/VERSION |
---|
1,0 → 0,0 |
2.7.1 |
2.7 |
/conf/nfsen/nfsen.conf |
---|
0,0 → 1,301 |
############################## |
# |
# NfSen master config file |
# |
# $Id: nfsen-dist.conf 22 2007-11-20 12:27:38Z phaag $ |
# |
# Configuration of NfSen: |
# Set all the values to fit your NfSen setup and run the 'install.pl' |
# script from the nfsen distribution directory. |
# |
# The syntax must conform to Perl syntax. |
# |
############################## |
# |
# NfSen default layout: |
# Any scripts, modules or profiles are installed by default under $BASEDIR. |
# However, you may change any of these settings to fit your requested layout. |
# |
# Required for default layout |
$BASEDIR = "/usr"; |
# |
# Where to install the NfSen binaries |
$BINDIR="${BASEDIR}/bin"; |
# |
# Where to install the NfSen Perl modules |
$LIBEXECDIR="${BASEDIR}/libexec"; |
# |
# Where to install the config files |
$CONFDIR="${BASEDIR}/etc"; |
# |
# NfSen html pages directory: |
# All php scripts will be installed here. |
# URL: Entry point for nfsen: http://<webserver>/nfsen/nfsen.php |
$HTMLDIR = "/var/www/nfsen"; |
# |
# Where to install the docs |
$DOCDIR="${HTMLDIR}/doc"; |
# |
# Var space for NfSen |
$VARDIR="/var/"; |
# directory for all pid files |
$PIDDIR="$VARDIR/run"; |
# |
# Filter directory |
$FILTERDIR="$VARDIR/filters"; |
# |
# FORMATDIR for custom printing formats |
$FORMATDIR="$VARDIR/fmt"; |
# |
# |
# The Profiles stat directory, where all profile information |
# RRD DBs and png pictures of the profile are stored |
$PROFILESTATDIR="$VARDIR/log/nfsen/profiles-stat"; |
# |
# The Profiles directory, where all netflow data is stored |
$PROFILEDATADIR="$VARDIR/log/nfsen/profiles-data"; |
# |
# Where go all the backend plugins |
$BACKEND_PLUGINDIR="${BASEDIR}/share/nfsen/plugins"; |
# |
# Where go all the frontend plugins |
$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins"; |
# |
# nfdump tools path |
$PREFIX = '/usr/bin'; |
# |
# nfsend communication socket |
# $COMMSOCKET = "$PIDDIR/nfsen.comm"; |
# BASEDIR unrelated vars: |
# |
# Run nfcapd as this user |
# This may be a different or the same uid than your web server. |
# Note: This user must be in group $WWWGROUP, otherwise nfcapd |
# is not able to write data files! |
$USER = "apache"; |
# user and group of the web server process |
# All netflow processing will be done with this user |
$WWWUSER = "apache"; |
$WWWGROUP = "apache"; |
# Receive buffer size for nfcapd - see man page nfcapd(1) |
$BUFFLEN = 200000; |
# list of extensions for each collector. See argument -T |
# for nfcapd(1) for more detailes. |
# defaults to empty -> compatible to nfdump-1.5.8 |
# $EXTENSIONS = ''; |
# Example: |
# $EXTENSIONS = 'all'; |
# $EXTENSIONS = '+3,+4'; |
# |
# Directory sub hierarchy layout: |
# Possible layouts: |
# |
# 0 default no hierachy levels - flat layout - compatible with pre NfSen versions |
# 1 %Y/%m/%d year/month/day |
# 2 %Y/%m/%d/%H year/month/day/hour |
# 3 %Y/%W/%u year/week_of_year/day_of_week |
# 4 %Y/%W/%u/%H year/week_of_year/day_of_week/hour |
# 5 %Y/%j year/day-of-year |
# 6 %Y/%j/%H year/day-of-year/hour |
# 7 %Y-%m-%d year-month-day |
# 8 %Y-%m-%d/%H year-month-day/hour |
$SUBDIRLAYOUT = 7; |
# Compress flows while collecting 0 or 1 |
$ZIPcollected = 1; |
# Compress flows in profiles 0 or 1 |
$ZIPprofiles = 1; |
# Interrupt expire -- not yet enabled as not yet fully tested |
#$InterruptExpire = 0; |
# number of nfprofile processes to spawn during the profiling phase |
# depends on how busy your system is and how many CPUs you have |
# on very busy systems increase it to a higher value |
$PROFILERS = 2; |
# if the PROFILEDATADIR is filled up to this percentage, a warning message will be printed. |
# set to 0 to disable the test |
$DISKLIMIT = 98; |
# number of nfprofile processes to spawn during the profiling phase |
$PROFILERS = 6; |
# Netflow sources |
# Define an ident string, port and colour per netflow source |
# |
# Required parameters: |
# ident identifies this netflow source. e.g. the router name, |
# Upstream provider name etc. |
# port nfcapd listens on this port for netflow data for this source |
# set port to '0' if you do not want a collector to be started |
# col colour in nfsen graphs for this source |
# |
# Optional parameters |
# type Collector type needed for this source. Can be 'netflow' or 'sflow'. Default is netflow |
# optarg Optional args to the collector at startup |
# |
# Syntax: |
# 'ident' => { 'port' => '<portnum>', 'col' => '<colour>', 'type' => '<type>' } |
# Ident strings must be 1 to 19 characters long only, containing characters [a-zA-Z0-9_]. |
%sources = ( |
'ipt_netflow' => { 'port' => '2055', 'col' => '#0000ff', 'type' => 'netflow' }, |
); |
# |
# Low water mark: When expiring files, delete files until |
# size = $low_water % of max_size |
# typically 90 |
$low_water = 90; |
# |
# syslog facility for periodic jobs |
# nfsen uses level 'debug', 'info', 'warning' and 'err' |
# Note: nfsen is very chatty for level 'debug' and 'info' |
# For normal operation, you may set the logging level in syslog.conf |
# to warning or error unless you want to debug NfSen |
$syslog_facility = 'local3'; |
# |
# SYSLOG mess |
# Log socket type: Most *NIX such as LINUX and *BSD are fine with 'unix' |
# which is the default. You need to change that to 'stream' or 'inet' for |
# some Solaris version 8/9, AIX and others .. |
# You may set it to undef to prevent calling Sys::Syslog::setlogsock at all |
# ( works for Solaris 10 and newer Sys::Syslog module |
# |
# If not defined at all, 'unix' is assumed unless for Solaris, which defaults to 'stream' |
# $LogSocket = 'unix'; |
# |
# Plugins |
# Plugins extend NfSen for the purpose of: |
# Periodic data processing, alerting-condition and alerting-action |
# For data processing a plugin may run for any profile or for a specific profile only. |
# Syntax: [ 'profile list', 'module' ] |
# profile list: ',' separated list of profiles ( 'profilegroup/profilename' ), |
# or '*' for any profile, '!' for no profile |
# module: Perl Module name, equal to plugin name |
# The profile list '!' make sense for plugins, which only provide alerting functions |
# |
# The module follows the standard Perl module conventions, with at least one |
# function: Init(). See demoplugin.pm for a simple template. |
# |
# A file with the same name in the FRONTEND_PLUGINDIR and .php extension is automatically |
# recongized as frontend plugin. |
# |
# Plugins are installed under |
# $BACKEND_PLUGINDIR and $FRONTEND_PLUGINDIR |
@plugins = ( |
# profile # module |
[ 'ALCASAR','PortTracker' ], |
); |
%PluginConf = ( |
# For plugin demoplugin |
demoplugin => { |
# scalar |
param2 => 42, |
# hash |
param1 => { 'key' => 'value' }, |
}, |
# for plugin otherplugin |
otherplugin => [ |
# array |
'mary had a little lamb' |
], |
); |
# |
# Alert module: email alerting: |
# Use this from address |
$MAIL_FROM = 'your@from.example.net'; |
# Use this SMTP server |
$SMTP_SERVER = 'localhost'; |
# Use this email body: |
# You may have multiple lines of text. |
# Var substitution: |
# @alert@ replaced by alert name |
# @timeslot@ replaced by timeslot alert triggered |
$MAIL_BODY = q{ |
Alert '@alert@' triggered at timeslot @timeslot@ |
}; |
###################################################### |
# |
# For the NfSen simulator include the section below. |
# |
###################################################### |
# |
# Nfsen Simulator |
# The simulator requires, that you have already installed |
# and configured NfSen. The simulation is based on already |
# pre-colleted data, which you may get from another live |
# NfSen system. |
# |
# Steps to setup the NfSen simulator: |
# 1. Configure the sources of the live profile with the |
# same names of the NfSen system, you take netflow data |
# for the simulation. Set the port for each netflow source |
# to 0 to prevent a collector to be started. |
# Install NfSen with this config in a seperate directory |
# 2. Copy the pre-collected data into the appropriate |
# netflow directory of the live profile. |
# 3. Configure the simulator using the parameters below |
# Enable Simulation mode => $SIMmode = 1 |
# Configure the time window of the pre-collected data. |
# tstart => Start of time window. yyyymmddhhmm |
# tbegin => Optional parameter. Start of simulation |
# profile exists already between tstart - tbegin |
# tend => End of time window. yyyymmddhhmm |
# cycletime => simulation time in seconds of a 5min slot |
# Setting cycletime = 0 processes the cycles as fast as |
# possible. Please note, if you test plugings, your |
# cycletime needs to be at least the time required to |
# process all plugins. |
# 4. Start nfsen: ../nfsen start |
# Simulation starts |
# |
# The simulator runs from tstart to tend and stops when tend |
# is reached. You may stop the simulation at any given time |
# using ./nfsen stop. To continue the simulation start NfSen |
# again: ./nfsen start. You may reset the simulator at any |
# given time using ./nfsen abort-reset. This stops the sumulation |
# and rolls back to tstart. All profiles/alerts are deleted, |
# so you may start from scratch again. |
# |
# Configure simulator parameters |
# |
# $SIMmode = 1; |
# %sim = ( |
# 'tstart' => '200707100000', # Simulation data available from July 10th 2007 00:00 |
# 'tbegin' => '200707110000', # Simulation begins at July 11th 2007 00:00 |
# 'tend' => '200707112355', # Simulation ends at July 11th 2007 23:55 |
# 'cycletime' => '30', # 30s per 5min slot |
# ); |
1; |
/conf/nfsen/nfsen-1.3.6p1.tar.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/conf/nfsen/nfsen-init~ |
---|
0,0 → 1,35 |
#!/bin/sh |
# |
# chkconfig: 345 90 10 |
# |
# Init script launching the nfsen service at the startup. |
. /etc/init.d/functions |
# Include nfcapd defaults if available |
if [ -f /etc/sysconfig/nfsen ] ; then |
. /etc/sysconfig/nfsen |
fi |
case "$1" in |
start) |
/usr/bin/nfsen start |
;; |
stop) |
/usr/bin/nfsen stop |
;; |
restart) |
/usr/bin/nfsen restart |
;; |
status) |
/usr/bin/nfsen status |
exit 4 |
;; |
*) |
gprintf "Usage: %s {start|stop|status|restart}\n" "$N" |
;; |
esac |
exit 0 |
/conf/nfsen/nfsen-init |
---|
0,0 → 1,42 |
#!/bin/sh |
