/web/acc/admin/bl_categories_help.php |
---|
8,6 → 8,7 |
$wl_iptables_dir="/usr/local/share/iptables-wl/"; |
$bl_dnsmasq_dir="/usr/local/share/dnsmasq-bl/"; |
$wl_dnsmasq_dir="/usr/local/share/dnsmasq-wl/"; |
if(isset($_GET['ossi'])) $ossi = $_GET['ossi']; |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) |
62,6 → 63,31 |
} |
if($liste == "bl") |
{ |
if(isset($ossi)) |
{ |
$bl_categorie_domain_file = $bl_dnsmasq_dir."-enabled/".$categorie; |
$bl_categorie_ip_file = $bl_iptables_dir.$categorie; |
if(isset($_GET['nb_domains']) && isset($_GET['nb_urls']) && isset($_GET['nb_ip'])) |
{ |
$nb_domains = $_GET['nb_domains']; |
$nb_ip = $_GET['nb_ip']; |
} |
else |
{ |
if (file_exists($bl_categorie_domain_file)) |
$nb_domains = exec("wc -l $bl_categorie_domain_file | cut -d ' ' -f1"); |
else |
$nb_domains = $l_error_open_file." ".$bl_categorie_domain_file; |
if(file_exists($bl_categorie_ip_file)) |
$nb_ip = exec("wc -l $bl_categorie_ip_file | cut -d ' ' -f1"); |
else |
$nb_ip = $l_error_open_file." ".$bl_categorie_ip_file; |
} |
} |
else |
{ |
$bl_categorie_domain_file = $bl_dnsmasq_dir.$categorie.".conf"; |
$bl_categorie_url_file = $bl_dir.$categorie."/urls"; |
$bl_categorie_ip_file = $bl_iptables_dir.$categorie; |
86,9 → 112,34 |
else |
$nb_ip = $l_error_open_file." ".$bl_categorie_ip_file; |
} |
} |
} |
else |
{ |
if(isset($ossi)) |
{ |
$wl_categorie_domain_file = "/usr/local/share/dnsmasq-wl-enabled/".$categorie; |
$wl_categorie_ip_file = "/usr/local/share/iptables-wl-enabled/".$categorie; |
if(isset($_GET['nb_domains']) && isset($_GET['nb_urls']) && isset($_GET['nb_ip'])) |
{ |
$nb_domains = $_GET['nb_domains']; |
$nb_ip = $_GET['nb_ip']; |
} |
else |
{ |
if (file_exists($wl_categorie_domain_file)) |
$nb_domains = exec("wc -l $wl_categorie_domain_file | cut -d ' ' -f1"); |
else |
$nb_domains = $l_error_open_file." ".$wl_categorie_domain_file; |
if(file_exists($wl_categorie_ip_file)) |
$nb_ip = exec("wc -l $wl_categorie_ip_file | cut -d ' ' -f1"); |
else |
$nb_ip = $l_error_open_file." ".$wl_categorie_ip_file; |
} |
} |
else |
{ |
$wl_categorie_domain_file = $wl_dnsmasq_dir.$categorie.".conf"; |
$wl_categorie_ip_file = $wl_iptables_dir.$categorie; |
if(isset($_GET['nb_domains'])) |
106,10 → 157,11 |
$nb_urls = 0; |
$nb_ip = 0; |
} |
} |
} |
$global_usage = file($bl_dir."global_usage"); |
$langue = strtoupper($Language); |
if(isset($categorie)) |
if(isset($categorie) && !isset($ossi)) |
{ |
$fin1 = 0; $fin2 = 0; |
foreach($global_usage as $line) |
151,11 → 203,20 |
$filtre_url = $liste == "bl" ? $bl_categorie_url_file : ""; |
$filtre_ip = $liste == "bl" ? $bl_categorie_ip_file : $wl_categorie_ip_file; |
$compat_categorie=strtr($categorie,"-","_"); |
if(!isset($ossi)) |
{ |
echo "<br><center><b>$l_name_cat</b></center>"; |
echo "<center><b>$l_description_cat</b></center><br>"; |
echo "$l_nb_domains <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_domain&titre=domain&nb_domains=$nb_domains&nb_urls=$nb_urls&nb_ip=$nb_ip'>$nb_domains</a></b><br>"; |
echo "$l_nb_urls <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_url&titre=url&nb_domains=$nb_domains&nb_urls=$nb_urls&nb_ip=$nb_ip'>$nb_urls</a></b><br>"; |
