/CHANGELOG |
---|
7,6 → 7,7 |
- Mageia 8 |
CHANGES |
- Add SHA256 in PAP protocol (coovachilli). Thanks to Paul BAESKENS (aka StaringCat) |
- Remove "dnsmasq" resolver used with whitelist filtering system (we now use ipset capabilities of "unbound") |
ACC |
BUGS |
- Replace deprecated php functions (php7 --> php8) |
/alcasar.sh |
---|
2,7 → 2,7 |
# $Id$ |
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy) |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, lighttpd, php, netfilter, e2guardian, ntpd, openssl, dnsmasq, unbound, gammu, clamav, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, lighttpd, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, clamav, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump |
# contact : info@alcasar.net |
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal) |
27,7 → 27,6 |
# ulogd : Log system in userland (match NFLOG target of iptables) |
# nfsen : Configuration of Netflow grapher (nfsen) & netflow collector (nfcapd) |
# unbound : Name server configuration |
# dnsmasq : Name server configuration (for whitelist ipset support) |
# vnstat : Little network stat daemon |
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for unbound, for e2guardian and for Netfilter) |
# cron : Logs export + watchdog + connexion statistics |
1497,40 → 1496,6 |
$SED "s?^ReadWritePaths=.*?ReadWritePaths=/var/log?g" /etc/systemd/system/vnstat.service |
} # End of vnstat() |
################################################################### |
## "dnsmasq" ## |
## - creation of the conf files of dnsmasq (whitelist for ipset )## |
################################################################### |
dnsmasq() |
{ |
[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq |
[ -e /etc/dnsmasq.conf.default ] || mv /etc/dnsmasq.conf /etc/dnsmasq.conf.default |
# dnsmasq listen on udp 55 ("dnsmasq with whitelist") |
cat << EOF > /etc/dnsmasq-whitelist.conf |
# Configuration file for "dnsmasq with whitelist" |
# ADD Toulouse university whitelist domains |
pid-file=/run/dnsmasq-whitelist.pid |
listen-address=127.0.0.1 |
port=55 |
no-dhcp-interface=lo |
bind-interfaces |
cache-size=1024 |
domain-needed |
expand-hosts |
bogus-priv |
filterwin2k |
ipset=/#/wl_ip_allowed # dynamically add the resolv IP address in the Firewall rules |
server=$DNS1 |
server=$DNS2 |
EOF |
# Don't run dnsmasq service. Create dnsmasq-whitelist unit |
systemctl disable dnsmasq.service |
cp -f /lib/systemd/system/dnsmasq.service /etc/systemd/system/dnsmasq-whitelist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /etc/systemd/system/dnsmasq-whitelist.service |
$SED "s?^PIDFile=.*?PIDFile=/run/dnsmasq-whitelist.pid?g" /etc/systemd/system/dnsmasq-whitelist.service |
} # End of dnsmasq() |
######################################################### |
## "unbound" ## |
## - create the conf files for 4 unbound services ## |
1657,6 → 1622,7 |
# Configuration file for whitelist unbound |
cat << EOF > /etc/unbound/unbound-whitelist.conf |
server: |
module-config: "ipset validator iterator" |
verbosity: 1 |
hide-version: yes |
hide-identity: yes |
1665,13 → 1631,14 |
define-tag: "whitelist" |
local-zone: "." transparent |
local-zone-tag: "." "whitelist" |
include: /etc/unbound/conf.d/common/forward-zone.conf |
include: /etc/unbound/conf.d/common/local-forward/* |
include: /etc/unbound/conf.d/common/local-dns/* |
include: /etc/unbound/conf.d/whitelist/* |
include: /usr/local/share/unbound-wl-enabled/* |
forward-zone: |
name: "." |
forward-addr: 127.0.0.1@55 |
username: "" |
ipset: |
name-v4: "wl_ip_allowed" |
EOF |
# Configuration file for $INTIF of blackhole unbound |
1705,7 → 1672,7 |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound-$list.conf?g" /etc/systemd/system/unbound-$list.service |
$SED "s?^PIDFile=.*?PIDFile=/run/unbound-$list.pid?g" /etc/systemd/system/unbound-$list.service |
done |
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service dnsmasq-whitelist.service?g" /etc/systemd/system/unbound-whitelist.service |
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /etc/systemd/system/unbound-whitelist.service |
} # End of unbound() |
################################################## |
1823,7 → 1790,7 |
EOF |
cat <<EOF > /etc/cron.d/alcasar-watchdog |
