Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 315 → Rev 316

/scripts/alcasar-conf.sh
37,7 → 37,12
/usr/local/sbin/alcasar-mysql.sh -dump
cp /var/Save/base/`ls /var/Save/base|tail -1` $DIR_UPDATE
# Sauvegarde des comptes de gestion
cp -rf $DIR_WEB/digest $DIR_UPDATE
if [ -e $DIR_WEB/digest ]
then
cp -rf $DIR_WEB/digest $DIR_UPDATE # versions < 2.x
else
cp -rf $DIR_WEB/acc/digest $DIR_UPDATE # version >= 2.x
fi
# Sauvegarde du nom d'organisme
echo `hostname` > $DIR_UPDATE/hostname
# Sauvegarde du logo
95,12 → 100,14
chmod -R g+rw /etc/dansguardian/lists
# on active/desactive la BL
active_bl=`cat /etc/dansguardian/dansguardian.conf|grep ^reportinglevel|cut -d" " -f3`
PARENT_SCRIPT=$0
export PARENT_SCRIPT
if [ $active_bl -eq "-1" ]
then $DIR_DEST_SBIN/alcasar-bl.sh -on
else $DIR_DEST_SBIN/alcasar-bl.sh -off
then $DIR_DEST_SBIN/alcasar-bl.sh -off
else $DIR_DEST_SBIN/alcasar-bl.sh -on
fi
# Récupération des comptes de gestion (admin + manager + backup)
cp -rf $DIR_UPDATE/digest $DIR_WEB/
cp -rf $DIR_UPDATE/digest $DIR_WEB/acc
$DIR_DEST_SBIN/alcasar-profil.sh -list
# Récupération des règles de filtrage réseau
cp -rf $DIR_UPDATE/etc/* $DIR_DEST_ETC/
/scripts/sbin/alcasar-profil.sh
5,7 → 5,7
ADM_PROFIL="admin"
PROFILS="backup manager"
ALL_PROFILS=`echo $ADM_PROFIL $PROFILS`
DIR_KEY="/var/www/html/digest"
DIR_KEY="/var/www/html/acc/digest"
SED="/bin/sed -i"
HOSTNAME=`uname -n`
# liste les comptes de chaque profile
17,13 → 17,16
done
}
# ajoute les comptes du profil "admin" aux autres profils
# crée le fichier de clés contenant tous les compte (pour l'accès au centre de gestion)
function concat () {
for i in $PROFILS
do
cp -f $DIR_KEY/key_only_$ADM_PROFIL $DIR_KEY/key_$i
cat $DIR_KEY/key_only_$i >> $DIR_KEY/key_$i
cat $DIR_KEY/key_only_$i >> $DIR_KEY/key_all
done
cp -f $DIR_KEY/key_only_$ADM_PROFIL $DIR_KEY/key_$ADM_PROFIL
cat $DIR_KEY/key_only_$ADM_PROFIL >> $DIR_KEY/key_all
chown -R root:apache $DIR_KEY
chmod 640 $DIR_KEY/key_*
}
41,10 → 44,14
for i in $PROFILS
do
if [ ! -e $DIR_KEY/key_only_$i ]
then
then
touch $DIR_KEY/key_only_$i
fi
done
if [ ! -e $DIR_KEY/key_all ]
then
touch $DIR_KEY/key_all
fi
concat
if [ $nb_args -eq 0 ]
then
/scripts/sbin/alcasar-bl.sh
6,7 → 6,8
 
DIR_tmp="/tmp/blacklists"
FILE_tmp="/tmp/fileFilter.txt"
DIR_DANSGUARDIAN="/etc/dansguardian/lists"
DIR_DG="/etc/dansguardian/lists"
DIR_DG_BL="$DIR_DG/blacklists"
BL_CATEGORIES="/usr/local/etc/alcasar-bl-categories"
BL_CATEGORIES_ENABLED="/usr/local/etc/alcasar-bl-categories-enabled"
DIR_DNS_FILTER_AVAILABLE="/usr/local/etc/alcasar-dnsfilter-available"
23,10 → 24,10
 
