Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1357 → Rev 1358

/alcasar.sh
776,9 → 776,10
[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default
cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf
chown -R radius:radius /etc/raddb/sql/mysql/*
# insures that mysql is up before radius start
[ -e $SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
 
# make certain that mysql is up before radius start
[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
systemctl daemon-reload
} # End param_radius ()
 
##########################################################################
1043,7 → 1044,7
##################################################################
antivirus ()
{
# création de l'usager 'havp'
# create 'havp' user
havp_exist=`grep havp /etc/passwd|wc -l`
if [ "$havp_exist" == "1" ]
then
1054,7 → 1055,6
useradd -r -g havp -s /bin/false -c "system user for havp" havp
mkdir -p /var/tmp/havp /var/log/havp
chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
# configuration d'HAVP
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090
1069,19 → 1069,19
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
echo "# Whitelist youtube flow" >> /etc/havp/whitelist
echo "*.youtube.com/*" >> /etc/havp/whitelist
# remplacement du fichier d'initialisation
# replacement of init script
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
# if keep old init file :
cp -f $DIR_CONF/havp-init /etc/init.d/havp
# replace the on remplace la page d'interception (template)
# replace of the intercept page (template)
cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
# update virus database every 2 hours (24h/12)
# update virus database every 4 hours (24h/6)
[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
$SED "/^DatabaseMirror/i DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
$SED "/^DatabaseMirror/i DatabaseMirror switch.clamav.net" /etc/freshclam.conf
$SED "/^DatabaseMirror db.fr.clamav.net/i DatabaseMirror switch.clamav.net" /etc/freshclam.conf
$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
# Copy of the main virus database
rm -f /var/lib/clamav/*.cld # in case of old database scheme
cp -f $DIR_CONF/clamav-main.cvd /var/lib/clamav/main.cvd
1095,9 → 1095,11
param_ulogd ()
{
# Three instances of ulogd (three different logfiles)
cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-ssh.service /lib/systemd/system/ulogd-ext-access.service
mv /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-traceability.service
[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
nl=1
for log_type in tracability ssh ext-access
for log_type in traceability ssh ext-access
do
[ -e /var/log/firewall/$log_type.log ] || touch /var/log/firewall/$log_type.log
cp -f /etc/ulogd.conf /etc/ulogd-$log_type.conf
1108,13 → 1110,12
file="/var/log/firewall/$log_type.log"
sync=1
EOF
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -C /etc/ulogd-$log_type.conf?g" /lib/systemd/system/ulogd-$log_type.service
nl=`expr $nl + 1`
done
chown -R root:apache /var/log/firewall
chmod 750 /var/log/firewall
chmod 640 /var/log/firewall/*
[ -e /etc/init.d/ulogd.default ] || cp /etc/init.d/ulogd /etc/init.d/ulogd.default
cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd
} # End of param_ulogd ()
 
 
1265,7 → 1266,7
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service /lib/systemd/system/dnsmasq-whitelist.service
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
# Start after chilli which create tun0
# TODO Start after chilli which create tun0
# $SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq
} # End dnsmasq
 
