/alcasar.sh |
---|
463,7 → 463,7 |
echo "DNS1=$DNS1" >> $CONF_FILE |
echo "DNS2=$DNS2" >> $CONF_FILE |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE |
echo "DHCP=full" >> $CONF_FILE |
echo "DHCP=on" >> $CONF_FILE |
echo "EXT_DHCP_IP=none" >> $CONF_FILE |
echo "RELAY_DHCP_IP=none" >> $CONF_FILE |
echo "RELAY_DHCP_PORT=none" >> $CONF_FILE |
1223,15 → 1223,15 |
groupadd -f havp |
useradd -r -g havp -s /bin/false -c "system user for havp" havp |
mkdir -p /var/tmp/havp /var/log/havp /var/run/havp |
mkdir -p /var/tmp/havp2 /var/log/havp2 |
chown -R havp /var/tmp/havp /var/log/havp /var/run/havp |
chown -R havp /var/tmp/havp2 /var/log/havp2 |
mkdir -p /var/tmp/havp2 /var/log/havp2 /var/run/havp2 |
chown -R havp:havp /var/tmp/havp /var/log/havp /var/run/havp |
chown -R havp:havp /var/tmp/havp2 /var/log/havp2 /var/run/havp2 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config |
$SED "s?^# PIDFILE.*?PIDFILE /var/run/havp/havp.pid?g" /etc/havp/havp.config # pidfile |
$SED "s?^# TRANSPARENT.*?TRANSPARENT false?g" /etc/havp/havp.config # transparent mode |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090 |
$SED "s?^# PIDFILE.*?PIDFILE /var/run/havp/havp.pid?g" /etc/havp/havp.config # pidfile |
$SED "s?^# TRANSPARENT.*?TRANSPARENT false?g" /etc/havp/havp.config # transparent mode |
$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090 (on loopback) |
$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config # Log format |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches |
1241,8 → 1241,8 |
cp /etc/havp/havp.config /etc/havp/havp2.config |
$SED "s?^PIDFILE.*?PIDFILE /var/run/havp/havp2.pid?g" /etc/havp/havp2.config # pidfile |
$SED "s?^TRANSPARENT.*?TRANSPARENT true?g" /etc/havp/havp2.config # transparent mode |
$SED "s?^PORT.*?PORT 8091?g" /etc/havp/havp2.config # datas come on 8091 |
$SED "s?^BIND_ADDRESS.*?BIND_ADDRESS 192.168.182.1?g" /etc/havp/havp2.config # we listen only on tun0 |
$SED "s?^BIND_ADDRESS.*?BIND_ADDRESS $PRIVATE_IP?g" /etc/havp/havp2.config # we listen only on tun0 |
$SED "s?^PORT.*?PORT 8090?g" /etc/havp/havp2.config # datas come on 8091 |
# skip checking of youtube flow (too heavy load / risk too low) |
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default |
echo "# Whitelist youtube flow" >> /etc/havp/whitelist |
1253,11 → 1253,9 |
cp /etc/init.d/havp /etc/init.d/havp2 |
$SED "s?^# description.*?# description: starts HAVP2 the High Availability Antivirus Proxy?g" /etc/init.d/havp2 # description |
$SED "s?^HAVP_CONFIG.*?HAVP_CONFIG=/etc/havp/havp2.config?g" /etc/init.d/havp2 # config file |
$SED "s?^PIDFILE.*?PIDFILE=/var/run/havp/havp2.pid?g" /etc/init.d/havp2 # pidfile |
$SED "s?^PIDFILE.*?PIDFILE=/var/run/havp2/havp.pid?g" /etc/init.d/havp2 # pidfile |
$SED "s?^NAME.*?NAME=havp2?g" /etc/init.d/havp2 # name |
$SED "s?^DESC.*?DESC=havp2?g" /etc/init.d/havp2 # desc |
#$SED "s?if [ -f /etc/sysconfig/havp ] ; then.*?if [ -f /etc/sysconfig/havp2 ] ; then?g" /etc/init.d/havp2 # defaults |
#$SED "s?. /etc/sysconfig/havp.*?. /etc/sysconfig/havp2?g" /etc/init.d/havp2 # defaults |
$SED "s?^havp_mountpoint.*?havp_mountpoint=/var/tmp/havp2?g" /etc/init.d/havp2 # mountpoint |
$SED "s?echo \"Reloading HAVP ...\".*?echo \"Reloading HAVP2 ...\"?g" /etc/init.d/havp2 # reloading havp |
$SED "s?echo \"Error: HAVP not running\".*?echo \"Error : HAVP2 not running\"?g" /etc/init.d/havp2 # error havp |
/scripts/alcasar-iptables.sh |
---|
87,16 → 87,19 |
$IPTABLES -t nat -P POSTROUTING ACCEPT |
$IPTABLES -t nat -P OUTPUT ACCEPT |
