WebSVN – ALCASAR – Diff – /scripts/alcasar-bl.sh


#/bin/bash
 
# $Id: alcasar-bl.sh 1365 2014-05-28 14:38:29Z richard $
 
# alcasar-bl.sh
# by Franck BOUIJOUX and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
 
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian)
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian)
 
DIR_CONF="/usr/local/etc"
CONF_FILE="$DIR_CONF/alcasar.conf"
private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1`			# ALCASAR LAN IP address
DIR_tmp="/tmp/blacklists"
FILE_tmp="/tmp/filesfilter.txt"
FILE_ip_tmp="/tmp/filesipfilter.txt"
FILE_IP_WL="/usr/local/share/ossi_wl"
DIR_DG="/etc/dansguardian/lists"
DIR_DG_BL="$DIR_DG/blacklists"
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories"				# list of names of the 	BL categories
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories"				#'	'		WL	'
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled"		#	'	'	BL enabled categories
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled"		#	'	'	WL enabled categories
DIR_SHARE="/usr/local/share"
DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl"					# all the BL in the DNSMASQ format
DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl"					# all the WL	'	'	'
DIR_IP_BL="$DIR_SHARE/iptables-bl"					# all the IP addresses of the BL 
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled"			# symbolic link to the dnsmasq	BL (only enabled categories)
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled"			#	'	'	'	WL	'	'	'
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled"			#	'	'	ip BL (only enabled categories)	
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf"				# conf file of dnsmasq-blacklist
DNS1=`grep "DNS1" $CONF_FILE | cut -d '=' -f 2` 			# server DNS1 (for WL domain names)
BL_SERVER="dsi.ut-capitole.fr"
SED="/bin/sed -i"
 
# enable/disable the BL & WL categories
function cat_choice (){
	# saving ip files and ossi category
	mkdir $DIR_tmp
	cp $DIR_IP_BL_ENABLED/ossi-* $DIR_tmp
	cp $DIR_IP_BL/ossi $DIR_tmp
	rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED # cleaning for dnsmasq and iptables
	$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG
	$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines)
	mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED 
	chown apache $DIR_IP_BL_ENABLED
	# process the file $BL_CATEGORIES with the choice of categories 
	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` 
	do
		$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES 
		$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
		ln -s $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE
		ln -s $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE
		# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist  # Blacklisted domains are managed by dnsmasq
		echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist
	done
	sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp
	mv $FILE_tmp $BL_CATEGORIES
	# process the file $WL_CATEGORIES with the choice of categories 
	for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED` 
	do
		$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES 
		$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES
		ln -s $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE
	done
	sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp
	mv $FILE_tmp $WL_CATEGORIES
	# restoring ip files and ossi category
	mv $DIR_tmp/ossi $DIR_IP_BL
	chown apache $DIR_IP_BL/ossi
	mv $DIR_tmp/ossi-* $DIR_IP_BL_ENABLED
	rm -rf $DIR_tmp
}
function bl_enable (){
	$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf
	if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage
	then
		service dansguardian restart
		service dnsmasq restart
		/usr/local/bin/alcasar-iptables.sh
	fi
}
function bl_disable (){
	rm -rf $DIR_DNS_BL_ENABLED/*
	$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf
	$SED "/google/d" $DNSMASQ_BL_CONF # remove nosslsearch server
	$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist  # remove safe searching
	$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist # remove pureip browsing
	if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage
	then
		service dansguardian restart
		service dnsmasq restart
		/usr/local/bin/alcasar-iptables.sh
	fi
}
usage="Usage: alcasar-bl.sh { -on or --on } | { -off or --off } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload }"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
 
 
	echo "Set BlackList Filtering to ON"
 
	cat_choice
	bl_enable
 
 
 
