WebSVN – ALCASAR – Diff – /alcasar.sh



#!/bin/bash
#  $Id: alcasar.sh 2776 2020-03-10 23:06:07Z rexy $
 
# alcasar.sh
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
# This script is distributed under the Gnu General Public License (GPL)
#  team@alcasar.net

	touch $DIR_DG/lists/exceptionsitelist
	touch $DIR_DG/lists/exceptionurllist
# Add Bing to the safesearch url regext list (parental control)
	[ -e $DIR_DG/lists/urlregexplist.default ] || cp $DIR_DG/lists/urlregexplist $DIR_DG/lists/urlregexplist.default
	cat <<EOF >> $DIR_DG/lists/urlregexplist
 
# Bing - add 'adlt=strict'
#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
EOF
# 'Safesearch' regex actualisation
	$SED "s?images?search?g" $DIR_DG/lists/urlregexplist

	$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config			# log only when malware matches
	$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config		# 10 daemons are started simultaneously
	$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config		# doesn't scan image files
	$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
	$SED "s?^# SCANTEMPFILE.*?SCANTEMPFILE /var/tmp/havp/havp-XXXXXX?g" /etc/havp/havp.config		# Use our special tmp FS (memfs)
	$SED "s?^# TEMPDIR.*?TEMPDIR /var/tmp/havp?g" /etc/havp/havp.config		# Use our special tmp FS (memfs)
# skip checking of youtube flow (too heavy load / risk too low)
	[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
	echo "# Whitelist youtube flow" >> /etc/havp/whitelist
	echo "*.youtube.com/*" >> /etc/havp/whitelist
# adapt init script and systemd unit

Description=Netflow Capture Daemon
After=network-online.target iptables.service
 
[Service]
Type=exec
ExecStartPre=/bin/mkdir -p /run/nfcapd
ExecStartPre=/bin/chown nfcapd:nfcapd /run/nfcapd
PIDFile=/run/nfcapd/nfcapd.pid
ExecStart=/usr/bin/nfcapd -w -D -b 127.0.0.1 -p 2055 -u nfcapd -g nfcapd -B 200000 -t 300 -S 7 -z -P /run/nfcapd/nfcapd.pid -I alcasar_netflow -l /var/log/nfsen/profile-data/live/alcasar_netflow
ExecReload=/bin/kill -HUP $MAINPID
 
[Install]

[ -e /etc/security/msec/security.conf.default ] || cp /etc/security/msec/security.conf /etc/security/msec/security.conf.default
echo "BASE_LEVEL=fileserver" > /etc/security/msec/security.conf
 
# Set permissions monitoring and enforcement
cat <<EOF > /etc/security/msec/perm.local
/var/log/firewall/                     root.apache     750
/var/log/firewall/*                     root.apache     640
/etc/security/msec/perm.local           root.root       640
/etc/security/msec/level.local          root.root       640
/etc/freeradius-web                     root.apache     750
/etc/freeradius-web/admin.conf          root.apache     640

