google.com.pr. google.ps. google.pt. google.com.py. google.com.qa. google.ro. google.ru. google.rw. google.com.sa. google.com.sb. google.sc. google.se. google.com.sg. google.sh. google.si. google.sk. google.com.sl. google.sn. google.so. google.sm. google.sr. google.st. google.com.sv. google.td. google.tg. google.co.th. google.com.tj. google.tk. google.tl. google.tm. google.tn. google.to. google.com.tr. google.tt. google.com.tw. google.co.tz. google.com.ua. google.co.ug. google.co.uk. google.com.uy. google.co.uz. google.com.vc. google.co.ve. google.vg. google.co.vi. google.com.vn. google.vu. google.ws. google.rs. google.co.za. google.co.zm. google.co.zw. google.cat."
youtubedomains="www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com"
nb_args=$#
if [ $nb_args -le 0 ]
then
echo "$usage"
nb_args=0
else
while [ $nb_args -ge 1 ]
exit 1
fi
while [ $nb_args -ge 1 ]
do
arg=${!nb_args}
case $arg in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
# Safe search activation
-safesearch_on | --safesearch_on)
safesearch="On"
;;
# Safe search desactivation
-safesearch_off | --safesearch_off)
safesearch="Off"
;;
*)
echo "Argument inconnu : $arg";
echo "$usage"
exit 1
;;
esac
nb_args=$(expr $nb_args - 1)
done
if [ $safesearch == "On" ]
then
[ -e $IP_WL ] && rm -f $IP_WL
# add 'SafeSearch' redirection for google searching
google_safe_server=`host -ta forcesafesearch.google.com | grep "address" | cut -d" " -f4` # retrieve google forcesafesearch ip
# config file header
echo "server:" > $UNBOUND_WL_DOMAIN_FILTER_CONF
for domain in $googledomains
do
arg=${!nb_args}
case $arg in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
# Safe search activation
-safesearch_on | --safesearch_on)
safesearch="On"
;;
# Safe search desactivation
-safesearch_off | --safesearch_off)
safesearch="Off"
;;
*)
echo "Argument inconnu :$arg";
echo "$usage"
exit 1
;;
esac
nb_args=$(expr $nb_args - 1)
echo -e "\tlocal-zone: \"$domain\" redirect" >> $UNBOUND_WL_DOMAIN_FILTER_CONF
echo -e "\tlocal-data: \"$domain A $google_safe_server\"" >> $UNBOUND_WL_DOMAIN_FILTER_CONF
done
if [ $safesearch == "On" ]
then
if [ -e $IP_WL ]
then
rm $IP_WL # remove old google declaration
fi
echo "add wl_ip_allowed $google_safe_server" >> $IP_WL
# add 'SafeSearch' redirection for google searching
google_safe_server=`host -ta forcesafesearch.google.com | grep "address" | cut -d" " -f4` # retrieve google forcesafesearch ip
$SED "/google/d" $DNSMASQ_WL_CONF # remove old google declaration
echo "# SafeSearch redirect server for google" >> $DNSMASQ_WL_CONF
for bing_dnsname in $googledomains
do
echo "address=/$bing_dnsname/$google_safe_server" >> $DNSMASQ_WL_CONF
done
echo "add wl_ip_allowed $google_safe_server" >> $IP_WL
# add 'SafeSearch' redirection for youtube searching
youtube_safe_server=`host -ta restrict.youtube.com | grep "address" | cut -d" " -f4` # retrieve youtube restrict ip
for domain in $youtubedomains
do
echo -e "\tlocal-zone: \"$domain\" redirect" >> $UNBOUND_WL_DOMAIN_FILTER_CONF
