Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1512 → Rev 1513

/alcasar.sh
591,6 → 591,11
echo "ip_conntrack_ftp" >> /etc/modprobe.preload
# load ipt_NETFLOW module
echo "ipt_NETFLOW" >> /etc/modprobe.preload
# modify iptables service files (start with "alcasar-iptables.sh" and stop with flush)
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default
$SED "s?\[ -f \$IPTABLE_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test in order the stop function run (fluxh all rules & policies)
#
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
} # End of network ()
1563,9 → 1568,6
##########################################################
BL ()
{
# modify iptables boot file to start alcasar-iptables.sh when the system is booting
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
# copy and extract toulouse BL
rm -rf $DIR_DG/lists/blacklists
tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
1608,7 → 1610,6
if [ "$mode" != "update" ]; then
$DIR_DEST_SBIN/alcasar-bl.sh --adapt
$DIR_DEST_SBIN/alcasar-bl.sh --cat_choice
# !!! we can be banned by DNS server (waiting for a cool solution $DIR_DEST_SBIN/alcasar-bl.sh --ip_retrieving
fi
}
 
/scripts/sbin/alcasar-uninstall.sh
15,15 → 15,9
echo "-----------------------------------------------------------------------------"
echo
#services_stop
echo -n "Stop ALCASAR main services : "
for i in tinyproxy
do
[ -e /etc/init.d/$i ] && /sbin/chkconfig --del $i && /etc/init.d/$i stop && killall $i 2>/dev/null
done
 
/usr/local/bin/alcasar-sms.sh --stop
 
for i in alcasar-load_balancing mysqld ntpd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian httpd radiusd freshclam dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole dhcpd chilli havp nfsen
for i in alcasar-load_balancing freshclam ntpd dansguardian httpd radiusd mysqld dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy havp nfsen chilli fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability
do
[ -e /lib/systemd/system/$i.service ] && systemctl disable $i.service && systemctl stop $i.service 1>/dev/null
done
169,8 → 163,7
sleep 1
 
#BL
echo -en "\n- BL(1) : "
[ -e /lib/systemd/system/iptables.service.default ] && mv /lib/systemd/system/iptables.service.default /lib/systemd/system/iptables.service && echo -n "1"
echo -en "\n- BL(0) : "
sleep 1
 
#dhcpd
215,7 → 208,7
sleep 1
 
#network
echo -en "\n- network(8) : "
echo -en "\n- network(10) : "
hostname localhost
CONF_FILE="/usr/local/etc/alcasar.conf"
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace
232,7 → 225,9
[ -e /etc/ntp.conf.default ] && mv /etc/ntp.conf.default /etc/ntp.conf && echo -n "5, "
[ -e /etc/hosts.allow.default ] && mv /etc/hosts.allow.default /etc/hosts.allow && echo -n "6, "
[ -e /etc/hosts.deny.default ] && mv /etc/hosts.deny.default /etc/hosts.deny && echo -n "7, "
[ -e /etc/modprobe.preload.default ] && mv /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "8"
[ -e /etc/modprobe.preload.default ] && mv /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "8, "
[ -e /lib/systemd/system/iptables.service.default ] && mv /lib/systemd/system/iptables.service.default /lib/systemd/system/iptables.service && echo -n "9, "
[ -e /usr/libexec/iptables.init.default ] && mv /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo -n "10"
 
/sbin/ifup $EXTIF
sleep 1