0,0 → 1,194 |
#/bin/bash |
# $Id$ |
|
# alcasar-bl.sh |
# by Franck BOUIJOUX and Richard REY |
# This script is distributed under the Gnu General Public License (GPL) |
|
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian) |
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian) |
|
DIR_CONF="/usr/local/etc" |
CONF_FILE="$DIR_CONF/alcasar.conf" |
private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2` |
private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
DIR_tmp="/tmp/blacklists" |
FILE_tmp="/tmp/fileFilter.txt" |
DIR_DG="/etc/dansguardian/lists" |
DIR_DG_BL="$DIR_DG/blacklists" |
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" |
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" |
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" |
DIR_DNS_FILTER_AVAILABLE="$DIR_CONF/alcasar-dnsfilter-available" |
DIR_DNS_FILTER_ENABLED="$DIR_CONF/alcasar-dnsfilter-enabled" |
BL_SERVER="dsi.ut-capitole.fr" |
SED="/bin/sed -i" |
|
# Permet d'activer/désactiver les catégories de la BL |
function cat_choice (){ |
# un peu de ménage |
rm -rf $DIR_DNS_FILTER_ENABLED/* |
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist |
# on adapte le fichier $BL_CATEGORIES au choix de catégorie |
$SED "s?^[^#]?#&?g" $BL_CATEGORIES # on commente ce qui ne l'est pas |
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` # on affecte les catégories à dansguardian et dnsmasq |
do |
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES |
ln -s $DIR_DNS_FILTER_AVAILABLE/$ENABLE_CATEGORIE.conf $DIR_DNS_FILTER_ENABLED/$ENABLE_CATEGORIE |
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # dansguardian s'occupe du contournement par proxy http ;-) |
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist |
done |
sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp |
mv $FILE_tmp $BL_CATEGORIES |
} |
function bl_enable (){ |
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf |
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage |
then |
service dansguardian restart |
service dnsmasq restart |
/usr/local/bin/alcasar-iptables.sh |
fi |
} |
function bl_disable (){ |
rm -rf $DIR_DNS_FILTER_ENABLED/* |
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf |
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage |
then |
service dansguardian restart |
service dnsmasq restart |
/usr/local/bin/alcasar-iptables.sh |
fi |
} |
usage="Usage: alcasar-bl.sh {-on or --on} | { -off or --off } | { -download or --download } | { -reload or --reload }" |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off) |
DNS_FILTERING=${DNS_FILTERING:=off} |
echo "Set BlackList Filtering to $DNS_FILTERING" |
if [ $DNS_FILTERING = on ]; then |
cat_choice |
bl_enable |
else |
bl_disable |
fi |
exit 0 |
fi |
case $args in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
# activation du filtrage |
-on | --on) |
cat_choice |
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=on?g" $CONF_FILE |
bl_enable |
;; |
# désactivation du filtrage |
-off | --off) |
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE |
bl_disable |
;; |
# Récupération de l'archive de la BL Toulouse |
-download | --download) |
rm -rf /tmp/con_ok.html |
`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html` |
if [ ! -e /tmp/con_ok.html ] |
then |
echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable" |
else |
rm -rf /tmp/con_ok.html $DIR_tmp |
mkdir $DIR_tmp |
wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz |
md5sum $DIR_tmp/blacklists.tar.gz | cut -d" " -f1 > $DIR_tmp/md5sum |
chown -R apache:apache $DIR_tmp |
fi |
;; |
# Adaptation de la BL de Toulouse à notre structure (dnsmasq + DG) |
-adapt | --adapt) |
if [ -f $DIR_tmp/blacklists.tar.gz ] |
then |
[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp |
rm -rf $DIR_DG_BL |
mkdir $DIR_DG_BL |
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/ |
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/ |
rm -rf $DIR_tmp |
chown -R dansguardian:apache $DIR_DG |
chmod -R g+w $DIR_DG |
fi |
rm -f $BL_CATEGORIES $WL_CATEGORIES $DIR_DNS_FILTER_AVAILABLE/* |
touch $BL_CATEGORIES $WL_CATEGORIES |
find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # On récupère le nom des répertoire (catégories) |
$SED "s?\/domains??g" $FILE_tmp # On supprime le suffixe "/domains" |
for categorie in `cat $FILE_tmp` # creation des deux fichiers de categories (BL / WL) |
do |
if [ -e $categorie/usage ] |
then |
is_whitelist=`grep white $categorie/usage|wc -l` |
else |
is_whitelist=0 # si le fichier 'usage' n'existe pas, on considère que la catégorie est une BL |
fi |
if [ $is_whitelist -eq "0" ] |
then |
echo "$categorie" >> $BL_CATEGORIES |
else |
echo "$categorie" >> $WL_CATEGORIES |
fi |
done |
rm -f $FILE_tmp |
echo -n "Toulouse BlackList migration process. Please wait : " |
for PATH_FILE in `cat $BL_CATEGORIES` # pour chaque catégorie |
do |
echo -n "." |
if [ ! -f $PATH_FILE/urls ] # on crée le fichier 'urls' s'il n'existe pas |
then |
touch $PATH_FILE/urls |
chown dansguardian:apache $PATH_FILE/urls |
fi |
# suppression des @IP, de caractères acccentués et des lignes commentées |
egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > $FILE_tmp |
$SED "/[äâëêïîöôüû]/d" $FILE_tmp |
$SED "/^#.*/d" $FILE_tmp |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp # Mise en forme dnsmasq |
DOMAINE=`basename $PATH_FILE` |
mv $FILE_tmp $DIR_DNS_FILTER_AVAILABLE/$DOMAINE.conf |
done |
echo |
;; |
# regénération suite à modification du choix des catégories |
-reload | --reload) |
# pour Dansguardian |
chown -R dansguardian:apache $DIR_DG_BL/ossi |
chmod -R g+w $DIR_DG_BL/ossi |
cat_choice |
# pour dnsmasq (noms de domaine réhabilités) |
if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ] |
then |
for i in `cat $DIR_DG/exceptionsitelist` |
do |
$SED "/$i/d" $DIR_DNS_FILTER_AVAILABLE/* |
done |
fi |
cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_FILTER_AVAILABLE/ossi.conf |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_FILTER_AVAILABLE/ossi.conf |
DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off) |
DNS_FILTERING=${DNS_FILTERING:=off} |
if [ $DNS_FILTERING = on ]; then |
bl_enable |
else |
bl_disable |
fi |
;; |
*) |
echo "Argument inconnu :$1"; |
echo "$usage" |
exit 1 |
;; |
esac |
|
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
Added: svn:keywords |
+Id Date Author |
\ No newline at end of property |