/conf/sudoers |
---|
27,6 → 27,7 |
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem |
Cmnd_Alias SSL=/usr/bin/openssl,/usr/local/bin/alcasar-importcert.sh # to manage the certificates |
Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # to manage htdigest groups |
Cmnd_Alias LOG_GEN=/usr/local/bin/alcasar-generate_log.sh # to create log PDF from ACC |
# Defaults specification |
# Defaults syslog=auth |
46,6 → 47,6 |
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom |
# %users localhost=/sbin/shutdown -h now |
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST |
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN |
ADMIN LAN_ORG=(root) NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE |
/rpms/i586/wkhtmltopdf-0.12.3-1.noarch.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/rpms/wkhtmltopdf-0.12.3-1.spec |
---|
0,0 → 1,67 |
Summary: Convert HTML to PDF |
Name: wkhtmltopdf |
Version: 0.12.3 |
Release: 1 |
License: GPL |
BuildArch: noarch |
URL: http://wkhtmltopdf.org/ |
Group: Development/Tools |
Source: %{name}-%{version}.tar.gz |
Provides: wkhtmltopdf = %{version}-%{release} |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot |
%description |
Convert HTML to PDF using the Qt WebKit rendering engine |
%prep |
%setup -q -n %{name}-%{version} |
%install |
rm -rf %{buildroot} |
mkdir -p %{buildroot}/usr/bin |
mkdir -p %{buildroot}/usr/include |
mkdir -p %{buildroot}/usr/include/wkhtmltox |
mkdir -p %{buildroot}/usr/lib |
mkdir -p %{buildroot}/usr/share |
mkdir -p %{buildroot}/usr/share/man/man1 |
cp usr/bin/* %{buildroot}/usr/bin/ |
cp usr/include/wkhtmltox/* %{buildroot}/usr/include/wkhtmltox/ |
cp usr/lib/* %{buildroot}/usr/lib/ |
cp usr/share/man/man1/* %{buildroot}/usr/share/man/man1/ |
ln -s %{buildroot}/usr/lib/libwkhtmltox.so.0.12.3 %{buildroot}/usr/lib/libwkhtmltox.so |
ln -s %{buildroot}/usr/lib/libwkhtmltox.so.0.12.3 %{buildroot}/usr/lib/libwkhtmltox.so.0 |
#ln -s %{buildroot}/usr/lib/libwkhtmltox.so.0.12.3 %{buildroot}/usr/lib/libwkhtmltox.so.0.12 probleme avec le '1' |
%clean |
#rm -rf %{buildroot} |
%files |
%defattr(-,root,root) |
%attr(0755,root,root) /usr/bin/wkhtmltopdf |
%attr(0755,root,root) /usr/bin/wkhtmltoimage |
/usr/bin/wkhtmltoimage |
/usr/bin/wkhtmltopdf |
/usr/include/wkhtmltox/dllbegin.inc |
/usr/include/wkhtmltox/dllend.inc |
/usr/include/wkhtmltox/image.h |
/usr/include/wkhtmltox/pdf.h |
/usr/lib/libwkhtmltox.so |
/usr/lib/libwkhtmltox.so.0 |
#/usr/lib/libwkhtmltox.so.0.12 |
/usr/lib/libwkhtmltox.so.0.12.3 |
/usr/share/man/man1/wkhtmltoimage.1.xz |
/usr/share/man/man1/wkhtmltopdf.1.xz |
%changelog |
* Tue Jul 19 2016 Raphael for ALCASAR projet |
RPM created for Mageia |
/rpms/x86_64/wkhtmltopdf-0.12.3-1.noarch.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/scripts/alcasar-conup.sh |
---|
22,6 → 22,7 |
#1-> profile1 |
#2-> profile2 |
#3-> profile3 |
#4-> warn_user (if imputability report has been generated) |
#6-> WL |
#7-> BL |
#8-> HAVP |
/scripts/alcasar-generate_log.sh |
---|
0,0 → 1,168 |
#Corrélation et Generation des logs au format PDF |
#Il est possible de demander les logs : |
#-depuis le début (pas d'argument) |
#-à partir d'une date (un seul argument) |
#-en spécifiant un intervale (deux arguments correspondant aux bornes respectives) |
#Par Raphaël Pion |
usage="Usage: alcasar-generate_log.sh PASSWORD && ({ '' } | { 'YYYY-MM-DD HH:MM:SS' } | { 'YYYY-MM-DD HH:MM:SS' 'YYYY-MM-DD HH:MM:SS' })" |
nb_args=$# |
DIR='/var/www/html/acc/backup/' |
TMP_SQL="/tmp/log_sql.csv" |
TMP_USERS="/tmp/log_users" |
TMP_HTML="$DIR/log_nf.html" |
TMP_PDF="$DIR/imputabilities_logs-$(date +%F).pdf" |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
ARCHIVE_LOCATION="$DIR/imputabilities_logs.zip" |
