| /CHANGELOG |
|---|
| 3,6 → 3,7 |
| -----------------------2.9.2 ----------------------- |
| NEWS |
| - importation of official certificate |
| - Configuration of Dansguardian and DNSMASQ for larger sites |
| - The SSL level has been improved to avoid recent vulnerabilities (exclude SSLV2 & V3) |
| - The autosigned certificate has been improved (key lenght : 2048b and sha256 for fingerprint algorithm) |
| /conf/sudoers |
|---|
| 19,15 → 19,15 |
| Cmnd_Alias SQL=/usr/local/sbin/alcasar-mysql.sh # to export users database |
| Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # to create conf backup file |
| Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # to export/save the log files |
| Cmnd_Alias BL=/usr/local/sbin/alcasar-bl.sh,/usr/local/sbin/alcasar-havp.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/sbin/alcasar-url_filter.sh # to manege the filtering system |
| Cmnd_Alias BL=/usr/local/sbin/alcasar-bl.sh,/usr/local/sbin/alcasar-havp.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/sbin/alcasar-url_filter.sh # to manage the filtering system |
| Cmnd_Alias NF=/usr/local/sbin/alcasar-nf.sh,/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # to manage the firewall |
| Cmnd_Alias LOGOUT=/usr/local/sbin/alcasar-logout.sh # to disconnect the users |
| Cmnd_Alias UAM=/usr/local/sbin/alcasar-uamallowed.sh # to manage the trusted websites (uamallowed) |
| Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # to manage the linux services |
| Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem |
| Cmnd_Alias SSL=/usr/bin/openssl,/usr/local/sbin/alcasar-importcert.sh,/usr/local/sbin/alcasar-defaultcert.sh # to manage the certificats |
| Cmnd_Alias SSL=/usr/bin/openssl # to manage the certificates |
| Cmnd_Alias IMPCERT=/usr/local/sbin/alcasar-importcert.sh # to import an official certificate |
| # Defaults specification |
| # Defaults syslog=auth |
| 46,6 → 46,6 |
| # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom |
| # %users localhost=/sbin/shutdown -h now |
| ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL |
| ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,IMPCERT |
| ADMIN LAN_ORG=(root) NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE |
| /scripts/alcasar-defaultcert.sh |
|---|
| File deleted |
| Property changes: |
| Deleted: svn:eol-style |
| -native |
| \ No newline at end of property |
| Deleted: svn:executable |
| -* |
| \ No newline at end of property |
| /scripts/alcasar-importcert.sh |
|---|
| 7,24 → 7,54 |
| # Script permettant |
| # - d'importer des certificats sur Alcasar |
| # - de revenir au certificat par default |
| # This script allows |
| # - to import certificate in Alcasar |
| # - to import a certificate in Alcasar |
| # - to go back to the default certificate |
| SED="/bin/sed -ri" |
| DIR_CERT="/etc/pki/tls" |
| usage="Usage: alcasar-importcert.sh -i YourCertificate.crt -k YourAlcasar.key -c Chaîne.com" |
| usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)" |
| nb_args=$# |
| args=$1 |
| args1=$3 |
| args2=$5 |
| cert=$2 |
| key=$4 |
| sc=$6 |
| arg1=$1 |
| # nb_args=$# |
| # args=$1 |
| # args1=$3 |
| # args2=$5 |
| # cert=$2 |
| # key=$4 |
| # sc=$6 |
| function defaultNdd() |
| { |
| $SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf |
| $SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts |
| $SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf |
| $SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf |
| $SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf |
| } |
| function defaultCert() |
| { |
| cd $DIR_CERT |
| rm private/alcasar.key |
| rm certs/alcasar.crt |
| mv certs/alcasar.crt.old certs/alcasar.crt |
| mv private/alcasar.key.old private/alcasar.key |
| if [ -f certs/server-chain.crt.old ] |
| then |
| rm certs/server-chain.crt |
| mv certs/server-chain.crt.old certs/server-chain.crt |
| fi |
| } |
| function domainName() # change the domain name in the conf files |