# |
# chkconfig: 345 90 10 |
# description : Init script launching the nfsen service at the startup. |
### BEGIN INIT INFO |
# Provides: nfsen |
# Should-Start: ntp |
# Should-Stop: |
# Default-Start: 3 4 5 |
# Description: Init script launching the nfsen service at the startup. |
### END INIT INFO |
. /etc/init.d/functions |
# Include nfcapd defaults if available |
if [ -f /etc/sysconfig/nfsen ] ; then |
. /etc/sysconfig/nfsen |
fi |
case "$1" in |
start) |
/usr/bin/nfsen start |
;; |
stop) |
/usr/bin/nfsen stop |
;; |
restart) |
/usr/bin/nfsen restart |
;; |
status) |
/usr/bin/nfsen status |
exit 4 |
;; |
*) |
gprintf "Usage: %s {start|stop|status|restart}\n" "$N" |
;; |
esac |
exit 0 |
/conf/nfsen/PortTracker.pm |
---|
0,0 → 1,322 |
#!/usr/bin/perl |
# |
# Copyright (c) 2004, SWITCH - Teleinformatikdienste fuer Lehre und Forschung |
# All rights reserved. |
# |
# Redistribution and use in source and binary forms, with or without |
# modification, are permitted provided that the following conditions are met: |
# |
# * Redistributions of source code must retain the above copyright notice, |
# this list of conditions and the following disclaimer. |
# * Redistributions in binary form must reproduce the above copyright notice, |
# this list of conditions and the following disclaimer in the documentation |
# and/or other materials provided with the distribution. |
# * Neither the name of SWITCH nor the names of its contributors may be |
# used to endorse or promote products derived from this software without |
# specific prior written permission. |
# |
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE |
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
# POSSIBILITY OF SUCH DAMAGE. |
# |
# $Author: peter $ |
# |
# $Id: PortTracker.pm 27 2011-12-29 12:53:29Z peter $ |
# |
# $LastChangedRevision: 27 $ |
# Demo plugin for NfSen |
# |
# This plugin demonstrates the use of plugins |
package PortTracker; |
use strict; |
use NfSen; |
use NfConf; |
# |
# The plugin may send any messages to syslog |
# Do not initialize syslog, as this is done by |
# the main process nfsen-run |
use Sys::Syslog; |
our $VERSION = 130; |
our %cmd_lookup = ( |
'get-portgraph' => \&GetPortGraph, |
'get-topN' => \&GetTopN, |
); |
my ( $nftrack, $PROFILEDATADIR ); |
my $PORTSDBDIR = "/var/log/netflow/porttracker"; |
my $EODATA = ".\n"; |
# colours used in graphs |
# if more than 12 graphs are drawn ( does this really make sense ? ) |
# the same colours are used again |
my @colour = ( |
'#ff0000', '#ff8000', '#ffff00', '#80ff00', '#00ff00', |
'#00ff80', '#00ffff', '#0080ff', '#0000ff', '#8000ff', |
'#ff00ff', '#ff0080' |
); |
sub GetTopN { |
my $socket = shift; |
my $opts = shift; |
my $interval; |
if ( !exists $$opts{'interval'} ) { |
$interval = 1; |
} else { |
$interval = $$opts{'interval'}; |
} |
print $socket ".Get topN ports\n"; |
my $statfile = $interval == 24 ? 'portstat24.txt' : 'portstat.txt'; |
print $socket ".topN ports $PORTSDBDIR/$statfile\n"; |
if ( !open STAT, "$PORTSDBDIR/$statfile" ) { |
print $socket $EODATA; |
print $socket "ERR Open statfile '$PORTSDBDIR/$statfile': $!\n"; |
return; |
} |
print $socket ".topN read ports\n"; |
while ( <STAT> ) { |
chomp; |
print $socket "_topN=$_\n"; |
} |
print $socket $EODATA; |
print $socket "OK Command completed\n", |
} # End of GetPortGraph |
sub GetPortGraph { |
my $socket = shift; |
my $opts = shift; |
# get all arguments: |
# Example: |
# proto typw logscale light tstart tend topN track_list |
# tcp flows 0 0 1116495000 1116581400 '22 445 135 1433' '80 143' |
if ( !exists $$opts{'arg'} ) { |
print $socket $EODATA; |
print $socket "ERR Missing Arguments.\n"; |
} |
my $ARGS = $$opts{'arg'}; |
my $proto = shift @$ARGS; # 'tcp' or 'udp' |
my $type = shift @$ARGS; # 'flows', 'packets' or 'bytes' |
my $logscale = shift @$ARGS; # 0 or 1 |
my $stacked = shift @$ARGS; # 0 or 1 |
my $light = shift @$ARGS; # 0 or 1 |
my $tstart = shift @$ARGS; # start time - UNIX format |
my $tend = shift @$ARGS; # end time - UNIX format |
my $topN = shift @$ARGS; # TopN port list: string: ' ' separated port list |
my $track_list = shift @$ARGS; # Static track port list: string: ' ' separated port list |
my $skip_list = shift @$ARGS; # Static skip port list: string: ' ' separated port list |
if ( !defined $proto || !defined $type || !defined $logscale || !defined $stacked || |
!defined $light || !defined $tstart || !defined $tend || !defined $topN || |
!defined $track_list || !defined $skip_list ) { |
print $socket $EODATA; |
print $socket "ERR Argument Error.\n"; |
return; |
} |
my @skipPorts = split '-', $skip_list; |
my @topN = split '-', $topN; |
my @track_list = split '-', $track_list; |
# remove the common ports in both lists from the dynamic topN list |
my %_tmp; |
@_tmp{@track_list} = @track_list; |
delete @_tmp{@topN}; |
@track_list = sort keys %_tmp; |
# %_tmp = (); |
# @_tmp{@topN} = @topN; |
# delete @_tmp{@skipPorts}; |
# @topN = keys %_tmp; |
%_tmp = (); |
my @_tmp; |
@_tmp{@skipPorts} = @skipPorts; |
foreach my $port ( @topN ) { |
push @_tmp, $port unless exists $_tmp{$port}; |
} |
@topN = @_tmp; |
my $datestr = scalar localtime($tstart) . " - " . scalar localtime($tend); |
my $title = uc($proto) . " " . ucfirst($type); |
my @DEFS = (); |
# Compile rrd args |
my @rrdargs = (); |
push @rrdargs, "-"; # output graphics to stdout |
foreach my $port ( @topN, @track_list ) { |
# assemble filename |
my $fileident = $port >> 10; |
my $rrdfile = "$PORTSDBDIR/${proto}-${type}-$fileident.rrd"; |
# which ident in this rrd file |
my $ident = $port & 1023; # 0x0000001111111111 mask |
push @rrdargs, "DEF:Port${port}=$rrdfile:p${ident}:AVERAGE"; |
} |
push @rrdargs, "--start", "$tstart"; |
push @rrdargs, "--end", "$tend"; |
push @rrdargs, "--title", "$datestr - $title" unless $light; |
push @rrdargs, "--vertical-label", "$title" unless $light; |
# lin or log graph? |
push @rrdargs, "--logarithmic" if $logscale; |
if ( $light ) { |
push @rrdargs, "-w"; |
push @rrdargs, "288"; |
push @rrdargs, "-h"; |
push @rrdargs, "150"; |
push @rrdargs, "--no-legend"; # no legend in small pictures |
} else { |
push @rrdargs, "-w"; |
push @rrdargs, "576"; |
push @rrdargs, "-h"; |
push @rrdargs, "300"; |
} |
my $i=0; |
my $area_set = 0; |
my $n = scalar @topN; |
push @rrdargs, "COMMENT:Top $n Ports\\n"; |
if ( $stacked && scalar @topN ) { |
my $port = shift @topN; |
push @rrdargs, "AREA:Port${port}$colour[$i]:Port ${port}"; |
$i++; |
$area_set = 1; |
foreach my $port ( @topN ) { |
push @rrdargs, "STACK:Port${port}$colour[$i]:Port ${port}"; |
$i++; |
} |
} else { |
foreach my $port ( @topN ) { |
push @rrdargs, "LINE1:Port${port}$colour[$i]:Port ${port}"; |
$i++; |
} |
} |
if ( scalar @track_list) { |
push @rrdargs, "COMMENT:\\n"; |
push @rrdargs, "COMMENT:\\n"; |
push @rrdargs, "COMMENT:Tracked Ports\\n"; |
} |
if ( $stacked && scalar @track_list) { |
if ( !$area_set ) { |
my $port = shift @track_list; |
push @rrdargs, "AREA:Port${port}$colour[$i]:Port ${port}"; |
$i++; |
} |
foreach my $port ( @track_list ) { |
push @rrdargs, "STACK:Port${port}$colour[$i]:Port ${port}"; |
$i++; |
} |
} else { |
foreach my $port ( @track_list ) { |
push @rrdargs, "LINE2:Port${port}$colour[$i]:Port ${port}"; |
$i++; |
} |
} |
if ( scalar @skipPorts) { |
push @rrdargs, "COMMENT:\\n"; |
push @rrdargs, "COMMENT:\\n"; |
my $portlist = join ',', @skipPorts; |
push @rrdargs, "COMMENT:Skipped Ports $portlist\\n"; |
} |
my ($averages,$xsize,$ysize) = RRDs::graph( @rrdargs ); |
if (my $ERROR = RRDs::error) { |
print "ERROR: $ERROR\n"; |
} |
} # End of GenPortGraph |
sub nftrack_execute { |
my $command = shift; |
syslog('debug', $command); |
my $ret = system($command); |
if ( $ret == - 1 ) { |
syslog('err', "Failed to execute nftrack: $!\n"); |
} elsif ($ret & 127) { |
syslog('err', "nftrack died with signal %d, %s coredump\n", ($ret & 127), ($ret & 128) ? 'with' : 'without'); |
} else { |
syslog('debug', "nftrack exited with value %d\n", $ret >> 8); |
} |
} # End of nftrack_execute |
# |
# Periodic function |
# input: hash reference including the items: |
# 'profile' profile name |
# 'profilegroup' profile group |
# 'timeslot' time of slot to process: Format yyyymmddHHMM e.g. 200503031200 |
sub run { |
my $argref = shift; |
my $profile = $$argref{'profile'}; |
my $profilegroup = $$argref{'profilegroup'}; |
my $timeslot = $$argref{'timeslot'}; |
syslog('debug', "PortTracker run: Profile: $profile, Time: $timeslot"); |
my %profileinfo = NfProfile::ReadProfile($profile); |
my $netflow_sources = "$PROFILEDATADIR/$profile/$profileinfo{'sourcelist'}"; |
# |
# process all sources of this profile at once |
my $command = "$nftrack -L $NfConf::syslog_facility -M $netflow_sources -r nfcapd.$timeslot -d $PORTSDBDIR -A -t $timeslot -s -p -w $PORTSDBDIR/portstat.txt"; |
nftrack_execute($command); |
$command = "$nftrack -d $PORTSDBDIR -S -p -w $PORTSDBDIR/portstat24.txt"; |
nftrack_execute($command); |
# |
# Process the output and notify the duty team |
syslog('debug', "PortTracker run: Done."); |
} # End of run |
sub Init { |
syslog("info", "PortTracker: Init"); |
# Init some vars |
$nftrack = "$NfConf::PREFIX/nftrack"; |
$PROFILEDATADIR = "$NfConf::PROFILEDATADIR"; |
return 1; |
} |
sub Cleanup { |
syslog("info", "PortTracker Cleanup"); |
# not used here |
} |
1; |
/conf/nfsen/nfsen.conf~ |
---|
0,0 → 1,301 |
############################## |
# |
# NfSen master config file |
# |
# $Id: nfsen-dist.conf 22 2007-11-20 12:27:38Z phaag $ |
# |
# Configuration of NfSen: |
# Set all the values to fit your NfSen setup and run the 'install.pl' |
# script from the nfsen distribution directory. |
# |
# The syntax must conform to Perl syntax. |
# |
############################## |
# |
# NfSen default layout: |
# Any scripts, modules or profiles are installed by default under $BASEDIR. |
# However, you may change any of these settings to fit your requested layout. |
# |
# Required for default layout |
$BASEDIR = "/usr"; |
# |
# Where to install the NfSen binaries |
$BINDIR="${BASEDIR}/bin"; |
# |
# Where to install the NfSen Perl modules |
$LIBEXECDIR="${BASEDIR}/libexec"; |
# |
# Where to install the config files |
$CONFDIR="${BASEDIR}/etc"; |
# |
# NfSen html pages directory: |
# All php scripts will be installed here. |
# URL: Entry point for nfsen: http://<webserver>/nfsen/nfsen.php |
$HTMLDIR = "/var/www/nfsen"; |
# |
# Where to install the docs |
$DOCDIR="${HTMLDIR}/doc"; |
