BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 2009

  → / @ 2010

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

No changes between revisions

Ignore whitespace Rev 2009 → Rev 2010

/conf/sudoers
27,6 → 27,7
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem
Cmnd_Alias SSL=/usr/bin/openssl,/usr/local/bin/alcasar-importcert.sh # to manage the certificates
Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # to manage htdigest groups
Cmnd_Alias LOG_GEN=/usr/local/bin/alcasar-generate_log.sh # to create log PDF from ACC
# Defaults specification
# Defaults syslog=auth
46,6 → 47,6
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN
ADMIN LAN_ORG=(root) NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE

/rpms/i586/wkhtmltopdf-0.12.3-1.noarch.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property

/rpms/wkhtmltopdf-0.12.3-1.spec
0,0 → 1,67
Summary: Convert HTML to PDF
Name: wkhtmltopdf
Version: 0.12.3
Release: 1
License: GPL
BuildArch: noarch
URL: http://wkhtmltopdf.org/
Group: Development/Tools
Source: %{name}-%{version}.tar.gz
Provides: wkhtmltopdf = %{version}-%{release}
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
%description
Convert HTML to PDF using the Qt WebKit rendering engine
%prep
%setup -q -n %{name}-%{version}
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/usr/bin
mkdir -p %{buildroot}/usr/include
mkdir -p %{buildroot}/usr/include/wkhtmltox
mkdir -p %{buildroot}/usr/lib
mkdir -p %{buildroot}/usr/share
mkdir -p %{buildroot}/usr/share/man/man1
cp usr/bin/* %{buildroot}/usr/bin/
cp usr/include/wkhtmltox/* %{buildroot}/usr/include/wkhtmltox/
cp usr/lib/* %{buildroot}/usr/lib/
cp usr/share/man/man1/* %{buildroot}/usr/share/man/man1/
ln -s %{buildroot}/usr/lib/libwkhtmltox.so.0.12.3 %{buildroot}/usr/lib/libwkhtmltox.so
ln -s %{buildroot}/usr/lib/libwkhtmltox.so.0.12.3 %{buildroot}/usr/lib/libwkhtmltox.so.0
#ln -s %{buildroot}/usr/lib/libwkhtmltox.so.0.12.3 %{buildroot}/usr/lib/libwkhtmltox.so.0.12 probleme avec le '1'
%clean
#rm -rf %{buildroot}
%files
%defattr(-,root,root)
%attr(0755,root,root) /usr/bin/wkhtmltopdf
%attr(0755,root,root) /usr/bin/wkhtmltoimage
/usr/bin/wkhtmltoimage
/usr/bin/wkhtmltopdf
/usr/include/wkhtmltox/dllbegin.inc
/usr/include/wkhtmltox/dllend.inc
/usr/include/wkhtmltox/image.h
/usr/include/wkhtmltox/pdf.h
/usr/lib/libwkhtmltox.so
/usr/lib/libwkhtmltox.so.0
#/usr/lib/libwkhtmltox.so.0.12
/usr/lib/libwkhtmltox.so.0.12.3
/usr/share/man/man1/wkhtmltoimage.1.xz
/usr/share/man/man1/wkhtmltopdf.1.xz
%changelog
* Tue Jul 19 2016 Raphael for ALCASAR projet
RPM created for Mageia

/rpms/x86_64/wkhtmltopdf-0.12.3-1.noarch.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property

/scripts/alcasar-conup.sh
22,6 → 22,7
#1-> profile1
#2-> profile2
#3-> profile3
#4-> warn_user (if imputability report has been generated)
#6-> WL
#7-> BL
#8-> HAVP

