/conf/lighttpd/vhosts.d/alcasar-with-ssl.conf |
---|
0,0 → 1,72 |
$HTTP["url"] =~ ".*" { |
# Disabling directory listing as default setting |
dir-listing.activate = "disable" |
} |
# If a wrong url is used, displaying homepage for unprivileged users |
$HTTP["url"] !~ "^/(acc|save)/" { |
server.error-handler-404 = "/" |
} |
# Error pages |
server.errorfile-prefix = "/var/www/html/errors/error-" |
$SERVER["socket"] == "alcasar.localdomain:443" { |
ssl.engine = "enable" |
ssl.pemfile = "/etc/pki/tls/private/alcasar.pem" |
ssl.verifyclient.ca-file = "/etc/pki/tls/certs/server-chain.pem" |
var.server_name = "alcasar.localdomain" |
server.name = server_name |
server.document-root = "/var/www/html" |
} |
$HTTP["scheme"] == "https" { |
alias.url = ( |
"/save" => "/var/Save" |
) |
# Digest authentication configuration |
auth.backend = "htdigest" |
auth.require = ( |
"/acc/" => |
( |
"method" => "digest", |
"realm" => "ALCASAR Control Center (ACC)", |
"require" => "valid-user" |
), |
"/save/" => |
( |
"method" => "digest", |
"realm" => "ALCASAR Control Center (ACC)", |
"require" => "valid-user" |
) |
) |
$HTTP["url"] =~ "^/(acc|save)/" { |
# Setting digest files according access permissions |
$HTTP["url"] =~ "^/acc/" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_all" |
$HTTP["url"] =~ "^/acc/admin" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_admin" |
} |
$HTTP["url"] =~ "^/acc/manager/" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_manager" |
} |
$HTTP["url"] =~ "^/acc/backup/" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup" |
} |
} |
$HTTP["url"] =~ "^/save" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup" |
# Enabling directory listing |
dir-listing.activate = "enable" |
} |
} |
} |
$HTTP["scheme"] == "http" { |
# Force HTTPS for specific pages |
$HTTP["url"] =~ "^/(acc|save)" { |
$HTTP["host"] =~ ".*" { |
url.redirect = (".*" => "https://%0$0") |
} |
} |
} |
/conf/lighttpd/vhosts.d/alcasar-without-ssl.conf |
---|
0,0 → 1,75 |
$HTTP["url"] =~ ".*" { |
# Disabling directory listing as default setting |
dir-listing.activate = "disable" |
} |
# If a wrong url is used, displaying homepage for unprivileged users |
$HTTP["url"] !~ "^/(acc|save)/" { |
server.error-handler-404 = "/" |
} |
# Error pages |
server.errorfile-prefix = "/var/www/html/errors/error-" |
$SERVER["socket"] == "alcasar.localdomain:443" { |
ssl.engine = "enable" |
ssl.pemfile = "/etc/pki/tls/private/alcasar.pem" |
ssl.verifyclient.ca-file = "/etc/pki/tls/certs/server-chain.pem" |
var.server_name = "alcasar.localdomain" |
server.name = server_name |
server.document-root = "/var/www/html" |
} |
$HTTP["scheme"] == "https" { |
alias.url = ( |
"/save" => "/var/Save" |
) |
# Digest authentication configuration |
auth.backend = "htdigest" |
auth.require = ( |
"/acc/" => |
( |
"method" => "digest", |
"realm" => "ALCASAR Control Center (ACC)", |
"require" => "valid-user" |
), |
"/save/" => |
( |
"method" => "digest", |
"realm" => "ALCASAR Control Center (ACC)", |
"require" => "valid-user" |
) |
) |
$HTTP["url"] =~ "^/(acc|save)/" { |
# Setting digest files according access permissions |
$HTTP["url"] =~ "^/acc/" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_all" |
$HTTP["url"] =~ "^/acc/admin" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_admin" |
} |
$HTTP["url"] =~ "^/acc/manager/" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_manager" |
} |
$HTTP["url"] =~ "^/acc/backup/" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup" |
} |
} |
$HTTP["url"] =~ "^/save" { |
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup" |
# Enabling directory listing |
dir-listing.activate = "enable" |
} |
} |
} |
$HTTP["scheme"] == "http" { |
# Force HTTPS for specific pages |
$HTTP["url"] =~ "^/(acc|save)" { |
$HTTP["host"] =~ ".*" { |
url.redirect = (".*" => "https://%0$0") |
} |
} |
} |
/conf/lighttpd/conf.d/fastcgi.conf |
---|
0,0 → 1,16 |
# FastCGI Module |
# --------------- |
# |
# http://www.lighttpd.net/documentation/fastcgi.html |
# |
server.modules += ( "mod_fastcgi" ) |
fastcgi.server = ( |
".php" => ( |
"localhost" => ( |
"socket" => "/var/lib/php-fpm/php-fpm.sock", |
"broken-scriptfilename" => "enable" |
) |
) |
) |
/conf/alcasar-e2g-en.html |
---|
0,0 → 1,49 |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<meta name="viewport" content="width=device-width, initial-scale=1.0"> |
<title>Access control</title> |
<link rel="stylesheet" type="text/css" href="//alcasar.localdomain/css/bootstrap.min.css"> |
<link rel="stylesheet" type="text/css" href="//alcasar.localdomain/css/index.css"> |
<link rel="icon" href="//alcasar.localdomain/images/favicon-48.ico" type="image/ico"> |
</head> |
<body> |
<div class="col-12 col-lg-10 offset-lg-1"> |
<!-- HeaderBox --> |
<div class="row banner"> |
<!-- Logo box --> |
<div class="img_banner d-none d-sm-block col-3 col-md-2"> |
<img class="img-fluid img-A" src="//alcasar.localdomain/images/organisme.png"> |
</div> |
<!-- Title --> |
<div id="cadre_titre" class="titre_banner col-12 col-sm-6 col-md-8"> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus">Access control</p> |
</div> |
</div> |
<!-- Logo box --> |
<div class="img_banner d-none d-sm-block col-3 col-md-2"> |
<img class="img-fluid img-organisme" src="//alcasar.localdomain/images/logo-alcasar_70.png"> |
</div> |
</div> |
<!-- Main content box --> |
<div class="row"> |
<div id="contenu_acces" class="col-12 col-lg-10 offset-lg-1"> |
<div id="box_url"> |
<br> |
You try to connect to a ressource whose content is deemed to contain inappropriate information. |
<table width="80%"> |
<tr> |
<td><img src="//alcasar.localdomain/images/interdit.png"></td> |
<td>Required WEB site : -URL- <br>category : -CATEGORIES- <br> -REASONGIVEN- </td> |
</tr><tr> |
<td></td><td><a href="javascript:history.back()">Previous page</a></td> |
</tr> |
</table> |
</div> |
</div> |
</div> |
</div> |
</body> |
</html> |
/conf/alcasar-e2g-fr.html |
---|
0,0 → 1,49 |
<!DOCTYPE html> |
<html> |
<head> |
<meta charset="UTF-8"> |
<meta name="viewport" content="width=device-width, initial-scale=1.0"> |
<title>Contrôle d'accès</title> |
<link rel="stylesheet" type="text/css" href="//alcasar.localdomain/css/bootstrap.min.css"> |
<link rel="stylesheet" type="text/css" href="//alcasar.localdomain/css/index.css"> |
<link rel="icon" href="//alcasar.localdomain/images/favicon-48.ico" type="image/ico"> |
</head> |
<body> |
<div class="col-12 col-lg-10 offset-lg-1"> |
<!-- HeaderBox --> |
<div class="row banner"> |
<!-- Logo box --> |
<div class="img_banner d-none d-sm-block col-3 col-md-2"> |
<img class="img-fluid img-A" src="//alcasar.localdomain/images/organisme.png"> |
</div> |
<!-- Title --> |
<div id="cadre_titre" class="titre_banner col-12 col-sm-6 col-md-8"> |
<div id="cadre_titre" class="titre_refus"> |
<p id="acces_controle" class="titre_refus">Contrôle d'accès</p> |
</div> |
</div> |
<!-- Logo box --> |
<div class="img_banner d-none d-sm-block col-3 col-md-2"> |
<img class="img-fluid img-organisme" src="//alcasar.localdomain/images/logo-alcasar_70.png"> |
</div> |
</div> |
<!-- Main content box --> |
<div class="row"> |
<div id="contenu_acces" class="col-12 col-lg-10 offset-lg-1"> |
<div id="box_url"> |
<br> |
Vous tentez d'accéder à une ressource dont le contenu est réputé contenir des informations inappropriées. |
<table width="80%"> |
<tr> |
<td><img src="//alcasar.localdomain/images/interdit.png"></td> |
<td>Site demandé : -URL- <br>catégorie : -CATEGORIES- <br> -REASONGIVEN- </td> |
</tr><tr> |
<td></td><td><a href="javascript:history.back()">Page précédente</a></td> |
</tr> |
</table> |
</div> |
</div> |
</div> |
</div> |
</body> |
</html> |
/conf/etc/alcasar-iptables-local.sh |
---|
0,0 → 1,79 |
#!/bin/sh |
# |
# $Id$ |
# |
# Custom rules for ALCASAR firewall |
# |
# Examples: |
# - Local MAC addresses filtering (MAC are in '/usr/local/etc/alcasar-iptables-local-mac-filtered'. Format : aa:09:23:2f:4d:ee) |
# - allow ICMP from an Internet IP address (Admin_from) to EXTIF |
# - Deny access to protected networks from internal LAN |
# - allow SMTP from ALCASAR to an other server |
# - Allow managers to access ACC from the external network |
# - Ports Address Translation (PAT) from Internet (one & multiple) |
# This script inherit of alcasar-iptables.sh variables : $INTIF, $EXTIF, $IPTABLES, etc |
# !!Beware, run the script "alcasar-iptables.sh" after changing this file. |
# Local MAC addresses filtering (MAC are in '/usr/local/etc/alcasar-iptables-local-mac-filtered'. Format : aa:09:23:2f:4d:ee) |
if [ -s /usr/local/etc/alcasar-iptables-local-mac-filtered ]; then |
while read mac_line |
do |
ip_on=`echo $mac_line|cut -b1` |
if [ $ip_on != "#" ] |
then |
mac_filtered=`echo $mac_line|cut -d" " -f1` |
echo "MAC filtered = $mac_filtered" |
$IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j NFLOG --nflog-group 1 --nflog-prefix "$mac_filtered -- Filt_DROP" |
$IPTABLES -A FORWARD -i $INTIF -p tcp -m mac --mac-source $mac_filtered -j DROP |
$IPTABLES -A FORWARD -i $INTIF -p udp -m mac --mac-source $mac_filtered -j DROP |
$IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j DROP |
fi |
done < /usr/local/etc/alcasar-iptables-local-mac-filtered |
fi |
# On autorise le ping (echo & request) (ICMP N°0 & 8) en provenance d'Internet vers ALCASAR |
# Allow ping (echo & request) (ICMP N°0 & 8) from Internet |
#$IPTABLES -A INPUT -i $EXTIF -p icmp --icmp-type 8 -j ACCEPT |
#$IPTABLES -A OUTPUT -o $EXTIF -p icmp --icmp-type 0 -j ACCEPT |
# On interdit aux utilisateurs l'accés à d'autres réseaux privés |
# Deny access of users to other private networks |
#protectedNetworks='10.0.0.0/8,172.16.0.0/12,192.168.0.0/16' # (RFC 1918) |
#[ -n "$TUNIF" ] && consultationIF=$TUNIF || consultationIF=$INTIF |
#$IPTABLES -A FORWARD -i $consultationIF -d $protectedNetworks -j DROP |
#$IPTABLES -A FORWARD -o $consultationIF -s $protectedNetworks -j DROP |
# On autorise ALCASAR à contacter un serveur MAIL externe (envoie de rapports, alertes, inscription d'utilisateurs, etc.) |
# Allow ALCASAR to connect to a mail server (send reports, alerts, users registration, etc.) |
#SMTP_IP='192.168.111.5' |
#SMTP_PORT=25 |
#$IPTABLES -A OUTPUT -p tcp --dport $SMTP_PORT -d $SMTP_IP -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT |
#$IPTABLES -A INPUT -p tcp --sport $SMTP_PORT -s $SMTP_IP -m conntrack --ctstate ESTABLISHED -j ACCEPT |
# On autorise un admin à accéder à l'ACC depuis l'extérieur (Internet ou le LAN entre ALCASAR et la BOX) |
# Allow managerIP to access ACC from the external network (Internet or LAN between ALCASAR and the broadband router) |
#managerIPs='192.168.0.10' |
#externalPort='34443' |
#$IPTABLES -t mangle -A PREROUTING -i $EXTIF -s $managerIPs -p tcp -d $PUBLIC_IP --dport $externalPort -j MARK --set-mark 100 |
#$IPTABLES -t nat -A PREROUTING -i $EXTIF -s $managerIPs -p tcp -d $PUBLIC_IP --dport $externalPort -j DNAT --to $PRIVATE_IP:443 |
#$IPTABLES -A INPUT -i $EXTIF -s $managerIPs -p tcp --dport 443 -m mark --mark 100 -j ACCEPT |
# On autorise l'accès depuis Internet (ex: port 11222) vers un equipement du LAN (ex: port 22). L'équipement sur le LAN doit être en IP fixe |
# Access is allowed from Internet (ie: port 11222) to a LAN equipment (ie: port 22). The equipment must be in static IP |
#$IPTABLES -A PREROUTING -i $EXTIF -t nat -p tcp -d $PUBLIC_IP --dport 11222 -j DNAT --to 192.168.182.10:22 |
#$IPTABLES -A PREROUTING -i $EXTIF -t nat -p udp -d $PUBLIC_IP --dport 11222 -j DNAT --to 192.168.182.10:22 |
#$IPTABLES -A FORWARD -p tcp -d 192.168.182.10 --dport 22 -j ACCEPT |
#$IPTABLES -A FORWARD -p udp -d 192.168.182.10 --dport 22 -j ACCEPT |
# On autorise l'accès depuis Internet (en multiports) vers un équipement du LAN (qui doit être en IP fixe) |
# Access is allowed from Internet (multiports) to a LAN equipment (which must be in static IP) |
#ext_ports=11223:11323; int_ports=12000:12100 |
#to_ip=192.168.182.7 |
#int_ports_dnat=`echo $int_ports|tr : -` |
#ext_ports_dnat=`echo $ext_ports|tr : -` |
#first_ext_port=`echo $ext_ports|cut -d":" -f1` |
#$IPTABLES -A PREROUTING -i $EXTIF -t nat -p tcp -d $PUBLIC_IP --dport $ext_ports -j DNAT --to $to_ip:$int_ports_dnat/$first_ext_port |
#$IPTABLES -A FORWARD -i $EXTIF -p tcp -d $to_ip -m multiport --dports $int_ports -j ACCEPT |
#$IPTABLES -A PREROUTING -i $EXTIF -t nat -p udp -d $PUBLIC_IP --dport $ext_ports -j DNAT --to $to_ip:$int_ports_dnat/$first_ext_port |
#$IPTABLES -A FORWARD -i $EXTIF -p udp -d $to_ip -m multiport --dports $int_ports -j ACCEPT |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Date Author Id |
\ No newline at end of property |
/conf/etc/alcasar-uamdomain-sample |
---|
0,0 → 1,21 |
uamdomain=".akamaiedge.net" |
uamdomain=".akamaitechnologies.com" |
uamdomain=".download.microsoft.com" |
uamdomain=".download.windowsupdate.com" |
uamdomain=".ds.download.windowsupdate.com" |
uamdomain=".update.microsoft.com" |
uamdomain=".update.microsoft.com.nsatc.net" |
uamdomain=".windowsupdate.microsoft.com" |
uamdomain="activation.sls.microsoft.com" |
uamdomain="crl.microsoft.com" |
uamdomain="go.microsoft.com" |
uamdomain="ntservicepack.microsoft.com" |
uamdomain="stats.update.microsoft.com" |
uamdomain="time.windows.com" |
uamdomain=".alcasar.net" |
uamdomain=".clamav.net" |
uamdomain=".ubuntu.com" |
uamdomain=".debian.org" |
uamdomain=".mozilla.org" |
uamdomain=".cnd.mozilla.net" |
uamdomain=".macromedia.com" |
/conf/etc/alcasar-bl-categories-enabled |
---|
0,0 → 1,20 |
adult |
agressif |
cryptojacking |
dangerous_material |
ddos |
doh |
drogue |
gambling |
hacking |
malware |
marketingware |
mixed_adult |
phishing |
redirector |
remote-control |
sect |
strict_redirector |
strong_redirector |
tricheur |
warez |
/conf/etc/alcasar-global-usage |
---|
0,0 → 1,872 |
# |
# Franck Bourdonnec, and some users want to have a catalog |
# of database. Some want a per database/file, some want a global one. |
# this is the global |
# I only put French and English description |
# ANY Help on description is welcome (spanish, german, italian, etc.) |
# |
# NAME : name of tar blacklist |
# DEFAULT_TYPE : what is the primary use of this blacklist (can be inverted, i.e. for webmail) |
# SOURCE : Url of the main provider of information |
# NAME xx: Short name used display in listbox, menu choice etc for xx Language |
# DESC xx: Description of the blacklist for xx Language |
# |
# to participate : <mailto:fabrice.prigent@ut-capitole.fr> |
# |
NAME: adult |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Some adult site from erotic to hard pornography. |
DESC FR: Des sites adultes allant de l'érotique à la pornographie dure. |
DESC RU: Некоторые взрослые сайты от эротики до жесткой порнографии. |
DESC ES: Sitios para adultos, desde erotísmo a pornografía dura. |
NAME EN: Adult (X) |
NAME FR: Adulte (X) |
NAME IT: Siti per adulti (XXX) |
NAME NL: 18+ (X) |
NAME RU: Эротика |
NAME DE: Porno |
NAME ES: Porno |
NAME: agressif |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Some aggressive sites. |
DESC FR: Quelques sites racistes, antisémites, incitant à la haine. |
DESC RU: Некоторые агрессивные веб-сайты расистского, антисемитского, разжигания ненависти. |
DESC ES: Sitios agresivos, racistas, que incitan a la violencia. |
NAME EN: Aggressive (english) |
NAME FR: Agréssif (anglais) |
NAME IT: Aggressività in inglese) |
NAME NL: Aggressief (engels) |
NAME RU: Агрессия (английский) |
NAME DE: Aggressiver (englisch) |
NAME ES: Agresivo |
NAME: audio-video |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Some audio and video sites. |
DESC FR: Quelques sites orientés vers l'audio et la vidéo. |
DESC RU: Некоторые сайты, ориентированные на аудио и видео. |
DESC ES: Sitios de audio y vídeo. |
NAME EN: Audio/Video |
NAME FR: Audio/Vidéo |
NAME IT: Audio/Video |
NAME NL: Audio/Video |
NAME RU: Звук/Видео |
NAME DE: Audio/Video |
NAME ES: Audio/Video |
NAME: blog |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Some blogs sites. |
DESC FR: Quelques sites hébergeant des blogs. |
DESC RU: Некоторые сайты-блоги. |
DESC ES: Sitios de Blogs |
NAME EN: blogs |
NAME FR: blogs |
NAME IT: blogs |
NAME NL: blogs |
NAME DE: blogs |
NAME RU: Блоги. |
NAME ES: blogs |
NAME: cleaning |
DEFAULT_TYPE: white |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Sites to disinfect, update and protect computers. |
DESC FR: Sites pour désinfecter et mettre à jour des ordinateurs. |
DESC RU: Сайты для лечения, обновления и защиты компьютеров. |
DESC ES: Sitios para desinfectar, actualizar y proteger ordenadores. |
NAME EN: Cleanup, Antivirus etc |
NAME FR: Nettoyage, Antivirus, etc |
NAME IT: Sicurezza (Antispyware, Antivirus ecc) |
NAME NL: Cleanup, Antivirus etc |
NAME DE: Antivirustools etc |
NAME RU: Очистка, антивирусы и т. д. |
NAME ES: Antivirus, limpieza, etc. |
NAME: dangerous_material |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Sites which describe how to make bomb and some dangerous material. |
DESC FR: Sites décrivant des moyens de créer du matériel dangereux (explosif, poison, etc.). |
DESC RU: Сайты, описывающие способы создания опасных материалов(взрывчатые вещества, яды, и т. д.). |
DESC ES: Sitios que describen como hacer bombas y otros materiales peligrosos. |
NAME EN: Dangerous kits |
NAME FR: Assemblages dangereux |
NAME IT: Materiali Pericolosi |
NAME NL: Dangerous kits |
NAME DE: Gefährliches Material |
NAME RU: Опасные наборы. |
NAME ES: Materiales peligrosos. |
NAME: download |
DEFAULT_TYPE: white |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Sites which propose to download software |
DESC FR: Sites qui permettent de télécharger des logiciels |
NAME EN: Software download |
NAME FR: Telechargement de logiciels |
NAME: drogue |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Sites relative to drugs. |
DESC FR: Drogue. |
DESC RU: Сайты, имеющие отношение к наркотикам. |
DESC ES: Sitios relacionados con las drogas. |
NAME EN: Drug |
NAME FR: Drogue |
NAME IT: Droghe |
NAME NL: Verdovende middelen |
NAME RU: Наркотики |
NAME DE: Drogen |
NAME ES: Drogas |
NAME: financial |
DEFAULT_TYPE: black |
SOURCE: http://www.squidguard.org |
DESC EN: Sites relative financial information. |
DESC FR: Informations financières, bourses. |
DESC RU: Сайты, связанные с финансовой информацией. |
NAME ES: Sitios relacionados con información financiera, bolsas. |
NAME EN: Financial |
NAME FR: Finance |
NAME IT: Financial |
NAME NL: Financial |
NAME RU: Финансы. |
NAME DE: Financial |
NAME ES: Finanzas |
NAME: forums |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Forums site. |
DESC FR: Forums. |
DESC RU: Сайты-форумы. |
DESC ES: Foros |
NAME EN: Forums |
NAME FR: Forums |
NAME IT: Forum |
NAME NL: Forums |
NAME RU: Форумы |
NAME DE: Foren |
NAME ES: Foros |
NAME: gambling |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Gambling and games sites, casino, etc. |
DESC FR: Sites de jeux en ligne, casino, etc. |
DESC RU: Азартные игры и игровые сайты, казино. |
DESC ES: Sitios de juego en línea, apuestas, casinos, etc. |
NAME EN: Gambling/Casino games |
NAME FR: Jeux casino |
NAME IT: Gioco d\azzardo/Casino |
NAME NL: Gokken/Casinospelen |
NAME RU: Азартные игры и казино |
NAME DE: Glueckspiel |
NAME ES: Apuestas/Casino |
NAME: hacking |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Hacking sites. |
DESC FR: Sites de piratage et d'agressions informatiques. |
DESC RU: Сайты о взломе и о компьютерных атаках. |
DESC ES: Sitos de pirateo informático, hackers |
NAME EN: Hacking |
NAME FR: Hacking |
NAME IT: Hacking |
NAME NL: Hacken |
NAME RU: Хакерство |
NAME DE: Hacking |
NAME ES: Hacking |
NAME: liste_blanche |
DEFAULT_TYPE: white |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: A list of whitelisted sites. |
DESC FR: Une liste de sites en liste blanche. |
DESC IT: Una lista di siti della lista bianca. |
DESC RU: Список сайтов белого списка. |
DESC DE: Eine Liste von Whitelist-Seiten. |
DESC ES: Una lista de sitios de la lista blanca. |
NAME EN: whitelist |
NAME FR: Liste blanche |
NAME IT: lista bianca |
NAME RU: белый список |
NAME DE: weiße Liste |
NAME ES: lista blanca |
NAME: liste_bu |
DEFAULT_TYPE: white |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: A french list for educational sites. VERY locally oriented. may help libraries. |
DESC FR: Une liste très "univ-tlse1.fr" de sites éducatifs pour notre bibliothèque. |
