/CHANGELOG |
---|
7,6 → 7,7 |
- Core : simplify official certificate import process |
- Core : update with the last version of Coova (1.2.8) |
- Core : End of implementation of ANSSI rules for netfilter |
- Core : allow exception of IP addresses (or network addresses) in the authentication process |
---- 2.2 ---- |
- blacklist category "ip" is added for url that contains ip address (no domain name) |
/scripts/alcasar-iptables.sh |
---|
104,7 → 104,7 |
# Redirection des flux DNS vers le port 54 (dns+blackhole) sauf pour les IP en exceptions |
if [ $DNS_FILTERING = on ]; then |
# Compute exception IP |
nb_exceptions=`wc -w /usr/local/etc/alcasar-filter-exceptions | cut -d" " -f1` |
nb_exceptions=`wc -l /usr/local/etc/alcasar-filter-exceptions | cut -d" " -f1` |
if [ $nb_exceptions != "0" ] |
then |
while read ip_exception |
117,10 → 117,9 |
##################################### |
# If protocols filter is activate # |
##################################### |
# filtrage de protocoles sauf pour les IP en exceptions |
if [ $PROTOCOLS_FILTERING = on ]; then |
# Compute exception IP |
nb_exceptions=`wc -w /usr/local/etc/alcasar-filter-exceptions | cut -d" " -f1` |
# Compute exception IP (IP addresses that shouldn't be filtered) |
nb_exceptions=`wc -l /usr/local/etc/alcasar-filter-exceptions | cut -d" " -f1` |
if [ $nb_exceptions != "0" ] |
then |
while read ip_exception |
129,6 → 128,17 |
$IPTABLES -A FORWARD -i $TUNIF -s $ip_exception -m state --state NEW -j ACCEPT |
done < /usr/local/etc/alcasar-filter-exceptions |
fi |
# Compute uamallowed IP (IP address of equipments connect between ALCASAR and Internet (DMZ, own servers, ...) |
nb_exceptions=`wc -l /usr/local/etc/alcasar-uamallowed | cut -d" " -f1` |
if [ $nb_exceptions != "0" ] |
then |
while read ip_allowed_line |
do |
ip_allowed=`echo $ip_allowed_line|cut -d"\"" -f2` |
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ULOG --ulog-prefix "RULE IP-allowed -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ACCEPT |
done < /usr/local/etc/alcasar-uamallowed |
fi |
# Autorisation des protocoles non commentés |
# Allow non comment protocols |
while read svc_line |
/scripts/alcasar-conf.sh |
---|
122,6 → 122,7 |
then |
ORGANISM=`cat $DIR_WEB/intercept.php|grep '$organisme =' | cut -d"=" -f2|tr -d ";\" "` # Sauvegarde du nom d'organisme |
rm -f $DIR_UPDATE/etc/alcasar-ethers # This file doesn't contain comments |
rm -f $DIR_UPDATE/exceptionurllist # This file was not empty (comments) |
# Create the initial conf file (doesn't exist in earlier versions) |
cat <<EOF > $CONF_FILE |
########################################## |
/web/acc/admin/dns_filter.php |
---|
39,10 → 39,10 |
$l_rehabilitated_dns="Noms de domaine réhabilités"; |
$l_rehabilitated_dns_explain="Entrez ici des noms de domaine bloqués par la liste noire principale <BR> que vous désirez réhabiliter."; |
$l_forbidden_url="URL filtrés"; |
$l_forbidden_url_explain="Entrez une URL par ligne (exemple : www.domaine.org/perso.index.htm)"; |
$l_forbidden_url_explain="Entrez une URL par ligne (exemple : www.domaine.org/perso/index.htm)"; |
$l_rehabilitated_url="URL réhabilités"; |
$l_rehabilitated_url_explain="Entrez ici des URL bloquées par la liste noire principale <BR> que vous désirez réhabiliter."; |
$l_one_url="Entrez une URL par ligne (exemple : www.domaine.org/perso.index.htm)"; |
$l_one_url="Entrez une URL par ligne (exemple : www.domaine.org/perso/index.htm)"; |
$l_record="Enregistrer les modifications"; |
$l_wait="Une fois validées, 30 secondes sont nécessaires pour traiter vos modifications"; |
} |
/web/acc/admin/ldap.php |
---|
40,7 → 40,7 |
}else{ |
if ($update){ |
$message = "<div align=\"center\"><br>"; |
$message.="<strong><font color=\"red\">Mise à jour des paramètres ldap réalisé avec succès</font><br></strong>"; |
$message.="<strong><font color=\"green\">Mise à jour des paramètres ldap réalisé avec succès</font><br></strong>"; |
$message.="<br></div>"; |
} |
} |
/web/acc/admin/auth_exceptions.php |
---|
17,14 → 17,14 |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'fr'){ |
$l_error_open_file = "Erreur d'ouverture du fichier"; |
$l_trusted_sites = "Sites Internet de confiance"; |
$l_trusted_sites_explain1 = "Entrez ici les noms de site ou d'URLs Internet pouvant être joints sans authentification"; |
