Subversion Repositories ALCASAR

Compare Revisions

Regard whitespace Rev 1218 → Rev 1219

/scripts/alcasar-netflow.sh
1,12 → 1,11
#!/bin/bash
 
NOW=$(date +%G%m%d)
DIR_SAVE="var/Save/logs/firwall/"
NOW=$(date +%G%m%d-%Hh%M)
DIR_LOG="/var/log/nfsen/profiles-data/live/ipt_netflow"
DIR_SAVE="/var/Save/logs/firewall"
EXPIRE_DELAY=7
 
cd $DIR_SAVE
find $DIR_LOG -mtime $EXPIRE_DELAY -name 'nfcapd.*' | xargs tar -czf tracability.log-$NOW.tar.gz;
cd $DIR_LOG
find . -mtime 0 -mtime -$EXPIRE_DELAY -name 'nfcapd.[0-9]*' | xargs tar -czf $DIR_SAVE/tracability.log-$NOW.tar.gz;
 
exit 0
/alcasar.sh
20,7 → 20,7
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
#
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav
 
# Options :
# -i or --install
1210,13 → 1210,16
mkdir -p /var/www/nfsen/plugins
chown -R nfsen:www-data /var/www/nfsen
#Ajout du plugin PortTracker
mkdir -p /var/log/netflow/porttracker /usr/share/nfsen/plugins
chown -R apache:apache /var/log/netflow/porttracker /usr/share/nfsen
mkdir -p /var/log/netflow/porttracker
mkdir -p /usr/share/nfsen/plugins
chown -R apache:apache /usr/share/nfsen
cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
chown apache /var/log/netflow/porttracker
#Copie du fichier de conf modifié de nfsen
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
#Copie du script d'initialisation de nfsen
cp $DIR_CONF/nfsen/nfsen.service /lib/systemd/system/
systemctl enable nfsen.service
#Installation de nfsen via le scrip Perl
DirTmp=$(pwd)
cd /tmp/nfsen-1.3.6p1/
1423,7 → 1426,7
EOF
cat << EOF > /etc/cron.d/alcasar-netflow
# mise à jour automatique du délais d'expiration des log Nertflow (tous les vendredi à 0h05)
05 0 * * 5 root $DIR_DEST_BIN/alcasar-netflow.sh
15 0 * * 1 root $DIR_DEST_BIN/alcasar-netflow.sh
EOF
 
# mise à jour des stats de connexion (accounting). Scripts provenant de "dialupadmin" (rpm freeradius-web) (cf. wiki.freeradius.org/Dialup_admin).
1533,7 → 1536,12
done
# export des logs en 'retard' dans /var/Save/logs
/usr/local/bin/alcasar-log.sh --export
# creation of the unit of alcasar-load_balancing
# processus lancés par défaut au démarrage
for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam nfsen
do
/sbin/chkconfig --add $i
done
 
cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
# This file is part of systemd.
#
1558,18 → 1566,8
[Install]
WantedBy=multi-user.target
EOF
systemctl enable alcasar-load_balancing.service
# process launch at boot time
for service in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam
do
/sbin/chkconfig --add $service
done
for service in alcasar-load_balancing.service nfsen.service
 
do
/bin/systemctl enable $service
done
 
# On applique les préconisations ANSSI
# Apply French Security Agency rules
# ignorer les broadcast ICMP. (attaque smurf)
1837,7 → 1835,7
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron fail2ban post_install
do
$func
# echo "*** 'debug' : end of function $func ***"; read a
echo "*** 'debug' : end of function $func ***"; read a
done
;;
-u | --uninstall)