Rev 260 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | root | 1 | #/bin/sh |
| 63 | franck | 2 | # $Id: alcasar-bl.sh 308 2010-10-25 22:17:29Z richard $ |
| 3 | |||
| 308 | richard | 4 | # Script de gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via dansguardian) |
| 5 | # By 3abtux & rexy |
||
| 1 | root | 6 | |
| 308 | richard | 7 | DIR_tmp="/tmp/blacklists" |
| 8 | FILE_tmp="/tmp/fileFilter.txt" |
||
| 9 | BL_CATEGORIES=/usr/local/etc/alcasar-bl-categories |
||
| 1 | root | 10 | DIR_DANSGUARDIAN="/etc/dansguardian/lists/" |
| 308 | richard | 11 | DIR_DNS_FILTER_AVAILABLE="/usr/local/etc/alcasar-dnsfilter-available" |
| 12 | DIR_DNS_FILTER_ENABLE="/usr/local/etc/alcasar-dnsfilter-enabled" |
||
| 13 | IP_RETOUR="127.0.0.1" |
||
| 1 | root | 14 | BL_SERVER="cri.univ-tlse1.fr" |
| 15 | SED="/bin/sed -i" |
||
| 308 | richard | 16 | # Récupération de l'archive de la BL Toulouse |
| 1 | root | 17 | function transfert () { |
| 18 | mkdir -p $DIR_tmp |
||
| 19 | cd $DIR_tmp |
||
| 20 | wget http://$BL_SERVER/blacklists/download/blacklists.tar.gz |
||
| 21 | } |
||
| 22 | |||
| 308 | richard | 23 | # Décompression de la BL (en conservant la WL) |
| 1 | root | 24 | function install () { |
| 25 | [ -d $DIR_DANSGUARDIAN ] || mkdir -p $DIR_DANSGUARDIAN |
||
| 26 | [ -d $DIR_DANSGUARDIAN/blacklists/ossi ] && mv -f $DIR_DANSGUARDIAN/blacklists/ossi $DIR_tmp |
||
| 308 | richard | 27 | tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DANSGUARDIAN |
| 1 | root | 28 | [ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DANSGUARDIAN/blacklists/ |
| 29 | cd /root |
||
| 30 | rm -rf $DIR_tmp |
||
| 31 | } |
||
| 32 | |||
| 308 | richard | 33 | # Adaptation de la BL Toulouse à la structure Dnsmasq |
| 34 | function adapt () { |
||
| 35 | # On récupère le nom des répertoire (catégories) |
||
| 36 | find $DIR_DANSGUARDIAN -type f -name domains > $FILE_tmp |
||
| 37 | # On supprime le suffice "/domains" |
||
| 38 | $SED "s?\/domains??g" $FILE_tmp |
||
| 39 | rm -f $DIR_DNS_FILTER_AVAILABLE/* |
||
| 40 | echo -n "Adaptation de la BL Toulouse. Veuillez patienter : " |
||
| 41 | # On copie les fichiers de domaine pour chaque catégorie |
||
| 42 | for PATH_FILE in `cat $FILE_tmp` |
||
| 43 | do |
||
| 44 | DOMAINE=`basename $PATH_FILE` |
||
| 45 | echo -n "." |
||
| 46 | # suppression des @IP, des lignes commentées et des caractères bizarres comme les ô et û ö ü |
||
| 47 | # cela supprime quelques domaines ... qui restent filtrés par dansguardian |
||
| 48 | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > /tmp/dnsmasq-bl.tmp |
||
| 49 | $SED "/[äâëêïîöôüû]/d" /tmp/dnsmasq-bl.tmp |
||
| 50 | $SED "/^#.*/d" /tmp/dnsmasq-bl.tmp |
||
| 51 | # Mise en forme dnsmasq |
||
| 52 | $SED "s?.*?address=/&/$IP_RETOUR?g" /tmp/dnsmasq-bl.tmp |
||
| 53 | mv /tmp/dnsmasq-bl.tmp $DIR_DNS_FILTER_AVAILABLE/$DOMAINE.conf |
||
