Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 2487 → Rev 2488

/CHANGELOG
5,6 → 5,7
-------------------- 3.2.1 --------------------
NEWS
- Linux kernel 4.14.18
- Replace Apache with Lighttpd
 
ACC
 
12,6 → 13,7
 
BUGS
- alcasar.sh : Fix exiting on wrong hardware architecture
- Fix broken fail2ban configuration
 
SECU
 
/alcasar.sh
18,7 → 18,7
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares :
 
# Coovachilli, freeradius, mariaDB, apache, netfilter, dansguardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump
# Coovachilli, freeradius, mariaDB, lighttpd, netfilter, dansguardian, ntpd, openssl, dnsmasq, gammu, havp, libclamav, Ulog, fail2ban, tinyproxy, NFsen and NFdump
 
# Options :
# -i or --install
60,7 → 60,7
DIR_SCRIPTS="$DIR_INSTALL/scripts" # install directory (with script files)
DIR_BLACKLIST="$DIR_INSTALL/blacklist" # install directory (with blacklist files)
DIR_SAVE="/var/Save" # backup directory (traceability_log, user_db, security_log)
DIR_WEB="/var/www/html" # directory of APACHE
DIR_WEB="/var/www/html" # directory of Lighttpd
DIR_DG="/etc/dansguardian" # directory of DansGuardian
DIR_ACC="$DIR_WEB/acc" # directory of the 'ALCASAR Control Center'
DIR_DEST_BIN="/usr/local/bin" # directory of ALCASAR scripts
714,7 → 714,7
##################################################################
## Function "ACC" ##
## - installation of then ALCASAR Control Center (ACC) ) ##
## - configuration of the web server (Apache) ##
## - configuration of the web server (Lighttpd) ##
## - creation of the first ACC admin account ##
## - secure the access ##
##################################################################
764,196 → 764,53
$SED "s?^html_errors.*?html_errors = Off?g" /etc/php.ini
$SED "s?^expose_php.*?expose_php = Off?g" /etc/php.ini
$SED "s?^allow_url_fopen.*?allow_url_fopen = Off?" /etc/php.ini
# Configuring & sécuring Apache
# Configuring & securing Lighttpd
rm -rf /var/www/cgi-bin/* /var/www/perl/* /var/www/icons/README* /var/www/error/README*
[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
$SED "s?^#ServerName.*?ServerName $HOSTNAME.$DOMAIN?g" /etc/httpd/conf/httpd.conf
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
$SED "s?Options Indexes.*?Options -Indexes?g" /etc/httpd/conf/httpd.conf
echo "ServerTokens Prod" >> /etc/httpd/conf/httpd.conf
echo "ServerSignature Off" >> /etc/httpd/conf/httpd.conf
[ -e /etc/httpd/conf/modules.d/00_base.conf.default ] || cp /etc/httpd/conf/modules.d/00_base.conf /etc/httpd/conf/modules.d/00_base.conf.default
$SED "s?^LoadModule authn_anon_module.*?#LoadModule authn_anon_module modules/mod_authn_anon.so?g" /etc/httpd/conf/modules.d/00_base.conf
$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/modules.d/00_base.conf
$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/modules.d/00_base.conf
$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/modules.d/00_base.conf
$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/modules.d/00_base.conf
$SED "s?^LoadModule speling_module.*?#LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/modules.d/00_base.conf
[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] || cp /etc/httpd/conf/conf.d/ssl.conf /etc/httpd/conf/conf.d/ssl.conf.default
echo "Listen $PRIVATE_IP:443" > /etc/httpd/conf/conf.d/ssl.conf # Listen only on INTIF
echo "SSLProtocol all -SSLv2 -SSLv3" >> /etc/httpd/conf/conf.d/ssl.conf # exclude vulnerable protocols
echo "SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" >> /etc/httpd/conf/conf.d/ssl.conf # Define the cipher suite
echo "SSLHonorCipherOrder on" >> /etc/httpd/conf/conf.d/ssl.conf # The Browser must respect the order of the cipher suite
echo "SSLPassPhraseDialog builtin" >> /etc/httpd/conf/conf.d/ssl.conf # in case of passphrase the dialog will be perform on stdin
echo "SSLSessionCache \"shmcb:/run/httpd/ssl_scache(512000)\"" >> /etc/httpd/conf/conf.d/ssl.conf # default cache size
echo "SSLSessionCacheTimeout 300" >> /etc/httpd/conf/conf.d/ssl.conf # default cache time in seconds
# Error page management
[ -e /etc/httpd/conf/conf.d/multilang-errordoc.conf.default ] || cp /etc/httpd/conf/conf.d/multilang-errordoc.conf /etc/httpd/conf/conf.d/multilang-errordoc.conf.default
cat <<EOF > /etc/httpd/conf/conf.d/multilang-errordoc.conf
Alias /error/ "/var/www/html/"
<Directory "/usr/share/httpd/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Require all granted
LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
ForceLanguagePriority Prefer Fallback
</Directory>
ErrorDocument 400 /error/error.php?error=400
ErrorDocument 401 /error/error.php?error=401
ErrorDocument 403 /error/error.php?error=403
ErrorDocument 404 /error/index.php
ErrorDocument 405 /error/error.php?error=405
ErrorDocument 408 /error/error.php?error=408
ErrorDocument 410 /error/error.php?error=410
ErrorDocument 411 /error/error.php?error=411
ErrorDocument 412 /error/error.php?error=412
ErrorDocument 413 /error/error.php?error=413
ErrorDocument 414 /error/error.php?error=414
ErrorDocument 415 /error/error.php?error=415
ErrorDocument 500 /error/error.php?error=500
ErrorDocument 501 /error/error.php?error=501
ErrorDocument 502 /error/error.php?error=502
ErrorDocument 503 /error/error.php?error=503
ErrorDocument 506 /error/error.php?error=506
EOF
[ -e /usr/share/httpd/error/include/top.html.default ] || cp /usr/share/httpd/error/include/top.html /usr/share/httpd/error/include/top.html.default
$SED "s?background-color.*?background-color: #EFEFEF; }?g" /usr/share/httpd/error/include/top.html
[ -e /usr/share/httpd/error/include/bottom.html.default ] || cp /usr/share/httpd/error/include/bottom.html /usr/share/httpd/error/include/bottom.html.default
cat <<EOF > /usr/share/httpd/error/include/bottom.html
</body>
</html>
EOF
[ -e /etc/lighttpd/lighttpd.conf.default ] || cp /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.default
[ -e /etc/lighttpd/modules.conf.default ] || cp /etc/lighttpd/modules.conf /etc/lighttpd/modules.conf.default
[ -e /etc/lighttpd/conf.d/fastcgi.conf.default ] || cp /etc/lighttpd/conf.d/fastcgi.conf /etc/lighttpd/conf.d/fastcgi.conf.default
[ -e /etc/php-fpm.conf ] || cp /etc/php-fpm.conf /etc/php-fpm.conf.default
[ -d /etc/lighttpd/vhosts.d ] || mkdir /etc/lighttpd/vhosts.d
 
cp $DIR_CONF/lighttpd/conf.d/fastcgi.conf /etc/lighttpd/conf.d/fastcgi.conf
cp $DIR_CONF/lighttpd/vhosts.d/alcasar.conf /etc/lighttpd/vhosts.d/alcasar.conf
 
