/VERSION |
---|
1,0 → 0,0 |
3.2.0b |
3.2 |
/readme.txt |
---|
1,24 → 1,24 |
$Id: readme-2.0.txt 581 2011-04-21 16:59:59Z richard $ |
Alcasar-3.1.4 |
Alcasar-3.2 |
*********** English ********** |
- New installation : Need the DVD of Linux Mageia5.1 (Mageia-5.1-x86_64-DVD.iso). |
- New installation : Need the DVD of Linux Mageia6 (Mageia-6-x86_64-DVD.iso). |
--> Follow ALCASAR installation documentation. |
- Update an earlier version |
--> On your running ALCASAR, run the installation of the new version and follow the instructions |
if the update process is not compatible, the process will stop after creating a configuration file |
--> 1 - Retrieve this configuration file (/tmp/alcasar-conf.tar.gz) |
--> 2 - Install the new system Linux-Mageia-5.1 (see installation documentation) |
--> 2 - Install the new system Linux-Mageia-6 (see installation documentation) |
--> 3 - Copy the file 'alcasar-conf.tar.gz' in the folder '/tmp' before launching the installation of the new version of ALCASAR |
*********** Français ******** |
- Nouvelle installation : elle s'effectue sur la base du DVD de Linux Mageia5.1 (Mageia-5.1-x86_64-DVD.iso). |
- Nouvelle installation : elle s'effectue sur la base du DVD de Linux Mageia6 (Mageia-6-x86_64-DVD.iso). |
--> Suivez la procédure d'installation d'ALCASAR. |
- Mise à jour d'une version plus ancienne |
--> sur votre ALCASAR en fonctionnement, lancez l'installation de la nouvelle version et suivez les instructions. |
si la mise à jour n'est pas possible, le processus s'arrétera après avoir créé un fichier de configuration |
--> 1 - Récupérez ce fichier de configuration (/tmp/alcasar-conf.tar.gz) |
--> 2 - Installez Linux-Mageia4.1 (cf. doc d'installation) |
--> 2 - Installez Linux-Mageia6 (cf. doc d'installation) |
--> 3 - copiez le fichier 'alcasar-conf.tar.gz' dans le répertoire '/tmp' avant de lancez l'installation de la nouvelle version d'ALCASAR |
/scripts/alcasar-iptables.sh |
---|
41,10 → 41,6 |
SSH=${SSH:=off} |
SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2` |
SSH_ADMIN_FROM=${SSH_ADMIN_FROM:="0.0.0.0/0.0.0.0"} # WAN IP address to reduce ssh access (all ip allowed on LAN side) |
LDAP=`grep ^LDAP= $CONF_FILE|cut -d"=" -f2` # LDAP external server active (on/off) |
LDAP=${LDAP:=off} |
LDAP_SERVER=`grep ^LDAP_SERVER= $CONF_FILE|cut -d"=" -f2` # WAN IP address to reduce LDAP WAN access (all ip allowed on LAN side) |
LDAP_SERVER=${LDAP_SERVER:="0.0.0.0/0.0.0.0"} |
IPTABLES="/sbin/iptables" |
IP_REHABILITEES="/etc/dansguardian/lists/exceptioniplist" # Rehabilitated IP |
429,11 → 425,11 |
############################# |
# OUTPUT # |
############################# |
# On laisse tout sortir sur toutes les cartes sauf celle qui est connectée sur l'extérieur |
# Everything is allowed but traffic through outside network interface |
# On laisse tout sortir à l'exception de la carte externe (cf ci-dessous) |
# Everything is allowed apart from outside network interface (see bellow) |
$IPTABLES -A OUTPUT ! -o $EXTIF -j ACCEPT |
# Si configéré, on autorise les requêtes DHCP |
# Si configuré, on autorise les requêtes DHCP |
# Allow DHCP requests if configured |
public_ip_mask=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` # ALCASAR WAN IP address |
if [[ "$public_ip_mask" == "dhcp" ]] |
446,8 → 442,8 |
# Allow DNS requests to identified DNS servers |
$IPTABLES -A OUTPUT -o $EXTIF -d $DNSSERVERS -p udp --dport domain -m state --state NEW -j ACCEPT |
# On autorise les requêtes HTTP sortantes |
# HTTP requests are allowed |
# On autorise les requêtes HTTP avec log Netflow (en provenance de Dansguardian) |
# HTTPS requests are allowed with netflow log (from Dansguardian) |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT |
456,7 → 452,7 |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport https -j ACCEPT |
# On autorise les requêtes RSYNC sortantes (maj BL de Toulouse) |
# RSYNC requests are allowed (to update BL of Toulouse) |
# RSYNC requests are allowed (update of Toulouse BL) |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport rsync -j ACCEPT |
# On autorise les requêtes FTP |
473,13 → 469,10 |
# ICMP (ping) requests are allowed |
$IPTABLES -A OUTPUT -o $EXTIF -p icmp --icmp-type 8 -j ACCEPT |
# On autorise les requêtes LDAP si un serveur externe est configué |
# LDAP requests are allowed if an external server is declared |
if [ $LDAP = on ] |
then |
$IPTABLES -A OUTPUT -p tcp -d $LDAP_SERVER -m multiport --dports ldap,ldaps -m state --state NEW,ESTABLISHED -j ACCEPT |
$IPTABLES -A OUTPUT -p udp -d $LDAP_SERVER -m multiport --dports ldap,ldaps -m state --state NEW,ESTABLISHED -j ACCEPT |
fi |
# On autorise les requêtes LDAP |
# LDAP requests are allowed |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp -m multiport --dports ldap,ldaps -m state --state NEW,ESTABLISHED -j ACCEPT |
$IPTABLES -A OUTPUT -o $EXTIF -p udp -m multiport --dports ldap,ldaps -m state --state NEW,ESTABLISHED -j ACCEPT |
############################# |
# POSTROUTING # |
/web/acc/alcasar-3.1.4-presentation-en.pdf |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/web/acc/alcasar-3.1.4-technique.pdf |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/web/acc/alcasar-3.1.4-presentation-fr.pdf |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/web/acc/alcasar-3.1.4-exploitation-en.pdf |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/web/acc/alcasar-3.1.4-exploitation-fr.pdf |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/web/acc/alcasar-3.2-exploitation-en.pdf |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/web/acc/alcasar-3.2-exploitation-fr.pdf |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/web/acc/alcasar-3.2-presentation-en.pdf |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/web/acc/alcasar-3.2-presentation-fr.pdf |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |
/web/acc/alcasar-3.2-technique.pdf |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Added: svn:mime-type |
+application/octet-stream |
\ No newline at end of property |