| /VERSION |
|---|
| 1,0 → 0,0 |
| 3.2.0b |
| 3.2 |
| /readme.txt |
|---|
| 1,24 → 1,24 |
| $Id: readme-2.0.txt 581 2011-04-21 16:59:59Z richard $ |
| Alcasar-3.1.4 |
| Alcasar-3.2 |
| *********** English ********** |
| - New installation : Need the DVD of Linux Mageia5.1 (Mageia-5.1-x86_64-DVD.iso). |
| - New installation : Need the DVD of Linux Mageia6 (Mageia-6-x86_64-DVD.iso). |
| --> Follow ALCASAR installation documentation. |
| - Update an earlier version |
| --> On your running ALCASAR, run the installation of the new version and follow the instructions |
| if the update process is not compatible, the process will stop after creating a configuration file |
| --> 1 - Retrieve this configuration file (/tmp/alcasar-conf.tar.gz) |
| --> 2 - Install the new system Linux-Mageia-5.1 (see installation documentation) |
| --> 2 - Install the new system Linux-Mageia-6 (see installation documentation) |
| --> 3 - Copy the file 'alcasar-conf.tar.gz' in the folder '/tmp' before launching the installation of the new version of ALCASAR |
| *********** Français ******** |
| - Nouvelle installation : elle s'effectue sur la base du DVD de Linux Mageia5.1 (Mageia-5.1-x86_64-DVD.iso). |
| - Nouvelle installation : elle s'effectue sur la base du DVD de Linux Mageia6 (Mageia-6-x86_64-DVD.iso). |
| --> Suivez la procédure d'installation d'ALCASAR. |
| - Mise à jour d'une version plus ancienne |
| --> sur votre ALCASAR en fonctionnement, lancez l'installation de la nouvelle version et suivez les instructions. |
| si la mise à jour n'est pas possible, le processus s'arrétera après avoir créé un fichier de configuration |
| --> 1 - Récupérez ce fichier de configuration (/tmp/alcasar-conf.tar.gz) |
| --> 2 - Installez Linux-Mageia4.1 (cf. doc d'installation) |
| --> 2 - Installez Linux-Mageia6 (cf. doc d'installation) |
| --> 3 - copiez le fichier 'alcasar-conf.tar.gz' dans le répertoire '/tmp' avant de lancez l'installation de la nouvelle version d'ALCASAR |
| /scripts/alcasar-iptables.sh |
|---|
| 41,10 → 41,6 |
| SSH=${SSH:=off} |
| SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2` |
| SSH_ADMIN_FROM=${SSH_ADMIN_FROM:="0.0.0.0/0.0.0.0"} # WAN IP address to reduce ssh access (all ip allowed on LAN side) |
| LDAP=`grep ^LDAP= $CONF_FILE|cut -d"=" -f2` # LDAP external server active (on/off) |
| LDAP=${LDAP:=off} |
| LDAP_SERVER=`grep ^LDAP_SERVER= $CONF_FILE|cut -d"=" -f2` # WAN IP address to reduce LDAP WAN access (all ip allowed on LAN side) |
| LDAP_SERVER=${LDAP_SERVER:="0.0.0.0/0.0.0.0"} |
| IPTABLES="/sbin/iptables" |
| IP_REHABILITEES="/etc/dansguardian/lists/exceptioniplist" # Rehabilitated IP |
| 429,11 → 425,11 |
| ############################# |
| # OUTPUT # |
| ############################# |
| # On laisse tout sortir sur toutes les cartes sauf celle qui est connectée sur l'extérieur |
| # Everything is allowed but traffic through outside network interface |
| # On laisse tout sortir à l'exception de la carte externe (cf ci-dessous) |
| # Everything is allowed apart from outside network interface (see bellow) |
| $IPTABLES -A OUTPUT ! -o $EXTIF -j ACCEPT |
| # Si configéré, on autorise les requêtes DHCP |
| # Si configuré, on autorise les requêtes DHCP |
| # Allow DHCP requests if configured |
| public_ip_mask=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` # ALCASAR WAN IP address |
| if [[ "$public_ip_mask" == "dhcp" ]] |
| 446,8 → 442,8 |
| # Allow DNS requests to identified DNS servers |
| $IPTABLES -A OUTPUT -o $EXTIF -d $DNSSERVERS -p udp --dport domain -m state --state NEW -j ACCEPT |
| # On autorise les requêtes HTTP sortantes |
| # HTTP requests are allowed |
| # On autorise les requêtes HTTP avec log Netflow (en provenance de Dansguardian) |
| # HTTPS requests are allowed with netflow log (from Dansguardian) |
| $IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW |
| $IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT |
