Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 687 → Rev 688

/CHANGELOG
7,6 → 7,7
- Core : simplify official certificate import process
- Core : update with the last version of Coova (1.2.8)
- Core : End of implementation of ANSSI rules for netfilter
- Core : allow exception of IP addresses (or network addresses) in the authentication process
 
---- 2.2 ----
- blacklist category "ip" is added for url that contains ip address (no domain name)
/scripts/alcasar-iptables.sh
104,7 → 104,7
# Redirection des flux DNS vers le port 54 (dns+blackhole) sauf pour les IP en exceptions
if [ $DNS_FILTERING = on ]; then
# Compute exception IP
nb_exceptions=`wc -w /usr/local/etc/alcasar-filter-exceptions | cut -d" " -f1`
nb_exceptions=`wc -l /usr/local/etc/alcasar-filter-exceptions | cut -d" " -f1`
if [ $nb_exceptions != "0" ]
then
while read ip_exception
117,10 → 117,9
#####################################
# If protocols filter is activate #
#####################################
# filtrage de protocoles sauf pour les IP en exceptions
if [ $PROTOCOLS_FILTERING = on ]; then
# Compute exception IP
nb_exceptions=`wc -w /usr/local/etc/alcasar-filter-exceptions | cut -d" " -f1`
# Compute exception IP (IP addresses that shouldn't be filtered)
nb_exceptions=`wc -l /usr/local/etc/alcasar-filter-exceptions | cut -d" " -f1`
if [ $nb_exceptions != "0" ]
then
while read ip_exception
129,6 → 128,17
$IPTABLES -A FORWARD -i $TUNIF -s $ip_exception -m state --state NEW -j ACCEPT
done < /usr/local/etc/alcasar-filter-exceptions
fi
# Compute uamallowed IP (IP address of equipments connect between ALCASAR and Internet (DMZ, own servers, ...)
nb_exceptions=`wc -l /usr/local/etc/alcasar-uamallowed | cut -d" " -f1`
if [ $nb_exceptions != "0" ]
then
while read ip_allowed_line
do
ip_allowed=`echo $ip_allowed_line|cut -d"\"" -f2`
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ULOG --ulog-prefix "RULE IP-allowed -- ACCEPT "
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ACCEPT
done < /usr/local/etc/alcasar-uamallowed
fi
# Autorisation des protocoles non commentés
# Allow non comment protocols
while read svc_line
/scripts/alcasar-conf.sh
122,6 → 122,7
then
ORGANISM=`cat $DIR_WEB/intercept.php|grep '$organisme =' | cut -d"=" -f2|tr -d ";\" "` # Sauvegarde du nom d'organisme
rm -f $DIR_UPDATE/etc/alcasar-ethers # This file doesn't contain comments
rm -f $DIR_UPDATE/exceptionurllist # This file was not empty (comments)
# Create the initial conf file (doesn't exist in earlier versions)
cat <<EOF > $CONF_FILE
##########################################
/web/acc/admin/dns_filter.php
39,10 → 39,10
$l_rehabilitated_dns="Noms de domaine réhabilités";
$l_rehabilitated_dns_explain="Entrez ici des noms de domaine bloqués par la liste noire principale <BR> que vous désirez réhabiliter.";
$l_forbidden_url="URL filtrés";
$l_forbidden_url_explain="Entrez une URL par ligne (exemple : www.domaine.org/perso.index.htm)";
$l_forbidden_url_explain="Entrez une URL par ligne (exemple : www.domaine.org/perso/index.htm)";
$l_rehabilitated_url="URL réhabilités";
$l_rehabilitated_url_explain="Entrez ici des URL bloquées par la liste noire principale <BR> que vous désirez réhabiliter.";
$l_one_url="Entrez une URL par ligne (exemple : www.domaine.org/perso.index.htm)";
$l_one_url="Entrez une URL par ligne (exemple : www.domaine.org/perso/index.htm)";
$l_record="Enregistrer les modifications";
$l_wait="Une fois validées, 30 secondes sont nécessaires pour traiter vos modifications";
}
/web/acc/admin/ldap.php
40,7 → 40,7
}else{
if ($update){
$message = "<div align=\"center\"><br>";
$message.="<strong><font color=\"red\">Mise à jour des paramètres ldap réalisé avec succès</font><br></strong>";
$message.="<strong><font color=\"green\">Mise à jour des paramètres ldap réalisé avec succès</font><br></strong>";
$message.="<br></div>";
}
}
/web/acc/admin/auth_exceptions.php
17,14 → 17,14
$Language = strtolower(substr(chop($Langue[0]),0,2)); }
if($Language == 'fr'){
$l_error_open_file = "Erreur d'ouverture du fichier";
$l_trusted_sites = "Sites Internet de confiance";
$l_trusted_sites_explain1 = "Entrez ici les noms de site ou d'URLs Internet pouvant &ecirc;tre joints sans authentification";