DESC RU: Французский список образовательных сайтов. ОЧЕНЬ местно ориентированный. Может помочь библиотекам. |
DESC ES: Una lista francesa de sitios educativos. Muy orientada a sitios franceses. |
NAME EN: Schools/Academics (french) |
NAME FR: Bibliothèques universitaires |
NAME IT: Scuola/Università in francese) |
NAME NL: Scholen/Academisch (frans) |
NAME RU: Школы/Академия (французкий) |
NAME DE: Universitaetsbibliothek (frankreich) |
NAME ES: Bibliotecas universitarias (Francesas) |
NAME: mobile-phone |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Sites for mobile phone (rings, etc). |
DESC FR: Sites pour les mobiles (sonneries, etc.). |
DESC RU: Сайты для мобильных телефонов (рингтоны и т. д.). |
DESC ES: Sitios para teléfonos móviles (tonos, etc.) |
NAME EN: Mobile phone |
NAME FR: Téléphonie mobile |
NAME IT: Cellulari |
NAME NL: Mobiele telefonie |
NAME RU: Мобильный телефон |
NAME DE: Handy |
NAME ES: Telefonía móvil |
NAME: phishing |
DEFAULT_TYPE: black |
SOURCE: http://www.surbl.org |
DESC EN: Phishing sites |
DESC FR: Sites de phishing, de pièges bancaires, ou autres. |
DESC RU: Фишинг-сайты, банковские ловушки или другое. |
DESC ES: Sitios relacionados con phishing (suplantación de identidad) |
NAME RU: Фишинг. |
NAME EN: Phishing |
NAME FR: Phishing |
NAME IT: Phishing |
NAME NL: Phishing |
NAME DE: Phishing |
NAME ES: Phishing (suplantación de identidad) |
NAME: publicite |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Advertisement. |
DESC FR: Publicité. |
DESC RU: Объявления. |
DESC ES: Publicidad |
NAME EN: Ads |
NAME FR: Publicité |
NAME IT: Pubblicità |
NAME NL: Reclame |
NAME RU: Реклама |
NAME DE: Anzeigen |
NAME ES: Publicidad |
NAME: radio |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Internet radio sites |
DESC FR: Sites de radio sur Internet |
DESC RU: Сайты Интернет радио. |
DESC ES: Sitios de radio por internet. |
NAME EN: Internet radio |
NAME FR: Radio internet |
NAME IT: Internet radio |
NAME NL: Internet radio |
NAME RU: Радио Интернета |
NAME DE: Internet Radio |
NAME ES: Radio internet |
NAME: redirector |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Some redirector sites, which are used to circumvent filtering. |
DESC FR: Quelques sites qui permettent de contourner les filtres. |
DESC RU: Некоторые перенаправляющие сайты, которые используются для обхода фильтрации. |
DESC ES: Sitios de redirección de contenidos, usados para eludir el filtrado. |
NAME EN: Proxy |
NAME FR: Proxy |
NAME IT: Proxy |
NAME NL: Proxy |
NAME RU: Прокси |
NAME DE: Proxy |
NAME ES: Proxy |
NAME: strict_redirector |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Same as redirector, but with google, yahoo, and other cache/images search robots. |
DESC FR: Comme redirector, mais avec les moteurs de recherche classiques. |
DESC RU: Тоже, что и redirector, но с google, yahoo и другими поисковыми системами кэшей/изображений. |
DESC ES: Como redirector, pero con google, yahoo y otros motores de búsqueda clásicos. |
NAME EN: Strict Proxy |
NAME FR: Proxy strict |
NAME IT: Strict Proxy |
NAME NL: Strikte Proxy |
NAME RU: Строгое Прокси |
NAME DE: Strickt Proxy |
NAME ES: Proxy estricto |
NAME: strong_redirector |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Same as strict_redirector, but, for google, yahoo, we are only blocking some terms. |
DESC FR: Comme strict_redirector, mais, pour google et autres, on ne bloque que certains termes. |
DESC RU: Тоже, что и strict_redirector, но для google, yahoo блокируются только некоторые условия. |
DESC ES: Como strict_redirector, pero para google, yahoo y otros sólo bloquean algunos términos. |
NAME EN: Strong Proxy |
NAME FR: Proxy fort |
NAME IT: Strong Proxy |
NAME NL: Strakke Proxy |
NAME RU: Крепкое Прокси |
NAME DE: Stark Proxy |
NAME ES: Proxy fuerte |
NAME: tricheur |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Sites which are designed to explains cheating on exams. |
DESC FR: Sites qui expliquent comme tricher aux examens. |
DESC RU: Сайты, которые предназначены для объяснения как смошенничать на экзамене. |
DESC ES: Sitios que explican cómo hacer trampas en los exámenes. |
NAME EN: Cheater |
NAME FR: Tricheur |
NAME IT: Baro |
NAME NL: Cheats |
NAME RU: Мошенник |
NAME DE: Schummler |
NAME ES: Tramposos |
NAME: warez |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Warez sites. |
DESC FR: Sites distribuant, entre autres, des logiciels ou vidéos pirates. |
DESC RU: Пиратские сайты программного обеспечения. |
DESC ES: Sitios de programas piratas. |
NAME FR: Warez DownloadZ |
NAME EN: Warez DownloadZ |
NAME IT: Warez DownloadZ |
NAME NL: Warez DownloadZ |
NAME RU: Нелегальное программное обеспечение |
NAME DE: Warez |
NAME ES: Programas piratas (Warez) |
NAME: webmail |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Webmail sites (hotmail like...) |
DESC FR: Webmail que l'on trouve sur internet (hotmail, webmail.univ-tlse1.fr, etc.) |
DESC RU: Почтовые сайты (hotmail, webmail.univ-tlse1.fr и т. д.). |
DESC ES: Sitios de correo electrónico web. (hotmail, gmail, etc.) |
NAME EN: Webmail |
NAME FR: Messagerie Web |
NAME IT: Webmail |
NAME NL: Webmail |
NAME RU: Почта |
NAME DE: Webmail |
NAME ES: Mensajería web (webmail) |
NAME: games |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: games sites (flash and online games ) |
DESC FR: Sites de jeux, en ligne, ou de distributions de jeux. |
DESC RU: Игровые сайты (флеш и онлайн игры). |
DESC ES: Sitios de juegos, en línea, o de distribuciones de juegos. |
NAME RU: Игры. |
NAME EN: Games |
NAME FR: Jeux |
NAME IT: Games |
NAME NL: Games |
NAME DE: Spiele |
NAME ES: Juegos |
NAME: educational_games |
DEFAULT_TYPE: white |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: educational games sites (flash and online games ) |
DESC FR: Sites de jeux éducatifs |
DESC RU: Развивающие игры |
DESC ES: Sitios de juegos educativos |
NAME RU: Развивающие игры |
NAME EN: Educational Games |
NAME FR: Jeux éducatifs |
NAME IT: giochi educativi |
NAME NL: educatieve spellen |
NAME DE: Lernspiele |
NAME ES: Juegos educativos |
NAME: mixed_adult |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Websites which contains adult sections unstructured |
DESC FR: Sites qui contiennent des portions adultes non structurés |
DESC RU: Сайты, которые содержат неструктурированные разделы для взрослых. |
DESC ES: Sitios que contienen secciones para adultos no estructuradas. |
NAME RU: Смесь для взрослых. |
NAME EN: mixed_adult |
NAME FR: Varies_adultes |
NAME IT: mixed_adult |
NAME NL: mixed_adult |
NAME DE: mixed_adult |
NAME ES: Varios Adultos |
NAME: filehosting |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Websites which host files (pictures, video, ...) |
DESC FR: Sites qui hébergent des contenus (vidéos, images, sons) |
DESC RU: Веб-сайты, которые хостят файлы (картинки, видео, ...). |
DESC ES: Sitios que almacenan ficheros (imagenes, videos, audio...) |
NAME RU: Хостинг файлов. |
NAME EN: filehosting |
NAME FR: hebergement_fichiers |
NAME IT: filehosting |
NAME NL: filehosting |
NAME DE: filehosting |
NAME ES: Almacenamiento de ficheros |
NAME: reaffected |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Websites which have been reaffected |
DESC FR: Sites qui ont changé de propriétaire et donc de contenu |
DESC RU: Сайты, которые изменили владельца и, поэтому, содержимое. |
DESC ES: Sitios que han cambiado propietario y por tanto el contenido |
NAME RU: Пострадавшие. |
NAME EN: reaffected |
NAME FR: reaffected |
NAME IT: reaffected |
NAME NL: reaffected |
NAME DE: reaffected |
NAME ES: Sitios reutilizados (reaffected) |
NAME: sexual_education |
DEFAULT_TYPE: white |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Website which talk about sexual education, and can be misdetected as porn |
DESC FR: Sites qui parlent d éducation sexuelle et qui peuvent être détectés comme pornographiques |
DESC RU: Сайты, которые рассказывают о половом воспитании и могут быть ошибочно определены как порно. |
DESC ES: Sitios con contenidos acerca de la educación sexsual, y podrían ser catalogados por error como porno. |
NAME RU: Сексуальное образование. |
NAME EN: sexual_education |
NAME FR: education sexuelle |
NAME IT: sexual_education |
NAME NL: sexual_education |
NAME DE: sexual_education |
NAME ES: educación sexual |
NAME: shopping |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Any shopping, selling center |
DESC FR: Sites de vente et achat en ligne |
DESC RU: Сайты "купи-продай". |
DESC ES: Sitios de tiendas, compras en línea. |
NAME RU: Шоппинг. |
NAME EN: shopping |
NAME FR: shopping |
NAME IT: shopping |
NAME NL: shopping |
NAME DE: shopping |
NAME ES: compras (shopping) |
NAME: dating |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Dating, matching site for single person |
DESC FR: Sites de rencontres |
DESC RU: Сайты знакомств. |
DESC ES: Sitios de citas. |
NAME RU: Знакомства. |
NAME EN: dating |
NAME FR: rencontre |
NAME IT: dating |
NAME NL: dating |
NAME DE: dating |
NAME ES: citas |
NAME: marketingware |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Very special marketing sites |
DESC FR: Sites de marketing très spéciaux |
DESC RU: Очень специальные маркетинговые сайты. |
DESC ES: Sitios de marketing muy especiales |
NAME RU: Маркетинг |
NAME EN: marketingware |
NAME FR: marketingware |
NAME IT: marketingware |
NAME NL: marketingware |
NAME DE: marketingware |
NAME ES: marketingware |
NAME: astrology |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Astrology |
DESC FR: Astrologie |
DESC RU: Астрология. |
DESC ES: Astrología |
NAME RU: Астрология. |
NAME EN: Astrology |
NAME FR: Astrology |
NAME IT: Astrology |
NAME NL: Astrology |
NAME DE: Astrology |
NAME ES: Astrología |
NAME: sect |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Sect |
DESC FR: Secte |
DESC RU: Секты. |
DESC ES: Sectas |
NAME RU: Секты. |
NAME EN: Sect |
NAME FR: Secte |
NAME IT: Secte |
NAME NL: Secte |
NAME DE: Secte |
NAME ES: Sectas |
NAME: celebrity |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Famous people, actors, and magazine which talk about them |
DESC FR: Tout ce qui concerne l actualité dite people |
DESC RU: Известные люди, актеры и журналы, которые говорят о них. |
DESC ES: Personajes famosos, actores y sitios relacionados con ellos |
NAME RU: Знаменитости. |
NAME EN: Celebrity |
NAME FR: Celebrite |
NAME IT: Celebrity |
NAME NL: Celebrity |
NAME DE: Celebrity |
NAME ES: Celebridades (Celebrity) |
NAME: manga |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Any website related to manga, and cartoons |
DESC FR: Tout ce qui est lié à l'univers des mangas et de la bande dessinée |
DESC RU: Любой веб-сайт, связанный с аниме, комиксами и мультфильмами. |
DESC ES: Sitios relacionados con el manga. |
NAME RU: Аниме. |
NAME EN: Manga |
NAME FR: Manga |
NAME IT: Manga |
NAME NL: Manga |
NAME DE: Manga |
NAME ES: Manga |
NAME: child |
DEFAULT_TYPE: white |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Any website allowed to child (less than 10 years old) |
DESC FR: Tout ce qui est autorisé pour des enfants |
DESC RU: Любой веб-сайт, разрешенный ребенку (до 10 лет). |
DESC ES: Sitos autorizados para niños (menosres de 10 años) |
NAME RU: Ребенок. |
NAME EN: Child |
NAME FR: Enfant |
NAME IT: Bambino |
NAME NL: Child |
NAME DE: Child |
NAME ES: Niños |
NAME: malware |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Any website which deliver malware |
DESC FR: Tout site qui injecte des malwares |
DESC RU: Любой сайт, который внедряет вредоносные программы. |
DESC ES: Sitios que inyectan programas dañinos (malware) |
NAME RU: Вредоносные программы. |
NAME EN: Malware |
NAME FR: Malware |
NAME IT: Malware |
NAME NL: Malware |
NAME DE: Malware |
NAME ES: Malware |
NAME: press |
DEFAULT_TYPE: white |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Any press (informational) site |
DESC FR: Tout site de presse d'information |
DESC RU: Любая пресса (информационные сайты). |
DESC ES: Sitios de prensa (información) |
NAME RU: Пресса. |
NAME EN: Press |
NAME FR: Presse |
NAME IT: Press |
NAME NL: Press |
NAME DE: Press |
NAME ES: Prensa |
NAME: chat |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Chat site |
DESC FR: Site de dialogue et conversation en ligne. |
DESC RU: Сайты-чаты, диалоги. |
DESC ES: Sitios de conversación en línea. |
NAME RU: Чаты. |
NAME EN: Chat |
NAME FR: Tchat |
NAME IT: Chat |
NAME NL: Chat |
NAME DE: Chat |
NAME ES: Chat |
NAME: remote-control |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: site which allow remote control of user s dekstop |
DESC FR: Site permettant la prise de contrôle à distance |
DESC RU: Cайты, которые делают возможным удаленное (дистанционное) управление рабочим столом пользователя. |
DESC ES: Sitios que permiten el control remoto del escritorio del usuario. |
NAME RU: Удаленное управление. |
NAME EN: remote-control |
NAME FR: Prise de controle |
NAME IT: remote-control |
NAME NL: remote-control |
NAME DE: remote-control |
NAME ES: control remoto |
NAME: social_networks |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: All social networks sites |
DESC FR: Tous les sites de réseaux sociaux |
DESC RU: Все сайты социальных сетей. |
DESC ES: Sitios de relaciones sociales |
NAME RU: Социальные сети. |
NAME EN: social_networks |
NAME FR: reseaux sociaux |
NAME IT: social_networks |
NAME NL: social_networks |
NAME DE: social_networks |
NAME ES: relaciones sociales |
NAME: special |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Special sites. |
DESC FR: Sites spéciaux. |
DESC IT: Siti speciali. |
DESC RU: Специальные сайты. |
DESC DE: Spezielle Seiten. |
DESC ES: Sitios especiales. |
NAME EN: Special |
NAME FR: Spécial |
NAME IT: Speciale |
NAME RU: Специально |
NAME DE: Spezial |
NAME ES: Especial |
NAME: jobsearch |
DEFAULT_TYPE: white |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Site to looking for job |
DESC FR: Site pour trouver un emploi |
DESC RU: Сайты о поиске работы. |
DESC ES: Sitios de búsqueda de empleo |
NAME RU: Поиск работы. |
NAME EN: jobsearch |
NAME FR: emploi |
NAME IT: jobsearch |
NAME NL: jobsearch |
NAME DE: jobsearch |
NAME ES: búsqueda de empleo |
NAME: sports |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Sports |
DESC FR: Sports |
DESC RU: Спортивные сайты. |
DESC ES: Sitios de deportes |
NAME RU: Спорт. |
NAME EN: sports |
NAME FR: sports |
NAME IT: sports |
NAME NL: sports |
NAME DE: sports |
NAME ES: deportes |
NAME: bank |
DEFAULT_TYPE: white |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Online bank |
DESC FR: Banque en ligne |
DESC RU: Онлайн банки. |
DESC ES: Banca en línea |
NAME RU: Банки. |
NAME EN: bank |
NAME FR: banques |
NAME IT: bank |
NAME NL: bank |
NAME DE: bank |
NAME ES: banca |
NAME: arjel |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: ARJEL which is a french certification authority for gambling sites |
DESC FR: Sites de pari en ligne certifiés par l ARJEL |
DESC RU: Сайты, сертификацированные французским центром ARJEL для сайтов азартных игр. |
DESC ES: ARJEL, que es una certificación francesa para sitios de apuestas en línea. |
NAME RU: ARJEL. |
NAME EN: arjel |
NAME FR: arjel |
NAME IT: arjel |
NAME NL: arjel |
NAME DE: arjel |
NAME ES: arjel |
NAME: cooking |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Sites for cooking |
DESC FR: Sites de cuisine |
DESC RU: Сайты для приготовления пищи. |
DESC ES: Sitios de cocina |
NAME RU: Приготовление пищи. |
NAME EN: cooking |
NAME FR: cuisine |
NAME IT: cooking |
NAME NL: cooking |
NAME DE: cooking |
NAME ES: cocina (cooking) |
NAME: lingerie |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Sites for lingerie |
DESC FR: Sites de lingerie |
DESC RU: Сайты дамского белья. |
DESC ES: Sitios de lencería |
NAME RU: Дамское белье. |
NAME EN: lingerie |
NAME FR: lingerie |
NAME IT: lingerie |
NAME NL: lingerie |
NAME DE: lingerie |
NAME ES: lencería |
NAME: translation |
DEFAULT_TYPE: white |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Sites for translation |
DESC FR: Sites de traduction |
DESC RU: Сайты для перевода. |
DESC ES: Sitios para traducir. |
NAME RU: Перевод. |
NAME EN: translation |
NAME FR: traduction |
NAME IT: translation |
NAME NL: translation |
NAME DE: translation |
NAME ES: traducción |
NAME: bitcoin |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC EN: Sites for bitcoin mining |
DESC FR: Sites de bitcoin |
DESC ES: Sitios de bitcoin |
NAME RU: bitcoin |
NAME EN: bitcoin |
NAME FR: bitcoin |
NAME IT: bitcoin |
NAME NL: bitcoin |
NAME DE: bitcoin |
NAME ES: bitcoin |
NAME: dialer |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC FR: Sites de dialer |
DESC EN: Dialer Sites |
DESC ES: Sitios de marcadores (dialer) |
NAME RU: dialer |
NAME EN: dialer |
NAME FR: dialer |
NAME IT: dialer |
NAME NL: dialer |
NAME DE: dialer |
NAME ES: marcadores (dialer) |
NAME: ddos |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC FR: Sites de déni de services |
DESC EN: DDoS or Stresser Sites |
DESC ES: Sitios de Deny of services (ddos) |
NAME RU: ddos |
NAME EN: ddos |
NAME FR: ddos |
NAME IT: ddos |
NAME NL: ddos |
NAME DE: ddos |
NAME ES: ddos |
NAME: update |
DEFAULT_TYPE: white |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC FR: Sites d'update pour les OS ou les logiciels |
DESC EN: Update sites for software or OS |
NAME RU: update |
NAME EN: update |
NAME FR: update |
NAME IT: update |
NAME NL: update |
NAME DE: update |
NAME ES: update |
NAME: associations_religieuses |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.univ-tlse1.fr |
DESC FR: Sites d'associations religieuses |
DESC EN: religious_association |
NAME RU: религиозное_объединение |
NAME EN: religious_association |
NAME FR: associations_religieuses |
NAME IT: associazione_religiosa |
NAME NL: religieuze_vereniging |
NAME DE: teligionsgemeinschaft |
NAME ES: asociación_religiosa |
NAME: shortener |
DEFAULT_TYPE: white |
SOURCE: http://squidguard.ut-capitole.fr |
DESC FR: Raccoursisseur d'URL |
DESC EN: URLs shortening sites |
NAME RU: shortener |
NAME EN: shortener |
NAME FR: shortener |
NAME IT: shortener |
NAME NL: shortener |
NAME DE: shortener |
NAME ES: shortener |
NAME: cryptojacking |
DEFAULT_TYPE: black |
SOURCE: http://squidguard.ut-capitole.fr |
DESC FR: Site de mining en hijacking |
DESC EN: Mining site by hijacking |
NAME RU: cryptojacking |
NAME EN: cryptojacking |
NAME FR: cryptojacking |
NAME IT: cryptojacking |
NAME NL: cryptojacking |
NAME DE: cryptojacking |
NAME ES: cryptojacking |
/conf/etc/alcasar-site-direct |
---|
0,0 → 1,0 |
/conf/etc/alcasar-services |
---|
0,0 → 1,11 |
#icmp - |
#ssh 22 |
#smtp 25 |
#http 80 |
#pop 110 |
#imap2 143 |
#imap3 220 |
#https 443 |
#ipp 631 |
#pop3s 995 |
#imaps 993 |
/conf/etc/alcasar-iptables-local-mac-filtered |
---|
--- etc/alcasar-uamallowed-sample (nonexistent) |
+++ etc/alcasar-uamallowed-sample (revision 3194) |
@@ -0,0 +1,2 @@ |
+uamallowed="192.168.10.21" |
+uamallowed="172.16.1.0/24" |
/conf/freeradius-web/config.php |
---|
0,0 → 1,113 |
<?php |
extract($_GET); |
extract($_POST); |
extract($_COOKIE); |
foreach($_POST as $key => $value){ |
${$key} = $value; |
} |
# If using sessions set use_session to 1 to also cache the config file |
# |
$use_session = 0; |
unset($config); |
unset($nas_list); |
if ($use_session){ |
// Start session |
@session_start(); |
if (isset($_SESSION['config'])) |
$config = $_SESSION['config']; |
if (isset($_SESSION['nas_list'])) |
$nas_list = $_SESSION['nas_list']; |
} |
if (!isset($config)){ |
$ARR=file("/etc/freeradius-web/admin.conf"); |
$EXTRA_ARR = array(); |
foreach($ARR as $val) { |
$val=chop($val); |
if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val)) |
continue; |
list($key,$v)=preg_split("/:[[:space:]]*/",$val,2); |
if (preg_match("/%\{(.+)\}/",$v,$matches)){ |
$val=$config[$matches[1]]; |
$v=preg_replace("/%\{$matches[1]\}/",$val,$v); |
} |
if (preg_match("/^nas(\d+)_(\w+)$/",$key,$matches)) |
$nas_list[$matches[1]][$matches[2]] = $v; |
if ($key == 'INCLUDE'){ |
if (is_readable($v)) |
array_push($EXTRA_ARR,file($v)); |
else |
echo "<b>Error: File '$v' does not exist or is not readable</b><br>\n"; |
} |
else |
$config["$key"]="$v"; |
} |
foreach($EXTRA_ARR as $val1) { |
foreach($val1 as $val){ |
$val=chop($val); |
if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val)) |
