Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2292 → Rev 2293

/CHANGELOG
4,6 → 4,7
 
-------------------- 3.1.3 --------------------
NEWS
- Change the ALCASAR CA certificate extension to .crt (to be added more easily in Firefox).
 
ACC
- Print parsed log of Fail2Ban instead of raw log lines.
/alcasar.sh
800,45 → 800,56
</html>
EOF
# Définition du premier compte lié au profil 'admin'
if [ "$mode" = "install" ]
then
header_install
admin_portal=!
PTN='^[a-zA-Z0-9-]*$'
until [[ $(expr $admin_portal : $PTN) -gt 0 ]]
do
if [ "$mode" = "install" ]
then
header_install
if [ $Lang == "fr" ]
then
echo ""
echo "Définissez un premier compte d'administration d'ALCASAR :"
echo
echo -n "Nom : "
else
echo ""
echo "Define the first account allow to administrate ALCASAR :"
echo
echo -n "Account : "
fi
read admin_portal
if [ "$admin_portal" == "" ]
then
admin_portal=!
fi
done
admin_portal=!
PTN='^[a-zA-Z0-9-]*$'
until [[ $(expr $admin_portal : $PTN) -gt 0 ]]
do
header_install
if [ $Lang == "fr" ]
then
echo ""
echo "Définissez un premier compte d'administration d'ALCASAR :"
echo
echo -n "Nom : "
else
echo ""
echo "Define the first account allow to administrate ALCASAR :"
echo
echo -n "Account : "
fi
read admin_portal
if [ "$admin_portal" == "" ]
then
admin_portal=!
fi
done
# Creation of keys file for the admin account ("admin")
[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
mkdir -p $DIR_DEST_ETC/digest
chmod 755 $DIR_DEST_ETC/digest
until [ -s $DIR_DEST_ETC/digest/key_admin ]
do
/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin "ALCASAR Control Center (ACC)" $admin_portal
done
$DIR_DEST_BIN/alcasar-profil.sh --list
fi
[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
mkdir -p $DIR_DEST_ETC/digest
chmod 755 $DIR_DEST_ETC/digest
until [ -s $DIR_DEST_ETC/digest/key_admin ]
do
/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin "ALCASAR Control Center (ACC)" $admin_portal
done
$DIR_DEST_BIN/alcasar-profil.sh --list
fi
# ACC partitioning
rm -f /etc/httpd/conf/webapps.d/alcasar*
cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
<Directory $DIR_WEB>
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
<Directory $DIR_WEB/certs>
AddType application/x-x509-ca-cert crt
</Directory>
<Directory $DIR_ACC>
SSLRequireSSL
AllowOverride None
915,14 → 926,12
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
EOF
# Replacement of the extension .cer by .der in MIME type
$SED "s?^application/pkix-cert.*?application/pkix-cert der?g" /etc/mime.types
# Launch after coova (in order to wait tun0 to be up)
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/httpd.service
# Log file for ACC access imputability
[ -e /var/Save/security/acc_access.log ] || touch /var/Save/security/acc_access.log
chown root:apache /var/Save/security/acc_access.log
chmod 664 /var/Save/security/acc_access.log
# Launch after coova (in order to wait tun0 to be up)
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/httpd.service
# Log file for ACC access imputability
[ -e /var/Save/security/acc_access.log ] || touch /var/Save/security/acc_access.log
chown root:apache /var/Save/security/acc_access.log
chmod 664 /var/Save/security/acc_access.log
} # End of ACC ()
 
##########################################################################
/scripts/alcasar-CA.sh
222,14 → 222,14
 
