/alcasar.sh |
---|
776,9 → 776,10 |
[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default |
cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf |
chown -R radius:radius /etc/raddb/sql/mysql/* |
# insures that mysql is up before radius start |
[ -e $SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service |
# make certain that mysql is up before radius start |
[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default |
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service |
systemctl daemon-reload |
} # End param_radius () |
########################################################################## |
1043,7 → 1044,7 |
################################################################## |
antivirus () |
{ |
# création de l'usager 'havp' |
# create 'havp' user |
havp_exist=`grep havp /etc/passwd|wc -l` |
if [ "$havp_exist" == "1" ] |
then |
1054,7 → 1055,6 |
useradd -r -g havp -s /bin/false -c "system user for havp" havp |
mkdir -p /var/tmp/havp /var/log/havp |
chown -R havp /var/tmp/havp /var/log/havp /var/run/havp |
# configuration d'HAVP |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090 |
1069,19 → 1069,19 |
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default |
echo "# Whitelist youtube flow" >> /etc/havp/whitelist |
echo "*.youtube.com/*" >> /etc/havp/whitelist |
# remplacement du fichier d'initialisation |
# replacement of init script |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default |
# if keep old init file : |
cp -f $DIR_CONF/havp-init /etc/init.d/havp |
# replace the on remplace la page d'interception (template) |
# replace of the intercept page (template) |
cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html |
cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html |
# update virus database every 2 hours (24h/12) |
# update virus database every 4 hours (24h/6) |
[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default |
$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf |
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf |
$SED "/^DatabaseMirror/i DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf |
$SED "/^DatabaseMirror/i DatabaseMirror switch.clamav.net" /etc/freshclam.conf |
$SED "/^DatabaseMirror db.fr.clamav.net/i DatabaseMirror switch.clamav.net" /etc/freshclam.conf |
$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf |
# Copy of the main virus database |
rm -f /var/lib/clamav/*.cld # in case of old database scheme |
cp -f $DIR_CONF/clamav-main.cvd /var/lib/clamav/main.cvd |
1095,9 → 1095,11 |
param_ulogd () |
{ |
# Three instances of ulogd (three different logfiles) |
cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-ssh.service /lib/systemd/system/ulogd-ext-access.service |
mv /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-traceability.service |
[ -d /var/log/firewall ] || mkdir -p /var/log/firewall |
nl=1 |
for log_type in tracability ssh ext-access |
for log_type in traceability ssh ext-access |
do |
[ -e /var/log/firewall/$log_type.log ] || touch /var/log/firewall/$log_type.log |
cp -f /etc/ulogd.conf /etc/ulogd-$log_type.conf |
1108,13 → 1110,12 |
file="/var/log/firewall/$log_type.log" |
sync=1 |
EOF |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -C /etc/ulogd-$log_type.conf?g" /lib/systemd/system/ulogd-$log_type.service |
nl=`expr $nl + 1` |
done |
chown -R root:apache /var/log/firewall |
chmod 750 /var/log/firewall |
chmod 640 /var/log/firewall/* |
[ -e /etc/init.d/ulogd.default ] || cp /etc/init.d/ulogd /etc/init.d/ulogd.default |
cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd |
} # End of param_ulogd () |
1265,7 → 1266,7 |
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service /lib/systemd/system/dnsmasq-whitelist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service |
# Start after chilli which create tun0 |
# TODO Start after chilli which create tun0 |
# $SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq |
} # End dnsmasq |
1447,9 → 1448,9 |
echo "QOS=off" >> $CONF_FILE |
echo "LDAP=off" >> $CONF_FILE |
echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE |
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE |
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE |
echo "DNS_FILTERING=off" >> $CONF_FILE |
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE # TODO to remove |
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE # TODO to remove |
echo "DNS_FILTERING=off" >> $CONF_FILE # TODO to remove |
echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE |
echo "MULTIWAN=off" >> $CONF_FILE |
echo "FAILOVER=30" >> $CONF_FILE |
1500,7 → 1501,7 |
WantedBy=multi-user.target |
EOF |
# processes launched at boot time (SYSV) |
for i in chilli netfs havp |
for i in chilli havp |
do |
/sbin/chkconfig --add $i |
done |
/conf/ulogd-init |
---|
File deleted |
Property changes: |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Date Author |
\ No newline at end of property |
/conf/logrotate.d/ulogd |
---|
1,4 → 1,4 |
/var/log/firewall/tracability.log { |
/var/log/firewall/traceability.log { |
missingok |
rotate 52 |
weekly |
5,7 → 5,7 |
dateext |
sharedscripts |
postrotate |
/etc/init.d/ulogd restart |
systemctl restart ulogd-traceability |
endscript |
} |
/var/log/firewall/ssh.log { |
15,7 → 15,7 |
dateext |
sharedscripts |
postrotate |
/etc/init.d/ulogd restart |
systemctl restart ulogd-ssh |
endscript |
} |
/var/log/firewall/ext-access.log { |
25,6 → 25,6 |
dateext |
sharedscripts |
postrotate |
/etc/init.d/ulogd restart |
systemctl restart ulogd-ext-access |
endscript |
} |
/scripts/alcasar-archive.sh |
---|
58,9 → 58,9 |
function archive() { |
mkdir -p $DIR_ARCHIVE |
mkdir -p $DIR_TMP |
nb_files=`ls $DIR_LOG/firewall/tracability.log*.gz 2>/dev/null | wc -w` |
nb_files=`ls $DIR_LOG/firewall/traceability.log*.gz 2>/dev/null | wc -w` |
if [ $nb_files -ne 0 ]; then |
mv $(echo $(ls -rt $DIR_LOG/firewall/tracability.log*.gz | tail -n 1 -)) $DIR_TMP/tracability-HTTP-$NOW.gz |
mv $(echo $(ls -rt $DIR_LOG/firewall/traceability.log*.gz | tail -n 1 -)) $DIR_TMP/traceability-HTTP-$NOW.gz |
fi |
nb_files=`ls $DIR_BASE/radius-*.sql 2>/dev/null | wc -w` |
if [ $nb_files -ne 0 ]; then |
69,7 → 69,7 |
cd /var/log/nfsen/profiles-data/live/ipt_netflow |
nb_files=`find . -mtime -7 -name 'nfcapd.[0-9]*' | wc -l` |
if [ $nb_files -ne 0 ]; then |
find . -mtime -7 -name 'nfcapd.[0-9]*' | xargs tar -cf $DIR_TMP/tracability-ALL-$NOW.tar; |
find . -mtime -7 -name 'nfcapd.[0-9]*' | xargs tar -cf $DIR_TMP/traceability-ALL-$NOW.tar; |
fi |
cd /tmp/ |
nb_files=`ls archive-$NOW/* 2>/dev/null | wc -w` |
118,11 → 118,11 |
mkdir -p /tmp/live |
gap=$(($(date +%d)-1)) |
cd /var/log/nfsen/profiles-data/live/ipt_netflow |
find . -mtime -$gap -name 'nfcapd.[0-9]*' | xargs tar -cf /tmp/live/tracability-ALL-$NOW.tar; |
find . -mtime -$gap -name 'nfcapd.[0-9]*' | xargs tar -cf /tmp/live/traceability-ALL-$NOW.tar; |
/usr/local/sbin/alcasar-mysql.sh --dump |
mv $(echo $(ls -rt $DIR_BASE/radius-*.sql | tail -n 1 -)) /tmp/live/ |
cp /var/log/firewall/tracability.log /tmp/live/tracability-HTTP-$NOW.log |
tar -czf $DIR_ARCHIVE/tracability-$NOW.tar.gz /tmp/live/* |
cp /var/log/firewall/traceability.log /tmp/live/traceability-HTTP-$NOW.log |
tar -czf $DIR_ARCHIVE/traceability-$NOW.tar.gz /tmp/live/* |
rm -rf /tmp/live |
;; |
*) |
/scripts/alcasar-netflow.sh |
---|
6,6 → 6,6 |
EXPIRE_DELAY=7 |
cd $DIR_LOG |
find . -mtime 0 -mtime -$EXPIRE_DELAY -name 'nfcapd.[0-9]*' | xargs tar -czf $DIR_SAVE/tracability.log-$NOW.tar.gz; |
find . -mtime 0 -mtime -$EXPIRE_DELAY -name 'nfcapd.[0-9]*' | xargs tar -czf $DIR_SAVE/traceability.log-$NOW.tar.gz; |
exit 0 |
/scripts/alcasar-urpmi.sh |
---|
12,7 → 12,7 |
VERSION="4" |
ARCH="i586" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mbstring php-sockets rng-utils dnsmasq rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd man dkms-ipt_NETFLOW" |
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mbstring php-sockets rng-utils dnsmasq rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd man dkms-ipt_NETFLOW pm-fallback-policy ipset cronie-anacron" |
rpm_repository_sync () |
{ |
/scripts/sbin/alcasar-uninstall.sh |
---|
63,7 → 63,7 |
sleep 1 |
#param_radius |
echo -en "\n- param_radius(8) : " |
echo -en "\n- param_radius(9) : " |
[ -e /etc/raddb/radiusd-db-vierge.sql ] && rm -f /etc/raddb/radiusd-db-vierge.sql && echo -n "1, " |
[ -e /etc/raddb/radiusd.conf.default ] && mv /etc/raddb/radiusd.conf.default /etc/raddb/radiusd.conf && echo -n "2, " |
[ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar && echo -n "3, " |
71,7 → 71,8 |
[ -e /etc/raddb/clients.conf.default ] && mv /etc/raddb/clients.conf.default /etc/raddb/clients.conf && echo -n "5, " |
[ -e /etc/raddb/sql.conf.default ] && mv /etc/raddb/sql.conf.default /etc/raddb/sql.conf && echo -n "6, " |
[ -e /etc/raddb/sql/mysql/dialup.conf.default ] && mv /etc/raddb/sql/mysql/dialup.conf.default /etc/raddb/sql/mysql/dialup.conf && echo -n "7, " |
[ -e /etc/raddb/sql/mysql/counter.conf.default ] && mv /etc/raddb/sql/mysql/counter.conf.default /etc/raddb/sql/mysql/counter.conf && echo -n "8" |
[ -e /etc/raddb/sql/mysql/counter.conf.default ] && mv /etc/raddb/sql/mysql/counter.conf.default /etc/raddb/sql/mysql/counter.conf && echo -n "8, " |
[ -e /lib/systemd/system/radiusd.service.default ] && mv /lib/systemd/system/radiusd.service.default /lib/systemd/system/radiusd.service && echo -n "9" |
sleep 1 |
#param_web_radius |
99,17 → 100,6 |
fi |
sleep 1 |
#param_squid |
echo -en "\n- param_squid(2) : " |
if [ -e /etc/squid/squid.conf ] |
then |
[ -e /etc/squid/squid.conf.default ] && mv /etc/squid/squid.conf.default /etc/squid/squid.conf && echo -n "1, " |
[ `ls /var/spool/squid/|wc -l` -ne "0" ] && rm -rf /var/spool/squid/* && echo -n "2" |
else |
echo -n "uninstalled" |
fi |
sleep 1 |
#param_dansguardian |
echo -en "\n- param_dansguardian(8) : " |
[ -d /var/dansguardian ] && rm -rf /var/dansguardian && echo -n "1, " |
137,21 → 127,17 |
#param_ulogd |
echo -en "\n- ulogd(2) : " |
if [ -e /etc/init.d/ulogd.default ] |
if [ -e /lib/systemd/system/ulogd-traceability.conf ] |
then |
mv -f /etc/init.d/ulogd.default /etc/init.d/ulogd && echo -n "1, " |
rm -f /etc/ulogd-* && echo -n "2" |
rm -f /etc/ulogd-* && echo -n "1, " |
rm -f /lib/systemd/system/ulogd-* && echo -n "2" |
else echo -n "nothing to do" |
fi |
fi |
sleep 1 |
#awstats |
echo -en "\n- awstats(1) : " |
if [ -e /etc/awstats/awstats.conf.default ] |
then |
mv /etc/awstats/awstats.conf.default /etc/awstats/awstats.conf && echo -n "1" |
else echo -n "uninstalled" |
fi |
#nfsen |
echo -en "\n nfsen(0) :" |
echo "todo!!!" |
sleep 1 |
#DnsMasq |
168,6 → 154,7 |
fi |
sleep 1 |
#dhcpd |
echo -en "\n- dhcp-server(1) : " |
if [ -e /etc/init.d/dhcpd ] |
/web/acc/backup/sauvegarde.php |
---|
14,7 → 14,7 |
if ($Language == 'fr'){ |
$l_backups = "Sauvegarde"; |
$l_create_user_db_backup = "Sauvegarder la base active des usagers"; |
$l_tracability_backup = "Créer le fichier actif des traces"; |
$l_traceability_backup = "Créer le fichier actif des traces"; |
$l_create_system_backup = "Créer un fichier de configuration"; |
$l_execute = "Exécuter"; |
$l_backup_files = "Fichiers disponibles pour archivage"; |
26,7 → 26,7 |
else { |
$l_backups = "Backups"; |
$l_create_user_db_backup = "Save the active users database"; |
$l_tracability_backup = "Create the active traceability file"; |
$l_traceability_backup = "Create the active traceability file"; |
$l_create_system_backup = "Create the configuration file"; |
$l_execute = "Execute"; |
$l_backup_files = "Archive backup files"; |
56,7 → 56,7 |
<tr><td valign="middle" align="left"> |
<FORM action="sauvegarde.php" method=POST><b> |
<select name='choix'></b> |
<option value="tracability_backup"><?echo "$l_tracability_backup";?> |
<option value="traceability_backup"><?echo "$l_traceability_backup";?> |
<option value="user_DB_backup"><?echo "$l_create_user_db_backup";?> |
<option value="system_backup"><?echo "$l_create_system_backup";?> |
</select> |
80,7 → 80,7 |
case 'user_DB_backup' : |
exec ("sudo /usr/local/sbin/alcasar-mysql.sh --dump"); |
break; |
case 'tracability_backup' : |
case 'traceability_backup' : |
exec ("sudo /usr/local/bin/alcasar-archive.sh --live"); |
break; |
case 'system_backup' : |
/web/language/alcasar-fr.txt |
---|
389,7 → 389,7 |
$l_backups = "Sauvegarde"; |
$l_create_user_db_backup = "Sauvegarder la base active des usagers"; |
$l_tracability_backup = "Sauvegarder le fichier actif de traces"; |
$l_traceability_backup = "Sauvegarder le fichier actif de traces"; |
$l_create_system_backup = "Créer une archive système"; |
$l_execute = "Exécuter"; |
$l_backup_files = "Fichiers disponibles pour archivage"; |