| 54 | done |
||
| 55 | rm -f $FILE_tmp |
||
| 56 | echo |
||
| 57 | } |
||
| 58 | |||
| 59 | # Permet d'activer/désactiver les catégories de la BL |
||
| 60 | function cat_choice (){ |
||
| 61 | rm -rf $DIR_DNS_FILTER_ENABLE |
||
| 62 | for i in `cat $BL_CATEGORIES` |
||
| 63 | do |
||
| 64 | echo $i |
||
| 65 | done |
||
| 66 | } |
||
| 1 | root | 67 | usage="Usage: alcasar-bl.sh -on | -off | -download| -reload" |
| 68 | nb_args=$# |
||
| 69 | args=$1 |
||
| 70 | if [ $nb_args -eq 0 ] |
||
| 71 | then |
||
| 72 | nb_args=1 |
||
| 73 | args="-h" |
||
| 74 | fi |
||
| 75 | case $args in |
||
| 76 | -\? | -h* | --h*) |
||
| 77 | echo "$usage" |
||
| 78 | exit 0 |
||
| 79 | ;; |
||
| 308 | richard | 80 | # activation du filtrage |
| 1 | root | 81 | -on) |
| 82 | $SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf |
||
| 308 | richard | 83 | cat_choice |
| 1 | root | 84 | service dansguardian reload |
| 260 | richard | 85 | service dnsmasq restart |
| 1 | root | 86 | ;; |
| 308 | richard | 87 | # désactivation du filtrage |
| 1 | root | 88 | -off) |
| 89 | $SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf |
||
| 308 | richard | 90 | rm -rf $DIR_DNS_FILTER_ENABLE |
| 1 | root | 91 | service dansguardian reload |
| 260 | richard | 92 | service dnsmasq restart |
| 1 | root | 93 | ;; |
| 308 | richard | 94 | # Mise a jour de la blacklist 'Toulouse' et adaptation à dansguardian et dnsmasq |
| 1 | root | 95 | -download) |
| 96 | rm -rf /tmp/con_ok.html |
||
| 97 | `/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html` |
||
| 98 | if [ ! -e /tmp/con_ok.html ] |
||
| 99 | then |
||
| 100 | echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable" |
||
| 101 | else |
||
| 102 | transfert |
||
| 103 | install |
||
| 104 | chown -R dansguardian:apache $DIR_DANSGUARDIAN |
||
| 105 | chmod -R g+w $DIR_DANSGUARDIAN |
||
| 106 | DATE=`date '+%d %B %Y - %Hh%M'` |
||
| 34 | richard | 107 | echo "Univ-tlse du $DATE " > /var/www/html/VERSION-BL |
| 1 | root | 108 | rm -rf /tmp/con_ok.html |
| 109 | fi |
||
| 308 | richard | 110 | adapt |
| 1 | root | 111 | ;; |
| 308 | richard | 112 | # regénération suite à modification de la BL OSSI/RSSI |
| 1 | root | 113 | -reload) |
| 308 | richard | 114 | # pour Dansguardian |
| 1 | root | 115 | chown -R dansguardian:apache $DIR_DANSGUARDIAN/blacklists/ossi |
| 116 | chmod -R g+w $DIR_DANSGUARDIAN/blacklists/ossi |
||
| 117 | service dansguardian reload |
||
| 308 | richard | 118 | # pour dnsmasq |
| 119 | cp $DIR_DANSGUARDIAN/blacklists/ossi/domains $DIR_DNS_FILTER_AVAILABLE/ossi.conf |
||
| 120 | $SED "s?.*?address=/&/$IP_RETOUR?g" $DIR_DNS_FILTER_AVAILABLE/ossi.conf |
||
| 121 | service dnsmasq reload |
||
| 122 | ;; |
||
| 1 | root | 123 | *) |
| 124 | echo "Argument inconnu :$1"; |
||
| 125 | echo "$usage" |
||
| 126 | exit 1 |
||
| 127 | ;; |
||
| 128 | esac |
||
| 129 |