Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 303 → Rev 302

/alcasar.sh
411,8 → 411,6
logfile /var/log/ntp.log
EOF
chown -R ntp:ntp /etc/ntp
# synchronisation horaire
ntpd -q -g &
# Renseignement des fichiers hosts.allow et hosts.deny
[ -e /etc/hosts.allow.default ] || cp /etc/hosts.allow /etc/hosts.allow.default
cat <<EOF > /etc/hosts.allow
462,7 → 460,7
# Configuration et sécurisation Apache
[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
$SED "s?^#ServerName.*?ServerName $PRIVATE_IP?g" /etc/httpd/conf/httpd.conf
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
$SED "s?^Listen.*?#Listen 127.0.0.1:80?g" /etc/httpd/conf/httpd.conf
$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf
475,16 → 473,6
</html>
EOF
echo "- URL d'accès au centre de gestion : https://$PRIVATE_IP" >> $FIC_PARAM
# On crée le VirtualHost pour l'accès au port 80 (redirection après filtrage)
FIC_VIRTUAL=`find /etc/httpd/conf -type f -name *default_vhosts*`
[ -e /etc/httpd/conf/vhosts.default ] || cp $FIC_VIRTUAL /etc/httpd/conf/vhosts.default
cat <<EOF > $FIC_VIRTUAL
NameVirtualHost *:80
<VirtualHost *:80>
ServerName $HOSTNAME
DocumentRoot $DIR_WEB/redirect
</VirtualHost>
EOF
# Définition du premier compte lié au profil 'admin'
if [ "$mode" = "install" ]
then
510,6 → 498,8
# Création des fichiers de clés des deux autres profils (backup + manager) contenant ce compte
$DIR_DEST_SBIN/alcasar-profil.sh -list
fi
# synchronisation horaire
ntpd -q -g &
# Sécurisation du centre
rm -f /etc/httpd/conf/webapps.d/*
cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
600,10 → 590,9
{
$SED "s?ifcfg-eth.?ifcfg-$INTIF?g" $DIR_DEST_BIN/alcasar-CA.sh
$DIR_DEST_BIN/alcasar-CA.sh $mode
FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl*`
[ -e /etc/httpd/conf/vhosts-ssl.default ] || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL
MOD_SSL=`find /etc/httpd/conf -type f -name *default_ssl*`
$SED "s?localhost.crt?alcasar.crt?g" $MOD_SSL
$SED "s?localhost.key?alcasar.key?g" $MOD_SSL
chown -R root:apache /etc/pki
chmod -R 750 /etc/pki
} # End AC ()
/scripts/alcasar-iptables.sh
62,10 → 62,11
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp --icmp-type 0 -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp --icmp-type 8 -j ACCEPT
 
# On ajoute ici les règles spécifiques de filtrage réseau
# On ajoute ici les règles spécifiques de filtrage réseau --> dans /usr/local/sbin/alcasar-iptables-local.sh
if [ -f /usr/local/etc/alcasar-iptables-local.sh ]; then
. /usr/local/etc/alcasar-iptables-local.sh
fi
# On autorise le transfert de flux dans les deux sens (avec log sur les demandes de connexion sortantes)
# On ajoute ici les règles de filtrage réseau
if [ -f /usr/local/bin/alcasar-iptables-filter.sh ]; then
. /usr/local/bin/alcasar-iptables-filter.sh
79,7 → 80,6
$IPTABLES -A INPUT -i $TUNIF -p udp --dport domain -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -p udp --dport ntp -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport https -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport http -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport ssh -j ACCEPT
################## FILTRAGE PARTICULIER ##################
# Administration à distance par exemple :
/scripts/sbin/alcasar-uninstall.sh
24,14 → 24,12
sleep 1
 
# gestion
echo -en "\n- gestion(7) : "
echo -en "\n- gestion(5) : "
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, "
[ -e /etc/httpd/conf/httpd.conf.default ] && mv /etc/httpd/conf/httpd.conf.default /etc/httpd/conf/httpd.conf && echo -n "2, "
[ -e /etc/php.ini.default ] && mv /etc/php.ini.default /etc/php.ini && echo -n "3, "
[ -e /etc/httpd/conf/vhosts.default ] && FIC_VIRTUAL=`find /etc/httpd/conf -type f -name *default_vhosts*` && mv /etc/httpd/conf/vhosts.default $FIC_VIRTUAL && echo -n "4, "
[ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl*` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL && echo -n "5, "
[ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf && echo -n "6, "
[ -e /var/www/error/include/bottom.html.default ] && mv /var/www/error/include/bottom.html.default /var/www/error/include/bottom.html && echo -n "7"
[ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf && echo -n "4, "
[ -e /var/www/error/include/bottom.html.default ] && mv /var/www/error/include/bottom.html.default /var/www/error/include/bottom.html && echo -n "5 "
sleep 1
 
# CA
/gestion/redirect/logo-alcasar.png
Cannot display: file marked as a binary type.