continue; |
list($key,$v)=preg_split("/:[[:space:]]*/",$val,2); |
if (preg_match("/%\{(.+)\}/",$v,$matches)){ |
$val=$config[$matches[1]]; |
$v=preg_replace("/%\{$matches[1]\}/",$val,$v); |
} |
if (preg_match("/^nas(\d+)_(\w+)$/",$key,$matches)) |
$nas_list[$matches[1]][$matches[2]] = $v; |
$config["$key"]="$v"; |
} |
} |
if ($use_session){ |
session_register('config'); |
session_register('nas_list'); |
} |
} |
if ($use_session == 0 && $config['general_use_session'] == 'yes'){ |
// Start session |
@session_start(); |
if (isset($nas_list)) |
session_register('nas_list'); |
} |
//Make sure we are only passed allowed strings in username |
if (isset($login)){ |
if ($login != '') |
{ |
$accent = "âêôûéàèùîáâãäçèéêëìíîïñòóôõöùúûü"; |
$login = preg_replace("/[^\w$accent\.\/\@\:\-]/",'',$login); |
} |
if ($login != '' && $config['general_strip_realms'] == 'yes'){ |
$realm_del = ($config['general_realm_delimiter'] != '') ? $config['general_realm_delimiter'] : '@'; |
$realm_for = ($config['general_realm_format'] != '') ? $config['general_realm_format'] : 'suffix'; |
$new = explode($realm_del,$login,2); |
if (count($new) == 2) |
$login = ($realm_for == 'suffix') ? $new[0] : $new[1]; |
} |
} |
unset($mappings); |
if (isset($_SESSION['mappings'])) |
$mappings = $_SESSION['mappings']; |
if (!isset($mappings) && $config['general_username_mappings_file'] != ''){ |
$ARR = file($config['general_username_mappings_file']); |
foreach($ARR as $val){ |
$val=chop($val); |
if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val)) |
continue; |
list($key,$realm,$v)=preg_split("/:[[:space:]]*/",$val,3); |
if ($realm == 'accounting' || $realm == 'userdb' || $realm == 'nasdb' || $realm == 'nasadmin') |
$mappings["$key"][$realm] = $v; |
if ($realm == 'nasdb'){ |
$NAS_ARR = array(); |
$NAS_ARR = explode(',',$v); |
foreach ($nas_list as $key => $nas){ |
foreach ($NAS_ARR as $nas_check){ |
if ($nas_check == $nas['name']) |
unset($nas_list[$key]); |
} |
} |
} |
} |
if ($config['general_use_session'] == 'yes') |
session_register('mappings'); |
} |
@header('Content-type: text/html; charset='.$config['general_charset'].';'); |
?> |
/conf/freeradius-web/sql.attrmap |
---|
0,0 → 1,59 |
# |
# A mapping between the attributes used by dialup_admin and the attribute |
# names that will be stored in the SQL database |
# |
# Attributes that are not contained in this file are assumed to be reply |
# items and map to the same name as the one used by dialup_admin |
# |
# Format: |
# checkItem|replyItem Attribute-In-Dialup-Admin Attribute-In-SQL |
# |
# |
checkItem Auth-Type Auth-Type |
checkItem Simultaneous-Use Simultaneous-Use |
checkItem Called-Station-Id Called-Station-Id |
checkItem Calling-Station-Id Calling-Station-Id |
checkItem Dialup-Access none |
checkItem Max-All-Session Max-All-Session |
checkItem Max-Daily-Session Max-Daily-Session |
checkItem Max-Weekly-Session Max-Weekly-Session |
checkItem Max-Monthly-Session Max-Monthly-Session |
checkItem Login-Time Login-Time |
checkItem Expiration Expiration |
replyItem Service-Type Service-Type |
replyItem Framed-Protocol Framed-Protocol |
replyItem Framed-IP-Address Framed-IP-Address |
replyItem Framed-IP-Netmask Framed-IP-Netmask |
replyItem Framed-Route Framed-Route |
replyItem Framed-Routing Framed-Routing |
replyItem Filter-Id Filter-Id |
replyItem Framed-MTU Framed-MTU |
replyItem Framed-Compression Framed-Compression |
replyItem Login-IP-Host Login-IP-Host |
replyItem Login-Service Login-Service |
replyItem Login-TCP-Port Login-TCP-Port |
replyItem Callback-Number Callback-Number |
replyItem Callback-Id Callback-Id |
replyItem Framed-IPX-Network Framed-IPX-Network |
replyItem Class Class |
replyItem Session-Timeout Session-Timeout |
replyItem Idle-Timeout Idle-Timeout |
replyItem Termination-Action Termination-Action |
replyItem Login-LAT-Service Login-LAT-Service |
replyItem Login-LAT-Node Login-LAT-Node |
replyItem Login-LAT-Group Login-LAT-Group |
replyItem Framed-AppleTalk-Link Framed-AppleTalk-Link |
replyItem Framed-AppleTalk-Network Framed-AppleTalk-Network |
replyItem Framed-AppleTalk-Zone Framed-AppleTalk-Zone |
replyItem Port-Limit Port-Limit |
replyItem Login-LAT-Port Login-LAT-Port |
replyitem Reply-Message Reply-Message |
replyItem Dialup-Lock-Msg Reply-Message |
replyItem User-Password User-Password |
replyItem WISPr-Redirection-URL WISPr-Redirection-URL |
checkItem Alcasar-Expire-After Alcasar-Expire-After |
checkItem CoovaChilli-Max-Total-Octets-Daily CoovaChilli-Max-Total-Octets-Daily |
checkItem CoovaChilli-Max-Total-Octets-Monthly CoovaChilli-Max-Total-Octets-Monthly |
checkItem CoovaChilli-Max-Total-Octets CoovaChilli-Max-Total-Octets |
/conf/freeradius-web/user_edit.attrs |
---|
0,0 → 1,65 |
# |
# Attributes which will be visible in the user/group edit pages |
# File from free-radiusweb project. |
# Addons for ALCASAR by Steweb and Rexy |
# |
# Format: Attribute Comment |
# |
Expiration <a href="help/expiration_help.html" target=lt_help onclick=window.open("help/expiration_help.html","lt_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Expiration Help Page"><font color="blue">Date d'expiration</font></a> |
Simultaneous-Use <a href="help/simultaneous_use_help.html" target=su_help onclick=window.open("help/simultaneous_use_help.html","su_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Simultaneous Use Help Page"><font color="blue">Nombre de sessions simultanées</font></a> |
Alcasar-Expire-After <a href="help/max_all_session_help.html" target=st_help onclick=window.open("help/max_all_session_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Max connection Time Help Page"><font color="blue">Durée totale de connexion autorisée</font></a><BR>(en secondes) |
Session-Timeout <a href="help/session_timeout_help.html" target=st_help onclick=window.open("help/session_timeout_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Session Timeout Help Page"><font color="blue">Durée maximale d'une session</font></a><BR>(en secondes) |
Max-All-Session <a href="help/max_all_session_help.html" target=st_help onclick=window.open("help/max_all_session_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Max connection Time Help Page"><font color="blue">Durée totale de connexion autorisée</font></a><BR>(en secondes) |
Max-Monthly-Session <a href="help/session_timeout_help.html" target=st_help onclick=window.open("help/session_timeout_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Session Timeout Help Page"><font color="blue">Durée limite mensuelle</font></a><BR>(en secondes) |
#Max-Weekly-Session Weekly Limit (secs) |
Max-Daily-Session <a href="help/session_timeout_help.html" target=st_help onclick=window.open("help/session_timeout_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Session Timeout Help Page"><font color="blue">Durée limite journalière</font></a><BR>(en secondes) |
Login-Time <a href="help/login_time_help.html" target=lt_help onclick=window.open("help/login_time_help.html","lt_help","width=600,height=370,toolbar=no,scrollbars=no,resizable=yes") title="Login-Time Help Page"><font color="blue">Période hebdomadaire</font></a> |
#CoovaChilli-Max-Input-Octets <a href="help/coovachilli_max_input_octets_help.html" target=st_help onclick=window.open("help/coovachilli_max_input_octets_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Max Input Octets Help Page"><font color="blue">Nombre d'octets max. en émission</font></a><BR>(en octets) |
#CoovaChilli-Max-Output-Octets <a href="help/coovachilli_max_output_octets_help.html" target=st_help onclick=window.open("help/coovachilli_max_output_octets_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Max Output Octets Help Page"><font color="blue">Nombre d'octets max. en réception</font></a><BR>(en octets) |
CoovaChilli-Max-Total-Octets <a href="help/coovachilli_max_total_octets_help.html" target=st_help onclick=window.open("help/coovachilli_max_total_octets_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Max Total Octets Help Page"><font color="blue">Nombre d'octets max. total transmit</font></a><BR>(en octets) |
CoovaChilli-Max-Total-Octets-Monthly <a href="help/coovachilli_max_total_octets_help.html" target=st_help onclick=window.open("help/coovachilli_max_total_octets_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Max Total Octets Monthly Help Page"><font color="blue">Nombre d'octets max. total transmit par mois</font></a><BR>(en octets) |
CoovaChilli-Max-Total-Octets-Daily <a href="help/coovachilli_max_total_octets_help.html" target=st_help onclick=window.open("help/coovachilli_max_total_octets_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Max Total Octets Daily Help Page"><font color="blue">Nombre d'octets max. total transmit par jour</font></a><BR>(en octets) |
CoovaChilli-Bandwidth-Max-Up <a href="help/coovachilli_bandwidth_max_up_help.html" target=st_help onclick=window.open("help/coovachilli_bandwidth_max_up_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Bandwidth Max Up Help Page"><font color="blue">Bande passante montante max.</font></a><BR>(en kbits/seconde) |
CoovaChilli-Bandwidth-Max-Down <a href="help/coovachilli_bandwidth_max_down_help.html" target=st_help onclick=window.open("help/coovachilli_bandwidth_max_down_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Bandwidth Max Down Help Page"><font color="blue">Bande passante descendante max.</font></a><BR>(en kbits/seconde) |
WISPr-Redirection-URL <a href="help/wispr_redirection_url_help.html" target=st_help onclick=window.open("help/wispr_redirection_url_help.html","st_help","width=600,height=250,toolbar=no,scrollbars=no,resizable=yes") title="CoovaChilli Bandwidth Max Down Help Page"><font color="blue">URL de redirection</font></a><BR> |
# |
##Auth-Type <a href="help/auth_type_help.html" target=su_help onclick=window.open("help/auth_type_help.html","su_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Auth-Type Help Page"><font color="blue">Auth-Type</font></a> |
#Framed-Protocol <a href="help/framed_protocol_help.html" target=fpr_help onclick=window.open("help/framed_protocol_help.htlml","fpr_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-Protocol Help PPage"><font color="blue">Protocol</font></a> |
#Framed-IP-Address <a href="help/framed_ip_address_help.html" target=fia_help onclick=window.open("help/framed_ip_address_help.html","fia_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-IP-Address Help Page"><font color="blue">IP Address</font></a> |
#Framed-IP-Netmask IP Netmask |
#Framed-Route Route |
#Framed-Routing |
#Filter-Id <a href="help/filtering_help.html" target=fid_help onclick=window.open("help/filtering_help.html","fid_help","width=560,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Filtering Help Page"><font color="blue">Filtering</font></a> |
#Framed-MTU <a href="help/framed_mtu_help.html" target=fid_help onclick=window.open("help/framed_mtu_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-MTU Help Page"><font color="blue">Framed-MTU</font></a> |
#Framed-Compression <a href="help/framed_compression_help.html" target=fc_help onclick=window.open("help/framed_compression_help.html","fc_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Framed Compression Help Page"><font color="blue">Compression Used</font></a> |
#Service-Type <a href="help/service_type_help.html" target=st_help onclick=window.open("help/service_type_help.html","st_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Service-Type Help Page"><font color="blue">Service Type</font></a> |
#Login-IP-Host |
#Login-Service |
#Login-TCP-Port |
#Callback-Number <a href="help/callback_number_help.html" target=fid_help onclick=window.open("help/callback_number_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Callback-Number Help Page"><font color="blue">Callback-Number</font></a> |
#Callback-Id <a href="help/callback_id_help.html" target=fid_help onclick=window.open("help/callback_id_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Callback-ID Help Page"><font color="blue">Callback-ID</font></a> |
#Framed-IPX-Network |
#Class <a href="help/class_help.html" target=fid_help onclick=window.open("help/class_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Class Help Page"><font color="blue">Class</font></a> |
#Idle-Timeout <a href="help/idle_timeout_help.html" target=it_help onclick=window.open("help/idle_timeout_help.html","it_help","width=600,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Idle Timeout Help Page"><font color="blue">Idle Timeout</font></a> |
#Termination-Action |
#Login-LAT-Service |
#Login-LAT-Node |
#Login-LAT-Group |
#Framed-AppleTalk-Link |
#Framed-AppleTalk-Network |
#Framed-AppleTalk-Zone |
#Port-Limit <a href="help/port_limit_help.html" target=pl_help onclick=window.open("help/port_limit_help.html","pl_help","width=600,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Port Limit Help Page"><font color="blue">Port Limit</font></a> |
#Login-LAT-Port |
#Dialup-Access <a href="help/dialup_access_help.html" target=da_help onclick=window.open("help/dialup_access_help.html","da_help","width=560,height=200,toolbar=no,scrollbars=no,resizable=yes") title="Dialup Access Help Page"><font color="blue">Dialup Access (use FALSE to lock)</font></a> |
#Dialup-Lock-Msg <a href="help/lock_message_help.html" target=lm_help onclick=window.open("help/lock_message_help.html","lm_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Lock Message Help Page"><font color="blue">Lock Message</font></a> |
#Reply-Message <a href="help/reply_message_help.html" target=lm_help onclick=window.open("help/reply_message_help.html","lm_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Reply-Message Help Page"><font color="blue">Reply-Message</font></a> |
#Login-Time <a href="login_time_create.php?val=$name1&first=yes" target=lt_create onclick=window.open("login_time_create.php?val=$name1&first=yes","lt_create","width=600,height=490,toolbar=no,scrollbars=yes,resizable=yes") title="Login-Time Creation Page"><font color="blue">Période hebdomadaire</font></a><a href="help/login_time_help.html" target=lt_help onclick=window.open("help/login_time_help.html","lt_help","width=600,height=370,toolbar=no,scrollbars=no,resizable=yes") title="Login-Time Help Page"><font color="blue"><BR>(Format UUCP)</font></a> |
# |
# Uncomment this if you are using ldap and you are using user regular profiles. |
# Also make sure that Regular-Profile maps to the correct ldap attribute in |
# extra.ldap-attrmap |
# |
#Regular-Profile User Regular Profile DN |
Alcasar-Filter <a href="help/filtering_help.html" target=fid_help onclick=window.open("help/filtering_help.html","fid_help","width=560,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Filtering Help Page"><font color="blue">Filtering</font></a> |
Alcasar-Protocols-Filter <a href="help/protocols_help.html" target=help onclick=window.open("help/protocols_help.html","fid_help","width=560,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Protocol filtering Help Page"><font color="blue">Protocol filtering</font></a> |
Alcasar-Status-Page-Must-Stay-Open <a href="help/statusOpenRequired_help.html" target=help onclick=window.open("help/statusOpenRequired_help.html","fid_help","width=560,height=250,toolbar=no,scrollbars=no,resizable=yes") title="Status open required Help Page"><font color="blue">Status open required</font></a> |
/conf/freeradius-web/admin.conf.orig |
---|
0,0 → 1,351 |
# |
# Main Configuration File |
# |
# it can be default or whatever language. Only greek are supported |
# from non latin alphabet languages |
# These attribute only apply for ldap not for sql |
# |
general_prefered_lang: en |
general_prefered_lang_name: English |
# |
# The charset which will be added as a meta tag in all pages |
# |
general_charset: iso-8859-1 |
# |
# Uncomment this if normal attributes (not the ;lang-xx ones) in ldap |
# are utf8 encoded. |
# |
#general_decode_normal_attributes: yes |
# |
# The directory where dialupadmin is installed |
# |
general_base_dir: /usr/share/freeradius-web |
# |
# The base directory of the freeradius radius installation |
# |
general_radiusd_base_dir: /usr |
general_domain: company.com |
# |
# Set it to yes to use sessions and cache the various mappings |
# You can also set use_session = 1 in config.php to also cache |
# the admin.conf |
# |
# ---- IMPORTANT -- IMPORTANT -- IMPORTANT ---- |
#Remember to use the 'Clear Cache' page if you use sessions and do any changes |
#in any of the configuration files. |
# |
general_use_session: no |
# |
# This is used by the failed logins page. It states the default back time |
# in minutes. |
# |
general_most_recent_fl: 30 |
# |
# Realm setup |
# |
# Set general_strip_realms to yes in order to stip realms from usernames. |
# By default realms are not striped |
#general_strip_realms: yes |
# |
# The delimiter used in realms. Default is @ |
# |
general_realm_delimiter: @ |
# |
# The format of the realms. Can be either suffix (realm is after the username) |
# or prefix (realm is before the username). Default is suffix |
# |
general_realm_format: suffix |
# |
# |
# Determines if the administrator will be able to see and change the user password through |
# the user edit page |
general_show_user_password: yes |
general_raddb_dir: /etc/raddb |
general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap |
# Need to fix admin.conf file parser |
#general_clients_conf: %{general_raddb_dir}/clients.conf |
general_clients_conf: /etc/raddb/clients.conf |
general_sql_attrmap: /etc/freeradius-web/sql.attrmap |
general_accounting_attrs_file: /etc/freeradius-web/accounting.attrs |
general_extra_ldap_attrmap: /etc/freeradius-web/extra.ldap-attrmap |
general_username_mappings_file: /etc/freeradius-web/username.mappings |
# |
# it can be either ldap or sql |
# This affects the user base not accounting. Accounting is always in sql |
# |
general_lib_type: sql |
# |
# Define which attributes will be visible in the user edit page |
# |
general_user_edit_attrs_file: /etc/freeradius-web/user_edit.attrs |
# |
# Used by the Accounting Report Generator |
# |
general_sql_attrs_file: /etc/freeradius-web/sql.attrs |
# |
# Set default values for various attributes |
# |
general_default_file: /etc/freeradius-web/default.vals |
#general_ld_library_path: /usr/local/snmpd/lib |
# |
# can be 'snmp' (for snmpfinger) or empty to query the radacct table without first |
# querying the nas |
# This is used by the online users page |
# |
general_finger_type: snmp |
# |
# Defines the nas type. This is only used by snmpfinger |
# cisco, usrhiper and lucent are supported for now |
# |
general_nas_type: cisco |
general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger |
# |
# Used by the 'Disconnect User' button in the Clear Open Sessions page |
# Uses the Cisco AAA Session MIB or a telnet session |
# |
general_sessionclear_bin: %{general_base_dir}/bin/clearsession |
# |
# Can be one of telnet or snmp |
# |
general_sessionclear_method: snmp |
general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient |
# |
# this information is used from the server check page |
# |
general_test_account_login: test |
general_test_account_password: testpass |
# |
# These are used as default values for the user test page |
# |
general_radius_server: localhost |
general_radius_server_port: 1812 |
# |
# can be either pap or chap |
# |
general_radius_server_auth_proto: pap |
# |
# sorry, single valued for now. Should become something like |
# password[server-name]: xxxxx |
# |
general_radius_server_secret: XXXXXX |
general_auth_request_file: /etc/freeradius-web/auth.request |
# |
# can be one of crypt,md5,clear |
# |
general_encryption_method: crypt |
# |
# can be either asc (older dates first) or desc (recent dates first) |
# This is used in the user accounting and badusers pages |
# |
general_accounting_info_order: desc |
# |
# Use the totacct table in the user statistics page instead of the radacct |
# table. That will make the page run quicker. totacct should have data for |
# this to work :-) |
# |
general_stats_use_totacct: no |
# |
# If set to yes then we only allow each administrator to examine it's own entries |
# in the badusers table |
# |
general_restrict_badusers_access: no |
# |
# If set to yes then we restrict access to the nas administration page only to those |
# users which are allowed by their username mapping (nasadmin is set to yes) |
# |
general_restrict_nasadmin_access: no |