echo "$l_nb_ip <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_ip&titre=ip&nb_domains=$nb_domains&nb_urls=$nb_urls&nb_ip=$nb_ip'>$nb_ip</a></b><br>"; |
} |
else |
{ |
echo "$l_nb_domains <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_domain&titre=domain&nb_domains=$nb_domains&nb_ip=$nb_ip&ossi=yes'>$nb_domains</a></b><br>"; |
echo "$l_nb_ip <b><a href='?liste=$liste&cat=$categorie&filtre=$filtre_ip&titre=ip&nb_domains=$nb_domains&nb_ip=$nb_ip&ossi=yes'>$nb_ip</a></b><br>"; |
} |
?> |
</td></tr> |
</TABLE> |
178,13 → 239,16 |
</TABLE> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left"> |
<?php |
<?php |
if($titre == "domain") |
{ |
$filtre = $liste == "bl" ? $bl_categorie_domain_file : $wl_categorie_domain_file; |
exec("head -n 15 $filtre | cut -d '/' -f2", $resultat); |
} |
elseif($titre == "ip") |
{ |
$filtre = $liste == "bl" ? $bl_categorie_ip_file : $wl_categorie_ip_file; |
exec("head -n 15 $filtre | cut -d ' ' -f3", $resultat); |
} |
else |
/web/acc/admin/bl_filter.php |
---|
29,11 → 29,11 |
} |
if($color == "white") |
{ |
return preg_replace("/(.*)\n/", "add whitelist_ip_allowed $1\n", $new_list); |
return preg_replace("/(.*)\n/", "add wl_ip_allowed $1\n", $new_list); |
} |
else |
{ |
return preg_replace("/(.*)\n/", "add blacklist_ip_blocked $1\n", $new_list); |
return preg_replace("/(.*)\n/", "add bl_ip_blocked $1\n", $new_list); |
} |
} |
function echo_file ($filename) |
191,7 → 191,7 |
$dir_tmp="/tmp/blacklists"; |
$upload_dir_ip = "/usr/local/share/iptables-bl-enabled/"; |
$upload_dir_domain_names = "/usr/local/share/dnsmasq-bl-enabled/"; |
$cron_apache = "/etc/cron.d/alcasar-update-categories"; |
$cron_apache = "/etc/cron.d/alcasar-update-cat"; |
# default values |
if (is_file ($conf_file)) |
{ |
235,9 → 235,20 |
{ |
$line=str_replace('chk-','',$key)."\n"; |
fwrite($pointeur,$line); |
if(trim($line) == 'malware') |
{ |
$cron_malware = 1; |
$fichier=fopen($cron_apache,"w+"); |
fputs($fichier, "# update malware categories every 12 hours\n"); |
fputs($fichier, "* 0-23/12 * * * /usr/local/bin/alcasar-bl.sh --update-cat malware rsync://ftp.ut-capitole.fr/blacklist/dest/malware\n"); |
} |
} |
} |
if(!$cron_malware) |
{ |
$fichier=fopen($cron_apache,"w+"); |
fputs($fichier, "# malware updates disabled\n"); |
} |
fclose($pointeur); |
} |
295,7 → 306,7 |
exec("sort -u $upload_dir_ip\ossi_ip > $upload_dir_ip\ossi-$nom && rm -f $upload_dir_ip\ossi_ip"); |
# On adapte le fichier à la sauvegarde du set |
exec("sed -i \"s/^/add blacklist_ip_blocked /g\" $upload_dir_ip\ossi-$nom"); |
exec("sed -i \"s/^/add bl_ip_blocked /g\" $upload_dir_ip\ossi-$nom"); |
# On extrait uniquement les noms de domaine |
444,7 → 455,7 |
exec("cd $upload_dir_ip && ls | grep ossi-", $fichiersIp); |
foreach($fichiersIp as $fichier => $value) |
{ |
echo "<tr><td><center>".exec("sed 's/^.....//g' <<< $value")."</center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>"; |
echo "<tr><td><center><a href='bl_categories_help.php?liste=bl&cat=$value&ossi=yes&filtre=domain' target='cat_help' onclick=window.open('bl_categories_help','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>".exec("sed 's/^.....//g' <<< $value")."</a></center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>"; |
} |
echo "</table><br/></td></form><form action='bl_filter.php' method='POST' enctype='multipart/form-data'>"; |