$l_trusted_sites_explain2 = "Entrez un nom par ligne"; |
$l_trusted_sites_list = "Liste de sites Internet de confiance"; |
$l_trusted_urls_list = "Liste d'URLs Internet de confiance"; |
$l_trusted_sites = "Domaines Internet et adresses IP de confiance"; |
$l_trusted_sites_explain1 = "Entrez ici les noms de domaine Internet ou les adresses IP pouvant être joints sans authentification"; |
$l_trusted_sites_explain2 = "Entrez un nom de domaine ou une adresse IP par ligne"; |
$l_trusted_sites_list = "Liste de nom de domaine de confiance"; |
$l_trusted_urls_list = "Liste d'adresses IP ou d'adresses de réseau de confiance"; |
$l_trusted_mac = "Équipements de confiance"; |
$l_trusted_mac_explain = "Entrez ici les adresses MAC des équipements autorisés à joindre Internet sans authentification"; |
$l_trusted_mac_list = "Liste des adresses MAC de confiance"; |
$l_trusted_mac_list = "Liste d'adresses MAC de confiance"; |
$l_trusted_mac_address = "Adresses MAC autorisées"; |
$l_trusted_mac_info = "Information équipement"; |
$l_trusted_mac_del = "Supprimer de la liste"; |
34,11 → 34,11 |
} |
else { |
$l_error_open_file = "File open error"; |
$l_trusted_sites = "Trusted Internet sites"; |
$l_trusted_sites_explain1 = "Enter name of Internet sites or URLS that could be joined without authentication"; |
$l_trusted_sites_explain2 = "Enter one name per line"; |
$l_trusted_sites_list = "Trusted Internet sites list"; |
$l_trusted_urls_list = "Trusted Internet URLs list"; |
$l_trusted_sites = "Trusted Internet domain and IP addresses"; |
$l_trusted_sites_explain1 = "Enter Internet domain name or IP addresses that could be joined without authentication"; |
$l_trusted_sites_explain2 = "Enter one domain name ou one IP address per line"; |
$l_trusted_sites_list = "Trusted Internet domain list"; |
$l_trusted_urls_list = "Trusted IP addresses or networks addresses list"; |
$l_trusted_mac = "Trusted Equipments"; |
$l_trusted_mac_explain = "Enter MAC address of equipments that could contact Internet without authentication"; |
$l_trusted_mac_list = "Trusted MAC addresses list"; |
176,8 → 176,8 |
</td> |
<td width=50% height=100% align=center> |
<H3><?php echo $l_trusted_urls_list ;?></H3> |
exemple1 : www.domain3.net/admin/index.htm<BR> |
exemple2 : domain4.org/~polux/index.html<BR> |
exemple1 : 192.168.0.10<BR> |
exemple2 : 172.16.20.0/24<BR> |
<?php |
echo "<textarea name='trusted_urls' rows=5 cols=40>"; |
$ouvre=fopen($url_allowed_list,"r"); |
/web/acc/backup/sauvegarde.php |
---|
21,6 → 21,7 |
$l_firewall_log = "Journaux du parefeu (Firewall)"; |
$l_users_db_files = "Base des usagers"; |
$l_iso_files = "images ISO du système"; |
$l_empty = "vide"; |
} |
else { |
$l_backups = "Backups"; |
32,6 → 33,7 |
$l_firewall_log = "Firewall log files"; |
$l_users_db_files = "Users database"; |
$l_iso_files = "System ISO images"; |
$l_empty = "empty"; |
} |
function taille_fichier($fichier) |
{ |
107,7 → 109,7 |
closedir($rep); |
if ($i == 0) |
{ |
echo "vide"; |
echo "$l_empty"; |
} |
else |
{ |
/web/pass/index.php |
---|
16,13 → 16,12 |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'es'){ |
$R_title = "User password change"; |
$R_text_chg = "Change your password here -- Eplain how to change password --"; |
$R_form_l1 = "User"; |
$R_form_l2 = "Old password"; |
$R_form_l3 = "New password"; |
$R_form_l4 = "New password (confirmation)"; |
$R_eval_pass = "Score :"; |
$R_passwordmeter = "Powered by <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>"; |
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>"; |
$R_form_button_valid = "Modify"; |
$R_form_button_retour = "Cancel"; |
$R_form_result1 = "Your password has been successfuly changed"; |
30,13 → 29,12 |
$R_retour = "ALCASAR home page";} |
if($Language == 'de'){ |
$R_title = "User password change"; |
$R_text_chg = "Change your password here -- Eplain how to change password --"; |
$R_form_l1 = "User"; |
$R_form_l2 = "Old password"; |
$R_form_l3 = "New password"; |
$R_form_l4 = "New password (confirmation)"; |
$R_eval_pass = "Score :"; |
$R_passwordmeter = "Powered by <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>"; |
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>"; |
$R_form_button_valid = "Modify"; |
$R_form_button_retour = "Cancel"; |