$SED "s?^;listen\.owner.*?listen\.owner = apache?g" /etc/php-fpm.conf
$SED "s?^;listen\.group.*?listen\.group = apache?g" /etc/php-fpm.conf
$SED "s?^;listen\.mode.*?listen\.mode = 0660?g" /etc/php-fpm.conf
 
$SED "s?^server\.use-ipv6.*?server\.use-ipv6 = \"disable\"?g" /etc/lighttpd/lighttpd.conf
$SED "s?^#server\.bind.*?server\.bind = \"$HOSTNAME.$DOMAIN\"?g" /etc/lighttpd/lighttpd.conf
$SED "s?^#server\.tag.*?server\.tag = \"\"?g" /etc/lighttpd/lighttpd.conf
echo "include \"vhosts.d/alcasar.conf\"" >> /etc/lighttpd/lighttpd.conf
 
$SED "s?^#[ ]*\"mod_auth\",.*? \"mod_auth\",?g" /etc/lighttpd/modules.conf
$SED "s?^#[ ]*\"mod_alias\",.*? \"mod_alias\",?g" /etc/lighttpd/modules.conf
$SED "s?^#[ ]*\"mod_redirect\",.*? \"mod_redirect\",?g" /etc/lighttpd/modules.conf
$SED "s?^#include \"conf.d/fastcgi.conf\".*?include \"conf.d/fastcgi.conf\"?g" /etc/lighttpd/modules.conf
 
$SED "s?^server\.bind.*?server\.bind = \"$HOSTNAME.$DOMAIN\"?g" /etc/lighttpd/lighttpd.conf
$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$HOSTNAME.$DOMAIN"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf
$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$HOSTNAME.$DOMAIN\"/g" /etc/lighttpd/vhosts.d/alcasar.conf
 
/usr/bin/systemctl start lighttpd
 
# Définition du premier compte lié au profil 'admin'
if [ "$mode" = "install" ]
then
header_install
admin_portal=!
PTN='^[a-zA-Z0-9-]*$'
until [[ $(expr $admin_portal : $PTN) -gt 0 ]]
do
header_install
if [ $Lang == "fr" ]
then
echo ""
echo "Définissez un premier compte d'administration d'ALCASAR :"
echo
echo -n "Nom : "
else
echo ""
echo "Define the first account allow to administrate ALCASAR :"
echo
echo -n "Account : "
fi
read admin_portal
if [ "$admin_portal" == "" ]
then
admin_portal=!
fi
done
# Creation of keys file for the admin account ("admin")
[ -d $DIR_DEST_ETC/digest ] && rm -rf $DIR_DEST_ETC/digest
mkdir -p $DIR_DEST_ETC/digest
chmod 755 $DIR_DEST_ETC/digest
until [ -s $DIR_DEST_ETC/digest/key_admin ]
do
/usr/bin/htdigest -c $DIR_DEST_ETC/digest/key_admin "ALCASAR Control Center (ACC)" $admin_portal
done
$DIR_DEST_BIN/alcasar-profil.sh --list
do
$DIR_DEST_BIN/alcasar-profil.sh --add admin
done
fi
# ACC partitioning
rm -f /etc/httpd/conf/webapps.d/alcasar*
cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
<Directory $DIR_WEB>
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
<Directory $DIR_WEB/certs>
AddType application/x-x509-ca-cert crt
</Directory>
<Directory $DIR_ACC>
SSLRequireSSL
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
require valid-user
AuthType digest
AuthName "ALCASAR Control Center (ACC)"
AuthDigestDomain $HOSTNAME.$DOMAIN
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
AuthUserFile $DIR_DEST_ETC/digest/key_all
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
<Directory $DIR_ACC/admin>
SSLRequireSSL
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
require valid-user
AuthType digest
AuthName "ALCASAR Control Center (ACC)"
AuthDigestDomain $HOSTNAME.$DOMAIN
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
AuthUserFile $DIR_DEST_ETC/digest/key_admin
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
<Directory $DIR_ACC/manager>
SSLRequireSSL
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
require valid-user
AuthType digest
AuthName "ALCASAR Control Center (ACC)"
AuthDigestDomain $HOSTNAME.$DOMAIN
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
AuthUserFile $DIR_DEST_ETC/digest/key_manager
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
<Directory $DIR_ACC/backup>
SSLRequireSSL
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
require valid-user
AuthType digest
AuthName "ALCASAR Control Center (ACC)"
AuthDigestDomain $HOSTNAME.$DOMAIN
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
AuthUserFile $DIR_DEST_ETC/digest/key_backup
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
Alias /save/ "$DIR_SAVE/"
<Directory $DIR_SAVE>
SSLRequireSSL
Options Indexes
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from $PRIVATE_NETWORK_MASK
require valid-user
AuthType digest
AuthName "ALCASAR Control Center (ACC)"
AuthDigestDomain $HOSTNAME.$DOMAIN
AuthUserFile $DIR_DEST_ETC/digest/key_backup
ErrorDocument 404 https://$HOSTNAME.$DOMAIN/
</Directory>
EOF
 
# Launch after coova (in order to wait tun0 to be up)
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/httpd.service
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/lighttpd.service
# Log file for ACC access imputability
[ -e /var/Save/security/acc_access.log ] || touch /var/Save/security/acc_access.log
chown root:apache /var/Save/security/acc_access.log
962,33 → 819,12
 
##########################################################################
## Fonction "CA" ##
## - Creating the CA and the server certificate (apache) ##
## - Creating the CA and the server certificate (lighttpd) ##
##########################################################################
CA ()
{
$DIR_DEST_BIN/alcasar-CA.sh
FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf`
[ -e /etc/httpd/conf/vhosts-ssl.default ] || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
cat <<EOF > $FIC_VIRTUAL_SSL
# default SSL virtual host, used for all HTTPS requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
 
<VirtualHost _default_:443>
# general configuration
ServerAdmin root@localhost
ServerName $HOSTNAME.$DOMAIN
 