INCLUDE: /etc/freeradius-web/naslist.conf |
INCLUDE: /etc/freeradius-web/captions.conf |
# |
# The ldap server to connect to. |
# Both ldap_server and ldap_write_server can be a space-separated |
# list of ldap hostnames. In that case the library will try to connect |
# to the servers in the order that they appear. If the first host is down |
# ldap_connect will ask for the second ldap host and so on. |
# |
ldap_server: ldap.%{general_domain} |
# |
# There are many cases where we have a small write master and |
# a lot of fast read only replicas. If that is the case uncomment |
# ldap_write_server and point it to the write master. It will be |
# used only when writing to the directory, not when reading |
# |
#ldap_write_server: master.%{general_domain} |
ldap_base: dc=company,dc=com |
ldap_binddn: cn=Directory Manager |
ldap_bindpw: XXXXXXX |
ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base} |
ldap_default_dn: uid=default-dialup,%{ldap_base} |
ldap_regular_profile_attr: dialupregularprofile |
# |
# If set to yes then the HTTP credentials (http authentication) |
# will be used to bind to the ldap server instead of ldap_binddn |
# and ldap_bindpw. That way multiple admins with different rights |
# on the ldap database can connect through one dialup_admin interface. |
# The ldap_binddn and ldap_bindpw are still needed to find the DN |
# to bind with (http authentication will only provide us with a |
# username). As a result the ldap_binddn should be able to do a search |
# with a filter of (uid=<username>). Normally, the anonymous (empty DN) |
# user can do that. |
#ldap_use_http_credentials: yes |
# |
# If we are using http credentials we can map a specific username to the |
# directory manager (which usually does not correspond to a specific username) |
# |
#ldap_directory_manager: cn=Directory Manager |
#ldap_map_to_directory_manager: admin |
# |
# Uncomment to enable ldap debug |
# |
ldap_debug: true |
# |
# Allow for defining the ldap filter used when searching for a user |
# Variables supported: |
# %u: username |
# %U: username provided though http authentication |
# %mu: mappings for userdb |
# %ma: mappings for accounting |
# %mn: mappings for nasdb |
# %mN: mappings for nas administration |
# |
# One use of this would be to restrict access to only the user's belonging to |
# a specific administrator like this: |
# ldap_filter: (&(uid=%u)(manager=uid=%U,ou=admins,o=company,c=com)) |
# |
#ldap_filter: (uid=%u) |
# |
# If ldap_userdn is set then we use that for user dns, we don't perform an ldap |
# search. This can be somewhat faster. The variables supported for ldap_filter |
# are also supported here |
# |
#ldap_userdn: uid=%u,%{ldap_base} |
# |
# can be one of mysql,pg,oracle,sqlrelay where: |
# mysq: MySQL database (port 3306) |
# pg: PostgreSQL database (port 5432) |
# oracle: Oracle database (port 1521) |
# sqlrelay: SQL Relay |
# |
sql_type: mysql |
sql_server: localhost |
sql_port: 3306 |
sql_username: dialup_admin |
sql_password: XXXXXX |
sql_database: radius |
sql_accounting_table: radacct |
sql_badusers_table: badusers |
sql_check_table: radcheck |
sql_reply_table: radreply |
sql_user_info_table: userinfo |
sql_groupcheck_table: radgroupcheck |
sql_groupreply_table: radgroupreply |
sql_usergroup_table: radusergroup |
sql_total_accounting_table: totacct |
sql_nas_table: nas |
# |
# If set to true then we show all the available groups with the groups |
# that the user is a member of highlighted in the user edit page. |
# Otherwise we only show the groups he is a member of. |
sql_show_all_groups: true |
# |
# This variable is used by the scripts in the bin folder |
# It should contain the path to the sql binary used to run |
# sql commands (mysql, psql, oracle and sqlrelay are only supported for now) |
sql_command: /usr/bin/mysql |
#sql_command: /usr/bin/psql |
#sql_command: /usr/bin/sqlplus |
# |
# This variable is used by the scripts in the bin folder |
# It should contain the snmp type and path to the binary |
# used to run snmp commands. |
# (ucd = UCD-Snmp and net = Net-Snmp are only supported for now) |
general_snmp_type: net |
general_snmpwalk_command: /usr/bin/snmpwalk |
general_snmpget_command: /usr/bin/snmpget |
# |
# Uncomment to enable sql debug |
# |
sql_debug: true |
# |
# If set to yes then the HTTP credentials (http authentication) |
# will be used to connect to the sql server instead of sql_username |
# and sql_password. That way multiple admins with different rights |
# on the sql database can connect through one dialup_admin interface. |
#sql_use_http_credentials: yes |
# |
# If set the query will be added to all of the queries on the accounting |
# table |
# Variables supported: |
# %u: username |
# %U: username provided though http authentication |
# %mu: mappings for userdb |
# %ma: mappings for accounting |
# %mn: mappings for nasdb |
# %mN: mappings for nas administration |
#sql_accounting_extra_query: %ma |
# |
# true or false |
# |
sql_use_user_info_table: true |
sql_use_operators: true |
# |
# Set this to the value of the default_user_profile in your |
# sql.conf if that one is set. If it is not set leave blank |
# or commented out |
#sql_default_user_profile: DEFAULT |
# |
# |
sql_password_attribute: User-Password |
sql_date_format: Y-m-d |
sql_full_date_format: Y-m-d H:i:s |
# |
# Used in the accounting report generator so that we |
# don't return too many results |
# |
sql_row_limit: 40 |
# |
# These options are used by the log_badlogins script and by the |
# mysql driver |
# |
# Set the sql connect timeout (secs) |
sql_connect_timeout: 3 |
# Give a space separated list of extra mysql servers to connect to when |
# logging bad logins or adding users in the badusers table |
#sql_extra_servers: sql2.company.com sql3.company.com |
# |
# Default values for the various user limits in case the counter module |
# is used to impose such limits. |
# The value should be the user limit in seconds or none for nothing |
# Check out conf/sql.attrmap or extra.ldap-attrmap (depending on if you are |
# using sql or ldap) for per user attributes. The mapping should be made to |
# the attributes configured in the counter module. The attributes used by |
# dialupadmin will always be the ones appearing in the attribute mapping files |
# so you should make sure they are mapped to the correct attributes |
# |
#counter_default_daily: 14400 |
#counter_default_weekly: 72000 |
counter_default_daily: none |
counter_default_weekly: none |
counter_default_monthly: none |
# |
# Since calculating monthly usage can be quite expensive we make |
# it configurable |
# This is not needed if the monthly limit is not none |
#counter_monthly_calculate_usage: true |
# some of the date/time related functions need to know what timezone we are in |
timezone: Europe/Luxembourg |
/conf/freeradius-web/config.php.orig |
---|
0,0 → 1,117 |
<?php |
# |
# Things should work even if register_globals is set to off |
# |
$testVer=intval(str_replace(".", "",'4.1.0')); |
$curVer=intval(str_replace(".", "",phpversion())); |
if( $curVer >= $testVer ) |
import_request_variables('GPC'); |
# If using sessions set use_session to 1 to also cache the config file |
# |
$use_session = 0; |
unset($config); |
unset($nas_list); |
if ($use_session){ |
// Start session |
@session_start(); |
if (isset($_SESSION['config'])) |
$config = $_SESSION['config']; |
if (isset($_SESSION['nas_list'])) |
$nas_list = $_SESSION['nas_list']; |
} |
if (!isset($config)){ |
$ARR=file("/etc/freeradius-web/admin.conf"); |
$EXTRA_ARR = array(); |
foreach($ARR as $val) { |
$val=chop($val); |
if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val)) |
continue; |
list($key,$v)=preg_split("/:[[:space:]]*/",$val,2); |
if (preg_match("/%\{(.+)\}/",$v,$matches)){ |
$val=$config[$matches[1]]; |
$v=preg_replace("/%\{$matches[1]\}/",$val,$v); |
} |
if (preg_match("/^nas(\d+)_(\w+)$/",$key,$matches)) |
$nas_list[$matches[1]][$matches[2]] = $v; |
if ($key == 'INCLUDE'){ |
if (is_readable($v)) |
array_push($EXTRA_ARR,file($v)); |
else |
echo "<b>Error: File '$v' does not exist or is not readable</b><br>\n"; |
} |
else |
$config["$key"]="$v"; |
} |
foreach($EXTRA_ARR as $val1) { |
foreach($val1 as $val){ |
$val=chop($val); |
if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val)) |
continue; |
list($key,$v)=preg_split("/:[[:space:]]*/",$val,2); |
if (preg_match("/%\{(.+)\}/",$v,$matches)){ |
$val=$config[$matches[1]]; |
$v=preg_replace("/%\{$matches[1]\}/",$val,$v); |
} |
if (preg_match("/^nas(\d+)_(\w+)$/",$key,$matches)) |
$nas_list[$matches[1]][$matches[2]] = $v; |
$config["$key"]="$v"; |
} |
} |
if ($use_session){ |
session_register('config'); |
session_register('nas_list'); |
} |
} |
if ($use_session == 0 && $config[general_use_session] == 'yes'){ |
// Start session |
@session_start(); |
if (isset($nas_list)) |
session_register('nas_list'); |
} |
//Make sure we are only passed allowed strings in username |
if ($login != '') |
$login = preg_replace("/[^\w\.\/\@\:\-]/",'',$login); |
if ($login != '' && $config[general_strip_realms] == 'yes'){ |
$realm_del = ($config[general_realm_delimiter] != '') ? $config[general_realm_delimiter] : '@'; |
$realm_for = ($config[general_realm_format] != '') ? $config[general_realm_format] : 'suffix'; |
$new = explode($realm_del,$login,2); |
if (count($new) == 2) |
$login = ($realm_for == 'suffix') ? $new[0] : $new[1]; |
} |
unset($mappings); |
if (isset($_SESSION['mappings'])) |
$mappings = $_SESSION['mappings']; |
if (!isset($mappings) && $config[general_username_mappings_file] != ''){ |
$ARR = file($config[general_username_mappings_file]); |
foreach($ARR as $val){ |
$val=chop($val); |
if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val)) |
continue; |
list($key,$realm,$v)=preg_split("/:[[:space:]]*/",$val,3); |
if ($realm == 'accounting' || $realm == 'userdb' || $realm == 'nasdb' || $realm == 'nasadmin') |
$mappings["$key"][$realm] = $v; |
if ($realm == 'nasdb'){ |
$NAS_ARR = array(); |
$NAS_ARR = preg_split('/,/',$v); |
foreach ($nas_list as $key => $nas){ |
foreach ($NAS_ARR as $nas_check){ |
if ($nas_check == $nas[name]) |
unset($nas_list[$key]); |
} |
} |
} |
} |
if ($config[general_use_session] == 'yes') |
session_register('mappings'); |
} |
date_default_timezone_set($config[timezone]); |
//Include missing.php if needed |
if (!function_exists('array_change_key_case')) |
include_once('../lib/missing.php'); |
@header('Content-type: text/html; charset='.$config[general_charset].';'); |
?> |
/conf/freeradius-web/sql.attrs |
---|
0,0 → 1,30 |
# Used by the Accounting Report Generator page |
# |
# Mysql attributes Description Show Use function |
# |
RadAcctId Accounting Id no |
AcctSessionId Session Id no |
AcctUniqueId Unique Id no |
UserName User Name yes |
GroupName Group Name yes |
Realm Realm no |
NASIPAddress Nas IP Address no |
NASPortId Nas Port no |
NASPortType NAS Port Type no |
AcctStartTime Login Time yes |
AcctStopTime Logout Time yes |
AcctSessionTime Session Time yes time2str |
AcctAuthentic AcctAuthentic no |
ConnectInfo_start Start Connect Info no |
ConnectInfo_stop Stop Connect Info no |
AcctInputOctets Upload yes bytes2str |
AcctOutputOctets Download yes bytes2str |
CalledStationId CalledStationId no |
CallingStationId Caller Id no |
AcctTerminateCause Terminate Cause no |
ServiceType Service Type no |
FramedProtocol Protocol no |
FramedIPAddress Client IP Address yes |
AcctStartDelay Accounting Start Delay no time2str |
AcctStopDelay Accounting Stop Delay no time2str |
XAscendSessionSvrKey X Ascend SessionSVR no |
/conf/freeradius-web/sql.attrs.orig |
---|
0,0 → 1,28 |
# Used by the Accounting Report Generator page |
# |
# Mysql attributes Description Show Use function |
# |
RadAcctId Accounting Id no |
AcctSessionId Session Id no |
AcctUniqueId Unique Id no |
UserName User Name yes |
Realm Realm no |
NASIPAddress NAS IP Address yes |
NASPortId NAS Port yes |
NASPortType NAS Port Type no |
AcctStartTime Login Time yes |
AcctStopTime Logout Time yes |
AcctSessionTime Session Time yes time2str |
AcctAuthentic AcctAuthentic no |
ConnectInfo_start Start Connect Info no |
ConnectInfo_stop Stop Connect Info no |
AcctInputOctets Upload yes bytes2str |
AcctOutputOctets Download yes bytes2str |
CalledStationId CalledStationId no |
CallingStationId Caller Id no |
AcctTerminateCause Terminate Cause no |
ServiceType Service Type no |
FramedProtocol Protocol no |
FramedIPAddress Client IP Address yes |
AcctStartDelay Accounting Start Delay no time2str |
AcctStopDelay Accounting Stop Delay no time2str |
/conf/freeradius-web/user_edit.attrs.orig |
---|
0,0 → 1,49 |
# |
# Attributes which will be visible in the user/group edit pages |
# |
# Format: Attribute Comment |
# |
# |
#Auth-Type <a href="help/auth_type_help.html" target=su_help onclick=window.open("help/auth_type_help.html","su_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Auth-Type Help Page"><font color="blue">Auth-Type</font></a> |
#Simultaneous-Use <a href="help/simultaneous_use_help.html" target=su_help onclick=window.open("help/simultaneous_use_help.html","su_help","width=560,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Simultaneous Use Help Page"><font color="blue">Simultaneous Use</font></a> |
Framed-Protocol <a href="help/framed_protocol_help.html" target=fpr_help onclick=window.open("help/framed_protocol_help.htlml","fpr_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-Protocol Help PPage"><font color="blue">Protocol</font></a> |
Framed-IP-Address <a href="help/framed_ip_address_help.html" target=fia_help onclick=window.open("help/framed_ip_address_help.html","fia_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-IP-Address Help Page"><font color="blue">IP Address</font></a> |
Framed-IP-Netmask IP Netmask |
#Framed-Route Route |
#Framed-Routing |
#Filter-Id <a href="help/filter_id_help.html" target=fid_help onclick=window.open("help/filter_id_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Filter-ID Help Page"><font color="blue">Filter ID</font></a> |
Framed-MTU <a href="help/framed_mtu_help.html" target=fid_help onclick=window.open("help/framed_mtu_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-MTU Help Page"><font color="blue">Framed-MTU</font></a> |
Framed-Compression <a href="help/framed_compression_help.html" target=fc_help onclick=window.open("help/framed_compression_help.html","fc_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Framed Compression Help Page"><font color="blue">Compression Used</font></a> |
Service-Type <a href="help/service_type_help.html" target=st_help onclick=window.open("help/service_type_help.html","st_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Service-Type Help Page"><font color="blue">Service Type</font></a> |
#Login-IP-Host |
#Login-Service |
#Login-TCP-Port |
#Callback-Number <a href="help/callback_number_help.html" target=fid_help onclick=window.open("help/callback_number_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Callback-Number Help Page"><font color="blue">Callback-Number</font></a> |
#Callback-Id <a href="help/callback_id_help.html" target=fid_help onclick=window.open("help/callback_id_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Callback-ID Help Page"><font color="blue">Callback-ID</font></a> |
#Framed-IPX-Network |
#Class <a href="help/class_help.html" target=fid_help onclick=window.open("help/class_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Class Help Page"><font color="blue">Class</font></a> |
Session-Timeout <a href="help/session_timeout_help.html" target=st_help onclick=window.open("help/session_timeout_help.html","st_help","width=600,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Session Timeout Help Page"><font color="blue">Session Timeout</font></a> |
Idle-Timeout <a href="help/idle_timeout_help.html" target=it_help onclick=window.open("help/idle_timeout_help.html","it_help","width=600,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Idle Timeout Help Page"><font color="blue">Idle Timeout</font></a> |
#Termination-Action |
#Login-LAT-Service |
#Login-LAT-Node |
#Login-LAT-Group |
#Framed-AppleTalk-Link |
#Framed-AppleTalk-Network |
#Framed-AppleTalk-Zone |
Port-Limit <a href="help/port_limit_help.html" target=pl_help onclick=window.open("help/port_limit_help.html","pl_help","width=600,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Port Limit Help Page"><font color="blue">Port Limit</font></a> |
#Login-LAT-Port |
#Dialup-Access <a href="help/dialup_access_help.html" target=da_help onclick=window.open("help/dialup_access_help.html","da_help","width=560,height=200,toolbar=no,scrollbars=no,resizable=yes") title="Dialup Access Help Page"><font color="blue">Dialup Access (use FALSE to lock)</font></a> |
Dialup-Lock-Msg <a href="help/lock_message_help.html" target=lm_help onclick=window.open("help/lock_message_help.html","lm_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Lock Message Help Page"><font color="blue">Lock Message</font></a> |
#Reply-Message <a href="help/reply_message_help.html" target=lm_help onclick=window.open("help/reply_message_help.html","lm_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Reply-Message Help Page"><font color="blue">Reply-Message</font></a> |
#Max-Daily-Session Daily Limit (secs) |
#Max-Weekly-Session Weekly Limit (secs) |
#Max-Monthly-Session Monthly Limit (secs) |
#Login-Time <a href="login_time_create.php?val=$name1&first=yes" target=lt_create onclick=window.open("login_time_create.php?val=$name1&first=yes","lt_create","width=600,height=490,toolbar=no,scrollbars=yes,resizable=yes") title="Login-Time Creation Page"><font color="blue">User Login Period </font></a>(<a href="help/login_time_help.html" target=lt_help onclick=window.open("help/login_time_help.html","lt_help","width=600,height=370,toolbar=no,scrollbars=no,resizable=yes") title="Login-Time Help Page"><font color="blue">UUCP </font></a>Format) |
#Expiration <a href="help/expiration_help.html" target=lt_help onclick=window.open("help/expiration_help.html","lt_help","width=600,height=180,toolbar=no,scrollbars=no,resizable=yes") title="Expiration Help Page"><font color="blue">User Expiration Date</font></a> |
# |
# Uncomment this if you are using ldap and you are using user regular profiles. |
# Also make sure that Regular-Profile maps to the correct ldap attribute in |
# extra.ldap-attrmap |
# |
#Regular-Profile User Regular Profile DN |
/conf/freeradius-web/admin.conf |
---|
0,0 → 1,351 |
# |
# Main Configuration File |
# |
# it can be default or whatever language. Only greek are supported |
# from non latin alphabet languages |
# These attribute only apply for ldap not for sql |
# |
general_prefered_lang: en |
general_prefered_lang_name: English |
# |
# The charset which will be added as a meta tag in all pages |
# |
general_charset: utf-8 |
# |
# Uncomment this if normal attributes (not the ;lang-xx ones) in ldap |
# are utf8 encoded. |
# |
#general_decode_normal_attributes: yes |
# |
# The directory where dialupadmin is installed |
# |
general_base_dir: /usr/share/freeradius-web |
# |
# The base directory of the freeradius radius installation |
# |
general_radiusd_base_dir: /usr |
general_domain: localdomain |
# |
# Set it to yes to use sessions and cache the various mappings |
# You can also set use_session = 1 in config.php to also cache |
# the admin.conf |
# |
# ---- IMPORTANT -- IMPORTANT -- IMPORTANT ---- |
#Remember to use the 'Clear Cache' page if you use sessions and do any changes |
#in any of the configuration files. |
# |
general_use_session: no |
# |
# This is used by the failed logins page. It states the default back time |
# in minutes. |
# |
general_most_recent_fl: 30 |
# |
# Realm setup |
# |
# Set general_strip_realms to yes in order to stip realms from usernames. |
# By default realms are not striped |
general_strip_realms: no |
# |
# The delimiter used in realms. Default is @ |
# |
general_realm_delimiter: @ |
# |
# The format of the realms. Can be either suffix (realm is after the username) |
# or prefix (realm is before the username). Default is suffix |
# |
general_realm_format: suffix |
# |
# |
# Determines if the administrator will be able to see and change the user password through |
# the user edit page |
general_show_user_password: yes |
