BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 2191

  → / @ 2192

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 2191 → Rev 2192

/CHANGELOG
17,6 → 17,7
- managing uamallowed domain is operational again
- Fix broken SQL library path in autoregistration.php.
- Fix loop redirection after connection in case of imputability logs warn.
- Fix test if installed on a VM (vmware or virtualbox)
SECU
- Fix vulnerabilities in the user part (1 SQL injection & 2 XSS).
- Remove ALCASAR version visible in the user part.

/alcasar.sh
196,12 → 196,12
then
echo "La mise à jour automatique d'ALCASAR ne peut pas être réalisée."
echo "1 - Effectuez une sauvegarde des fichiers de traçabilité et de la base des usagers via l'ACC"
echo "2 - Installez Linux-Mageia 5 et ALCASAR (cf. doc d'installation)"
echo "2 - Installez Linux-Mageia 5.1-64bits et ALCASAR (cf. doc d'installation)"
echo "3 - Importez votre base des usagers"
else
echo "The automatic update of ALCASAR can't be performed."
echo "1 - Save your traceability files and the user database"
echo "2 - Install Linux-Mageia 5 & ALCASAR (cf. installation doc)"
echo "2 - Install Linux-Mageia 5.1-64bits & ALCASAR (cf. installation doc)"
echo "3 - Import your users database"
fi
else
215,9 → 215,9
echo
if [ $Lang == "fr" ]
then
echo "Le système d'exploitation doit être remplacé (Mageia5)"
echo "Le système d'exploitation doit être remplacé (Mageia5.1-64bits)"
else
echo "The OS must be replaced (Mageia5)"
echo "The OS must be replaced (Mageia5.1-64bits)"
fi
exit 0
fi
1989,7 → 1989,7
# GRUB modifications (only one time)
# limit wait time to 3s
# create an alcasar entry instead of linux-nonfb
# change display to 1024*768 (vga791)
# change display to 1024*768 (vga791) only if not on VM
grub_already_modified=`grep ALCASAR /boot/grub/menu.lst|wc -l`
if [ $grub_already_modified == 0 ]
then
1998,7 → 1998,7
$SED "/^kernel/s/splash quiet //" /boot/grub/menu.lst
# is an virtual machine (proxmox, vmware, ) ?
vm_vga=`lsmod | egrep "virtio|vmwgfx" | wc -l`
if [ $vm_mga == 0 ]
if [ $vm_vga == 0 ]
then
$SED "/^kernel/s/$/ vga=791/" /boot/grub/menu.lst
fi

/scripts/alcasar-nf.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property