	exit 0
fi
case $args in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	# enable the filtering
	-on | --on)	
		cat_choice
		$SED "s?^DNS_FILTERING.*?DNS_FILTERING=on?g" $CONF_FILE
		bl_enable
		;;
	# disable the filtering
	-off | --off)
		$SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE
		bl_disable
		;;
	# Retrieve Toulouse BL
	-download | --download)
		rm -rf /tmp/con_ok.html
		`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`
		if [ ! -e /tmp/con_ok.html ]
		then
			echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable"
		else 
			rm -rf /tmp/con_ok.html $DIR_tmp
			mkdir $DIR_tmp
			wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz
			md5sum $DIR_tmp/blacklists.tar.gz | cut -d" " -f1 > $DIR_tmp/md5sum
			chown -R apache:apache $DIR_tmp
		fi
		;;		
	# Adapt Toulouse BL to ALCASAR architecture (dnsmasq + DG + iptables)
	-adapt | --adapt)
		echo -n "Toulouse BlackList migration process. Please wait : "
		# Saving whitelist ip
		if [ -e $FILE_IP_WL ]
		then
			cp $FILE_IP_WL $DIR_tmp
		else
			touch $FILE_IP_WL
			chown apache $FILE_IP_WL
		fi
		# Saving ossi category
		cp $DIR_IP_BL/ossi $DIR_tmp/ossi-ip
		if [ -f $DIR_tmp/blacklists.tar.gz ]
		then
			[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp
			rm -rf $DIR_DG_BL
			mkdir $DIR_DG_BL
			tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
			[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/
		fi
		rm -f $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED
		rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL
		touch $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED
		mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL
		chown -R dansguardian:apache $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED
		chmod -R g+w $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED
		find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist
		$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix
		for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files
		do
			categorie=`echo $dir_categorie|cut -d "/" -f6`
			categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie $DIR_DG_BL/global_usage | grep ^DEFAULT_TYPE | cut -d":" -f2 | tr -d " \t"`
			if [ "$categorie_type" == "white" ]
			then
				echo "$dir_categorie" >> $WL_CATEGORIES 
				echo `basename $dir_categorie` >> $WL_CATEGORIES_ENABLED  # by default all WL are enabled 
			else
				echo "$dir_categorie" >> $BL_CATEGORIES
			fi
		done
		rm -f $FILE_tmp
		# Verify that the enabled categories are effectively in the BL (need after an update of the BL)
		for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` 
		do
			ok=`grep /$ENABLE_CATEGORIE$ $BL_CATEGORIES|wc -l`
			if [ $ok != "1" ] 
			then
				$SED "/^$ENABLE_CATEGORIE$/d" $BL_CATEGORIES_ENABLED
			fi
		done
		# Creation of DNSMASQ and Iptables BL and WL
		for LIST in $BL_CATEGORIES $WL_CATEGORIES	# for each list (bl and wl)
		do
			for PATH_FILE in `cat $LIST` # for each category
			do
				DOMAINE=`basename $PATH_FILE`
				echo -n "$DOMAINE, "
		  		if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist
				then
					touch $PATH_FILE/urls
					chown dansguardian:apache $PATH_FILE/urls
				fi
				$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors
				
				# retrieve the ip addresses for iptables
				# create an set save for the selected category
				awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add blacklist_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp
 
				# for dnsmask, remove IP addesses, accented characters and commented lines.
				egrep  -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp
				$SED "/[äâëêïîöôüû]/d" $FILE_tmp
				$SED "/^#.*/d" $FILE_tmp
 