# 'alcasar-watchdog.sh' : run the "watchdog" (every 10') |
# 'alcasar-flush_ipset_wl.sh' : empty the IPSET of the whitelisted IP loaded dynamically with dnsmasq-whitelist hook (every sunday at 0:05 am) |
# 'alcasar-flush_ipset_wl.sh' : empty the IPSET of the whitelisted IP loaded dynamically with unbound-whitelist hook (every sunday at 0:05 am) |
# 'alcasar-watchdog.sh --disconnect-permanent-users' : disconnect users with attribute "Alcasar-Status-Page-Must-Stay-Open" (daily --> see "cron.daily") |
# 'alcasar-watchdog-hl.sh' : (optionnaly) remove the IP 0.0.0.0 from chilli cache memory |
*/10 * * * * root $DIR_DEST_BIN/alcasar-watchdog.sh > /dev/null 2>&1 |
2232,7 → 2199,7 |
done |
/usr/bin/systemctl daemon-reload |
# processes started at boot time (Systemctl) |
for i in alcasar-network mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd |
for i in alcasar-network mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd |
do |
/usr/bin/systemctl -q enable $i.service |
done |
2477,7 → 2444,7 |
fi |
mode="update" |
fi |
for func in init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat dnsmasq unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt mail_service post_install |
for func in init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt mail_service post_install |
do |
$func |
if [ $DEBUG_ALCASAR == "on" ] |
/conf/logrotate.d/dnsmasq-blacklist |
---|
File deleted |
/scripts/alcasar-activity_report.sh |
---|
164,7 → 164,7 |
#get timestamp of X day ago. Then we get every packets chich have been updated since this date. |
if [ "$(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l)" -gt 1 ] |
then |
PACKAGE='php|lighttpd|iptables|dnsmasq|unbound|radius|nfdump|e2guardian|clamav|ulogd|chilli|fail2ban|openssh|ipt-netflow|wget|mariadb|gnupg|openssl' |
PACKAGE='php|lighttpd|iptables|unbound|radius|nfdump|e2guardian|clamav|ulogd|chilli|fail2ban|openssh|ipt-netflow|wget|mariadb|gnupg|openssl' |
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR |
do |
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1) |
/scripts/alcasar-bl.sh |
---|
271,6 → 271,7 |
else |
# adapt to the unbound syntax for the whitelist |
$SED "s?.*?local-zone: & transparent?g" $FILE_tmp |
$SED "p; s? transparent? ipset?g" $FILE_tmp # duplicate lines to enable ipset module |
mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf |
fi |
done |
362,7 → 363,6 |
then |
/usr/bin/systemctl restart unbound-blacklist |
/usr/bin/systemctl restart unbound-whitelist |
/usr/bin/systemctl restart dnsmasq-whitelist |
/usr/bin/systemctl restart e2guardian |
/usr/local/bin/alcasar-iptables.sh |
fi |
/scripts/alcasar-conf.sh |
---|
195,6 → 195,9 |
# Apply changes between versions |
## V5.4 --> V5.5 ## |
[ -e $DIR_ETC/alcasar-iptables-local.sh ] && cp $DIR_ETC/alcasar-iptables-local.sh $DIR_ETC/alcasar-iptables-local.sh.old && cp $CURRENT_DIR/conf/etc/alcasar-iptables-local.sh $DIR_ETC/ # new rule for SMTP output flows |
## V5.5 --> V6.0 ## remove dnsmasq service |
[ -e /etc/dnsmasq-whitelist.conf ] && rm -f /etc/dnsmasq* |
[ -e /etc/systemd/system/dnsmasq-whitelist.service ] && rm -f /etc/systemd/system/dnsmasq* && urpme dnsmasq |
# Remove the update folder |
rm -rf $DIR_UPDATE |
;; |
297,7 → 300,7 |
$DIR_BIN/alcasar-logout.sh all |
# Services stop |
echo -n "Stop services : " |
for i in ntpd e2guardian unbound unbound-whitelist dnsmasq-whitelist unbound-blacklist unbound-blackhole chilli network lighttpd |
for i in ntpd e2guardian unbound unbound-whitelist unbound-blacklist unbound-blackhole chilli network lighttpd |
do |
/usr/bin/systemctl stop $i && echo -n "$i, " |
done |
372,10 → 375,6 |
$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf |
# modify the DHCP static ip file. Reserve the second IP address for INTIF (the first one is for tun0). Keep previous entries |
$SED "s?^$PRIVATE_MAC.*?$PRIVATE_MAC $PRIVATE_SECOND_IP?" $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info |
# dnsmasq-whitelist |
$SED "/^server=/d" /etc/dnsmasq-whitelist.conf |
echo "server=$DNS1" >> /etc/dnsmasq-whitelist.conf |
echo "server=$DNS2" >> /etc/dnsmasq-whitelist.conf |
# unbound |
# removing unbound configuration files |
rm -f /etc/unbound/conf.d/{forward,blacklist,whitelist,blackhole}/iface.* |
490,7 → 489,7 |
sleep 1 |
/usr/bin/systemctl start $i && echo -n ", $i" |
done |
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", unbound-blacklist, unbound-whitelist, dnsmasq-whitelist, e2guardian, iptables" |
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", unbound-blacklist, unbound-whitelist, e2guardian, iptables" |
/usr/bin/systemctl restart lighttpd && echo -n ", lighttpd" |
