WebSVN – ALCASAR – Path Comparison – / – /scripts/sbin/alcasar-bl.sh Rev HEAD and /scripts/sbin/alcasar-bl.sh Rev 885

Ignore whitespace Rev HEAD → Rev 885

 /scripts/sbin/alcasar-bl.sh
 ,0 → 1,194
+#/bin/bash
+# $Id$
+# alcasar-bl.sh
+# by Franck BOUIJOUX and Richard REY
+# This script is distributed under the Gnu General Public License (GPL)
+# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian)
+# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian)
+DIR_CONF="/usr/local/etc"
+CONF_FILE="$DIR_CONF/alcasar.conf"
+private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
+private_ip_mask=${private_ip_mask:=192.168.182.1/24}
+PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1`                      # ALCASAR LAN IP address
+DIR_tmp="/tmp/blacklists"
+FILE_tmp="/tmp/fileFilter.txt"
+DIR_DG="/etc/dansguardian/lists"
+DIR_DG_BL="$DIR_DG/blacklists"
+BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories"
+WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories"
+BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled"
+DIR_DNS_FILTER_AVAILABLE="$DIR_CONF/alcasar-dnsfilter-available"
+DIR_DNS_FILTER_ENABLED="$DIR_CONF/alcasar-dnsfilter-enabled"
+BL_SERVER="dsi.ut-capitole.fr"
+SED="/bin/sed -i"
+# Permet d'activer/désactiver les catégories de la BL
+function cat_choice (){
+        # un peu de ménage
+        rm -rf $DIR_DNS_FILTER_ENABLED/*
+        $SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist
+        # on adapte le fichier $BL_CATEGORIES au choix de catégorie
+        $SED "s?^[^#]?#&?g" $BL_CATEGORIES # on commente ce qui ne l'est pas
+        for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` # on affecte les catégories à dansguardian et dnsmasq
+        do
+                $SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES
+                $SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
+                ln -s $DIR_DNS_FILTER_AVAILABLE/$ENABLE_CATEGORIE.conf $DIR_DNS_FILTER_ENABLED/$ENABLE_CATEGORIE
+                echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist  # dansguardian s'occupe du contournement par proxy http ;-)
+                echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist
+        done
+        sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp
+        mv $FILE_tmp $BL_CATEGORIES
+}
+function bl_enable (){
+        $SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf
+        if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage
+        then
+                service dansguardian restart
+                service dnsmasq restart
+                /usr/local/bin/alcasar-iptables.sh
+        fi
+}
+function bl_disable (){
+        rm -rf $DIR_DNS_FILTER_ENABLED/*
+        $SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf
+        if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage
+        then
+                service dansguardian restart
+                service dnsmasq restart
+                /usr/local/bin/alcasar-iptables.sh
+        fi
+}
+usage="Usage: alcasar-bl.sh {-on or --on} | { -off or --off } | { -download or --download } | { -reload or --reload }"
+nb_args=$#
+args=$1
+if [ $nb_args -eq 0 ]
+then
+        DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2`             # DNS and URLs filter (on/off)
+        DNS_FILTERING=${DNS_FILTERING:=off}
+        echo "Set BlackList Filtering to $DNS_FILTERING"
+        if [ $DNS_FILTERING = on ]; then
+                cat_choice
+                bl_enable
+        else
+                bl_disable
+        fi
+        exit 0
+fi
+case $args in
+        -\? | -h* | --h*)
+                echo "$usage"
+                exit 0
+                ;;
+        # activation du filtrage
+        -on | --on)
+                cat_choice
+                $SED "s?^DNS_FILTERING.*?DNS_FILTERING=on?g" $CONF_FILE
+                bl_enable
+                ;;
+        # désactivation du filtrage
+        -off | --off)
+                $SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE
+                bl_disable
+                ;;
+        # Récupération de l'archive de la BL Toulouse
+        -download | --download)
+                rm -rf /tmp/con_ok.html
+                `/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`
+                if [ ! -e /tmp/con_ok.html ]
+                then
+                        echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable"
+                else
+                        rm -rf /tmp/con_ok.html $DIR_tmp
+                        mkdir $DIR_tmp
+                        wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz
