/alcasar.sh |
---|
411,8 → 411,6 |
logfile /var/log/ntp.log |
EOF |
chown -R ntp:ntp /etc/ntp |
# synchronisation horaire |
ntpd -q -g & |
# Renseignement des fichiers hosts.allow et hosts.deny |
[ -e /etc/hosts.allow.default ] || cp /etc/hosts.allow /etc/hosts.allow.default |
cat <<EOF > /etc/hosts.allow |
462,7 → 460,7 |
# Configuration et sécurisation Apache |
[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default |
$SED "s?^#ServerName.*?ServerName $PRIVATE_IP?g" /etc/httpd/conf/httpd.conf |
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf |
$SED "s?^Listen.*?#Listen 127.0.0.1:80?g" /etc/httpd/conf/httpd.conf |
$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf |
$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf |
$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf |
475,16 → 473,6 |
</html> |
EOF |
echo "- URL d'accès au centre de gestion : https://$PRIVATE_IP" >> $FIC_PARAM |
# On crée le VirtualHost pour l'accès au port 80 (redirection après filtrage) |
FIC_VIRTUAL=`find /etc/httpd/conf -type f -name *default_vhosts*` |
[ -e /etc/httpd/conf/vhosts.default ] || cp $FIC_VIRTUAL /etc/httpd/conf/vhosts.default |
cat <<EOF > $FIC_VIRTUAL |
NameVirtualHost *:80 |
<VirtualHost *:80> |
ServerName $HOSTNAME |
DocumentRoot $DIR_WEB/redirect |
</VirtualHost> |
EOF |
# Définition du premier compte lié au profil 'admin' |
if [ "$mode" = "install" ] |
then |
510,6 → 498,8 |
# Création des fichiers de clés des deux autres profils (backup + manager) contenant ce compte |
$DIR_DEST_SBIN/alcasar-profil.sh -list |
fi |
# synchronisation horaire |
ntpd -q -g & |
# Sécurisation du centre |
rm -f /etc/httpd/conf/webapps.d/* |
cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf |
600,10 → 590,9 |
{ |
$SED "s?ifcfg-eth.?ifcfg-$INTIF?g" $DIR_DEST_BIN/alcasar-CA.sh |
$DIR_DEST_BIN/alcasar-CA.sh $mode |
FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl*` |
[ -e /etc/httpd/conf/vhosts-ssl.default ] || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default |
$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL |
$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL |
MOD_SSL=`find /etc/httpd/conf -type f -name *default_ssl*` |
$SED "s?localhost.crt?alcasar.crt?g" $MOD_SSL |
$SED "s?localhost.key?alcasar.key?g" $MOD_SSL |
chown -R root:apache /etc/pki |
chmod -R 750 /etc/pki |
} # End AC () |
/scripts/alcasar-iptables.sh |
---|
62,10 → 62,11 |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp --icmp-type 0 -j ACCEPT |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp --icmp-type 8 -j ACCEPT |
# On ajoute ici les règles spécifiques de filtrage réseau |
# On ajoute ici les règles spécifiques de filtrage réseau --> dans /usr/local/sbin/alcasar-iptables-local.sh |
if [ -f /usr/local/etc/alcasar-iptables-local.sh ]; then |
. /usr/local/etc/alcasar-iptables-local.sh |
fi |
# On autorise le transfert de flux dans les deux sens (avec log sur les demandes de connexion sortantes) |
# On ajoute ici les règles de filtrage réseau |
if [ -f /usr/local/bin/alcasar-iptables-filter.sh ]; then |
. /usr/local/bin/alcasar-iptables-filter.sh |
79,7 → 80,6 |
$IPTABLES -A INPUT -i $TUNIF -p udp --dport domain -j ACCEPT |
$IPTABLES -A INPUT -i $TUNIF -p udp --dport ntp -j ACCEPT |
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport https -j ACCEPT |