| 456,7 → 452,7 |
| $IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport https -j ACCEPT |
| # On autorise les requêtes RSYNC sortantes (maj BL de Toulouse) |
| # RSYNC requests are allowed (to update BL of Toulouse) |
| # RSYNC requests are allowed (update of Toulouse BL) |
| $IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport rsync -j ACCEPT |
| # On autorise les requêtes FTP |
| 473,13 → 469,10 |
| # ICMP (ping) requests are allowed |
| $IPTABLES -A OUTPUT -o $EXTIF -p icmp --icmp-type 8 -j ACCEPT |
| # On autorise les requêtes LDAP si un serveur externe est configué |
| # LDAP requests are allowed if an external server is declared |
| if [ $LDAP = on ] |
| then |
| $IPTABLES -A OUTPUT -p tcp -d $LDAP_SERVER -m multiport --dports ldap,ldaps -m state --state NEW,ESTABLISHED -j ACCEPT |
| $IPTABLES -A OUTPUT -p udp -d $LDAP_SERVER -m multiport --dports ldap,ldaps -m state --state NEW,ESTABLISHED -j ACCEPT |
| fi |
| # On autorise les requêtes LDAP |
| # LDAP requests are allowed |
| $IPTABLES -A OUTPUT -o $EXTIF -p tcp -m multiport --dports ldap,ldaps -m state --state NEW,ESTABLISHED -j ACCEPT |
| $IPTABLES -A OUTPUT -o $EXTIF -p udp -m multiport --dports ldap,ldaps -m state --state NEW,ESTABLISHED -j ACCEPT |
| ############################# |
| # POSTROUTING # |
| /web/acc/alcasar-3.1.4-presentation-en.pdf |
|---|
| Cannot display: file marked as a binary type. |
| svn:mime-type = application/octet-stream |
| Property changes: |
| Deleted: svn:mime-type |
| -application/octet-stream |
| \ No newline at end of property |
| /web/acc/alcasar-3.1.4-technique.pdf |
|---|
| Cannot display: file marked as a binary type. |
| svn:mime-type = application/octet-stream |
| Property changes: |
| Deleted: svn:mime-type |
| -application/octet-stream |
| \ No newline at end of property |
| /web/acc/alcasar-3.1.4-presentation-fr.pdf |
|---|
| Cannot display: file marked as a binary type. |
| svn:mime-type = application/octet-stream |
| Property changes: |
| Deleted: svn:mime-type |
| -application/octet-stream |
| \ No newline at end of property |
| /web/acc/alcasar-3.1.4-exploitation-en.pdf |
|---|
| Cannot display: file marked as a binary type. |
| svn:mime-type = application/octet-stream |
| Property changes: |
| Deleted: svn:mime-type |
| -application/octet-stream |
| \ No newline at end of property |
| /web/acc/alcasar-3.1.4-exploitation-fr.pdf |
|---|
| Cannot display: file marked as a binary type. |
| svn:mime-type = application/octet-stream |
| Property changes: |
| Deleted: svn:mime-type |
| -application/octet-stream |
| \ No newline at end of property |
| /web/acc/alcasar-3.2-exploitation-en.pdf |
|---|
| Cannot display: file marked as a binary type. |
| svn:mime-type = application/octet-stream |
| Property changes: |
| Added: svn:mime-type |
| +application/octet-stream |
| \ No newline at end of property |
| /web/acc/alcasar-3.2-exploitation-fr.pdf |
|---|
| Cannot display: file marked as a binary type. |
| svn:mime-type = application/octet-stream |
| Property changes: |
| Added: svn:mime-type |
| +application/octet-stream |
| \ No newline at end of property |
| /web/acc/alcasar-3.2-presentation-en.pdf |
|---|
| Cannot display: file marked as a binary type. |
| svn:mime-type = application/octet-stream |
| Property changes: |
| Added: svn:mime-type |
| +application/octet-stream |
| \ No newline at end of property |
| /web/acc/alcasar-3.2-presentation-fr.pdf |
|---|
| Cannot display: file marked as a binary type. |
| svn:mime-type = application/octet-stream |
| Property changes: |
| Added: svn:mime-type |
| +application/octet-stream |
| \ No newline at end of property |
| /web/acc/alcasar-3.2-technique.pdf |
|---|
| Cannot display: file marked as a binary type. |
| svn:mime-type = application/octet-stream |
| Property changes: |
| Added: svn:mime-type |
| +application/octet-stream |
| \ No newline at end of property |