# |
# Var space for NfSen |
$VARDIR="/var/"; |
# directory for all pid files |
$PIDDIR="$VARDIR/run"; |
# |
# Filter directory |
$FILTERDIR="$VARDIR/filters"; |
# |
# FORMATDIR for custom printing formats |
$FORMATDIR="$VARDIR/fmt"; |
# |
# |
# The Profiles stat directory, where all profile information |
# RRD DBs and png pictures of the profile are stored |
$PROFILESTATDIR="$VARDIR/log/nfsen/profiles-stat"; |
# |
# The Profiles directory, where all netflow data is stored |
$PROFILEDATADIR="$VARDIR/log/nfsen/profiles-data"; |
# |
# Where go all the backend plugins |
$BACKEND_PLUGINDIR="${BASEDIR}/share/nfsen/plugins"; |
# |
# Where go all the frontend plugins |
$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins"; |
# |
# nfdump tools path |
$PREFIX = '/usr/bin'; |
# |
# nfsend communication socket |
# $COMMSOCKET = "$PIDDIR/nfsen.comm"; |
# BASEDIR unrelated vars: |
# |
# Run nfcapd as this user |
# This may be a different or the same uid than your web server. |
# Note: This user must be in group $WWWGROUP, otherwise nfcapd |
# is not able to write data files! |
$USER = "apache"; |
# user and group of the web server process |
# All netflow processing will be done with this user |
$WWWUSER = "apache"; |
$WWWGROUP = "apache"; |
# Receive buffer size for nfcapd - see man page nfcapd(1) |
$BUFFLEN = 200000; |
# list of extensions for each collector. See argument -T |
# for nfcapd(1) for more detailes. |
# defaults to empty -> compatible to nfdump-1.5.8 |
# $EXTENSIONS = ''; |
# Example: |
# $EXTENSIONS = 'all'; |
# $EXTENSIONS = '+3,+4'; |
# |
# Directory sub hierarchy layout: |
# Possible layouts: |
# |
# 0 default no hierachy levels - flat layout - compatible with pre NfSen versions |
# 1 %Y/%m/%d year/month/day |
# 2 %Y/%m/%d/%H year/month/day/hour |
# 3 %Y/%W/%u year/week_of_year/day_of_week |
# 4 %Y/%W/%u/%H year/week_of_year/day_of_week/hour |
# 5 %Y/%j year/day-of-year |
# 6 %Y/%j/%H year/day-of-year/hour |
# 7 %Y-%m-%d year-month-day |
# 8 %Y-%m-%d/%H year-month-day/hour |
$SUBDIRLAYOUT = 7; |
# Compress flows while collecting 0 or 1 |
$ZIPcollected = 1; |
# Compress flows in profiles 0 or 1 |
$ZIPprofiles = 1; |
# Interrupt expire -- not yet enabled as not yet fully tested |
#$InterruptExpire = 0; |
# number of nfprofile processes to spawn during the profiling phase |
# depends on how busy your system is and how many CPUs you have |
# on very busy systems increase it to a higher value |
$PROFILERS = 2; |
# if the PROFILEDATADIR is filled up to this percentage, a warning message will be printed. |
# set to 0 to disable the test |
$DISKLIMIT = 98; |
# number of nfprofile processes to spawn during the profiling phase |
$PROFILERS = 6; |
# Netflow sources |
# Define an ident string, port and colour per netflow source |
# |
# Required parameters: |
# ident identifies this netflow source. e.g. the router name, |
# Upstream provider name etc. |
# port nfcapd listens on this port for netflow data for this source |
# set port to '0' if you do not want a collector to be started |
# col colour in nfsen graphs for this source |
# |
# Optional parameters |
# type Collector type needed for this source. Can be 'netflow' or 'sflow'. Default is netflow |
# optarg Optional args to the collector at startup |
# |
# Syntax: |
# 'ident' => { 'port' => '<portnum>', 'col' => '<colour>', 'type' => '<type>' } |
# Ident strings must be 1 to 19 characters long only, containing characters [a-zA-Z0-9_]. |
%sources = ( |
'ipt_netflow' => { 'port' => '2055', 'col' => '#0000ff', 'type' => 'netflow' }, |
); |
# |
# Low water mark: When expiring files, delete files until |
# size = $low_water % of max_size |
# typically 90 |
$low_water = 90; |
# |
# syslog facility for periodic jobs |
# nfsen uses level 'debug', 'info', 'warning' and 'err' |
# Note: nfsen is very chatty for level 'debug' and 'info' |
# For normal operation, you may set the logging level in syslog.conf |
# to warning or error unless you want to debug NfSen |
$syslog_facility = 'local3'; |
# |
# SYSLOG mess |
# Log socket type: Most *NIX such as LINUX and *BSD are fine with 'unix' |
# which is the default. You need to change that to 'stream' or 'inet' for |
# some Solaris version 8/9, AIX and others .. |
# You may set it to undef to prevent calling Sys::Syslog::setlogsock at all |
# ( works for Solaris 10 and newer Sys::Syslog module |
# |
# If not defined at all, 'unix' is assumed unless for Solaris, which defaults to 'stream' |
# $LogSocket = 'unix'; |
# |
# Plugins |
# Plugins extend NfSen for the purpose of: |
# Periodic data processing, alerting-condition and alerting-action |
# For data processing a plugin may run for any profile or for a specific profile only. |
# Syntax: [ 'profile list', 'module' ] |
# profile list: ',' separated list of profiles ( 'profilegroup/profilename' ), |
# or '*' for any profile, '!' for no profile |
# module: Perl Module name, equal to plugin name |
# The profile list '!' make sense for plugins, which only provide alerting functions |
# |
# The module follows the standard Perl module conventions, with at least one |
# function: Init(). See demoplugin.pm for a simple template. |
# |
# A file with the same name in the FRONTEND_PLUGINDIR and .php extension is automatically |
# recongized as frontend plugin. |
# |
# Plugins are installed under |
# $BACKEND_PLUGINDIR and $FRONTEND_PLUGINDIR |
@plugins = ( |
# profile # module |
[ 'live','PortTracker' ], |
); |
%PluginConf = ( |
# For plugin demoplugin |
demoplugin => { |
# scalar |
param2 => 42, |
# hash |
param1 => { 'key' => 'value' }, |
}, |
# for plugin otherplugin |
otherplugin => [ |
# array |
'mary had a little lamb' |
], |
); |
# |
# Alert module: email alerting: |
# Use this from address |
$MAIL_FROM = 'your@from.example.net'; |
# Use this SMTP server |
$SMTP_SERVER = 'localhost'; |
# Use this email body: |
# You may have multiple lines of text. |
# Var substitution: |
# @alert@ replaced by alert name |
# @timeslot@ replaced by timeslot alert triggered |
$MAIL_BODY = q{ |
Alert '@alert@' triggered at timeslot @timeslot@ |
}; |
###################################################### |
# |
# For the NfSen simulator include the section below. |
# |
###################################################### |
# |
# Nfsen Simulator |
# The simulator requires, that you have already installed |
# and configured NfSen. The simulation is based on already |
# pre-colleted data, which you may get from another live |
# NfSen system. |
# |
# Steps to setup the NfSen simulator: |
# 1. Configure the sources of the live profile with the |
# same names of the NfSen system, you take netflow data |
# for the simulation. Set the port for each netflow source |
# to 0 to prevent a collector to be started. |
# Install NfSen with this config in a seperate directory |
# 2. Copy the pre-collected data into the appropriate |
# netflow directory of the live profile. |
# 3. Configure the simulator using the parameters below |
# Enable Simulation mode => $SIMmode = 1 |
# Configure the time window of the pre-collected data. |
# tstart => Start of time window. yyyymmddhhmm |
# tbegin => Optional parameter. Start of simulation |
# profile exists already between tstart - tbegin |
# tend => End of time window. yyyymmddhhmm |
# cycletime => simulation time in seconds of a 5min slot |
# Setting cycletime = 0 processes the cycles as fast as |
# possible. Please note, if you test plugings, your |
# cycletime needs to be at least the time required to |
# process all plugins. |
# 4. Start nfsen: ../nfsen start |
# Simulation starts |
# |
# The simulator runs from tstart to tend and stops when tend |
# is reached. You may stop the simulation at any given time |
# using ./nfsen stop. To continue the simulation start NfSen |
# again: ./nfsen start. You may reset the simulator at any |
# given time using ./nfsen abort-reset. This stops the sumulation |
# and rolls back to tstart. All profiles/alerts are deleted, |
# so you may start from scratch again. |
# |
# Configure simulator parameters |
# |
# $SIMmode = 1; |
# %sim = ( |
# 'tstart' => '200707100000', # Simulation data available from July 10th 2007 00:00 |
# 'tbegin' => '200707110000', # Simulation begins at July 11th 2007 00:00 |
# 'tend' => '200707112355', # Simulation ends at July 11th 2007 23:55 |
# 'cycletime' => '30', # 30s per 5min slot |
# ); |
1; |
/CHANGELOG |
---|
1,17 → 1,8 |
# $Id$ |
************ CHANGELOG *********** |
---------------------- 2.7.1 ----------------- |
BUGs |
- Fix multi-users voucher |
- Fix a mageia2 bug in network function |
NEWS |
- Add 2 examples of "uamalowed and uamdomain" files with several microsoft update domains |
- Show the blacklist category in "Acces denied" page |
- Watchdog : don't disconnect MAC auth equipments even if they can't be reached (arping) |
---------------------- 2.7 ----------------- |
BUGs |
- some corrections in the connection popup |
BUGs - some corrections in the connection popup |
- test if categories enabled of the BL are effectively in the BL (need after an update of the BL) |
NEWS |
- Installation with Mageia2 |
36,7 → 27,7 |
- show the GPL |
---------------------- 2.6.0.1 ----------------- |
Bugs |
- the deleted library fpdf has been restored |
- the deleted library fpdf has been restored |
- the mysqld and radiusd services are restarted when ALCASAR is launched |
---------------------- 2.6 -------------------- |
Bugs |
/scripts/alcasar-watchdog.sh |
---|
4,6 → 4,7 |
# alcasar-watchdog.sh |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet |
# il déconnecte les usagers dont |
# - les équipements réseau ne répondent plus |
11,7 → 12,7 |
# This script tells users that Internet access is down |
# it logs out users whose |
# - PCs are quiet |
# - MAC address is used by other systems (usurped) |
# - MAC address are in used by other systems (usurped) |
EXTIF="eth0" |
INTIF="eth1" |
18,8 → 19,7 |
conf_file="/usr/local/etc/alcasar.conf" |
private_ip_mask=`grep PRIVATE_IP= $conf_file|cut -d"=" -f2` |
private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
PRIVATE_IP=`echo "$private_ip_mask" |cut -d"/" -f1` # @ip du portail (côté LAN) |
PRIVATE_IP=${PRIVATE_IP:=192.168.182.1} |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
tmp_file="/tmp/watchdog.txt" |
DIR_WEB="/var/www/html" |
Index_Page="$DIR_WEB/index.php" |
