Rev 672 | Go to most recent revision | Blame | Last modification | View Log
#/bin/bash
# $Id: alcasar-bl.sh 685 2011-07-26 21:42:41Z richard $
# alcasar-bl.sh
# by Franck BOUIJOUX and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian)
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian)
CONF_FILE="/usr/local/etc/alcasar.conf"
DIR_tmp="/tmp/blacklists"
FILE_tmp="/tmp/fileFilter.txt"
DIR_DG="/etc/dansguardian/lists"
DIR_DG_BL="$DIR_DG/blacklists"
BL_CATEGORIES="/usr/local/etc/alcasar-bl-categories"
BL_CATEGORIES_ENABLED="/usr/local/etc/alcasar-bl-categories-enabled"
DIR_DNS_FILTER_AVAILABLE="/usr/local/etc/alcasar-dnsfilter-available"
DIR_DNS_FILTER_ENABLED="/usr/local/etc/alcasar-dnsfilter-enabled"
IP_RETOUR="20.0.0.1"
BL_SERVER="cri.univ-tlse1.fr"
SED="/bin/sed -i"
# Récupération de l'archive de la BL Toulouse
function transfert () {
mkdir -p $DIR_tmp
cd $DIR_tmp
wget http://$BL_SERVER/blacklists/download/blacklists.tar.gz
}
# Décompression de la BL (en conservant la WL)
function install () {
[ -d $DIR_DG ] || mkdir -p $DIR_DG
[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp
[ -d $DIR_DG_BL/ip ] && mv -f $DIR_DG_BL/ip $DIR_tmp
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/
[ -d $DIR_tmp/ip ] && mv -f $DIR_tmp/ip $DIR_DG_BL/
cd /root
rm -rf $DIR_tmp
}
# Adaptation de la BL Toulouse à la structure Dnsmasq
function adapt () {
# On récupère le nom des répertoire (catégories)
find $DIR_DG_BL/ -type f -name domains > $BL_CATEGORIES
# On supprime le suffice "/domains"
$SED "s?\/domains??g" $BL_CATEGORIES
rm -f $DIR_DNS_FILTER_AVAILABLE/*
echo -n "Toulouse BlackList migration process. Please wait : "
# pour chaque catégorie
for PATH_FILE in `cat $BL_CATEGORIES`
do
echo -n "."
# on crée le fichier 'urls' s'il n'existe pas
if [ ! -f $PATH_FILE/urls ]
then
touch $PATH_FILE/urls
chown dansguardian:apache $PATH_FILE/urls
fi
# suppression des @IP, des lignes commentées et des caractères bizarres comme les ô et û ö ü
egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > /tmp/dnsmasq-bl.tmp
$SED "/[äâëêïîöôüû]/d" /tmp/dnsmasq-bl.tmp
$SED "/^#.*/d" /tmp/dnsmasq-bl.tmp
# Mise en forme dnsmasq
$SED "s?.*?address=/&/$IP_RETOUR?g" /tmp/dnsmasq-bl.tmp
DOMAINE=`basename $PATH_FILE`
mv /tmp/dnsmasq-bl.tmp $DIR_DNS_FILTER_AVAILABLE/$DOMAINE.conf
done
echo
}
# Permet d'activer/désactiver les catégories de la BL
function cat_choice (){
# un peu de ménage
rm -rf $DIR_DNS_FILTER_ENABLED/*
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist
# on adapte le fichier $BL_CATEGORIES au choix de catégorie
$SED "s?^[^#]?#&?g" $BL_CATEGORIES # on commente ce qui ne l'est pas
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` # on affecte les catégories à dansguardian et dnsmasq
do
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
ln -s $DIR_DNS_FILTER_AVAILABLE/$ENABLE_CATEGORIE.conf $DIR_DNS_FILTER_ENABLED/$ENABLE_CATEGORIE
# echo ".Include<$DIR_DANSGUARDIAN/blacklists/$ENABLE_CATEGORIES/domains>" >> $DIR_DANSGUARDIAN/bannedsitelist # dansguardian ne s'occupe plus des noms de domaine
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist
done
sort -k2n $BL_CATEGORIES > $FILE_tmp
mv $FILE_tmp $BL_CATEGORIES
}
function bl_enable (){
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # Enable 'safesearch'
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage
then
service dansguardian restart
service dnsmasq restart
/usr/local/bin/alcasar-iptables.sh
fi
}
function bl_disable (){
rm -rf $DIR_DNS_FILTER_ENABLED/*
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist # Disable 'safesearch'
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage
then
service dansguardian restart
service dnsmasq restart
/usr/local/bin/alcasar-iptables.sh
fi
}
usage="Usage: alcasar-bl.sh {-on or --on} | { -off or --off } | { -download or --download } | { -reload or --reload }"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off)
DNS_FILTERING=${DNS_FILTERING:=off}
echo "Set BlackList Filtering to $DNS_FILTERING"
if [ $DNS_FILTERING = on ]; then
cat_choice
bl_enable
else
bl_disable
fi
exit 0
fi
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
# activation du filtrage
-on | --on)
cat_choice
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=on?g" $CONF_FILE
bl_enable
;;
# désactivation du filtrage
-off | --off)
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE
bl_disable
;;
# Mise a jour de la blacklist 'Toulouse' et adaptation à dansguardian et dnsmasq
-download | --download)
rm -rf /tmp/con_ok.html
`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`
if [ ! -e /tmp/con_ok.html ]
then
echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable"
else
transfert
install
chown -R dansguardian:apache $DIR_DG
chmod -R g+w $DIR_DG
rm -rf /tmp/con_ok.html
fi
DATE=`date '+%d %B %Y - %Hh%M'`
echo "Univ-tlse du $DATE " > /var/www/html/VERSION-BL
;;
# Adaptation de la BL à notre structure 'dnsmasq + DG)
-adapt | --adapt)
adapt
cat_choice
;;
# regénération suite à modification (choix catégories ou BL secondaire)
-reload | --reload)
adapt
# pour Dansguardian
chown -R dansguardian:apache $DIR_DG_BL/ossi
chmod -R g+w $DIR_DG_BL/ossi
cat_choice
# pour dnsmasq (noms de domaine réhabilités)
if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ]
then
for i in `cat $DIR_DG/exceptionsitelist`
do
$SED "/$i/d" $DIR_DNS_FILTER_AVAILABLE/*
done
fi
cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_FILTER_AVAILABLE/ossi.conf
$SED "s?.*?address=/&/$IP_RETOUR?g" $DIR_DNS_FILTER_AVAILABLE/ossi.conf
IP_PURE=`grep '^ip' $BL_CATEGORIES_ENABLED|wc -l`
if [ $IP_PURE -eq "1" ]; then # filtrage des url sans nom de domaine
$SED "s/^\#\*ip$/*ip/g" $DIR_DG/bannedsitelist
else
$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist
fi
DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off)
DNS_FILTERING=${DNS_FILTERING:=off}
if [ $DNS_FILTERING = on ]; then
bl_enable
else
bl_disable
fi
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
exit 1
;;
esac