/scripts/alcasar-generate_log.sh
0,0 → 1,168
#Corrélation et Generation des logs au format PDF
#Il est possible de demander les logs :
#-depuis le début (pas d'argument)
#-à partir d'une date (un seul argument)
#-en spécifiant un intervale (deux arguments correspondant aux bornes respectives)
#Par Raphaël Pion
usage="Usage: alcasar-generate_log.sh PASSWORD && ({ '' } | { 'YYYY-MM-DD HH:MM:SS' } | { 'YYYY-MM-DD HH:MM:SS' 'YYYY-MM-DD HH:MM:SS' })"
nb_args=$#
DIR='/var/www/html/acc/backup/'
TMP_SQL="/tmp/log_sql.csv"
TMP_USERS="/tmp/log_users"
TMP_HTML="$DIR/log_nf.html"
TMP_PDF="$DIR/imputabilities_logs-$(date +%F).pdf"
PASSWD_FILE="/root/ALCASAR-passwords.txt"
ARCHIVE_LOCATION="$DIR/imputabilities_logs.zip"
if [ $nb_args -eq 1 ]
then
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct ORDER BY acctstarttime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
SECTION_LOG="Extraction de tous les journaux"
fi
if [ $nb_args -eq 2 ]
then
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct WHERE acctstarttime >= '$2' ORDER BY acctstarttime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
echo $QUERY
SECTION_LOG="Extraction des journaux à partir du $2"
fi
if [ $nb_args -eq 3 ]
then
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct WHERE acctstarttime >= '$2' AND acctstarttime <= '$3' ORDER BY acctstoptime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
SECTION_LOG="Extraction des journaux entre $2 et $3"
fi
if [ $nb_args -eq 0 ]
then
echo $usage
exit
fi
if [ $nb_args -gt 3 ]
then
echo $usage
exit
fi
if [ -e $TMP_SQL ]
then
rm $TMP_SQL
fi
if [ -e $TMP_PDF ]
then
rm $TMP_PDF
fi
if [ -e $ARCHIVE_LOCATION ]
then
rm $ARCHIVE_LOCATION
fi
#get log information for each users
mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev) -e "$QUERY"
#Create HTML document which contains every informations about users
echo "<!DOCTYPE html>" > $TMP_HTML
echo "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>" >> $TMP_HTML
echo "<TITLE>ALCASAR Report</TITLE>" >> $TMP_HTML
echo "<link rel='stylesheet' type='text/css' href='../../css/bootstrap.min.css'>" >> $TMP_HTML
echo "<link rel='stylesheet' type='text/css' href='../../css/report.css'>" >> $TMP_HTML
echo "</HEAD>" >> $TMP_HTML
echo "<body>" >> $TMP_HTML
echo "<h1>$SECTION_LOG</h1>" >> $TMP_HTML
echo "<i><p style='text-align: right;'>Date de création $(date +%F)</p></i>" >> $TMP_HTML
echo "<font size='1'>" >> $TMP_HTML
cat $TMP_SQL | while read LIGNE_SQL
do
LOG_IP=$(echo $LIGNE_SQL | cut -d',' -f3)
LOG_DATE1=$(echo $LIGNE_SQL | cut -d',' -f4)
LOG_DATE2=$(echo $LIGNE_SQL | cut -d',' -f5)
LOG_Y1=$(echo $LOG_DATE1 | cut -d'-' -f1)
LOG_M1=$(echo $LOG_DATE1 | cut -d'-' -f2)
LOG_D1=$(echo $LOG_DATE1 | cut -d'-' -f3 | cut -d' ' -f1)
LOG_H1=$(echo $LOG_DATE1 | cut -d'-' -f3 | cut -d' ' -f2)
LOG_Y2=$(echo $LOG_DATE2 | cut -d'-' -f1)
LOG_M2=$(echo $LOG_DATE2 | cut -d'-' -f2)
LOG_D2=$(echo $LOG_DATE2 | cut -d'-' -f3 | cut -d' ' -f1)