$R_form_result1 = "Your password has been successfuly changed"; |
44,13 → 42,12 |
$R_retour = "ALCASAR home page";} |
if($Language == 'nl'){ |
$R_title = "User password change"; |
$R_text_chg = "Change your password here -- Eplain how to change password --"; |
$R_form_l1 = "User"; |
$R_form_l2 = "Old password"; |
$R_form_l3 = "New password"; |
$R_form_l4 = "New password (confirmation)"; |
$R_eval_pass = "Score :"; |
$R_passwordmeter = "Powered by <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>"; |
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>"; |
$R_form_button_valid = "Modify"; |
$R_form_button_retour = "Cancel"; |
$R_form_result1 = "Your password has been successfuly changed"; |
58,13 → 55,12 |
$R_retour = "ALCASAR home page";} |
if($Language == 'en'){ |
$R_title = "User password change"; |
$R_text_chg = "Change your password here -- Eplain how to change password --"; |
$R_form_l1 = "User"; |
$R_form_l2 = "Old password"; |
$R_form_l3 = "New password"; |
$R_form_l4 = "New password (confirmation)"; |
$R_eval_pass = "Score :"; |
$R_passwordmeter = "Powered by <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>"; |
$R_passwordmeter = "Powered by 'Shibbo Password Analyser'</a>"; |
$R_form_button_valid = "Modify"; |
$R_form_button_retour = "Cancel"; |
$R_form_result1 = "Your password has been successfuly changed"; |
72,13 → 68,12 |
$R_retour = "ALCASAR home page";} |
if($Language == 'fr'){ |
$R_title = "Changement de mot de passe utilisateur"; |
$R_text_chg = "Changez votre mot de passe d'accès à internet en utilisant le formulaire ci-dessous."; |
$R_form_l1 = "Utilisateur :"; |
$R_form_l2 = "Ancien mot de passe :"; |
$R_form_l3 = "Nouveau mot de passe :"; |
$R_form_l4 = "Nouveau mot de passe (confirmation) :"; |
$R_eval_pass = ""; |
$R_passwordmeter = "Propulsé par <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>"; |
$R_passwordmeter = "Propulsé par 'Shibbo Password Analyser'</a>"; |
$R_form_button_valid = "Modifier"; |
$R_form_button_retour = "Annuler"; |
$R_form_result1 = "Votre mot de passe a été modifié avec succès"; |
104,7 → 99,6 |
<div id=\"pass_chg\"> |
<img src=\"../images/organisme.png\" /> |
<h1 id=\"titre_pass\">$R_title</h1> |
<p id=\"help_pass\">$R_text_chg</p> |
</div> |
<div id=\"pass_chg_content\"> |
<form name=\"master\" action=\"$current_page\" method=\"post\"> |
/web/index.php |
---|
75,7 → 75,7 |
$l_install_certif = "<a href=\"$cert_add/certificat_alcasar_ca.crt\">Installer le certificat racine</a>"; |
$l_install_certif_more = "<a href=\"$cert_add/certificat_alcasar_ca.crt\">Installation du certificat de l'autorité racine d'ALCASAR</a>"; |
$l_certif_explain = "Permet l'échange de données sécurisées entre votre station de consultation et le portail captif ALCASAR.<BR>Si ce certificat n'est pas enregistré sur votre station de consultation, il est possible que des alertes de sécurités soient émises par votre navigateur.<br><br>"; |
$l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Aide pour les certificats</a>"; |
$l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Aide complémentaire</a>"; |
if ($user[4] == "0") { |
$l_logout_explain = "Aucune session de consultation Internet n'est actuellement ouverte sur votre système."; |
$l_logout = "<a href=\"http://www.google.fr\">Ouvrir une session Internet</a>";} |
100,8 → 100,8 |
$l_acc_access = "<a href=\"https://$hostname/acc\">ALCASAR Control Center</a>"; |
$l_install_certif = "<a href=\"$cert_add/certificat_alcasar_ca.crt\">Install ALCASAR AC Certificate</a>"; |
$l_install_certif_more = "<a href=\"$cert_add/certificat_alcasar_ca.cert\">Install ALCASAR AC Certificate</a>"; |
$l_certif_explain = "A TRADUIRE<br><br>"; |
$l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Help for ALCASAR certificate</a>"; |
$l_certif_explain = "Allow secure data exchange between your computer and ALCASAR portal.<BR>If this certificate isn't incorporated in your computer, some security alerts should appear in your browser.<br><br>"; |
$l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Complementary help</a>"; |
if ($user[4] == "0") { |
$l_logout_explain = "No Internet consultation session is actualy open on your system"; |
$l_logout = "<a href=\"http://www.google.fr\">Open an Internet session</a>";} |