1447,9 → 1448,9
echo "QOS=off" >> $CONF_FILE
echo "LDAP=off" >> $CONF_FILE
echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
echo "DNS_FILTERING=off" >> $CONF_FILE
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE # TODO to remove
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE # TODO to remove
echo "DNS_FILTERING=off" >> $CONF_FILE # TODO to remove
echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE
echo "MULTIWAN=off" >> $CONF_FILE
echo "FAILOVER=30" >> $CONF_FILE
1500,7 → 1501,7
WantedBy=multi-user.target
EOF
# processes launched at boot time (SYSV)
for i in chilli netfs havp
for i in chilli havp
do
/sbin/chkconfig --add $i
done
/conf/ulogd-init
File deleted
Property changes:
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Date Author
\ No newline at end of property
/conf/logrotate.d/ulogd
1,4 → 1,4
/var/log/firewall/tracability.log {
/var/log/firewall/traceability.log {
missingok
rotate 52
weekly
5,7 → 5,7
dateext
sharedscripts
postrotate
/etc/init.d/ulogd restart
systemctl restart ulogd-traceability
endscript
}
/var/log/firewall/ssh.log {
15,7 → 15,7
dateext
sharedscripts
postrotate
/etc/init.d/ulogd restart
systemctl restart ulogd-ssh
endscript
}
/var/log/firewall/ext-access.log {
25,6 → 25,6
dateext
sharedscripts
postrotate
/etc/init.d/ulogd restart
systemctl restart ulogd-ext-access
endscript
}
/scripts/alcasar-archive.sh
58,9 → 58,9
function archive() {
mkdir -p $DIR_ARCHIVE
mkdir -p $DIR_TMP
nb_files=`ls $DIR_LOG/firewall/tracability.log*.gz 2>/dev/null | wc -w`
nb_files=`ls $DIR_LOG/firewall/traceability.log*.gz 2>/dev/null | wc -w`
if [ $nb_files -ne 0 ]; then
mv $(echo $(ls -rt $DIR_LOG/firewall/tracability.log*.gz | tail -n 1 -)) $DIR_TMP/tracability-HTTP-$NOW.gz
mv $(echo $(ls -rt $DIR_LOG/firewall/traceability.log*.gz | tail -n 1 -)) $DIR_TMP/traceability-HTTP-$NOW.gz
fi
nb_files=`ls $DIR_BASE/radius-*.sql 2>/dev/null | wc -w`
if [ $nb_files -ne 0 ]; then
69,7 → 69,7
cd /var/log/nfsen/profiles-data/live/ipt_netflow
nb_files=`find . -mtime -7 -name 'nfcapd.[0-9]*' | wc -l`
if [ $nb_files -ne 0 ]; then
find . -mtime -7 -name 'nfcapd.[0-9]*' | xargs tar -cf $DIR_TMP/tracability-ALL-$NOW.tar;
find . -mtime -7 -name 'nfcapd.[0-9]*' | xargs tar -cf $DIR_TMP/traceability-ALL-$NOW.tar;
fi
cd /tmp/
nb_files=`ls archive-$NOW/* 2>/dev/null | wc -w`
118,11 → 118,11
mkdir -p /tmp/live
gap=$(($(date +%d)-1))
cd /var/log/nfsen/profiles-data/live/ipt_netflow
find . -mtime -$gap -name 'nfcapd.[0-9]*' | xargs tar -cf /tmp/live/tracability-ALL-$NOW.tar;
find . -mtime -$gap -name 'nfcapd.[0-9]*' | xargs tar -cf /tmp/live/traceability-ALL-$NOW.tar;
/usr/local/sbin/alcasar-mysql.sh --dump
mv $(echo $(ls -rt $DIR_BASE/radius-*.sql | tail -n 1 -)) /tmp/live/
cp /var/log/firewall/tracability.log /tmp/live/tracability-HTTP-$NOW.log
tar -czf $DIR_ARCHIVE/tracability-$NOW.tar.gz /tmp/live/*
cp /var/log/firewall/traceability.log /tmp/live/traceability-HTTP-$NOW.log
tar -czf $DIR_ARCHIVE/traceability-$NOW.tar.gz /tmp/live/*
rm -rf /tmp/live
;;
*)
/scripts/alcasar-netflow.sh
6,6 → 6,6
EXPIRE_DELAY=7
 
cd $DIR_LOG
find . -mtime 0 -mtime -$EXPIRE_DELAY -name 'nfcapd.[0-9]*' | xargs tar -czf $DIR_SAVE/tracability.log-$NOW.tar.gz;
find . -mtime 0 -mtime -$EXPIRE_DELAY -name 'nfcapd.[0-9]*' | xargs tar -czf $DIR_SAVE/traceability.log-$NOW.tar.gz;
 
exit 0
/scripts/alcasar-urpmi.sh
12,7 → 12,7
VERSION="4"
ARCH="i586"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mbstring php-sockets rng-utils dnsmasq rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd man dkms-ipt_NETFLOW"
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mbstring php-sockets rng-utils dnsmasq rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd man dkms-ipt_NETFLOW pm-fallback-policy ipset cronie-anacron"
 
rpm_repository_sync ()
{
/scripts/sbin/alcasar-uninstall.sh
63,7 → 63,7
sleep 1
 
#param_radius
echo -en "\n- param_radius(8) : "
echo -en "\n- param_radius(9) : "
[ -e /etc/raddb/radiusd-db-vierge.sql ] && rm -f /etc/raddb/radiusd-db-vierge.sql && echo -n "1, "
[ -e /etc/raddb/radiusd.conf.default ] && mv /etc/raddb/radiusd.conf.default /etc/raddb/radiusd.conf && echo -n "2, "
[ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar && echo -n "3, "
71,7 → 71,8
[ -e /etc/raddb/clients.conf.default ] && mv /etc/raddb/clients.conf.default /etc/raddb/clients.conf && echo -n "5, "
[ -e /etc/raddb/sql.conf.default ] && mv /etc/raddb/sql.conf.default /etc/raddb/sql.conf && echo -n "6, "
[ -e /etc/raddb/sql/mysql/dialup.conf.default ] && mv /etc/raddb/sql/mysql/dialup.conf.default /etc/raddb/sql/mysql/dialup.conf && echo -n "7, "
[ -e /etc/raddb/sql/mysql/counter.conf.default ] && mv /etc/raddb/sql/mysql/counter.conf.default /etc/raddb/sql/mysql/counter.conf && echo -n "8"
[ -e /etc/raddb/sql/mysql/counter.conf.default ] && mv /etc/raddb/sql/mysql/counter.conf.default /etc/raddb/sql/mysql/counter.conf && echo -n "8, "
[ -e /lib/systemd/system/radiusd.service.default ] && mv /lib/systemd/system/radiusd.service.default /lib/systemd/system/radiusd.service && echo -n "9"
sleep 1
 