fi |
# Email user registration |
/scripts/alcasar-daemon.sh |
---|
15,7 → 15,7 |
LDAP=${LDAP:=off} |
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2` # INTIF name |
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2` # EXTIF name |
SERVICES="mysqld lighttpd php-fpm ntpd unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd" |
SERVICES="mysqld lighttpd php-fpm ntpd unbound unbound-blacklist unbound-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd" |
nb_available_srv=`echo $SERVICES|wc -w` |
function ServiceTest () { |
/scripts/alcasar-dns-local.sh |
---|
33,7 → 33,7 |
fi |
function restart_dns(){ |
for dns in unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole |
for dns in unbound unbound-blacklist unbound-whitelist unbound-blackhole |
do |
echo "Restarting $dns. Please wait..." |
systemctl restart $dns |
100,7 → 100,6 |
hosts_to_unbound |
;; |
--off|-off) # disable DNS redirector |
#$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE |
rm -f $LOCAL_DOMAIN_CONF_FILE |
$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=off?g" $ALCASAR_CONF_FILE |
restart_dns |
107,13 → 106,11 |
/usr/local/bin/alcasar-iptables.sh |
;; |
--off-without-restart|-off-without-restart) # disable DNS redirector |
#$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE |
rm -f $LOCAL_DOMAIN_CONF_FILE |
$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=off?g" $ALCASAR_CONF_FILE |
/usr/local/bin/alcasar-iptables.sh |
;; |
--on|-on) # enable DNS redirector |
#$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE |
cat > $LOCAL_DOMAIN_CONF_FILE << EOF |
server: |
local-zone: "$INT_DNS_DOMAIN." transparent |
126,7 → 123,6 |
/usr/local/bin/alcasar-iptables.sh |
;; |
--on-without-restart|-on-without-restart) # enable DNS redirector |
#$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE |
cat > $LOCAL_DOMAIN_CONF_FILE << EOF |
server: |
local-zone: "$INT_DNS_DOMAIN." transparent |
/scripts/alcasar-iptables.sh |
---|
165,7 → 165,7 |
done |
###### WL set ########### |
# taille fixe, car peuplé par dnsmasq / fixe length due to dnsmasq dynamic loading |
# taille fixe, car peuplé par unbound / fixe length due to unbound dynamic loading |
wl_set_length=65536 |
# Chargement Loading |
echo "create wl_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save |
/scripts/alcasar-rpm-download.sh |
---|
20,7 → 20,7 |
# "sudo" : needed after a reinstallation (to be investigated) |
# "clamav" + "clamav-db" : needed because of a lack of mutual dependance |
# "postfix" + "cyrus-sasl" + "lib64sasl2-plug-plain" : email registration method |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop" |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop" |
rpm_repository_sync () |
{ |
/scripts/alcasar-rpm.sh |
---|
21,7 → 21,7 |
# "sudo" : needed after a reinstallation (to be investigated) |
# "clamav" + "clamav-db" : needed because of a lack of mutual dependance |
# "postfix" + "cyrus-sasl" + "lib64sasl2-plug-plain" : email registration method |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-dom unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop" |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-dom unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware kernel-firmware-nonfree dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop" |
rpm_repository_sync () |
{ |
/scripts/alcasar-uninstall.sh |
---|
173,17 → 173,6 |
fi |
} |
dnsmasq () |
{ |
echo -en "(3) : " |
[ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf && echo -n "1, " |
[ -e /etc/dnsmasq-whitelist.conf ] && rm /etc/dnsmasq-whitelist.conf && echo -n "2, " |
if [ -e /etc/systemd/system/dnsmasq-whitelist.service ]; then |
rm -f /etc/systemd/system/dnsmasq-whitelist.service |
echo -n "3, " |
fi |
} |
unbound () |
{ |
echo -en "(9) : " |
327,7 → 316,7 |
echo "----------------------------------------------------------------------------" |
echo "** Uninstall/Désinstallation d'ALCASAR **" |
echo "----------------------------------------------------------------------------" |
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli" |
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist unbound-blackhole nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli" |
/usr/local/bin/alcasar-logout.sh all # logout everybody |
else |
echo "--------------------------------------------------------------------------" |
334,7 → 323,7 |
echo "** update/mise à jour d'ALCASAR **" |