general_raddb_dir: /etc/raddb |
general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap |
# Need to fix admin.conf file parser |
#general_clients_conf: %{general_raddb_dir}/clients.conf |
general_clients_conf: /etc/raddb/clients.conf |
general_sql_attrmap: /etc/freeradius-web/sql.attrmap |
general_accounting_attrs_file: /etc/freeradius-web/accounting.attrs |
general_extra_ldap_attrmap: /etc/freeradius-web/extra.ldap-attrmap |
general_username_mappings_file: /etc/freeradius-web/username.mappings |
# |
# it can be either ldap or sql |
# This affects the user base not accounting. Accounting is always in sql |
# |
general_lib_type: sql |
# |
# Define which attributes will be visible in the user edit page |
# |
general_user_edit_attrs_file: /etc/freeradius-web/user_edit.attrs |
# |
# Used by the Accounting Report Generator |
# |
general_sql_attrs_file: /etc/freeradius-web/sql.attrs |
# |
# Set default values for various attributes |
# |
general_default_file: /etc/freeradius-web/default.vals |
#general_ld_library_path: /usr/local/snmpd/lib |
# |
# can be 'snmp' (for snmpfinger) or empty to query the radacct table without first |
# querying the nas |
# This is used by the online users page |
# |
# general_finger_type: snmp |
# |
# Defines the nas type. This is only used by snmpfinger |
# cisco, usrhiper and lucent are supported for now |
# |
general_nas_type: cisco |
general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger |
# |
# Used by the 'Disconnect User' button in the Clear Open Sessions page |
# Uses the Cisco AAA Session MIB or a telnet session |
# |
general_sessionclear_bin: %{general_base_dir}/bin/clearsession |
# |
# Can be one of telnet or snmp |
# |
general_sessionclear_method: snmp |
general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient |
# |
# this information is used from the server check page |
# |
general_test_account_login: test |
general_test_account_password: testpass |
# |
# These are used as default values for the user test page |
# |
general_radius_server: localhost |
general_radius_server_port: 1812 |
# |
# can be either pap or chap |
# |
general_radius_server_auth_proto: pap |
# |
# sorry, single valued for now. Should become something like |
# password[server-name]: xxxxx |
# |
general_radius_server_secret: XXXXXX |
general_auth_request_file: /etc/freeradius-web/auth.request |
# |
# can be one of crypt,md5,clear |
# |
general_encryption_method: crypt |
# |
# can be either asc (older dates first) or desc (recent dates first) |
# This is used in the user accounting and badusers pages |
# |
general_accounting_info_order: desc |
# |
# Use the totacct table in the user statistics page instead of the radacct |
# table. That will make the page run quicker. totacct should have data for |
# this to work :-) |
# |
general_stats_use_totacct: yes |
# |
# If set to yes then we only allow each administrator to examine it's own entries |
# in the badusers table |
# |
general_restrict_badusers_access: no |
# |
# If set to yes then we restrict access to the nas administration page only to those |
# users which are allowed by their username mapping (nasadmin is set to yes) |
# |
general_restrict_nasadmin_access: no |
INCLUDE: /etc/freeradius-web/naslist.conf |
INCLUDE: /etc/freeradius-web/captions.conf |
# |
# The ldap server to connect to. |
# Both ldap_server and ldap_write_server can be a space-separated |
# list of ldap hostnames. In that case the library will try to connect |
# to the servers in the order that they appear. If the first host is down |
# ldap_connect will ask for the second ldap host and so on. |
# |
ldap_server: ldap.%{general_domain} |
# |
# There are many cases where we have a small write master and |
# a lot of fast read only replicas. If that is the case uncomment |
# ldap_write_server and point it to the write master. It will be |
# used only when writing to the directory, not when reading |
# |
#ldap_write_server: master.%{general_domain} |
ldap_base: dc=company,dc=com |
ldap_binddn: cn=Directory Manager |
ldap_bindpw: XXXXXXX |
ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base} |
ldap_default_dn: uid=default-dialup,%{ldap_base} |
ldap_regular_profile_attr: dialupregularprofile |
# |
# If set to yes then the HTTP credentials (http authentication) |
# will be used to bind to the ldap server instead of ldap_binddn |
# and ldap_bindpw. That way multiple admins with different rights |
# on the ldap database can connect through one dialup_admin interface. |
# The ldap_binddn and ldap_bindpw are still needed to find the DN |
# to bind with (http authentication will only provide us with a |
# username). As a result the ldap_binddn should be able to do a search |
# with a filter of (uid=<username>). Normally, the anonymous (empty DN) |
# user can do that. |
#ldap_use_http_credentials: yes |
# |
# If we are using http credentials we can map a specific username to the |
# directory manager (which usually does not correspond to a specific username) |
# |
#ldap_directory_manager: cn=Directory Manager |
#ldap_map_to_directory_manager: admin |
# |
# Uncomment to enable ldap debug |
# |
ldap_debug: true |
# |
# Allow for defining the ldap filter used when searching for a user |
# Variables supported: |
# %u: username |
# %U: username provided though http authentication |
# %mu: mappings for userdb |
# %ma: mappings for accounting |
# %mn: mappings for nasdb |
# %mN: mappings for nas administration |
# |
# One use of this would be to restrict access to only the user's belonging to |
# a specific administrator like this: |
# ldap_filter: (&(uid=%u)(manager=uid=%U,ou=admins,o=company,c=com)) |
# |
#ldap_filter: (uid=%u) |
# |
# If ldap_userdn is set then we use that for user dns, we don't perform an ldap |
# search. This can be somewhat faster. The variables supported for ldap_filter |
# are also supported here |
# |
#ldap_userdn: uid=%u,%{ldap_base} |
# |
# can be one of mysql,pg,oracle,sqlrelay where: |
# mysq: MySQL database (port 3306) |
# pg: PostgreSQL database (port 5432) |
# oracle: Oracle database (port 1521) |
# sqlrelay: SQL Relay |
# |
sql_type: mysql |
sql_server: localhost |
sql_port: 3306 |
sql_username: radius |
sql_password: HAeXEjS0 |
sql_database: radius |
sql_accounting_table: radacct |
sql_badusers_table: badusers |
sql_check_table: radcheck |
sql_reply_table: radreply |
sql_user_info_table: userinfo |
sql_groupcheck_table: radgroupcheck |
sql_groupreply_table: radgroupreply |
sql_usergroup_table: radusergroup |
sql_total_accounting_table: totacct |
sql_nas_table: nas |
# |
# If set to true then we show all the available groups with the groups |
# that the user is a member of highlighted in the user edit page. |
# Otherwise we only show the groups he is a member of. |
sql_show_all_groups: true |
# |
# This variable is used by the scripts in the bin folder |
# It should contain the path to the sql binary used to run |
# sql commands (mysql, psql, oracle and sqlrelay are only supported for now) |
sql_command: /usr/bin/mysql |
#sql_command: /usr/bin/psql |
#sql_command: /usr/bin/sqlplus |
# |
# This variable is used by the scripts in the bin folder |
# It should contain the snmp type and path to the binary |
# used to run snmp commands. |
# (ucd = UCD-Snmp and net = Net-Snmp are only supported for now) |
general_snmp_type: net |
general_snmpwalk_command: /usr/bin/snmpwalk |
general_snmpget_command: /usr/bin/snmpget |
# |
# Uncomment to enable sql debug |
# |
sql_debug: false |
# |
# If set to yes then the HTTP credentials (http authentication) |
# will be used to connect to the sql server instead of sql_username |
# and sql_password. That way multiple admins with different rights |
# on the sql database can connect through one dialup_admin interface. |
#sql_use_http_credentials: yes |
# |
# If set the query will be added to all of the queries on the accounting |
# table |
# Variables supported: |
# %u: username |
# %U: username provided though http authentication |
# %mu: mappings for userdb |
# %ma: mappings for accounting |
# %mn: mappings for nasdb |
# %mN: mappings for nas administration |
#sql_accounting_extra_query: %ma |
# |
# true or false |
# |
sql_use_user_info_table: true |
sql_use_operators: true |
# |
# Set this to the value of the default_user_profile in your |
# sql.conf if that one is set. If it is not set leave blank |
# or commented out |
#sql_default_user_profile: DEFAULT |
# |
# |
sql_password_attribute: Crypt-Password |
sql_date_format: Y-m-d |
sql_full_date_format: Y-m-d H:i:s |
# |
# Used in the accounting report generator so that we |
# don't return too many results |
# |
sql_row_limit: 40 |
# |
# These options are used by the log_badlogins script and by the |
# mysql driver |
# |
# Set the sql connect timeout (secs) |
sql_connect_timeout: 3 |
# Give a space separated list of extra mysql servers to connect to when |
# logging bad logins or adding users in the badusers table |
#sql_extra_servers: sql2.company.com sql3.company.com |
# |
# Default values for the various user limits in case the counter module |
# is used to impose such limits. |
# The value should be the user limit in seconds or none for nothing |
# Check out conf/sql.attrmap or extra.ldap-attrmap (depending on if you are |
# using sql or ldap) for per user attributes. The mapping should be made to |
# the attributes configured in the counter module. The attributes used by |
# dialupadmin will always be the ones appearing in the attribute mapping files |
# so you should make sure they are mapped to the correct attributes |
# |
#counter_default_daily: 14400 |
#counter_default_weekly: 72000 |
counter_default_daily: none |
counter_default_weekly: none |
counter_default_monthly: none |
# |
# Since calculating monthly usage can be quite expensive we make |
# it configurable |
# This is not needed if the monthly limit is not none |
#counter_monthly_calculate_usage: true |
# some of the date/time related functions need to know what timezone we are in |
timezone: Europe/Luxembourg |
/conf/freeradius-web/naslist.conf |
---|
0,0 → 1,5 |
nas1_name: alcasar |
nas1_model: Portail captif |
nas1_ip: 192.168.182.1 |
nas1_port_num: 0 |
nas1_community: public |
/conf/freeradius-web/accounting.attrs |
---|
0,0 → 1,20 |
# Used by the User Accounting, the User finger and the Failed Logins page |
# |
# For the user finger page only callerid(9) and |
# ip address(4) are applicable |
# |
# For the Failed Logins page only looged in(2), server(7), |
# terminate cause(8) and callerid(9) are applicable |
# |
# attribute number Description Show in Show in Show in |
# User Accounting User Finger Failed Logins |
# |
1 type no no no |
2 logged in yes no yes |
3 session time yes no no |
4 ip address no yes no |
5 upload yes no no |
6 download yes no no |
7 server yes no yes |
8 terminate cause yes no yes |
9 callerid yes yes yes |
/conf/freeradius-web/auth.request |
---|
0,0 → 1,5 |
# |
# Extra attributes that the test user/check server pages will send to |
# the RADIUS server |
# |
Service-Type = Framed-User |
/conf/freeradius-web/captions.conf |
---|
0,0 → 1,0 |
general_caption_finger_free_lines: free lines |
/conf/freeradius-web/default.vals |
---|
0,0 → 1,17 |
# |
# Uncomment and edit these lines if you add corresponding default |
# values in the users file |
# |
#Simultaneous-Use: 1 |
#Framed-IP-Address: 255.255.255.254 |
#Framed-IP-Netmask: 255.255.255.255 |
#Framed-MTU: 1500 |
#Framed-Protocol: PPP |
#Framed-Compression: Van-Jacobson-TCP-IP |
#Session-Timeout: 14400 |
#Idle-Timeout: 600 |
#Port-Limit: 1 |
#Max-Weekly-Session: 72000 |
#Max-Daily-Session: 14400 |
#Login-Time: |
#Auth-Type: LDAP |
/conf/freeradius-web/extra.ldap-attrmap |
---|
0,0 → 1,12 |
# |
# An extra file for radius -> ldap attribute mapping |
# |
checkItem Dialup-Lock-Msg radiuslockmsg |
checkItem User-Password userpassword |
checkItem Regular-Profile radiusProfileDn |
checkItem Check-Item radiusCheckItem generic |
checkItem Max-Daily-Session radiusMaxDailySession |
checkItem Max-Weekly-Session radiusMaxWeeklySession |
checkItem Max-Monthly-Session radiusMaxMonthlySession |
replyItem Reply-Item radiusReplyItem generic |
/conf/freeradius-web/sql.attrmap.default |
---|
0,0 → 1,52 |
# |
# A mapping between the attributes used by dialup_admin and the attribute |
# names that will be stored in the SQL database |
# |
# Attributes that are not contained in this file are assumed to be reply |
# items and map to the same name as the one used by dialup_admin |
# |
# Format: |
# checkItem|replyItem Attribute-In-Dialup-Admin Attribute-In-SQL |
# |
# |
checkItem Auth-Type Auth-Type |
checkItem Simultaneous-Use Simultaneous-Use |
checkItem Called-Station-Id Called-Station-Id |
checkItem Calling-Station-Id Calling-Station-Id |
checkItem Dialup-Access none |
checkItem Max-Daily-Session Max-Daily-Session |
checkItem Max-Weekly-Session Max-Weekly-Session |
checkItem Max-Monthly-Session Max-Monthly-Session |
checkItem Login-Time Login-Time |
checkItem Expiration Expiration |
replyItem Service-Type Service-Type |
replyItem Framed-Protocol Framed-Protocol |
replyItem Framed-IP-Address Framed-IP-Address |
replyItem Framed-IP-Netmask Framed-IP-Netmask |
replyItem Framed-Route Framed-Route |
replyItem Framed-Routing Framed-Routing |
replyItem Filter-Id Filter-Id |
replyItem Framed-MTU Framed-MTU |
replyItem Framed-Compression Framed-Compression |
replyItem Login-IP-Host Login-IP-Host |
replyItem Login-Service Login-Service |
replyItem Login-TCP-Port Login-TCP-Port |
replyItem Callback-Number Callback-Number |
replyItem Callback-Id Callback-Id |
replyItem Framed-IPX-Network Framed-IPX-Network |
replyItem Class Class |
replyItem Session-Timeout Session-Timeout |
replyItem Idle-Timeout Idle-Timeout |
replyItem Termination-Action Termination-Action |
replyItem Login-LAT-Service Login-LAT-Service |
replyItem Login-LAT-Node Login-LAT-Node |
replyItem Login-LAT-Group Login-LAT-Group |
replyItem Framed-AppleTalk-Link Framed-AppleTalk-Link |
replyItem Framed-AppleTalk-Network Framed-AppleTalk-Network |
replyItem Framed-AppleTalk-Zone Framed-AppleTalk-Zone |
replyItem Port-Limit Port-Limit |
replyItem Login-LAT-Port Login-LAT-Port |
replyitem Reply-Message Reply-Message |
replyItem Dialup-Lock-Msg Reply-Message |
replyItem User-Password User-Password |
/conf/freeradius-web/username.mappings |
---|
0,0 → 1,21 |
# Username mappings |
# Format: |
# Username:realm:query |
# |
# where realm is: |
# accounting: for the map to be used when querying the accounting db |
# userdb: for the map to be used when querying the user db |
# nasdb: To only map specific NASes to the username (separated by ,) |
# nasadmin: To allow the user to use the nas_admin page (yes or no) |
# |
library-admin:accounting:AND nasipaddress = '123.123.123.123' |
library-admin:userdb:AND Admin = 'library-admin' |
library-admin:nasdb:nas.lib.company.com |
library-admin:nasadmin:no |
# |
lab-admin:accounting:AND nasipaddress = '123.123.124.123' |
lab-admin:userdb:AND Admin = 'lab-admin' |
lab-admin:nasdb:nas.lab.company.com |
lab-admin:nasadmin:no |
# |
admin:nasadmin:yes |
/conf/letsencrypt-client/acme.sh-3.0.7.tar.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/conf/logrotate.d/admin_log |
---|
0,0 → 1,6 |
/var/Save/security/acc_access.log { |
rotate 12 |
monthly |
missingok |
notifempty |
} |
Property changes: |
Added: svn:executable |
+* |
\ No newline at end of property |
/conf/logrotate.d/ulogd |
---|
0,0 → 1,39 |
/var/log/ulogd/ulogd.log { |
missingok |
notifempty |
create 0640 ulogd ulogd |
sharedscripts |
} |
/var/log/firewall/traceability.log { |
missingok |
notifempty |
rotate 52 |
weekly |
dateext |
sharedscripts |
postrotate |
/usr/bin/systemctl restart ulogd-traceability |
endscript |
} |
/var/log/firewall/ssh.log { |
missingok |
notifempty |
rotate 52 |
weekly |
dateext |
sharedscripts |
postrotate |
/usr/bin/systemctl restart ulogd-ssh |
endscript |
} |
/var/log/firewall/ext-access.log { |
missingok |
notifempty |
rotate 52 |
weekly |
dateext |
sharedscripts |
postrotate |
/usr/bin/systemctl restart ulogd-ext-access |
endscript |
} |
Property changes: |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/conf/logrotate.d/unbound-blacklist |
---|
0,0 → 1,11 |
/var/log/unbound/unbound-blacklist.log { |
missingok |
notifempty |
rotate 52 |
weekly |
dateext |
sharedscripts |
postrotate |
/usr/bin/systemctl restart unbound-blacklist |
endscript |
} |
/conf/logrotate.d/gammu |
---|
0,0 → 1,7 |
/var/log/gammu-smsd/gammu-smsd.log { |
monthly |
rotate 12 |
nocreate |
missingok |
compress |
} |
/conf/sudoers |
---|
0,0 → 1,57 |
# sudoers file. |
# |
# This file MUST be edited with the 'visudo' command as root. |
# |
# See the sudoers man page for the details on how to write a sudoers file. |
# |
# Host alias specification |
Host_Alias LAN_ORG=192.168.182.0/255.255.255.0,localhost #réseau de l'organisme |
# User alias specification |
User_Alias ADMIN=sysadmin # local admin account |
User_Alias ADMWEB=apache # web server owner |
User_Alias SMS=gammu_smsd # gammu-smsd owner |
# Cmnd alias specification |
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh,/usr/local/bin/alcasar-network.sh,/usr/local/bin/alcasar-list-ip_gw.sh,/usr/local/bin/alcasar-ssh.sh # network commands |
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment |
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass |
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # manage users in command line |
Cmnd_Alias SQL=/usr/local/bin/alcasar-mysql.sh # export users database |
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # create conf backup file |
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # export/save the log files |
Cmnd_Alias BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter_wl.sh,/usr/local/bin/alcasar-url_filter_bl.sh # manage the filtering system |
Cmnd_Alias NF=/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # manage the firewall |
Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # disconnect the users |
Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # manage the trusted websites (uamallowed) |
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # manage the linux services |
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # manage the SMS subsystem |
Cmnd_Alias SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh,/usr/local/bin/alcasar-ldap.sh --import-cert * # manage the certificates |
Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # manage htdigest groups |
Cmnd_Alias LOG_GEN=/usr/local/bin/alcasar-generate_log.sh # create log PDF from ACC |
Cmnd_Alias LDAP=/usr/local/bin/alcasar-ldap.sh # enable/disable LDAP connection |
Cmnd_Alias IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh # enable/disable raw capture of Iot (pcap) --> in activity ACC page |
Cmnd_Alias WIFI4EU=/usr/local/bin/alcasar-wifi4eu.sh # enable/disable wifi4eu integration (logo + snippet) |
Cmnd_Alias MAIL_SERVICE=/usr/local/bin/alcasar-mail-install.sh # manage mail service |
# Defaults specification |
# Defaults syslog=auth |
# Runas alias specification |
# User privilege specification |
root ALL=(ALL) ALL |
# Uncomment to allow people in group wheel to run all commands |
# %wheel ALL=(ALL) ALL |
# Same thing without a password |
# %wheel ALL=(ALL) NOPASSWD: ALL |
# Samples |
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom |
# %users localhost=/sbin/shutdown -h now |
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN,LDAP,IOT_CAPTURE,WIFI4EU,MAIL_SERVICE |
ADMIN LAN_ORG=(root) NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE,SSL |
SMS LAN_ORG=(root) NOPASSWD: GAMMU |
Property changes: |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/conf/bashrc |
---|
0,0 → 1,57 |
# $Id$ |
# /etc/bashrc |
ORGANISME="" |
# System wide functions and aliases |
# Environment stuff goes in /etc/profile |
# by default, we want this to get set. |
# Even for non-interactive, non-login shells. |
if [ "`id -gn`" = "`id -un`" -a `id -u` -gt 99 ]; then |
umask 002 |
else |
umask 022 |
fi |
# are we an interactive shell? |
if [ "$PS1" ]; then |
i='${USER}@${HOSTNAME%%.*}:$([[ "${PWD}" =~ ^"${HOME}"(/|$) ]] && echo "~${PWD#${HOME}}" || echo "${PWD}")' |
case $TERM in |
xterm*) |
PROMPT_COMMAND='echo -ne "\033]0;'${i}'\007"' |
;; |
screen) |
PROMPT_COMMAND='echo -ne "\033_'${i}'\033\\"' |
;; |
*) |
;; |
esac |