echo "<input type='hidden' name='choix' value='MAJ_ip_file_upload'><td width=50% colspan=5 align=center>"; |
/web/acc/admin/wl_filter.php |
---|
29,11 → 29,11 |
} |
if($color == "white") |
{ |
return preg_replace("/(.*)\n/", "add whitelist_ip_allowed $1\n", $new_list); |
return preg_replace("/(.*)\n/", "add wl_ip_allowed $1\n", $new_list); |
} |
else |
{ |
return preg_replace("/(.*)\n/", "add blacklist_ip_blocked $1\n", $new_list); |
return preg_replace("/(.*)\n/", "add bl_ip_blocked $1\n", $new_list); |
} |
} |
function echo_file ($filename) |
254,7 → 254,7 |
exec("sort -u $upload_dir_ip\ossi_ip > $upload_dir_ip\ossi-$nom && rm -f $upload_dir_ip\ossi_ip"); |
# On adapte le fichier à la sauvegarde du set |
exec("sed -i \"s/^/add whitelist_ip_allowed /g\" $upload_dir_ip\ossi-$nom"); |
exec("sed -i \"s/^/add wl_ip_allowed /g\" $upload_dir_ip\ossi-$nom"); |
# On extrait uniquement les noms de domaine |
# max_tld() retourne le nombre max de charactere pour un top-level dns |
354,10 → 354,10 |
echo "<tr><td width=50% colspan=5 align=center>"; |
echo "<H3>$l_file_list</H3>"; |
echo "<table cellspacing=2 cellpadding=3 border=1><tr><th>$l_file_name<th>$l_nb_ip<th>$l_nb_domain_names<th>$l_file_remove</tr>"; |
exec("cd $upload_dir_ip && ls | grep ossi-", $fichiersIp); |
exec("cd $upload_dir_ip && ls ossi-*", $fichiersIp); |
foreach($fichiersIp as $fichier => $value) |
{ |
echo "<tr><td><center>".exec("sed 's/^.....//g' <<< $value")."</center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>"; |
echo "<tr><td><center><a href='bl_categories_help.php?liste=wl&cat=$value&ossi=yes&filtre=domain' target='cat_help' onclick=window.open('bl_categories_help','cat_help','width=600,height=450,toolbar=no,scrollbars=yes,resizable=yes') title='categories help page'>".exec("sed 's/^.....//g' <<< $value")."</a></center></td><td><center>".exec("wc -l $upload_dir_ip$value | awk '{print $1}'")."</center></td><td><center>".exec("wc -l $upload_dir_domain_names$value | awk '{print $1}'")."</center></td><td><center><input type='submit' name='$value' value='$l_remove'></center></td></tr>"; |
} |
echo "</table><br/></td></form><form action='wl_filter.php' method='POST' enctype='multipart/form-data'>"; |
echo "<input type='hidden' name='choix' value='MAJ_ip_file_upload'><td width=50% colspan=5 align=center>"; |
/web/acc/manager/htdocs/security.php |
---|
12,6 → 12,11 |
<link rel="stylesheet" href="../../../css/bootstrap.min.css"> |
<script src="../../../js/jquery.min.js"></script> |
<script src="../../../js/bootstrap.min.js"></script> |
<style> |
body { |
background-color: #EFEFEF; |
} |
</style> |
</HEAD> |
<body> |
/web/index.php |
---|
104,8 → 104,8 |
{ |
# cas où l'utilisateur non-loggué décide de joindre une page HTTP/S => redirection http://URL |
# ALCASAR => redirection index.php |
# on place l'IP de l'utilisateur dans un ipset user_not_connected pour ne pas boucler |
exec("sudo /usr/sbin/ipset add user_not_connected_yet $remote_ip"); |
# on place l'IP de l'utilisateur dans un ipset not_auth_yet pour ne pas boucler |
exec("sudo /usr/sbin/ipset add not_auth_yet $remote_ip"); |
if(!$direct_access) |
{ |
header("Cache-Control: no-cache, must-revalidate"); |