echo "--------------------------------------------------------------------------" |
# unbound, iptables & sshd should stay on to allow remote update |
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist unbound-blackhole nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update + users stay connected during the update |
fi |
366,7 → 355,7 |
[ $mode == "update" ] && /usr/bin/systemctl reload sshd # reload sshd in case of remote update |
echo "Reset ALCASAR main functions : " |
for func in init ACC CA time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat unbound dnsmasq dhcpd cron fail2ban gammu_smsd msec letsencrypt mail_service post_install |
for func in init ACC CA time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat unbound dhcpd cron fail2ban gammu_smsd msec letsencrypt mail_service post_install |
do |
echo -en "\n- $func " |
$func |
/web/acc/about.htm |
---|
19,7 → 19,7 |
<dd><img src="/images/mini-tux.png" alt="linux" WIDTH="65" HEIGHT="72"></dd> |
</div> |
<script LANGUAGE="javascript"> |
//Fonction pour ouvrir une nouvelle fenêtre |
//Open a new Window |
function ouvrir(page) |
{ |
window.open(page, "From Rexy", "alwaysRaised=yes,toolbar=yes,location=yes,directories=no,status=no,menubar=yes,scrollbars=yes,resizable=no,copyhistory=no,hotkeys=no,width=640 ,height=480"); |
69,22 → 69,22 |
</script> |
<table width="100%" border="0" cellspacing="0" cellpadding="0" style="background-color: rgba(255, 255, 255, 0.5);"> |
<TR> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.linux.org')"><img border="0" src="/images/footer_linux.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.mageia.org')"><img border="0" src="/images/footer_mageia.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.coova.org/CoovaChilli')"><img border="0" src="/images/footer_coova.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.freeradius.org')"><img border="0" src="/images/footer_freeradius.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.mariadb.org')"><img border="0" src="/images/footer_mariadb.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://lighttpd.net')"><img border="0" src="/images/footer_lighttpd.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.php.net')"><img border="0" src="/images/footer_php.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://www.linux.org')"><img border="0" src="/images/footer_linux.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://www.mageia.org')"><img border="0" src="/images/footer_mageia.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://coova.github.io/')"><img border="0" src="/images/footer_coova.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://freeradius.org')"><img border="0" src="/images/footer_freeradius.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://mariadb.org')"><img border="0" src="/images/footer_mariadb.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://www.lighttpd.net')"><img border="0" src="/images/footer_lighttpd.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://www.php.net')"><img border="0" src="/images/footer_php.png"></A></TD> |
</TR> |
<TR> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.fpdf.org')"><img border="0" src="/images/footer_fpdf.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://sourceforge.net/projects/ipt-netflow')"><img border="0" src="/images/footer_netflow.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://www.postfix.org')"><img border="0" src="/images/footer_postfix.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://github.com/aabc/ipt-netflow')"><img border="0" src="/images/footer_netflow.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://www.clamav.net')"><img border="0" src="/images/footer_clamav.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.netfilter.org')"><img border="0" src="/images/footer_netfilter.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://www.wammu.eu')"><img border="0" src="/images/footer_gammu.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://www.netfilter.org')"><img border="0" src="/images/footer_netfilter.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://wammu.eu')"><img border="0" src="/images/footer_gammu.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://e2guardian.org')"><img border="0" src="/images/footer_e2guardian.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('http://thekelleys.org.uk/dnsmasq/doc.html')"><img border="0" src="/images/footer_dnsmasq.png"></A></TD> |