############################# |
# IPSET # |
############################# |
# destruction de tous les SET |
# destroy all SET |
ipset destroy |
# Calcul de la taille du set de la blacklist |
# Compute the blacklist set length |
###### BL set ########### |
# Calcul de la taille / Compute the length |
bl_set_length=$(($(wc -l $BL_IP_CAT/* | awk '{print $1}' | tail -n 1)+$(wc -l $BL_IP_OSSI | awk '{print $1}'))) |
# Création du fichier set temporaire, remplissage, chargement et suppression |
# Creating the temporary set file, filling, loading and deleting |
# Chargement / loading |
echo "create blacklist_ip_blocked hash:net family inet hashsize 1024 maxelem $bl_set_length" > $TMP_set_save |
for category in `ls -1 $BL_IP_CAT | cut -d '@' -f1` |
do |
105,20 → 108,16 |
cat $BL_IP_OSSI >> $TMP_set_save |
ipset -! restore < $TMP_set_save |
rm -f $TMP_set_save |
# Extraction des ip réhabilitées |
# Extracting rehabilitated ip |
# Suppression des ip réhabilitées / Removing of rehabilitated ip |
for ip in $(cat $IP_REHABILITEES) |
do |
ipset del blacklist_ip_blocked $ip |
done |
# Calcul de la taille du set de la whitelist |
# Compute the whitelist set length |
###### WL set ########### |
# Calcul de la taille / Compute the length |
wl_set_length=$(($(wc -l $DNSMASQ_WL_ENABLED/* | awk '{print $1}' | tail -n 1)*3)) |
# Création du fichier set temporaire, remplissage, chargement et suppression |
# Creating the temporary set file, filling, loading and deleting |
# Chargement Loading |
echo "create whitelist_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save |
cat $WL_IP_OSSI >> $TMP_set_save |
ipset -! restore < $TMP_set_save |
149,24 → 148,23 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -p tcp -d $PRIVATE_IP -m tcp --dport 8080 -j ULOG --ulog-prefix "RULE direct-proxy -- DENY " |
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -d $PRIVATE_IP -p tcp -m tcp --dport 8080 -j MARK --set-mark 1 |
# Marquage (et journalisation) des paquets qui tentent d'accéder directement au port udp 54 (DNS-blacklist) pour pouvoir les rejeter en INPUT |
# Mark (and log) the udp 54 direct attempts (DNS-blacklist) to REJECT them in INPUT rules |
# $IPTABLES -A PREROUTING -t nat -i $TUNIF -p udp -d $PRIVATE_IP -m udp --dport 54 -j ULOG --ulog-prefix "RULE DNS-proxy -- DENY " |
# Marquage des paquets qui tentent d'accéder directement au port udp 54 (DNS-blacklist) pour pouvoir les rejeter en INPUT |
# Mark the udp 54 direct attempts (DNS-blacklist) to REJECT them in INPUT rules |
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -d $PRIVATE_IP -p tcp --dport 54 -j MARK --set-mark 2 |
# Marquage (et journalisation) des paquets qui tentent d'accéder directement au port udp 55 (DNS-Whitelist) pour pouvoir les rejeter en INPUT |
# Mark (and log) the udp 55 direct attempts (DNS-whitelist) to REJECT them in INPUT rules |
# Marquage des paquets qui tentent d'accéder directement au port udp 55 (DNS-Whitelist) pour pouvoir les rejeter en INPUT |
# Mark the udp 55 direct attempts (DNS-whitelist) to REJECT them in INPUT rules |
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -d $PRIVATE_IP -p tcp --dport 55 -j MARK --set-mark 3 |
# Marquage (et journalisation) des paquets qui tentent d'accéder directement au port udp 56 (DNS-Blackhole) pour pouvoir les rejeter en INPUT |
# Mark (and log) the udp 55 direct attempts (DNS-whitelist) to REJECT them in INPUT rules |
# Marquage des paquets qui tentent d'accéder directement au port udp 56 (DNS-Blackhole) pour pouvoir les rejeter en INPUT |
# Mark the udp 56 direct attempts (DNS-blackhole) to REJECT them in INPUT rules |
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -d $PRIVATE_IP -p tcp --dport 56 -j MARK --set-mark 4 |
