Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1404 → Rev 1410

/alcasar.sh
753,6 → 753,42
EOF
# Launch after coova
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/httpd.service
# Error page management
FIC_ERROR_DOC=`find /etc/httpd/conf -type f -name multilang-errordoc.conf`
[ -e $FIC_ERROR_DOC ] || cp $FIC_ERROR_DOC $FIC_ERROR_DOC.default
 
cat <<EOF > $FIC_ERROR_DOC
Alias /error/ "/var/www/html/"
 
<Directory "/usr/share/httpd/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Require all granted
LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
ForceLanguagePriority Prefer Fallback
</Directory>
 
ErrorDocument 400 /error/error.php?error=400
ErrorDocument 401 /error/error.php?error=401
ErrorDocument 403 /error/error.php?error=403
ErrorDocument 404 /error/error.php?error=404
ErrorDocument 405 /error/error.php?error=405
ErrorDocument 408 /error/error.php?error=408
ErrorDocument 410 /error/error.php?error=410
ErrorDocument 411 /error/error.php?error=411
ErrorDocument 412 /error/error.php?error=412
ErrorDocument 413 /error/error.php?error=413
ErrorDocument 414 /error/error.php?error=414
ErrorDocument 415 /error/error.php?error=415
ErrorDocument 500 /error/error.php?error=500
ErrorDocument 501 /error/error.php?error=501
ErrorDocument 502 /error/error.php?error=502
ErrorDocument 503 /error/error.php?error=503
ErrorDocument 506 /error/error.php?error=506
EOF
 
} # End of ACC ()
 
##########################################################################################
765,9 → 801,32
$DIR_DEST_BIN/alcasar-CA.sh
FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf`
[ -e /etc/httpd/conf/vhosts-ssl.default ] || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL
$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?" $FIC_VIRTUAL_SSL
#$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
#$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL
#$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?" $FIC_VIRTUAL_SSL
cat <<EOF > $FIC_VIRTUAL_SSL
# default SSL virtual host, used for all HTTPS requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
 
<VirtualHost _default_:443>
# general configuration
ServerAdmin root@localhost
ServerName localhost
 
# SSL configuration
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/alcasar.crt
SSLCertificateKeyFile /etc/pki/tls/private/alcasar.key
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
CustomLog logs/ssl_request_log \
"%t %{SSL_PROTOCOL}x %{SSL_CIPHER}x [%h] \"%r\" %b"
ErrorLog logs/ssl_error_log
ErrorLogFormat "[%t] [%m:%l] [client %a] %M"
</VirtualHost>
EOF
 
chown -R root:apache /etc/pki
chmod -R 750 /etc/pki
} # End of CA ()
1321,7 → 1380,7
systemctl start nfsen
/bin/nfsen -m live -e 62d 2>/dev/null
# add SURFmap plugin
tar xzf $DIR_CONF/nfsen/SURFmap_v3.3b1.tar.gz -C /tmp/
tar xzf $DIR_CONF/nfsen/SURFmap_v3.3.tar.gz -C /tmp/
cd /tmp/SURFmap
/usr/bin/sh install.sh
# clear the installation
/conf/fail2ban.sh
38,6 → 38,13
# Values: FILE Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock
 
# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
# fail2ban server.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid
#
pidfile = /var/run/fail2ban/fail2ban.pid
EOF
 
#########################################################
86,12 → 93,22
# auto: will choose Gamin if available and polling otherwise.
backend = auto
 
# "usedns" specifies if jails should trust hostnames in logs,
# warn when DNS lookups are performed, or ignore all hostnames in logs
#
# yes: if a hostname is encountered, a DNS lookup will be performed.
# warn: if a hostname is encountered, a DNS lookup will be performed,
# but it will be logged as a warning.
# no: if a hostname is encountered, will not be used for banning,
# but it will be logged as info.
usedns = warn
 
# Bannissement sur tous les ports après 2 refus d'Apache (tentative d'accès sur des pages inexistentes)
[alcasar_mod-evasive]
 
enabled = true
#enabled = false
filter = mod-evasive
#enabled = true
enabled = false
filter = alcasar_mod-evasive
action = iptables-allports[name=alcasar_mod-evasive]
logpath = /var/log/httpd/error_log
maxretry = 2
111,9 → 128,9
 
enabled = true
#enabled = false
filter = htdigest
filter = alcasar_htdigest
action = iptables-allports[name=alcasar_htdigest]
logpath = /var/log/httpd/ssl_error_log
logpath = /var/log/httpd/ssl_request_log
maxretry = 5
 
