WebSVN – ALCASAR – Diff – /scripts/alcasar-bl.sh

 #/bin/bash
-# $Id: alcasar-bl.sh 958 2012-07-19 09:01:30Z franck $
+# $Id: alcasar-bl.sh 1015 2013-01-27 22:43:29Z richard $
 # alcasar-bl.sh
 # by Franck BOUIJOUX and Richard REY
 # This script is distributed under the Gnu General Public License (GPL)
 CONF_FILE="$DIR_CONF/alcasar.conf"
 private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
 private_ip_mask=${private_ip_mask:=192.168.182.1/24}
 PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1`			# ALCASAR LAN IP address
 DIR_tmp="/tmp/blacklists"
-FILE_tmp="/tmp/fileFilter.txt"
+FILE_tmp="/tmp/filesfilter.txt"
+FILE_ip_tmp="/tmp/filesipfilter.txt"
 DIR_DG="/etc/dansguardian/lists"
 DIR_DG_BL="$DIR_DG/blacklists"
-BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories"
+BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories"				# list of names of the 	BL categories
-WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories"
+WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories"				#'	'		WL	'
-BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled"
+BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled"		#	'	'	BL enabled categories
-DIR_DNS_FILTER_AVAILABLE="$DIR_CONF/alcasar-dnsfilter-available"
+WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled"		#	'	'	WL enabled categories
+DIR_SHARE="/usr/local/share"
+DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl"					# all the BL in the DNSMASQ format
+DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl"					# all the WL	'	'	'
+DIR_IP_BL="$DIR_SHARE/iptables-bl"					# all the IP addresses of the BL
+DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled"			# symbolic link to the dnsmasq	BL (only enabled categories)
-DIR_DNS_FILTER_ENABLED="$DIR_CONF/alcasar-dnsfilter-enabled"
+DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled"			#	'	'	'	WL	'	'	'
+DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled"			#	'	'	ip BL (only enabled categories)
 BL_SERVER="dsi.ut-capitole.fr"
 SED="/bin/sed -i"
-# Permet d'activer/désactiver les catégories de la BL
+# enable/disable the BL categories
 function cat_choice (){
-	# un peu de ménage
-	rm -rf $DIR_DNS_FILTER_ENABLED/*
+	rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED # cleaning for dnsmasq and iptables
-	$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist
+	$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG
-	# on adapte le fichier $BL_CATEGORIES au choix de catégorie
+	$SED "s?^[^#]?#&?g" $BL_CATEGORIES # cleaning categories file (comment all lines)
+	mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED
-	$SED "s?^[^#]?#&?g" $BL_CATEGORIES # on commente ce qui ne l'est pas
+	# process the file $BL_CATEGORIES with the choice of categories
-	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` # on affecte les catégories à dansguardian et dnsmasq
+	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
 	do
 		$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES
 		$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
-		ln -s $DIR_DNS_FILTER_AVAILABLE/$ENABLE_CATEGORIE.conf $DIR_DNS_FILTER_ENABLED/$ENABLE_CATEGORIE
+		ln -s $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE
+		ln -s $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE
-		echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist  # dansguardian s'occupe du contournement par proxy http ;-)
+		echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist  # we let DG filters domain in order to prevent bypass by proxy http vpn ;-)
 		echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist
 	done
 	sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp
 	mv $FILE_tmp $BL_CATEGORIES
+}
 		service dnsmasq restart
 		/usr/local/bin/alcasar-iptables.sh
 	fi
+}
 function bl_disable (){
-	rm -rf $DIR_DNS_FILTER_ENABLED/*
+	rm -rf $DIR_DNS_BL_ENABLED/*
 	$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf
 	if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage
 	then
 		service dansguardian restart
 		service dnsmasq restart
 case $args in
 	-\? | -h* | --h*)
 		echo "$usage"
 		exit 0
 		;;
-	# activation du filtrage
+	# enable the filtering
 	-on | --on)
 		cat_choice
 		$SED "s?^DNS_FILTERING.*?DNS_FILTERING=on?g" $CONF_FILE
 		bl_enable
 		;;
-	# désactivation du filtrage
+	# disable the filtering
 	-off | --off)
 		$SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE
 		bl_disable
 		;;
-	# Récupération de l'archive de la BL Toulouse
+	# Retrieve Toulouse BL
 	-download | --download)
 		rm -rf /tmp/con_ok.html
 		`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`
 		if [ ! -e /tmp/con_ok.html ]
 		then
 			wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz
 			md5sum $DIR_tmp/blacklists.tar.gz | cut -d" " -f1 > $DIR_tmp/md5sum
 			chown -R apache:apache $DIR_tmp
 		fi
 		;;
-	# Adaptation de la BL de Toulouse à notre structure (dnsmasq + DG)
+	# Adapt Toulouse BL to our structure (dnsmasq + DG)
 	-adapt | --adapt)