27,7 → 27,7 |
IFS=$'\n' |
function lan_down_alert () |
# users are redirected on ALCASAR IP address if a LAN problem is detected |
# users are redirected on ALCASAR IP address if LAN Pb detected |
{ |
case $LAN_DOWN in |
"1") |
42,7 → 42,7 |
;; |
esac |
net_pb=`cat /etc/dnsmasq.conf|grep "address=/#/"|wc -l` |
if [ $net_pb = "0" ] # user alert |
if [ $net_pb = "0" ] # on alerte les usagers (si ce n'est pas déjà le cas). |
then |
/bin/sed -i "s?^\$network_pb.*?\$network_pb = True;?g" $Index_Page |
/bin/sed -i "s?^conf-dir=.*?address=\/#\/$PRIVATE_IP?g" /etc/dnsmasq-blackhole.conf |
123,7 → 123,7 |
done |
rm $tmp_file |
fi |
# process each equipment known by chilli |
# on traite chaque équipements connus de chilli |
for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"` |
do |
active_ip=`echo $system |cut -d" " -f2` |
130,20 → 130,16 |
active_session=`echo $system |cut -d" " -f5` |
active_mac=`echo $system | cut -d" " -f1` |
active_user=`echo $system |cut -d" " -f6` |
# process only equipment with an authenticated user |
# on ne traite que les équipements exploitées par un usager authentifié (test de 2 réponses en 4 secondes) |
if [[ $(expr $active_session) -eq 1 ]] |
then |
then |
arp_reply=`/usr/sbin/arping -b -I$INTIF -s$PRIVATE_IP -c2 -w4 $active_ip|grep "Unicast reply"|wc -l` |
# store @IP of quiet equipments |
# on stocke les adresses IP des stations muettes |
if [[ $(expr $arp_reply) -eq 0 ]] |
then |
PTN='^[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]]$' |
if [[ $(expr $active_user : $PTN) -eq 0 ]] # don't process @mac auth equipments |
then |
echo "$active_ip $active_mac $active_user" >> $tmp_file |
fi |
echo "$active_ip $active_mac $active_user" >> $tmp_file |
fi |
# disconnect users whose equipement is usurped (@MAC) |
# on deconnecte l'usager d'une stations usurpée (@MAC) |
if [[ $(expr $arp_reply) -gt 2 ]] |
then |
echo "alcasar-watchdog : $active_ip is usurped ($active_mac). Alcasar disconnect the user ($active_user)." >> /var/Save/logs/security/watchdog.log |
/scripts/alcasar-archive.sh |
---|
6,12 → 6,12 |
# This script is distributed under the Gnu General Public License (GPL) |
# Script permettant |
# - d'exporter dans un seul fichier les logs de traçabilités et la base des usagers (à des fins d'archivages). |
# - d'exporter les logs de traçabilités et la base des usagers à des fins d'archivages. |
# - Une fonction de chiffrement des logs a été implémentée dans ce script. Lisez la documentation d'exploitation pour l'activer. |
# - nettoyage des archives supérieures à 1 an (365 jours) |
# This script allows |
# - export in one file the log files and user's base (in order to archive them). |
# - export log files and user's base in order to archive them. |
# - a cypher fonction allows to protect these files. Read the exploit documentation to enable it. |
# - delete backup files older than one year (365 days) |
27,7 → 27,7 |
EXPIRE_DAY=365 # Nbre de jour avant suppression des fichiers journaux |
CRYPT="0" # chiffrement des logs ( 0=non / 1=oui --> Signature = 1(implicite)) |
SIGN="0" # Signature/empreinte des logs ( 0=non / 1=oui ) ATTENTION : nécessite la clé privée !!! |
GPG_USER="" # utilisateur autorisé à déchiffrer les logs. Sa clé publique doit être connu dans le portefeuille gnupg de root (/root/.gnupg) |
GPG_USER="OSSI-CIRISI-Lyon" # utilisateur autorisé à déchiffrer les logs. Sa clé publique doit être connu dans le portefeuille gnupg de root (/root/.gnupg) |
usage="Usage: alcasar-archive.sh {--clean or -c} | {--now or -n}" |
90,12 → 90,15 |
} |
fi |
rm -rf /tmp/archive-* |
chown root:apache $DIR_ARCHIVE/* |
chown apache:apache $TO_SAVE/ |
;; |
--update | -u) |
# Mise à niveau de l'architecture d'export/archivage |
[ -d /tmp/save ] || mkdir -p /tmp/save |
[ -d $DIR_ARCHIVE/ ] || mkdir -p $DIR_ARCHIVE/ # utile une seule fois mais crée le répertoire si nécessaire |
# copie de l'archive au cas où ... |
rm -f $(ls *[0-9]) # effacer les fichiers n'ayant pas été compressés |
mv $TO_SAVE/firewall/tracabilite-* $DIR_ARCHIVE/. |
;; |
*) |
echo "Unknown argument :$1"; |
/scripts/alcasar-iptables-bypass.sh |
---|
72,9 → 72,10 |
if [ $SSH = on ] |
then |
$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-LAN -- ACCEPT" |
$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ACCEPT |
$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -j ACCEPT |
$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW --syn -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-WAN -- ACCEPT" |
$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW -j ACCEPT |
$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport ssh -m state --state ESTABLISHED -j ACCEPT |
fi |
# Insertion de règles locales |
/scripts/alcasar-iptables.sh |
---|
45,6 → 45,9 |
TUNIF="tun0" # listen device for chilli daemon |
IPTABLES="/sbin/iptables" |
#lancement du module kernel ipt_NETFLOW (module iptables) |
modprobe ipt_NETFLOW destination=127.0.0.1:2055 |
# Effacement des règles existantes |
# Flush all existing rules |
$IPTABLES -F |
132,6 → 135,7 |
# On autorise les retours de connexions légitimes par INPUT |
# Conntrack on INPUT |
#$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j NETFLOW |
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
# On interdit les connexions directes au port utilisé par DansGuardian (8080). Les packets concernés ont été marqués dans la table mangle (PREROUTING) |
154,6 → 158,8 |
fi |
# Autorisation des connexions légitimes à DansGuardian |
# Allow connections for DansGuardian |
#Flux netflow des requêtes HTTP à destination de DansGuardian |
#$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8080 -j NETFLOW |
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8080 -m state --state NEW --syn -j ACCEPT |
# On interdit les connexions directes au port UDP 54. Les packets concernés ont été marqués dans la table mangle (PREROUTING) |
249,7 → 255,6 |
#fi |
# Autorisation des retours de connexions légitimes |
# Allow conntrack |
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT |
# If protocols filter is activate |
261,6 → 266,7 |
while read ip_exception |
do |
$IPTABLES -A FORWARD -i $TUNIF -s $ip_exception -m state --state NEW -j ULOG --ulog-prefix "RULE IP-exception -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -s $ip_exception -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $ip_exception -m state --state NEW -j ACCEPT |
done < /usr/local/etc/alcasar-filter-exceptions |
fi |
272,6 → 278,7 |
do |
ip_allowed=`echo $ip_allowed_line|cut -d"\"" -f2` |
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ULOG --ulog-prefix "RULE IP-allowed -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -d $ip_allowed -m state --state NEW -j ACCEPT |
done < /usr/local/etc/alcasar-uamallowed |
fi |
286,11 → 293,15 |
svc_port=`echo $svc_line|cut -d" " -f2` |
if [ $svc_name = "icmp" ] |
then |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp -j ACCEPT |
else |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j ULOG --ulog-prefix "RULE F_TCP-$svc_name -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport $svc_port -m state --state NEW -j ACCEPT |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j ULOG --ulog-prefix "RULE F_UDP-$svc_name -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -p udp --dport $svc_port -m state --state NEW -j ACCEPT |
fi |
fi |
311,18 → 322,19 |
# Autorisation des connections sortant du LAN |
# Allow forward connections with log |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j ULOG --ulog-prefix "RULE F_all -- ACCEPT " |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j NETFLOW |
$IPTABLES -A FORWARD -i $TUNIF -s $PRIVATE_NETWORK_MASK -m state --state NEW -j ACCEPT |
############################# |
# OUTPUT # |
############################# |
# On autorise les retours de connexions légitimes par OUTPUT |
# Conntrack on OUTPUT |
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
# On laisse tout sortir sur INTIF |
# Everything is allowed only on INTIF |
# SSHD rules if activate |
if [ $SSH = on ] |
then |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport ssh -m state --state ESTABLISHED -j ACCEPT |
fi |
# On laisse tout sortir sur toutes les cartes sauf celle qui est connectée sur l'extérieur |
# Everything is allowed but traffic through outside network interface |
$IPTABLES -A OUTPUT ! -o $EXTIF -j ACCEPT |
# On autorise les requêtes DNS vers les serveurs DNS identifiés |
331,6 → 343,7 |
# On autorise les requêtes HTTP sortantes |
# HTTP requests are allowed |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT |
# On autorise les requêtes FTP |
337,6 → 350,7 |
# FTP requests are allowed |
modprobe ip_conntrack_ftp |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT |
$IPTABLES -A OUTPUT -o $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT |
# On autorise les requêtes NTP |
# NTP requests are allowed |
356,6 → 370,7 |
# $IPTABLES -A INPUT -p udp -s $LDAP_IP -m multiports --sports ldap,ldaps -m state --state ESTABLISHED -j ACCEPT |
fi |
############################# |
# POSTROUTING # |
############################# |
/scripts/alcasar-conf.sh |
---|
386,8 → 386,6 |
$SED "s?^\$organisme = .*?\$organisme = \"$ORGANISME\";?g" /var/www/html/intercept.php /var/www/html/status.php |
# dhcp (coova + dnsmasq) |
$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode |
# awstat |
$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf |
# dnsmasq |
$SED "/127.0.0.1/!s?^listen-address=.*?listen-address=$PRIVATE_IP?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf |
for i in /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf |
/scripts/alcasar-urpmi.sh |
---|
12,8 → 12,7 |
VERSION="2" |
ARCH="i586" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="sudo freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb logwatch ntp awstats bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy php-mbstring" |
PACKAGES="sudo freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php iptables squid dansguardian postfix mariadb logwatch ntp bind-utils openssh-server php-xml php-ldap php-mysql pam_ccreds rng-utils dnsmasq syslinux rsync cronie-anacron clamav pm-fallback-policy php-mbstring perl-rrdtool perl-MailTools perl-Socket6 php-sockets kernel-desktop-3.4.45-1.mga2-1-1.mga2" |
rpm_repository_sync () |
{ |
cat <<EOF > /etc/urpmi/urpmi.cfg |