# SSL configuration
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/alcasar.crt
SSLCertificateKeyFile /etc/pki/tls/private/alcasar.key
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
CustomLog logs/ssl_request_log \
"%t %{SSL_PROTOCOL}x %{SSL_CIPHER}x [%h] \"%r\" %b"
ErrorLog logs/ssl_error_log
ErrorLogFormat "[%t] [%m:%l] [client %a] %M"
</VirtualHost>
EOF
chown -R root:apache /etc/pki
chmod -R 750 /etc/pki
} # End of CA ()
1935,7 → 1771,7
[ -e /lib/systemd/system/fail2ban.service.default ] || cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default
$SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /usr/lib/systemd/system/fail2ban.service
$SED '/Type=/a\PIDFile=/var/run/fail2ban/fail2ban.pid' /usr/lib/systemd/system/fail2ban.service
$SED '/After=*/c After=syslog.target network.target httpd.service' /usr/lib/systemd/system/fail2ban.service
$SED '/After=*/c After=syslog.target network.target lighttpd.service' /usr/lib/systemd/system/fail2ban.service
} # End fail2ban()
 
##################################################################
2146,7 → 1982,7
# Log compression
$SED "s?^delaycompress.*?#&?g" /etc/logrotate.conf
# actualisation des fichiers logs compressés
for dir in firewall dansguardian httpd
for dir in firewall dansguardian lighttpd
do
find /var/log/$dir -type f -name *.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] -exec gzip {} \;
done
2176,7 → 2012,7
WantedBy=multi-user.target
EOF
# processes launched at boot time (Systemctl)
for i in alcasar-load_balancing mysqld httpd ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd
for i in alcasar-load_balancing mysqld lighttpd ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban havp tinyproxy vnstat sshd
do
/usr/bin/systemctl -q enable $i.service
done
/conf/fail2ban.sh
108,8 → 108,7
backend = auto
filter = alcasar_mod-evasive
action = iptables-allports[name=alcasar_mod-evasive]
logpath = /var/log/httpd/error_log
/var/log/httpd/ssl_error_log
logpath = /var/log/lighttpd/access.log
maxretry = 2
 
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force)
130,8 → 129,8
backend = auto
filter = alcasar_acc
action = iptables-allports[name=alcasar_acc]
logpath = /var/log/httpd/ssl_error_log
maxretry = 5
logpath = /var/log/lighttpd/access.log
maxretry = 6
 
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager
[alcasar_intercept]
141,7 → 140,7
backend = auto
filter = alcasar_intercept
action = iptables-allports[name=alcasar_intercept]
logpath = /var/log/httpd/ssl_request_log
logpath = /var/log/lighttpd/access.log
maxretry = 5
 
# Bannissement sur tout les port après 5 échecs de changement de mot de passe
153,7 → 152,7
backend = auto
filter = alcasar_change-pwd
action = iptables-allports[name=alcasar_change-pwd]
logpath = /var/log/httpd/ssl_request_log
logpath = /var/log/lighttpd/access.log
maxretry = 5
 
EOF
184,7 → 183,7
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[client <HOST>:[0-9]+\] .*client denied by server configuration
failregex = <HOST> .+\] "[^"]+" 403
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
211,7 → 210,7
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[auth_digest:error\] \[client <HOST>:[0-9]+\] .*ALCASAR Control Center \(ACC\)
failregex = <HOST> .+\] "[^"]+" 401
 
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]]
 
240,7 → 239,7
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[<HOST>\] \"GET \/intercept\.php\?res=failed\&reason=reject
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject
 
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
268,7 → 267,7
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[<HOST>\] \"POST \/password\.php
failregex = <HOST> .* \"POST \/password\.php
 
 
# Option: ignoreregex
/conf/lighttpd/conf.d/fastcgi.conf
0,0 → 1,16
# FastCGI Module
# ---------------
#
# http://www.lighttpd.net/documentation/fastcgi.html
#
 
server.modules += ( "mod_fastcgi" )
 
fastcgi.server = (
".php" => (
"localhost" => (
"socket" => "/var/lib/php-fpm/php-fpm.sock",
"broken-scriptfilename" => "enable"
)
)
)
/conf/lighttpd/vhosts.d/alcasar.conf
0,0 → 1,89
$HTTP["url"] =~ ".*" {
# Disabling directory listing as default setting
dir-listing.activate = "disable"
}
 
# If a wrong url is used, displaying homepage for unprivileged users
$HTTP["url"] !~ "^/(acc|save)/" {
server.error-handler-404 = "/"
}
 
# Error pages
server.errorfile-prefix = "/var/www/html/errors/error-"
 
$SERVER["socket"] == "alcasar.localdomain:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/pki/tls/private/alcasar.pem"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.use-compression = "disable"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
 
var.server_name = "alcasar.localdomain"
server.name = server_name
 
server.document-root = "/var/www/html"
}
 
$HTTP["scheme"] == "https" {
 
alias.url = (
"/save" => "/var/Save"
)
 
# Digest authentication configuration
auth.backend = "htdigest"
auth.debug = 1
auth.require = (
"/acc/" =>
(
"method" => "digest",
"realm" => "ALCASAR Control Center (ACC)",
"require" => "valid-user"
),
"/save/" =>
(
"method" => "digest",
"realm" => "ALCASAR Control Center (ACC)",
"require" => "valid-user"
)
 
)
 
$HTTP["url"] =~ "^/(acc|save)/" {
# Setting digest files according access permissions
$HTTP["url"] =~ "^/acc/" {
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_all"
 
$HTTP["url"] =~ "^/acc/admin" {
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_admin"
}
 
$HTTP["url"] =~ "^/acc/manager/" {
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_manager"
}
 
$HTTP["url"] =~ "^/acc/backup/" {
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
}
}
 
$HTTP["url"] =~ "^/save" {
auth.backend.htdigest.userfile = "/usr/local/etc/digest/key_backup"
# Enabling directory listing
dir-listing.activate = "enable"
}
}
}
 
$HTTP["scheme"] == "http" {
# Force HTTPS for privileged users
$HTTP["url"] =~ "^/(acc|save|(intercept|password).php)" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
}
/scripts/alcasar-CA.sh
17,6 → 17,7
SRVREQ=$DIR_CERT/alcasar.req
SRVKEY=$DIR_CERT/private/alcasar.key
SRVCERT=$DIR_CERT/certs/alcasar.crt
SRVPEM=$DIR_CERT/private/alcasar.pem
SRVCHAIN=$DIR_CERT/certs/server-chain.crt
 