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager
121,7 → 138,7
 
enabled = true
#enabled = false
filter = intercept
filter = alcasar_intercept
action = iptables-allports[name=alcasar_intercept]
logpath = /var/log/httpd/ssl_request_log
maxretry = 5
128,14 → 145,15
 
# Bannissement sur tout les port après 5 échecs de changement de mot de passe
# 5 POST pour changer le mot de passe que le POST soit ok ou non.
[alcasar_change-password]
[alcasar_change-pwd]
 
enabled = true
#enabled = false
filter = mot_de_passe
action = iptables-allports[name=alcasar_change-password]
filter = alcasar_change-pwd
action = iptables-allports[name=alcasar_change-pwd]
logpath = /var/log/httpd/ssl_request_log
maxretry = 5
 
EOF
 
##################################################
191,8 → 209,11
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = [[]error[]] [[]client <HOST>[]] Digest:
#failregex = [[]error[]] [[]client <HOST>[]] Digest:
failregex = [[]<HOST>[]] "GET /acc HTTP/1.1" 972
 
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]]
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
218,7 → 239,8
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]GET \/intercept\.php\?res=failed[&]reason=reject
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]GET \/intercept\.php\?res=failed[&]reason=reject
failregex = [[]<HOST>[]] ["]GET \/intercept\.php\?res=failed[&]reason=reject
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
230,7 → 252,7
#######################
## MOT_DE_PASSE.CONF ##
#######################
cat << EOF > $DIR_FILTER/alcasar_change-password.conf
cat << EOF > $DIR_FILTER/alcasar_change-pwd.conf
 
# Fail2Ban configuration file
#
246,8 → 268,10
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]POST \/pass\/index\.php HTTP
#failregex = <HOST> TLSv1 DHE-RSA-AES256-SHA ["]POST \/pass\/index\.php HTTP
failregex = [[]<HOST>[]] ["]POST /pass/index.php HTTP/1.1" 11169
 
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
/web/acc/manager/htdocs/security.php
12,42 → 12,78
<link rel="stylesheet" href="/css/style.css" type="text/css">
</HEAD>
<body>
<TABLE width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo "$l_spoofing";?></th></tr>
 
 
 
<?php
$table = 1;
if(isset($_GET['table'])){
$table = $_GET['table'];
}
?>
 
 
<?php
 
echo'
<br />
<table width="100%" style="text-align: center;">
<tr>
<td width="33%"><a href="./security.php?table=1">'.$l_spoofing.'</a></td>
<td width="33%"><a href="./security.php?table=2">'.$l_virus.'</a></td>
<td width="33%"><a href="./security.php?table=3">'.$l_fail2ban.'</a></td>
</tr>
</table>
<br />';
 
 
?>
 
 
<?php
 
if ( $table == 1){
 
echo ' <TABLE width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th>';
echo "$l_spoofing";
echo '</th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1"
height="2"></td></tr>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=1>
<tr bgcolor="#666666"><td>
<DIV style="width:100%;height:100%;overflow-x:hidden;overflow-y:scroll;">
<TABLE width="100%" border=0 cellspacing=0 cellpadding=2>
<tr><td valign="middle" align="left">';
 
$fichier='/var/Save/logs/security/watchdog.log';
$pointeur=fopen($fichier,"r");
if ($pointeur){
while (!feof($pointeur)){
$ligne=fgets($pointeur);
echo "$ligne</br>";
}
}
fclose($pointeur);
echo ' </td></tr>
</TABLE>
</DIV>
</TABLE>
</TABLE>';
 