228,4 → 227,20 |
[ -e /tmp/chilli.conf ] && mv /tmp/chilli.conf /etc/ |
# Clean the RPM cache |
urpmi --clean |
#Keep only kernel-desktop-3.4.45-1.mga2-1-1.mga2 version, and remove all others |
kernelVersion=$(rpm -qa | grep "kernel-desktop") |
for i in $kernelVersion |
do |
if [ ! $i = "kernel-desktop-3.4.45-1.mga2-1-1.mga2" ];then |
urpme $i |
fi |
done |
#Fix the kernel version to : kernel-desktop-3.4.45-1.mga2-1-1.mga2 |
echo "/^kernel-desktop/" > /etc/urpmi/skip.list |
#update tht kernel modules list |
depmod -a |
exit 0 |
/scripts/sbin/alcasar-uninstall.sh |
---|
15,7 → 15,7 |
echo "-----------------------------------------------------------------------------" |
echo |
#services_stop |
for i in squid ntpd iptables ulogd dansguardian chilli httpd radiusd freshclam havp dnsmasq mysqld named dhcpd |
for i in squid ntpd iptables ulogd dansguardian chilli httpd radiusd freshclam havp dnsmasq mysqld named dhcpd nfsen |
do |
[ -e /etc/init.d/$i ] && /sbin/chkconfig --del $i && /etc/init.d/$i stop && killall $i 2>/dev/null |
done |
132,11 → 132,6 |
fi |
sleep 1 |
#awstats |
echo -en "\n- awstats(1) : " |
[ -e /etc/awstats/awstats.conf.default ] && mv /etc/awstats/awstats.conf.default /etc/awstats/awstats.conf && echo -n "1" |
sleep 1 |
#DnsMasq |
echo -en "\n- dnsmasq(4) : " |
if [ -e /etc/init.d/dnsmasq ] |
177,7 → 172,6 |
[ -e /etc/cron.d/alcasar-clean_log ] && rm -f /etc/cron.d/alcasar-clean_log && echo -n "5, " |
[ -e /etc/cron.d/alcasar-clean_import ] && rm -f /etc/cron.d/alcasar-clean_import && echo -n "6, " |
[ -e /etc/cron.d/alcasar-distrib-updates ] && rm -f /etc/cron.d/alcasar-distrib-updates && echo -n "7, " |
[ -e /etc/cron.d/awstats ] && rm -f /etc/cron.d/awstats && echo -n "8, " |
[ -e /etc/cron.d/freeradius-web ] && rm -f /etc/cron.d/freeradius-web && echo -n "9, " |
[ -e /etc/cron.d/alcasar-watchdog ] && rm -f /etc/cron.d/alcasar-watchdog && echo -n "10" |
rm -f /etc/cron.d/coova /etc/cron.d/alcasar-bl_download |
225,4 → 219,4 |
echo |
# suppression des exceptions de mises à jours ( coova-chilli et freeradius) |
sed -i '/coova.*/d' /etc/urpmi/skip.list |
sed -i '/coova.*/d' /etc/urpmi/skip.list |
/scripts/sbin/alcasar-dhcp.sh |
---|
67,7 → 67,7 |
$SED "s?^DHCP.*?DHCP=off?g" $ALCASAR_CONF_FILE |
if [ "$EXT_DHCP_IP" != "none" ] |
then |
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcprelayagent.*?dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
else |
84,7 → 84,7 |
$SED "s?^dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
$SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE |
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=none?g" $ALCASAR_CONF_FILE |
99,7 → 99,7 |
$SED "s?^dynip.*?dynip\t\t$PRIVATE_DYN_IP?g" $CHILLI_CONF_FILE |
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_DYN_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_DYN_FIRST_IP,$PRIVATE_DYN_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE |
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=none?g" $ALCASAR_CONF_FILE |
/readme.txt |
---|
1,6 → 1,6 |
$Id: readme-2.0.txt 581 2011-04-21 16:59:59Z richard $ |
Alcasar-2.7.1 |
Alcasar-2.7 |
*********** English ********** |
- New installation : Need the CD dual architecture (32b and 64b) of Linux Mageia2 (Mageia-2-dual-CD.iso). |
/web/acc/about.htm |
---|
70,7 → 70,7 |
<TABLE width="100%" border="1" cellspacing="0" cellpadding="0"> |
<TR> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.linux.org")><img border="0" src="/images/footer_linux.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.mageia.org")><img border="0" src="/images/footer_mageia.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.mandriva.com")><img border="0" src="/images/footer_mandriva.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.coova.org/CoovaChilli")><img border="0" src="/images/footer_coova.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.freeradius.org")><img border="0" src="/images/footer_freeradius.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.mysql.com")><img border="0" src="/images/footer_mysql.png"></A></TD> |
/web/acc/stat.php |
---|
3,13 → 3,13 |
$select[0]="$l_stat_user_day"; |
$select[1]="$l_stat_con"; |
$select[2]="$l_stat_daily"; |
$select[3]="$l_stat_web"; |
$select[4]="$l_firewall"; |
$select[3]="$l_firewall"; |
$select[4]="$l_moniteur"; |
$fich[0]="manager/htdocs/user_stats.php"; |
$fich[1]="manager/htdocs/accounting.php"; |
$fich[2]="manager/htdocs/stats.php"; |
$fich[3]="awstats/"; |
$fich[4]="admin/firewallEyes/index.html"; |
$fich[3]="admin/firewallEyes/index.html"; |
$fich[4]="/nfsen"; |
$j=0; |
while ($j != count($select)) |
{ |
/web/acc/manager/htdocs/ticket_user.php |
---|
1,5 → 1,4 |
<?php |
require_once('/var/www/html/acc/manager/lib/alcasar/ticketspdf.class.php'); |
// ticket d'impression (thank's to Geoffroy MUSITELLI) |
//--recupération des variables provenant du formulaire |
$langue_imp=utf8_decode($_POST["langue_imp"]); |
16,11 → 15,8 |
case 'fr': |
$l_title_imp = "TICKET D'ACCÈS INTERNET"; |
$l_footer_imp = "Généré par ALCASAR"; |
//$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.)."; |
//$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter."; |
$l_explain = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte |
(mot de passe, certificat, etc.). |
Entrer 'logout' dans votre navigateur pour vous déconnecter."; |
$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.)."; |
$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter."; |
$l_login_imp = "Utilisateur :"; |
$l_password_imp = "Mot de passe :"; |
$l_max_all_session_imp="Durée totale autorisée :"; |
30,16 → 26,12 |
$l_expiration_imp="Date d'expiration :"; |
$l_unlimited="Illimitée"; |
$l_without="Aucune"; |
$l_duplicate="Duplicata"; |
break; |
case 'de': |
$l_title_imp = "INTERNETZUGANG TICKET"; |
$l_footer_imp = "Präsentiert von ALCASAR"; |
//$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.)."; |
//$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen."; |
$l_explain = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.). |
Geben Sie 'logout' in Ihrem Browser zu trennen. |
"; |
$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.)."; |
$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen."; |
$l_login_imp = "Login :"; |
$l_password_imp = "Passwort :"; |
$l_max_all_session_imp="Maximale erlaubt Dauer :"; |
49,15 → 41,12 |
$l_expiration_imp="Verfallsdatum :"; |
$l_unlimited="Unbegrentz"; |
$l_without="Ohne"; |
$l_duplicate="Duplikat"; |
break; |
case 'nl': |
$l_title_imp = "ONTVANGST INTERNET"; |
$l_footer_imp = "Powered by ALCASAR"; |
//$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.)."; |
//$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken."; |
$l_explain = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.). |
Voer 'logout' in uw browser de verbinding te verbreken."; |
$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.)."; |
$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken."; |
$l_login_imp = "Gebruikers :"; |
$l_password_imp = "Wachtwoord :"; |
$l_max_all_session_imp="Totaal toegestane tijd :"; |
67,15 → 56,12 |
$l_expiration_imp="Vervaldatum :"; |
$l_unlimited="Onbeperkte"; |
$l_without="Ohne"; |
$l_duplicate="Duplicaat"; |
break; |
case 'es': |
$l_title_imp = "BONO INTERNET"; |
$l_footer_imp = "Desarrollado por ALCASAR"; |
//$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.)."; |
//$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar."; |
$l_explain = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.). |
Escribe 'logout' de su navegador para desconectar."; |
$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.)."; |
$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar."; |
$l_login_imp = "Usuario :"; |
$l_password_imp = "Contraseña :"; |
$l_max_all_session_imp="Tiempo total permitido :"; |
85,15 → 71,12 |
$l_expiration_imp="Fecha de caducidad :"; |
$l_unlimited="Ilimitado"; |
$l_without="Sin"; |
$l_duplicate="Duplicado"; |
break; |
case 'it': |
$l_title_imp = "RICEVIMENTO INTERNET"; |
$l_footer_imp = "Powered by ALCASAR"; |
//$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc)."; |
//$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi."; |
$l_explain = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc). |
Inserisci 'logout' nel tuo browser per disconnettersi."; |
$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc)."; |
$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi."; |
$l_login_imp = "Utenti :"; |
$l_password_imp = "Password :"; |
$l_max_all_session_imp="Tempo totale consentito:"; |
103,15 → 86,12 |
$l_expiration_imp="Data di scadenza :"; |
$l_unlimited="Illimitato"; |
$l_without="Senza"; |
$l_duplicate="Duplicato"; |
break; |
case 'pt': |
$l_title_imp = "BILHETE DE ACESSO À INTERNET"; |
$l_footer_imp = "Desenvolvido por ALCASAR"; |
//$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc)."; |
//$l_explain2_imp = "Digite 'logout' no seu navegador para desligar."; |
$l_explain = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc). |
Digite 'logout' no seu navegador para desligar."; |
$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc)."; |
$l_explain2_imp = "Digite 'logout' no seu navegador para desligar."; |
$l_login_imp = "Usuário :"; |
$l_password_imp = "Senha :"; |
$l_max_all_session_imp="Tempo máximo de toda conexão :"; |
121,15 → 101,12 |
$l_expiration_imp="Data de vencimento :"; |
$l_unlimited="Ilimitado"; |
$l_without="Sem"; |
$l_duplicate="Duplicado"; |
break; |
default: |
$l_title_imp = "INTERNET ACCESS TICKET"; |
$l_footer_imp = "Powered by ALCASAR"; |
//$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.)."; |
//$l_explain2_imp = "Enter 'logout' in your browser to disconnect."; |
$l_explain = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.). |
Enter 'logout' in your browser to disconnect."; |
$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.)."; |
$l_explain2_imp = "Enter 'logout' in your browser to disconnect."; |
$l_login_imp = "Login :"; |
$l_password_imp = "Password :"; |
$l_max_all_session_imp="Total time allowed :"; |
139,47 → 116,145 |
$l_expiration_imp="Expiration date :"; |
$l_unlimited="Unlimited"; |
$l_without="Without"; |
$l_duplicate="Duplicate"; |
break; |
} |
/* Si les valeurs de durée sont égal à '-' remplissage avec la valeur 'Illimitée'*/ |
if ($sto_imp=='-'){ $sto_imp=$l_unlimited;} |