svn:mime-type = image/png
Property changes:
Deleted: svn:mime-type
-image/png
\ No newline at end of property
/gestion/redirect/index.html
File deleted
/gestion/admin/web_filter.php
0,0 → 1,159
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><!-- written by Rexy -->
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<TITLE>ALCASAR WEB filtering</TITLE>
<link rel="stylesheet" href="/css/style.css" type="text/css">
</HEAD>
<body>
<?
# Choice of language
$Language = 'en';
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
$Language = strtolower(substr(chop($Langue[0]),0,2)); }
if($Language == 'fr'){
$l_title1 = "Antivirus";
$l_title2 = "Filtrage de noms de domaine et d'URL";
$l_antivir_on="L'antivirus de flux WEB est actuellement activé";
$l_antivir_off="L'antivirus de flux WEB est actuellement désactivé";
$l_webfilter_on="Le filtrage WEB est actuellement activé";
$l_webfilter_off="Le filtrage WEB est actuellement désactivé";
$l_switch_antivir_on="Activer l'antivirus";
$l_switch_antivir_off="Désactiver l'antivirus";
$l_switch_filtering_on="Activer le filtrage";
$l_switch_filtering_off="Désactiver le filtrage";
$l_main_bl="Liste noire principale (version actuelle : ";
$l_download="Télécharger la dernière version";
$l_warning="<B>Attention</B> : ce téléchargement peut durer plusieurs minutes.";
$l_secondary_bl="Liste noire et liste blanche secondaires";
}
else {
$l_title1 = "Antivirus";
$l_title2 = "Domain names and URL filtering";
$l_antivir_on="Actually, the antivirus is on";
$l_antivir_off="Actually, the antivirus is off";
$l_webfilter_on="Actually, the WEB filter is on";
$l_webfilter_off="Actually, the WEB filter is off";
$l_switch_antivir_on="Switch the antivirus on";
$l_switch_antivir_off="Switch the antivirus off";
$l_switch_filtering_on="Switch the WebFilter on";
$l_switch_filtering_off="Switch the WebFilter off";
$l_main_bl="Main blacklist (current version : ";
$l_download="Download the last version";
$l_warning="<B>Be carefull</B> : this download is estimate to fiew minutes.";
$l_secondary_bl="Secondary blacklist and whitelist";
}
if (isset($_POST['choix'])){ $choix=$_POST['choix']; } else { $choix=""; }
switch ($choix)
{
case 'AV_On' :
exec ("sudo /usr/local/sbin/alcasar-havp.sh -on");
break;
case 'AV_Off' :
exec ("sudo /usr/local/sbin/alcasar-havp.sh -off");
break;
case 'BL_On' :
exec ("sudo /usr/local/sbin/alcasar-bl.sh -on");
break;
case 'BL_Off' :
exec ("sudo /usr/local/sbin/alcasar-bl.sh -off");
break;
case 'MAJ_bl' :
exec ("sudo /usr/local/sbin/alcasar-bl.sh -download");
break;
case 'MAJ_OSSI' :
$fichier=fopen("/etc/dansguardian/lists/blacklists/ossi/domains","w+");
fputs($fichier, $_POST['OSSI_bl_domains']);
fclose($fichier);
unset($_POST['OSSI_bl_domains']);
$fichier=fopen("/etc/dansguardian/lists/exceptionsitelist","w+");
fputs($fichier, $_POST['OSSI_wl_domains']);
fclose($fichier);
unset($_POST['OSSI_wl_domains']);
$fichier=fopen("/etc/dansguardian/lists/blacklists/ossi/urls","w+");
fputs($fichier, $_POST['OSSI_bl_urls']);
fclose($fichier);
unset($_POST['OSSI_bl_urls']);
$fichier=fopen("/etc/dansguardian/lists/exceptionurllist","w+");
fputs($fichier, $_POST['OSSI_wl_urls']);
fclose($fichier);
unset($_POST['OSSI_wl_urls']);
exec ("sudo /usr/local/sbin/alcasar-bl.sh -reload");
break;
}
?>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0>
<tr><th><?php echo "$l_title1"; ?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width=1 height=2></td></tr>
</TABLE>
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0>