+                        md5sum $DIR_tmp/blacklists.tar.gz | cut -d" " -f1 > $DIR_tmp/md5sum
+                        chown -R apache:apache $DIR_tmp
+                fi
+                ;;
+        # Adaptation de la BL de Toulouse à notre structure (dnsmasq + DG)
+        -adapt | --adapt)
+                if [ -f $DIR_tmp/blacklists.tar.gz ]
+                then
+                        [ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp
+                        rm -rf $DIR_DG_BL
+                        mkdir $DIR_DG_BL
+                        tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
+                        [ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/
+                        rm -rf $DIR_tmp
+                        chown -R dansguardian:apache $DIR_DG
+                        chmod -R g+w $DIR_DG
+                fi
+                rm -f $BL_CATEGORIES $WL_CATEGORIES $DIR_DNS_FILTER_AVAILABLE/*
+                touch $BL_CATEGORIES $WL_CATEGORIES
+                find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # On récupère le nom des répertoire (catégories)
+                $SED "s?\/domains??g" $FILE_tmp # On supprime le suffixe "/domains"
+                for categorie in `cat $FILE_tmp` # creation des deux fichiers de categories (BL / WL)
+                do
+                        if [ -e $categorie/usage ]
+                        then
+                                is_whitelist=`grep white $categorie/usage|wc -l`
+                        else
+                                is_whitelist=0 # si le fichier 'usage' n'existe pas, on considère que la catégorie est une BL
+                        fi
+                        if [ $is_whitelist -eq "0" ]
+                        then
+                                echo "$categorie" >> $BL_CATEGORIES
+                        else
+                                echo "$categorie" >> $WL_CATEGORIES
+                        fi
+                done
+                rm -f $FILE_tmp
+                echo -n "Toulouse BlackList migration process. Please wait : "
+                for PATH_FILE in `cat $BL_CATEGORIES`  # pour chaque catégorie
+                do
+                        echo -n "."
+                        if [ ! -f $PATH_FILE/urls ] # on crée le fichier 'urls' s'il n'existe pas
+                        then
+                                touch $PATH_FILE/urls
+                                chown dansguardian:apache $PATH_FILE/urls
+                        fi
+                        # suppression des @IP, de caractères acccentués et des lignes commentées
+                        egrep  -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > $FILE_tmp
+                        $SED "/[äâëêïîöôüû]/d" $FILE_tmp
+                        $SED "/^#.*/d" $FILE_tmp
+                        $SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp  # Mise en forme dnsmasq
+                        DOMAINE=`basename $PATH_FILE`
+                        mv $FILE_tmp $DIR_DNS_FILTER_AVAILABLE/$DOMAINE.conf
+                done
+                echo
+                ;;
+        # regénération suite à modification du choix des catégories
+        -reload | --reload)
+                # pour Dansguardian
+                chown -R dansguardian:apache $DIR_DG_BL/ossi
+                chmod -R g+w $DIR_DG_BL/ossi
+                cat_choice
+                # pour dnsmasq (noms de domaine réhabilités)
+                if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ]
+                then
+                        for i in `cat $DIR_DG/exceptionsitelist`
+                        do
+                                $SED "/$i/d" $DIR_DNS_FILTER_AVAILABLE/*
+                        done
+                fi
+                cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_FILTER_AVAILABLE/ossi.conf
+                $SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_FILTER_AVAILABLE/ossi.conf
+                DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2`             # DNS and URLs filter (on/off)
+                DNS_FILTERING=${DNS_FILTERING:=off}
+                if [ $DNS_FILTERING = on ]; then
+                        bl_enable
+                else
+                        bl_disable
+                fi
+                ;;
+        *)
+                echo "Argument inconnu :$1";
+                echo "$usage"
+                exit 1
+                ;;
+esac
 Property changes:
 Added: svn:eol-style
 +LF
 \ No newline at end of property
 Added: svn:executable
 Added: svn:keywords
 +Id Date Author
 \ No newline at end of property

Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev HEAD → Rev 885