if [ $nb_args -eq 1 ] |
then |
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct ORDER BY acctstarttime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';" |
SECTION_LOG="Extraction de tous les journaux" |
fi |
if [ $nb_args -eq 2 ] |
then |
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct WHERE acctstarttime >= '$2' ORDER BY acctstarttime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';" |
echo $QUERY |
SECTION_LOG="Extraction des journaux à partir du $2" |
fi |
if [ $nb_args -eq 3 ] |
then |
QUERY="SELECT username,callingstationid,framedipaddress,acctstarttime,acctstoptime,acctinputoctets,acctoutputoctets,acctterminatecause FROM radacct WHERE acctstarttime >= '$2' AND acctstarttime <= '$3' ORDER BY acctstoptime INTO OUTFILE '$TMP_SQL' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';" |
SECTION_LOG="Extraction des journaux entre $2 et $3" |
fi |
if [ $nb_args -eq 0 ] |
then |
echo $usage |
exit |
fi |
if [ $nb_args -gt 3 ] |
then |
echo $usage |
exit |
fi |
if [ -e $TMP_SQL ] |
then |
rm $TMP_SQL |
fi |
if [ -e $TMP_PDF ] |
then |
rm $TMP_PDF |
fi |
if [ -e $ARCHIVE_LOCATION ] |
then |
rm $ARCHIVE_LOCATION |
fi |
#get log information for each users |
mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev) -e "$QUERY" |
#Create HTML document which contains every informations about users |
echo "<!DOCTYPE html>" > $TMP_HTML |
echo "<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>" >> $TMP_HTML |
echo "<TITLE>ALCASAR Report</TITLE>" >> $TMP_HTML |
echo "<link rel='stylesheet' type='text/css' href='../../css/bootstrap.min.css'>" >> $TMP_HTML |
echo "<link rel='stylesheet' type='text/css' href='../../css/report.css'>" >> $TMP_HTML |
echo "</HEAD>" >> $TMP_HTML |
echo "<body>" >> $TMP_HTML |
echo "<h1>$SECTION_LOG</h1>" >> $TMP_HTML |
echo "<i><p style='text-align: right;'>Date de création $(date +%F)</p></i>" >> $TMP_HTML |
echo "<font size='1'>" >> $TMP_HTML |
cat $TMP_SQL | while read LIGNE_SQL |
do |
LOG_IP=$(echo $LIGNE_SQL | cut -d',' -f3) |
LOG_DATE1=$(echo $LIGNE_SQL | cut -d',' -f4) |
LOG_DATE2=$(echo $LIGNE_SQL | cut -d',' -f5) |
LOG_Y1=$(echo $LOG_DATE1 | cut -d'-' -f1) |
LOG_M1=$(echo $LOG_DATE1 | cut -d'-' -f2) |
LOG_D1=$(echo $LOG_DATE1 | cut -d'-' -f3 | cut -d' ' -f1) |
LOG_H1=$(echo $LOG_DATE1 | cut -d'-' -f3 | cut -d' ' -f2) |
LOG_Y2=$(echo $LOG_DATE2 | cut -d'-' -f1) |
LOG_M2=$(echo $LOG_DATE2 | cut -d'-' -f2) |
LOG_D2=$(echo $LOG_DATE2 | cut -d'-' -f3 | cut -d' ' -f1) |
LOG_H2=$(echo $LOG_DATE2 | cut -d'-' -f3 | cut -d' ' -f2) |
DUMP=$(nfdump -O tstart -R /var/log/nfsen/profiles-data/live/alcasar_netflow/ -t $LOG_Y1/$LOG_M1/$LOG_D1.$LOG_H1-$LOG_Y2/$LOG_M2/$LOG_D2.$LOG_H2 -o "fmt:<tr><td class='numberLine'></td><td>%sa</td><td>%sp</td><td>%da</td><td>%dp</td><td>%ts</td></tr>" | tail -n +2 | head -n -4 | grep "$LOG_IP") |
if [ ! -z "$DUMP" ] |
then |
echo "<div class='container'> " >> $TMP_HTML |
echo "<table class='table table-striped'>" >> $TMP_HTML |
echo "<thead>" >> $TMP_HTML |
echo "<tr>" >> $TMP_HTML |
echo "<th>Username</th>" >> $TMP_HTML |
echo "<th>Client @MAC</th>" >> $TMP_HTML |
echo "<th>Client @IP</th>" >> $TMP_HTML |
echo "<th>Login Time</th>" >> $TMP_HTML |
echo "<th>Logout Time</th>" >> $TMP_HTML |
echo "<th>Upload</th>" >> $TMP_HTML |
echo "<th>Download</th>" >> $TMP_HTML |
echo "<th>Cause</th>" >> $TMP_HTML |
echo "</tr></thead><tbody><tr>" >> $TMP_HTML |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f1) "</td>" >> $TMP_HTML |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f2) "</td>" >> $TMP_HTML |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f3) "</td>" >> $TMP_HTML |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f4) "</td>" >> $TMP_HTML |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f5) "</td>" >> $TMP_HTML |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f6) "</td>" >> $TMP_HTML |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f7) "</td>" >> $TMP_HTML |