| { |
| 31,7 → 61,7 |
| ndd=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p') |
| echo $ndd |
| if [ "$ndd" != "" ] |
| then |
| then |
| $SED "s/^DOMAIN=.*/DOMAIN=$ndd/g" /usr/local/etc/alcasar.conf |
| $SED "s/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.$ndd/g" /etc/hosts |
| $SED "s/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.$ndd/g" /etc/chilli.conf |
| 43,7 → 73,7 |
| function certImport() |
| { |
| cd $DIR_CERT |
| if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ] |
| then |
| echo "Backup of old cert (alcasar.crt)" |
| 54,7 → 84,7 |
| echo "Backup of old private key (alcasar.key)" |
| mv private/alcasar.key private/alcasar.key.old |
| fi |
| cp $cert certs/alcasar.crt |
| cp $key private/alcasar.key |
| 78,55 → 108,74 |
| fi |
| } |
| if [ $nb_args -eq 0 ] || [ "$cert" == "" ] || [ "$key" == "" ] |
| if [ $nb_args -eq 0 ] |
| then |
| nb_args=1 |
| args="-h" |
| echo "$usage" |
| exit 1 |
| fi |
| case $args in |
| case $arg1 in |
| -\? | -h* | --h*) |
| echo "$usage" |
| exit 0 |
| ;; |
| -i) |
| echo "You want import the certificate: $2" |
| arg3=$3 |
| arg5=$5 |
| cert=$2 |
| key=$4 |
| sc=$6 |
| if [ "$cert" == "" ] || [ "$key" == "" ] |
| then |
| echo "$usage" |
| exit 1 |
| fi |
| if [ ! -f "$cert" -o ! -f "$key" ] |
| then |
| echo "Certificate and/or private key not found" |
| exit 1 |
| fi |
| if [ ${cert: -4} != ".crt" ] |
| then |
| echo "Invalid certificate file" |
| exit 1 |
| fi |
| if [ ${key: -4} != ".key" ] |
| then |
| echo "Invalid private key" |
| exit 1 |
| fi |
| if [ "$arg5" != "-c" ] || [ ! -f "$sc" ] |
| then |
| echo "No server-chain given" |
| echo "Importing certificate $cert with private key $key" |
| sc="" |
| else |
| echo "Importing certificate $cert with private key $key and server-chain $sc" |
| fi |
| domainName $cert |
| certImport $cert $key $sc |
| systemctl restart chilli.service |
| systemctl restart httpd.service |
| ;; |
| -d) |
| if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ] |
| then |
| echo "Restoring default certificate" |
| defaultCert |
| defaultNdd |
| systemctl restart chilli.service |
| systemctl restart httpd.service |
| fi |
| ;; |
| *) |
| echo "Unknown argument: $1" |
| echo "$usage" |
| exit 1 |
| ;; |
| esac |
| case $args1 in |
| -\? | -h* | --h*) |
| echo "$usage" |
| exit 0 |
| ;; |
| -k) |
| echo "With the private key: $4" |
| ;; |
| *) |
| echo "Unknown argument: $3" |
| echo "$usage" |
| exit 1 |
| ;; |
| esac |
| if [ "$args2" == "-c" ] |
| then |
| echo "And the cert-chain: $6" |
| if [ "$sc" == "" ] |
| then |
| echo "! Can't find the file of the chain-cert" |
| fi |
| else |
| echo "Without a cert-chain" |
| sc="" |
| fi |
| domainName |
| certImport $cert $key $sc |
| systemctl restart chilli.service |
| systemctl restart httpd.service |
| /scripts/alcasar-urpmi.sh |
|---|
| 188,7 → 188,7 |
| else |
| echo "Nettoyage du système : " |
| fi |
| for rm_rpm in shorewall mandi radeontool avahi mageia-gfxboot-theme privoxy cpupower squid |
| for rm_rpm in shorewall mandi radeontool avahi mageia-gfxboot-theme privoxy cpupower squid gamin |
| do |
| /usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null |
| echo -n "." |
| /web/acc/admin/network.php |
|---|
| 2,7 → 2,7 |
| /* written by steweb57 & Rexy */ |
| /******************** |
| * CONF FILES EXIST * |
| * TEST CONF FILES * |
| *********************/ |
| define ("CONF_FILE", "/usr/local/etc/alcasar.conf"); |
| define ("ETHERS_FILE", "/usr/local/etc/alcasar-ethers"); |
| 24,12 → 24,12 |
| $l_extif_legend = " (Interface connectée à Internet)"; |
| $l_intif_legend = " (Réseau de consultation)"; |
| $l_internet_legend = "INTERNET"; |
| $l_ip_adr = "Adresse IP"; |
| $l_ip_mask = "Masque"; |
| $l_ip_adr = "Adresse IP"; |
| $l_ip_mask = "Masque"; |
| $l_ip_router = "Passerelle"; |
| $l_ip_public = "Adresse IP publique"; |
| $l_ip_dns1 = "DNS1"; |
| $l_ip_dns2 = "DNS2"; |
| $l_ip_dns1 = "DNS1"; |
| $l_ip_dns2 = "DNS2"; |