CACERT_LIFETIME="1460"
218,6 → 219,7
openssl ca -config $DIR_TMP/ssl.conf -name AlcasarCA -batch -days $SRVCERT_LIFETIME -in $SRVREQ -out $SRVCERT 2>> $DIR_TMP/openssl-log
rm -f $SRVREQ
cp -f $SRVCERT $SRVCHAIN # in order to simplify the official intranet certificate import process
cat $SRVKEY $SRVCERT > $SRVPEM
chmod a+r $CACERT $SRVCERT $SRVCHAIN
 
# Link certs in ALCASAR Control Center
/scripts/alcasar-activity_report.sh
165,7 → 165,7
#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ]
then
PACKAGE='php|apache|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
do
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
/scripts/alcasar-archive.sh
18,7 → 18,7
DIR_SAVE="/var/Save" # répertoire accessible par webs
DIR_LOG="/var/log" # répertoire local des log
 
#DIR_SERVICE="squid httpd firewall" # répertoires contenant des logs utiles à exporter
#DIR_SERVICE="squid lighttpd firewall" # répertoires contenant des logs utiles à exporter
DIR_BASE="$DIR_SAVE/base" # répertoire de sauvegarde de la base de données usagers
DIR_ARCHIVE="$DIR_SAVE/archive" # répertoire de sauvegarde des archives de log
NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment
/scripts/alcasar-certificates.sh
43,7 → 43,7
# Export of server Certificate
tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}
gzip $FILE.tar
echo "Le ficher des certificats exportés est : $FILE.tar.gz"
echo "Le fichier des certificats exportés est : $FILE.tar.gz"
} # end function export
 
 
73,13 → 73,16
 
# Import of CA Certificate
tar xzvf $1 --directory=$DIR_IMPORT
cat $DIR_PKI/tls/private/alcasar.key $DIR_PKI/tls/certs/alcasar.crt > $DIR_PKI/tls/private/alcasar.pem
echo "Import new certificates in ALCASAR !!!"
cp -r $DIR_IMPORT/* /.
chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}
chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.crt}
 
# Service apache restart
service httpd restart
chmod 750 $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
chmod 750 $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.crt}
 
service lighttpd restart
else
echo "You are not import new certificates !!!"
exit 0
/scripts/alcasar-conf.sh
125,6 → 125,7
cp -f $DIR_UPDATE/alcasar-ca.key* /etc/pki/CA/private/ # autosigned & official
cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
cat /etc/pki/tls/private/alcasar.key /etc/pki/tls/certs/alcasar.crt > /etc/pki/tls/private/alcasar.pem
[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
chown -R root:apache /etc/pki
chmod -R 750 /etc/pki
252,11 → 253,10
$DIR_BIN/alcasar-logout.sh all
# Services stop
echo -n "Stop services : "
for i in ntpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist dnsmasq-blackhole chilli network
for i in ntpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist dnsmasq-blackhole chilli network lighttpd
do
/usr/bin/systemctl stop $i && echo -n "$i, "
done
/usr/bin/kill -s SIGSTOP $(pidof httpd)
echo
fi
# EXTIF config
324,16 → 324,10
[ `grep ^HTTPS_LOGIN= $CONF_FILE | cut -d'=' -f2` == "on" ] && chilli_login_protocol="https" || chilli_login_protocol="http"
$SED "s/^uamserver.*/uamserver\t$chilli_login_protocol:\/\/$HOSTNAME.$DOMAIN\/intercept.php/" /etc/chilli.conf
$SED "s/^radiusnasid.*/radiusnasid\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
# Set hostname in Apache
$SED "s/^ServerName.*/ServerName $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/httpd.conf
$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$HOSTNAME.$DOMAIN\//g" /etc/httpd/conf/webapps.d/alcasar.conf
$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/webapps.d/alcasar.conf
$SED "s/^ ServerName.*/ ServerName $HOSTNAME.$DOMAIN/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default
# Alcasar Control Center (ACC)
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
FIC_MOD_SSL=`find /etc/httpd/conf/ -type f -name ssl.conf`
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL
$SED "/127.0.0.1/!s?Allow from .*?Allow from $PRIVATE_NETWORK_MASK?g" /etc/httpd/conf/webapps.d/alcasar.conf
# Set hostname in Lighttpd
$SED "s?^server\.bind.*?server\.bind = \"$HOSTNAME.$DOMAIN\"?g" /etc/lighttpd/lighttpd.conf
$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$HOSTNAME.$DOMAIN"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf
$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$HOSTNAME.$DOMAIN\"/g" /etc/lighttpd/vhosts.d/alcasar.conf
# FreeRADIUS Web
$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
384,8 → 378,7
/usr/bin/systemctl start $i && echo -n ", $i"
done
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", dnsmasq-blacklist, dnsmasq-whitelist, iptables"
/usr/bin/kill -s SIGCONT $(pidof httpd)
/usr/bin/systemctl reload httpd && echo -n ", httpd"
/usr/bin/systemctl restart lighttpd && echo -n ", lighttpd"
fi
# Start / Stop SSH Daemon
ssh_active=`grep ^SSH= $CONF_FILE|cut -d"=" -f2`
/scripts/alcasar-daemon.sh
10,7 → 10,7
conf_file="/usr/local/etc/alcasar.conf"
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off)
SSH=${SSH:=off}
SERVICES="mysqld httpd ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat"
SERVICES="mysqld lighttpd ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat"
nb_available_srv=`echo $SERVICES|wc -w`
 
function ServiceTest () {
/scripts/alcasar-importcert.sh
40,6 → 40,9
then
mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
fi
cat $DIR_CERT/private/alcasar.key $DIR_CERT/certs/alcasar.crt > $DIR_CERT/private/alcasar.pem
chown root:apache $DIR_CERT/private/alcasar.pem
chmod 750 $DIR_CERT/private/alcasar.pem
}
 
function domainName() # change the domain name in the conf files
80,12 → 83,15
 
cp $cert $DIR_CERT/certs/alcasar.crt
cp $key $DIR_CERT/private/alcasar.key
cat $DIR_CERT/private/alcasar.key $DIR_CERT/certs/alcasar.crt > $DIR_CERT/private/alcasar.pem
 
chown root:apache $DIR_CERT/certs/alcasar.crt
chown root:apache $DIR_CERT/private/alcasar.key
chown root:apache $DIR_CERT/private/alcasar.pem
 
chmod 750 $DIR_CERT/certs/alcasar.crt
chmod 750 $DIR_CERT/private/alcasar.key
chmod 750 $DIR_CERT/private/alcasar.pem
 
if [ "$sc" != "" ]
then
164,7 → 170,7
fi
domainName $cert
certImport $cert $key $sc
for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd
for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist lighttpd
do
echo "restarting $services"; systemctl restart $services; sleep 1
done
175,7 → 181,7
echo "Restoring default certificate"
defaultCert
defaultNdd
for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd
for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist lighttpd
do
echo "restarting $services"; systemctl restart $services; sleep 1
done
/scripts/alcasar-profil.sh
8,6 → 8,7
# Gestion des comptes liés aux profiles
# Manage the profil logins
 