echo "<td>" $(echo $LIGNE_SQL | cut -d',' -f8) "</td>" >> $TMP_HTML |
echo "</tr></tbody></table></div>" >> $TMP_HTML |
echo "<div class='container mySpace'> " >> $TMP_HTML |
echo "<table class='table table-striped'>" >> $TMP_HTML |
echo "<thead>" >> $TMP_HTML |
echo "<tr>" >> $TMP_HTML |
echo "<th>N°</th>" >> $TMP_HTML |
echo "<th>@IP src</th>" >> $TMP_HTML |
echo "<th>Port src</th>" >> $TMP_HTML |
echo "<th>@IP dst</th>" >> $TMP_HTML |
echo "<th>Port dst</th>" >> $TMP_HTML |
echo "<th>Date</th>" >> $TMP_HTML |
echo "</tr></thead><tbody>" >> $TMP_HTML |
echo $DUMP >> $TMP_HTML |
echo "</tbody></table></div>" >> $TMP_HTML |
fi |
done |
echo "</font>" >> $TMP_HTML |
echo "</body>" >> $TMP_HTML |
echo "</HTML>" >> $TMP_HTML |
#inform users about that by setting the fourth bit of Filter-Id at 1. |
QUERY="SELECT username from radreply INTO OUTFILE '$TMP_USERS' FIELDS TERMINATED BY ',' ENCLOSED BY '' LINES TERMINATED BY '\n';" |
mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev) -e "$QUERY" |
if [ -e $TMP_USERS ] && [ $(cat $TMP_USERS | wc -l) -gt 0 ] |
then |
for user in $(cat $TMP_USERS) |
do |
QUERY="set @CurrentFilter=(SELECT value from radreply where username='$user');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'1', (@CurrentFilterRight)) WHERE username='$user' ;" |
mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev) -e "$QUERY" |
done |
fi |
rm $TMP_USERS |
/usr/bin/wkhtmltopdf $TMP_HTML $TMP_PDF |
/usr/bin/7za a -tzip -p$1 -mem=AES256 $ARCHIVE_LOCATION $TMP_PDF |
chown apache:apache $ARCHIVE_LOCATION |
rm $TMP_HTML |
rm $TMP_SQL |
rm $TMP_PDF |
/scripts/alcasar-iptables.sh |
---|
168,7 → 168,6 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set users_list src -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 56 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set users_list src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 56 |
# Marquage des paquets qui tentent d'accéder directement à un serveur sans authentification en mode proxy pour pouvoir les rejeter en INPUT |
# Mark packets that attempt to directly access a server without authentication with proxy client to reject them in INPUT rules |
#$IPTABLES -A PREROUTING -t mangle -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp -m tcp --dport 80 -m string --string 'GET http' --algo bm --from 50 --to 70 -j MARK --set-mark 10 |
/scripts/alcasar-rpm-download.sh |
---|
11,7 → 11,7 |
VERSION="5" |
ARCH="i586" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man kernel-firmware-nonfree dos2unix" |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man kernel-firmware-nonfree dos2unix p7zip" |
rpm_repository_sync () |
{ |
/scripts/alcasar-urpmi.sh |
---|
14,7 → 14,7 |
# The kernel version we compile netflow for |
KERNEL="kernel-server-4.4.13-1.mga5-1-1.mga5" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man kernel-firmware-nonfree dos2unix" |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man kernel-firmware-nonfree dos2unix p7zip" |
rpm_repository_sync () |
{ |
/web/acc/backup/log_generation.php |
---|
0,0 → 1,394 |
<!DOCTYPE html> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
<TITLE>ALCASAR Report</TITLE> |
<link rel="stylesheet" type="text/css" href="../../../css/bootstrap.min.css"> |
<script src="../../../js/jquery.js"></script> |
<script src="../../../js/bootstrap.min.js"></script> |
<style> |
body{ |
background-color: #EFEFEF; |
} |
</style> |
</HEAD> |
<body> |
<?php |