<TD align="center"><A HREF="javascript:ouvrir('https://nlnetlabs.nl/projects/unbound/about/')"><img border="0" src="/images/footer_unbound.png"></A></TD> |
</TR> |
</table> |
</body> |
/web/acc/admin/services.php |
---|
35,7 → 35,6 |
$l_unbound = "Serveur DNS principal"; |
$l_unbound_blacklist = "Serveur DNS pour la Blacklist"; |
$l_unbound_whitelist = "Serveur DNS pour la Whitelist"; |
$l_dnsmasq_whitelist = "Serveur DNS pour la Whitelist (IPSET)"; |
$l_unbound_blackhole = "Serveur DNS 'trou noir'"; |
$l_ulogd_ssh = "journalisation des accès par SSH"; |
$l_ulogd_ext_access = "journalisation des tentatives d'accès externes"; |
74,7 → 73,6 |
$l_unbound = "Servidor DNS principal "; |
$l_unbound_blacklist = "Servidor DNS de Lista Negra"; |
$l_unbound_whitelist = "Servidor DNS de Lista Blanca"; |
$l_dnsmasq_whitelist = "Servidor DNS de Lista Blanca (IPSET)"; |
$l_unbound_blackhole = "Agujero negro DNS"; |
$l_ulogd_ssh = "Proceso de registro para accesos SSH"; |
$l_ulogd_ext_access = "Proceso de registro de intentos de accesos externos"; |
113,7 → 111,6 |
$l_unbound = "Main DNS server"; |
$l_unbound_blacklist = "Blacklist DNS server"; |
$l_unbound_whitelist = "Whitelist DNS server"; |
$l_dnsmasq_whitelist = "Whitelist DNS server (IPSET)"; |
$l_unbound_blackhole = "Blackhole DNS server"; |
$l_ulogd_ssh = "SSH access logging process"; |
$l_ulogd_ext_access = "Extern access attempts logging process"; |
215,7 → 212,7 |
//------------------------------- |
// Actions on services |
//------------------------------- |
$autorizeService = array("radiusd","chilli","mysqld","lighttpd","unbound-forward","ulogd-ssh","ulogd-ext-access","ulogd-traceability","unbound-blacklist","unbound-whitelist","dnsmasq-whitelist","unbound-blackhole","e2guardian","clamav-daemon","clamav-freshclam","sshd","ntpd","fail2ban","nfcapd","vnstat","postfix"); |
$autorizeService = array("radiusd","chilli","mysqld","lighttpd","unbound-forward","ulogd-ssh","ulogd-ext-access","ulogd-traceability","unbound-blacklist","unbound-whitelist","unbound-blackhole","e2guardian","clamav-daemon","clamav-freshclam","sshd","ntpd","fail2ban","nfcapd","vnstat","postfix"); |
$autorizeAction = array("start","stop","restart"); |
if (isset($_GET['service'])&&(in_array($_GET['service'], $autorizeService))) { |
247,7 → 244,6 |
$FilterServiceStatus = array(); |
$FilterServiceStatus['unbound_blacklist'] = checkServiceStatus("unbound-blacklist"); |
$FilterServiceStatus['unbound_whitelist'] = checkServiceStatus("unbound-whitelist"); |
$FilterServiceStatus['dnsmasq_whitelist'] = checkServiceStatus("dnsmasq-whitelist"); |
$FilterServiceStatus['unbound_blackhole'] = checkServiceStatus("unbound-blackhole"); |
$FilterServiceStatus['e2guardian'] = checkServiceStatus("e2guardian"); |
$FilterServiceStatus['clamav_daemon'] = checkServiceStatus("clamav-daemon"); |
/web/acc/manager/auth_exceptions.php |
---|
118,7 → 118,7 |
fwrite ($pointeur, $line); |
fclose ($pointeur); |
exec ("sudo /usr/local/bin/alcasar-file-clean.sh"); # Clean & sort conf files. Add uamallowed domains to the dns-blackhole conf |
sleep (1); # be sure that dnsmasq-blackhole is restarted before killing tun0 ! |
sleep (1); # be sure that unbound-blackhole is restarted before killing tun0 ! |
exec ("sudo /usr/bin/systemctl restart chilli"); |
} |
} |
153,7 → 153,7 |
fclose($pointeur); |
} |
exec ("sudo /usr/local/bin/alcasar-file-clean.sh"); # Clean & sort conf files. Add uamallowed domains to the dns-blackhole conf |
sleep (1); # be sure that dnsmasq-blackhole is restarted before killing tun0 ! |
sleep (1); # be sure that unbound-blackhole is restarted before killing tun0 ! |
exec ("sudo /usr/bin/systemctl restart chilli"); |
break; |
case 'new_ip' : |
/web/images/footer_dnsmasq.png |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/png |
Property changes: |
Deleted: svn:mime-type |
-image/png |
\ No newline at end of property |
/web/images/footer_fpdf.png |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/png |
Property changes: |
Deleted: svn:mime-type |
-image/png |
\ No newline at end of property |
/web/images/footer_postfix.png |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/png |
Property changes: |
Added: svn:mime-type |
+image/png |
\ No newline at end of property |
/web/images/footer_unbound.png |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/png |
Property changes: |
Added: svn:mime-type |
+image/png |
\ No newline at end of property |