LOG_H2=$(echo $LOG_DATE2 | cut -d'-' -f3 | cut -d' ' -f2)
DUMP=$(nfdump -O tstart -R /var/log/nfsen/profiles-data/live/alcasar_netflow/ -t $LOG_Y1/$LOG_M1/$LOG_D1.$LOG_H1-$LOG_Y2/$LOG_M2/$LOG_D2.$LOG_H2 -o "fmt:<tr><td class='numberLine'></td><td>%sa</td><td>%sp</td><td>%da</td><td>%dp</td><td>%ts</td></tr>" | tail -n +2 | head -n -4 | grep "$LOG_IP")
if [ ! -z "$DUMP" ]
then
echo "<div class='container'> " >> $TMP_HTML
echo "<table class='table table-striped'>" >> $TMP_HTML
echo "<thead>" >> $TMP_HTML
echo "<tr>" >> $TMP_HTML
echo "<th>Username</th>" >> $TMP_HTML
echo "<th>Client @MAC</th>" >> $TMP_HTML
echo "<th>Client @IP</th>" >> $TMP_HTML
echo "<th>Login Time</th>" >> $TMP_HTML
echo "<th>Logout Time</th>" >> $TMP_HTML
echo "<th>Upload</th>" >> $TMP_HTML
echo "<th>Download</th>" >> $TMP_HTML
echo "<th>Cause</th>" >> $TMP_HTML
echo "</tr></thead><tbody><tr>" >> $TMP_HTML
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f1) "</td>" >> $TMP_HTML
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f2) "</td>" >> $TMP_HTML
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f3) "</td>" >> $TMP_HTML
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f4) "</td>" >> $TMP_HTML
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f5) "</td>" >> $TMP_HTML
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f6) "</td>" >> $TMP_HTML
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f7) "</td>" >> $TMP_HTML
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f8) "</td>" >> $TMP_HTML
echo "</tr></tbody></table></div>" >> $TMP_HTML
echo "<div class='container mySpace'> " >> $TMP_HTML
echo "<table class='table table-striped'>" >> $TMP_HTML
echo "<thead>" >> $TMP_HTML
echo "<tr>" >> $TMP_HTML
echo "<th>N°</th>" >> $TMP_HTML
echo "<th>@IP src</th>" >> $TMP_HTML
echo "<th>Port src</th>" >> $TMP_HTML
echo "<th>@IP dst</th>" >> $TMP_HTML
echo "<th>Port dst</th>" >> $TMP_HTML
echo "<th>Date</th>" >> $TMP_HTML
echo "</tr></thead><tbody>" >> $TMP_HTML
echo $DUMP >> $TMP_HTML
echo "</tbody></table></div>" >> $TMP_HTML
fi
done
echo "</font>" >> $TMP_HTML
echo "</body>" >> $TMP_HTML
echo "</HTML>" >> $TMP_HTML
#inform users about that by setting the fourth bit of Filter-Id at 1.
QUERY="SELECT username from radreply INTO OUTFILE '$TMP_USERS' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';"
mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev) -e "$QUERY"
if [ -e $TMP_USERS ] && [ $(cat $TMP_USERS | wc -l) -gt 0 ]
then
for user in $(cat $TMP_USERS)
do
QUERY="set @CurrentFilter=(SELECT value from radreply where username='$user');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'1', (@CurrentFilterRight)) WHERE username='$user' ;"
mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev) -e "$QUERY"
done
fi
rm $TMP_USERS
/usr/bin/wkhtmltopdf $TMP_HTML $TMP_PDF
/usr/bin/7za a -tzip -p$1 -mem=AES256 $ARCHIVE_LOCATION $TMP_PDF
chown apache:apache $ARCHIVE_LOCATION
rm $TMP_HTML
rm $TMP_SQL
rm $TMP_PDF