Subversion Repositories ALCASAR

(root)/alcasar.sh – Rev 2775 → 2776

Rev 2775		Rev 2776
Line 1...		Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar.sh 2775 2020-03-08 23:13:41Z rexy $`	2	`# $Id: alcasar.sh 2776 2020-03-10 23:06:07Z rexy $`
3		3
4	`# alcasar.sh`	4	`# alcasar.sh`
5	`# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)`	5	`# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)`
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7	`# team@alcasar.net`	7	`# team@alcasar.net`
Line 1330...		Line 1330...
1330	`touch $DIR_DG/lists/exceptionsitelist`	1330	`touch $DIR_DG/lists/exceptionsitelist`
1331	`touch $DIR_DG/lists/exceptionurllist`	1331	`touch $DIR_DG/lists/exceptionurllist`
1332	`# Add Bing to the safesearch url regext list (parental control)`	1332	`# Add Bing to the safesearch url regext list (parental control)`
1333	`[ -e $DIR_DG/lists/urlregexplist.default ] \|\| cp $DIR_DG/lists/urlregexplist $DIR_DG/lists/urlregexplist.default`	1333	`[ -e $DIR_DG/lists/urlregexplist.default ] \|\| cp $DIR_DG/lists/urlregexplist $DIR_DG/lists/urlregexplist.default`
1334	`cat <<EOF >> $DIR_DG/lists/urlregexplist`	1334	`cat <<EOF >> $DIR_DG/lists/urlregexplist`
-		1335
1335	`# Bing - add 'adlt=strict'`	1336	`# Bing - add 'adlt=strict'`
1336	`#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]\?)(.)"->"\1\2&adlt=strict"`	1337	`#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]\?)(.)"->"\1\2&adlt=strict"`
1337	`EOF`	1338	`EOF`
1338	`# 'Safesearch' regex actualisation`	1339	`# 'Safesearch' regex actualisation`
1339	`$SED "s?images?search?g" $DIR_DG/lists/urlregexplist`	1340	`$SED "s?images?search?g" $DIR_DG/lists/urlregexplist`
Line 1373...		Line 1374...
1373	`$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches`	1374	`$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches`
1374	`$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously`	1375	`$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously`
1375	`$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files`	1376	`$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files`
1376	`$SED "s?^# SKIPMIME.?SKIPMIME image\/\ video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files`	1377	`$SED "s?^# SKIPMIME.?SKIPMIME image\/\ video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files`
1377	`$SED "s?^# SCANTEMPFILE.*?SCANTEMPFILE /var/tmp/havp/havp-XXXXXX?g" /etc/havp/havp.config # Use our special tmp FS (memfs)`	1378	`$SED "s?^# SCANTEMPFILE.*?SCANTEMPFILE /var/tmp/havp/havp-XXXXXX?g" /etc/havp/havp.config # Use our special tmp FS (memfs)`
-		1379	`$SED "s?^# TEMPDIR.*?TEMPDIR /var/tmp/havp?g" /etc/havp/havp.config # Use our special tmp FS (memfs)`
1378	`# skip checking of youtube flow (too heavy load / risk too low)`	1380	`# skip checking of youtube flow (too heavy load / risk too low)`
1379	`[ -e /etc/havp/whitelist.default ] \|\| cp /etc/havp/whitelist /etc/havp/whitelist.default`	1381	`[ -e /etc/havp/whitelist.default ] \|\| cp /etc/havp/whitelist /etc/havp/whitelist.default`
1380	`echo "# Whitelist youtube flow" >> /etc/havp/whitelist`	1382	`echo "# Whitelist youtube flow" >> /etc/havp/whitelist`
1381	`echo ".youtube.com/" >> /etc/havp/whitelist`	1383	`echo ".youtube.com/" >> /etc/havp/whitelist`
1382	`# adapt init script and systemd unit`	1384	`# adapt init script and systemd unit`
Line 1502...		Line 1504...
1502	`Description=Netflow Capture Daemon`	1504	`Description=Netflow Capture Daemon`
1503	`After=network-online.target iptables.service`	1505	`After=network-online.target iptables.service`
1504		1506
1505	`[Service]`	1507	`[Service]`
1506	`Type=exec`	1508	`Type=exec`
-		1509	`ExecStartPre=/bin/mkdir -p /run/nfcapd`
-		1510	`ExecStartPre=/bin/chown nfcapd:nfcapd /run/nfcapd`
1507	`PIDFile=/run/nfcapd/nfcapd.pid`	1511	`PIDFile=/run/nfcapd/nfcapd.pid`
1508	`ExecStart=/usr/bin/nfcapd -w -D -b 127.0.0.1 -p 2055 -u nfcapd -g nfcapd -B 200000 -t 300 -S 7 -z -P /run/nfcapd/nfcapd.pid -I alcasar_netflow -l /var/log/nfsen/profile-data/live/alcasar_netflow`	1512	`ExecStart=/usr/bin/nfcapd -w -D -b 127.0.0.1 -p 2055 -u nfcapd -g nfcapd -B 200000 -t 300 -S 7 -z -P /run/nfcapd/nfcapd.pid -I alcasar_netflow -l /var/log/nfsen/profile-data/live/alcasar_netflow`
1509	`ExecReload=/bin/kill -HUP $MAINPID`	1513	`ExecReload=/bin/kill -HUP $MAINPID`
1510		1514
1511	`[Install]`	1515	`[Install]`
Line 2027...		Line 2031...
2027	`[ -e /etc/security/msec/security.conf.default ] \|\| cp /etc/security/msec/security.conf /etc/security/msec/security.conf.default`	2031	`[ -e /etc/security/msec/security.conf.default ] \|\| cp /etc/security/msec/security.conf /etc/security/msec/security.conf.default`
2028	`echo "BASE_LEVEL=fileserver" > /etc/security/msec/security.conf`	2032	`echo "BASE_LEVEL=fileserver" > /etc/security/msec/security.conf`
2029		2033
2030	`# Set permissions monitoring and enforcement`	2034	`# Set permissions monitoring and enforcement`
2031	`cat <<EOF > /etc/security/msec/perm.local`	2035	`cat <<EOF > /etc/security/msec/perm.local`
2032	`/var/log/firefwall/ root.apache 750`	2036	`/var/log/firewall/ root.apache 750`
2033	`/var/log/firewall/* root.apache 640`	2037	`/var/log/firewall/* root.apache 640`
2034	`/etc/security/msec/perm.local root.root 640`	2038	`/etc/security/msec/perm.local root.root 640`
2035	`/etc/security/msec/level.local root.root 640`	2039	`/etc/security/msec/level.local root.root 640`
2036	`/etc/freeradius-web root.apache 750`	2040	`/etc/freeradius-web root.apache 750`
2037	`/etc/freeradius-web/admin.conf root.apache 640`	2041	`/etc/freeradius-web/admin.conf root.apache 640`