<tr><td valign="middle" align="left">
<?php
$pointeur = fopen("/etc/dansguardian/dansguardian.conf", "r");
$result_antivir = false; $result_filter = false; $out=0;
if ($pointeur)
{
while (!feof($pointeur))
{
$ligne = fgets($pointeur);
if (preg_match("/^proxyport = 8090/", $ligne, $r))
{
$result_antivir = true;
$out++;
}
if (preg_match("/^reportinglevel = 3/", $ligne, $r))
{
$result_filter = true;
$out++;
}
if ($out == 2) break;
}
}
fclose($pointeur);
if ($result_antivir)
{
echo "<CENTER><H3>$l_antivir_on</H3></CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<input type=hidden name='choix' value=\"AV_Off\">";
echo "<input type=submit value=\"$l_switch_antivir_off\">";
}
else
{
echo "<CENTER><H3>$l_antivir_off</H3></CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<input type=hidden name='choix' value=\"AV_On\">";
echo "<input type=submit value=\"$l_switch_antivir_on\">";
}
?>
</FORM>
</td></tr>
</TABLE>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0>
<tr><th><?php echo "$l_title2"; ?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width=1 height=2></td></tr>
</TABLE>
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0>
<tr><td valign="middle" align="left">
<?php
if ($result_filter)
{
echo "<CENTER><H3>$l_webfilter_on</H3></CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<input type=hidden name='choix' value=\"BL_Off\">";
echo "<input type=submit value=\"$l_switch_filtering_off\">";
}
else
{
echo "<CENTER><H3>$l_webfilter_off</H3></CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<input type=hidden name='choix' value=\"BL_On\">";
echo "<input type=submit value=\"$l_switch_filtering_on\">";
}
echo "</FORM>";
echo "</td></tr>";
echo "</TABLE>";
if ($result_filter) require ('web_filter2.php');
?>
</BODY>
</HTML>
/gestion/admin/net_filter.php
53,12 → 53,6
if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";}
switch ($choix)
{
case 'AV_On' :
exec ("sudo /usr/local/sbin/alcasar-havp.sh -on");
break;
case 'AV_Off' :
exec ("sudo /usr/local/sbin/alcasar-havp.sh -off");
break;
case 'NF_On' :
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on");
break;
137,56 → 131,8
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on");
break;
}
?>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0>
<tr><th><?php echo "$l_title1"; ?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width=1 height=2></td></tr>
</TABLE>
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0>
<tr><td valign="middle" align="left">
<?php
$pointeur = fopen("/etc/dansguardian/dansguardian.conf", "r");
$result_antivir = false; $result_filter = false; $out=0;
if ($pointeur)
{
while (!feof($pointeur))
{
$ligne = fgets($pointeur);
if (preg_match("/^proxyport = 8090/", $ligne, $r))
{
$result_antivir = true;
$out++;
}
if (preg_match("/^reportinglevel = 3/", $ligne, $r))
{
$result_filter = true;
$out++;
}
if ($out == 2) break;
}
}
fclose($pointeur);
if ($result_antivir)
{
echo "<CENTER><H3>$l_antivir_on</H3></CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<input type=hidden name='choix' value=\"AV_Off\">";
echo "<input type=submit value=\"$l_switch_antivir_off\">";
}
else
{
echo "<CENTER><H3>$l_antivir_off</H3></CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<input type=hidden name='choix' value=\"AV_On\">";
echo "<input type=submit value=\"$l_switch_antivir_on\">";
}
?>
</FORM>
</td></tr>
</TABLE>
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1>";
<tr><td valign="middle" align="left">";
<?