 
				if [ "$LIST" == "$BL_CATEGORIES" ]
				then
					# adapt to the dnsmasq syntax for the blacklist
					$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp 
					mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf
					mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE
				else
					# adapt to the dnsmasq syntax for the whitelist
					$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp 
					mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf
				fi
			done
		done
		rm -f $FILE_tmp $FILE_ip_tmp
		# Restoring ossi category
		mv $DIR_tmp/ossi-ip $DIR_IP_BL/ossi
		# Restoring whitelist ip
		if [ -e $DIR_tmp/ossi_wl ]
		then
			mv $DIR_tmpi/ossi_wl /usr/local/share/
		fi
		rm -rf $DIR_tmp
		echo
		;;
	# reload when categories are changed 
	-reload | --reload)
		# for DG
		chown -R dansguardian:apache $DIR_DG_BL/ossi
		chmod -R g+w $DIR_DG_BL/ossi
		cat_choice
		#  for dnsmasq (rehabited domain names)
		if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ]
		then
			for i in `cat $DIR_DG/exceptionsitelist`
			do
				$SED "/$i/d" $DIR_DNS_BL/*
			done
		fi
		cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_BL/ossi.conf
		$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_BL/ossi.conf
		cp -f $DIR_DG_BL/ossi/domains_wl $DIR_DNS_WL/ossi.conf
 
 
 
		bl_enable
 
 
 
		;;
	*)
		echo "Argument inconnu :$1";
		echo "$usage"
		exit 1
		;;
esac
 
 

