Subversion Repositories ALCASAR

Rev

Rev 2861 | Rev 2864 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2861 Rev 2863
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 2861 2020-10-04 20:41:06Z rexy $
2
#  $Id: alcasar.sh 2863 2020-10-05 15:51:53Z rexy $
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
#  team@alcasar.net
7
#  team@alcasar.net
Line 1360... Line 1360...
1360
# Clamd adaptation to e2guardian
1360
# Clamd adaptation to e2guardian
1361
[ -e /lib/systemd/system/clamav-daemon.service.default ] || cp /lib/systemd/system/clamav-daemon.service /lib/systemd/system/clamav-daemon.service.default
1361
[ -e /lib/systemd/system/clamav-daemon.service.default ] || cp /lib/systemd/system/clamav-daemon.service /lib/systemd/system/clamav-daemon.service.default
1362
	$SED "/^[Service]/a ExecStartPre=\/bin\/chown e2guardian:e2guardian \/run\/clamav" /lib/systemd/system/clamav-daemon.service
1362
	$SED "/^[Service]/a ExecStartPre=\/bin\/chown e2guardian:e2guardian \/run\/clamav" /lib/systemd/system/clamav-daemon.service
1363
	$SED "/^[Service]/a ExecStartPre=\/bin\/mkdir -p \/run\/clamav" /lib/systemd/system/clamav-daemon.service
1363
	$SED "/^[Service]/a ExecStartPre=\/bin\/mkdir -p \/run\/clamav" /lib/systemd/system/clamav-daemon.service
1364
[ -e /etc/clamd.conf.default ] || cp /etc/clamd.conf /etc/clamd.conf.default
1364
[ -e /etc/clamd.conf.default ] || cp /etc/clamd.conf /etc/clamd.conf.default
1365
	$SED "s?^User.*?User e2guardian?g" /etc/clamd.conf
-
 
1366
	$SED "s?^MaxThreads.*?MaxThreads 32?g" /etc/clamd.conf
1365
	$SED "s?^MaxThreads.*?MaxThreads 32?g" /etc/clamd.conf
1367
	$SED "s?^#LogTime.*?LogTime yes?g" /etc/clamd.conf # enable logtime for each message
1366
	$SED "s?^#LogTime.*?LogTime yes?g" /etc/clamd.conf # enable logtime for each message
1368
	$SED "s?^LogVerbose.*?LogVerbose no?g" /etc/clamd.conf
1367
	$SED "s?^LogVerbose.*?LogVerbose no?g" /etc/clamd.conf
1369
	$SED "s?^#LogRotate.*?LogRotate yes?g" /etc/clamd.conf
1368
	$SED "s?^#LogRotate.*?LogRotate yes?g" /etc/clamd.conf
1370
	chown -R e2guardian:e2guardian /var/log/clamav /var/lib/clamav
1369
	chown -R clamav:clamav /var/log/clamav /var/lib/clamav
1371
	chmod 775 /var/log/clamav /var/lib/clamav
1370
	chmod 775 /var/log/clamav /var/lib/clamav
1372
	chmod 664 /var/log/clamav/*
1371
	chmod 664 /var/log/clamav/*
1373
# update virus database every 4 hours (24h/6)
1372
# update virus database every 4 hours (24h/6)
1374
	[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
1373
	[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
1375
	$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
1374
	$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
1376
	$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
1375
	$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
1377
	$SED "/^DatabaseMirror/a DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
1376
	$SED "/^DatabaseMirror/a DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
1378
	$SED "s?^MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
1377
	$SED "s?^MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
1379
	$SED "s?^DatabaseOwner.*?DatabaseOwner e2guardian?g" /etc/freshclam.conf
-
 
1380
# update now
1378
# update now
1381
	/usr/bin/freshclam --no-warnings --quiet
1379
	/usr/bin/freshclam --no-warnings --quiet
1382
} # End of antivirus()
1380
} # End of antivirus()
1383
 
1381
 
1384
##############################################################
1382
##############################################################
Line 1938... Line 1936...
1938
} # End of gammu_smsd()
1936
} # End of gammu_smsd()
1939
 
1937
 
1940
############################################################
1938
############################################################
1941
##                 Fonction "msec"                        ##
1939
##                 Fonction "msec"                        ##
1942
## - Apply the "fileserver" security level                ##
1940
## - Apply the "fileserver" security level                ##
1943
## - remove the "system request" for rebboting            ##
1941
## - remove the "system request" for rebooting            ##
1944
## - Fix several file permissions                         ##
1942
## - Fix several file permissions                         ##
1945
############################################################
1943
############################################################
1946
msec()
1944
msec()
1947
{
1945
{
1948
 
1946
 
Line 1960... Line 1958...
1960
/etc/freeradius-web/admin.conf          root.apache     640
1958
/etc/freeradius-web/admin.conf          root.apache     640
1961
/etc/raddb/client.conf                  radius.radius   640
1959
/etc/raddb/client.conf                  radius.radius   640
1962
/etc/raddb/radius.conf                  radius.radius   640
1960
/etc/raddb/radius.conf                  radius.radius   640
1963
/etc/raddb/mods-available/ldap          radius.apache   660
1961
/etc/raddb/mods-available/ldap          radius.apache   660
1964
/etc/raddb/sites-available/alcasar      radius.apache   660
1962
/etc/raddb/sites-available/alcasar      radius.apache   660
1965
/etc/pki/CA/                            root.apache     750
1963
/etc/pki/CA/                            root.apache     750 force
1966
/etc/pki/CA/*                           root.apache     640
1964
/etc/pki/CA/*                           root.apache     640 force 
1967
/etc/pki/CA/private/                    root.root       700
1965
/etc/pki/CA/private/                    root.root       700 force
1968
/etc/pki/CA/private/*                   root.root       600
1966
/etc/pki/CA/private/*                   root.root       600 force
1969
/etc/pki/tls/private/                   root.apache     750
1967
/etc/pki/tls/private/                   root.apache     750 force
1970
/etc/pki/tls/private/*                  root.apache     640
1968
/etc/pki/tls/private/*                  root.apache     640 force
-
 
1969
/var/log/clamav/                        clamav.clamav   755 force
-
 
1970
/var/log/clamav/*                       clamav.clamav   764 force
-
 
1971
/var/lib/clamav/                        clamav.clamav   755 force
1971
EOF
1972
EOF
1972
# apply now hourly & daily checks
1973
# apply now hourly & daily checks
1973
/usr/sbin/msec
1974
/usr/sbin/msec
1974
/etc/cron.weekly/msec
1975
/etc/cron.weekly/msec
1975
 
1976