# Marquage (et journalisation) des paquets qui tentent d'accéder directement au port 8090 pour pouvoir les rejeter en INPUT |
# Marquage des paquets qui tentent d'accéder directement au port 8090 (HAVP) pour pouvoir les rejeter en INPUT |
# Mark (and log) the 8090 direct attempts to REJECT them in INPUT rules |
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -d $PRIVATE_IP -p tcp -m tcp --dport 8090 -j MARK --set-mark 5 |
# Marquage (et journalisation) des paquets qui tentent d'accéder directement au port 8091 pour pouvoir les rejeter en INPUT |
# Marquage des paquets qui tentent d'accéder directement au port 8091 pour pouvoir les rejeter en INPUT |
# Mark (and log) the 8091 direct attempts to REJECT them in INPUT rules |
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -d $PRIVATE_IP -p tcp -m tcp --dport 8091 -j MARK --set-mark 6 |
182,25 → 180,25 |
# Redirect outbound HTTP requests from blacklist IP to ALCASAR ('access denied' page) for the set havp_bl_set |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl_set src -m set --match-set blacklist_ip_blocked dst -p tcp --dport http -j REDIRECT --to-port 80 |
# Redirection des requêtes HTTP des IP qui ne sont pas dans la whitelist vers ALCASAR (page 'accès interdit') pour le set havp_wl_set |
# Redirect outbound HTTP requests from IP which are not in the whitelist to ALCASAR ('access denied' page) for the set havp_wl_set |
# Bloquage des requêtes HTTP vers les IP qui ne sont pas dans la WL. Redirection vers ALCASAR : page 'accès interdit' |
# Redirect outbound HTTP requests to IP which are not in the WL. Redirection to ALCASAR : 'access denied' paae |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_wl_set src -m set ! --match-set whitelist_ip_allowed dst -p tcp --dport http -j REDIRECT --to-port 80 |
# Journalisation des requètes HTTP vers Internet (seulement les paquets SYN) - Les autres protocoles sont journalisés en FORWARD par netflow |
## Log HTTP requests to Internet (only syn packets) - Other protocols are log in FORWARD by netflow |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -s $PRIVATE_NETWORK_MASK ! -d $PRIVATE_IP -p tcp --dport http -m state --state NEW -j ULOG --ulog-prefix "RULE F_http -- ACCEPT " |
# Journalisation des requètes HTTP sortante des usagers "BL" (seulement les paquets SYN) - Les autres protocoles sont journalisés en FORWARD par netflow |
# Log HTTP requests to Internet of "BL users" (only syn packets) - Other protocols are logged in FORWARD by netflow |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl_set src ! -d $PRIVATE_IP -p tcp --dport http -m state --state NEW -j ULOG --ulog-prefix "RULE F_http -- ACCEPT " |
# Redirection des requêtes HTTP sortantes des usagers "BL" vers DansGuardian (proxy transparent) |
# Redirect outbound HTTP requests of "BL" users to DansGuardian (transparent proxy) |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl_set src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080 |
# Redirection des requêtes HTTP sortantes vers HAVP (8091) pour le set havp_set |
# Redirect outbound HTTP requests to HAVP (8091) for the set havp_set |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_set src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8091 |
# Redirection des requêtes HTTP sortantes vers DansGuardian (proxy transparent) pour le set havp_bl_set |
# Redirect outbound HTTP requests to DansGuardian (transparent proxy) for the set havp_bl_set |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl_set src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080 |
# Redirection des requêtes HTTP sortantes vers HAVP pour le set havp_wl_set |
# Redirect outbound HTTP requests to HAVP for the set havp_wl_set |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_wl_set src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8091 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_wl_set src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8090 |
# Redirection des requêtes NTP vers le serveur NTP local |
# Redirect NTP request in local NTP server |
/scripts/sbin/alcasar-dhcp.sh |
---|
28,18 → 28,6 |
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1) |
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254) |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX |
tmp_mask=`echo $PRIVATE_NETWORK_MASK|cut -d"/" -f2`; half_mask=`expr $tmp_mask + 1` # masque du 1/2 réseau de consultation (ex.: 25) |
PRIVATE_STAT_IP=$PRIVATE_NETWORK/$half_mask # plage des adresses statiques (ex.: 192.168.182.0/25) |
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # dernier octet de l'@ de réseau |
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # dernier octet de l'@ de broadcast |
private_plage=`expr $private_broadcast_ending - $private_network_ending + 1` |
private_half_plage=`expr $private_plage / 2` |
private_dyn=`expr $private_half_plage + $private_network_ending` |
private_dyn_ip_network=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`"."$private_dyn"."`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup_sup-5` |
PRIVATE_DYN_IP=`echo $private_dyn_ip_network | cut -d"." -f1-4`/$half_mask # @ réseau (CIDR) de la plage des adresses dynamiques (ex.: 192.168.182.128/25) |
private_dyn_ip_ending=`echo $private_dyn_ip_network | cut -d"." -f4` |
PRIVATE_DYN_FIRST_IP=`echo $private_dyn_ip_network | cut -d"." -f1-3`"."`expr $private_dyn_ip_ending + 1` # 1ère adresse de la plage dynamique (ex.: 192.168.182.129) |
PRIVATE_DYN_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # dernière adresse de la plage dynamique (ex.: 192.168.182.254) |
EXT_DHCP_IP=`grep EXT_DHCP_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse du serveur DHCP externe |
RELAY_DHCP_IP=`grep RELAY_DHCP_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse de l'agent Relay : IP interne (défaut 192.168.182.1) dans le cas de DHCP dans le LAN de consultation |
RELAY_DHCP_IP=${RELAY_DHCP_IP:=$PRIVATE_IP} # IP externe (défaut x.y.z.t) dans le cas de DHCP du côté WAN |
46,7 → 34,7 |
RELAY_DHCP_PORT=`grep RELAY_DHCP_PORT $ALCASAR_CONF_FILE|cut -d"=" -f2` # Port de redirection vers le relay DHCP : 67 par défaut |
RELAY_DHCP_PORT=${RELAY_DHCP_PORT:=67} |
usage="Usage: alcasar-dhcp.sh {--full | -full} | {--off | -off} | {--half | -half}" |
usage="Usage: alcasar-dhcp.sh {--on | -on} | {--off | -off}" |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
77,10 → 65,10 |
fi |
/usr/bin/systemctl restart chilli |
;; |
--full|-full) # enable DHCP service on all range of IP addresses |
--on|-on) # enable DHCP service on all range of IP addresses |
$SED "s?^.*statip.*?#statip?g" $CHILLI_CONF_FILE |
$SED "s?^nodynip.*?#nodynip?g" $CHILLI_CONF_FILE |
$SED "s?^DHCP.*?DHCP=full?g" $ALCASAR_CONF_FILE |
$SED "s?^DHCP.*?DHCP=on?g" $ALCASAR_CONF_FILE |
$SED "s?^dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
$SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE |
92,21 → 80,6 |
$SED "s?^RELAY_DHCP_PORT.*?RELAY_DHCP_PORT=none?g" $ALCASAR_CONF_FILE |
/usr/bin/systemctl restart chilli |
;; |
--half|-half) # enable DHCP service on half (upper) range of IP addresses |
$SED "s?.*statip.*?statip\t\t$PRIVATE_STAT_IP?g" $CHILLI_CONF_FILE |
$SED "s?^nodynip.*?#nodynip?g" $CHILLI_CONF_FILE |
$SED "s?^DHCP.*?DHCP=half?g" $ALCASAR_CONF_FILE |
$SED "s?^dynip.*?dynip\t\t$PRIVATE_DYN_IP?g" $CHILLI_CONF_FILE |
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_DYN_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_DYN_FIRST_IP,$PRIVATE_DYN_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE |
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=none?g" $ALCASAR_CONF_FILE |
$SED "s?^RELAY_DHCP_IP.*?RELAY_DHCP_IP=none?g" $ALCASAR_CONF_FILE |
$SED "s?^RELAY_DHCP_PORT.*?RELAY_DHCP_PORT=none?g" $ALCASAR_CONF_FILE |
/usr/bin/systemctl restart chilli |
;; |
*) |
echo "Argument inconnu :$1"; |
echo "$usage" |
/web/acc/admin/network.php |
---|
33,13 → 33,9 |
$l_ip_dns2 = "DNS2"; |
$l_dhcp_title = "Service DHCP"; |
$l_dhcp_state = "Mode actuel"; |
$l_dhcp_mode = "Les différents modes sont les suivants :"; |
$l_DHCP_full = "DHCP complet"; |
$l_DHCP_half = "Demi DHCP "; |
$l_DHCP_off = "Sans DHCP"; |
$l_DHCP_full_explain = "Le serveur DHCP couvre la totalité des adresses du réseau. Des adresses statiques peuvent être réservées (cf. ci-dessous)."; |
$l_DHCP_half_explain = "La première moitié du réseau est réservé à l'adressage statique, l'autre moitié est en adressage dynamique (DHCP)."; |
$l_DHCP_off_explain = "Le serveur DHCP est arrêté."; |
$l_DHCP_on = "actif"; |
$l_DHCP_off = "inactif"; |
$l_DHCP_off_explain = "! Avant d'arréter le serveur DHCP, vous devez renseigner les paramêtres d'un serveur externe (cf. documentation)."; |
$l_static_dhcp_title = "Réservation d'adresses IP statiques"; |
$l_mac_address = "Adresse MAC"; |
$l_ip_address = "Adresse IP"; |
60,13 → 56,9 |
$l_ip_dns2 = "DNS2"; |
$l_dhcp_title = "DHCP service"; |
$l_dhcp_state = "Current mode"; |
$l_dhcp_mode = "The different modes are the following :"; |
$l_DHCP_full = "Full DHCP"; |
$l_DHCP_half = "Half DHCP "; |
$l_DHCP_off = "No DHCP"; |
$l_DHCP_full_explain = "The DHCP server manage all equipments in DHCP mode. Some static addresses can be reserved (see bellow)."; |
$l_DHCP_half_explain = "The first half of LAN's equipments are in static mode, the other are in dynamic mode (DHCP)."; |
$l_DHCP_off_explain = "The DHCP server is off."; |
$l_DHCP_on = "enabled"; |
$l_DHCP_off = "disabled"; |
$l_DHCP_off_explain = "! Before disabling the DHCP server, you must write the extern DHCP parameters in the config file (see Documentation)"; |
$l_static_dhcp_title = "Static IP addresses reservation"; |
$l_mac_address = "MAC Address"; |
$l_ip_address = "IP Address"; |
77,15 → 69,12 |
if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";} |
switch ($choix) |
{ |
case 'DHCP_Full' : |
exec ("sudo /usr/local/sbin/alcasar-dhcp.sh -full"); |
case 'DHCP_On' : |
exec ("sudo /usr/local/sbin/alcasar-dhcp.sh -on"); |
break; |
case 'DHCP_Off' : |
exec ("sudo /usr/local/sbin/alcasar-dhcp.sh -off"); |
break; |
case 'DHCP_Half' : |
exec ("sudo /usr/local/sbin/alcasar-dhcp.sh -half"); |
break; |
case 'new_mac' : |
if ((trim($_POST['add_mac']) != "") and (trim($_POST['add_ip']) != "")) |
{ |
251,7 → 240,7 |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<table width="100%" border=1 cellspacing=0 cellpadding=0> |
<tr><td valign="middle" align="left"> |
<tr><td colspan="2" valign="middle" align="left"> |