$l_trusted_sites_explain2 = "Entrez un nom par ligne";
$l_trusted_sites_list = "Liste de sites Internet de confiance";
$l_trusted_urls_list = "Liste d'URLs Internet de confiance";
$l_trusted_sites = "Domaines Internet et adresses IP de confiance";
$l_trusted_sites_explain1 = "Entrez ici les noms de domaine Internet ou les adresses IP pouvant &ecirc;tre joints sans authentification";
$l_trusted_sites_explain2 = "Entrez un nom de domaine ou une adresse IP par ligne";
$l_trusted_sites_list = "Liste de nom de domaine de confiance";
$l_trusted_urls_list = "Liste d'adresses IP ou d'adresses de réseau de confiance";
$l_trusted_mac = "&Eacute;quipements de confiance";
$l_trusted_mac_explain = "Entrez ici les adresses MAC des &eacute;quipements autorisés à joindre Internet sans authentification";
$l_trusted_mac_list = "Liste des adresses MAC de confiance";
$l_trusted_mac_list = "Liste d'adresses MAC de confiance";
$l_trusted_mac_address = "Adresses MAC autorisées";
$l_trusted_mac_info = "Information équipement";
$l_trusted_mac_del = "Supprimer de la liste";
34,11 → 34,11
}
else {
$l_error_open_file = "File open error";
$l_trusted_sites = "Trusted Internet sites";
$l_trusted_sites_explain1 = "Enter name of Internet sites or URLS that could be joined without authentication";
$l_trusted_sites_explain2 = "Enter one name per line";
$l_trusted_sites_list = "Trusted Internet sites list";
$l_trusted_urls_list = "Trusted Internet URLs list";
$l_trusted_sites = "Trusted Internet domain and IP addresses";
$l_trusted_sites_explain1 = "Enter Internet domain name or IP addresses that could be joined without authentication";
$l_trusted_sites_explain2 = "Enter one domain name ou one IP address per line";
$l_trusted_sites_list = "Trusted Internet domain list";
$l_trusted_urls_list = "Trusted IP addresses or networks addresses list";
$l_trusted_mac = "Trusted Equipments";
$l_trusted_mac_explain = "Enter MAC address of equipments that could contact Internet without authentication";
$l_trusted_mac_list = "Trusted MAC addresses list";
176,8 → 176,8
</td>
<td width=50% height=100% align=center>
<H3><?php echo $l_trusted_urls_list ;?></H3>
exemple1 : www.domain3.net/admin/index.htm<BR>
exemple2 : domain4.org/~polux/index.html<BR>
exemple1 : 192.168.0.10<BR>
exemple2 : 172.16.20.0/24<BR>
<?php
echo "<textarea name='trusted_urls' rows=5 cols=40>";
$ouvre=fopen($url_allowed_list,"r");
/web/acc/backup/sauvegarde.php
21,6 → 21,7
$l_firewall_log = "Journaux du parefeu (Firewall)";
$l_users_db_files = "Base des usagers";
$l_iso_files = "images ISO du syst&egrave;me";
$l_empty = "vide";
}
else {
$l_backups = "Backups";
32,6 → 33,7
$l_firewall_log = "Firewall log files";
$l_users_db_files = "Users database";
$l_iso_files = "System ISO images";
$l_empty = "empty";
}
function taille_fichier($fichier)
{
107,7 → 109,7
closedir($rep);
if ($i == 0)
{
echo "vide";
echo "$l_empty";
}
else
{
/web/pass/index.php
16,13 → 16,12
$Language = strtolower(substr(chop($Langue[0]),0,2)); }
if($Language == 'es'){
$R_title = "User password change";
$R_text_chg = "Change your password here -- Eplain how to change password --";
$R_form_l1 = "User";
$R_form_l2 = "Old password";
$R_form_l3 = "New password";
$R_form_l4 = "New password (confirmation)";
$R_eval_pass = "Score :";
$R_passwordmeter = "Powered by <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>";
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>";
$R_form_button_valid = "Modify";
$R_form_button_retour = "Cancel";
$R_form_result1 = "Your password has been successfuly changed";
30,13 → 29,12
$R_retour = "ALCASAR home page";}
if($Language == 'de'){
$R_title = "User password change";
$R_text_chg = "Change your password here -- Eplain how to change password --";
$R_form_l1 = "User";
$R_form_l2 = "Old password";
$R_form_l3 = "New password";
$R_form_l4 = "New password (confirmation)";
$R_eval_pass = "Score :";
$R_passwordmeter = "Powered by <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>";
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>";
$R_form_button_valid = "Modify";
$R_form_button_retour = "Cancel";
$R_form_result1 = "Your password has been successfuly changed";