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport http -j ACCEPT |
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport ssh -j ACCEPT |
################## FILTRAGE PARTICULIER ################## |
# Administration à distance par exemple : |
/scripts/sbin/alcasar-uninstall.sh |
---|
24,14 → 24,12 |
sleep 1 |
# gestion |
echo -en "\n- gestion(7) : " |
echo -en "\n- gestion(5) : " |
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, " |
[ -e /etc/httpd/conf/httpd.conf.default ] && mv /etc/httpd/conf/httpd.conf.default /etc/httpd/conf/httpd.conf && echo -n "2, " |
[ -e /etc/php.ini.default ] && mv /etc/php.ini.default /etc/php.ini && echo -n "3, " |
[ -e /etc/httpd/conf/vhosts.default ] && FIC_VIRTUAL=`find /etc/httpd/conf -type f -name *default_vhosts*` && mv /etc/httpd/conf/vhosts.default $FIC_VIRTUAL && echo -n "4, " |
[ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl*` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL && echo -n "5, " |
[ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf && echo -n "6, " |
[ -e /var/www/error/include/bottom.html.default ] && mv /var/www/error/include/bottom.html.default /var/www/error/include/bottom.html && echo -n "7" |
[ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf && echo -n "4, " |
[ -e /var/www/error/include/bottom.html.default ] && mv /var/www/error/include/bottom.html.default /var/www/error/include/bottom.html && echo -n "5 " |
sleep 1 |
# CA |
/gestion/redirect/logo-alcasar.png |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/png |
Property changes: |
Deleted: svn:mime-type |
-image/png |
\ No newline at end of property |
/gestion/redirect/index.html |
---|
File deleted |
/gestion/admin/web_filter.php |
---|
0,0 → 1,159 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
<HTML><!-- written by Rexy --> |
<HEAD> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
<TITLE>ALCASAR WEB filtering</TITLE> |
<link rel="stylesheet" href="/css/style.css" type="text/css"> |
</HEAD> |
<body> |
<? |
# Choice of language |
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'fr'){ |
$l_title1 = "Antivirus"; |
$l_title2 = "Filtrage de noms de domaine et d'URL"; |
$l_antivir_on="L'antivirus de flux WEB est actuellement activé"; |
$l_antivir_off="L'antivirus de flux WEB est actuellement désactivé"; |
$l_webfilter_on="Le filtrage WEB est actuellement activé"; |
$l_webfilter_off="Le filtrage WEB est actuellement désactivé"; |
$l_switch_antivir_on="Activer l'antivirus"; |
$l_switch_antivir_off="Désactiver l'antivirus"; |
$l_switch_filtering_on="Activer le filtrage"; |
$l_switch_filtering_off="Désactiver le filtrage"; |
$l_main_bl="Liste noire principale (version actuelle : "; |
$l_download="Télécharger la dernière version"; |
$l_warning="<B>Attention</B> : ce téléchargement peut durer plusieurs minutes."; |
$l_secondary_bl="Liste noire et liste blanche secondaires"; |
} |
else { |
$l_title1 = "Antivirus"; |
$l_title2 = "Domain names and URL filtering"; |
$l_antivir_on="Actually, the antivirus is on"; |
$l_antivir_off="Actually, the antivirus is off"; |
$l_webfilter_on="Actually, the WEB filter is on"; |
$l_webfilter_off="Actually, the WEB filter is off"; |
$l_switch_antivir_on="Switch the antivirus on"; |