if ($mas_imp=='-'){ $mas_imp=$l_unlimited;} |
if ($mds_imp=='-'){ $mds_imp=$l_unlimited;} |
if ($mms_imp=='-'){ $mms_imp=$l_unlimited;} |
//création de la classe PDF pour faire l'entête et pieds de page |
// Ajout d'un ticket sur la fiche PDF |
require('../lib/fpdf/fpdf.php'); |
class PDF extends FPDF |
{ |
//Entête |
function Header() |
{ |
global $l_title_imp; |
//Logo coordonnées x , y, largeur de l'image |
$this->Image('../../../images/logo-alcasar.png',30,15,30); |
$this->Image('../../../images/organisme.png',150,15,25); |
//Police Arial gras 15 |
$this->SetFont('Arial','B',18); |
//couleur de l'écriture en rouge |
$this->SetTextColor(250,1,10); |
//Titre largeur cellule x , hauteur y, texte, bordure 0 , Indique où déplace la prochaine position courante 0 droite, centré C |
$this->Cell(190,10,utf8_decode($l_title_imp),0,0,'C'); |
//Saut de ligne |
$this->Ln(25); |
} |
//Pied de page |
function Footer() |
{ |
global $l_footer_imp; |
//Positionnement à 1,5 cm du bas |
$this->SetY(-15); |
//Police Arial italique 8 |
$this->SetFont('Arial','I',8); |
$this->Cell(200,20,utf8_decode($l_footer_imp),0,0,'C'); |
} |
//fonction rectangle |
//Rectangle : x, y : coin supérieur gauche du rectangle.w, h : largeur et hauteur. r : rayon des coins arrondis. |
//style : comme celui de Rect() : F, D (défaut), FD ou DF. |
function RoundedRect($x, $y, $w, $h, $r, $style = '') |
{ |
$k = $this->k; |
$hp = $this->h; |
if($style=='F') |
$op='f'; |
elseif($style=='FD' or $style=='DF') |
$op='B'; |
else |
$op='S'; |
$MyArc = 4/3 * (sqrt(2) - 1); |
$this->_out(sprintf('%.2F %.2F m',($x+$r)*$k,($hp-$y)*$k )); |
$xc = $x+$w-$r ; |
$yc = $y+$r; |
$this->_out(sprintf('%.2F %.2F l', $xc*$k,($hp-$y)*$k )); |
// Préparation de la fiche PDF |
$pdf = new ticketsPDF(2,3); |
$pdf->setTicketsTitle($l_title_imp); |
$pdf->setTicketsFooter($l_footer_imp); |
$pdf->newTickets(); |
$pdf->Ln(5); |
$pdf->addInfos($l_login_imp, $log_imp); |
$pdf->addInfos($l_password_imp, $passwd_imp); |
$pdf->Ln(5); |
$pdf->addInfos($l_max_all_session_imp, $mas_imp); |
$pdf->addInfos($l_session_timeout_imp, $sto_imp); |
$pdf->addInfos($l_max_daily_session_imp, $mds_imp); |
$pdf->addInfos($l_expiration_imp, $exp_imp); |
$pdf->Ln(10); |
$pdf->addComment($l_explain); |
$this->_Arc($xc + $r*$MyArc, $yc - $r, $xc + $r, $yc - $r*$MyArc, $xc + $r, $yc); |
$xc = $x+$w-$r ; |
$yc = $y+$h-$r; |
$this->_out(sprintf('%.2F %.2F l',($x+$w)*$k,($hp-$yc)*$k)); |
$this->_Arc($xc + $r, $yc + $r*$MyArc, $xc + $r*$MyArc, $yc + $r, $xc, $yc + $r); |
$xc = $x+$r ; |
$yc = $y+$h-$r; |
$this->_out(sprintf('%.2F %.2F l',$xc*$k,($hp-($y+$h))*$k)); |
$this->_Arc($xc - $r*$MyArc, $yc + $r, $xc - $r, $yc + $r*$MyArc, $xc - $r, $yc); |
$xc = $x+$r ; |
$yc = $y+$r; |
$this->_out(sprintf('%.2F %.2F l',($x)*$k,($hp-$yc)*$k )); |
$this->_Arc($xc - $r, $yc - $r*$MyArc, $xc - $r*$MyArc, $yc - $r, $xc, $yc - $r); |
$this->_out($op); |
} |
//fonction arc de cercle |
function _Arc($x1, $y1, $x2, $y2, $x3, $y3) |
{ |
$h = $this->h; |
$this->_out(sprintf('%.2F %.2F %.2F %.2F %.2F %.2F c ', $x1*$this->k, ($h-$y1)*$this->k, |
$x2*$this->k, ($h-$y2)*$this->k, $x3*$this->k, ($h-$y3)*$this->k)); |
} |
} |
// Création du duplicata |
$pdf->newTickets(); |
$pdf->Ln(5); |
$pdf->addInfos($l_login_imp, $log_imp); |
$pdf->addInfos($l_password_imp, $passwd_imp); |
$pdf->Ln(5); |
$pdf->addInfos($l_max_all_session_imp, $mas_imp); |
$pdf->addInfos($l_session_timeout_imp, $sto_imp); |
$pdf->addInfos($l_max_daily_session_imp, $mds_imp); |
$pdf->addInfos($l_expiration_imp, $exp_imp); |
$pdf->Ln(10); |
$pdf->addComment($l_duplicate,'C');//à mettre en rouge |
//création du constructeur pdf avec fpdf : portrait P sinon paysage L, unite mm, page A4 |
$pdf = new PDF('L','mm','A5'); |
$pdf->AliasNbPages(); |
//creation de la page |
$pdf->Addpage(); |
//Couleur du texte en noir |
$pdf->SetTextColor(0); |
//création du cadre arrondi qui entoure le ticket d'impression |
//x, y : coin supérieur gauche du rectangle.w, h : largeur et hauteur. r : rayon des coins arrondis. |
//style : comme celui de Rect() : F, D (défaut), FD ou DF. |
$pdf->RoundedRect(40, 32, 130, 80, 3.5, 'D'); |
//création utilisateur et mot de passe coordonnées x , y hauteur et largeur , texte |
$pdf->Ln(5); |
$pdf->SetFont('Arial','',12); |
$pdf->cell(50); |
$pdf->Cell(45,10,utf8_decode($l_login_imp),0,0,'R'); |
$pdf->SetFont('Arial','B',12); |
$pdf->Cell(45,10,$log_imp,0,1,'L'); |
$pdf->cell(50); |
$pdf->SetFont('Arial','',12); |
$pdf->Cell(45,10,utf8_decode($l_password_imp),0,0,'R'); |
$pdf->SetFont('Arial','B',12); |
$pdf->Cell(45,10,$passwd_imp,0,1,'L'); |
//saut de ligne |
$pdf->Ln(7); |
//création des attributs utilisateurs coordonnées x , y hauteur et largeur , texte |
$pdf->cell(50); |
$pdf->SetFont('Arial','',12); |
$pdf->Cell(45,10,utf8_decode($l_max_all_session_imp),0,0,'R'); |
$pdf->SetFont('Arial','B',12); |
if ($mas_imp == "Unlimited") $mas_imp=utf8_decode($l_unlimited); |
$pdf->Cell(45,10,$mas_imp,0,1,'L'); |
$pdf->cell(50); |
$pdf->SetFont('Arial','',12); |
$pdf->Cell(45,10,utf8_decode($l_session_timeout_imp),0,0,'R'); |
$pdf->SetFont('Arial','B',12); |
if ($sto_imp == "Unlimited") $sto_imp=utf8_decode($l_unlimited); |
$pdf->Cell(45,10,$sto_imp,0,1,'L'); |
$pdf->cell(50); |
$pdf->SetFont('Arial','',12); |
$pdf->Cell(45,10,utf8_decode($l_max_daily_session_imp),0,0,'R'); |
$pdf->SetFont('Arial','B',12); |
if ($mds_imp == "Unlimited") $mds_imp=utf8_decode($l_unlimited); |
$pdf->Cell(45,10,$mds_imp,0,1,'L'); |
//$pdf->SetFont('Arial','',12); |
//$pdf->cell(50); |
//$pdf->Cell(45,10,$l_max_monthly_session_imp,0,0,'R'); |
//$pdf->SetFont('Arial','B',12); |
//$pdf->Cell(45,10,$mms_imp,0,1,'L'); |
$pdf->cell(50); |
$pdf->SetFont('Arial','',12); |
$pdf->Cell(45,10,utf8_decode($l_expiration_imp),0,0,'R'); |
$pdf->SetFont('Arial','B',12); |
if ($exp_imp == "Without") $exp_imp=utf8_decode($l_without); |
$pdf->Cell(45,10,$exp_imp,0,1,'L'); |
$pdf->Ln(7); |
$pdf->cell(30); |
$pdf->SetFont('Arial','',8); |
$pdf->Cell(0,5,utf8_decode($l_explain1_imp),0,1,'L'); |
$pdf->cell(30); |
$pdf->SetFont('Arial','',8); |
$pdf->Cell(0,5,utf8_decode($l_explain2_imp),0,1,'L'); |
// envoie du document au navigateur |
$ticket_name="ticket_".$log_imp.".pdf"; |
$pdf->Output("ticket.pdf"); |
/web/acc/manager/htdocs/voucher_new.php |
---|
3,7 → 3,10 |
//gestion de la langue |
if (is_file("../lib/langues.php")) |
include("../lib/langues.php"); |
require('/etc/freeradius-web/config.php'); |
// for developpement purpose |
// CONST ROOT = "C:/Serveurs/Alcasar-mageia/"; |
CONST ROOT = "/"; |
require(ROOT.'etc/freeradius-web/config.php'); |
if ($show == 1){ |
header("Location: user_admin.php?login=$login"); |
exit; |
32,26 → 35,7 |
dp_cal = new Epoch('epoch_popup','popup',document.getElementById('popup_container')); |
}; |
/*Fin calendrier*/ |
function createTickets(arg){ |
var nbtickets = prompt("Saisissez le nombre d'utilisateurs à créer", ""); |
// On test la pression sur le boutton "annuler" |
if (nbtickets===null){ |
alert('nbtickets===null'); |
return false; |
} |
// On test la valeur saisie n'est pas un nombre |
if (isNaN(nbtickets)===true){ |
return false; |
} |
// Conversion en entier de nbtickets |
nbtickets = parseInt(nbtickets) |
// Configuration et envoie du formulaire |
arg.nbtickets.value = nbtickets |
arg.action = "vouchers_new.php"; |
arg.submit(); |
return true; |
} |
</script> |
</head> |
<body> |
113,13 → 97,13 |
$login = $saved_login;} |
/* Si les valeurs de durée sont vide remplissage avec la valeur 'Illimitée'*/ |
/* et formatage des secondes sous le format Heure min ses*/ |
if ($sto_imp==''){ $sto_imp='-';} |
if ($sto_imp==''){ $sto_imp=$v_illimit;} |
else { $sto_imp=sec_imp($sto_imp);} |
if ($mas_imp==''){ $mas_imp='-';} |
if ($mas_imp==''){ $mas_imp=$v_illimit;} |
else { $mas_imp=sec_imp($mas_imp);} |
if ($mds_imp==''){ $mds_imp='-';} |
if ($mds_imp==''){ $mds_imp=$v_illimit;} |
else { $mds_imp=sec_imp($mds_imp);} |
if ($mms_imp==''){ $mms_imp='-';} |
if ($mms_imp==''){ $mms_imp=$v_illimit;} |
else { $mms_imp=sec_imp($mms_imp);} |
/*Formatage de la date afin d'être lisible dans toute les langues 'jj mm yyyy'*/ |
if ($Expiration!=''){ $Expiration=date("d - m - Y",strtotime($Expiration));} |
372,13 → 356,8 |
else{ |
echo "<input type=submit class=button value=\"$l_create\" OnClick=\"return formControl('newuser');\">"; |
echo "<input type='hidden' name='nbtickets' value=''>"; |
echo "<br>Ou :<br>"; |
$l_create_multiple = "Créer plusieurs tickets"; |
echo "<input type=button class=button value=\"$l_create_multiple\" OnClick=\"return createTickets(this.form);\">"; |
$l_create_multiple_comment = "<br>Remarques : lors de la création plusieurs tickets sysmultanément :<br> |
- l'identifiant et le mot de passe sont générés aléatoirement,<br> |
- les champs \"Nom, prénom\" et \"Adresse de couriel\" ne sont pas pris en compte.<br> "; |
echo "<br>$l_or :<br>"; |
echo "<input type=button class=button value=\"$l_create_multiple\" OnClick=\"return createTickets(this.form, '$l_createTicketsMSG');\">"; |
echo $l_create_multiple_comment; |
} |
?> |
/web/acc/manager/htdocs/vouchers_new.php |
---|
1,6 → 1,8 |
<?php |
CONST ROOT = '/'; |
require_once(ROOT.'/var/www/html/acc/manager/lib/alcasar/ticketspdf.class.php'); |
// for developpement purpose |
// CONST ROOT = "C:/Serveurs/Alcasar-mageia/"; |
CONST ROOT = "/"; |
require_once(ROOT.'var/www/html/acc/manager/lib/alcasar/ticketspdf.class.php'); |
/* |
TODO : |
77,8 → 79,8 |
case 'fr': |
$l_title_imp = "TICKET D'ACCÈS INTERNET"; |
$l_footer_imp = "Généré par ALCASAR"; |
//$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.)."; |
//$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter."; |
//$l_explain1_imp = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte (mot de passe, certificat, etc.)."; |
//$l_explain2_imp = "Entrer 'logout' dans votre navigateur pour vous déconnecter."; |
$l_explain = "Entrer 'alcasar' dans votre navigateur pour gérer votre compte |
(mot de passe, certificat, etc.). |
Entrer 'logout' dans votre navigateur pour vous déconnecter."; |
95,8 → 97,8 |
case 'de': |
$l_title_imp = "INTERNETZUGANG TICKET"; |
$l_footer_imp = "Präsentiert von ALCASAR"; |
//$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.)."; |
//$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen."; |