# Link certs in ALCASAR Control Center
if [ -s "$CACERT" -a -s "$CAKEY" -a -s "$SRVCERT" -a -s "$SRVKEY" ];
then
[ -d $DIR_WEB/certs ] || mkdir -p $DIR_WEB/certs
rm -f $DIR_WEB/certs/*
ln -s $CACERT $DIR_WEB/certs/certificat_alcasar_ca.der
ln -s $SRVCERT $DIR_WEB/certs/certificat_alcasar.crt
rm -rf $DIR_TMP
exit 0
then
[ -d $DIR_WEB/certs ] || mkdir -p $DIR_WEB/certs
rm -f $DIR_WEB/certs/*
ln -s $CACERT $DIR_WEB/certs/certificat_alcasar_ca.crt
ln -s $SRVCERT $DIR_WEB/certs/certificat_alcasar.crt
rm -rf $DIR_TMP
exit 0
else
echo "Problème lors de la création des certificats (cf. $DIR_TMP/openssl-log)" >> $FIC_PARAM
exit 1
echo "Problème lors de la création des certificats (cf. $DIR_TMP/openssl-log)" >> $FIC_PARAM
exit 1
fi
/web/index.php
47,7 → 47,7
$hostname = $conf["HOSTNAME"].'.'.$conf["DOMAIN"];
$network_pb = false; // "alcasar-watchdog.sh" changes this value if a network issue is detected
$diagnostic = "can't contact the default router"; // "alcasar-watchdog.sh" changes this value if a network issue is detected
$cert_add = "http://$hostname/certs";
$certCa_link = "http://$hostname/certs/certificat_alcasar_ca.crt";
$direct_access = false;
$remote_ip = preg_match('#^([0-9]{1,3}\.){3}[0-9]{1,3}$#', $_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
$connection_history = '';
151,8 → 151,8
$l_contact_access_deny = "Contactez le responsable de la séurité (OSSI/RSSI) si vous pensez que ce filtrage est abusif.";
$l_contact_net_pb = "Contactez votre responsable informatique ou votre prestataire Internet pour plus d'information.";
$l_sms_access = "<a href=\"https://$hostname/autoregistrationinfo.php\">Auto Enregistrement par SMS</a>";
$l_install_certif = "<a href=\"$cert_add/certificat_alcasar_ca.der\">Installer le certificat racine</a>";
$l_install_certif_more = "<a href=\"$cert_add/certificat_alcasar_ca.der\">Installation du certificat de l'autorité; racine d'ALCASAR</a>";
$l_install_certif = "Installer le certificat racine";
$l_install_certif_more = "Installation du certificat de l'autorité; racine d'ALCASAR";
$l_certif_explain = "Permet l'échange de données sécurisées entre votre station de consultation et le portail captif ALCASAR.<BR>Si ce certificat n'est pas enregistré sur votre station de consultation, il est possible que des alertes de sécurité soient émises par votre navigateur.<br><br>";
$l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Aide complémentaire</a>";
$l_category = "catégorie :";
198,8 → 198,8
$l_contact_access_deny = "Entre em contato com o administrador do sistema de segurança se acha que essa filtragem é abusiva.";
$l_contact_net_pb = "Entre em contato com a empresa fornecedora de Internet para mais informações";
$l_sms_access = "<a href=\"https://$hostname/autoregistrationinfo.php\">Auto Registration by SMS</a>";
$l_install_certif = "<a href=\"$cert_add/certificat_alcasar_ca.der\">Instalar Certificado Alcasar AC</a>";
$l_install_certif_more = "<a href=\"$cert_add/certificat_alcasar_ca.der\">Instalar Certificado Alcasar AC</a>";
$l_install_certif = "Instalar Certificado Alcasar AC";
$l_install_certif_more = "Instalar Certificado Alcasar AC";
$l_certif_explain = "O certificado Permiti a troca de dados seguro entre seu computador e o portal Alcasar.<BR>Se este certificado não estiver incorporado no seu computador, alguns alertas de segurança deverá aparecer no navegador.<br><br>";