#Cette page permet de générer les journaux d'imputabilité dans une archive avec mot de passe. |
#Lors de la création de cette archive, tous les utilisateurs d'alcasar seront prévenus lors de leur prochaine connexion par un message d'alerte. |
#Cette page a été créé suite à la demande d'une préfecture de police afin de faciliter le déroulement des affaires judiciaires UNIQUEMENT. |
# Choice of language |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) |
{ |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]),0,2)); |
} |
if($Language == 'fr') |
{ |
$l_info = "Génération des journaux d'imputabilité"; |
$l_log_info = "Vous allez générer des journaux qui avertiront tous les utilisateurs. En effet, cette pratique est réservée uniquement de le cadre d'une enquête judiciaire. Vous comprenez donc les risques en continuant ici."; |
$l_password = "Entrez votre mot de passe afin de protéger votre archive contenant le PDF des journaux d'imputabilité"; |
$l_submit = "Continuer"; |
$l_date1="Commençant le ..."; |
$l_date2="Terminant le ..."; |
$l_hours="Jusqu\'au ..."; |
$l_options_info = "Que désirez vous?"; |
$l_options_1="Tous les journaux"; |
$l_options_2="Selectionnez un intervale ..."; |
$l_options_3="Selectionnez depuis une date ..."; |
$l_load="Chargement..."; |
$l_create="Les utilisateurs ont été prévenus de cette action et l'archive a bien été crée, retenez bien votre mot de passe car il sera impossible de vous le redonner"; |
$l_download="Télécharger l'archive"; |
$l_error="Vous devez remplir les informations du formulaire!"; |
$l_demandeur="Nom du demandeur :"; |
$l_commentary="Raison :"; |
$l_info_form="Information du demandeur :"; |
$l_logtab="Dernières entrées :"; |
$l_empty_log="Les journaux sont vides"; |
} |
else |
{ |
$l_info = "Imputabilities logs generation"; |
$l_log_info = "You are generating logs which will warn users. In fact, this action is only reserved for a judicial investigation. So, you understand risks if you proceed."; |
$l_password = "Enter your password to protect your archive which contains the PDF of imputabilities logs."; |
$l_submit = "Proceed"; |
$l_date1="Start at ..."; |
$l_date2="End at ..."; |
$l_hours="At ..."; |
$l_options_info = "What do you want?"; |
$l_options_1="All logs"; |
$l_options_2="Select a range ..."; |
$l_options_3="Select from a specific date ..."; |
$l_create="Users have been warned and your archive has been created! Don't forget your password!"; |
$l_load="Loading..."; |
$l_download="Download archive"; |
$l_error="You need to submit form informations!!"; |
$l_demandeur="Applicant name :"; |
$l_commentary="Reason :"; |
$l_info_form="User Information"; |
$l_logtab="Last entries :"; |
$l_empty_log="Logs are empty"; |
} |
$filename='/var/www/html/acc/backup/log_info.txt'; |
if(isset($_POST['submit'])) |
{ |
$password=$_POST['password']; |
$demandeur=$_POST['demandeur']; |
$raison=$_POST['comment']; |
#si le mot de passe est vide ou si il contient des espaces |
if($password != "" && $demandeur != "" && $raison != "") |
{ |
#Génération de log |
$text=date("Y-m-d H:i:s")."|||".$demandeur."|||".$raison."|||".$_SERVER['REMOTE_ADDR']."|||"; |
#supprimer les nouvelles lignes |
$text = str_replace("\n", ' ', $text); |
$text = str_replace("\r", ' ', $text); |
file_put_contents($filename, $text.PHP_EOL, FILE_APPEND); |
#Création des journaux dans une archive avec mot de passe. |
$filename_logs="imputabilities_logs.zip"; |
switch($_POST['submit']) |
{ |
case 'query_all': |
exec("sudo alcasar-generate_log.sh '$password'"); |
break; |
case 'query_range': |
$date1_selected= $_POST['start-year'].'-'.$_POST['start-month'].'-'.$_POST['start-day'].' '.$_POST['start-hour'].':'.$_POST['start-min'].':'.$_POST['start-sec']; |