unset i |
# [ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ " # default |
# color prompt |
if [ `id -un` = root ]; then |
PS1='\e[31;1;40m\]\h-$ORGANISME[\w]\$\e[37;0;40m\] ' |
alias ll='ls -al --color' |
else |
PS1='\e[32;1;40m\]\h-$ORGANISME[\w]\$\e[37;0;40m\] ' |
fi |
if [ -z "$loginsh" ]; then # We're not a login shell |
# Not all scripts in profile.d are compatible with other shells |
# TODO: make the scripts compatible or check the running shell by |
# themselves. |
if [ -n "${BASH_VERSION}${KSH_VERSION}${ZSH_VERSION}" ]; then |
for i in /etc/profile.d/*.sh; do |
if [ -x $i ]; then |
. $i |
fi |
done |
unset i |
fi |
fi |
fi |
unset loginsh |
Property changes: |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/conf/radius/alcasar |
---|
0,0 → 1,123 |
server default { |
listen { |
type = auth |
ipaddr = * |
port = 0 |
limit { |
max_connections = 16 |
lifetime = 0 |
idle_timeout = 30 |
} |
} |
listen { |
type = acct |
ipaddr = * |
port = 0 |
limit { |
max_pps = 0 |
} |
} |
authorize { |
sql { notfound = 1 } |
if (notfound) { |
update reply { |
Reply-Message := "Username not found" |
} |
reject |
} |
expire_on_login { reject = 1 } |
if (reject) { |
update reply { |
Reply-Message := "Your usage time has been reached" |
} |
reject |
} |
noresetcounter { reject = 1 } |
if (reject) { |
update reply { |
Reply-Message := "Your maximum usage time has been reached" |
} |
reject |
} |
monthlycounter { reject = 1 } |
if (reject) { |
update reply { |
Reply-Message := "Your maximum monthly usage time has been reached" |
} |
reject |
} |
dailycounter { reject = 1 } |
if (reject) { |
update reply { |
Reply-Message := "Your maximum daily usage time has been reached" |
} |
reject |
} |
counterCoovaChilliMaxAllTotalOctets { reject = 1 } |
if (reject) { |
update reply { |
Reply-Message := "Your maximum usage volume has been reached" |
} |
reject |
} |
counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 } |
if (reject) { |
update reply { |
Reply-Message := "Your maximum monthly usage volume has been reached" |
} |
reject |
} |
counterCoovaChilliMaxTotalOctetsDaily { reject = 1 } |
if (reject) { |
update reply { |
Reply-Message := "Your maximum daily usage volume has been reached" |
} |
reject |
} |
expiration { userlock = 1 } |
if (userlock) { |
update reply { |
Reply-Message := "Your expiration date has been reached" |
} |
userlock |
} |
logintime { userlock = 1 } |
if (userlock) { |
update reply { |
Reply-Message := "You are out your allowed time period" |
} |
userlock |
} |
pap |
} |
authenticate { |
Auth-Type PAP { |
pap |
} |
} |
accounting { |
sql |
} |
session { |
sql |
} |
post-auth { |
Post-Auth-Type REJECT { |
update reply { |
Reply-Message = "Login failed" |
} |
attr_filter.access_reject |
} |
} |
} |
/conf/radius/alcasar-with-ldap |
---|
0,0 → 1,139 |
server default { |
listen { |
type = auth |
ipaddr = * |
port = 0 |
limit { |
max_connections = 16 |
lifetime = 0 |
idle_timeout = 30 |
} |
} |
listen { |
type = acct |
ipaddr = * |
port = 0 |
limit { |
max_pps = 0 |
} |
} |
authorize { |
# if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) { |
if ((!&Calling-Station-Id) || (&User-Name != &Calling-Station-Id) || (!&User-Password) || (&User-Password != "password")) { # no LDAP query for @MAC |
ldap { fail = 1 } |
if ((ok || updated) && User-Password) { |
update control { |
Auth-Type := LDAP |
Tmp-String-0 := "ldap" # AuthType SQL group |
} |
update reply { |
Filter-Id := "%{control:Tmp-String-0}" |
} |
} |
} |
sql { notfound = 1 } |
if ((notfound) && (!control:Auth-Type)) { |
update reply { |
Reply-Message := "Username not found" |
} |
reject |
} |
expire_on_login { reject = 1 } |
if (reject) { |
update reply { |
Reply-Message := "Your usage time has been reached" |
} |
reject |
} |
noresetcounter { reject = 1 } |
if (reject) { |
update reply { |
Reply-Message := "Your maximum usage time has been reached" |
} |
reject |
} |
monthlycounter { reject = 1 } |
if (reject) { |
update reply { |
Reply-Message := "Your maximum monthly usage time has been reached" |
} |
reject |
} |
dailycounter { reject = 1 } |
if (reject) { |
update reply { |
Reply-Message := "Your maximum daily usage time has been reached" |
} |
reject |
} |
counterCoovaChilliMaxAllTotalOctets { reject = 1 } |
if (reject) { |
update reply { |
Reply-Message := "Your maximum usage volume has been reached" |
} |
reject |
} |
counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 } |
if (reject) { |
update reply { |
Reply-Message := "Your maximum monthly usage volume has been reached" |
} |
reject |
} |
counterCoovaChilliMaxTotalOctetsDaily { reject = 1 } |
if (reject) { |
update reply { |
Reply-Message := "Your maximum daily usage volume has been reached" |
} |
reject |
} |
expiration { userlock = 1 } |
if (userlock) { |
update reply { |
Reply-Message := "Your expiration date has been reached" |
} |
userlock |
} |
logintime { userlock = 1 } |
if (userlock) { |
update reply { |
Reply-Message := "You are out your allowed time period" |
} |
userlock |
} |
pap |
} |
authenticate { |
Auth-Type PAP { |
pap |
} |
Auth-Type LDAP { |
ldap |
} |
} |
accounting { |
sql |
} |
session { |
sql |
} |
post-auth { |
Post-Auth-Type REJECT { |
update reply { |
Reply-Message = "Login failed" |
} |
attr_filter.access_reject |
} |
} |
} |
/conf/radius/queries.conf |
---|
0,0 → 1,341 |
# -*- text -*- |
## |
## query.conf -- MySQL configuration for default schema (schema.sql) |
## |
# Safe characters list for sql queries. Everything else is replaced |
# with their mime-encoded equivalents. |
# The default list should be ok (define in 'expr' module |
#safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" |
####################################################################### |
# Query config: Username |
####################################################################### |
# This is the username that will get substituted, escaped, and added |
# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below |
# everywhere a username substitution is needed so you you can be sure |
# the username passed from the client is escaped properly. |
# |
# Uncomment the next line, if you want the sql_user_name to mean: |
# |
# Use Stripped-User-Name, if it's there. |
# Else use User-Name, if it's there, |
# Else use hard-coded string "DEFAULT" as the user name. |
#sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}" |
# |
sql_user_name = "%{User-Name}" |
####################################################################### |
# Default profile |
####################################################################### |
# This is the default profile. It is found in SQL by group membership. |
# That means that this profile must be a member of at least one group |
# which will contain the corresponding check and reply items. |
# This profile will be queried in the authorize section for every user. |
# The point is to assign all users a default profile without having to |
# manually add each one to a group that will contain the profile. |
# The SQL module will also honor the User-Profile attribute. This |
# attribute can be set anywhere in the authorize section (ie the users |
# file). It is found exactly as the default profile is found. |
# If it is set then it will *overwrite* the default profile setting. |
# The idea is to select profiles based on checks on the incoming packets, |
# not on user group membership. For example: |
# -- users file -- |
# DEFAULT Service-Type == Outbound-User, User-Profile := "outbound" |
# DEFAULT Service-Type == Framed-User, User-Profile := "framed" |
# |
# By default the default_user_profile is not set |
# |
#default_user_profile = "DEFAULT" |
####################################################################### |
# NAS Query |
####################################################################### |
# This query retrieves the radius clients |
# |
# 0. Row ID (currently unused) |
# 1. Name (or IP address) |
# 2. Shortname |
# 3. Type |
# 4. Secret |
####################################################################### |
# nas_query = "SELECT id, nasname, shortname, type, secret FROM ${nas_table}" |
####################################################################### |
# Authorization Queries |
####################################################################### |
# These queries compare the check items for the user |
# in ${authcheck_table} and setup the reply items in |
# ${authreply_table}. You can use any query/tables |
# you want, but the return data for each row MUST |
# be in the following order: |
# |
# 0. Row ID (currently unused) |
# 1. UserName/GroupName |
# 2. Item Attr Name |
# 3. Item Attr Value |
# 4. Item Attr Operation |
####################################################################### |
# Use these for case sensitive usernames. |
authorize_check_query = "SELECT id, username, attribute, value, op \ |
FROM ${authcheck_table} \ |
WHERE username = BINARY '%{SQL-User-Name}' \ |
ORDER BY id" |
authorize_reply_query = "SELECT id, username, attribute, value, op \ |
FROM ${authreply_table} \ |
WHERE username = BINARY '%{SQL-User-Name}' \ |
ORDER BY id" |
# The default queries are case insensitive. (for compatibility with |
# older versions of FreeRADIUS) |
# authorize_check_query = "SELECT id, username, attribute, value, op \ |
# FROM ${authcheck_table} \ |
# WHERE username = '%{SQL-User-Name}' \ |
# ORDER BY id" |
# authorize_reply_query = "SELECT id, username, attribute, value, op \ |
# FROM ${authreply_table} \ |
# WHERE username = '%{SQL-User-Name}' \ |
# ORDER BY id" |
# Use these for case sensitive usernames. |
# group_membership_query = "SELECT groupname \ |
# FROM ${usergroup_table} \ |
# WHERE username = BINARY '%{SQL-User-Name}' \ |
# ORDER BY priority" |
# group_membership_query = "SELECT groupname \ |
# FROM ${usergroup_table} \ |
# WHERE username = '%{SQL-User-Name}' \ |
# ORDER BY priority" |
group_membership_query = "SELECT '%{SQL-User-Name}'" |
# authorize_group_check_query = "SELECT id, groupname, attribute, \ |
# Value, op \ |
# FROM ${groupcheck_table} \ |
# WHERE groupname = '%{Sql-Group}' \ |
# ORDER BY id" |
# authorize_group_reply_query = "SELECT id, groupname, attribute, \ |
# value, op \ |
# FROM ${groupreply_table} \ |
# WHERE groupname = '%{Sql-Group}' \ |
# ORDER BY id" |
authorize_group_check_query = "SELECT id, '%{SQL-User-Name}', attribute, value, op FROM ( \ |
( SELECT id, attribute, value, op FROM ${groupcheck_table} gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '%{SQL-User-Name}' ORDER BY ug.priority) UNION \ |
( SELECT id, attribute, value, op FROM ${groupcheck_table} WHERE groupname = '%{control:Tmp-String-0}') UNION \ |
( SELECT id, attribute, value, op FROM ${groupcheck_table} WHERE groupname = 'default') \ |
) attrs GROUP BY attribute" |
authorize_group_reply_query = "SELECT id, '%{SQL-User-Name}', attribute, value, op FROM ( \ |
( SELECT id, attribute, value, op FROM ${groupreply_table} gr LEFT JOIN radusergroup ug ON gr.groupname = ug.groupname WHERE username = '%{SQL-User-Name}' ORDER BY ug.priority) UNION \ |
( SELECT id, attribute, value, op FROM ${groupreply_table} WHERE groupname = '%{control:Tmp-String-0}') UNION \ |
( SELECT id, attribute, value, op FROM ${groupreply_table} WHERE groupname = 'default') \ |
) attrs GROUP BY attribute" |
####################################################################### |
# Accounting Queries |
####################################################################### |
# accounting_onoff_query - query for Accounting On/Off packets |
# accounting_update_query - query for Accounting update packets |
# accounting_update_query_alt - query for Accounting update packets |
# (alternate in case first query fails) |
# accounting_start_query - query for Accounting start packets |
# accounting_start_query_alt - query for Accounting start packets |
# (alternate in case first query fails) |
# accounting_stop_query - query for Accounting stop packets |
# accounting_stop_query_alt - query for Accounting start packets |
# (alternate in case first query doesn't |
# affect any existing rows in the table) |
####################################################################### |
accounting_onoff_query = "\ |
UPDATE ${acct_table1} \ |
SET \ |
acctstoptime = '%S', \ |
acctsessiontime = unix_timestamp('%S') - \ |
unix_timestamp(acctstarttime), \ |
acctterminatecause = '%{Acct-Terminate-Cause}', \ |
acctstopdelay = %{%{Acct-Delay-Time}:-0} \ |
WHERE acctstoptime IS NULL \ |
AND nasipaddress = '%{NAS-IP-Address}' \ |
AND acctstarttime <= '%S'" |
accounting_update_query = " \ |
UPDATE ${acct_table1} \ |
SET \ |
framedipaddress = '%{Framed-IP-Address}', \ |
acctsessiontime = '%{Acct-Session-Time}', \ |
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | \ |
'%{%{Acct-Input-Octets}:-0}', \ |
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | \ |
'%{%{Acct-Output-Octets}:-0}' \ |
WHERE acctsessionid = '%{Acct-Session-Id}' \ |
AND username = BINARY '%{SQL-User-Name}' \ |
AND nasipaddress = '%{NAS-IP-Address}'" |
accounting_update_query_alt = " \ |
INSERT INTO ${acct_table1} \ |
(acctsessionid, acctuniqueid, username, \ |
realm, nasipaddress, nasportid, \ |
nasporttype, acctstarttime, acctsessiontime, \ |
acctauthentic, connectinfo_start, acctinputoctets, \ |
acctoutputoctets, calledstationid, callingstationid, \ |
servicetype, framedprotocol, framedipaddress, \ |
acctstartdelay, xascendsessionsvrkey) \ |
VALUES \ |
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \ |
BINARY '%{SQL-User-Name}', \ |
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \ |
'%{NAS-Port-Type}', \ |
DATE_SUB('%S', \ |
INTERVAL (%{%{Acct-Session-Time}:-0} + \ |
%{%{Acct-Delay-Time}:-0}) SECOND), \ |
'%{Acct-Session-Time}', \ |
'%{Acct-Authentic}', '', \ |
'%{%{Acct-Input-Gigawords}:-0}' << 32 | \ |
'%{%{Acct-Input-Octets}:-0}', \ |
'%{%{Acct-Output-Gigawords}:-0}' << 32 | \ |
'%{%{Acct-Output-Octets}:-0}', \ |
'%{Called-Station-Id}', '%{Calling-Station-Id}', \ |
'%{Service-Type}', '%{Framed-Protocol}', \ |
'%{Framed-IP-Address}', \ |
'0', '%{X-Ascend-Session-Svr-Key}')" |
accounting_start_query = " \ |
INSERT INTO ${acct_table1} \ |
(acctsessionid, acctuniqueid, username, \ |
realm, nasipaddress, nasportid, \ |
nasporttype, acctstarttime, acctstoptime, \ |
acctsessiontime, acctauthentic, connectinfo_start, \ |
connectinfo_stop, acctinputoctets, acctoutputoctets, \ |
calledstationid, callingstationid, acctterminatecause, \ |
servicetype, framedprotocol, framedipaddress, \ |
acctstartdelay, acctstopdelay, xascendsessionsvrkey) \ |
VALUES \ |
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \ |
BINARY '%{SQL-User-Name}', \ |
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \ |
'%{NAS-Port-Type}', '%S', NULL, \ |
'0', '%{Acct-Authentic}', '%{Connect-Info}', \ |
'', '0', '0', \ |
'%{Called-Station-Id}', '%{Calling-Station-Id}', '', \ |
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', \ |
'%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')" |
accounting_start_query_alt = " \ |
UPDATE ${acct_table1} SET \ |
acctstarttime = '%S', \ |
acctstartdelay = '%{%{Acct-Delay-Time}:-0}', \ |
connectinfo_start = '%{Connect-Info}' \ |
WHERE acctsessionid = '%{Acct-Session-Id}' \ |
AND username = BINARY '%{SQL-User-Name}' \ |
AND nasipaddress = '%{NAS-IP-Address}'" |
accounting_stop_query = " \ |
UPDATE ${acct_table2} SET \ |
acctstoptime = '%S', \ |
acctsessiontime = '%{Acct-Session-Time}', \ |
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | \ |
'%{%{Acct-Input-Octets}:-0}', \ |
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | \ |
'%{%{Acct-Output-Octets}:-0}', \ |
acctterminatecause = '%{Acct-Terminate-Cause}', \ |
acctstopdelay = '%{%{Acct-Delay-Time}:-0}', \ |
connectinfo_stop = '%{Connect-Info}' \ |
WHERE acctsessionid = '%{Acct-Session-Id}' \ |
AND username = BINARY '%{SQL-User-Name}' \ |
AND nasipaddress = '%{NAS-IP-Address}'" |
accounting_stop_query_alt = " \ |
INSERT INTO ${acct_table2} \ |
(acctsessionid, acctuniqueid, username, \ |
realm, nasipaddress, nasportid, \ |
nasporttype, acctstarttime, acctstoptime, \ |
acctsessiontime, acctauthentic, connectinfo_start, \ |
connectinfo_stop, acctinputoctets, acctoutputoctets, \ |
calledstationid, callingstationid, acctterminatecause, \ |
servicetype, framedprotocol, framedipaddress, \ |
acctstartdelay, acctstopdelay) \ |
VALUES \ |
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \ |
BINARY '%{SQL-User-Name}', \ |
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \ |
'%{NAS-Port-Type}', \ |
DATE_SUB('%S', \ |
INTERVAL (%{%{Acct-Session-Time}:-0} + \ |
%{%{Acct-Delay-Time}:-0}) SECOND), \ |
'%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', \ |
'%{Connect-Info}', \ |
'%{%{Acct-Input-Gigawords}:-0}' << 32 | \ |
'%{%{Acct-Input-Octets}:-0}', \ |
'%{%{Acct-Output-Gigawords}:-0}' << 32 | \ |
'%{%{Acct-Output-Octets}:-0}', \ |
'%{Called-Station-Id}', '%{Calling-Station-Id}', \ |
'%{Acct-Terminate-Cause}', \ |
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', \ |
'0', '%{%{Acct-Delay-Time}:-0}')" |
# We add the following patch (freeradius V2 to V3) in order ALCASAR works |
# be carefull : 'tolower' need now the 'expr' module |
accounting { |
reference = "%{tolower:type.%{Acct-Status-Type}.query}" |
type { |
accounting-on { |
query = "${....accounting_onoff_query}" |
} |
accounting-off { |
query = "${....accounting_onoff_query}" |
} |
start { |
query = "${....accounting_start_query}" |
query = "${....accounting_start_query_alt}" |
} |
interim-update { |
query = "${....accounting_update_query}" |
query = "${....accounting_update_query_alt}" |
} |
stop { |
query = "${....accounting_stop_query}" |
query = "${....accounting_stop_query_alt}" |
} |
} |
} |
####################################################################### |
# Simultaneous Use Checking Queries |
####################################################################### |
# simul_count_query - query for the number of current connections |
# - If this is not defined, no simultaneouls use checking |
# - will be performed by this module instance |
# simul_verify_query - query to return details of current connections for verification |
# - Leave blank or commented out to disable verification step |
# - Note that the returned field order should not be changed. |
####################################################################### |
# Uncomment simul_count_query to enable simultaneous use checking |
simul_count_query = "SELECT COUNT(*) \ |
FROM ${acct_table1} \ |
WHERE username = BINARY '%{SQL-User-Name}' \ |
AND acctstoptime IS NULL" |
#simul_verify_query = "SELECT radacctid, acctsessionid, username, \ |
#nasipaddress, nasportid, framedipaddress, \ |
#callingstationid, framedprotocol \ |
#FROM ${acct_table1} \ |
#WHERE username = '%{SQL-User-Name}' \ |
#AND acctstoptime IS NULL" |
####################################################################### |
# Authentication Logging Queries |
####################################################################### |
# postauth_query - Insert some info after authentication |
####################################################################### |
# (username, pass, reply, authdate) \ |
# '%{%{User-Password}:-%{Chap-Password}}', \ |
postauth_query = "INSERT INTO ${postauth_table} \ |
(username, reply, authdate) \ |
VALUES ( \ |
BINARY '%{User-Name}', \ |
'%{reply:Packet-Type}', '%S')" |
# We add the following patch (freeradius V2 to V3) in order ALCASAR works |
post-auth { |
query = "${..postauth_query}" |
} |
/conf/radius/ldap-alcasar |
---|
0,0 → 1,44 |
# -*- text -*- |
# Lightweight Directory Access Protocol (LDAP) module for ALCASAR |
ldap { |
server = "localhost" |
port = 389 |
identity = "cn=alcasaradmin;cn=Users;dc=serverad;dc=com" |
password = "mypass" |
base_dn = "cn=Users;dc=serverad;dc=com" |
user { |
base_dn = "${..base_dn}" |
# "samaccountname=" for AD; "uid=" for LDAP |
filter = (samaccountname=%{%{Stripped-User-Name}:-%{User-Name}}) |
} |
options { |
chase_referrals = yes |
rebind = yes |
res_timeout = 10 |
srv_timelimit = 3 |
net_timeout = 1 |
idle = 60 |
probes = 3 |
interval = 3 |
# ldap_debug = 0x0129 |
} |
tls { |
# start_tls = yes |
# ca_file = /etc/raddb/certs/alcasar-ldaps.crt |
# ca_path = ${certdir} |
# certificate_file = /path/to/radius.crt |
# private_key_file = /path/to/radius.key |
# random_file = /dev/urandom |
# require_cert = 'demand' |
} |