<? |
$dhcp_state=trim($conf["DHCP"]); |
echo "<CENTER><H3>$l_dhcp_state : ${"l_DHCP_".$dhcp_state}</H3></CENTER>"; |
258,16 → 247,13 |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<select name='choix'>"; |
echo "<option value=\"DHCP_Off\" ";if (!strcmp($dhcp_state,"off")) echo "selected";echo ">$l_DHCP_off"; |
echo "<option value=\"DHCP_Half\" ";if (!strcmp($dhcp_state,"half")) echo "selected";echo ">$l_DHCP_half"; |
echo "<option value=\"DHCP_Full\" ";if (!strcmp($dhcp_state,"full")) echo "selected";echo ">$l_DHCP_full"; |
echo "<option value=\"DHCP_On\" ";if (!strcmp($dhcp_state,"on")) echo "selected";echo ">$l_DHCP_on"; |
echo "</select>"; |
echo "<input type=submit value='$l_apply'>"; |
echo "<td valign='middle' align='left'><center><H3>$l_dhcp_mode</h3></center>"; |
echo "$l_DHCP_off : $l_DHCP_off_explain<br>$l_DHCP_half : $l_DHCP_half_explain<br>$l_DHCP_full : $l_DHCP_full_explain"; |
echo "</td>"; |
echo "<br>$l_DHCP_off_explain"; |
echo "</FORM>"; |
echo "</td></tr>"; |
if (strncmp($conf["DHCP"],"full",2) == 0) { require ('network2.php');} |
if (strncmp($conf["DHCP"],"on",2) == 0) { require ('network2.php');} |
else { echo "</TABLE>"; } |
?> |
</body> |
/web/acc/admin/services.php |
---|
32,7 → 32,7 |
$l_dnsmasq_blacklist = "Serveur DNS pour la Blacklist"; |
$l_dnsmasq_whitelist = "Serveur DNS pour la Whitelist"; |
$l_dnsmasq_blackhole = "Serveur DNS 'trou noir'"; |
$l_ulog_ssh = "journalisation des accès par SSH"; |
$l_ulogd_ssh = "journalisation des accès par SSH"; |
$l_ulogd_ext_access = "journalisation des tentatives d'accès externes"; |
$l_ulogd_traceability = "journalisation des connexions WEB filtrés"; |
} else { |
/web/acc/auth.php |
---|
1,19 → 1,19 |
<? |
$select[0]=$l_create_user; |
$select[1]=$l_edit_user; |
$select[2]=$l_create_group; |
$select[3]=$l_edit_group; |
$select[4]=$l_import_empty; |
$select[5]="Exceptions"; |
$select[6]="$l_activity"; |
$select[0]="$l_activity"; |
$select[1]=$l_create_user; |
$select[2]=$l_edit_user; |
$select[3]=$l_create_group; |
$select[4]=$l_edit_group; |
$select[5]=$l_import_empty; |
$select[6]="Exceptions"; |
$select[7]=$l_gammu; |
$fich[0]="manager/htdocs/user_new.php"; |
$fich[1]="manager/htdocs/find.php"; |
$fich[2]="manager/htdocs/group_new.php"; |
$fich[3]="manager/htdocs/show_groups.php"; |
$fich[4]="manager/htdocs/import_user.php"; |
$fich[5]="admin/auth_exceptions.php"; |
$fich[6]="manager/activity.php"; |
$fich[0]="manager/activity.php"; |
$fich[1]="manager/htdocs/user_new.php"; |
$fich[2]="manager/htdocs/find.php"; |
$fich[3]="manager/htdocs/group_new.php"; |
$fich[4]="manager/htdocs/show_groups.php"; |
$fich[5]="manager/htdocs/import_user.php"; |
$fich[6]="admin/auth_exceptions.php"; |
$fich[7]="manager/htdocs/autoregistration.php"; |
$j=0; |
$nb=count($select); |
/web/acc/manager/activity.php |
---|
27,6 → 27,8 |
fclose($ouvre); |
$tmp = explode("/",$conf["PRIVATE_IP"]); |
$private_ip=$tmp[0]; |
$tmp = explode("/",$conf["INTIF"]); |
$intif = $tmp[0]; |
require('/etc/freeradius-web/config.php'); |
# Choice of language |
$Language = 'en'; |
91,9 → 93,11 |
<th>$l_user</th> |
<th>$l_action</th> |
</tr>"; |
$output = array(); $output_mac = array(); $nb_ligne = 0; |
exec ('sudo /sbin/ip link show eth1 |grep ether|cut -d" " -f6', $output_mac); |
$eth1_mac_addr=strtoupper(str_replace(":","-",$output_mac[0])); |
$output = array(); $detail = array(); $nb_ligne = 0; |
exec ("sudo /sbin/ip link show $intif", $output); |
$detail = explode (" " , $output[1]); |