$date2_selected= $_POST['stop-year'].'-'.$_POST['stop-month'].'-'.$_POST['stop-day'].' '.$_POST['stop-hour'].':'.$_POST['stop-min'].':'.$_POST['stop-sec']; |
exec("sudo alcasar-generate_log.sh '$password' '$date1_selected' '$date2_selected' "); |
break; |
case 'query_simple': |
$date1_selected= $_POST['start-year'].'-'.$_POST['start-month'].'-'.$_POST['start-day'].' '.$_POST['start-hour'].':'.$_POST['start-min'].':'.$_POST['start-sec']; |
exec("sudo alcasar-generate_log.sh '$password' '$date1_selected'"); |
break; |
} |
#Interface permettant de télécharger les journaux d'imputabilité |
echo "<h3>$l_create</h3>"; |
echo "<a href=\"$filename_logs\" class=\"btn btn-info btn-lg\">"; |
echo " <span class=\"glyphicon glyphicon-download-alt\"></span> $l_download"; |
echo "</a>"; |
} |
else |
{ |
echo "$l_error"; |
} |
} |
else |
{ |
#Interface permettant de configurer la génération des journaux d'imputabilité. |
echo "<div>"; |
echo " <div style=\"margin-top:20px\">"; |
echo " <div>"; |
echo " <fieldset>"; |
echo " <h3>$l_info</h3>"; |
echo " <p>$l_log_info</p>"; |
echo " </fieldset>"; |
echo "<h4> $l_options_info </h4>"; |
echo "<div class=\"radio\">"; |
echo "<label><input type=\"radio\" name=\"optradio\" onclick=\"radio_interact1()\" checked> $l_options_1 </label>"; |
echo "</div>"; |
echo "<div class=\"radio\">"; |
echo "<label><input type=\"radio\" name=\"optradio\" onclick=\"radio_interact2()\"> $l_options_2 </label>"; |
echo "</div>"; |
echo "<div class=\"radio\">"; |
echo "<label><input type=\"radio\" name=\"optradio\" onclick=\"radio_interact3()\"> $l_options_3 </label>"; |
echo "</div>"; |
echo "<form name=\"form_log\" method=\"post\" action=\"log_generation.php\" role=\"form\">"; |
echo "<p> $l_password </p><input name=\"password\" type=\"password\" size=\"25\">"; |
echo "<h2>$l_info_form</h2>"; |
echo "<p>$l_demandeur</p><textarea name='demandeur' style=\"height:25px;\"></textarea>"; |
echo "<p>$l_commentary</p><textarea name='comment'></textarea>"; |
echo "<p id=\"query_option\"></br></br><button type=\"submit\" onClick=\"this.classList.add('disabled');\" class=\"btn btn-primary\" name=\"submit\" value=\"query_all\"> $l_submit </button></p>"; |
} |
echo "<br><div style=\"height:1px;background:#717171;border-bottom:1px solid #313030:\"></div>"; |
echo "<h2>$l_logtab</h2>"; |
if(file_exists($filename)){ |
echo "<div class=\"container\">"; |
echo "<table class=\"table table-striped\">"; |
echo "<thead>"; |
echo "<tr>"; |
echo "<th>Date</th>"; |
echo "<th>User</th>"; |
echo "<th>Reason</th>"; |
echo "<th>IP address</th>"; |
echo "</tr>"; |
echo "</thead>"; |
echo "<tbody>"; |
$fichier = fopen($filename, "r"); |
$content = file($filename); |
foreach($content as $line){ |
$infos=explode("|||", $line); |
echo "<tr>"; |
echo "<td>$infos[0]</td>"; |
echo "<td>$infos[1]</td>"; |
echo "<td>$infos[2]</td>"; |
echo "<td>$infos[3]</td>"; |
echo "</tr>"; |
} |
echo "</tbody>"; |
echo "</table>"; |
echo "</div>"; |
} |
else |
{ |
echo "<p>$l_empty_log</p>"; |
} |
#javascript permettant de generer les dropdown des dates. Il faut s'assurer que les données envoyées soient au bon format afin d'etre traité dans alcasar-generation_logs.sh |
echo "<script>"; |
echo "function radio_interact1() {"; |
echo "document.getElementById(\"query_option\").innerHTML = '"; |
echo "</br></br><button type=\"submit\" class=\"btn btn-primary\" name=\"submit\" value=\"query_all\"> $l_submit</button>"; |
echo "';}"; |
echo "function radio_interact2() {"; |
echo " document.getElementById(\"query_option\").innerHTML = '"; |
echo "$l_date1 <select name=\"start-year\">"; |
$year = date('Y'); |
$years = $year-50; |
for ($i = $year; $i >= $years; $i--) { |
$sel = ($i == $year) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo "-<select name=\"start-month\">"; |