/scripts/alcasar-iptables.sh
168,7 → 168,6
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set users_list src -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 56
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set users_list src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 56
# Marquage des paquets qui tentent d'accéder directement à un serveur sans authentification en mode proxy pour pouvoir les rejeter en INPUT
# Mark packets that attempt to directly access a server without authentication with proxy client to reject them in INPUT rules
#$IPTABLES -A PREROUTING -t mangle -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp -m tcp --dport 80 -m string --string 'GET http' --algo bm --from 50 --to 70 -j MARK --set-mark 10

/scripts/alcasar-rpm-download.sh
11,7 → 11,7
VERSION="5"
ARCH="i586"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man kernel-firmware-nonfree dos2unix"
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man kernel-firmware-nonfree dos2unix p7zip"
rpm_repository_sync ()
{

/scripts/alcasar-urpmi.sh
14,7 → 14,7
# The kernel version we compile netflow for
KERNEL="kernel-server-4.4.13-1.mga5-1-1.mga5"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man kernel-firmware-nonfree dos2unix"
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man kernel-firmware-nonfree dos2unix p7zip"
rpm_repository_sync ()
{

/web/acc/backup/log_generation.php
0,0 → 1,394
<!DOCTYPE html>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<TITLE>ALCASAR Report</TITLE>
<link rel="stylesheet" type="text/css" href="../../../css/bootstrap.min.css">
<script src="../../../js/jquery.js"></script>
<script src="../../../js/bootstrap.min.js"></script>
<style>
body{
background-color: #EFEFEF;
}
</style>
</HEAD>
<body>
<?php
#Cette page permet de générer les journaux d'imputabilité dans une archive avec mot de passe.
#Lors de la création de cette archive, tous les utilisateurs d'alcasar seront prévenus lors de leur prochaine connexion par un message d'alerte.
#Cette page a été créé suite à la demande d'une préfecture de police afin de faciliter le déroulement des affaires judiciaires UNIQUEMENT.
# Choice of language
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE']))
{
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
$Language = strtolower(substr(chop($Langue[0]),0,2));
}
if($Language == 'fr')
{
$l_info = "Génération des journaux d'imputabilité";
$l_log_info = "Vous allez générer des journaux qui avertiront tous les utilisateurs. En effet, cette pratique est réservée uniquement de le cadre d'une enquête judiciaire. Vous comprenez donc les risques en continuant ici.";
$l_password = "Entrez votre mot de passe afin de protéger votre archive contenant le PDF des journaux d'imputabilité";
$l_submit = "Continuer";
$l_date1="Commençant le ...";
$l_date2="Terminant le ...";
$l_hours="Jusqu\'au ...";
$l_options_info = "Que désirez vous?";
$l_options_1="Tous les journaux";
$l_options_2="Selectionnez un intervale ...";
$l_options_3="Selectionnez depuis une date ...";
$l_load="Chargement...";
$l_create="Les utilisateurs ont été prévenus de cette action et l'archive a bien été crée, retenez bien votre mot de passe car il sera impossible de vous le redonner";
$l_download="Télécharger l'archive";
$l_error="Vous devez remplir les informations du formulaire!";
$l_demandeur="Nom du demandeur :";
$l_commentary="Raison :";
$l_info_form="Information du demandeur :";
$l_logtab="Dernières entrées :";
$l_empty_log="Les journaux sont vides";
}
else
{
$l_info = "Imputabilities logs generation";
$l_log_info = "You are generating logs which will warn users. In fact, this action is only reserved for a judicial investigation. So, you understand risks if you proceed.";
$l_password = "Enter your password to protect your archive which contains the PDF of imputabilities logs.";
$l_submit = "Proceed";
$l_date1="Start at ...";
$l_date2="End at ...";
$l_hours="At ...";
$l_options_info = "What do you want?";
$l_options_1="All logs";
$l_options_2="Select a range ...";
$l_options_3="Select from a specific date ...";
