/scripts/alcasar-conf.sh |
---|
24,8 → 24,8 |
DIR_SAVE="/var/Save/system_backup" # répertoire de sauvegarde |
CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file |
VERSION="/var/www/html/VERSION" # contient la version en cours |
EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI) |
INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
HOSTNAME="alcasar" |
DB_USER="radius" |
radiuspwd="" |
/scripts/alcasar-iptables-bypass.sh |
---|
8,21 → 8,21 |
# applique les regles du parefeu en mode ByPass |
# put the firewall rules in 'ByPass' mode |
conf_file="/usr/local/etc/alcasar.conf" |
private_ip_mask=`grep PRIVATE_IP= $conf_file|cut -d"=" -f2` |
CONF_FILE="/usr/local/etc/alcasar.conf" |
private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2` |
private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
private_network=`/bin/ipcalc -n $private_ip_mask|cut -d"=" -f2` # LAN IP address (ie.: 192.168.182.0) |
private_prefix=`/bin/ipcalc -p $private_ip_mask|cut -d"=" -f2` # LAN prefix (ie. 24) |
IPTABLES="/sbin/iptables" |
EXTIF="eth0" |
INTIF="eth1" |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
PRIVATE_NETWORK_MASK=$private_network/$private_prefix # Lan IP address + prefix (192.168.182.0/24) |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
public_ip_mask=`grep PUBLIC_IP= $conf_file|cut -d"=" -f2` # ALCASAR WAN IP address |
public_ip_mask=`grep PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` # ALCASAR WAN IP address |
PUBLIC_IP=`echo $public_ip_mask | cut -d"/" -f1` |
SSH=`grep SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off) |
SSH=`grep SSH= $CONF_FILE|cut -d"=" -f2` # sshd active (on/off) |
SSH=${SSH:=off} |
SSH_ADMIN_FROM=`grep SSH_ADMIN_FROM= $conf_file|cut -d"=" -f2` |
SSH_ADMIN_FROM=`grep SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2` |
SSH_ADMIN_FROM=${SSH_ADMIN_FROM:="0.0.0.0/0.0.0.0"} # WAN IP address to reduce ssh access (all ip allowed on LAN side) |
/scripts/alcasar-iptables.sh |
---|
10,22 → 10,22 |
# 2 protection of ALCASAR with the Ulog group 1 (default group) |
# 3 SSH on ALCASAR with the Ulog group 2; |
# 4 extern access attempts on ALCASAR with the Ulog group 3. |
# The bootps/dhcp (67) port is always open on tun0/eth1 by coova |
conf_file="/usr/local/etc/alcasar.conf" |
private_ip_mask=`grep ^PRIVATE_IP= $conf_file|cut -d"=" -f2` |
# The bootps/dhcp (67) port is always open on tun0/INTIF by coova |
CONF_FILE="/usr/local/etc/alcasar.conf" |
private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2` |
private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
private_network=`/bin/ipcalc -n $private_ip_mask|cut -d"=" -f2` # LAN IP address (ie.: 192.168.182.0) |
private_prefix=`/bin/ipcalc -p $private_ip_mask|cut -d"=" -f2` # LAN prefix (ie. 24) |
PRIVATE_NETWORK_MASK=$private_network/$private_prefix # Lan IP address + prefix (192.168.182.0/24) |
public_ip_mask=`grep ^PUBLIC_IP= $conf_file|cut -d"=" -f2` # ALCASAR WAN IP address |
public_ip_mask=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` # ALCASAR WAN IP address |
PUBLIC_IP=`echo $public_ip_mask | cut -d"/" -f1` |
dns1=`grep ^DNS1= $conf_file|cut -d"=" -f2` # first public DNS server |
dns1=`grep ^DNS1= $CONF_FILE|cut -d"=" -f2` # first public DNS server |
dns1=${dns1:=208.67.220.220} |
dns2=`grep ^DNS2= $conf_file|cut -d"=" -f2` # second public DNS server |