//$l_explain1_imp = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.)."; |
//$l_explain2_imp = "Geben Sie 'logout' in Ihrem Browser zu trennen."; |
$l_explain = "Geben Sie 'Alcasar' in Ihrem Browser, um Ihr Konto zu verwalten (kennwort, zertifikat, etc.). |
Geben Sie 'logout' in Ihrem Browser zu trennen. |
"; |
113,8 → 115,8 |
case 'nl': |
$l_title_imp = "ONTVANGST INTERNET"; |
$l_footer_imp = "Powered by ALCASAR"; |
//$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.)."; |
//$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken."; |
//$l_explain1_imp = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.)."; |
//$l_explain2_imp = "Voer 'logout' in uw browser de verbinding te verbreken."; |
$l_explain = "Voer 'Alcasar' in uw browser om uw account te beheren (wachtwoord, certificaat, etc.). |
Voer 'logout' in uw browser de verbinding te verbreken."; |
$l_login_imp = "Gebruikers :"; |
130,8 → 132,8 |
case 'es': |
$l_title_imp = "BONO INTERNET"; |
$l_footer_imp = "Desarrollado por ALCASAR"; |
//$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.)."; |
//$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar."; |
//$l_explain1_imp = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.)."; |
//$l_explain2_imp = "Escribe 'logout' de su navegador para desconectar."; |
$l_explain = "Escribe 'Alcasar' de su navegador para administrar su cuenta (contraseña, certificado, etc.). |
Escribe 'logout' de su navegador para desconectar."; |
$l_login_imp = "Usuario :"; |
147,8 → 149,8 |
case 'it': |
$l_title_imp = "RICEVIMENTO INTERNET"; |
$l_footer_imp = "Powered by ALCASAR"; |
//$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc)."; |
//$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi."; |
//$l_explain1_imp = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc)."; |
//$l_explain2_imp = "Inserisci 'logout' nel tuo browser per disconnettersi."; |
$l_explain = "Inserisci 'alcasar' nel tuo browser per gestire il tuo account (password, certificato, ecc). |
Inserisci 'logout' nel tuo browser per disconnettersi."; |
$l_login_imp = "Utenti :"; |
164,8 → 166,8 |
case 'pt': |
$l_title_imp = "BILHETE DE ACESSO À INTERNET"; |
$l_footer_imp = "Desenvolvido por ALCASAR"; |
//$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc)."; |
//$l_explain2_imp = "Digite 'logout' no seu navegador para desligar."; |
//$l_explain1_imp = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc)."; |
//$l_explain2_imp = "Digite 'logout' no seu navegador para desligar."; |
$l_explain = "Digite 'Alcasar' no seu navegador para gerenciar sua conta (senha, certidão, etc). |
Digite 'logout' no seu navegador para desligar."; |
$l_login_imp = "Usuário :"; |
181,8 → 183,8 |
default: |
$l_title_imp = "INTERNET ACCESS TICKET"; |
$l_footer_imp = "Powered by ALCASAR"; |
//$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.)."; |
//$l_explain2_imp = "Enter 'logout' in your browser to disconnect."; |
$l_explain1_imp = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.)."; |
$l_explain2_imp = "Enter 'logout' in your browser to disconnect."; |
$l_explain = "Enter 'alcasar' in your browser to manage your account (password, certificate, etc.). |
Enter 'logout' in your browser to disconnect."; |
$l_login_imp = "Login :"; |
256,8 → 258,8 |
// création des variables d'impression |
$login_imp = $login; |
$passwd1_imp = $passwd; |
// encryption du mot de passe (pas besoins, déjà présent dans le fichier create_user.php) |
//$passwd = da_encrypt($passwd); |
// encryption du mot de passe |
$passwd = da_encrypt($passwd); |
// test si l'usager existe |
if (is_file("../lib/$config[general_lib_type]/user_info.php")) |
/web/acc/admin/services.php |
---|
7,8 → 7,8 |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'fr'){ |
$l_services_title = "Configuration des services"; |
$l_main_services = "Services principaux"; |
$l_opt_services = "Services optionnels"; |
$l_main_services = "Services réseau principaux"; |
$l_opt_services = "Services réseau optionnels"; |
$l_service_title = "Nom du service"; |
$l_service_start = "Démarrer"; |
$l_service_stop = "Arrêter"; |
30,8 → 30,8 |
$l_ntpd = "Service de mise à l'heure réseau"; |
} else { |
$l_services_title = "Services configuration"; |
$l_main_services = "Main services"; |
$l_opt_services = "Optional services"; |
$l_main_services = "Main network services"; |
$l_opt_services = "Optional network services"; |
$l_service_title = "Service name"; |
$l_service_start = "Start"; |
$l_service_stop = "Stop"; |
/web/acc/menu.php |
---|
38,9 → 38,9 |
$l_stat_user_day = "usager/jour"; |
$l_stat_con = "connexions"; |
$l_stat_daily ="usage journalier"; |
$l_stat_web ="traffic WEB"; |
$l_firewall ="parefeu"; |
$l_menu="Menu"; |
$l_moniteur="Moniteur Système"; |
} |
else { |
$Language = 'en'; |
64,9 → 64,9 |
$l_stat_user_day = "user/day"; |
$l_stat_con = "connections"; |
$l_stat_daily ="daily use"; |
$l_stat_web ="WEB traffic"; |
$l_firewall ="firewall"; |
$l_menu="Main"; |
$l_moniteur="System Monitor"; |
} |
echo " |
<TABLE width=\"100%\" border=0 cellspacing=0 cellpadding=0> |
148,7 → 148,7 |
fclose($fp); |
printf("%d", $nb); |
?> |
<br>depuis le 99/99/9999<br></center></td></tr> |
<br>depuis le 20/01/2013<br></center></td></tr> |
</TABLE> |
</td></tr> |
</TABLE> |
/alcasar.sh |
---|
3,12 → 3,14 |
# alcasar.sh |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] |
# Ce programme est un logiciel libre ; This software is free and open source |
# ALCASAR - Portail captif d'accès à l'Internet - Copyright (C) [2005] [ALcasar team - Rexy - 3abtux - ...] |
# Ce programme est un logiciel libre ; vous pouvez le redistribuer et/ou le modifier au titre des clauses de la Licence Publique Générale GNU, |
# elle que publiée par la Free Software Foundation ; soit la version 3 de la Licence. |
# Ce programme est distribué dans l'espoir qu'il sera utile, mais SANS AUCUNE GARANTIE ; |
# sans même une garantie implicite de COMMERCIABILITE ou DE CONFORMITE A UNE UTILISATION PARTICULIERE. |
# Voir la Licence Publique Générale GNU pour plus de détails. |
# Vous devriez avoir reçu un exemplaire de la Licence Publique Générale GNU avec ce programme ; |
# si ce n'est pas le cas, consultez : <http://www.gnu.org/licenses/>. |
# team@alcasar.net |
20,7 → 22,7 |
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal) |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares : |
# |
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes |
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes |
# Options : |
# -i or --install |
39,7 → 41,7 |
# param_squid : Configuration du proxy squid en mode 'cache' |
# param_dansguardian : Configuration de l'analyseur de contenu DansGuardian |
# antivirus : Installation havp + libclamav |
# param_awstats : Configuration de l'interface des statistiques de consultation WEB |
# param_nfsen : Configuration du grapheur nfsen pour apache |
# dnsmasq : Configuration du serveur de noms et du serveur dhcp de secours |
# BL : Configuration de la BlackList |
# cron : Mise en place des exports de logs (+ chiffrement) |
70,7 → 72,7 |
DOMAIN="localdomain" # domaine local |
EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI) |
MTU="1500" |
ETHTOOL_OPTS='"autoneg off speed 100 duplex full"' |
ETHTOOL_OPTS="speed 100 duplex full" |
INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation |
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # adresse d'ALCASAR (+masque) proposée par défaut sur le réseau de consultation |
# ****** Paths - chemin des commandes ******* |
424,6 → 426,7 |
ACCOUNTING=no |
USERCTL=no |
MTU=$MTU |
#ETHTOOL_OPTS=$ETHTOOL_OPTS |
EOF |
# Config eth1 (consultation LAN) in normal mode |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF |
436,7 → 439,6 |
IPV6TO4INIT=no |
ACCOUNTING=no |
USERCTL=no |
ETHTOOL_OPTS=$ETHTOOL_OPTS |
EOF |
# Config of eth1 in bypass mode (see "alcasar-bypass.sh") |
cat <<EOF > /etc/sysconfig/network-scripts/default-ifcfg-$INTIF |
497,7 → 499,8 |
# load conntrack ftp module |
[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default |
echo "ip_conntrack_ftp" >> /etc/modprobe.preload |
# |
# load ipt_NETFLOW module |
echo "ipt_NETFLOW" >> /etc/modprobe.preload |
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh |
} # End of network () |
806,7 → 809,6 |
# insures that mysql is up before radius start |
$SED "s?^# Should-Start.*?# Should-Start: \$network mysqld?" /etc/init.d/radiusd |
$SED "s?^# Should-Stop.*?# Should-Start: \$network mysqld?" /etc/init.d/radiusd |
} # End param_radius () |
########################################################################## |
992,9 → 994,9 |
coaport 3799 |
include $DIR_DEST_ETC/alcasar-uamallowed |
include $DIR_DEST_ETC/alcasar-uamdomain |
#dhcpgateway |
#dhcprelayagent |
#dhcpgatewayport |
#dhcpgateway\t |
#dhcprelayagent\t |
#dhcpgatewayport\t |
EOF |
# create file for DHCP static ip. Reserve the second IP address for eth1 (the first one is for tun0) |
echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers |
1035,21 → 1037,9 |
$SED "s?^http_port.*?http_port 127.0.0.1:3128 transparent?g" /etc/squid/squid.conf |
# Configuration du cache local |
$SED "s?^#cache_dir.*?cache_dir ufs \/var\/spool\/squid 256 16 256?g" /etc/squid/squid.conf |
# emplacement et formatage standard des logs |
echo '#logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh' >> /etc/squid/squid.conf |
echo '#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh' >> /etc/squid/squid.conf |
echo "access_log /var/log/squid/access.log" >> /etc/squid/squid.conf |
# compatibilité des logs avec awstats |
echo "emulate_httpd_log on" >> /etc/squid/squid.conf |
echo "half_closed_clients off" >> /etc/squid/squid.conf |
echo "server_persistent_connections off" >> /etc/squid/squid.conf |
echo "client_persistent_connections on" >> /etc/squid/squid.conf |
echo "client_lifetime 1440 minutes" >> /etc/squid/squid.conf |
echo "request_timeout 5 minutes" >> /etc/squid/squid.conf |
echo "persistent_request_timeout 2 minutes" >> /etc/squid/squid.conf |
echo "cache_mem 256 MB" >> /etc/squid/squid.conf |
echo "maximum_object_size_in_memory 4096 KB" >> /etc/squid/squid.conf |
echo "maximum_object_size 4096 KB" >> /etc/squid/squid.conf |
# désactivation des "access log" |
echo '#Disable access log' >> /etc/squid/squid.conf |
echo "access_log none" >> /etc/squid/squid.conf |
