38,6 → 38,7 |
# chilli : coovachilli initialisation (+authentication page) |
# dansguardian : DansGuardian filtering HTTP proxy configuration |
# antivirus : HAVP + libclamav configuration |
# tinyproxy : little proxy for user filtered with "WL + antivirus" and "antivirus" |
# ulogd : log system in userland (match NFLOG target of iptables) |
# nfsen : : Configuration du grapheur nfsen pour apache |
# dnsmasq : Name server configuration |
1223,15 → 1224,13 |
groupadd -f havp |
useradd -r -g havp -s /bin/false -c "system user for havp" havp |
mkdir -p /var/tmp/havp /var/log/havp /var/run/havp |
mkdir -p /var/tmp/havp2 /var/log/havp2 /var/run/havp2 |
chown -R havp:havp /var/tmp/havp /var/log/havp /var/run/havp |
chown -R havp:havp /var/tmp/havp2 /var/log/havp2 /var/run/havp2 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config |
$SED "s?^# PIDFILE.*?PIDFILE /var/run/havp/havp.pid?g" /etc/havp/havp.config # pidfile |
$SED "s?^# TRANSPARENT.*?TRANSPARENT false?g" /etc/havp/havp.config # transparent mode |
$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090 (on loopback) |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on port 8090 (on loopback) |
$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config # Log format |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches |
1238,11 → 1237,6 |
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously |
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files |
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files |
cp /etc/havp/havp.config /etc/havp/havp2.config |
$SED "s?^PIDFILE.*?PIDFILE /var/run/havp/havp2.pid?g" /etc/havp/havp2.config # pidfile |
$SED "s?^TRANSPARENT.*?TRANSPARENT true?g" /etc/havp/havp2.config # transparent mode |
$SED "s?^BIND_ADDRESS.*?BIND_ADDRESS $PRIVATE_IP?g" /etc/havp/havp2.config # we listen only on tun0 |
$SED "s?^PORT.*?PORT 8090?g" /etc/havp/havp2.config # datas come on 8091 |
# skip checking of youtube flow (too heavy load / risk too low) |
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default |
echo "# Whitelist youtube flow" >> /etc/havp/whitelist |
1250,19 → 1244,6 |
# replacement of init script |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default |
cp -f $DIR_CONF/havp-init /etc/init.d/havp |
cp /etc/init.d/havp /etc/init.d/havp2 |
$SED "s?^# description.*?# description: starts HAVP2 the High Availability Antivirus Proxy?g" /etc/init.d/havp2 # description |
$SED "s?^HAVP_CONFIG.*?HAVP_CONFIG=/etc/havp/havp2.config?g" /etc/init.d/havp2 # config file |
$SED "s?^PIDFILE.*?PIDFILE=/var/run/havp2/havp.pid?g" /etc/init.d/havp2 # pidfile |
$SED "s?^NAME.*?NAME=havp2?g" /etc/init.d/havp2 # name |
$SED "s?^DESC.*?DESC=havp2?g" /etc/init.d/havp2 # desc |
$SED "s?^havp_mountpoint.*?havp_mountpoint=/var/tmp/havp2?g" /etc/init.d/havp2 # mountpoint |
$SED "s?echo \"Reloading HAVP ...\".*?echo \"Reloading HAVP2 ...\"?g" /etc/init.d/havp2 # reloading havp |
$SED "s?echo \"Error: HAVP not running\".*?echo \"Error : HAVP2 not running\"?g" /etc/init.d/havp2 # error havp |
$SED "s?echo \"Error: HAVP not running or PIDFILE not readable\".*?echo \"Error : HAVP2 not running or PIDFILE not readable\"?g" /etc/init.d/havp2 # error havp |
$SED "s?echo \"Error: HAVP not running or PIDFILE unreadable\".*?echo \"Error : HAVP2 not running or PIDFILE unreadable\"?g" /etc/init.d/havp2 # error havp |
$SED "s?echo \"Shutting down HAVP ...\".*?echo \"Shutting down HAVP2 ...\"?g" /etc/init.d/havp2 # shutting down havp |
$SED "s?status havp.*?status havp2?g" /etc/init.d/havp2 # status havp |
# replace of the intercept page (template) |
cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html |
cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html |
1277,6 → 1258,14 |
/usr/bin/freshclam --no-warnings |
} # End of antivirus () |
|
################################################################## |
## Fonction "antivirus" ## |
## - configuration of havp, libclamav and freshclam ## |
################################################################## |
tinyproxy () |
{ |
|
} # end of tinyproxy |
################################################################################## |
## function "ulogd" ## |
## - Ulog config for multi-log files ## |