$l_switch_antivir_off="Switch the antivirus off"; |
$l_switch_filtering_on="Switch the WebFilter on"; |
$l_switch_filtering_off="Switch the WebFilter off"; |
$l_main_bl="Main blacklist (current version : "; |
$l_download="Download the last version"; |
$l_warning="<B>Be carefull</B> : this download is estimate to fiew minutes."; |
$l_secondary_bl="Secondary blacklist and whitelist"; |
} |
if (isset($_POST['choix'])){ $choix=$_POST['choix']; } else { $choix=""; } |
switch ($choix) |
{ |
case 'AV_On' : |
exec ("sudo /usr/local/sbin/alcasar-havp.sh -on"); |
break; |
case 'AV_Off' : |
exec ("sudo /usr/local/sbin/alcasar-havp.sh -off"); |
break; |
case 'BL_On' : |
exec ("sudo /usr/local/sbin/alcasar-bl.sh -on"); |
break; |
case 'BL_Off' : |
exec ("sudo /usr/local/sbin/alcasar-bl.sh -off"); |
break; |
case 'MAJ_bl' : |
exec ("sudo /usr/local/sbin/alcasar-bl.sh -download"); |
break; |
case 'MAJ_OSSI' : |
$fichier=fopen("/etc/dansguardian/lists/blacklists/ossi/domains","w+"); |
fputs($fichier, $_POST['OSSI_bl_domains']); |
fclose($fichier); |
unset($_POST['OSSI_bl_domains']); |
$fichier=fopen("/etc/dansguardian/lists/exceptionsitelist","w+"); |
fputs($fichier, $_POST['OSSI_wl_domains']); |
fclose($fichier); |
unset($_POST['OSSI_wl_domains']); |
$fichier=fopen("/etc/dansguardian/lists/blacklists/ossi/urls","w+"); |
fputs($fichier, $_POST['OSSI_bl_urls']); |
fclose($fichier); |
unset($_POST['OSSI_bl_urls']); |
$fichier=fopen("/etc/dansguardian/lists/exceptionurllist","w+"); |
fputs($fichier, $_POST['OSSI_wl_urls']); |
fclose($fichier); |
unset($_POST['OSSI_wl_urls']); |
exec ("sudo /usr/local/sbin/alcasar-bl.sh -reload"); |
break; |
} |
?> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0> |
<tr><th><?php echo "$l_title1"; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width=1 height=2></td></tr> |
</TABLE> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0> |
<tr><td valign="middle" align="left"> |
<?php |
$pointeur = fopen("/etc/dansguardian/dansguardian.conf", "r"); |
$result_antivir = false; $result_filter = false; $out=0; |
if ($pointeur) |
{ |
while (!feof($pointeur)) |
{ |
$ligne = fgets($pointeur); |
if (preg_match("/^proxyport = 8090/", $ligne, $r)) |
{ |
$result_antivir = true; |
$out++; |
} |
if (preg_match("/^reportinglevel = 3/", $ligne, $r)) |
{ |
$result_filter = true; |
$out++; |
} |
if ($out == 2) break; |
} |
} |
fclose($pointeur); |
if ($result_antivir) |
{ |
echo "<CENTER><H3>$l_antivir_on</H3></CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<input type=hidden name='choix' value=\"AV_Off\">"; |
echo "<input type=submit value=\"$l_switch_antivir_off\">"; |
} |
else |
{ |
echo "<CENTER><H3>$l_antivir_off</H3></CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<input type=hidden name='choix' value=\"AV_On\">"; |
echo "<input type=submit value=\"$l_switch_antivir_on\">"; |
} |
?> |
</FORM> |
</td></tr> |
</TABLE> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0> |
<tr><th><?php echo "$l_title2"; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width=1 height=2></td></tr> |
</TABLE> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0> |
<tr><td valign="middle" align="left"> |
<?php |
if ($result_filter) |
{ |
echo "<CENTER><H3>$l_webfilter_on</H3></CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<input type=hidden name='choix' value=\"BL_Off\">"; |