$month = date('m'); |
for ($i = 1; $i <= 12; $i++) { |
$sel = ($i == $month) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo "-<select name=\"start-day\">"; |
$day = date('d'); |
for ($i = 1; $i <= 31; $i++) { |
$sel = ($i == $day) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo "$l_hours <select name=\"start-hour\">"; |
$hour = date('G'); |
for ($i = 0; $i <= 23; $i++) { |
$sel = ($i == $hour) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo ":<select name=\"start-min\">"; |
$min = date('i'); |
for ($i = 0; $i <= 59; $i++) { |
$sel = ($i == $min) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo ":<select name=\"start-sec\">"; |
$sec = date('s'); |
for ($i = 0; $i <= 59; $i++) { |
$sel = ($i == $sec) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo "</br>"; |
echo "$l_date2 <select name=\"stop-year\">"; |
$year = date('Y'); |
$years = $year-50; |
for ($i = $year; $i >= $years; $i--) { |
$sel = ($i == $year) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo "-<select name=\"stop-month\">"; |
$month = date('m')+1; |
for ($i = 1; $i <= 12; $i++) { |
$sel = ($i == $month) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo "-<select name=\"stop-day\">"; |
$day = date('d'); |
for ($i = 1; $i <= 31; $i++) { |
$sel = ($i == $day) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo "$l_hours <select name=\"stop-hour\">"; |
$hour = date('G'); |
for ($i = 0; $i <= 23; $i++) { |
$sel = ($i == $hour) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo ":<select name=\"stop-min\">"; |
$min = date('i'); |
for ($i = 0; $i <= 59; $i++) { |
$sel = ($i == $min) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo ":<select name=\"stop-sec\">"; |
$sec = date('s'); |
for ($i = 0; $i <= 59; $i++) { |
$sel = ($i == $sec) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo "</br></br><button type=\"submit\" class=\"btn btn-primary\" name=\"submit\" value=\"query_range\"> $l_submit</button>"; |
echo "';}"; |
echo "function radio_interact3() {"; |
echo " document.getElementById(\"query_option\").innerHTML = '"; |
echo "$l_date1 <select name=\"start-year\">"; |
$year = date('Y'); |
$years = $year-50; |
for ($i = $year; $i >= $years; $i--) { |
$sel = ($i == $year) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo "-<select name=\"start-month\">"; |
$month = date('m'); |
for ($i = 1; $i <= 12; $i++) { |
$sel = ($i == $month) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo "-<select name=\"start-day\">"; |
$day = date('d'); |
for ($i = 1; $i <= 31; $i++) { |
$sel = ($i == $day) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo "$l_hours <select name=\"start-hour\">"; |
$hour = date('G'); |
for ($i = 0; $i <= 23; $i++) { |
$sel = ($i == $hour) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo ":<select name=\"start-min\">"; |
$min = date('i'); |
for ($i = 0; $i <= 59; $i++) { |
$sel = ($i == $min) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo ":<select name=\"start-sec\">"; |
$sec = date('s'); |
for ($i = 0; $i <= 59; $i++) { |
$sel = ($i == $sec) ? ' selected="selected"' : ''; |
$i = str_pad($i, 2, '0', STR_PAD_LEFT); |
echo "<option value=\"$i\"$sel>$i</option>"; |
} |
echo "</select>"; |
echo "</br></br><button type=\"submit\" class=\"btn btn-primary\" name=\"submit\" value=\"query_simple\"> $l_submit</button>"; |
echo "';}"; |
echo "</script>"; |
echo "</form>"; |
echo "</div>"; |
echo "</div>"; |
echo "</div>"; |
?> |
</body> |
</html> |
/web/acc/backup.php |
---|
1,6 → 1,8 |
<?php |
$select[0]="$l_backup_archive"; |
$select[1]="$l_backup_log"; |
$fich[0]="backup/sauvegarde.php"; |
$fich[1]="backup/log_generation.php"; |
$j=0; |
while ($j != count($select)) |
{ |
/web/acc/manager/lib/sql/change_attrs.php |