$l_create="Users have been warned and your archive has been created! Don't forget your password!";
$l_load="Loading...";
$l_download="Download archive";
$l_error="You need to submit form informations!!";
$l_demandeur="Applicant name :";
$l_commentary="Reason :";
$l_info_form="User Information";
$l_logtab="Last entries :";
$l_empty_log="Logs are empty";
}
$filename='/var/www/html/acc/backup/log_info.txt';
if(isset($_POST['submit']))
{
$password=$_POST['password'];
$demandeur=$_POST['demandeur'];
$raison=$_POST['comment'];
#si le mot de passe est vide ou si il contient des espaces
if($password != "" && $demandeur != "" && $raison != "")
{
#Génération de log
$text=date("Y-m-d H:i:s")."|||".$demandeur."|||".$raison."|||".$_SERVER['REMOTE_ADDR']."|||";
#supprimer les nouvelles lignes
$text = str_replace("\n", ' ', $text);
$text = str_replace("\r", ' ', $text);
file_put_contents($filename, $text.PHP_EOL, FILE_APPEND);
#Création des journaux dans une archive avec mot de passe.
$filename_logs="imputabilities_logs.zip";
switch($_POST['submit'])
{
case 'query_all':
exec("sudo alcasar-generate_log.sh '$password'");
break;
case 'query_range':
$date1_selected= $_POST['start-year'].'-'.$_POST['start-month'].'-'.$_POST['start-day'].' '.$_POST['start-hour'].':'.$_POST['start-min'].':'.$_POST['start-sec'];
$date2_selected= $_POST['stop-year'].'-'.$_POST['stop-month'].'-'.$_POST['stop-day'].' '.$_POST['stop-hour'].':'.$_POST['stop-min'].':'.$_POST['stop-sec'];
exec("sudo alcasar-generate_log.sh '$password' '$date1_selected' '$date2_selected' ");
break;
case 'query_simple':
$date1_selected= $_POST['start-year'].'-'.$_POST['start-month'].'-'.$_POST['start-day'].' '.$_POST['start-hour'].':'.$_POST['start-min'].':'.$_POST['start-sec'];
exec("sudo alcasar-generate_log.sh '$password' '$date1_selected'");
break;
}
#Interface permettant de télécharger les journaux d'imputabilité
echo "<h3>$l_create</h3>";
echo "<a href=\"$filename_logs\" class=\"btn btn-info btn-lg\">";
echo " <span class=\"glyphicon glyphicon-download-alt\"></span> $l_download";
echo "</a>";
}
else
{
echo "$l_error";
}
}
else
{
#Interface permettant de configurer la génération des journaux d'imputabilité.
echo "<div>";
echo " <div style=\"margin-top:20px\">";
echo " <div>";
echo " <fieldset>";
echo " <h3>$l_info</h3>";
echo " <p>$l_log_info</p>";
echo " </fieldset>";
echo "<h4> $l_options_info </h4>";
echo "<div class=\"radio\">";
echo "<label><input type=\"radio\" name=\"optradio\" onclick=\"radio_interact1()\" checked> $l_options_1 </label>";
echo "</div>";
echo "<div class=\"radio\">";
echo "<label><input type=\"radio\" name=\"optradio\" onclick=\"radio_interact2()\"> $l_options_2 </label>";
echo "</div>";
echo "<div class=\"radio\">";
echo "<label><input type=\"radio\" name=\"optradio\" onclick=\"radio_interact3()\"> $l_options_3 </label>";
echo "</div>";
echo "<form name=\"form_log\" method=\"post\" action=\"log_generation.php\" role=\"form\">";
echo "<p> $l_password </p><input name=\"password\" type=\"password\" size=\"25\">";
echo "<h2>$l_info_form</h2>";
echo "<p>$l_demandeur</p><textarea name='demandeur' style=\"height:25px;\"></textarea>";
echo "<p>$l_commentary</p><textarea name='comment'></textarea>";
echo "<p id=\"query_option\"></br></br><button type=\"submit\" onClick=\"this.classList.add('disabled');\" class=\"btn btn-primary\" name=\"submit\" value=\"query_all\"> $l_submit </button></p>";
}
echo "<br><div style=\"height:1px;background:#717171;border-bottom:1px solid #313030:\"></div>";
echo "<h2>$l_logtab</h2>";
if(file_exists($filename)){
echo "<div class=\"container\">";
echo "<table class=\"table table-striped\">";
echo "<thead>";
echo "<tr>";
echo "<th>Date</th>";
echo "<th>User</th>";
echo "<th>Reason</th>";
echo "<th>IP address</th>";
echo "</tr>";
echo "</thead>";
echo "<tbody>";
$fichier = fopen($filename, "r");
$content = file($filename);
foreach($content as $line){
$infos=explode("|||", $line);
echo "<tr>";
echo "<td>$infos[0]</td>";
echo "<td>$infos[1]</td>";
echo "<td>$infos[2]</td>";
echo "<td>$infos[3]</td>";
echo "</tr>";
}
echo "</tbody>";
echo "</table>";