Rev 1363	Rev 1365
1	`#/bin/bash`	1	`#/bin/bash`
2		2
3	`# $Id: alcasar-bl.sh 1363 2014-05-26 22:07:44Z richard $`	3	`# $Id: alcasar-bl.sh 1365 2014-05-28 14:38:29Z richard $`
4		4
5	`# alcasar-bl.sh`	5	`# alcasar-bl.sh`
6	`# by Franck BOUIJOUX and Richard REY`	6	`# by Franck BOUIJOUX and Richard REY`
7	`# This script is distributed under the Gnu General Public License (GPL)`	7	`# This script is distributed under the Gnu General Public License (GPL)`
8		8
9	`# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian)`	9	`# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian)`
10	`# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian)`	10	`# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian)`
11		11
12	`DIR_CONF="/usr/local/etc"`	12	`DIR_CONF="/usr/local/etc"`
13	`CONF_FILE="$DIR_CONF/alcasar.conf"`	13	`CONF_FILE="$DIR_CONF/alcasar.conf"`
14	private_ip_mask=`grep PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`	14	private_ip_mask=`grep PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`
15	`private_ip_mask=${private_ip_mask:=192.168.182.1/24}`	15	`private_ip_mask=${private_ip_mask:=192.168.182.1/24}`
16	PRIVATE_IP=`echo $private_ip_mask \| cut -d"/" -f1` # ALCASAR LAN IP address	16	PRIVATE_IP=`echo $private_ip_mask \| cut -d"/" -f1` # ALCASAR LAN IP address
17	`DIR_tmp="/tmp/blacklists"`	17	`DIR_tmp="/tmp/blacklists"`
18	`FILE_tmp="/tmp/filesfilter.txt"`	18	`FILE_tmp="/tmp/filesfilter.txt"`
19	`FILE_ip_tmp="/tmp/filesipfilter.txt"`	19	`FILE_ip_tmp="/tmp/filesipfilter.txt"`
-		20	`FILE_IP_WL="/usr/local/share/ossi_wl"`
20	`DIR_DG="/etc/dansguardian/lists"`	21	`DIR_DG="/etc/dansguardian/lists"`
21	`DIR_DG_BL="$DIR_DG/blacklists"`	22	`DIR_DG_BL="$DIR_DG/blacklists"`
22	`BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories`	23	`BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories`
23	`WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" #' ' WL '`	24	`WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" #' ' WL '`
24	`BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" # ' ' BL enabled categories`	25	`BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" # ' ' BL enabled categories`
25	`WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled" # ' ' WL enabled categories`	26	`WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled" # ' ' WL enabled categories`
26	`DIR_SHARE="/usr/local/share"`	27	`DIR_SHARE="/usr/local/share"`
27	`DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl" # all the BL in the DNSMASQ format`	28	`DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl" # all the BL in the DNSMASQ format`
28	`DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl" # all the WL ' ' '`	29	`DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl" # all the WL ' ' '`
29	`DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL`	30	`DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL`
30	`DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the dnsmasq BL (only enabled categories)`	31	`DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the dnsmasq BL (only enabled categories)`
31	`DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' ' '`	32	`DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' ' '`
32	`DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories)`	33	`DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories)`
33	`DNSMASQ_BL_CONF="/etc/dnsmasq-blackhole.conf" # conf file of dnsmasq-blackhole`	34	`DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf" # conf file of dnsmasq-blacklist`
-		35	DNS1=`grep "DNS1" $CONF_FILE \| cut -d '=' -f 2` # server DNS1 (for WL domain names)
34	`BL_SERVER="dsi.ut-capitole.fr"`	36	`BL_SERVER="dsi.ut-capitole.fr"`
35	`SED="/bin/sed -i"`	37	`SED="/bin/sed -i"`
36		38
37	`# enable/disable the BL & WL categories`	39	`# enable/disable the BL & WL categories`
38	`function cat_choice (){`	40	`function cat_choice (){`
39	`# saving ip files and ossi category`	41	`# saving ip files and ossi category`
40	`mkdir $DIR_tmp`	42	`mkdir $DIR_tmp`
41	`cp $DIR_IP_BL_ENABLED/ossi-* $DIR_tmp`	43	`cp $DIR_IP_BL_ENABLED/ossi-* $DIR_tmp`
42	`cp $DIR_IP_BL/ossi $DIR_tmp`	44	`cp $DIR_IP_BL/ossi $DIR_tmp`