echo "<input type=submit value=\"$l_switch_filtering_off\">"; |
} |
else |
{ |
echo "<CENTER><H3>$l_webfilter_off</H3></CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<input type=hidden name='choix' value=\"BL_On\">"; |
echo "<input type=submit value=\"$l_switch_filtering_on\">"; |
} |
echo "</FORM>"; |
echo "</td></tr>"; |
echo "</TABLE>"; |
if ($result_filter) require ('web_filter2.php'); |
?> |
</BODY> |
</HTML> |
/gestion/admin/net_filter.php |
---|
53,12 → 53,6 |
if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";} |
switch ($choix) |
{ |
case 'AV_On' : |
exec ("sudo /usr/local/sbin/alcasar-havp.sh -on"); |
break; |
case 'AV_Off' : |
exec ("sudo /usr/local/sbin/alcasar-havp.sh -off"); |
break; |
case 'NF_On' : |
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on"); |
break; |
137,56 → 131,8 |
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on"); |
break; |
} |
?> |
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0> |
<tr><th><?php echo "$l_title1"; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width=1 height=2></td></tr> |
</TABLE> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0> |
<tr><td valign="middle" align="left"> |
<?php |
$pointeur = fopen("/etc/dansguardian/dansguardian.conf", "r"); |
$result_antivir = false; $result_filter = false; $out=0; |
if ($pointeur) |
{ |
while (!feof($pointeur)) |
{ |
$ligne = fgets($pointeur); |
if (preg_match("/^proxyport = 8090/", $ligne, $r)) |
{ |
$result_antivir = true; |
$out++; |
} |
if (preg_match("/^reportinglevel = 3/", $ligne, $r)) |
{ |
$result_filter = true; |
$out++; |
} |
if ($out == 2) break; |
} |
} |
fclose($pointeur); |
if ($result_antivir) |
{ |
echo "<CENTER><H3>$l_antivir_on</H3></CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<input type=hidden name='choix' value=\"AV_Off\">"; |
echo "<input type=submit value=\"$l_switch_antivir_off\">"; |
} |
else |
{ |
echo "<CENTER><H3>$l_antivir_off</H3></CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<input type=hidden name='choix' value=\"AV_On\">"; |
echo "<input type=submit value=\"$l_switch_antivir_on\">"; |
} |
?> |
</FORM> |
</td></tr> |
</TABLE> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1>"; |
<tr><td valign="middle" align="left">"; |
<? |
echo "<TABLE width=\"100%\" border=1 cellspacing=0 cellpadding=1>"; |
echo "<tr><td valign=\"middle\" align=\"left\">"; |
$pointeur = fopen("/usr/local/bin/alcasar-iptables.sh", "r"); |
$result = False ; |
if ($pointeur) |
/gestion/admin/web_filter2.php |
---|
0,0 → 1,86 |
<?php |
function echo_file ($filename) |
{ |
if (file_exists($filename)) |
{ |
if (filesize($filename) != 0) |
{ |
$pointeur=fopen($filename,"r"); |
$tampon = fread($pointeur, filesize($filename)); |
fclose($pointeur); |
echo $tampon; |
} |
} |
else |
{ |
echo "erreur d'ouverture du fichier $filename"; |
} |
} |
?> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left"> |
<FORM action='/admin/web_filter.php' method=POST> |
<input type='hidden' name='choix' value='MAJ_bl'> |
<?php |
echo "<center>$l_main_bl"; |
echo_file ("/var/www/html/VERSION-BL"); |
echo ")</center><BR>"; |
echo "<input type='submit' value='$l_download'>"; |
echo " ($l_warning)"; |
?> |
</FORM> |
</td></tr> |