| $l_dhcp_title = "Service DHCP"; |
| $l_dhcp_state = "Mode actuel"; |
| $l_DHCP_on = "actif"; |
| 38,9 → 38,14 |
| $l_static_dhcp_title = "Réservation d'adresses IP statiques"; |
| $l_mac_address = "Adresse MAC"; |
| $l_ip_address = "Adresse IP"; |
| $l_mac_del = "Supprimer de la liste"; |
| $l_mac_del = "Supprimer de la liste"; |
| $l_add_to_list = "Ajouter"; |
| $l_apply = "Appliquer les changements"; |
| $l_apply = "Appliquer les changements"; |
| $l_import_cert = "Import de certificat"; |
| $l_private_key = "Clé privée (.key) :"; |
| $l_certificate = "Certificat (.crt) :"; |
| $l_server_chain = "Server-chain (Si nécéssaire : .crt) :"; |
| $l_default_cert = "Retourner aux certificat par défaut"; |
| } else { |
| $l_network_title = "Network configuration"; |
| 47,12 → 52,12 |
| $l_extif_legend = " (Internet connected interface)"; |
| $l_intif_legend = " (Private network)"; |
| $l_internet_legend = "INTERNET"; |
| $l_ip_adr = "IP Address"; |
| $l_ip_mask = "Mask"; |
| $l_ip_adr = "IP Address"; |
| $l_ip_mask = "Mask"; |
| $l_ip_router = "Gateway"; |
| $l_ip_public = "Public IP address"; |
| $l_ip_dns1 = "DNS1 :"; |
| $l_ip_dns2 = "DNS2"; |
| $l_ip_dns1 = "DNS1"; |
| $l_ip_dns2 = "DNS2"; |
| $l_dhcp_title = "DHCP service"; |
| $l_dhcp_state = "Current mode"; |
| $l_DHCP_on = "enabled"; |
| 61,9 → 66,14 |
| $l_static_dhcp_title = "Static IP addresses reservation"; |
| $l_mac_address = "MAC Address"; |
| $l_ip_address = "IP Address"; |
| $l_mac_del = "Delete from list"; |
| $l_mac_del = "Delete from list"; |
| $l_add_to_list = "Add"; |
| $l_apply = "Apply changes"; |
| $l_apply = "Apply changes"; |
| $l_import_cert = "Certificate import"; |
| $l_private_key = "Private key (.key) :"; |
| $l_certificate = "Certificate (.crt) :"; |
| $l_server_chain = "Server-chain (If necessary : .crt) :"; |
| $l_default_cert = "Back to default certificate"; |
| } |
| if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";} |
| switch ($choix) |
| 97,7 → 107,7 |
| } |
| } |
| } |
| if ($insert == "True") |
| if ($insert == "True") |
| { |
| $line = trim($_POST['add_mac']) . " " . trim($_POST['add_ip']) . "\n"; |
| $pointeur=fopen(ETHERS_FILE,"a"); |
| 139,7 → 149,7 |
| $port = "80"; |
| //var $num; //not used |
| //var $error; //not used |
| if (! $sock = @fsockopen($host, $port, $num, $error, 5)) { |
| return false; |
| } else { |
| 254,22 → 264,22 |
| ?> |
| <table width="100%" border="0" cellspacing="0" cellpadding="0"> |
| <tr><th>Import de certificat</th></tr> |
| <tr><th><?php echo $l_import_cert;?></th></tr> |
| <tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
| </table> |
| <table width="100%" border="1" cellspacing="0" cellpadding="0"> |
| <tr><td> |
| <form method="post" action="network.php" enctype="multipart/form-data"> |
| Clé privée (.key): <input type="file" name="key"/><br/> |
| Certificat (.crt):<input type="file" name="crt"/><br/> |
| Server-chain (Recommandé : .crt):<input type="file" name="sc"/> |
| <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $maxsize ?>" /><br/> |
| <?php echo $l_private_key;?><input type="file" name="key"/><br/> |
| <?php echo $l_certificate;?><input type="file" name="crt"/><br/> |
| <?php echo $l_server_chain;?><input type="file" name="sc"/> |
| <input type="hidden" name="MAX_FILE_SIZE" value=<?php echo $maxsize;?> /><br/> |
| <input type="submit" value="Valider"/> |
| </form> |
| </td><td> |
| <form method="post" action="network.php"> |
| <input type="hidden" name="default"/> |
| <input type="submit" value="Retourner aux certificats par défaut"/> |
| <input type="submit" <?php echo "value=\"".$l_default_cert."\""?>/> |
| </form> |
| </td> |
| </tr> |
| 281,7 → 291,7 |
| <?php |
| if(isset($_POST['default'])){ |
| echo "Retour au certificats par défaut"; |
| exec("sudo alcasar-defaultcert.sh"); |
| exec("sudo alcasar-importcert.sh -d"); |
| } |
| if(isset($_POST['MAX_FILE_SIZE'])){ |
| echo "changement"; |
| 308,4 → 318,3 |
| } |
| } |
| ?> |