echo "</div>";
}
else
{
echo "<p>$l_empty_log</p>";
}
#javascript permettant de generer les dropdown des dates. Il faut s'assurer que les données envoyées soient au bon format afin d'etre traité dans alcasar-generation_logs.sh
echo "<script>";
echo "function radio_interact1() {";
echo "document.getElementById(\"query_option\").innerHTML = '";
echo "</br></br><button type=\"submit\" class=\"btn btn-primary\" name=\"submit\" value=\"query_all\"> $l_submit</button>";
echo "';}";
echo "function radio_interact2() {";
echo " document.getElementById(\"query_option\").innerHTML = '";
echo "$l_date1 <select name=\"start-year\">";
$year = date('Y');
$years = $year-50;
for ($i = $year; $i >= $years; $i--) {
$sel = ($i == $year) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "-<select name=\"start-month\">";
$month = date('m');
for ($i = 1; $i <= 12; $i++) {
$sel = ($i == $month) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "-<select name=\"start-day\">";
$day = date('d');
for ($i = 1; $i <= 31; $i++) {
$sel = ($i == $day) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "$l_hours <select name=\"start-hour\">";
$hour = date('G');
for ($i = 0; $i <= 23; $i++) {
$sel = ($i == $hour) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo ":<select name=\"start-min\">";
$min = date('i');
for ($i = 0; $i <= 59; $i++) {
$sel = ($i == $min) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo ":<select name=\"start-sec\">";
$sec = date('s');
for ($i = 0; $i <= 59; $i++) {
$sel = ($i == $sec) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "</br>";
echo "$l_date2 <select name=\"stop-year\">";
$year = date('Y');
$years = $year-50;
for ($i = $year; $i >= $years; $i--) {
$sel = ($i == $year) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "-<select name=\"stop-month\">";
$month = date('m')+1;
for ($i = 1; $i <= 12; $i++) {
$sel = ($i == $month) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "-<select name=\"stop-day\">";
$day = date('d');
for ($i = 1; $i <= 31; $i++) {
$sel = ($i == $day) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "$l_hours <select name=\"stop-hour\">";
$hour = date('G');
for ($i = 0; $i <= 23; $i++) {
$sel = ($i == $hour) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo ":<select name=\"stop-min\">";
$min = date('i');
for ($i = 0; $i <= 59; $i++) {
$sel = ($i == $min) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo ":<select name=\"stop-sec\">";
$sec = date('s');
for ($i = 0; $i <= 59; $i++) {
$sel = ($i == $sec) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "</br></br><button type=\"submit\" class=\"btn btn-primary\" name=\"submit\" value=\"query_range\"> $l_submit</button>";
echo "';}";
echo "function radio_interact3() {";
echo " document.getElementById(\"query_option\").innerHTML = '";
echo "$l_date1 <select name=\"start-year\">";
$year = date('Y');
$years = $year-50;
for ($i = $year; $i >= $years; $i--) {
$sel = ($i == $year) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "-<select name=\"start-month\">";
$month = date('m');
for ($i = 1; $i <= 12; $i++) {
$sel = ($i == $month) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "-<select name=\"start-day\">";
$day = date('d');
for ($i = 1; $i <= 31; $i++) {
$sel = ($i == $day) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "$l_hours <select name=\"start-hour\">";
$hour = date('G');
for ($i = 0; $i <= 23; $i++) {
$sel = ($i == $hour) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo ":<select name=\"start-min\">";
$min = date('i');
for ($i = 0; $i <= 59; $i++) {
$sel = ($i == $min) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo ":<select name=\"start-sec\">";
$sec = date('s');
for ($i = 0; $i <= 59; $i++) {
$sel = ($i == $sec) ? ' selected="selected"' : '';
$i = str_pad($i, 2, '0', STR_PAD_LEFT);
echo "<option value=\"$i\"$sel>$i</option>";
}
echo "</select>";
echo "</br></br><button type=\"submit\" class=\"btn btn-primary\" name=\"submit\" value=\"query_simple\"> $l_submit</button>";
echo "';}";
echo "</script>";
echo "</form>";
echo "</div>";
echo "</div>";
echo "</div>";
?>
</body>
</html>

