WebSVN – ALCASAR – Path Comparison – /

Ignore whitespace Rev 1214 → Rev 1215

 /alcasar.sh
 ,51 → 1191,48
 param_nfsen()
 {
 #Decompression tarball
-tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
+        tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
 #Création groupe et utilisteur
-if grep "^www-data:" /etc/group > /dev/null; then
-        echo "Group already exists !"
-else
-        groupadd www-data
-        echo "Group 'www-data' created !"
-fi
-if grep "^nfsen:" /etc/passwd > /dev/null; then
-        echo "User already exists !"
-else
-        useradd -m nfsen
-        echo "User 'nfsen' created !"
-fi
-usermod -G www-data nfsen
+        if grep "^www-data:" /etc/group > /dev/null; then
+                echo "Group already exists !"
+        else
+                groupadd www-data
+                echo "Group 'www-data' created !"
+        fi
+        if grep "^nfsen:" /etc/passwd > /dev/null; then
+                echo "User already exists !"
+        else
+                useradd -m nfsen
+                echo "User 'nfsen' created !"
+        fi
+        usermod -G www-data nfsen
 #Ajout du plugin nfsen : PortTracker
-mkdir -p /var/www/nfsen/plugins
-chown -R nfsen:www-data /var/www/nfsen
+        mkdir -p /var/www/nfsen/plugins
+        chown -R nfsen:www-data /var/www/nfsen
 #Ajout du plugin PortTracker
-mkdir -p /var/log/netflow/porttracker
-mkdir -p /usr/share/nfsen/plugins
-chown -R apache:apache /usr/share/nfsen
-cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
-chown apache /var/log/netflow/porttracker
+        mkdir -p /var/log/netflow/porttracker /usr/share/nfsen/plugins
+        chown -R apache:apache /var/log/netflow/porttracker /usr/share/nfsen
+        cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
 #Copie du fichier de conf modifié de nfsen
-cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
+        cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
 #Copie du script d'initialisation de nfsen
-cp $DIR_CONF/nfsen/nfsen.service /lib/systemd/system/
-systemctl enable nfsen.service
+        cp $DIR_CONF/nfsen/nfsen.service /lib/systemd/system/
 #Installation de nfsen via le scrip Perl
-DirTmp=$(pwd)
-cd /tmp/nfsen-1.3.6p1/
-/usr/bin/perl5 install.pl etc/nfsen.conf #script lancé deux fois pour corriger,
-/usr/bin/perl5 install.pl etc/nfsen.conf #un problème Perl : "Semaphore introuvable"
+        DirTmp=$(pwd)
+        cd /tmp/nfsen-1.3.6p1/
+        /usr/bin/perl5 install.pl etc/nfsen.conf #script lancé deux fois pour corriger,
+        /usr/bin/perl5 install.pl etc/nfsen.conf #un problème Perl : "Semaphore introuvable"
 #Création de la DB pour rrdtool
-cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
-cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
-sudo -u apache nftrack -I -d /var/log/netflow/porttracker
-chown -R apache:www-data /var/log/netflow/porttracker/
-chmod -R 775 /var/log/netflow/porttracker
+        cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
+        cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
+        sudo -u apache nftrack -I -d /var/log/netflow/porttracker
+        chown -R apache:www-data /var/log/netflow/porttracker/
+        chmod -R 775 /var/log/netflow/porttracker
 #Configuration du fichier de conf d'apache
-if [ -f /etc/httpd/conf.d/nfsen.conf ];then
-        rm -f /etc/httpd/conf.d/nfsen.conf
-fi
-cat <<EOF >> /etc/httpd/conf.d/nfsen.conf
+        if [ -f /etc/httpd/conf.d/nfsen.conf ];then
+                rm -f /etc/httpd/conf.d/nfsen.conf
+        fi
+        cat <<EOF >> /etc/httpd/conf.d/nfsen.conf
 Alias /nfsen /var/www/nfsen
 <Directory /var/www/nfsen/>
 DirectoryIndex nfsen.php
 ,10 → 1246,10
 </Directory>
 EOF
 #Configuration du délais d'expiration des captures du profile "live"
-nfsen -m live -e 62d