43	`rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED # cleaning for dnsmasq and iptables`	45	`rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED # cleaning for dnsmasq and iptables`
44	`$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG`	46	`$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG`
45	`$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines)`	47	`$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines)`
46	`mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED`	48	`mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED`
47	`chown apache $DIR_IP_BL_ENABLED`	49	`chown apache $DIR_IP_BL_ENABLED`
48	`# process the file $BL_CATEGORIES with the choice of categories`	50	`# process the file $BL_CATEGORIES with the choice of categories`
49	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`	51	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
50	`do`	52	`do`
51	`$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES`	53	`$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES`
52	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES`	54	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES`
53	`ln -s $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE`	55	`ln -s $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE`
54	`ln -s $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE`	56	`ln -s $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE`
55	`# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # Blacklisted domains are managed by dnsmasq`	57	`# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # Blacklisted domains are managed by dnsmasq`
56	`echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist`	58	`echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist`
57	`done`	59	`done`
58	`sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp`	60	`sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp`
59	`mv $FILE_tmp $BL_CATEGORIES`	61	`mv $FILE_tmp $BL_CATEGORIES`
60	`# process the file $WL_CATEGORIES with the choice of categories`	62	`# process the file $WL_CATEGORIES with the choice of categories`
61	for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`	63	for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`
62	`do`	64	`do`
63	`$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES`	65	`$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES`
64	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES`	66	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES`
65	`ln -s $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE`	67	`ln -s $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE`
66	`done`	68	`done`
67	`sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp`	69	`sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp`
68	`mv $FILE_tmp $WL_CATEGORIES`	70	`mv $FILE_tmp $WL_CATEGORIES`
69	`# restoring ip files and ossi category`	71	`# restoring ip files and ossi category`
70	`mv $DIR_tmp/ossi $DIR_IP_BL`	72	`mv $DIR_tmp/ossi $DIR_IP_BL`
71	`chown apache $DIR_IP_BL/ossi`	73	`chown apache $DIR_IP_BL/ossi`
72	`mv $DIR_tmp/ossi-* $DIR_IP_BL_ENABLED`	74	`mv $DIR_tmp/ossi-* $DIR_IP_BL_ENABLED`
73	`rm -rf $DIR_tmp`	75	`rm -rf $DIR_tmp`
74	`}`	76	`}`
75	`function bl_enable (){`	77	`function bl_enable (){`
76	`$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf`	78	`$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf`
77	`if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage`	79	`if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage`
78	`then`	80	`then`
79	`service dansguardian restart`	81	`service dansguardian restart`
80	`service dnsmasq restart`	82	`service dnsmasq restart`
81	`/usr/local/bin/alcasar-iptables.sh`	83	`/usr/local/bin/alcasar-iptables.sh`
82	`fi`	84	`fi`
83	`}`	85	`}`
84	`function bl_disable (){`	86	`function bl_disable (){`
85	`rm -rf $DIR_DNS_BL_ENABLED/*`	87	`rm -rf $DIR_DNS_BL_ENABLED/*`
86	`$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf`	88	`$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf`
87	`$SED "/google/d" $DNSMASQ_BL_CONF # remove nosslsearch server`	89	`$SED "/google/d" $DNSMASQ_BL_CONF # remove nosslsearch server`
88	`$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist # remove safe searching`	90	`$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist # remove safe searching`