dns2=`grep ^DNS2= $CONF_FILE|cut -d"=" -f2` # second public DNS server |
dns2=${dns2:=208.67.222.222} |
DNSSERVERS="$dns1,$dns2" # first and second DNS IP servers addresses |
PROTOCOLS_FILTERING=`grep ^PROTOCOLS_FILTERING= $conf_file|cut -d"=" -f2` # Network protocols filter (on/off) |
PROTOCOLS_FILTERING=`grep ^PROTOCOLS_FILTERING= $CONF_FILE|cut -d"=" -f2` # Network protocols filter (on/off) |
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off} |
BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP |
BL_IP_OSSI="/usr/local/share/iptables-bl/ossi" # ossi categoty |
33,18 → 33,18 |
DNSMASQ_WL_ENABLED="/usr/local/share/dnsmasq-wl-enabled" # enabled domain names for the Whitelist |
TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set |
TMP_set_save="/tmp/ipset_save" # tmp file for blacklist and whitelist creation |
QOS=`grep ^QOS= $conf_file|cut -d"=" -f2` # QOS (on/off) |
QOS=`grep ^QOS= $CONF_FILE|cut -d"=" -f2` # QOS (on/off) |
QOS=${QOS:=off} |
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off) |
SSH=`grep ^SSH= $CONF_FILE|cut -d"=" -f2` # sshd active (on/off) |
SSH=${SSH:=off} |
SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $conf_file|cut -d"=" -f2` |
SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2` |
SSH_ADMIN_FROM=${SSH_ADMIN_FROM:="0.0.0.0/0.0.0.0"} # WAN IP address to reduce ssh access (all ip allowed on LAN side) |
LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2` # LDAP external server active (on/off) |
LDAP=`grep ^LDAP= $CONF_FILE|cut -d"=" -f2` # LDAP external server active (on/off) |
LDAP=${LDAP:=off} |
LDAP_IP=`grep ^LDAP_IP= $conf_file|cut -d"=" -f2` # WAN IP address to reduce LDAP WAN access (all ip allowed on LAN side) |
LDAP_IP=`grep ^LDAP_IP= $CONF_FILE|cut -d"=" -f2` # WAN IP address to reduce LDAP WAN access (all ip allowed on LAN side) |
LDAP_IP=${LDAP_IP:="0.0.0.0/0.0.0.0"} |
EXTIF="enp1s0" |
INTIF="enp2s0" |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
TUNIF="tun0" # listen device for chilli daemon |
IPTABLES="/sbin/iptables" |
IP_REHABILITEES="/etc/dansguardian/lists/exceptioniplist" # Rehabilitated IP |
/scripts/alcasar-watchdog.sh |
---|
13,10 → 13,10 |
# - PCs are quiet |
# - MAC address is used by other systems (usurped) |
EXTIF="enp1s0" |
INTIF="enp2s0" |
conf_file="/usr/local/etc/alcasar.conf" |
private_ip_mask=`grep PRIVATE_IP= $conf_file|cut -d"=" -f2` |
CONF_FILE="/usr/local/etc/alcasar.conf" |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2` |
private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1` # @ip du portail (côté LAN) |
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1} |
31,9 → 31,9 |
{ |
case $LAN_DOWN in |
"1") |
logger "eth0 link down" |
echo "eth0 is down" |
/bin/sed -i "s?diagnostic =.*?diagnostic = \"eth0 link down\";?g" $Index_Page |
logger "$EXTIF (WAN card) link down" |
echo "$EXTIF (WAN card) is down" |
/bin/sed -i "s?diagnostic =.*?diagnostic = \"$EXTIF (WAN card) link down\";?g" $Index_Page |
;; |
"2") |
logger "can't contact the default router" |
/scripts/sbin/alcasar-bypass.sh |
---|
2,7 → 2,7 |
# $Id$ |
# alcasar-bypass.sh |
# by Franck BOUIJOUX and Richard REY |
# by 3abtux and Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# activation / désactivation du contournement de l'authentification et du filtrage WEB |
10,6 → 10,9 |