pool { |
start = 5 |
min = 3 |
max = 10 |
uses = 0 |
retry_delay = 30 |
lifetime = 0 |
idle_timeout = 60 |
} |
} |
/conf/radius/sqlcounter |
---|
0,0 → 1,70 |
sqlcounter dailycounter { |
sql_module_instance = sql |
counter_name = Daily-Session-Time |
check_name = Max-Daily-Session |
reply_name = Session-Timeout |
key = User-Name |
reset = daily |
query = "SELECT IFNULL((SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='%{${key}}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'), 0)" |
} |
sqlcounter monthlycounter { |
sql_module_instance = sql |
counter_name = Monthly-Session-Time |
check_name = Max-Monthly-Session |
reply_name = Session-Timeout |
key = User-Name |
reset = monthly |
query = "SELECT IFNULL((SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='%{${key}}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'), 0)" |
} |
sqlcounter noresetcounter { |
sql_module_instance = sql |
counter_name = Max-All-Session-Time |
check_name = Max-All-Session |
key = User-Name |
reset = never |
query = "SELECT IFNULL(SUM(AcctSessionTime), 0) FROM radacct WHERE username='%{${key}}'" |
} |
sqlcounter expire_on_login { |
sql_module_instance = sql |
counter_name = Alcasar-Expire-After-Initial-Login |
check_name = Alcasar-Expire-After |
key = User-Name |
reset = never |
query = "SELECT IFNULL((SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) FROM radacct WHERE username='%{${key}}' ORDER BY acctstarttime LIMIT 1), 0)" |
} |
sqlcounter counterCoovaChilliMaxTotalOctetsDaily { |
sql_module_instance = sql |
counter_name = CoovaChilli-Max-Total-Octets-Daily |
check_name = CoovaChilli-Max-Total-Octets-Daily |
counter_type = data |
reply_name = CoovaChilli-Max-Total-Octets |
key = User-Name |
reset = daily |
query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)), 0) FROM radacct WHERE username='%{${key}}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" |
} |
sqlcounter counterCoovaChilliMaxTotalOctetsMonthly { |
sql_module_instance = sql |
counter_name = CoovaChilli-Max-Total-Octets-Monthly |
check_name = CoovaChilli-Max-Total-Octets-Monthly |
counter_type = data |
reply_name = CoovaChilli-Max-Total-Octets |
key = User-Name |
reset = monthly |
query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0) FROM radacct WHERE username='%{${key}}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%%b'" |
} |
sqlcounter counterCoovaChilliMaxAllTotalOctets { |
sql_module_instance = sql |
counter_name = CoovaChilli-Max-All-Total-Octets |
check_name = CoovaChilli-Max-Total-Octets |
counter_type = data |
reply_name = CoovaChilli-Max-Total-Octets |
key = User-Name |
reset = never |
query = "SELECT IFNULL((SUM(AcctInputOctets + AcctOutputOctets)),0) FROM radacct WHERE username='%{${key}}'" |
} |
/conf/radius/dictionary.alcasar |
---|
0,0 → 1,37 |
# -*- text -*- |
############################################################################## |
# |
# ALCASAR dictionary. |
# |
# $Id$ |
# |
############################################################################## |
VENDOR Alcasar 35134 |
BEGIN-VENDOR Alcasar |
ATTRIBUTE Alcasar-Filter 1 integer |
VALUE Alcasar-Filter None 1 |
VALUE Alcasar-Filter HAVP 2 |
VALUE Alcasar-Filter BL 3 |
VALUE Alcasar-Filter WL 4 |
ATTRIBUTE Alcasar-Protocols-Filter 2 integer |
VALUE Alcasar-Protocols-Filter None 1 |
VALUE Alcasar-Protocols-Filter Web 2 |
VALUE Alcasar-Protocols-Filter Commons 3 |
VALUE Alcasar-Protocols-Filter Custom 4 |
ATTRIBUTE Alcasar-Imputability-Warning 3 integer |
VALUE Alcasar-Imputability-Warning Yes 1 |
ATTRIBUTE Alcasar-Status-Page-Must-Stay-Open 4 integer |
VALUE Alcasar-Status-Page-Must-Stay-Open Yes 1 |
VALUE Alcasar-Status-Page-Must-Stay-Open No 2 |
ATTRIBUTE Alcasar-Expire-After 5 integer |
ATTRIBUTE Alcasar-Reconnect-Timeout 6 integer |
END-VENDOR Alcasar |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:keywords |
+Id |
\ No newline at end of property |
/conf/nfsen/nfsen-ng.tar.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/conf/banner |
---|
0,0 → 1,9 |
db 88 ,ad8888ba, db ad88888ba db 88888888ba |
d88b 88 d8"' `"8b d88b d8" "8b d88b 88 "8b |
d8'`8b 88 d8' d8'`8b Y8, d8'`8b 88 ,8P |
d8' `8b 88 88 d8' `8b `Y8aaaaa, d8' `8b 88aaaaaa8P' |
d8YaaaaY8b 88 88 d8YaaaaY8b `"""""8b, d8YaaaaY8b 88""""88' |
d8""""""""8b 88 Y8, d8""""""""8b `8b d8""""""""8b 88 `8b |
d8' `8b 88 Y8a. .a8P d8' `8b Y8a a8P d8' `8b 88 `8b |
d8' `8b 88888888888 `"Y8888Y"' d8' `8b "Y88888P" d8' `8b 88 `8b |
/conf/empty-gammu-smsd-db.sql |
---|
0,0 → 1,482 |
-- |
-- Database for Gammu SMSD |
-- |
-- In case you get errors about not supported charset, please |
-- replace utf8mb4 with utf8. |
-- -------------------------------------------------------- |
-- |
-- Table structure for table `gammu` |
-- |
CREATE TABLE `gammu` ( |
`Version` integer NOT NULL default '0' PRIMARY KEY |
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4; |
-- |
-- Dumping data for table `gammu` |
-- |
INSERT INTO `gammu` (`Version`) VALUES (17); |
-- -------------------------------------------------------- |
-- |
-- Table structure for table `inbox` |
-- |
CREATE TABLE `inbox` ( |
`UpdatedInDB` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, |
`ReceivingDateTime` timestamp NOT NULL default '0000-00-00 00:00:00', |
`Text` text NOT NULL, |
`SenderNumber` varchar(20) NOT NULL default '', |
`Coding` enum('Default_No_Compression','Unicode_No_Compression','8bit','Default_Compression','Unicode_Compression') NOT NULL default 'Default_No_Compression', |
`UDH` text NOT NULL, |
`SMSCNumber` varchar(20) NOT NULL default '', |
`Class` integer NOT NULL default '-1', |
`TextDecoded` text NOT NULL, |
`ID` integer unsigned NOT NULL auto_increment, |
`RecipientID` text NOT NULL, |
`Processed` enum('false','true') NOT NULL default 'false', |
`Status` integer NOT NULL default '-1', |
PRIMARY KEY `ID` (`ID`) |
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ; |
-- -------------------------------------------------------- |
-- |
-- Table structure for table `outbox` |
-- |
CREATE TABLE `outbox` ( |
`UpdatedInDB` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, |
`InsertIntoDB` timestamp NOT NULL default '0000-00-00 00:00:00', |
`SendingDateTime` timestamp NOT NULL default '0000-00-00 00:00:00', |
`SendBefore` time NOT NULL DEFAULT '23:59:59', |
`SendAfter` time NOT NULL DEFAULT '00:00:00', |
`Text` text, |
`DestinationNumber` varchar(20) NOT NULL default '', |
`Coding` enum('Default_No_Compression','Unicode_No_Compression','8bit','Default_Compression','Unicode_Compression') NOT NULL default 'Default_No_Compression', |
`UDH` text, |
`Class` integer default '-1', |
`TextDecoded` text NOT NULL, |
`ID` integer unsigned NOT NULL auto_increment, |
`MultiPart` enum('false','true') default 'false', |
`RelativeValidity` integer default '-1', |
`SenderID` varchar(255), |
`SendingTimeOut` timestamp NULL default '0000-00-00 00:00:00', |
`DeliveryReport` enum('default','yes','no') default 'default', |
`CreatorID` text NOT NULL, |
`Retries` int(3) default 0, |
`Priority` integer default 0, |
`Status` enum('SendingOK','SendingOKNoReport','SendingError','DeliveryOK','DeliveryFailed','DeliveryPending','DeliveryUnknown','Error','Reserved') NOT NULL default 'Reserved', |
`StatusCode` integer NOT NULL default '-1', |
PRIMARY KEY `ID` (`ID`) |
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4; |
CREATE INDEX outbox_date ON outbox(SendingDateTime, SendingTimeOut); |
CREATE INDEX outbox_sender ON outbox(SenderID(250)); |
-- -------------------------------------------------------- |
-- |
-- Table structure for table `outbox_multipart` |
-- |
CREATE TABLE `outbox_multipart` ( |
`Text` text, |
`Coding` enum('Default_No_Compression','Unicode_No_Compression','8bit','Default_Compression','Unicode_Compression') NOT NULL default 'Default_No_Compression', |
`UDH` text, |
`Class` integer default '-1', |
`TextDecoded` text, |
`ID` integer unsigned NOT NULL default '0', |
`SequencePosition` integer NOT NULL default '1', |
`Status` enum('SendingOK','SendingOKNoReport','SendingError','DeliveryOK','DeliveryFailed','DeliveryPending','DeliveryUnknown','Error','Reserved') NOT NULL default 'Reserved', |
`StatusCode` integer NOT NULL default '-1', |
PRIMARY KEY (`ID`, `SequencePosition`) |
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4; |
-- -------------------------------------------------------- |
-- |
-- Table structure for table `phones` |
-- |
CREATE TABLE `phones` ( |
`ID` text NOT NULL, |
`UpdatedInDB` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, |
`InsertIntoDB` timestamp NOT NULL default '0000-00-00 00:00:00', |
`TimeOut` timestamp NOT NULL default '0000-00-00 00:00:00', |
`Send` enum('yes','no') NOT NULL default 'no', |
`Receive` enum('yes','no') NOT NULL default 'no', |
`IMEI` varchar(35) NOT NULL, |
`IMSI` varchar(35) NOT NULL, |
`NetCode` varchar(10) default 'ERROR', |
`NetName` varchar(35) default 'ERROR', |
`Client` text NOT NULL, |
`Battery` integer NOT NULL DEFAULT -1, |
`Signal` integer NOT NULL DEFAULT -1, |
`Sent` int NOT NULL DEFAULT 0, |
`Received` int NOT NULL DEFAULT 0, |
PRIMARY KEY (`IMEI`) |
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4; |
-- -------------------------------------------------------- |
-- |
-- Table structure for table `sentitems` |
-- |
CREATE TABLE `sentitems` ( |
`UpdatedInDB` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, |
`InsertIntoDB` timestamp NOT NULL default '0000-00-00 00:00:00', |
`SendingDateTime` timestamp NOT NULL default '0000-00-00 00:00:00', |
`DeliveryDateTime` timestamp NULL, |
`Text` text NOT NULL, |
`DestinationNumber` varchar(20) NOT NULL default '', |
`Coding` enum('Default_No_Compression','Unicode_No_Compression','8bit','Default_Compression','Unicode_Compression') NOT NULL default 'Default_No_Compression', |
`UDH` text NOT NULL, |
`SMSCNumber` varchar(20) NOT NULL default '', |
`Class` integer NOT NULL default '-1', |
`TextDecoded` text NOT NULL, |
`ID` integer unsigned NOT NULL default '0', |
`SenderID` varchar(255) NOT NULL, |
`SequencePosition` integer NOT NULL default '1', |
`Status` enum('SendingOK','SendingOKNoReport','SendingError','DeliveryOK','DeliveryFailed','DeliveryPending','DeliveryUnknown','Error') NOT NULL default 'SendingOK', |
`StatusError` integer NOT NULL default '-1', |
`TPMR` integer NOT NULL default '-1', |
`RelativeValidity` integer NOT NULL default '-1', |
`CreatorID` text NOT NULL, |
`StatusCode` integer NOT NULL default '-1', |
PRIMARY KEY (`ID`, `SequencePosition`) |
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4; |
CREATE INDEX sentitems_date ON sentitems(DeliveryDateTime); |
CREATE INDEX sentitems_tpmr ON sentitems(TPMR); |
CREATE INDEX sentitems_dest ON sentitems(DestinationNumber); |
CREATE INDEX sentitems_sender ON sentitems(SenderID(250)); |
-- |
-- Triggers for setting default timestamps |
-- |
DELIMITER // |
CREATE TRIGGER inbox_timestamp BEFORE INSERT ON inbox |
FOR EACH ROW |
BEGIN |
IF NEW.ReceivingDateTime = '0000-00-00 00:00:00' THEN |
SET NEW.ReceivingDateTime = CURRENT_TIMESTAMP(); |
END IF; |
END;// |
CREATE TRIGGER outbox_timestamp BEFORE INSERT ON outbox |
FOR EACH ROW |
BEGIN |
IF NEW.InsertIntoDB = '0000-00-00 00:00:00' THEN |
SET NEW.InsertIntoDB = CURRENT_TIMESTAMP(); |
END IF; |
IF NEW.SendingDateTime = '0000-00-00 00:00:00' THEN |
SET NEW.SendingDateTime = CURRENT_TIMESTAMP(); |
END IF; |
IF NEW.SendingTimeOut = '0000-00-00 00:00:00' THEN |
SET NEW.SendingTimeOut = CURRENT_TIMESTAMP(); |
END IF; |
END;// |
CREATE TRIGGER phones_timestamp BEFORE INSERT ON phones |
FOR EACH ROW |
BEGIN |
IF NEW.InsertIntoDB = '0000-00-00 00:00:00' THEN |
SET NEW.InsertIntoDB = CURRENT_TIMESTAMP(); |
END IF; |
IF NEW.TimeOut = '0000-00-00 00:00:00' THEN |
SET NEW.TimeOut = CURRENT_TIMESTAMP(); |
END IF; |
END;// |
CREATE TRIGGER sentitems_timestamp BEFORE INSERT ON sentitems |
FOR EACH ROW |
BEGIN |
IF NEW.InsertIntoDB = '0000-00-00 00:00:00' THEN |
SET NEW.InsertIntoDB = CURRENT_TIMESTAMP(); |
END IF; |
IF NEW.SendingDateTime = '0000-00-00 00:00:00' THEN |
SET NEW.SendingDateTime = CURRENT_TIMESTAMP(); |
END IF; |
END;// |
DELIMITER ; |
---------------------------------------- |
----- ALCASAR specific table -------- |
---------------------------------------- |
-- |
-- Table structure for table `SMS_ban_perm` |
-- |
CREATE TABLE IF NOT EXISTS `SMS_ban_perm` ( |
`SenderNumber` varchar(20) CHARACTER SET utf8 NOT NULL, |
`Expiration` varchar(255) CHARACTER SET utf8 NOT NULL, |
`Perm` int(11) NOT NULL, |
`date_add` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, |
PRIMARY KEY (`SenderNumber`) |
) ENGINE=MyISAM DEFAULT CHARSET=utf32; |
-- |
-- Table structure for table `SMS_ban_temp` |
-- |
CREATE TABLE IF NOT EXISTS `SMS_ban_temp` ( |
`ID` int(11) NOT NULL AUTO_INCREMENT, |
`SenderNumber` varchar(20) NOT NULL, |
PRIMARY KEY (`ID`) |
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; |
-- |
-- Table structure for table `SMS_country` |
-- |
CREATE TABLE IF NOT EXISTS `SMS_country` ( |
`name` varchar(50) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, |
`id` varchar(20) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL, |
`status` int(1) NOT NULL DEFAULT '0', |
PRIMARY KEY (`name`) |
) ENGINE=MyISAM DEFAULT CHARSET=utf8; |
-- |
-- Dumping data for table `SMS_country` |
-- |
INSERT INTO `SMS_country` (`name`, `id`, `status`) VALUES |
('Afghanistan', '+93', 0), |
('Afrique du Sud', '+27', 0), |
('Albanie', '+355', 0), |
('Algerie', '+213', 0), |
('Allemagne', '+49', 0), |
('Andorre', '+376', 0), |
('Angleterre', '+44', 0), |
('Angola', '+244', 0), |
('Anguilla', '+1264', 0), |
('Antigua et Barbuda', '+1268', 0), |
('Arabie Saoudite', '+966', 0), |
('Argentine', '+54', 0), |
('Armenie', '+374', 0), |
('Aruba', '+297', 0), |
('Australie', '+61', 0), |
('Autriche', '+43', 0), |
('Azerbaidjan', '+994', 0), |
('Bahamas', '+1242', 0), |
('Bahrein', '+973', 0), |
('Bangladesh', '+880', 0), |
('Barbade', '+1246', 0), |
('Belgique', '+32', 0), |
('Benin', '+229', 0), |
('Bermudes', '+1441', 0), |
('Bhoutan', '+975', 0), |
('Bielorussie', '+375', 0), |
('Birmanie', '+95', 0), |
('Bolivie', '+591', 0), |
('Bonaire', '+599', 0), |
('Bosnie', '+387', 0), |
('Botswana', '+267', 0), |
('Bresil', '+55', 0), |
('Brunei', '+673', 0), |
('Bulgarie', '+359', 0), |
('Burkina Faso', '+226', 0), |
('Burundi', '+257', 0), |
('Cambodge', '+855', 0), |
('Cameroun', '+237', 0), |
('Canada', '+1', 0), |
('Cap Vert', '+238', 0), |
('Chili', '+56', 0), |
('Chine', '+86', 0), |
('Chypre', '+357', 0), |
('Colombie', '+57', 0), |
('Comores', '+269', 0), |
('Congo RDC', '+243', 0), |
('Congo RPC', '+242', 0), |
('Coree du Nord', '+850', 0), |
('Coree du Sud', '+82', 0), |
('Costa Rica 1', '+501', 0), |
('Costa Rica 2', '+506', 0), |
('Cote d Ivoire', '+225', 0), |
('Croatie', '+385', 0), |
('Cuba', '+53', 0), |
('Curacao', '+599', 0), |
('Danemark', '+45', 0), |
('Djibouti', '+253', 0), |
('Dominique', '+1767', 0), |
('Egypte', '+20', 0), |
('El Salvador', '+503', 0), |
('Emirats Arabes Unis', '+971', 0), |
('Equateur', '+593', 0), |
('Erythree', '+291', 0), |
('Espagne', '+34', 0), |
('Estonie', '+372', 0), |
('Etats-Unis', '+1', 0), |
('Ethiopie', '+251', 0), |
('Falklands Malouines', '+500', 0), |
('Finlande', '+358', 0), |
('France', '+33', 1), |
('Gabon', '+241', 0), |
('Gambie', '+220', 0), |
('Georgie', '+995', 0), |
('Ghana', '+233', 0), |
('Gibraltar', '+350', 0), |
('Grece', '+30', 0), |
('Grenade', '+1473', 0), |
('Groenland', '+299', 0), |
('Guadeloupe', '+590', 0), |
('Guatemala', '+502', 0), |
('Guernesey', '+441481', 0), |
('Guinee', '+224', 0), |
('Guinee Bissau', '+245', 0), |
('Guinee Equatoriale', '+240', 0), |
('Guyana', '+5921', 0), |
('Guyane France', '+594', 0), |
('Haiti', '+509', 0), |
('Herm', '+441481', 0), |
('Honduras', '+504', 0), |
('Hong Kong', '+852', 0), |
('Hongrie', '+36', 0), |
('Ile de Ascension', '+247', 0), |
('Ile Maurice', '+230', 0), |
('Iles Cayman', '+1345', 0), |
('Iles Christmas', '+61', 0), |
('Iles Coco', '+61', 0), |
('Iles Cook', '+682', 0), |
('Iles Fidji', '+679', 0), |
('Iles Mariannes', '+1670', 0), |
('Iles Marshall', '+692', 0), |
('Iles Salomon', '+677', 0), |
('Iles Vierges GB', '+1284', 0), |
('Iles Vierges USA', '+1340', 0), |
('Inde', '+91', 0), |
('Indonesie', '+62', 0), |
('Irak', '+964', 0), |
('Iran', '+98', 0), |
('Irlande', '+353', 0), |
('Islande', '+354', 0), |
('Israel', '+972', 0), |
('Italie', '+39', 0), |
('Jamaique', '+1876', 0), |
('Japon', '+81', 0), |
('Jersey', '+441534', 0), |
('Jordanie', '+962', 0), |
('Kazakhstan', '+7', 0), |
('Kenya', '+254', 0), |
('Kirghizistan', '+996', 0), |
('Kiribati', '+686', 0), |
('Koweit', '+965', 0), |
('Laos', '+856', 0), |
('Lesotho', '+266', 0), |
('Lettonie', '+371', 0), |
('Liban', '+961', 0), |
('Libye', '+218', 0), |
('Liechtenstein', '+423', 0), |
('Lituanie', '+370', 0), |
('Luxembourg', '+352', 0), |
('Macao', '+853', 0), |
('Macedoine', '+389', 0), |
('Madagascar', '+261', 0), |
('Malaisie', '+60', 0), |
('Malawi', '+265', 0), |
('Maldives', '+960', 0), |
('Mali', '+223', 0), |
('Malte', '+356', 0), |
('Maroc', '+212', 0), |
('Martinique', '+596', 0), |
('Mauritanie', '+222', 0), |
('Mayotte', '+269', 0), |
('Mexique', '+52', 0), |
('Micronesie', '+691', 0), |
('Moldavie', '+373', 0), |
('Monaco', '+377', 0), |
('Mongolie', '+9761', 0), |
('Montserrat', '+1664', 0), |
('Mozambique', '+258', 0), |
('Namibie', '+264', 0), |
('Nauru', '+674', 0), |
('Nepal', '+977', 0), |
('Nicaragua', '+505', 0), |
('Niger', '+227', 0), |
('Nigeria', '+2349', 0), |
('Norvege', '+47', 0), |
('Nouvelle Caledonie', '+687', 0), |
('Nouvelle Zelande', '+64', 0), |
('Oman', '+968', 0), |
('Ouganda', '+2560', 0), |
('Ouzbekistan', '+998', 0), |
('Pakistan', '+92', 0), |
('Palau', '+680', 0), |
('Palestine', '+970', 0), |
('Panama', '+507', 0), |
('Papouasie Nouvelle Guinee', '+675', 0), |
('Paraguay', '+595', 0), |
('Pays-Bas', '+31', 0), |
('Perou', '+51', 0), |
('Philippines', '+63', 0), |
('Pologne', '+48', 0), |
('Polynesie France', '+689', 0), |
('Porto Rico', '+1787', 0), |
('Portugal', '+351', 0), |
('Qatar', '+974', 0), |
('Republique Centrafricaine', '+236', 0), |
('Republique Dominicaine', '+1809', 0), |
('Republique Tcheque', '+420', 0), |
('Reunion', '+262', 0), |
('Roumanie', '+40', 0), |
('Royaume Uni', '+44', 0), |
('Russie', '+7', 0), |
('Rwanda', '+250', 0), |
('Saint Marin (Rep.)', '+378', 0), |
('Sainte Lucie', '+1758', 0), |
('Samoa occidental', '+685', 0), |
('Sao Tome et Principe', '+239', 0), |
('Senegal', '+221', 0), |
('Serbie', '+381', 0), |
('Sercq', '+441481', 0), |
('Seychelles', '+248', 0), |
('Sierra Leone', '+232', 0), |
('Singapour', '+65', 0), |
('Slovaquie', '+421', 0), |
('Slovenie', '+386', 0), |
('Somalie', '+252', 0), |
('Soudan', '+249', 0), |
('Sri Lanka', '+94', 0), |
('St Kitts', '+1869', 0), |
('St Pierre et Miquelon', '+508', 0), |
('St Vincent et les Grenadines', '+1784', 0), |
('Suede', '+46', 0), |
('Suisse', '+41', 0), |
('Surinam', '+597', 0), |
('Swaziland', '+268', 0), |
('Syrie', '+963', 0), |
('Tadjikistan', '+992', 0), |
('Taiwan', '+886', 0), |
('Tanzanie', '+255', 0), |
('Tchad', '+235', 0), |
('Thailande', '+661', 0), |
('Togo', '+228', 0), |
('Tonga', '+676', 0), |
('Trinidad et Tobago', '+1868', 0), |
('Tunisie', '+216', 0), |
('Turkmenistan', '+993', 0), |
('Turks et Caicos', '+1649', 0), |
('Turquie', '+90', 0), |
('Tuvalu', '+688', 0), |
('Ukraine', '+380', 0), |
('Uruguay', '+598', 0), |
('Vanuatu', '+678', 0), |
('Vatican', '+379', 0), |
('Venezuela', '+58', 0), |
('Vietnam', '+84', 0), |
('Wallis et Futuna', '+681', 0), |
('Yemen', '+967', 0), |
('Zambie', '+260', 0), |
('Zimbabwe', '+263', 0), |
('FILTRAGE', 'fr', 0); |
/conf/grub-10_linux |
---|
0,0 → 1,307 |
#! /bin/sh |
set -e |
# grub-mkconfig helper script. |
# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc. |
# |
# GRUB is free software: you can redistribute it and/or modify |
# it under the terms of the GNU General Public License as published by |
# the Free Software Foundation, either version 3 of the License, or |
# (at your option) any later version. |
# |
# GRUB is distributed in the hope that it will be useful, |
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
# GNU General Public License for more details. |
# |
# You should have received a copy of the GNU General Public License |
# along with GRUB. If not, see <http://www.gnu.org/licenses/>. |
prefix="/usr" |