89	`$SED "s/^\ip$/#ip/g" $DIR_DG/bannedsitelist # remove pureip browsing`	91	`$SED "s/^\ip$/#ip/g" $DIR_DG/bannedsitelist # remove pureip browsing`
90	`if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage`	92	`if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage`
91	`then`	93	`then`
92	`service dansguardian restart`	94	`service dansguardian restart`
93	`service dnsmasq restart`	95	`service dnsmasq restart`
94	`/usr/local/bin/alcasar-iptables.sh`	96	`/usr/local/bin/alcasar-iptables.sh`
95	`fi`	97	`fi`
96	`}`	98	`}`
97	`usage="Usage: alcasar-bl.sh { -on or --on } \| { -off or --off } \| { -download or --download } \| { -adapt or --adapt } \| { -reload or --reload }"`	99	`usage="Usage: alcasar-bl.sh { -on or --on } \| { -off or --off } \| { -download or --download } \| { -adapt or --adapt } \| { -reload or --reload }"`
98	`nb_args=$#`	100	`nb_args=$#`
99	`args=$1`	101	`args=$1`
100	`if [ $nb_args -eq 0 ]`	102	`if [ $nb_args -eq 0 ]`
101	`then`	103	`then`
102	DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE\|cut -d"=" -f2` # DNS and URLs filter (on/off)	-
103	`DNS_FILTERING=${DNS_FILTERING:=off}`	-
104	`echo "Set BlackList Filtering to $DNS_FILTERING"`	104	`echo "Set BlackList Filtering to ON"`
105	`if [ $DNS_FILTERING = on ]; then`	-
106	`cat_choice`	105	`cat_choice`
107	`bl_enable`	106	`bl_enable`
108	`else`	-
109	`bl_disable`	-
110	`fi`	-
111	`exit 0`	107	`exit 0`
112	`fi`	108	`fi`
113	`case $args in`	109	`case $args in`
114	`-\? \| -h* \| --h*)`	110	`-\? \| -h* \| --h*)`
115	`echo "$usage"`	111	`echo "$usage"`
116	`exit 0`	112	`exit 0`
117	`;;`	113	`;;`
118	`# enable the filtering`	114	`# enable the filtering`
119	`-on \| --on)`	115	`-on \| --on)`
120	`cat_choice`	116	`cat_choice`
121	`$SED "s?^DNS_FILTERING.*?DNS_FILTERING=on?g" $CONF_FILE`	117	`$SED "s?^DNS_FILTERING.*?DNS_FILTERING=on?g" $CONF_FILE`
122	`bl_enable`	118	`bl_enable`
123	`;;`	119	`;;`
124	`# disable the filtering`	120	`# disable the filtering`
125	`-off \| --off)`	121	`-off \| --off)`
126	`$SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE`	122	`$SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE`
127	`bl_disable`	123	`bl_disable`
128	`;;`	124	`;;`
129	`# Retrieve Toulouse BL`	125	`# Retrieve Toulouse BL`
130	`-download \| --download)`	126	`-download \| --download)`
131	`rm -rf /tmp/con_ok.html`	127	`rm -rf /tmp/con_ok.html`
132	`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`	128	`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`
133	`if [ ! -e /tmp/con_ok.html ]`	129	`if [ ! -e /tmp/con_ok.html ]`
134	`then`	130	`then`
135	`echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable"`	131	`echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable"`
136	`else`	132	`else`
137	`rm -rf /tmp/con_ok.html $DIR_tmp`	133	`rm -rf /tmp/con_ok.html $DIR_tmp`
138	`mkdir $DIR_tmp`	134	`mkdir $DIR_tmp`
139	`wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz`	135	`wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz`
140	`md5sum $DIR_tmp/blacklists.tar.gz \| cut -d" " -f1 > $DIR_tmp/md5sum`	136	`md5sum $DIR_tmp/blacklists.tar.gz \| cut -d" " -f1 > $DIR_tmp/md5sum`
141	`chown -R apache:apache $DIR_tmp`	137	`chown -R apache:apache $DIR_tmp`
142	`fi`	138	`fi`
143	`;;`	139	`;;`
144	`# Adapt Toulouse BL to ALCASAR architecture (dnsmasq + DG + iptables)`	140	`# Adapt Toulouse BL to ALCASAR architecture (dnsmasq + DG + iptables)`
145	`-adapt \| --adapt)`	141	`-adapt \| --adapt)`
146	`echo -n "Migration process of Toulouse BlackList. Please wait : "`	142	`echo -n "Toulouse BlackList migration process. Please wait : "`
-		143	`# Saving whitelist ip`
-		144	`if [ -e $FILE_IP_WL ]`
-		145	`then`
-		146	`cp $FILE_IP_WL $DIR_tmp`
-		147	`else`
-		148	`touch $FILE_IP_WL`
-		149	`chown apache $FILE_IP_WL`
-		150	`fi`
147	`# Saving IP ossi category if exist else create it (ie : during the installaton process)`	151	`# Saving ossi category`
148	`[ -e $DIR_IP_BL/ossi ] && mv -f $DIR_IP_BL/ossi $DIR_tmp/ossi-ip`	152	`cp $DIR_IP_BL/ossi $DIR_tmp/ossi-ip`
149	`if [ -f $DIR_tmp/blacklists.tar.gz ]`	153	`if [ -f $DIR_tmp/blacklists.tar.gz ]`
150	`then`	154	`then`