usage="Usage: alcasar-bypass.sh {--on or -on } | {--off or -off}" |
SED="/bin/sed -i" |
CONF_FILE="/usr/local/etc/alcasar.conf" |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
26,13 → 29,13 |
# activation du contournement |
for i in chilli dansguardian havp mysqld radiusd httpd freshclam dnsmasq squid |
do |
if (pgrep $i) > /dev/null ; then /etc/init.d/$i stop ; fi |
if (pgrep $i) > /dev/null ; then /usr/bin/systemctl stop $i.service ; fi |
done |
echo "Configure eth1 ..." |
cp /etc/sysconfig/network-scripts/default-ifcfg-eth1 /etc/sysconfig/network-scripts/ifcfg-eth1 |
ifup eth1 |
echo "$INTIF configuration ..." |
cp /etc/sysconfig/network-scripts/default-ifcfg-$INTIF /etc/sysconfig/network-scripts/ifcfg-$INTIF |
ifup $INTIF |
sh /usr/local/bin/alcasar-iptables-bypass.sh |
echo "Configure dnsmasq ..." |
echo "dnsmasq Configuration ..." |
$SED "s?^conf-dir=.*?#&?g" /etc/dnsmasq-blacklist.conf |
$SED "s?^no-dhcp-interface=.*?#&?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf |
/etc/init.d/dnsmasq start |
42,13 → 45,13 |
--off | -off) |
# désactivation du contournement |
if (pgrep dnsmasq) > /dev/null ; then /etc/init.d/dnsmasq stop ; fi |
echo "Configure dnsmasq ..." |
echo "dnsmasq Configuration ..." |
$SED "s?^#conf-dir=.*?conf-dir=/usr/local/share/dnsmasq-bl-enabled?g" /etc/dnsmasq-blacklist.conf |
$SED "s?^#no-dhcp-interface=.*?no-dhcp-interface=eth1?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf |
rm -f /etc/sysconfig/network-scripts/ifcfg-eth1 |
$SED "s?^#no-dhcp-interface=.*?no-dhcp-interface=$INTIF?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf |
rm -f /etc/sysconfig/network-scripts/ifcfg-$INTIF |
for i in chilli dansguardian havp mysqld radiusd httpd freshclam dnsmasq squid |
do |
if ! (pgrep $i) > /dev/null ; then /etc/init.d/$i start ; fi |
if ! (pgrep $i) > /dev/null ; then /usr/bin/systemctl start $i.service; fi |
done |
sh /usr/local/bin/alcasar-iptables.sh |
echo "L'authentification et le filtrage sont de nouveau activés" |
/scripts/sbin/alcasar-dhcp.sh |
---|
42,7 → 42,7 |
PRIVATE_DYN_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # dernière adresse de la plage dynamique (ex.: 192.168.182.254) |
EXT_DHCP_IP=`grep EXT_DHCP_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse du serveur DHCP externe |
RELAY_DHCP_IP=`grep RELAY_DHCP_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse de l'agent Relay : IP interne (défaut 192.168.182.1) dans le cas de DHCP dans le LAN de consultation |
RELAY_DHCP_IP=${RELAY_DHCP_IP:=$PRIVATE_IP} # IP externe (défaut x.y.z.t) dans le cas de DHCP du côté eth0 ( WAN) |
RELAY_DHCP_IP=${RELAY_DHCP_IP:=$PRIVATE_IP} # IP externe (défaut x.y.z.t) dans le cas de DHCP du côté WAN |
RELAY_DHCP_PORT=`grep RELAY_DHCP_PORT $ALCASAR_CONF_FILE|cut -d"=" -f2` # Port de redirection vers le relay DHCP : 67 par défaut |
RELAY_DHCP_PORT=${RELAY_DHCP_PORT:=67} |
/scripts/sbin/alcasar-load_balancing.sh |
---|
33,6 → 33,7 |
MULTIWAN=${MULTIWAN:=off} |
FAILOVER=`grep FAILOVER= $CONF_FILE|cut -d"=" -f2` |
FAILOVER=${FAILOVER:=30} |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
# space separated list of public IPs to ping in watchdog mode |
68,7 → 69,7 |
IP=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $3}' | cut -d"/" -f1` # @IP |
if [ $i -ne 0 ]; then |
[ -e /etc/sysconfig/network-scripts/ifcfg-eth0:$i ] && ifdown eth0:$i && rm -f /etc/sysconfig/network-scripts/ifcfg-eth0:$i |