---|
82,6 → 82,8 |
if (isset($item_vals["$key"][$j]) && (isset($old_val) && $old_val !='') || $sql_attr=='Filter-Id'){ |
$old_val = $item_vals["$key"][$j]; |
$old_val = da_sql_escape_string($link, $old_val); |
#we keep the fourth bit of Filter-Id to warn user about administrator who read imputability logs. |
$val[3]=$old_val[3]; |
$res = da_sql_query($link,$config, |
"UPDATE $table SET value = '$val' WHERE $query_key = '$login' AND |
attribute = '$sql_attr' AND value = '$old_val';"); |
/web/acc/menu.php |
---|
74,6 → 74,7 |
$l_log="Générer les journaux"; |
$l_backup_archive="Archives"; |
$l_activity_report="Rapport d'activité"; |
$l_backup_log="Journaux d'imputabilité"; |
} |
else |
{ |
/web/index.php |
---|
83,11 → 83,28 |
return $time[0]." h ".$time[1]." m ".$time[2]." s"; |
} |
//if user need to be warn |
if(isset($_GET['warn']) && isset($_GET['url'])) |
{ |
$direct_access = False; |
} |
# If the user is connected : retrieve the 3 last connexions |
if ((isset ($user[4])) && ($user[4] != "0")){ |
if(isset($_GET['redirect'])) # if user has been warned, we redirect him to his website |
{ |
$redir = "http://".$_GET['url']; |
header("Location: $_GET[url]",TRUE,307); |
exit; |
} |
if ((is_file("./acc/manager/lib/sql/drivers/mysql/functions.php"))&&(is_file("/etc/freeradius-web/config.php"))){ |
include_once("/etc/freeradius-web/config.php"); |
include_once("./acc/manager/lib/sql/drivers/mysql/functions.php"); |
$sql = "SELECT UserName, AcctStartTime, AcctStopTime, acctsessiontime FROM radacct WHERE UserName='$user[5]' ORDER BY AcctStartTime DESC LIMIT 0 , $nb_connection_history"; |
$link = @da_sql_pconnect($config); // on affiche pas les erreurs |
if ($link){ |
127,6 → 144,8 |
if ($ipset_not_auth_yet[0] == '1'){ #if user not_auth_yet still here (index.php), we force DNS resquest. |
echo "<script>window.location.reload(true)</script>"; # force DNS request |
} |
} |
# Choice of language |
if($Language == 'fr'){ |
169,6 → 188,13 |
$l_service_sms = "Service SMS actif"; |
$l_service_sms_n = "Service SMS non actif"; |
$l_acc_sms = "Auto enregistrement par SMS"; |
$l_explain_warn = "L'administrateur a créé une archive contenant vos journaux de connexion dans le cadre d'une affaire judiciaire."; |
$l_continue_link = "<a href='index.php?redirect=1&url=$_GET[url]' class='button'>Je comprends et je souhaite continuer ma navigation.</a>"; |
$l_title_warn="Cher utilisateur, "; |
$l_explain_warn_name="Une personne sous le nom de "; |
$l_explain_warn_ip="sous cette IP : "; |
$l_explain_warn_date="a consulté vos journaux de connexion le "; |
$l_explain_warn_reason="en émettant la raison suivante : "; |
} |
else if($Language == 'pt'){ |
$l_access_denied = "Controle de acesso"; |
210,6 → 236,13 |
$l_service_sms = "SMS service enable"; |
$l_service_sms_n = "SMS service disable"; |
$l_acc_sms = "Auto registration by SMS"; |
$l_explain_warn = "El administrador ha creado un archivo que contiene los periódicos de inicio de sesión como parte de un proceso judicial."; |
$l_continue_link = "<a href='index.php?redirect=1&url=$_GET[url]' class='button'>Lo comprendo y deseo continuar mi navegación.</a>"; |
$l_title_warn="Estimado usuario,"; |
$l_explain_warn_name="El usario "; |
$l_explain_warn_ip="con este IP : "; |
$l_explain_warn_date="consultó a sus registros de conexión el "; |
$l_explain_warn_reason="con la siguiente razón : "; |
} |
else { |
$l_access_denied = "Access control"; |
251,6 → 284,13 |
$l_service_sms = "SMS service enable"; |
$l_service_sms_n = "SMS service disable"; |
$l_acc_sms = "Auto registration by SMS"; |
$l_explain_warn = "The administrator created an archive which contains your imputabilities logs for a judicial investigation."; |