/scripts/alcasar-bl.sh
89,6 → 89,23
chmod 660 $WL_CATEGORIES
}
# cleaning file and split it ("domains" in $FILE_tmp & "IP" in $FILE_ip_tmp)
function clean_split (){
$SED '/^#.*/d' $FILE_tmp # remove commented lines
$SED '/^\s*$/d' $FILE_tmp # remove empty lines
$SED '/[äâëêïîöôüû@,]/d' $FILE_tmp # remove line with "chelou" characters
# extract ip addresses for iptables.
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $FILE_tmp > $FILE_ip_tmp
# extract domain names for dnsmasq.
$SED -n '/^\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/!p' $FILE_tmp
# Retrieve max Top Level Domain for domain name synthax
#MAX_TLD=$(curl http://data.iana.org/TLD/tlds-alpha-by-domain.txt | grep -v '-' | grep -v '#' | wc -L)
#if [ $(echo $MAX_TLD | wc -c) -eq 0 ];then
# MAX_TLD=18
#fi
# search for correction egrep "([a-zA-Z0-9_-.]+\.){1,2}[a-zA-Z]{2,$MAX_TLD}" $ossi_custom_dir/domains > $FILE_tmp
}
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload } | { -update_cat or --update_cat }"
nb_args=$#
args=$1
133,7 → 150,7
rm -rf $DIR_DG_BL $DIR_IP_BL
mkdir $DIR_DG_BL $DIR_IP_BL
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
chown -R root:apache $DIR_DG
chown -R dansguardian:apache $DIR_DG
chmod -R 770 $DIR_DG
# Add the two local categories (ossi-bl & ossi-wl) to the usage file
# Add the custom categories (ossi-tor_nodes) to the usage file
219,13 → 236,8
touch $PATH_FILE/urls
chown dansguardian:apache $PATH_FILE/urls
fi
$SED "/[äâëêïîöôüû@]/d" $FILE_tmp
$SED "/^#.*/d" $FILE_tmp
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors
# extract ip addresses for iptables
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp
# for dnsmask, remove IP addesses, accented characters and commented lines.
egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp
cp $PATH_FILE/domains $FILE_tmp
clean_split # clean ossi custom files & split them for dnsmasq and for iptables
if [ "$LIST" == "$BL_CATEGORIES" ]
then
# adapt to the dnsmasq syntax for the blacklist
246,7 → 258,7
rm -f $FILE_tmp $FILE_ip_tmp
rm -rf $DIR_tmp
;;
# update the categories which are written in "/usr/local/etc/update_cat.conf" with rsync
# Rsync the categories which are listed in "/usr/local/etc/update_cat.conf". Cron run this function every 12h
-update_cat | --update_cat)
if [ $(cat /usr/local/etc/update_cat.conf | wc -l) -ne 0 ]
then
259,14 → 271,8
rsync -rv $URL $(dirname $PATH_FILE ) #rsync inside of the blacklist directory
# Creation of DNSMASQ and Iptables BL and WL
DOMAIN=$(basename $PATH_FILE)
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correction 'coma' instead of 'dot'
$SED "/^$/d" $PATH_FILE/domains $PATH_FILE/urls # remove empty lines
# extract ip addresses for iptables
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp
# for dnsmask, remove IP addresses, accentuated characters and commented lines.
egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp
$SED "/[äâëêïîöôüû@]/d" $FILE_tmp
$SED "/^#.*/d" $FILE_tmp
cp $PATH_FILE/domains $FILE_tmp
clean_split # clean ossi custom files & split them for dnsmasq and for iptables
black=`grep black $PATH_FILE/usage |wc -l`
if [ $black == "1" ]
then
310,15 → 316,10
done
find $DIR_DG_BL/ -type f -name domains | grep ossi- > $FILE_tmp # retrieve ossi directories name where a domain file exist
$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix
#retrieve max Top Level Domain for domain name synthax
MAX_TLD=$(curl http://data.iana.org/TLD/tlds-alpha-by-domain.txt | grep -v '-' | grep -v '#' | wc -L)
if [ $(echo $MAX_TLD | wc -c) -eq 0 ];then
MAX_TLD=18
fi
for ossi_custom_dir in `cat $FILE_tmp` # create the blacklist and the whitelist files
do
chown -R root:apache $ossi_custom_dir
chmod 770 $ossi_custom_dir
ossi_categorie=`echo $ossi_custom_dir|cut -d "/" -f6`
short_categorie=`echo "$ossi_categorie" | cut -d"-" -f2`
if [ $short_categorie == "bl" ]
327,13 → 328,9
else
categorie_type="white"
fi
$SED "s/\.\{2,10\}/\./g" $ossi_custom_dir/domains $ossi_custom_dir/urls # correction 'coma' instead of 'dot'
$SED "/^$/d" $ossi_custom_dir/domains $ossi_custom_dir/urls # remove empty lines
$SED "s/\r//" $ossi_custom_dir/domains $ossi_custom_dir/urls # remove Windows <CR>
# extract ip addresses for iptables
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $ossi_custom_dir/domains > $FILE_ip_tmp
egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $ossi_custom_dir/domains > $FILE_tmp
# search for correction egrep "([a-zA-Z0-9_-.]+\.){1,2}[a-zA-Z]{2,$MAX_TLD}" $ossi_custom_dir/domains > $FILE_tmp
$SED "s/\r//" $ossi_custom_dir/domains $ossi_custom_dir/urls # remove Windows <CR> from custom file
cp $ossi_custom_dir/domains $FILE_tmp
clean_split # clean ossi custom files & split them for dnsmasq and for iptables
if [ $categorie_type == "white" ]
then
# adapt the file to the dnsmasq syntax and enable it if needed

/scripts/alcasar-uninstall.sh
243,9 → 243,7
[ -e /lib/systemd/system/alcasar-load_balancing.service ] && rm -f /lib/systemd/system/alcasar-load_balancing.service && echo -n "6"
sleep 1
#nettoyage (on retire les services supprimés ou remplacés dans la nouvelle version)
# nettoyage (on retire les services supprimés ou remplacés dans la nouvelle version)
echo -en "\n- cleaning() : "
for rm_fic in /usr/local/bin /usr/local/etc /usr/local/sbin
do

/scripts/alcasar-urpmi.sh
216,7 → 216,7
else
echo "Nettoyage du système : "
fi
for rm_rpm in shorewall mandi avahi mageia-gfxboot-theme privoxy cpupower squid gamin
for rm_rpm in shorewall mandi avahi mageia-gfxboot-theme privoxy cpupower squid gamin wkhtmltopdf
do
/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null
echo -n "."

/web/acc/admin/bl_filter.php
265,6 → 265,7
if($action == $l_remove) //delete
{
exec("/bin/sed -i \"/^$fichier$/d\" $bl_categories_enabled");
exec("/bin/sed -i \"/^$fichier$/d\" $bl_categories");
exec("rm -rf $dir_blacklist$fichier");
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload");
}
286,7 → 287,7
if(!empty($file_name))
{
$dest_dir = $dir_blacklist."ossi-bl-".$file_name; # /etc/dansguardian/list/blacklist/ossi-bl-XXXXXXXX
exec ("mkdir $dest_dir; chown dansguardian:apache $dest_dir");
exec ("mkdir $dest_dir");
$file=$_FILES['fichier_ip']['tmp_name'];
exec("/usr/bin/dos2unix $file $file");
if(move_uploaded_file($_FILES['fichier_ip']['tmp_name'], $dest_dir."/domains")) // copy in the file "domains" (containing @ip & domain names (like over Toulouse categories))