echo -e "\tlocal-data: \"$domain A $youtube_safe_server\"" >> $UNBOUND_WL_DOMAIN_FILTER_CONF
done
echo "add wl_ip_allowed $youtube_safe_server" >> $IP_WL
# add 'SafeSearch' redirection for bing searching
bing_safe_server=`host -ta strict.bing.com | grep "address" | cut -d" " -f4` # retrieve bing strict ip
$SED "/bing/d" $DNSMASQ_WL_CONF # remove old bing declaration
echo "# SafeSearch redirect server for bing" >> $DNSMASQ_WL_CONF
echo "address=/www.bing.com/$bing_safe_server" >> $DNSMASQ_WL_CONF
echo "add wl_ip_allowed $bing_safe_server" >> $IP_WL
# add 'SafeSearch' redirection for bing searching
bing_safe_server=`host -ta strict.bing.com | grep "address" | cut -d" " -f4` # retrieve bing strict ip
echo -e "\tlocal-zone: \"www.bing.com\" redirect" >> $UNBOUND_WL_DOMAIN_FILTER_CONF
echo -e "\tlocal-data: \"www.bing.com A $bing_safe_server\"" >> $UNBOUND_WL_DOMAIN_FILTER_CONF
echo "add wl_ip_allowed $bing_safe_server" >> $IP_WL
# add 'SafeSearch' redirection for youtube searching
youtube_safe_server=`host -ta restrict.youtube.com | grep "address" | cut -d" " -f4` # retrieve youtube restrict ip
$SED "/youtube/d" $DNSMASQ_WL_CONF # remove old youtube declaration
echo "# SafeSearch redirect server for youtube" >> $DNSMASQ_WL_CONF
for yt_dnsname in $youtubedomains
do
echo "address=/$yt_dnsname/$youtube_safe_server" >> $DNSMASQ_WL_CONF
done
echo "add wl_ip_allowed $youtube_safe_server" >> $IP_WL
# add 'SafeSearch' redirection for qwant searching
qwant_safe_server=`host -ta safeapi.qwant.com | grep "address" | cut -d" " -f4` # retrieve qwant strict ip
echo -e "\tlocal-zone: \"api.qwant.com\" redirect" >> $UNBOUND_WL_DOMAIN_FILTER_CONF
echo -e "\tlocal-data: \"api.qwant.com A $qwant_safe_server\"" >> $UNBOUND_WL_DOMAIN_FILTER_CONF
echo "add wl_ip_allowed $qwant_safe_server" >> $IP_WL
# add 'SafeSearch' redirection for qwant searching
$SED "/qwant/d" $DNSMASQ_WL_CONF # remove old qwant declaration
qwant_safe_server=`host -ta safeapi.qwant.com | grep "address" | cut -d" " -f4` # retrieve qwant strict ip
echo "# SafeSearch redirect server for qwant" >> $DNSMASQ_WL_CONF
echo "address=/api.qwant.com/$qwant_safe_server" >> $DNSMASQ_WL_CONF
else
$SED "/google/d" $DNSMASQ_WL_CONF
$SED "/bing/d" $DNSMASQ_WL_CONF
$SED "/youtube/d" $DNSMASQ_WL_CONF
$SED "/qwant/d" $DNSMASQ_WL_CONF
rm $IP_WL
fi
systemctl restart dnsmasq-whitelist
$SED 's/^WL_SAFESEARCH=.*/WL_SAFESEARCH=on/g' $CONF_FILE
else
[ -e $UNBOUND_WL_DOMAIN_FILTER_CONF ] && rm -f $UNBOUND_WL_DOMAIN_FILTER_CONF
[ -e $IP_WL ] && rm -f $IP_WL
$SED 's/^WL_SAFESEARCH=.*/WL_SAFESEARCH=off/g' $CONF_FILE
fi
systemctl restart unbound-whitelist

/scripts/alcasar-urpmi.sh
14,7 → 14,7
# The kernel version we compile netflow for
KERNEL="kernel-server-4.14.89-1.mga6-1-1.mga6"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional"
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq dhcp-server netcat-traditional"
rpm_repository_sync ()
{