 
} elseif ($table == 2){
echo '<TABLE width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th>';
echo "$l_virus";
echo '</th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1"
height="2"></td></tr>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=1>
<tr bgcolor="#666666"><td>
<DIV style="width:100%;height:150px;overflow-x:hidden;overflow-y:scroll;">
<DIV style="width:100%;height:100%;overflow-x:hidden;overflow-y:scroll;">
<TABLE width="100%" border=0 cellspacing=0 cellpadding=2>
<tr><td valign="middle" align="left">
<?php
$fichier='/var/Save/logs/security/watchdog.log';
$pointeur=fopen($fichier,"r");
if ($pointeur){
while (!feof($pointeur)){
$ligne=fgets($pointeur);
echo "$ligne</br>";
}
}
fclose($pointeur);
?>
</td></tr>
</TABLE>
</DIV>
</TABLE>
</TABLE>
</br>
<TABLE width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo "$l_virus";?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1"
height="2"></td></tr>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=1>
<tr bgcolor="#666666"><td>
<DIV style="width:100%;height:150px;overflow-x:hidden;overflow-y:scroll;">
<TABLE width="100%" border=0 cellspacing=0 cellpadding=2>
<tr><td valign="middle" align="left">
<?php
<tr><td valign="middle" align="left">';
$fichier='/var/log/havp/access.log';
$pointeur=fopen($fichier,"r");
if ($pointeur){
57,23 → 93,24
}
}
fclose($pointeur);
?>
</td></tr>
echo ' </td></tr>
</TABLE>
</DIV>
</TABLE>
</TABLE>
</br>
<TABLE width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo "$l_fail2ban";?></th></tr>
</TABLE>';
} elseif ($table == 3){
echo '<TABLE width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th>';
echo "$l_fail2ban";
echo '</th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1"
height="2"></td></tr>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=1>
<tr bgcolor="#666666"><td>
<DIV style="width:100%;height:150px;overflow-x:hidden;overflow-y:scroll;">
<DIV style="width:100%;height:100%;overflow-x:hidden;overflow-y:scroll;">
<TABLE width="100%" border=0 cellspacing=0 cellpadding=2>
<tr><td valign="middle" align="left">
<?php
<tr><td valign="middle" align="left">';
 
$fichier='/var/log/fail2ban.log';
$unban="/Unban/";
$ban="/Ban/";
82,19 → 119,23
while (!feof($pointeur)){
$ligne=fgets($pointeur);
if(preg_match($ban,$ligne,$r)){
echo "$ligne</br>";
echo "<font color='red'>$ligne</font></br>";
}
if(preg_match($unban,$ligne,$r)){
echo " ---> $ligne</br>";
echo "<font color='orange'>$ligne</font></br>";
}
}
fclose($pointeur);
}
?>
</td></tr>
}
echo ' </td></tr>
</TABLE>
</DIV>
</TABLE>
</TABLE>
</TABLE>';
} else {
echo 'Do not exist';
}
 
?>
</body>
</HTML>
/web/css/style_intercept.css
39,7 → 39,7
background-color: #666666;
}
 
INPUT, #contenu_acces, #logon, #auth_reussi {
INPUT, #contenu_acces, #contenu_error, #logon, #auth_reussi {
background-color: #ffffff;
}
 
239,6 → 239,27
-webkit-box-shadow: 1px 1px 10px #000;
box-shadow: 1px 1px 10px #000;
}
 
#contenu_error {
position: relative;
width: 640px;
height: auto;
top: -20px;
padding-top: 40px;
padding-bottom: 40px;
padding-left: 40px;
padding-right: 40px;
margin-left: auto;
margin-right: auto;
z-index: 1;
 
/* ombrage CSS3 */
 
-moz-box-shadow: 1px 1px 10px #000;
-webkit-box-shadow: 1px 1px 10px #000;
box-shadow: 1px 1px 10px #000;
}
 
#logo_acces IMG, #box_refuse IMG {
width: 95px;
height: 95px;
273,6 → 294,11
bottom: -150px;
font-family: "courier new";
}
#contenu_error SPAN {
position: relative;
bottom: -150px;
font-family: "courier new";
}
#box_refuse {
font-size: 16px;
margin-left: 130px;
296,7 → 322,7
height: 70px;
top: -25px;
}
.box_menu, #logon , #contenu_acces, #acces_controle, #cadre_titre, #box_info{
.box_menu, #logon , #contenu_acces, #contenu_error, #acces_controle, #cadre_titre, #box_info{
/* Arrondi CSS3 Firefox*/
-moz-border-radius: 10px;
/* Arrondi CSS3 Autres Nav*/
430,4 → 456,4
margin-right : 10px;
display: block;
float: left;
}
}