# anonymisation of squid version |
echo "via off" >> /etc/squid/squid.conf |
# remove the 'X_forwarded' http option |
1191,62 → 1181,72 |
cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd |
} # End of param_ulogd () |
################################################################################## |
## Fonction param_awstats ## |
## - configuration de l'interface des logs de consultation WEB (AWSTAT) ## |
################################################################################## |
param_awstats() |
########################################################## |
## Fonction param_nfsen ## |
########################################################## |
param_nfsen() |
{ |
cp -rf /usr/share/awstats/www/ $DIR_ACC/awstats/ |
chown -R apache:apache $DIR_ACC/awstats |
cp /etc/awstats/awstats.conf /etc/awstats/awstats.conf.default |
$SED "s?^LogFile=.*?LogFile=\"/var/log/squid/access.log\"?g" /etc/awstats/awstats.conf |
$SED "s?^LogFormat=.*?LogFormat=4?g" /etc/awstats/awstats.conf |
$SED "s?^SiteDomain=.*?SiteDomain=\"$HOSTNAME\"?g" /etc/awstats/awstats.conf |
$SED "s?^HostAliases=.*?HostAliases=\"$PRIVATE_IP\"?g" /etc/awstats/awstats.conf |
$SED "s?^DNSLookup=.*?DNSLookup=0?g" /etc/awstats/awstats.conf |
$SED "s?^DirData=.*?DirData=\"/var/lib/awstats\"?g" /etc/awstats/awstats.conf |
$SED "s?^DirIcons=.*?DirIcons=\"/acc/awstats/icon\"?g" /etc/awstats/awstats.conf |
$SED "s?^StyleSheet=.*?StyleSheet=\"/css/style.css\"?g" /etc/awstats/awstats.conf |
$SED "s?^BuildReportFormat=.*?BuildReportFormat=xhtml?g" /etc/awstats/awstats.conf |
$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf |
$SED "s?^UseFramesWhenCGI=.*?UseFramesWhenCGI=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowSummary=.*?ShowSummary=VPHB?g" /etc/awstats/awstats.conf |
$SED "s?^ShowSummary=.*?ShowSummary=VPHB?g" /etc/awstats/awstats.conf |
$SED "s?^ShowMonthStats=.*?ShowMonthStats=VPHB?g" /etc/awstats/awstats.conf |
$SED "s?^ShowDaysOfMonthStats=.*?ShowDaysOfMonthStats=PHB?g" /etc/awstats/awstats.conf |
$SED "s?^ShowDaysOfWeekStats=.*?ShowDaysOfWeekStats=PHB?g" /etc/awstats/awstats.conf |
$SED "s?^ShowHoursStats=.*?ShowHoursStats=PHB?g" /etc/awstats/awstats.conf |
$SED "s?^ShowDomainsStats=.*?ShowDomainsStats=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowHostsStats=.*?ShowHostsStats=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowAuthenticatedUsers=.*?ShowAuthenticatedUsers=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowRobotsStats=.*?ShowRobotsStats=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowFileTypesStats=.*?ShowFileTypesStats=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowFileSizesStats=.*?ShowFileSizesStats=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowOSStats=.*?ShowOSStats=0?g" /etc/awstats/awstats.conf |
$SED "s?^ShowScreenSizeStats=.*?ShowScreenSizeStats=0?g" /etc/awstats/awstats.conf |
cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf |
<Directory $DIR_ACC/awstats> |
SSLRequireSSL |
Options ExecCGI |
AddHandler cgi-script .pl |
DirectoryIndex awstats.pl |
Order deny,allow |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On |
AuthUserFile $DIR_DEST_ETC/digest/key_admin |
ErrorDocument 404 https://$HOSTNAME/ |
#Decompression tarball |
tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/ |
#Création groupe et utilisteur |
if grep "^www-data:" /etc/group > /dev/null; then |
echo "Group already exists !" |
else |
groupadd www-data |
echo "Group 'www-data' created !" |
fi |
if grep "^nfsen:" /etc/passwd > /dev/null; then |
echo "User already exists !" |
else |
useradd -m nfsen |
echo "User 'nfsen' created !" |
fi |
usermod -G www-data nfsen |
#Ajout du plugin nfsen : PortTracker |
mkdir -p /var/www/nfsen/plugins |
chown -R nfsen:www-data /var/www/nfsen |
#Ajout du plugin PortTracker |
mkdir -p /var/log/netflow/porttracker |
mkdir -p /usr/share/nfsen/plugins |
chown -R apache:apache /usr/share/nfsen |
cp -f ./conf/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/ |
chown apache /var/log/netflow/porttracker |
#Copie du fichier de conf modifié de nfsen |
cp ./conf/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/ |
#Copie du script d'initialisation de nfsen |
cp ./conf/nfsen/nfsen-init /etc/init.d/nfsen |
#Installation de nfsen via le scrip Perl |
cd /tmp/nfsen-1.3.6p1/ |
/usr/bin/perl5 install.pl etc/nfsen.conf #script lancé deux fois pour corriger, |
/usr/bin/perl5 install.pl etc/nfsen.conf #un problème Perl : "Semaphore introuvable" |
#Création de la DB pour rrdtool |
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/ |
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/ |
sudo -u apache nftrack -I -d /var/log/netflow/porttracker |
chown -R apache:www-data /var/log/netflow/porttracker/ |
chmod -R 775 /var/log/netflow/porttracker |
#Configuration du fichier de conf d'apache |
if [ -f /etc/httpd/conf.d/nfsen.conf ];then |
rm -f /etc/httpd/conf.d/nfsen.conf |
fi |
cat <<EOF >> /etc/httpd/conf.d/nfsen.conf |
Alias /nfsen /var/www/nfsen |
<Directory /var/www/nfsen/> |
DirectoryIndex nfsen.php |
Options -Indexes |
AllowOverride all |
order allow,deny |
allow from all |
AddType application/x-httpd-php .php |
php_flag magic_quotes_gpc on |
php_flag track_vars on |
</Directory> |
SetEnv PERL5LIB /usr/share/awstats/lib:/usr/share/awstats/plugins |
EOF |
} # End of param_awstats () |
#Configuration du délais d'expiration des captures du profile "ALCASAR" |
nfsen -m ALCASAR -e 365d |
#Suppression des sources de nfsen |
rm -rf /tmp/nfsen-1.3.6p1/ |
} # End of param_nfsen |
########################################################## |
## Fonction param_dnsmasq ## |
1310,10 → 1310,8 |
# Optionnellement on pré-active les logs DNS des clients |
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default |
$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g" /etc/sysconfig/dnsmasq |
# Optionnellement, exemple de paramètre supplémentaire pour le cache memoire |
echo '#OPTIONS="$OPTIONS --cache-size=250"' >> /etc/sysconfig/dnsmasq |
# Optionnellement, exemple de configuration avec un A.D. |
echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.3"' >> /etc/sysconfig/dnsmasq |
echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.2"' >> /etc/sysconfig/dnsmasq |
} # End dnsmasq |
########################################################## |
1410,10 → 1408,6 |
# Archive des logs et de la base de données (tous les lundi à 5h35) |
35 5 * * 1 root $DIR_DEST_BIN/alcasar-archive.sh --now |
EOF |
cat << EOF > /etc/cron.d/awstats |
# mise à jour des stats de consultation WEB toutes les 30' |
*/30 * * * * root $DIR_ACC/awstats/awstats.pl -config=localhost -update >/dev/null 2>&1 |
EOF |
cat << EOF > /etc/cron.d/alcasar-clean_import |
# suppression des fichiers de mots de passe lors d'imports massifs par fichier de plus de 24h |
30 * * * * root $DIR_DEST_BIN/alcasar-import-clean.sh |
1422,6 → 1416,10 |
# mise à jour automatique de la distribution tous les jours 3h30 |
30 3 * * * root /usr/sbin/urpmi --auto-update --auto 2>&1 |
EOF |
cat << EOF > /etc/cron.d/alcasar-netflow |
# mise à jour automatique du délais d'expiration des log Nertflow (tous les vendredi à 0h05) |
05 0 * * 5 root /usr/bin/nfexpire -e /var/log/nfsen/profiles-data/ALCASAR/ipt_netflow/ -t 1y -w 90 |
EOF |
# mise à jour des stats de connexion (accounting). Scripts provenant de "dialupadmin" (rpm freeradius-web) (cf. wiki.freeradius.org/Dialup_admin). |
# on écrase le crontab d'origine installé par le RPM "freeradius-web" (bug remonté à qa.mandriva.com : 46739). |
# 'tot_stats' (tout les jours à 01h01) : aggrégat des connexions journalières par usager (renseigne la table 'totacct') |
1515,16 → 1513,31 |
# export des logs en 'retard' dans /var/Save/logs |
/usr/local/bin/alcasar-log.sh --export |
# processus lancés par défaut au démarrage |
for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam |
for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam nfsen |
do |
/sbin/chkconfig --add $i |
done |
cat << EOF > /etc/rc.local |
/usr/local/sbin/alcasar-load_balancing.sh start & |
sleep 3 |
service radiusd restart |
EOF |
# On rajoute une tempo pour relancer radius après le redémarrage de mysqld (bug en cours d'analyse) |
# cat << EOF > /etc/rc.local |
#!/bin/sh |
# |
### BEGIN INIT INFO |
# Provides: rc.local |
# X-Mandriva-Compat-Mode |
# Default-Start: 2 3 4 5 |
# Short-Description: Local initialization script |
# Description: This script will be executed *after* all the other init scripts. |
# You can put your own initialization stuff in here if you don't |
# want to do the full Sys V style init stuff. |
### END INIT INFO |
# |
#/etc/init.d/mysqld restart |
#sleep 1 |
#/etc/init.d/radiusd restart |
#touch /var/lock/subsys/local |
#EOF |
echo "/usr/local/sbin/alcasar-load_balancing.sh start &" >> /etc/rc.local |
# On applique les préconisations ANSSI |
# Apply French Security Agency rules |
1578,7 → 1591,7 |
else |
$SED "s?timeout_established.*?timeout_established = 3600?g" /etc/sysctl.conf |
fi |
# disable log_martians (ALCASAR is often installed between two private network addresses) |
# suppression des log_martians (ALCASAR est souvent entre deux réseaux en adressage privée) |
sysctl -w net.ipv4.conf.all.log_martians=0 |
# On supprime la gestion du <CTRL>+<ALT>+<SUPPR> et des Magic SysReq Keys |
# ??? $SED "s?^ALLOW_REBOOT=.*?ALLOW_REBOOT=no?g" /etc/security/msec/level.fileserver |
1633,10 → 1646,6 |
chown -R root:apache $DIR_DEST_ETC/* |
chmod -R 660 $DIR_DEST_ETC/* |
chmod ug+x $DIR_DEST_ETC/digest |
# Fix the Mageia bug in function "/etc/sysconfig/network-scripts/network-functions" |
[ -e /sbin/ethtool ] || ln -s /usr/sbin/ethtool /sbin/ethtool |
# Apply and save the firewall rules |
sh $DIR_DEST_BIN/alcasar-iptables.sh |
sleep 2 |
1743,6 → 1752,8 |
fi |
# RPMs install |
$DIR_SCRIPTS/alcasar-urpmi.sh |
echo "Mise à jour des modules noyau installés" |
depmod -a |
if [ "$?" != "0" ] |
then |
exit 0 |
1792,10 → 1803,10 |
else |
mode="install" |
fi |
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_awstats param_dnsmasq BL cron post_install |
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus param_ulogd param_nfsen param_dnsmasq BL cron post_install |
do |
$func |
# echo "*** 'debug' : end of function $func ***"; read a |
#echo "*** 'debug' : end of function $func ***"; read a |
done |
;; |
-u | --uninstall) |