DIR_BIN="/usr/local/bin" # scripts directory
ADM_PROFIL="admin"
PROFILS="backup manager"
ALL_PROFILS=`echo $ADM_PROFIL $PROFILS`
14,7 → 15,50
DIR_KEY="/usr/local/etc/digest"
SED="/bin/sed -i"
Lang=`echo $LANG|cut -c 1-2`
REALM="ALCASAR Control Center (ACC)"
 
# génère le htdigest
function htdigest () {
passwdfile="$1"
username="$2"
 
[ -f "$passwdfile" ] || touch "$passwdfile"
 
[ $(grep -c "${username}:${REALM}:" "$passwdfile") ] && existing_user=0 || existing_user=1
 
if [ $existing_user -eq 1 ]; then
echo "Changing password for user $username in realm $REALM"
else
echo "Adding user $username in realm $REALM"
fi
 
equal=0
 
while [ $equal -eq 0 ]; do
echo -n "New password: "
read -s pass_1
echo
echo -n "Confirm the new password: "
read -s pass_2
echo
 
if [ "$pass_1" != "$pass_2" ]; then
echo -e "\nThe passwords don't match.\n"
else
equal=1
fi
done
 
digest="${username}:${REALM}:"
digest+=$(echo -n "${username}:${REALM}:${pass_1}" | md5sum | cut -d" " -f1)
 
if [ $existing_user -eq 0 ]; then
echo "$digest" >> "$passwdfile"
else
sed -i "s/${username}:${REALM}:.*/${digest}/" "$passwdfile"
fi
}
 
# liste les comptes de chaque profile
function list () {
for i in $ALL_PROFILS
50,9 → 94,10
chmod 640 $DIR_KEY/key_*
}
 
usage="Usage: alcasar-profil.sh [-l|--list] [-a|--add] [-d|--del] [-p|--pass]"
usage="Usage: alcasar-profil.sh [-l|--list] [-a|--add [profil]] [-d|--del] [-p|--pass]"
nb_args=$#
args=$1
arg1=$1
arg2=$2
 
# on met en place la structure minimale
if [ ! -e $DIR_KEY/key_$ADM_PROFIL ]
73,21 → 118,26
echo $usage
exit 0
fi
case $args in
case $arg1 in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
--add|-a)
# ajout d'un compte
list
if [ $Lang == "fr" ]
if [ $nb_args -eq 1 ]
then
echo -n "Choisissez un profil ($ALL_PROFILS) : "
# ajout d'un compte
list
if [ $Lang == "fr" ]
then
echo -n "Choisissez un profil ($ALL_PROFILS) : "
else
echo -n "Select a profile ($ALL_PROFILS) : "
fi
read profil
else
echo -n "Select a profile ($ALL_PROFILS) : "
profil="$2"
fi
read profil
if [ $Lang == "fr" ]
then
echo -n "Entrez le nom du compte à créer (profil '$profil') : "
112,7 → 162,7
fi
done
done
/usr/bin/htdigest $DIR_KEY/key_only_$profil "ALCASAR Control Center (ACC)" $account
htdigest $DIR_KEY/key_only_$profil "$account"
concat
list
;;
151,8 → 201,8
for j in $tmp_account
do
if [ "$j" = "$account" ]
then
/usr/bin/htdigest $DIR_KEY/key_only_$i "ALCASAR Control Center (ACC)" $account
then
htdigest $DIR_KEY/key_only_$i "$account"
fi
done
done
159,7 → 209,7
concat
;;
--list|-l)
# liste des comptes par profile
# liste des comptes par profil
list
;;
*)
/scripts/alcasar-uninstall.sh
20,18 → 20,24
 
ACC ()
{
echo -en "(11) : "
echo -en "(7) : "
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, "
[ -d /etc/freeradius-web ] && rm -rf /etc/freeradius-webl && echo -n "2, "
[ -e /etc/php.ini.default ] && mv -f /etc/php.ini.default /etc/php.ini && echo -n "3, "
[ -e /etc/httpd/conf/httpd.conf.default ] && mv /etc/httpd/conf/httpd.conf.default /etc/httpd/conf/httpd.conf && echo -n "4, "
[ -e /etc/httpd/conf/modules.d/00_base.conf.default ] && mv /etc/httpd/conf/modules.d/00_base.conf.default /etc/httpd/conf/modules.d/00_base.conf && echo -n "5, "
[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] && mv /etc/httpd/conf/conf.d/ssl.conf.default /etc/httpd/conf/conf.d/ssl.conf && echo -n "6, "
[ -e /etc/httpd/conf/conf.d/multilang-errordoc.conf.default ] && mv /etc/httpd/conf/conf.d/multilang-errordoc.conf.default /etc/httpd/conf/conf.d/multilang-errordoc.conf && echo -n "7, "
[ -e /usr/share/httpd/error/include/top.html.default ] && mv /usr/share/httpd/error/include/top.html.default /usr/share/httpd/error/include/top.html && echo -n "8, "
[ -e /usr/share/httpd/error/include/bottom.html.default ] && mv /usr/share/httpd/error/include/bottom.html.default /usr/share/httpd/error/include/top.html && echo -n "9, "
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "10, "
[ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf && echo -n "11"
[ -e /etc/lighttpd/lighttpd.conf.default ] && mv /etc/lighttpd/lighttpd.conf.default /etc/lighttpd/lighttpd.conf && echo -n "4, "
[ -e /etc/lighttpd/modules.conf.default ] && mv /etc/lighttpd/modules.conf.default /etc/lighttpd/modules.conf && echo -n "5, "
[ -e /etc/lighttpd/conf.d/fastcgi.conf.default ] && mv /etc/lighttpd/conf.d/fastcgi.conf.default /etc/lighttpd/conf.d/fastcgi.conf && echo -n "6, "
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "7, "
[ -e /etc/lighttpd/vhosts.d/alcasar.conf ] && rm -f /etc/lighttpd/vhosts.d/alcasar.conf && echo -n "8"
# Removing old Apache configuration
[ -e /etc/httpd/conf/httpd.conf.default ] && mv /etc/httpd/conf/httpd.conf.default /etc/httpd/conf/httpd.conf
[ -e /etc/httpd/conf/modules.d/00_base.conf.default ] && mv /etc/httpd/conf/modules.d/00_base.conf.default /etc/httpd/conf/modules.d/00_base.conf
[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] && mv /etc/httpd/conf/conf.d/ssl.conf.default /etc/httpd/conf/conf.d/ssl.conf
[ -e /etc/httpd/conf/conf.d/multilang-errordoc.conf.default ] && mv /etc/httpd/conf/conf.d/multilang-errordoc.conf.default /etc/httpd/conf/conf.d/multilang-errordoc.conf
[ -e /usr/share/httpd/error/include/top.html.default ] && mv /usr/share/httpd/error/include/top.html.default /usr/share/httpd/error/include/top.html
[ -e /usr/share/httpd/error/include/bottom.html.default ] && mv /usr/share/httpd/error/include/bottom.html.default /usr/share/httpd/error/include/top.html
[ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf
}
 