/web/acc/backup.php
1,6 → 1,8
<?php
$select[0]="$l_backup_archive";
$select[1]="$l_backup_log";
$fich[0]="backup/sauvegarde.php";
$fich[1]="backup/log_generation.php";
$j=0;
while ($j != count($select))
{

/web/acc/manager/lib/sql/change_attrs.php
82,6 → 82,8
if (isset($item_vals["$key"][$j]) && (isset($old_val) && $old_val !='') || $sql_attr=='Filter-Id'){
$old_val = $item_vals["$key"][$j];
$old_val = da_sql_escape_string($link, $old_val);
#we keep the fourth bit of Filter-Id to warn user about administrator who read imputability logs.
$val[3]=$old_val[3];
$res = da_sql_query($link,$config,
"UPDATE $table SET value = '$val' WHERE $query_key = '$login' AND
attribute = '$sql_attr' AND value = '$old_val';");

/web/acc/menu.php
74,6 → 74,7
$l_log="Générer les journaux";
$l_backup_archive="Archives";
$l_activity_report="Rapport d'activité";
$l_backup_log="Journaux d'imputabilité";
}
else
{

/web/index.php
83,11 → 83,28
return $time[0]." h ".$time[1]." m ".$time[2]." s";
}
//if user need to be warn
if(isset($_GET['warn']) && isset($_GET['url']))
{
$direct_access = False;
}
# If the user is connected : retrieve the 3 last connexions
if ((isset ($user[4])) && ($user[4] != "0")){
if(isset($_GET['redirect'])) # if user has been warned, we redirect him to his website
{
$redir = "http://".$_GET['url'];
header("Location: $_GET[url]",TRUE,307);
exit;
}
if ((is_file("./acc/manager/lib/sql/drivers/mysql/functions.php"))&&(is_file("/etc/freeradius-web/config.php"))){
include_once("/etc/freeradius-web/config.php");
include_once("./acc/manager/lib/sql/drivers/mysql/functions.php");
$sql = "SELECT UserName, AcctStartTime, AcctStopTime, acctsessiontime FROM radacct WHERE UserName='$user[5]' ORDER BY AcctStartTime DESC LIMIT 0 , $nb_connection_history";
$link = @da_sql_pconnect($config); // on affiche pas les erreurs
if ($link){
127,6 → 144,8
if ($ipset_not_auth_yet[0] == '1'){ #if user not_auth_yet still here (index.php), we force DNS resquest.
echo "<script>window.location.reload(true)</script>"; # force DNS request
}
}
# Choice of language
if($Language == 'fr'){
169,6 → 188,13
$l_service_sms = "Service SMS actif";
$l_service_sms_n = "Service SMS non actif";
$l_acc_sms = "Auto enregistrement par SMS";
$l_explain_warn = "L'administrateur a créé une archive contenant vos journaux de connexion dans le cadre d'une affaire judiciaire.";
$l_continue_link = "<a href='index.php?redirect=1&url=$_GET[url]' class='button'>Je comprends et je souhaite continuer ma navigation.</a>";
$l_title_warn="Cher utilisateur, ";
$l_explain_warn_name="Une personne sous le nom de ";
$l_explain_warn_ip="sous cette IP : ";
$l_explain_warn_date="a consulté vos journaux de connexion le ";
$l_explain_warn_reason="en émettant la raison suivante : ";
}
else if($Language == 'pt'){
$l_access_denied = "Controle de acesso";
210,6 → 236,13
$l_service_sms = "SMS service enable";
$l_service_sms_n = "SMS service disable";
$l_acc_sms = "Auto registration by SMS";
$l_explain_warn = "El administrador ha creado un archivo que contiene los periódicos de inicio de sesión como parte de un proceso judicial.";
$l_continue_link = "<a href='index.php?redirect=1&url=$_GET[url]' class='button'>Lo comprendo y deseo continuar mi navegación.</a>";
$l_title_warn="Estimado usuario,";
$l_explain_warn_name="El usario ";
$l_explain_warn_ip="con este IP : ";
$l_explain_warn_date="consultó a sus registros de conexión el ";
$l_explain_warn_reason="con la siguiente razón : ";
}
else {
$l_access_denied = "Access control";
251,6 → 284,13
$l_service_sms = "SMS service enable";
$l_service_sms_n = "SMS service disable";
$l_acc_sms = "Auto registration by SMS";
$l_explain_warn = "The administrator created an archive which contains your imputabilities logs for a judicial investigation.";
$l_continue_link = "<a href='index.php?redirect=1&url=$_GET[url]' class='button'>I understand and I wish to continue.</a>";
$l_title_warn="Dear user,";
$l_explain_warn_name="Someone called ";
$l_explain_warn_ip="with this IP : ";
$l_explain_warn_date="has read your connexion logs at ";
$l_explain_warn_reason="because : ";
}
$l_title = ($direct_access ? $l_access_welcome : ($network_pb ? $l_access_unavailable : $l_access_denied));
318,9 → 358,19
}
}
else {
#if user need to be warn about that someone who read his logs
if(isset($_GET['warn']) && isset($_GET['url']) && $_GET['warn'] == '1')
{
echo"
<div id=\"cadre_titre\" class=\"titre_refus\">
<p id=\"acces_controle\" class=\"titre_refus\">$l_title</p>";
<p id=\"acces_controle\" class=\"titre_refus\">$l_title_warn</p>";
}
else
{
echo"
<div id=\"cadre_titre\" class=\"titre_refus\">
<p id=\"acces_controle\" class=\"titre_refus\">$l_title</p>";
}
}
?>
<div id="boite_logo">
396,6 → 446,45
</div>";
}
else {
#if user need to be warn about that someone who read his logs
if(isset($_GET['warn']) && isset($_GET['url']) && $_GET['warn'] == '1')
{
$filename="/var/www/html/acc/backup/log_info.txt";
$l_explain_warn="";
if(file_exists($filename)){
$fichier = fopen($filename, "r");
$content = file($filename);
foreach($content as $line){
$infos=explode("|||", $line);
$log_date=$infos[0];
$log_user=$infos[1];
$log_reason=$infos[2];
$log_ip=$infos[3];
}
$l_explain_warn="$l_explain_warn_name$log_user ( $l_explain_warn_ip$log_ip ) $l_explain_warn_date$log_date $l_explain_warn_reason$log_reason";
}
else
{
echo "Log error!";
}
echo "
<div id=\"box_refuse\">
<img src=\"$img_rep$img_warning\">
<p>$l_explain_warn</p>
</div>
<div id=\"liens_redir\">
<p>$l_continue_link</p>
</div>";
}
else
{
echo "
<div id=\"box_refuse\">
<img src=\"$img_rep$img_false\">
404,7 → 493,8
<div id=\"liens_redir\">
<p>$l_back_page</p>
</div>";
}
}
}
if (($network_pb)&&(! $direct_access)) {
echo " <span>Diagnostic : $diagnostic</span>";
}