$intif_mac_addr=strtoupper(str_replace(":","-",$detail[5])); |
unset ($output);unset ($detail); |
exec ('sudo /usr/sbin/chilli_query list|sort -k5 -r', $output); |
while (list(,$ligne) = each($output)){ |
$detail = explode (" ", $ligne); |
123,7 → 127,7 |
} |
} |
# equipment without authenticated user |
else if (($detail[0] == $eth1_mac_addr) || ($detail[1] == $private_ip)){ |
else if (($detail[0] == $intif_mac_addr) || ($detail[1] == $private_ip)){ |
echo "ALCASAR system"; |
echo "</TD>"; |
echo "<TD>"; |
/web/acc/manager/htdocs/autoregistration.php |
---|
37,7 → 37,7 |
$l_time_perm = "Durée du blocage (en jours)"; |
$l_status_gammu = "Etat du service"; |
$l_start = "Démarrer"; |
$l_status_device = "Status de votre périphérique"; |
$l_status_device = "Status de votre clé 3G"; |
$l_key_diseable = "Aucun périphérique détecté"; |
$l_key_enable = "Votre clé est connectée"; |
$l_force_signal = "Force du signal"; |
99,13 → 99,13 |
$l_conf = "Configuration"; |
$l_conf_actu = "Current configuration"; |
$l_pin = "PIN password"; |
$l_num_alcasar = "Phone number (3g key)"; |
$l_num_alcasar = "Phone number (3G key)"; |
$l_ban_temp = "Max number of try before a permanent ban"; |
$l_time_account = "Time for a new session"; |
$l_time_perm = "Duration of a ban (for example, after X try)"; |
$l_status_gammu = "Service status"; |
$l_start = "Start"; |
$l_status_device = "Status of your device"; |
$l_status_device = "Status of your 3G key"; |
$l_key_diseable = "No device detected"; |
$l_key_enable = "Your 3g key is connected"; |
$l_force_signal = "Signal strength"; |
/web/acc/manager/htdocs/user_new.php |
---|
341,7 → 341,7 |
break; |
case 'Expiration' : |
/*Pré-remplissage avec la date du lendemain*/ |
$val=date("d F Y",strtotime("+1 day"));//<--en commentant cette ligne la valeur n'est plus pré-remplie |
/* $val=date("d F Y",strtotime("+1 day"));//<--en commentant cette ligne la valeur n'est plus pré-remplie |
/*Ajout du calendrier pour choisir la date*/ |
echo"<input id=\"popup_container\" type=text name=\"$name\" value=\"$val\" size=20>"; |
break; |
/web/acc/manager/lib/langues.php |
---|
102,7 → 102,7 |
$l_change = "Modifier"; |
$l_or = "Ou"; |
$l_create_multiple = "Créer plusieurs tickets"; |
$l_create_multiple_comment = "<br>Remarques : lors de la création plusieurs tickets simultanement :<br> |
$l_create_multiple_comment = "<br>Remarques : lors de la création de plusieurs tickets simultanement :<br> |
- l'identifiant et le mot de passe sont générés aléatoirement,<br> |
- les champs \"Nom, prénom\" et \"Adresse de couriel\" ne sont pas pris en compte.<br> "; |
$l_createTicketsMSG = "Saisissez le nombre d\'utilisateurs à créer"; |
/web/acc/system.php |
---|
1,13 → 1,11 |
<?php |
# $Id$ |
$select[0]=$l_activity; |
$select[1]=$l_network; |
$select[0]=$l_network; |
$select[1]="Services"; |
$select[2]=$l_ldap; |
$select[3]="Services"; |
$fich[0]="admin/activity.php"; |
$fich[1]="admin/network.php"; |
$fich[0]="admin/network.php"; |
$fich[1]="admin/services.php"; |
$fich[2]="admin/ldap.php"; |
$fich[3]="admin/services.php"; |
$j=0; |
$nb=count($select); |
while ($j != $nb) |
/web/language/alcasar-fr.txt |
---|
323,8 → 323,8 |
acc/admin/network.php |
$l_network_title = "Configuration réseau"; |
$l_eth0_legend = "Eth0 (Interface connectée à Internet)"; |
$l_eth1_legend = "Eth1 (Réseau de consultation)"; |
$l_extif_legend = "Interface connectée à Internet"; |
$l_intif_legend = "Interface connectée au réseau de consultation"; |
$l_internet_legend = "INTERNET"; |
$l_ip_adr = "Adresse IP"; |
$l_ip_mask = "Masque"; |