[ -e /etc/sysconfig/network-scripts/ifcfg-$INTIF:$i ] && ifdown $INTIF:$i && rm -f /etc/sysconfig/network-scripts/ifcfg-$INTIF:$i |
IFACE=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $2}'` # IFACE |
IP_NET=`grep "^$INT=" $CONF_FILE | awk -F'"' '{print $2}' | awk -F, '{ print $3}'` # IP |
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`" |
75,8 → 76,8 |
GW=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW |
MTU=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $6}'` # MTU |
# Config eth0:$i (Internet) |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-eth0:$i |
# Config $INTIF:$i (Internet) |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF:$i |
DEVICE=$IFACE |
BOOTPROTO=static |
IPADDR=`echo $IP | cut -d"/" -f1` |
91,11 → 92,11 |
ACCOUNTING=no |
USERCTL=no |
EOF |
echo "ifup eth0:$i" |
ifup eth0:$i |
echo "ifup $INTIF:$i" |
ifup $INTIF:$i |
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`" |
else |
IFACE="eth0" |
IFACE="$INTIF" |
IP_NET=`grep "^PUBLIC_IP=" $CONF_FILE | awk -F'=' '{print $2}'` # IP/MSK |
IP=`grep "^PUBLIC_IP=" $CONF_FILE | awk -F= '{ print $2 }' | cut -d"/" -f1` # @IP |
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW |
139,14 → 140,14 |
# Fonction virtual Interfaces deleting |
########################### |
delete_eth () { |
IFACE_COUNT=`ls -l /etc/sysconfig/network-scripts/ifcfg-eth0:* | wc -l` |
IFACE_COUNT=`ls -l /etc/sysconfig/network-scripts/ifcfg-$INTIF:* | wc -l` |
echo $IFACE_COUNT |
while [ $IFACE_COUNT -ne 0 ] |
do |
i=$IFACE_COUNT |
echo "ifdown eth0:$i" |
ifdown eth0:$i |
rm -f /etc/sysconfig/network-scripts/ifcfg-eth0:$i |
echo "ifdown $INTIF:$i" |
ifdown $INTIF:$i |
rm -f /etc/sysconfig/network-scripts/ifcfg-$INTIF:$i |
IFACE_COUNT=$(($IFACE_COUNT - 1)) |
done |
ip route del default scope global |
182,7 → 183,7 |
DOWN_BAK="" |
NBIFACE=`grep "^WAN" $CONF_FILE | wc -l` # Nbre interfaces virtuelles |
echo "Nombre interfaces = "$NBIFACE |
WANIFACE[0]="eth0" # eth0 par défaut |
WANIFACE[0]="$INTIF" |
c=0 |
while [ $c -le $NBIFACE ]; do |
ITH=(`grep "WAN$c=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $2}'`) # IFACE |
206,7 → 207,7 |
for iface in $WANIFACE ; do |
COUNT=0 # compteur de test |
FAIL=0 # Nombre de fois down |
# Recup de l'adresse IP dynamiquement A tester avec le tableau ... ip=${ETH[$i:2]} basé sur iface=${ETH[$i:1]} |
# Recup de l'adresse IP dynamiquement |
IP=`ifconfig $iface |grep "inet adr" |cut -f 2 -d ":" |awk '{print $1}'` |
if [ $i -ne 0 ]; then |
GW=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW |
292,7 → 293,7 |
# Interface en etat normal --> rajout de la règle en mode nexthop |
if [ $FAILIF -eq 0 ]; then |
IP=`ifconfig $iface |grep "inet adr" |cut -f 2 -d ":" |awk '{print $1}'` |
if [ $iface != "eth0" ]; then |
if [ $iface != "$INTIF" ]; then |
GW=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW |
WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @GW |
else |
/scripts/sbin/alcasar-uninstall.sh |
---|
203,8 → 203,9 |
#network |
echo -en "\n- network(9) : " |
hostname localhost |
EXTIF=`/sbin/ip route|grep default|cut -d" " -f5` |
INTIF=`/sbin/ip link|grep '^[[:digit:]]:'|grep -v "lo\|$EXTIF"|cut -d" " -f2|tr -d ":"` |
CONF_FILE="/usr/local/etc/alcasar.conf" |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
i=0 |
for nic in $EXTIF $INTIF |
do |