#param_web_radius
99,17 → 100,6
fi
sleep 1
 
#param_squid
echo -en "\n- param_squid(2) : "
if [ -e /etc/squid/squid.conf ]
then
[ -e /etc/squid/squid.conf.default ] && mv /etc/squid/squid.conf.default /etc/squid/squid.conf && echo -n "1, "
[ `ls /var/spool/squid/|wc -l` -ne "0" ] && rm -rf /var/spool/squid/* && echo -n "2"
else
echo -n "uninstalled"
fi
sleep 1
 
#param_dansguardian
echo -en "\n- param_dansguardian(8) : "
[ -d /var/dansguardian ] && rm -rf /var/dansguardian && echo -n "1, "
137,21 → 127,17
 
#param_ulogd
echo -en "\n- ulogd(2) : "
if [ -e /etc/init.d/ulogd.default ]
if [ -e /lib/systemd/system/ulogd-traceability.conf ]
then
mv -f /etc/init.d/ulogd.default /etc/init.d/ulogd && echo -n "1, "
rm -f /etc/ulogd-* && echo -n "2"
rm -f /etc/ulogd-* && echo -n "1, "
rm -f /lib/systemd/system/ulogd-* && echo -n "2"
else echo -n "nothing to do"
fi
fi
sleep 1
 
#awstats
echo -en "\n- awstats(1) : "
if [ -e /etc/awstats/awstats.conf.default ]
then
mv /etc/awstats/awstats.conf.default /etc/awstats/awstats.conf && echo -n "1"
else echo -n "uninstalled"
fi
#nfsen
echo -en "\n nfsen(0) :"
echo "todo!!!"
sleep 1
 
#DnsMasq
168,6 → 154,7
fi
sleep 1
 
 
#dhcpd
echo -en "\n- dhcp-server(1) : "
if [ -e /etc/init.d/dhcpd ]
/web/acc/backup/sauvegarde.php
14,7 → 14,7
if ($Language == 'fr'){
$l_backups = "Sauvegarde";
$l_create_user_db_backup = "Sauvegarder la base active des usagers";
$l_tracability_backup = "Créer le fichier actif des traces";
$l_traceability_backup = "Créer le fichier actif des traces";
$l_create_system_backup = "Créer un fichier de configuration";
$l_execute = "Exécuter";
$l_backup_files = "Fichiers disponibles pour archivage";
26,7 → 26,7
else {
$l_backups = "Backups";
$l_create_user_db_backup = "Save the active users database";
$l_tracability_backup = "Create the active traceability file";
$l_traceability_backup = "Create the active traceability file";
$l_create_system_backup = "Create the configuration file";
$l_execute = "Execute";
$l_backup_files = "Archive backup files";
56,7 → 56,7
<tr><td valign="middle" align="left">
<FORM action="sauvegarde.php" method=POST><b>
<select name='choix'></b>
<option value="tracability_backup"><?echo "$l_tracability_backup";?>
<option value="traceability_backup"><?echo "$l_traceability_backup";?>
<option value="user_DB_backup"><?echo "$l_create_user_db_backup";?>
<option value="system_backup"><?echo "$l_create_system_backup";?>
</select>
80,7 → 80,7
case 'user_DB_backup' :
exec ("sudo /usr/local/sbin/alcasar-mysql.sh --dump");
break;
case 'tracability_backup' :
case 'traceability_backup' :
exec ("sudo /usr/local/bin/alcasar-archive.sh --live");
break;
case 'system_backup' :
/web/language/alcasar-fr.txt
389,7 → 389,7
 
$l_backups = "Sauvegarde";
$l_create_user_db_backup = "Sauvegarder la base active des usagers";
$l_tracability_backup = "Sauvegarder le fichier actif de traces";
$l_traceability_backup = "Sauvegarder le fichier actif de traces";
$l_create_system_backup = "Créer une archive système";
$l_execute = "Ex&eacute;cuter";
$l_backup_files = "Fichiers disponibles pour archivage";