$l_continue_link = "<a href='index.php?redirect=1&url=$_GET[url]' class='button'>I understand and I wish to continue.</a>"; |
$l_title_warn="Dear user,"; |
$l_explain_warn_name="Someone called "; |
$l_explain_warn_ip="with this IP : "; |
$l_explain_warn_date="has read your connexion logs at "; |
$l_explain_warn_reason="because : "; |
} |
$l_title = ($direct_access ? $l_access_welcome : ($network_pb ? $l_access_unavailable : $l_access_denied)); |
318,9 → 358,19 |
} |
} |
else { |
#if user need to be warn about that someone who read his logs |
if(isset($_GET['warn']) && isset($_GET['url']) && $_GET['warn'] == '1') |
{ |
echo" |
<div id=\"cadre_titre\" class=\"titre_refus\"> |
<p id=\"acces_controle\" class=\"titre_refus\">$l_title</p>"; |
<p id=\"acces_controle\" class=\"titre_refus\">$l_title_warn</p>"; |
} |
else |
{ |
echo" |
<div id=\"cadre_titre\" class=\"titre_refus\"> |
<p id=\"acces_controle\" class=\"titre_refus\">$l_title</p>"; |
} |
} |
?> |
<div id="boite_logo"> |
396,6 → 446,45 |
</div>"; |
} |
else { |
#if user need to be warn about that someone who read his logs |
if(isset($_GET['warn']) && isset($_GET['url']) && $_GET['warn'] == '1') |
{ |
$filename="/var/www/html/acc/backup/log_info.txt"; |
$l_explain_warn=""; |
if(file_exists($filename)){ |
$fichier = fopen($filename, "r"); |
$content = file($filename); |
foreach($content as $line){ |
$infos=explode("|||", $line); |
$log_date=$infos[0]; |
$log_user=$infos[1]; |
$log_reason=$infos[2]; |
$log_ip=$infos[3]; |
} |
$l_explain_warn="$l_explain_warn_name$log_user ( $l_explain_warn_ip$log_ip ) $l_explain_warn_date$log_date $l_explain_warn_reason$log_reason"; |
} |
else |
{ |
echo "Log error!"; |
} |
echo " |
<div id=\"box_refuse\"> |
<img src=\"$img_rep$img_warning\"> |
<p>$l_explain_warn</p> |
</div> |
<div id=\"liens_redir\"> |
<p>$l_continue_link</p> |
</div>"; |
} |
else |
{ |
echo " |
<div id=\"box_refuse\"> |
<img src=\"$img_rep$img_false\"> |
404,7 → 493,8 |
<div id=\"liens_redir\"> |
<p>$l_back_page</p> |
</div>"; |
} |
} |
} |
if (($network_pb)&&(! $direct_access)) { |
echo " <span>Diagnostic : $diagnostic</span>"; |
} |
/web/intercept.php |
---|
374,6 → 374,37 |
default: $result = 0; // Default: It was not a form request -> client go to login form |
} |
//check if we need to warn user about the imputability logs. |
if($result == 1) |
{ |
if ((is_file("./acc/manager/lib/sql/drivers/mysql/functions.php"))&&(is_file("/etc/freeradius-web/config.php"))){ |
include_once("/etc/freeradius-web/config.php"); |
include_once("./acc/manager/lib/sql/drivers/mysql/functions.php"); |
$user_url=$_GET['userurl']; |
$user_uid=$_GET['uid']; |
$sql = "SELECT attribute, value FROM radreply WHERE username='$user_uid'"; |
$link = @da_sql_pconnect($config); // on affiche pas les erreurs |
if ($link){ |
$res = @da_sql_query($link,$config,$sql); // on affiche pas les erreurs |
if ($res){ |
while(($row = @da_sql_fetch_array($res,$config))){ |
if ($row['attribute'] == "Filter-Id") $filter_id = $row['value']; // on obtient le Filter-Id de l'utilisateur |
} |
if($filter_id[3] == '1') |
{ |
#set the fourth bit of filter-id to '0' |
$sql = "set @CurrentFilter=(SELECT value from radreply where username='$user_uid');set @CurrentFilterLeft=(SELECT LEFT(@CurrentFilter,3));set @CurrentFilterRight=(SELECT RIGHT(@CurrentFilter,4));UPDATE radreply SET value = CONCAT((@CurrentFilterLeft),'0', (@CurrentFilterRight)) WHERE username='$user_uid'"; |
$res = mysqli_multi_query($link,$sql); |
header("Location: http://alcasar/index.php?warn=1&url=$user_url"); //we present to user information about imputability logs |
exit; |
} |
} |
} |
} |
} |
# Otherwise it was not a form request |
# Send out an error message |
if ($result == 0) { //erreur |