151	`[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp`	155	`[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp`
152	`rm -rf $DIR_DG_BL`	156	`rm -rf $DIR_DG_BL`
153	`mkdir $DIR_DG_BL`	157	`mkdir $DIR_DG_BL`
154	`tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/`	158	`tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/`
155	`[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/`	159	`[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/`
156	`fi`	160	`fi`
157	`rm -f $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED`	161	`rm -f $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED`
158	`rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL`	162	`rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL`
159	`touch $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED`	163	`touch $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED`
160	`mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL`	164	`mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL`
161	`chown -R dansguardian:apache $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED`	165	`chown -R dansguardian:apache $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED`
162	`chmod -R g+w $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED`	166	`chmod -R g+w $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED`
163	`find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist`	167	`find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist`
164	`$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix`	168	`$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix`
165	for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files	169	for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files
166	`do`	170	`do`
167	categorie=`echo $dir_categorie\|cut -d "/" -f6`	171	categorie=`echo $dir_categorie\|cut -d "/" -f6`
168	categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie $DIR_DG_BL/global_usage \| grep ^DEFAULT_TYPE \| cut -d":" -f2 \| tr -d " \t"`	172	categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie $DIR_DG_BL/global_usage \| grep ^DEFAULT_TYPE \| cut -d":" -f2 \| tr -d " \t"`
169	`if [ "$categorie_type" == "white" ]`	173	`if [ "$categorie_type" == "white" ]`
170	`then`	174	`then`
171	`echo "$dir_categorie" >> $WL_CATEGORIES`	175	`echo "$dir_categorie" >> $WL_CATEGORIES`
172	echo `basename $dir_categorie` >> $WL_CATEGORIES_ENABLED # by default all WL are enabled	176	echo `basename $dir_categorie` >> $WL_CATEGORIES_ENABLED # by default all WL are enabled
173	`else`	177	`else`
174	`echo "$dir_categorie" >> $BL_CATEGORIES`	178	`echo "$dir_categorie" >> $BL_CATEGORIES`
175	`fi`	179	`fi`
176	`done`	180	`done`
177	`rm -f $FILE_tmp`	181	`rm -f $FILE_tmp`
178	`# Verify that the enabled categories are effectively in the BL (need after an update of the BL)`	182	`# Verify that the enabled categories are effectively in the BL (need after an update of the BL)`
179	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`	183	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
180	`do`	184	`do`
181	ok=`grep /$ENABLE_CATEGORIE$ $BL_CATEGORIES\|wc -l`	185	ok=`grep /$ENABLE_CATEGORIE$ $BL_CATEGORIES\|wc -l`
182	`if [ $ok != "1" ]`	186	`if [ $ok != "1" ]`
183	`then`	187	`then`
184	`$SED "/^$ENABLE_CATEGORIE$/d" $BL_CATEGORIES_ENABLED`	188	`$SED "/^$ENABLE_CATEGORIE$/d" $BL_CATEGORIES_ENABLED`
185	`fi`	189	`fi`
186	`done`	190	`done`
187	`# Creation of DNSMASQ and Iptables BL and WL`	191	`# Creation of DNSMASQ and Iptables BL and WL`
188	`for LIST in $BL_CATEGORIES $WL_CATEGORIES # for each list (bl and wl)`	192	`for LIST in $BL_CATEGORIES $WL_CATEGORIES # for each list (bl and wl)`
189	`do`	193	`do`
190	for PATH_FILE in `cat $LIST` # for each category	194	for PATH_FILE in `cat $LIST` # for each category
191	`do`	195	`do`
192	DOMAINE=`basename $PATH_FILE`	196	DOMAINE=`basename $PATH_FILE`
193	`echo -n "$DOMAINE, "`	197	`echo -n "$DOMAINE, "`
194	`if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist`	198	`if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist`
195	`then`	199	`then`
196	`touch $PATH_FILE/urls`	200	`touch $PATH_FILE/urls`
197	`chown dansguardian:apache $PATH_FILE/urls`	201	`chown dansguardian:apache $PATH_FILE/urls`
198	`fi`	202	`fi`