echo "<TABLE width=\"100%\" border=1 cellspacing=0 cellpadding=1>";
echo "<tr><td valign=\"middle\" align=\"left\">";
$pointeur = fopen("/usr/local/bin/alcasar-iptables.sh", "r");
$result = False ;
if ($pointeur)
/gestion/admin/web_filter2.php
0,0 → 1,86
<?php
function echo_file ($filename)
{
if (file_exists($filename))
{
if (filesize($filename) != 0)
{
$pointeur=fopen($filename,"r");
$tampon = fread($pointeur, filesize($filename));
fclose($pointeur);
echo $tampon;
}
}
else
{
echo "erreur d'ouverture du fichier $filename";
}
}
?>
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1>
<tr><td valign="middle" align="left">
<FORM action='/admin/web_filter.php' method=POST>
<input type='hidden' name='choix' value='MAJ_bl'>
<?php
echo "<center>$l_main_bl";
echo_file ("/var/www/html/VERSION-BL");
echo ")</center><BR>";
echo "<input type='submit' value='$l_download'>";
echo " ($l_warning)";
?>
</FORM>
</td></tr>
</TABLE>
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1>
<tr><td valign="middle" align="left">
<?echo "<center>$l_secondary_bl</center></td></tr>";?>
<FORM action='/admin/web_filter.php' method='POST'>
<TABLE cellspacing=2 cellpadding=3 border=1>
<tr><td width=50% height=100% align=center>
<H3>Liste des noms de domaine interdits</H3>
Entrez ici des noms de domaine inconnus de la liste noire principale<BR>
et que vous d&eacute;sirez bloquer<BR>
Entrez un nom de domaine par ligne (exemple : domaine.org)
<textarea name='OSSI_bl_domains' rows=5 cols=40>
<?php
echo_file ("/etc/dansguardian/lists/blacklists/ossi/domains");
?>
</textarea>
</td><td width=50% height=100% align=center>
<H3>Liste des noms de domaine r&eacute;abilit&eacute;s</H3>
Entrez ici des noms de domaine bloqu&eacute;s par la liste noire principale<BR>
que vous d&eacute;sirez r&eacute;habiliter<BR>
Entrez un nom de domaine par ligne (exemple : domaine2.org)
<textarea name='OSSI_wl_domains' rows=5 cols=40>
<?php
echo_file ("/etc/dansguardian/lists/exceptionsitelist");
?>
</textarea>
</td></tr>
<tr><td width=50% height=100% align=center>
<H3>Liste des URLs interdites</H3>
Entrez ici des URLs inconnues de la liste noire principale<BR>
que vous d&eacute;sirez bloquer<BR>
Entrez une URL par ligne (exemple : www.domaine.org/perso/index.htm)
<textarea name='OSSI_bl_urls' rows=5 cols=40>
<?php
echo_file ("/etc/dansguardian/lists/blacklists/ossi/urls");
?>
</textarea>
</td><td width=50% height=100% align=center>
<H3>Liste des URLs r&eacute;abilit&eacute;s</H3>
Entrez ici des URLs bloqu&eacute;es par la liste noire principale<BR>
que vous d&eacute;sirez r&eacute;habiliter<BR>
Entrez une URL par ligne (exemple : www.domaine2.org/perso/index.htm)
<textarea name='OSSI_wl_urls' rows=5 cols=40>
<?php
echo_file ("/etc/dansguardian/lists/exceptionurllist");
?>
</textarea>
</td></tr>
</TABLE>
<input type='hidden' name='choix' value='MAJ_OSSI'>
<input type='submit' value='Enregistrer les modifications'>
</FORM>
</td></tr>
</TABLE>
/gestion/filtering.php
1,10 → 1,12
<?
$select[0]="$l_domains_filter";
$select[1]=$l_network_filter;
$select[2]="Exceptions";
$select[0]="$l_domains";
$select[1]="Web";
$select[2]=$l_network;
$select[3]="Exceptions";
$fich[0]="admin/dns_filter.php";
$fich[1]="admin/net_filter.php";
$fich[2]="admin/filter_exceptions.php";
$fich[1]="admin/web_filter.php";
$fich[2]="admin/net_filter.php";
$fich[3]="admin/filter_exceptions.php";
$j=0;
$nb=count($select);
while ($j != $nb)
/gestion/menu.php
20,8 → 20,7
$l_statistics = "STATISTIQUES";
$l_backup = "SAUVEGARDES";
$l_activity = "Activité";
$l_domains = "Domaines et URLs";
$l_network = "Protocoles réseau";
$l_network = "Réseau";
$l_ldap = "Ldap/A.D.";
$l_access_nb = "Accès au centre";
$l_create_user = "Créer usager";
45,8 → 44,7
$l_statistics = "STATISTICS";
$l_backup = "BACKUPS";
$l_activity = "Activity";
$l_network = "Network protocols";
$l_domains = "Domains & URLs";
$l_network = "Network";
$l_ldap = "Ldap/A.D.";
$l_access_nb = "Access to center";
$l_create_user = "Create user";
146,7 → 144,7
fputs($fp, "$nb\n");
fclose($fp);
?>
<br>depuis le 08/10/2010<br></center></td></tr>
<br>depuis le 99/99/9999<br></center></td></tr>
</TABLE>
</td></tr>
</TABLE>