+		echo -n "Toulouse BlackList migration process. Please wait : "
 		if [ -f $DIR_tmp/blacklists.tar.gz ]
 		then
 			[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp
 			rm -rf $DIR_DG_BL
 			mkdir $DIR_DG_BL
 			[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/
 			rm -rf $DIR_tmp
 			chown -R dansguardian:apache $DIR_DG
 			chmod -R g+w $DIR_DG
 		fi
-		rm -f $BL_CATEGORIES $WL_CATEGORIES $DIR_DNS_FILTER_AVAILABLE/*
+		rm -f $BL_CATEGORIES $WL_CATEGORIES
+		rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL
 		touch $BL_CATEGORIES $WL_CATEGORIES
+		mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL
-		find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # On récupère le nom des répertoire (catégories)
+		find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist
-		$SED "s?\/domains??g" $FILE_tmp # On supprime le suffixe "/domains"
+		$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix
-		for categorie in `cat $FILE_tmp` # creation des deux fichiers de categories (BL / WL)
+		for dir_categorie in `cat $FILE_tmp` # create the blackist and the whitelist files
 		do
-			if [ -e $categorie/usage ]
-			then
-				is_whitelist=`grep white $categorie/usage|wc -l`
+			categorie=`echo $dir_categorie|cut -d "/" -f6`
-			else
-				is_whitelist=0 # si le fichier 'usage' n'existe pas, on considère que la catégorie est une BL
+			categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie $DIR_DG_BL/global_usage | grep ^DEFAULT_TYPE | cut -d":" -f2 | tr -d " \t"`
-			fi
-			if [ $is_whitelist -eq "0" ]
+			if [ "$categorie_type" == "white" ]
 			then
-				echo "$categorie" >> $BL_CATEGORIES
+				echo "$dir_categorie" >> $WL_CATEGORIES
+				echo "$dir_categorie" >> $WL_CATEGORIES_ENABLED  # by default all WL are enabled
 			else
-				echo "$categorie" >> $WL_CATEGORIES
+				echo "$dir_categorie" >> $BL_CATEGORIES
 			fi
 		done
 		rm -f $FILE_tmp
-		echo -n "Toulouse BlackList migration process. Please wait : "
+		# Creation of DNSMASQ BL and WL
-		for PATH_FILE in `cat $BL_CATEGORIES`  # pour chaque catégorie
+		for LIST in $BL_CATEGORIES $WL_CATEGORIES	# for each list (bl and wl)
 		do
+			for PATH_FILE in `cat $LIST` # for each category
+			do
+				DOMAINE=`basename $PATH_FILE`
-			echo -n "."
+				echo -n "$DOMAINE, "
-		  	if [ ! -f $PATH_FILE/urls ] # on crée le fichier 'urls' s'il n'existe pas
+		  		if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist
-			then
+				then
-				touch $PATH_FILE/urls
+					touch $PATH_FILE/urls
-				chown dansguardian:apache $PATH_FILE/urls
+					chown dansguardian:apache $PATH_FILE/urls
-			fi
+				fi
+				$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors
+				# retrieve the ip addresses for iptables
+				egrep  "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > $FILE_ip_tmp
-			# suppression des @IP, de caractères acccentués et des lignes commentées
+				# for dnsmask, remove IP addesses, accented characters and commented lines.
-			egrep  -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > $FILE_tmp
+				egrep  -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > $FILE_tmp
-			$SED "/[äâëêïîöôüû]/d" $FILE_tmp
+				$SED "/[äâëêïîöôüû]/d" $FILE_tmp
-			$SED "/^#.*/d" $FILE_tmp
+				$SED "/^#.*/d" $FILE_tmp
+				# adapt to the dnsmasq syntax
-			$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp  # Mise en forme dnsmasq
+				$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
-			DOMAINE=`basename $PATH_FILE`
+				if [ "$LIST" == "$BL_CATEGORIES" ]
+				then
-			mv $FILE_tmp $DIR_DNS_FILTER_AVAILABLE/$DOMAINE.conf
+					mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf
+					mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE
+				else
+					mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf
+				fi
+			done
 		done
+		rm -f $FILE_tmp $FILE_ip_tmp
 		echo
 		;;
-	# regénération suite à modification du choix des catégories
+	# reload when categories are changed
 	-reload | --reload)
-		# pour Dansguardian
+		# for DG
 		chown -R dansguardian:apache $DIR_DG_BL/ossi
 		chmod -R g+w $DIR_DG_BL/ossi
 		cat_choice
-		# pour dnsmasq (noms de domaine réhabilités)
+		#  for dnsmasq (noms de domaine réhabilités)
 		if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ]
 		then
 			for i in `cat $DIR_DG/exceptionsitelist`
 			do
-				$SED "/$i/d" $DIR_DNS_FILTER_AVAILABLE/*
+				$SED "/$i/d" $DIR_DNS_BL/*
 			done
 		fi
-		cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_FILTER_AVAILABLE/ossi.conf
+		cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_BL/ossi.conf
-		$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_FILTER_AVAILABLE/ossi.conf
+		$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_BL/ossi.conf
 		DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2`		# DNS and URLs filter (on/off)
 		DNS_FILTERING=${DNS_FILTERING:=off}
 		if [ $DNS_FILTERING = on ]; then
 			bl_enable
 		else

Subversion Repositories ALCASAR

(root)/scripts/alcasar-bl.sh @ 2678 – Rev 958 → 1015