| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 2768 2019-11-24 15:19:27Z rexy $
|
2 |
# $Id: alcasar.sh 2769 2019-11-24 22:31:36Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
5 |
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
# team@alcasar.net
|
7 |
# team@alcasar.net
|
| Line 1818... |
Line 1818... |
| 1818 |
EOF
|
1818 |
EOF
|
| 1819 |
} # End of dhcpd()
|
1819 |
} # End of dhcpd()
|
| 1820 |
|
1820 |
|
| 1821 |
##########################################################
|
1821 |
##########################################################
|
| 1822 |
## Function "BL" ##
|
1822 |
## Function "BL" ##
|
| 1823 |
## - copy Toulouse BL ##
|
- |
|
| 1824 |
## - adapt this BL to ALCASAR architecture ##
|
1823 |
## - copy & adapt Toulouse BL to ALCASAR architecture ##
|
| 1825 |
## - domain names for unbound-bl & unbound-wl ##
|
1824 |
## - domain names for unbound-bl & unbound-wl ##
|
| 1826 |
## - URLs for EĀ²guardian ##
|
1825 |
## - URLs for EĀ²guardian ##
|
| 1827 |
## - IPs for NetFilter ##
|
1826 |
## - IPs for NetFilter ##
|
| - |
|
1827 |
## - copy additional BLs (TOR + Ultrasurf + C&C) ##
|
| 1828 |
##########################################################
|
1828 |
##########################################################
|
| 1829 |
BL()
|
1829 |
BL()
|
| 1830 |
{
|
1830 |
{
|
| 1831 |
# copy the Toulouse university BL in order to be adapted to ALCASAR architecture (alcasar-bl.sh -adapt)
|
1831 |
# copy the Toulouse university BL in order to be adapted to ALCASAR architecture (alcasar-bl.sh -adapt)
|
| 1832 |
rm -rf $DIR_DG/lists/blacklists
|
1832 |
rm -rf $DIR_DG/lists/blacklists
|
| 1833 |
mkdir -p /tmp/blacklists
|
1833 |
mkdir -p /tmp/blacklists
|
| 1834 |
cp $DIR_BLACKLIST/blacklists.tar.gz /tmp/blacklists/
|
1834 |
cp $DIR_BLACKLIST/blacklists.tar.gz /tmp/blacklists/
|
| 1835 |
# creation of the custom BL and WL categorie named "ossi" (for domain names & ip only)
|
1835 |
# creation of the additional BL and WL categorie named "ossi" (for domain names & ip only)
|
| 1836 |
mkdir -p $DIR_DG/lists/blacklists/ossi-bl
|
1836 |
mkdir -p $DIR_DG/lists/blacklists/ossi-bl
|
| 1837 |
touch $DIR_DG/lists/blacklists/ossi-bl/domains
|
1837 |
touch $DIR_DG/lists/blacklists/ossi-bl/domains
|
| 1838 |
echo "ossi-bl" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
|
1838 |
echo "ossi-bl" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
|
| 1839 |
mkdir -p $DIR_DG/lists/blacklists/ossi-wl
|
1839 |
mkdir -p $DIR_DG/lists/blacklists/ossi-wl
|
| 1840 |
touch $DIR_DG/lists/blacklists/ossi-wl/domains
|
1840 |
touch $DIR_DG/lists/blacklists/ossi-wl/domains
|
| 1841 |
echo "ossi-wl" >> $DIR_DEST_ETC/alcasar-wl-categories-enabled
|
1841 |
echo "ossi-wl" >> $DIR_DEST_ETC/alcasar-wl-categories-enabled
|
| 1842 |
# add custom ALCASAR BL files
|
1842 |
# add additional BL files
|
| - |
|
1843 |
# download C&C BL, install it and enable it by default
|
| - |
|
1844 |
$DIR_DEST_BIN/alcasar-bl.sh --install_ossi_candc
|
| - |
|
1845 |
# copy all other additional BL
|
| 1843 |
for x in $(ls $DIR_BLACKLIST | grep -v "^blacklist")
|
1846 |
for x in $(ls $DIR_BLACKLIST | grep -v "^blacklist")
|
| 1844 |
do
|
1847 |
do
|
| 1845 |
mkdir $DIR_DG/lists/blacklists/ossi-bl-$x
|
1848 |
mkdir $DIR_DG/lists/blacklists/ossi-bl-$x
|
| 1846 |
cp $DIR_BLACKLIST/$x $DIR_DG/lists/blacklists/ossi-bl-$x/domains
|
1849 |
cp $DIR_BLACKLIST/$x $DIR_DG/lists/blacklists/ossi-bl-$x/domains
|
| 1847 |
echo "ossi-bl-$x" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
|
1850 |
echo "ossi-bl-$x" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
|
| Line 1924... |
Line 1927... |
| 1924 |
# start dead daemons (after boot process and every 18')
|
1927 |
# start dead daemons (after boot process and every 18')
|
| 1925 |
@reboot root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
|
1928 |
@reboot root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
|
| 1926 |
*/18 * * * * root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
|
1929 |
*/18 * * * * root $DIR_DEST_BIN/alcasar-daemon.sh > /dev/null 2>&1
|
| 1927 |
EOF
|
1930 |
EOF
|
| 1928 |
cat <<EOF > /etc/cron.d/alcasar-rsync-bl
|
1931 |
cat <<EOF > /etc/cron.d/alcasar-rsync-bl
|
| 1929 |
# Automatic update the BL via rsync (every 12 hours). The enabled categories are listed in '/usr/local/etc/update_cat.conf' (no sync if empty).
|
1932 |
# Automatic update the BL (every 12 hours). The enabled categories are listed in '/usr/local/etc/update_cat.conf' (no sync if empty).
|
| 1930 |
0 */12 * * * root $DIR_DEST_BIN/alcasar-bl.sh --update_cat > /dev/null 2>&1
|
1933 |
0 */12 * * * root $DIR_DEST_BIN/alcasar-bl-autoupdate.sh --update_cat > /dev/null 2>&1
|
| - |
|
1934 |
EOF
|
| - |
|
1935 |
cat <<EOF > /etc/cron.d/alcasar-rsync-ossi_bl
|
| - |
|
1936 |
# Automatic update the OSSI BLs (every 12 hours) by running the custom update scripts specified in '/usr/local/etc/update_ossi_cat.conf'.
|
| - |
|
1937 |
0 */12 * * * root /bin/bash /usr/local/etc/update_ossi_cat.conf > /dev/null 2>&1
|
| 1931 |
EOF
|
1938 |
EOF
|
| 1932 |
cat <<EOF > /etc/cron.d/alcasar-letsencrypt
|
1939 |
cat <<EOF > /etc/cron.d/alcasar-letsencrypt
|
| 1933 |
# Automatic renew the Let's Encrypt certificate (daily --> see "cron.daily")
|
1940 |
# Automatic renew the Let's Encrypt certificate (daily --> see "cron.daily")
|
| 1934 |
@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1
|
1941 |
@daily root $DIR_DEST_BIN/alcasar-letsencrypt.sh --cron > /dev/null 2>&1
|
| 1935 |
EOF
|
1942 |
EOF
|