+        nfsen -m live -e 62d
 #Suppression des sources de nfsen
-cd $DirTmp
-rm -rf /tmp/nfsen-1.3.6p1/
+        cd $DirTmp
+        rm -rf /tmp/nfsen-1.3.6p1/
 } # End of param_nfsen
 ##########################################################
 ,18 → 1305,18
 EOF
 # Init file modification
-[ -e /etc/init.d/dnsmasq.default ] || cp /etc/init.d/dnsmasq /etc/init.d/dnsmasq.default
+        [ -e /etc/init.d/dnsmasq.default ] || cp /etc/init.d/dnsmasq /etc/init.d/dnsmasq.default
 # Start and stop a 2nd process for the "DNS blackhole"
-cp -f $DIR_CONF/dnsmasq /etc/init.d/dnsmasq
+        cp -f $DIR_CONF/dnsmasq /etc/init.d/dnsmasq
 # Start after chilli (65) which create tun0
-$SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq
+        $SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq
 # Optionnellement on pré-active les logs DNS des clients
-[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
-$SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g"  /etc/sysconfig/dnsmasq
+        [ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
+        $SED "s?log-facility?#OPTIONS=\"-q --log-facility=/var/log/dnsmasq/queries.log\"?g"  /etc/sysconfig/dnsmasq
 # Optionnellement, exemple de paramètre supplémentaire pour le cache memoire
-echo '#OPTIONS="$OPTIONS --cache-size=250"' >> /etc/sysconfig/dnsmasq
+        echo '#OPTIONS="$OPTIONS --cache-size=250"' >> /etc/sysconfig/dnsmasq
 # Optionnellement, exemple de configuration avec un A.D.
-echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.3"' >> /etc/sysconfig/dnsmasq
+        echo '#OPTIONS="$OPTIONS --server=/your.domain/192.168.182.3"' >> /etc/sysconfig/dnsmasq
 } # End dnsmasq
 ##########################################################
 ,13 → 1533,8
         done
 # export des logs en 'retard' dans /var/Save/logs
         /usr/local/bin/alcasar-log.sh --export
-# processus lancés par défaut au démarrage
-        for i in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam nfsen
-        do
-                /sbin/chkconfig --add $i
-        done
-cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
+# creation of the unit of alcasar-load_balancing
+        cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
 #  This file is part of systemd.
 #
 #  systemd is free software; you can redistribute it and/or modify it
 ,17 → 1558,27
 [Install]
 WantedBy=multi-user.target
 EOF
-systemctl enable alcasar-load_balancing.service
+# process launch at boot time
+        for service in ntpd iptables ulogd dnsmasq squid chilli httpd radiusd netfs mysqld dansguardian havp freshclam
+        do
+                /sbin/chkconfig --add $service
+        done
+        for service in alcasar-load_balancing.service nfsen.service
+        do
+                 /bin/systemctl enable $service
+        done
 # On applique les préconisations ANSSI
 # Apply French Security Agency rules
 # ignorer les broadcast ICMP. (attaque smurf)
-sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
+        sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
 # ignorer les erreurs ICMP bogus
-sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
+        sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
 # désactiver l'envoi et la réponse aux ICMP redirects
-sysctl -w net.ipv4.conf.all.accept_redirects=0
-accept_redirect=`grep accept_redirect /etc/sysctl.conf|wc -l`
+        sysctl -w net.ipv4.conf.all.accept_redirects=0
+        accept_redirect=`grep accept_redirect /etc/sysctl.conf|wc -l`
         if [ "$accept_redirect" == "0" ]
         then
                 echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf

Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1214 → Rev 1215

/conf/clamav-main.cvd
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream