1,13 → 1,19 |
#/bin/sh |
# $Id$ |
|
# Gestion des Blacklists/Whitelists |
# Script de gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via dansguardian) |
# By 3abtux & rexy |
|
DIR_tmp="/root/blacklists" |
DIR_tmp="/tmp/blacklists" |
FILE_tmp="/tmp/fileFilter.txt" |
BL_CATEGORIES=/usr/local/etc/alcasar-bl-categories |
DIR_DANSGUARDIAN="/etc/dansguardian/lists/" |
DIR_DNS_FILTER_AVAILABLE="/usr/local/etc/alcasar-dnsfilter-available" |
DIR_DNS_FILTER_ENABLE="/usr/local/etc/alcasar-dnsfilter-enabled" |
IP_RETOUR="127.0.0.1" |
BL_SERVER="cri.univ-tlse1.fr" |
SED="/bin/sed -i" |
|
# Récupération de l'archive de la BL Toulouse |
function transfert () { |
mkdir -p $DIR_tmp |
cd $DIR_tmp |
14,15 → 20,50 |
wget http://$BL_SERVER/blacklists/download/blacklists.tar.gz |
} |
|
# Décompression de la BL (en conservant la WL) |
function install () { |
[ -d $DIR_DANSGUARDIAN ] || mkdir -p $DIR_DANSGUARDIAN |
[ -d $DIR_DANSGUARDIAN/blacklists/ossi ] && mv -f $DIR_DANSGUARDIAN/blacklists/ossi $DIR_tmp |
tar zxvf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DANSGUARDIAN |
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DANSGUARDIAN |
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DANSGUARDIAN/blacklists/ |
cd /root |
rm -rf $DIR_tmp |
} |
|
# Adaptation de la BL Toulouse à la structure Dnsmasq |
function adapt () { |
# On récupère le nom des répertoire (catégories) |
find $DIR_DANSGUARDIAN -type f -name domains > $FILE_tmp |
# On supprime le suffice "/domains" |
$SED "s?\/domains??g" $FILE_tmp |
rm -f $DIR_DNS_FILTER_AVAILABLE/* |
echo -n "Adaptation de la BL Toulouse. Veuillez patienter : " |
# On copie les fichiers de domaine pour chaque catégorie |
for PATH_FILE in `cat $FILE_tmp` |
do |
DOMAINE=`basename $PATH_FILE` |
echo -n "." |
# suppression des @IP, des lignes commentées et des caractères bizarres comme les ô et û ö ü |
# cela supprime quelques domaines ... qui restent filtrés par dansguardian |
egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > /tmp/dnsmasq-bl.tmp |
$SED "/[äâëêïîöôüû]/d" /tmp/dnsmasq-bl.tmp |
$SED "/^#.*/d" /tmp/dnsmasq-bl.tmp |
# Mise en forme dnsmasq |
$SED "s?.*?address=/&/$IP_RETOUR?g" /tmp/dnsmasq-bl.tmp |
mv /tmp/dnsmasq-bl.tmp $DIR_DNS_FILTER_AVAILABLE/$DOMAINE.conf |
done |
rm -f $FILE_tmp |
echo |
} |
|
# Permet d'activer/désactiver les catégories de la BL |
function cat_choice (){ |
rm -rf $DIR_DNS_FILTER_ENABLE |
for i in `cat $BL_CATEGORIES` |
do |
echo $i |
done |
} |
usage="Usage: alcasar-bl.sh -on | -off | -download| -reload" |
nb_args=$# |
args=$1 |
36,22 → 77,22 |
echo "$usage" |
exit 0 |
;; |
# activation du filtrage |
-on) |
# activation du filtrage |
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf |
cat_choice |
service dansguardian reload |
/usr/local/bin/alcasar-dnsfilter-activate.sh |
service dnsmasq restart |
;; |
# désactivation du filtrage |
-off) |
# désactivation du filtrage |
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf |
rm -rf $DIR_DNS_FILTER_ENABLE |
service dansguardian reload |
/usr/local/bin/alcasar-dnsfilter-activate.sh |
service dnsmasq restart |
;; |
# Mise a jour de la blacklist 'Toulouse' et adaptation à dansguardian et dnsmasq |
-download) |
# Mise a jour de la blacklist 'Toulouse' et compilation de la base |
rm -rf /tmp/con_ok.html |
`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html` |
if [ ! -e /tmp/con_ok.html ] |
62,18 → 103,23 |
install |
chown -R dansguardian:apache $DIR_DANSGUARDIAN |
chmod -R g+w $DIR_DANSGUARDIAN |
service dansguardian reload |
DATE=`date '+%d %B %Y - %Hh%M'` |
echo "Univ-tlse du $DATE " > /var/www/html/VERSION-BL |
rm -rf /tmp/con_ok.html |
fi |
adapt |
;; |
# regénération suite à modification de la BL OSSI/RSSI |
-reload) |
# regénération de la base OSSI/RSSI |
# pour Dansguardian |
chown -R dansguardian:apache $DIR_DANSGUARDIAN/blacklists/ossi |
chmod -R g+w $DIR_DANSGUARDIAN/blacklists/ossi |
service dansguardian reload |
;; |
# pour dnsmasq |
cp $DIR_DANSGUARDIAN/blacklists/ossi/domains $DIR_DNS_FILTER_AVAILABLE/ossi.conf |
$SED "s?.*?address=/&/$IP_RETOUR?g" $DIR_DNS_FILTER_AVAILABLE/ossi.conf |
service dnsmasq reload |
;; |
*) |
echo "Argument inconnu :$1"; |
echo "$usage" |