exec_prefix="/usr" |
datarootdir="/usr/share" |
. "$pkgdatadir/grub-mkconfig_lib" |
export TEXTDOMAIN=grub |
export TEXTDOMAINDIR="${datarootdir}/locale" |
if [ -e /boot/grub2/user.cfg ] && grep -q GRUB2_PASSWORD /boot/grub2/user.cfg; then |
CLASS="--class gnu-linux --class gnu --class os --unrestricted" |
fi |
if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then |
OS="$(eval $(grep PRETTY_NAME /etc/os-release) ; echo ${PRETTY_NAME})" |
CLASS="--class $(eval $(grep '^ID_LIKE=\|^ID=' /etc/os-release) ; [ -n "${ID_LIKE}" ] && echo ${ID_LIKE} || echo ${ID}) ${CLASS}" |
else |
OS="${GRUB_DISTRIBUTOR}" |
CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" |
fi |
# loop-AES arranges things so that /dev/loop/X can be our root device, but |
# the initrds that Linux uses don't like that. |
case ${GRUB_DEVICE} in |
/dev/loop/*|/dev/loop[0-9]) |
GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"` |
;; |
esac |
# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter |
# and mounting btrfs requires user space scanning, so force UUID in this case. |
if [ "x${GRUB_DEVICE_UUID}" = "x" ] || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ |
|| ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" && [ "x${DURING_INSTALL}" != "x1" ] ) \ |
|| ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then |
LINUX_ROOT_DEVICE=${GRUB_DEVICE} |
else |
LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} |
fi |
case x"$GRUB_FS" in |
xbtrfs) |
rootsubvol="`make_system_path_relative_to_its_root /`" |
rootsubvol="${rootsubvol#/}" |
if [ "x${rootsubvol}" != x ]; then |
GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" |
fi;; |
xzfs) |
rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` |
bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`" |
LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs}" |
;; |
esac |
mktitle () |
{ |
local OS_NAME="$(eval $(grep ^NAME= /etc/os-release) ; echo ${NAME})" |
local OS_VERS="$(eval $(grep ^VERSION= /etc/os-release) ; echo ${VERSION})" |
local titlestr="${OS_NAME} (%s) ${OS_VERS}" |
echo -n ${titlestr} |
} |
title_correction_code= |
linux_entry () |
{ |
os="$1" |
version="$2" |
type="$3" |
args="$4" |
sixteenbit="" |
linuxefi="linux" |
initrdefi="initrd" |
case "$machine" in |
i?86|x86_64) |
sixteenbit="16" |
linuxefi="linuxefi" |
initrdefi="initrdefi" |
;; |
aarch64) |
linuxefi="linux" |
initrdefi="initrd" |
;; |
esac |
if [ -z "$boot_device_id" ]; then |
boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" |
fi |
if [ x$type != xsimple ] ; then |
case $type in |
recovery) |
title="$(printf "$(mktitle) (recovery mode)" "${version}")" ;; |
*) |
title="$(printf "$(mktitle)" "${version}")" ;; |
esac |
if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then |
replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')" |
quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" |
title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" |
fi |
echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" |
else |
echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" |
fi |
if [ x$type != xrecovery ] ; then |
save_default_entry | grub_add_tab |
fi |
# Use ELILO's generic "efifb" when it's known to be available. |
# FIXME: We need an interface to select vesafb in case efifb can't be used. |
if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then |
echo " load_video" | sed "s/^/$submenu_indentation/" |
if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \ |
&& grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2> /dev/null; then |
echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/" |
fi |
else |
if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then |
echo " load_video" | sed "s/^/$submenu_indentation/" |
fi |
echo " set gfxpayload=$GRUB_GFXPAYLOAD_LINUX" | sed "s/^/$submenu_indentation/" |
fi |
echo " insmod gzio" | sed "s/^/$submenu_indentation/" |
if [ x$dirname = x/ ]; then |
if [ -z "${prepare_root_cache}" ]; then |
prepare_root_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE} | grub_add_tab)" |
fi |
printf '%s\n' "${prepare_root_cache}" | sed "s/^/$submenu_indentation/" |
else |
if [ -z "${prepare_boot_cache}" ]; then |
prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)" |
fi |
printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/" |
fi |
if [ -d /sys/firmware/efi ]; then |
sed "s/^/$submenu_indentation/" << EOF |
${linuxefi} ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} |
EOF |
else |
sed "s/^/$submenu_indentation/" << EOF |
linux${sixteenbit} ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} |
EOF |
fi |
if test -n "${initrd}" ; then |
if [ -d /sys/firmware/efi ]; then |
sed "s/^/$submenu_indentation/" << EOF |
${initrdefi} ${rel_dirname}/${initrd} |
EOF |
else |
sed "s/^/$submenu_indentation/" << EOF |
initrd${sixteenbit} ${rel_dirname}/${initrd} |
EOF |
fi |
fi |
if test -n "${fdt}" ; then |
sed "s/^/$submenu_indentation/" << EOF |
devicetree ${rel_dirname}/${fdt} |
EOF |
fi |
sed "s/^/$submenu_indentation/" << EOF |
} |
EOF |
} |
machine=`uname -m` |
case "x$machine" in |
xi?86 | xx86_64) |
list= |
for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do |
if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi |
done ;; |
*) |
list= |
for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do |
if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi |
done ;; |
esac |
case "$machine" in |
i?86) GENKERNEL_ARCH="x86" ;; |
mips|mips64) GENKERNEL_ARCH="mips" ;; |
mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; |
arm*) GENKERNEL_ARCH="arm" ;; |
*) GENKERNEL_ARCH="$machine" ;; |
esac |
prepare_boot_cache= |
prepare_root_cache= |
boot_device_id= |
title_correction_code= |
# Extra indentation to add to menu entries in a submenu. We're not in a submenu |
# yet, so it's empty. In a submenu it will be equal to '\t' (one tab). |
submenu_indentation="" |
is_top_level=true |
while [ "x$list" != "x" ] ; do |
linux=`version_find_latest $list` |
gettext_printf "Found linux image: %s\n" "$linux" >&2 |
basename=`basename $linux` |
dirname=`dirname $linux` |
rel_dirname=`make_system_path_relative_to_its_root $dirname` |
version=`echo $basename | sed -e "s,^[^0-9]*-,,g"` |
alt_version=`echo $version | sed -e "s,\.old$,,g"` |
linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" |
initrd= |
for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ |
"initrd-${version}" "initramfs-${version}.img" \ |
"initrd.img-${alt_version}" "initrd-${alt_version}.img" \ |
"initrd-${alt_version}" "initramfs-${alt_version}.img" \ |
"initramfs-genkernel-${version}" \ |
"initramfs-genkernel-${alt_version}" \ |
"initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ |
"initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do |
if test -e "${dirname}/${i}" ; then |
initrd="$i" |
break |
fi |
done |
fdt= |
for i in "dtb-${version}" "dtb-${alt_version}"; do |
if test -f "${dirname}/${i}/${GRUB_DEFAULT_DTB}" ; then |
fdt="${i}/${GRUB_DEFAULT_DTB}" |
break |
fi |
done |
config= |
for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do |
if test -e "${i}" ; then |
config="${i}" |
break |
fi |
done |
initramfs= |
if test -n "${config}" ; then |
initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"` |
fi |
if test -n "${initrd}" ; then |
gettext_printf "Found initrd image: %s\n" "${dirname}/${initrd}" >&2 |
elif test -z "${initramfs}" ; then |
# "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's |
# no initrd or builtin initramfs, it can't work here. |
linux_root_device_thisversion=${GRUB_DEVICE} |
fi |
if [ "x${GRUB_DISABLE_SUBMENU}" = "xyes" ] || [ "x${GRUB_DISABLE_SUBMENU}" = "xy" ]; then |
GRUB_DISABLE_SUBMENU="true" |
fi |
if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then |
linux_entry "${OS}" "${version}" simple \ |
"${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" |
submenu_indentation="$grub_tab" |
if [ -z "$boot_device_id" ]; then |
boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" |
fi |
# TRANSLATORS: %s is replaced with an OS name |
echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {" |
is_top_level=false |
fi |
linux_entry "${OS}" "${version}" advanced \ |
"${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" |
if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then |
linux_entry "${OS}" "${version}" recovery \ |
"failsafe ${GRUB_CMDLINE_LINUX}" |
fi |
list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` |
done |
# If at least one kernel was found, then we need to |
# add a closing '}' for the submenu command. |
if [ x"$is_top_level" != xtrue ]; then |
echo '}' |
fi |
echo "$title_correction_code" |
Property changes: |
Added: svn:executable |
+* |
\ No newline at end of property |
/conf/empty-radiusd-db.sql |
---|
0,0 → 1,245 |
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; |
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; |
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; |
/*!40101 SET NAMES utf8 */; |
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; |
/*!40103 SET TIME_ZONE='+00:00' */; |
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; |
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; |
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; |
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; |
-- |
-- Table structure for table `radacct` |
-- |
DROP TABLE IF EXISTS `radacct`; |
/*!40101 SET @saved_cs_client = @@character_set_client */; |
/*!40101 SET character_set_client = utf8 */; |
CREATE TABLE `radacct` ( |
`radacctid` bigint(21) NOT NULL AUTO_INCREMENT, |
`acctsessionid` varchar(32) COLLATE utf8_bin NOT NULL DEFAULT '', |
`acctuniqueid` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`username` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`groupname` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`realm` varchar(64) COLLATE utf8_bin DEFAULT '', |
`nasipaddress` varchar(15) COLLATE utf8_bin NOT NULL DEFAULT '', |
`nasportid` varchar(15) COLLATE utf8_bin DEFAULT NULL, |
`nasporttype` varchar(32) COLLATE utf8_bin DEFAULT NULL, |
`acctstarttime` datetime DEFAULT NULL, |
`acctstoptime` datetime DEFAULT NULL, |
`acctsessiontime` int(12) DEFAULT NULL, |
`acctauthentic` varchar(32) COLLATE utf8_bin DEFAULT NULL, |
`connectinfo_start` varchar(50) COLLATE utf8_bin DEFAULT NULL, |
`connectinfo_stop` varchar(50) COLLATE utf8_bin DEFAULT NULL, |
`acctinputoctets` bigint(20) DEFAULT NULL, |
`acctoutputoctets` bigint(20) DEFAULT NULL, |
`calledstationid` varchar(50) COLLATE utf8_bin NOT NULL DEFAULT '', |
`callingstationid` varchar(50) COLLATE utf8_bin NOT NULL DEFAULT '', |
`acctterminatecause` varchar(32) COLLATE utf8_bin NOT NULL DEFAULT '', |
`servicetype` varchar(32) COLLATE utf8_bin DEFAULT NULL, |
`framedprotocol` varchar(32) COLLATE utf8_bin DEFAULT NULL, |
`framedipaddress` varchar(15) COLLATE utf8_bin NOT NULL DEFAULT '', |
`acctstartdelay` int(12) DEFAULT NULL, |
`acctstopdelay` int(12) DEFAULT NULL, |
`xascendsessionsvrkey` varchar(10) COLLATE utf8_bin DEFAULT NULL, |
PRIMARY KEY (`radacctid`), |
KEY `username` (`username`), |
KEY `framedipaddress` (`framedipaddress`), |
KEY `acctsessionid` (`acctsessionid`), |
KEY `acctsessiontime` (`acctsessiontime`), |
KEY `acctuniqueid` (`acctuniqueid`), |
KEY `acctstarttime` (`acctstarttime`), |
KEY `acctstoptime` (`acctstoptime`), |
KEY `nasipaddress` (`nasipaddress`) |
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; |
/*!40101 SET character_set_client = @saved_cs_client */; |
-- |
-- Table structure for table `radcheck` |
-- |
DROP TABLE IF EXISTS `radcheck`; |
/*!40101 SET @saved_cs_client = @@character_set_client */; |
/*!40101 SET character_set_client = utf8 */; |
CREATE TABLE `radcheck` ( |
`id` int(11) unsigned NOT NULL AUTO_INCREMENT, |
`username` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`attribute` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`op` char(2) COLLATE utf8_bin NOT NULL DEFAULT '==', |
`value` varchar(253) COLLATE utf8_bin NOT NULL DEFAULT '', |
PRIMARY KEY (`id`), |
KEY `username` (`username`(32)) |
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; |
/*!40101 SET character_set_client = @saved_cs_client */; |
-- |
-- Table structure for table `radgroupcheck` |
-- |
DROP TABLE IF EXISTS `radgroupcheck`; |
/*!40101 SET @saved_cs_client = @@character_set_client */; |
/*!40101 SET character_set_client = utf8 */; |
CREATE TABLE `radgroupcheck` ( |
`id` int(11) unsigned NOT NULL AUTO_INCREMENT, |
`groupname` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`attribute` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`op` char(2) COLLATE utf8_bin NOT NULL DEFAULT '==', |
`value` varchar(253) COLLATE utf8_bin NOT NULL DEFAULT '', |
PRIMARY KEY (`id`), |
KEY `groupname` (`groupname`(32)) |
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; |
/*!40101 SET character_set_client = @saved_cs_client */; |
-- |
-- Table structure for table `radgroupreply` |
-- |
DROP TABLE IF EXISTS `radgroupreply`; |
/*!40101 SET @saved_cs_client = @@character_set_client */; |
/*!40101 SET character_set_client = utf8 */; |
CREATE TABLE `radgroupreply` ( |
`id` int(11) unsigned NOT NULL AUTO_INCREMENT, |
`groupname` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`attribute` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`op` char(2) COLLATE utf8_bin NOT NULL DEFAULT '=', |
`value` varchar(253) COLLATE utf8_bin NOT NULL DEFAULT '', |
PRIMARY KEY (`id`), |
KEY `groupname` (`groupname`(32)) |
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; |
/*!40101 SET character_set_client = @saved_cs_client */; |
-- |
-- Table structure for table `radreply` |
-- |
DROP TABLE IF EXISTS `radreply`; |
/*!40101 SET @saved_cs_client = @@character_set_client */; |
/*!40101 SET character_set_client = utf8 */; |
CREATE TABLE `radreply` ( |
`id` int(11) unsigned NOT NULL AUTO_INCREMENT, |
`username` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`attribute` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`op` char(2) COLLATE utf8_bin NOT NULL DEFAULT '=', |
`value` varchar(253) COLLATE utf8_bin NOT NULL DEFAULT '', |
PRIMARY KEY (`id`), |
KEY `username` (`username`(32)) |
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; |
/*!40101 SET character_set_client = @saved_cs_client */; |
-- |
-- Table structure for table `radusergroup` |
-- |
DROP TABLE IF EXISTS `radusergroup`; |
/*!40101 SET @saved_cs_client = @@character_set_client */; |
/*!40101 SET character_set_client = utf8 */; |
CREATE TABLE `radusergroup` ( |
`username` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`groupname` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`priority` int(11) NOT NULL DEFAULT '1', |
KEY `username` (`username`(32)) |
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; |
/*!40101 SET character_set_client = @saved_cs_client */; |
-- |
-- Table structure for table `radpostauth` |
-- |
DROP TABLE IF EXISTS `radpostauth`; |
/*!40101 SET @saved_cs_client = @@character_set_client */; |
/*!40101 SET character_set_client = utf8 */; |
CREATE TABLE `radpostauth` ( |
`id` int(11) NOT NULL AUTO_INCREMENT, |
`username` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`pass` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`reply` varchar(32) COLLATE utf8_bin NOT NULL DEFAULT '', |
`authdate` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, |
PRIMARY KEY (`id`) |
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; |
/*!40101 SET character_set_client = @saved_cs_client */; |
-- |
-- Table structure for table `mtotacct` |
-- |
DROP TABLE IF EXISTS `mtotacct`; |
/*!40101 SET @saved_cs_client = @@character_set_client */; |
/*!40101 SET character_set_client = utf8 */; |
CREATE TABLE `mtotacct` ( |
`mtotacctid` bigint(21) NOT NULL AUTO_INCREMENT, |
`username` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`acctdate` date NOT NULL DEFAULT '0000-00-00', |
`connnum` bigint(12) DEFAULT NULL, |
`conntotduration` bigint(12) DEFAULT NULL, |
`connmaxduration` bigint(12) DEFAULT NULL, |
`connminduration` bigint(12) DEFAULT NULL, |
`inputoctets` bigint(12) DEFAULT NULL, |
`outputoctets` bigint(12) DEFAULT NULL, |
`nasipaddress` varchar(15) COLLATE utf8_bin DEFAULT NULL, |
PRIMARY KEY (`mtotacctid`), |
KEY `username` (`username`), |
KEY `acctdate` (`acctdate`), |
KEY `UserOnDate` (`username`,`acctdate`), |
KEY `nasipaddress` (`nasipaddress`) |
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; |
/*!40101 SET character_set_client = @saved_cs_client */; |
-- |
-- Table structure for table `totacct` |
-- |
DROP TABLE IF EXISTS `totacct`; |
/*!40101 SET @saved_cs_client = @@character_set_client */; |
/*!40101 SET character_set_client = utf8 */; |
CREATE TABLE `totacct` ( |
`totacctid` bigint(21) NOT NULL AUTO_INCREMENT, |
`username` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '', |
`acctdate` date NOT NULL DEFAULT '0000-00-00', |
`connnum` bigint(12) DEFAULT NULL, |
`conntotduration` bigint(12) DEFAULT NULL, |
`connmaxduration` bigint(12) DEFAULT NULL, |
`connminduration` bigint(12) DEFAULT NULL, |
`inputoctets` bigint(12) DEFAULT NULL, |
`outputoctets` bigint(12) DEFAULT NULL, |
`nasipaddress` varchar(15) COLLATE utf8_bin DEFAULT NULL, |
PRIMARY KEY (`totacctid`), |
KEY `username` (`username`), |
KEY `acctdate` (`acctdate`), |
KEY `UserOnDate` (`username`,`acctdate`), |
KEY `nasipaddress` (`nasipaddress`), |
KEY `nasipaddressOnDate` (`acctdate`,`nasipaddress`) |
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; |
/*!40101 SET character_set_client = @saved_cs_client */; |
-- |
-- Table structure for table `userinfo` |
-- |
DROP TABLE IF EXISTS `userinfo`; |
/*!40101 SET @saved_cs_client = @@character_set_client */; |
/*!40101 SET character_set_client = utf8 */; |
CREATE TABLE `userinfo` ( |
`id` int(10) NOT NULL AUTO_INCREMENT, |
`username` varchar(64) COLLATE utf8_bin DEFAULT NULL, |
`name` varchar(200) COLLATE utf8_bin DEFAULT NULL, |
`mail` varchar(200) COLLATE utf8_bin DEFAULT NULL, |
`department` varchar(200) COLLATE utf8_bin DEFAULT NULL, |
`workphone` varchar(200) COLLATE utf8_bin DEFAULT NULL, |
`homephone` varchar(200) COLLATE utf8_bin DEFAULT NULL, |
`mobile` varchar(200) COLLATE utf8_bin DEFAULT NULL, |
PRIMARY KEY (`id`), |
KEY `username` (`username`), |
KEY `department` (`department`) |
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin; |
/*!40101 SET character_set_client = @saved_cs_client */; |
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; |
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */; |
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; |
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; |
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; |
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; |
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; |
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; |
/conf/ulogd-sample.conf |
---|
0,0 → 1,41 |
# Example of a simple configuration for ulogd with ALCASAR |
[global] |
###################################################################### |
# GLOBAL OPTIONS |
###################################################################### |
user="ulogd" |
group="ulogd" |
# logfile for status messages |
logfile="/var/log/ulogd/ulogd.log" |
# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5) |
#loglevel=8 |
###################################################################### |
# PLUGIN OPTIONS |
###################################################################### |
# We have to configure and load only the plugins we want to use |
# general rules: |
# 1. load the plugins _first_ from the global section |
# 2. options for each plugin in seperate section below |
plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so" |
plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so" |
plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so" |
plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so" |
plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so" |
plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so" |
plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" |
# this is a stack for ULOG packet-based logging via LOGEMU |
stack=log1:NFLOG,base1:BASE,ifil:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU |
[log1] |
group=CHANGEVALUE |