44,13 → 42,12
$R_retour = "ALCASAR home page";}
if($Language == 'nl'){
$R_title = "User password change";
$R_text_chg = "Change your password here -- Eplain how to change password --";
$R_form_l1 = "User";
$R_form_l2 = "Old password";
$R_form_l3 = "New password";
$R_form_l4 = "New password (confirmation)";
$R_eval_pass = "Score :";
$R_passwordmeter = "Powered by <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>";
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>";
$R_form_button_valid = "Modify";
$R_form_button_retour = "Cancel";
$R_form_result1 = "Your password has been successfuly changed";
58,13 → 55,12
$R_retour = "ALCASAR home page";}
if($Language == 'en'){
$R_title = "User password change";
$R_text_chg = "Change your password here -- Eplain how to change password --";
$R_form_l1 = "User";
$R_form_l2 = "Old password";
$R_form_l3 = "New password";
$R_form_l4 = "New password (confirmation)";
$R_eval_pass = "Score :";
$R_passwordmeter = "Powered by <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>";
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>";
$R_form_button_valid = "Modify";
$R_form_button_retour = "Cancel";
$R_form_result1 = "Your password has been successfuly changed";
72,13 → 68,12
$R_retour = "ALCASAR home page";}
if($Language == 'fr'){
$R_title = "Changement de mot de passe utilisateur";
$R_text_chg = "Changez votre mot de passe d'acc&egrave;s &agrave; internet en utilisant le formulaire ci-dessous.";
$R_form_l1 = "Utilisateur :";
$R_form_l2 = "Ancien mot de passe :";
$R_form_l3 = "Nouveau mot de passe :";
$R_form_l4 = "Nouveau mot de passe (confirmation) :";
$R_eval_pass = "";
$R_passwordmeter = "Propulsé par <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>";
$R_passwordmeter = "Propulsé par 'Shibbo Password Analyser'</a>";
$R_form_button_valid = "Modifier";
$R_form_button_retour = "Annuler";
$R_form_result1 = "Votre mot de passe a &eacute;t&eacute; modifi&eacute; avec succ&egrave;s";
104,7 → 99,6
<div id=\"pass_chg\">
<img src=\"../images/organisme.png\" />
<h1 id=\"titre_pass\">$R_title</h1>
<p id=\"help_pass\">$R_text_chg</p>
</div>
<div id=\"pass_chg_content\">
<form name=\"master\" action=\"$current_page\" method=\"post\">
/web/index.php
75,7 → 75,7
$l_install_certif = "<a href=\"$cert_add/certificat_alcasar_ca.crt\">Installer le certificat racine</a>";
$l_install_certif_more = "<a href=\"$cert_add/certificat_alcasar_ca.crt\">Installation du certificat de l'autorit&eacute; racine d'ALCASAR</a>";
$l_certif_explain = "Permet l'&eacute;change de donn&eacute;es s&eacute;curis&eacute;es entre votre station de consultation et le portail captif ALCASAR.<BR>Si ce certificat n'est pas enregistr&eacute; sur votre station de consultation, il est possible que des alertes de s&eacute;curit&eacute;s soient &eacute;mises par votre navigateur.<br><br>";
$l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Aide pour les certificats</a>";
$l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Aide complémentaire</a>";
if ($user[4] == "0") {
$l_logout_explain = "Aucune session de consultation Internet n'est actuellement ouverte sur votre syst&egrave;me.";
$l_logout = "<a href=\"http://www.google.fr\">Ouvrir une session Internet</a>";}
100,8 → 100,8
$l_acc_access = "<a href=\"https://$hostname/acc\">ALCASAR Control Center</a>";
$l_install_certif = "<a href=\"$cert_add/certificat_alcasar_ca.crt\">Install ALCASAR AC Certificate</a>";
$l_install_certif_more = "<a href=\"$cert_add/certificat_alcasar_ca.cert\">Install ALCASAR AC Certificate</a>";
$l_certif_explain = "A TRADUIRE<br><br>";
$l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Help for ALCASAR certificate</a>";
$l_certif_explain = "Allow secure data exchange between your computer and ALCASAR portal.<BR>If this certificate isn't incorporated in your computer, some security alerts should appear in your browser.<br><br>";
$l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Complementary help</a>";
if ($user[4] == "0") {
$l_logout_explain = "No Internet consultation session is actualy open on your system";
$l_logout = "<a href=\"http://www.google.fr\">Open an Internet session</a>";}