# Décompression de la BL (en conservant la WL)
function install () {
[ -d $DIR_DANSGUARDIAN ] || mkdir -p $DIR_DANSGUARDIAN
[ -d $DIR_DANSGUARDIAN/blacklists/ossi ] && mv -f $DIR_DANSGUARDIAN/blacklists/ossi $DIR_tmp
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DANSGUARDIAN/
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DANSGUARDIAN/blacklists/
[ -d $DIR_DG ] || mkdir -p $DIR_DG
[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/
cd /root
rm -rf $DIR_tmp
}
34,7 → 35,7
# Adaptation de la BL Toulouse à la structure Dnsmasq
function adapt () {
# On récupère le nom des répertoire (catégories)
find $DIR_DANSGUARDIAN -type f -name domains > $BL_CATEGORIES
find $DIR_DG_BL/ -type f -name domains > $BL_CATEGORIES
# On supprime le suffice "/domains"
$SED "s?\/domains??g" $BL_CATEGORIES
rm -f $DIR_DNS_FILTER_AVAILABLE/*
58,7 → 59,7
function cat_choice (){
# un peu de ménage
rm -rf $DIR_DNS_FILTER_ENABLED/*
$SED "/\.Include/d" $DIR_DANSGUARDIAN/bannedsitelist $DIR_DANSGUARDIAN/bannedurllist
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist
# on adapte le fichier $BL_CATEGORIES au choix de catégorie
$SED "s?^[^#]?#&?g" $BL_CATEGORIES # on commente ce qui ne l'est pas
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
73,7 → 74,7
do
ln -s $DIR_DNS_FILTER_AVAILABLE/$i.conf $DIR_DNS_FILTER_ENABLED/$i
# echo ".Include<$DIR_DANSGUARDIAN/blacklists/$i/domains>" >> $DIR_DANSGUARDIAN/bannedsitelist
echo ".Include<$DIR_DANSGUARDIAN/blacklists/$i/urls>" >> $DIR_DANSGUARDIAN/bannedurllist
echo ".Include<$DIR_DG_BL/$i/urls>" >> $DIR_DG/bannedurllist
done
}
usage="Usage: alcasar-bl.sh -on | -off | -download| -reload"
93,15 → 94,21
-on)
cat_choice
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf
if [ ! $PARENT_SCRIPT -eq "alcasar.sh" ] # on ne relance pas les processus d'une install
then
service dansguardian restart
service dnsmasq restart
fi
;;
# désactivation du filtrage
-off)
rm -rf $DIR_DNS_FILTER_ENABLED/*
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf
service dansguardian reload
if [ ! $PARENT_SCRIPT -eq "alcasar.sh" ] # on ne relance pas les processus lors d'une install
then
service dansguardian restart
service dnsmasq restart
fi
;;
# Mise a jour de la blacklist 'Toulouse' et adaptation à dansguardian et dnsmasq
-download)
113,8 → 120,8
else
transfert
install
chown -R dansguardian:apache $DIR_DANSGUARDIAN
chmod -R g+w $DIR_DANSGUARDIAN
chown -R dansguardian:apache $DIR_DG
chmod -R g+w $DIR_DG
DATE=`date '+%d %B %Y - %Hh%M'`
echo "Univ-tlse du $DATE " > /var/www/html/VERSION-BL
rm -rf /tmp/con_ok.html
124,19 → 131,19
# regénération suite à modification (choix catégories ou BL secondaire)
-reload)
# pour Dansguardian
chown -R dansguardian:apache $DIR_DANSGUARDIAN/blacklists/ossi
chmod -R g+w $DIR_DANSGUARDIAN/blacklists/ossi
chown -R dansguardian:apache $DIR_DG_BL/ossi
chmod -R g+w $DIR_DG_BL/ossi
cat_choice
service dansguardian restart
# pour dnsmasq (noms de domaine réhabilités)
if [ `wc -w $DIR_DANSGUARDIAN/exceptionsitelist|cut -d " " -f1` != "0" ]
if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ]
then
for i in `cat $DIR_DANSGUARDIAN/exceptionsitelist`
for i in `cat $DIR_DG/exceptionsitelist`
do
$SED "/$i/d" $DIR_DNS_FILTER_AVAILABLE/*
done
fi
cp -f $DIR_DANSGUARDIAN/blacklists/ossi/domains $DIR_DNS_FILTER_AVAILABLE/ossi.conf
cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_FILTER_AVAILABLE/ossi.conf
$SED "s?.*?address=/&/$IP_RETOUR?g" $DIR_DNS_FILTER_AVAILABLE/ossi.conf
service dnsmasq restart
;;
/scripts/alcasar-watchdog.sh
14,7 → 14,9
INTIF="eth1"
PRIVATE_IP="192.168.182.1"
tmp_file="/tmp/watchdog.txt"
Network_Pb_Page="/var/www/html/redirect/index-network-pb.php"
DIR_WEB="/var/www/html"
Network_Pb_Page="$DIR_WEB/index-network-pb.php"
Network_Deny_Page="$DIR_WEB/index-access-deny.php"
IFS=$'\n'
 
# Fonction appelée si un Pb de connectivité Internet
38,7 → 40,7
net_pb=`cat /etc/dnsmasq.d/alcasar-dnsmasq.conf|grep "address=/#/"|wc -l`
if [ $net_pb != "1" ]
then
ln -sf /var/www/html/redirect/index-network-pb.php /var/www/html/redirect/index.php
ln -sf $Network_Pb_Page $DIR_WEB/index.php
/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq.d/alcasar-dnsmasq.conf
/etc/init.d/dnsmasq restart
fi
72,7 → 74,7
net_pb=`cat /etc/dnsmasq.d/alcasar-dnsmasq.conf|grep "address=/#/"|wc -l`
if [ $net_pb -eq "1" ]
then
ln -sf /var/www/html/redirect/index-access-deny.php /var/www/html/redirect/index.php
ln -sf $Network_Deny_Page $DIR_WEB/index.php
/bin/sed -i "s?^address=\/#\/.*?conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled?g" /etc/dnsmasq.d/alcasar-dnsmasq.conf
/etc/init.d/dnsmasq restart
fi