/web/intercept.php
374,6 → 374,37
default: $result = 0; // Default: It was not a form request -> client go to login form
}
//check if we need to warn user about the imputability logs.
if($result == 1)
{
if ((is_file("./acc/manager/lib/sql/drivers/mysql/functions.php"))&&(is_file("/etc/freeradius-web/config.php"))){
include_once("/etc/freeradius-web/config.php");
include_once("./acc/manager/lib/sql/drivers/mysql/functions.php");
$user_url=$_GET['userurl'];
$user_uid=$_GET['uid'];
$sql = "SELECT attribute, value FROM radreply WHERE username='$user_uid'";
$link = @da_sql_pconnect($config); // on affiche pas les erreurs
if ($link){
$res = @da_sql_query($link,$config,$sql); // on affiche pas les erreurs
if ($res){
while(($row = @da_sql_fetch_array($res,$config))){
if ($row['attribute'] == "Filter-Id") $filter_id = $row['value']; // on obtient le Filter-Id de l'utilisateur
}
if($filter_id[3] == '1')
{
#set the fourth bit of filter-id to '0'
$sql = "set @CurrentFilter=(SELECT value from radreply where username='$user_uid');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'0', (@CurrentFilterRight)) WHERE username='$user_uid'";
$res = mysqli_multi_query($link,$sql);
header("Location: http://alcasar/index.php?warn=1&url=$user_url"); //we present to user information about imputability logs
exit;
}
}
}
}
}
# Otherwise it was not a form request
# Send out an error message
if ($result == 0) { //erreur