CA ()
41,7 → 47,10
[ -e /etc/pki/CA/private/alcasar-ca.key ] && rm -f /etc/pki/CA/private/alcasar-ca.key && echo -n "2, "
[ -e /etc/pki/tls/certs/alcasar.crt ] && rm -f /etc/pki/tls/certs/alcasar.crt && echo -n "3, "
[ -e /etc/pki/tls/private/alcasar.key ] && rm -f /etc/pki/tls/private/alcasar.key && echo -n "4, "
[ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL && echo -n "5"
[ -e /etc/pki/tls/private/alcasar.pem ] && rm -f /etc/pki/tls/private/alcasar.pem && echo -n "5"
# Removing old Apache configuration
[ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf*` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL
}
 
time_server ()
274,7 → 283,7
echo "----------------------------------------------------------------------------"
echo "** Uninstall/Désinstallation d'ALCASAR **"
echo "----------------------------------------------------------------------------"
services="alcasar-load_balancing vnstat havp freshclam ntpd httpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian dnsmasq sshd chilli"
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian dnsmasq sshd chilli"
/usr/local/bin/alcasar-logout.sh all # logout everybody
else
echo "--------------------------------------------------------------------------"
281,9 → 290,12
echo "** update/mise à jour d'ALCASAR **"
echo "--------------------------------------------------------------------------"
# dnsmasq & sshd should stay on to allow remote update
services="alcasar-load_balancing vnstat havp freshclam ntpd httpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian chilli"
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian chilli"
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update
fi
 
[ -e /lib/systemd/system/httpd.service ] && services+=" httpd"
 
echo "Stopping service : "
/usr/local/bin/alcasar-sms.sh --stop
for i in $services
/scripts/alcasar-urpmi.sh
14,7 → 14,7
# The kernel version we compile netflow for
KERNEL="kernel-server-4.14.18-1.mga6-1-1.mga6"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional"
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional"
 
rpm_repository_sync ()
{
214,7 → 214,7
else
echo "Nettoyage du système : "
fi
rm_rpm="shorewall mandi squid plymouth cpupower"
rm_rpm="shorewall mandi squid plymouth cpupower apache apache-mod_php apache-mod_ssl"
/usr/sbin/urpme --auto -a $rm_rpm
/usr/sbin/urpme --auto --auto-orphans
 
/web/acc/about.htm
1,6 → 1,7
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><!-- by REXY -->
<HEAD>
<META charset="utf-8">
<TITLE>bonus</TITLE>
</HEAD>
<BODY background="/images/linux_ksc2.jpg" TEXT="#FFFFFF" BGCOLOR="#000000">
78,7 → 79,7
<TD align="center"><A HREF="javascript:ouvrir('http://www.coova.org/CoovaChilli')"><img border="0" src="/images/footer_coova.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://www.freeradius.org')"><img border="0" src="/images/footer_freeradius.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://www.mariadb.org')"><img border="0" src="/images/footer_mariadb.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://www.apache.org')"><img border="0" src="/images/footer_apache.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://lighttpd.net')"><img border="0" src="/images/footer_lighttpd.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://www.php.net')"><img border="0" src="/images/footer_php.png"></A></TD>
</TR>
<TR>
/web/acc/admin/services.php
22,7 → 22,7
$l_chilli = "Passerelle d'interception";
$l_dansguardian = "Filtre d'URL et de contenu WEB";
$l_mysqld = "Serveur de la base des usagers";
$l_httpd = "Serveur WEB (Alcasar Control Center)";
$l_lighttpd = "Serveur WEB (Alcasar Control Center)";
$l_sshd = "Accès sécurisée distant";
$l_freshclam = "Mise à jour de l'antivirus toutes les 2 heures";
$l_ntpd = "Service de mise à l'heure réseau";
56,7 → 56,7
$l_chilli = "Interception gateway";
$l_dansguardian = "URL and WEB content filter";
$l_mysqld = "User database server";
$l_httpd = "WEB server (ALCASAR Control Center)";
$l_lighttpd = "WEB server (ALCASAR Control Center)";
$l_sshd = "Secure remote access";
$l_freshclam = "Antivirus update process (every 2 hours)";
$l_ntpd = "Network time server";
130,7 → 130,7
// Actions on services
//-------------------------------
//sécurité sur les actions à réaliser
$autorizeService = array("radiusd","chilli","dansguardian","mysqld","httpd","sshd","freshclam","ntpd","havp","tinyproxy","dnsmasq","dnsmasq-blacklist","dnsmasq-whitelist","dnsmasq-blackhole");
$autorizeService = array("radiusd","chilli","dansguardian","mysqld","lighttpd","sshd","freshclam","ntpd","havp","tinyproxy","dnsmasq","dnsmasq-blacklist","dnsmasq-whitelist","dnsmasq-blackhole");
$autorizeAction = array("start","stop","restart");
 
if (isset($_GET['service'])&&(in_array($_GET['service'], $autorizeService))) {
163,7 → 163,7
$MainServiceStatus['radiusd'] = checkServiceStatus("radiusd");
$MainServiceStatus['chilli'] = checkServiceStatus("chilli");
$MainServiceStatus['mysqld'] = checkServiceStatus("mysqld");
$MainServiceStatus['httpd'] = checkServiceStatus("httpd");
$MainServiceStatus['lighttpd'] = checkServiceStatus("lighttpd");
$MainServiceStatus['dnsmasq'] = checkServiceStatus("dnsmasq");
$MainServiceStatus['ulogd_ssh'] = checkServiceStatus("ulogd-ssh");
$MainServiceStatus['ulogd_ext_access'] = checkServiceStatus("ulogd-ext-access");
/web/acc/haut.php
3,7 → 3,7
 