$l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Essa foi uma ajuda complementar</a>";
$l_category = "categoria :";
245,8 → 245,8
$l_contact_access_deny = "如果您认为该过滤不当,请联系安全负责人(OSSI/RSSI)。";
$l_contact_net_pb = "请联系IT负责人或网络服务商来了解更多信息。";
$l_sms_access = "<a href=\"https://$hostname/autoregistrationinfo.php\">短信自动登录 </a>";
$l_install_certif = "<a href=\"$cert_add/certificat_alcasar_ca.der\">安装根证书 </a>";
$l_install_certif_more = "<a href=\"$cert_add/certificat_alcasar_ca.der\">安装根证书 </a>";
$l_install_certif = "安装根证书";
$l_install_certif_more = "安装根证书";
$l_certif_explain = "允许您的计算机与ALCASAR门户进行安全数据交换。<BR>如果该证书未包含在您的计算机中,您的浏览器将出现一些安全提醒。<br><br>";
$l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">额外帮助</a>";
$l_category = "类别 :";
293,9 → 293,8
$l_contact_net_pb = "المرجو الاتصال بمدير المعلومات أو مورد الأنترنت للمزيد من المعلومات";
$auto_save_sms_text = "تسجيل ذاتي على";
$l_sms_access = "<a href=\"https://$hostname/autoregistrationinfo.php\">SMS $auto_save_sms_text</a>";
$l_install_certif = "<a href=\"$cert_add/certificat_alcasar_ca.der\">ركب جذر الشهادة</a>";
$install_cert_text = "تركيب شهادة السلطة؛ جذر الكزار";
$l_install_certif_more = "<a href=\"$cert_add/certificat_alcasar_ca.der\">ALCASAR $install_cert_text</a>";
$l_install_certif = "ركب جذر الشهادة";
$l_install_certif_more = "ALCASAR تركيب شهادة السلطة؛ جذر الكزار";
$exchange_data_text = "يمَكن من تبادل البيانات المؤمّنة بين محطة الاستفسار و بوابة الكزار الأسيرة";
$cert_not_saved_text = "إذا لم يتم تسجيل هذه الشهادة على محطة الاستفسار الخاصة بك، فمن الممكن ان يتم إصدار تنبيهات أمنية من متصحفك";
$l_certif_explain = "<br><br>.$cert_not_saved_text<br> .$exchange_data_text";
361,8 → 360,8
$l_contact_access_deny = "Contact your security system manager if you think this filtering is abusive.";
$l_contact_net_pb = "Contact your network responsive or your Internet provider for more information";
$l_sms_access = "<a href=\"https://$hostname/autoregistrationinfo.php\">Auto Registration by SMS</a>";
$l_install_certif = "<a href=\"$cert_add/certificat_alcasar_ca.der\">Install ALCASAR AC Certificate</a>";
$l_install_certif_more = "<a href=\"$cert_add/certificat_alcasar_ca.der\">Install ALCASAR AC Certificate</a>";
$l_install_certif = "Install ALCASAR AC Certificate";
$l_install_certif_more = "Install ALCASAR AC Certificate";
$l_certif_explain = "Allow secure data exchange between your computer and ALCASAR portal.<BR>If this certificate isn't incorporated in your computer, some security alerts should appear in your browser.<br><br>";
$l_certif_explain_help = "<a href=\"alcasar-certificat.pdf\" target=\"_blank\">Complementary help</a>";
$l_category = "category :";
531,7 → 530,7
<?php endif; ?>
 
<div class="box_menu" id="box_certif" onmouseover="setBoxInfoContent('text_certif');">
<span><?= $l_install_certif ?></span>
<span><a href="<?= $certCa_link ?>"><?= $l_install_certif ?></a></span>
<img src="<?= $img_rep.$img_certificate ?>">
</div>
 
563,7 → 562,7
</div>
 
<div class="div-cache" id="text_certif">
<h2><?= $l_install_certif_more ?></h2>
<h2><a href="<?= $certCa_link ?>"><?= $l_install_certif_more ?></a></h2>
<p><?= "$l_certif_explain $l_certif_explain_help" ?></p>
<img src="<?= $img_rep.$img_certificate ?>">
</div>