199	`$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors`	203	`$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors`
200		204
201	`# retrieve the ip addresses for iptables`	205	`# retrieve the ip addresses for iptables`
202	`# create an set save for the selected category`	206	`# create an set save for the selected category`
203	`awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add blacklist_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp`	207	`awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add blacklist_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp`
204		-
205	`# for dnsmask, remove IP addesses, accented characters and commented lines.`	208	`# for dnsmask, remove IP addesses, accented characters and commented lines.`
206	`egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp`	209	`egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp`
207	`$SED "/[äâëêïîöôüû]/d" $FILE_tmp`	210	`$SED "/[äâëêïîöôüû]/d" $FILE_tmp`
208	`$SED "/^#.*/d" $FILE_tmp`	211	`$SED "/^#.*/d" $FILE_tmp`
209	`# adapt to the dnsmasq syntax`	-
210	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp`	-
211	`if [ "$LIST" == "$BL_CATEGORIES" ]`	212	`if [ "$LIST" == "$BL_CATEGORIES" ]`
212	`then`	213	`then`
-		214	`# adapt to the dnsmasq syntax for the blacklist`
-		215	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp`
213	`mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf`	216	`mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf`
214	`mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE`	217	`mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE`
215	`else`	218	`else`
-		219	`# adapt to the dnsmasq syntax for the whitelist`
-		220	`$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp`
216	`mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf`	221	`mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf`
217	`fi`	222	`fi`
218	`done`	223	`done`
219	`done`	224	`done`
220	`rm -f $FILE_tmp $FILE_ip_tmp`	225	`rm -f $FILE_tmp $FILE_ip_tmp`
221	`# Restoring ossi-IP category`	226	`# Restoring ossi category`
222	`[ -e $DIR_tmp/ossi-ip ] && mv $DIR_tmp/ossi-ip $DIR_IP_BL/ossi`	227	`mv $DIR_tmp/ossi-ip $DIR_IP_BL/ossi`
-		228	`# Restoring whitelist ip`
-		229	`if [ -e $DIR_tmp/ossi_wl ]`
-		230	`then`
-		231	`mv $DIR_tmpi/ossi_wl /usr/local/share/`
-		232	`fi`
223	`rm -rf $DIR_tmp`	233	`rm -rf $DIR_tmp`
224	`echo`	234	`echo`
225	`;;`	235	`;;`
226	`# reload when categories are changed`	236	`# reload when categories are changed`
227	`-reload \| --reload)`	237	`-reload \| --reload)`
228	`# for DG`	238	`# for DG`
229	`chown -R dansguardian:apache $DIR_DG_BL/ossi`	239	`chown -R dansguardian:apache $DIR_DG_BL/ossi`
230	`chmod -R g+w $DIR_DG_BL/ossi`	240	`chmod -R g+w $DIR_DG_BL/ossi`
231	`cat_choice`	241	`cat_choice`
232	`# for dnsmasq (rehabited domain names)`	242	`# for dnsmasq (rehabited domain names)`
233	if [ `wc -w $DIR_DG/exceptionsitelist\|cut -d " " -f1` != "0" ]	243	if [ `wc -w $DIR_DG/exceptionsitelist\|cut -d " " -f1` != "0" ]
234	`then`	244	`then`
235	for i in `cat $DIR_DG/exceptionsitelist`	245	for i in `cat $DIR_DG/exceptionsitelist`
236	`do`	246	`do`
237	`$SED "/$i/d" $DIR_DNS_BL/*`	247	`$SED "/$i/d" $DIR_DNS_BL/*`
238	`done`	248	`done`
239	`fi`	249	`fi`
240	`cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_BL/ossi.conf`	250	`cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_BL/ossi.conf`
241	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_BL/ossi.conf`	251	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_BL/ossi.conf`
242	`cp -f $DIR_DG_BL/ossi/domains_wl $DIR_DNS_WL/ossi.conf`	252	`cp -f $DIR_DG_BL/ossi/domains_wl $DIR_DNS_WL/ossi.conf`
243	DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE\|cut -d"=" -f2` # DNS and URLs filter (on/off)	-
244	`DNS_FILTERING=${DNS_FILTERING:=off}`	-
245	`if [ $DNS_FILTERING = on ]; then`	-
246	`bl_enable`	253	`bl_enable`
247	`else`	-
248	`bl_disable`	-
249	`fi`	-
250	`;;`	254	`;;`
251	`*)`	255	`*)`
252	`echo "Argument inconnu :$1";`	256	`echo "Argument inconnu :$1";`
253	`echo "$usage"`	257	`echo "$usage"`
254	`exit 1`	258	`exit 1`
255	`;;`	259	`;;`
256	`esac`	260	`esac`
257		261
258		262

Subversion Repositories ALCASAR

(root)/scripts/alcasar-bl.sh @ 2919 – Rev 1363 → 1365