// Inform admin log about his last connection
$admin_log = '/var/Save/security/acc_access.log';
$user_htdigest = $_SERVER['PHP_AUTH_USER'];
$user_htdigest = $_SERVER['REMOTE_USER'];
$date_system = date('d/m/Y H:i:s');
$user_ip = $_SERVER['REMOTE_ADDR'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
/web/acc/manager/htdocs/badusers.php
79,7 → 79,7
$row = da_sql_fetch_array($search,$config);
if ($row[id] == $row_id){
$admin = "$row[admin]";
if (($admin != '-' && $_SERVER["PHP_AUTH_USER"] == $admin) || $admin == '-'){
if (($admin != '-' && $_SERVER["REMOTE_USER"] == $admin) || $admin == '-'){
$sql_servers = array();
if ($config[sql_extra_servers] != '')
$sql_servers = explode(' ',$config[sql_extra_servers]);
137,7 → 137,7
</tr>
 
<?php
$auth_user = $_SERVER["PHP_AUTH_USER"];
$auth_user = $_SERVER["REMOTE_USER"];
if ($config[general_restrict_badusers_access] == 'yes'){
$auth_user = da_sql_escape_string($link,$auth_user);
$extra_query = "AND admin == '$auth_user'";
/web/acc/manager/lib/add_badusers.php
10,8 → 10,8
$lockmsg_name = $attrmap['Dialup-Lock-Msg'] . '0';
$msg = $$lockmsg_name;
$admin = '-';
if ($_SERVER["PHP_AUTH_USER"] != '')
$admin = $_SERVER["PHP_AUTH_USER"];
if ($_SERVER["REMOTE_USER"] != '')
$admin = $_SERVER["REMOTE_USER"];
if ($msg == '')
echo "<b>Lock Message should not be empty</b><br>\n";
else{
/web/acc/manager/lib/sql/drivers/mysql/functions.php
18,7 → 18,7
{
if ($config['sql_use_http_credentials'] == 'yes'){
global $HTTP_SERVER_VARS;
$SQL_user = $HTTP_SERVER_VARS["PHP_AUTH_USER"];
$SQL_user = $HTTP_SERVER_VARS["REMOTE_USER"];
$SQL_passwd = $HTTP_SERVER_VARS["PHP_AUTH_PW"];
}
else{
37,7 → 37,7
{
if (isset($config['sql_use_http_credentials']) && $config['sql_use_http_credentials'] == 'yes'){
global $HTTP_SERVER_VARS;
$SQL_user = $HTTP_SERVER_VARS["PHP_AUTH_USER"];
$SQL_user = $HTTP_SERVER_VARS["REMOTE_USER"];
$SQL_passwd = $HTTP_SERVER_VARS["PHP_AUTH_PW"];
}
else{
56,7 → 56,7
{
if (isset($config['sql_use_http_credentials']) && $config['sql_use_http_credentials'] == 'yes'){
global $HTTP_SERVER_VARS;
$SQL_user = $HTTP_SERVER_VARS["PHP_AUTH_USER"];
$SQL_user = $HTTP_SERVER_VARS["REMOTE_USER"];
$SQL_passwd = $HTTP_SERVER_VARS["PHP_AUTH_PW"];
}
else{
/web/acc/manager/lib/sql/nas_list.php
15,7 → 15,7
}
$link = da_sql_pconnect($config);
if ($link){
$auth_user = $_SERVER["PHP_AUTH_USER"];
$auth_user = $_SERVER["REMOTE_USER"];
$extra = '';
if (isset($mappings[$auth_user]['nasdb'])){
$NAS_ARR = array();
/web/acc/manager/lib/xlat.php
4,7 → 4,7
$string = $filter;
if ($filter != ''){
$string = preg_replace('/%u/',$login,$string);
$string = preg_replace('/%U/',$_SERVER["PHP_AUTH_USER"],$string);
$string = preg_replace('/%U/',$_SERVER["REMOTE_USER"],$string);
$string = preg_replace('/%ma/',$mappings[$http_user]['accounting'],$string);
$string = preg_replace('/%mu/',$mappings[$http_user]['userdb'],$string);
$string = preg_replace('/%mn/',$mappings[$http_user]['nasdb'],$string);
/web/acc/menu.php
37,7 → 37,7
fclose($file_conf);
 
// Retrieve the user's profil
$user_htdigest = $_SERVER['PHP_AUTH_USER'];
$user_htdigest = $_SERVER['REMOTE_USER'];
exec('sudo alcasar-profil.sh --list | cut -d":" -f2', $output);
$admin_members = explode(' ', ltrim($output[0], " \t"));
$backup_members = explode(' ', ltrim($output[1], " \t"));
/web/errors/error-400.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(400))</script>
</body>
</html>
/web/errors/error-401.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(401))</script>
</body>
</html>
/web/errors/error-403.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(403))</script>
</body>
</html>
/web/errors/error-404.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(404))</script>
</body>
</html>
/web/errors/error-405.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(405))</script>
</body>
</html>
/web/errors/error-408.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(408))</script>
</body>
</html>
/web/errors/error-410.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(410))</script>
</body>
</html>
/web/errors/error-411.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(411))</script>
</body>
</html>
/web/errors/error-413.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(413))</script>
</body>
</html>
/web/errors/error-414.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(414))</script>
</body>
</html>
/web/errors/error-415.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(415))</script>
</body>
</html>
/web/errors/error-500.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(500))</script>
</body>
</html>
/web/errors/error-501.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(501))</script>
</body>
</html>
/web/errors/error-502.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(502))</script>
</body>
</html>
/web/errors/error-503.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(503))</script>
</body>
</html>
/web/errors/error-506.html
0,0 → 1,22
<?php
// $Id: error.php 2237 2017-05-20 20:42:38Z tom.houdayer $
 
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>ALCASAR - </title>
<link rel="stylesheet" type="text/css" href="/css/style_intercept.css">
<script type="text/javascript" src="/js/i18n.js"></script>
<script type="text/javascript" src="/js/error_translate.js"></script>
</head>
<body>
<div id="cadre_titre" class="titre_refus">
<p id="acces_controle" class="titre_refus"></p>
<div id="boite_logo"><img src="/images/organisme.png"></div>
</div>
 