</TABLE> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left"> |
<?echo "<center>$l_secondary_bl</center></td></tr>";?> |
<FORM action='/admin/web_filter.php' method='POST'> |
<TABLE cellspacing=2 cellpadding=3 border=1> |
<tr><td width=50% height=100% align=center> |
<H3>Liste des noms de domaine interdits</H3> |
Entrez ici des noms de domaine inconnus de la liste noire principale<BR> |
et que vous désirez bloquer<BR> |
Entrez un nom de domaine par ligne (exemple : domaine.org) |
<textarea name='OSSI_bl_domains' rows=5 cols=40> |
<?php |
echo_file ("/etc/dansguardian/lists/blacklists/ossi/domains"); |
?> |
</textarea> |
</td><td width=50% height=100% align=center> |
<H3>Liste des noms de domaine réabilités</H3> |
Entrez ici des noms de domaine bloqués par la liste noire principale<BR> |
que vous désirez réhabiliter<BR> |
Entrez un nom de domaine par ligne (exemple : domaine2.org) |
<textarea name='OSSI_wl_domains' rows=5 cols=40> |
<?php |
echo_file ("/etc/dansguardian/lists/exceptionsitelist"); |
?> |
</textarea> |
</td></tr> |
<tr><td width=50% height=100% align=center> |
<H3>Liste des URLs interdites</H3> |
Entrez ici des URLs inconnues de la liste noire principale<BR> |
que vous désirez bloquer<BR> |
Entrez une URL par ligne (exemple : www.domaine.org/perso/index.htm) |
<textarea name='OSSI_bl_urls' rows=5 cols=40> |
<?php |
echo_file ("/etc/dansguardian/lists/blacklists/ossi/urls"); |
?> |
</textarea> |
</td><td width=50% height=100% align=center> |
<H3>Liste des URLs réabilités</H3> |
Entrez ici des URLs bloquées par la liste noire principale<BR> |
que vous désirez réhabiliter<BR> |
Entrez une URL par ligne (exemple : www.domaine2.org/perso/index.htm) |
<textarea name='OSSI_wl_urls' rows=5 cols=40> |
<?php |
echo_file ("/etc/dansguardian/lists/exceptionurllist"); |
?> |
</textarea> |
</td></tr> |
</TABLE> |
<input type='hidden' name='choix' value='MAJ_OSSI'> |
<input type='submit' value='Enregistrer les modifications'> |
</FORM> |
</td></tr> |
</TABLE> |
/gestion/filtering.php |
---|
1,10 → 1,12 |
<? |
$select[0]="$l_domains_filter"; |
$select[1]=$l_network_filter; |
$select[2]="Exceptions"; |
$select[0]="$l_domains"; |
$select[1]="Web"; |
$select[2]=$l_network; |
$select[3]="Exceptions"; |
$fich[0]="admin/dns_filter.php"; |
$fich[1]="admin/net_filter.php"; |
$fich[2]="admin/filter_exceptions.php"; |
$fich[1]="admin/web_filter.php"; |
$fich[2]="admin/net_filter.php"; |
$fich[3]="admin/filter_exceptions.php"; |
$j=0; |
$nb=count($select); |
while ($j != $nb) |
/gestion/menu.php |
---|
20,8 → 20,7 |
$l_statistics = "STATISTIQUES"; |
$l_backup = "SAUVEGARDES"; |
$l_activity = "Activité"; |
$l_domains = "Domaines et URLs"; |
$l_network = "Protocoles réseau"; |
$l_network = "Réseau"; |
$l_ldap = "Ldap/A.D."; |
$l_access_nb = "Accès au centre"; |
$l_create_user = "Créer usager"; |
45,8 → 44,7 |
$l_statistics = "STATISTICS"; |
$l_backup = "BACKUPS"; |
$l_activity = "Activity"; |
$l_network = "Network protocols"; |
$l_domains = "Domains & URLs"; |
$l_network = "Network"; |
$l_ldap = "Ldap/A.D."; |
$l_access_nb = "Access to center"; |
$l_create_user = "Create user"; |
146,7 → 144,7 |
fputs($fp, "$nb\n"); |
fclose($fp); |
?> |
<br>depuis le 08/10/2010<br></center></td></tr> |
<br>depuis le 99/99/9999<br></center></td></tr> |
</TABLE> |
</td></tr> |
</TABLE> |