<div id="contenu_error"></div>
<script type="text/javascript">setErrorMessage(getErrorTranslation(506))</script>
</body>
</html>
/web/images/footer_lighttpd.png
Cannot display: file marked as a binary type.
svn:mime-type = image/png
Property changes:
Added: svn:mime-type
+image/png
\ No newline at end of property
/web/js/error_translate.js
0,0 → 1,42
function getErrorTranslation(statusCode) {
if(typeof translation == 'undefined') {
return;
}
 
var language = (window.navigator.userLanguage || window.navigator.language).toLowerCase().split('-')[0];
 
var title = translation['error'][language] + ' ' + statusCode;
 
if(!translation.hasOwnProperty(statusCode)) {
// Setting unknown error
statusCode = 0;
title = translation['unknown'][language];
}
 
if(!translation[statusCode].hasOwnProperty(language)) {
if(translation[statusCode].hasOwnProperty('en')) {
// Default language : english
language = 'en';
} else {
return;
}
}
 
return {
'title': title,
'message': translation[statusCode][language]
}
}
 
function setErrorMessage(data) {
if(typeof data['title'] == 'undefined' || typeof data['message'] == 'undefined') {
return;
}
 
var acces_controle = document.getElementById('acces_controle');
var contenu_error = document.getElementById('contenu_error');
 
document.title += " " + data['title'];
acces_controle.innerHTML = data['title'];
contenu_error.innerHTML = data['message'];
}
/web/js/i18n.js
0,0 → 1,78
translation = {
'error': {
'en': "Error",
'fr': "Erreur",
},
'unknown': {
'en': "Unknown error",
'fr': "Erreur inconnue",
},
400: {
'en': "The HTTP request could not be understood by the server due to malformed syntax.<br>The web browser may be too recent, or the HTTP server may be too old.",
'fr': "La requête HTTP n'a pas pu être comprise par le serveur en raison d'une syntaxe erronée.<br>Le problème peut provenir d'un navigateur web trop récent ou d'un serveur HTTP trop ancien.",
},
401: {
'en': "The request requires user authentication.<br>This means that all or a part of the requested server is protected by a password that should be given to the server to allow access to its contents.",
'fr': "La requête nécessite une identification de l'utilisateur.<br>Concrètement, cela signifie que tout ou partie du serveur contacté est protégé par un mot de passe, qu'il faut indiquer au serveur pour pouvoir accéder à son contenu.",
},
403: {
'en': "The HTTP server understood the request, but is refusing to fulfill it.<br>This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable (for example the server is an Intranet and only the LAN machines are authorized to connect).",
'fr': "Le serveur HTTP a compris la requête, mais refuse de la traiter.<br>Ce code est généralement utilisé lorsqu'un serveur ne souhaite pas indiquer pourquoi la requête a été rejetée, ou lorsque aucune autre réponse ne correspond (par exemple le serveur est un Intranet et seules les machines du réseau local sont autorisées à se connecter au serveur).",
},
404: {
'en': "The server has not found anything matching the requested address (URI) ( not found ).<br>This means the URL you have typed or cliked on is wrong or obsolete and does not match any document existing on the server (you may try to gradualy remove the URL components from the right to the left to eventualy retrieve an existing path).",
'fr': "Le serveur n'a rien trouvé qui corresponde à l'adresse (URI) demandée ( non trouvé ).<br>Cela signifie que l'URL que vous avez tapée ou cliquée est mauvaise ou obsolète et ne correspond à aucun document existant sur le serveur (vous pouvez essayez de supprimer progressivement les composants de l'URL en partant de la fin pour éventuellement retrouver un chemin d'accès existant).",
},
405: {
'en': "This code is given with the Allow header and indicates that the method used by the client is not supported for this URI.",
'fr': "Ce code indique que la méthode utilisée par le client n'est pas supportée pour cet URI.",
},
408: {
'en': "This response code means the client did not produce a full request within some predetermined time (usually specified in the server's configuration), and the server is disconnecting the network connection.",
'fr': "Le client n'a pas présenté une requête complète pendant le délai maximal qui lui était imparti, et le serveur a abandonné la connexion.",
},
410: {
'en': "This code indicates that the requested URI no longer exists and has been permanently removed from the server.",
'fr': "L'adresse (URI) demandée n'existe plus et a été définitivement supprimée du serveur.",
},
411: {
'en': "The server will not accept the request without a Content-Length header supplied in the request.",
'fr': "Le serveur a besoin de connaître la taille de cette requête pour pouvoir y répondre.",
},
413: {
'en': "The server will not process the request because its entity body is too large.",
'fr': "Le serveur ne peut traiter la requête car la taille de son contenu est trop importante.",
},
414: {
'en': "The server will not process the request because its request URI is too large.",
'fr': "Le serveur ne peut traiter la requête car la taille de l'objet (URI) a retourner est trop importante.",
},
415: {
'en': "The server will not process the request because its entity body is in an unsupported format.",
'fr': "Le serveur ne peut traiter la requête car son contenu est écrit dans un format non supporté.",
},
500: {
'en': "The HTTP server encountered an unexpected condition which prevented it from fulfilling the request.<br>For example this error can be caused by a serveur misconfiguration, or a resource exhausted or denied to the server on the host machine.",
'fr': "Le serveur HTTP a rencontré une condition inattendue qui l'a empêché de traiter la requête.<br>Cette erreur peut par exemple être le résultat d'une mauvaise configuration du serveur, ou d'une ressource épuisée ou refusée au serveur sur la machine hôte.",
},
501: {
'en': "The HTTP server does not support the functionality required to fulfill the request.<br>This is the appropriate response when the server does not recognize the request method and is not capable of supporting it for any resource (either the web browser is too recent, or the HTTP server is too old).",
'fr': "Le serveur HTTP ne supporte pas la fonctionnalité nécessaire pour traiter la requête.<br>C'est la réponse émise lorsque le serveur ne reconnaît pas la méthode indiquée dans la requête et n'est capable de la mettre en oeuvre pour aucune ressource (soit le navigateur web est trop récent, soit le serveur HTTP est trop ancien).",
},
502: {
'en': "The gateway server returned an invalid response.<br>The HTTP server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.",
'fr': "Le serveur intermédiaire a fourni une réponse invalide.<br>Le serveur HTTP a agi en tant qu'intermédiaire (passerelle ou proxy) avec un autre serveur, et a reçu de ce dernier une réponse invalide en essayant de traiter la requête.",
},
503: {
'en': "The HTTP server is currently unable to handle the request due to a temporary overloading or maintenance of the server.<br>The implication is that this is a temporary condition which will be alleviated after some delay.",
'fr': "Le serveur HTTP est actuellement incapable de traiter la requête en raison d'une surcharge temporaire ou d'une opération de maintenance.<br> Cela sous-entend l'existence d'une condition temporaire qui sera levée après un certain délai.",
},
506: {
'en': "Transparent content negotiation for the request results in a circular reference.",
'fr': "Erreur de négociation transparent content negociation.",
},
0: {
'en': "Unknown error.",
'fr': "Erreur non reconnu.",
}
}