/alcasar.sh |
---|
797,15 → 797,16 |
# - archive = tarball of "base + http firewall + netflow" |
# - security = watchdog log |
# - conf_file = archive conf file (usefull in updating process) |
for i in base archive security activity_report conf_file; |
for i in base archive security activity_report iot_captures; |
do |
[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i |
done |
chown -R root:apache $DIR_SAVE |
# Configuring & securing php |
[ -e /etc/php.d/05_date.ini ] || cp /etc/php.d/05_date.ini /etc/php.d/05_date.ini.default |
timezone=`timedatectl show --property=Timezone|cut -d"=" -f2` |
$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.d/05_date.ini |
[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default |
timezone=`cat /etc/sysconfig/clock|grep ZONE|cut -d"=" -f2` |
$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.ini |
$SED "s?^upload_max_filesize.*?upload_max_filesize = 100M?g" /etc/php.ini |
$SED "s?^post_max_size.*?post_max_size = 100M?g" /etc/php.ini |
$SED "s?^display_errors.*?display_errors = Off?" /etc/php.ini |
874,9 → 875,9 |
# Run lighttpd after coova (in order waiting tun0 to be up) |
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/lighttpd.service |
# Log file for ACC access imputability |
[ -e /var/Save/security/acc_access.log ] || touch /var/Save/security/acc_access.log |
chown root:apache /var/Save/security/acc_access.log |
chmod 664 /var/Save/security/acc_access.log |
[ -e $DIR_SAVE/security/acc_access.log ] || touch $DIR_SAVE/security/acc_access.log |
chown root:apache $DIR_SAVE/security/acc_access.log |
chmod 664 $DIR_SAVE/security/acc_access.log |
} # End of ACC() |
############################################################# |
1931,9 → 1932,9 |
# allow reading of 2 log files (fail2ban & watchdog). |
[ -e /var/log/fail2ban.log ] || /usr/bin/touch /var/log/fail2ban.log |
[ -e /var/Save/security/watchdog.log ] || /usr/bin/touch /var/Save/security/watchdog.log |
[ -e $DIR_SAVE/security/watchdog.log ] || /usr/bin/touch $DIR_SAVE/security/watchdog.log |
chmod 644 /var/log/fail2ban.log |
chmod 644 /var/Save/security/watchdog.log |
chmod 644 $DIR_SAVE/security/watchdog.log |
/usr/bin/touch /var/log/auth.log |
# fail2ban unit |
[ -e /lib/systemd/system/fail2ban.service.default ] || cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default |
2279,7 → 2280,7 |
# Load and apply the previous conf file |
if [ "$mode" = "update" ] |
then |
$DIR_DEST_BIN/alcasar-archive.sh --now # exports current logs in /var/Save/archive |
$DIR_DEST_BIN/alcasar-archive.sh --now # exports current logs in $DIR_SAVE/archive |
$DIR_DEST_BIN/alcasar-conf.sh --load |
PARENT_SCRIPT=`basename $0` |
export PARENT_SCRIPT # to avoid stop&start process during the installation process |
/scripts/alcasar-conf.sh |
---|
471,8 → 471,6 |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/e2guardian/e2guardian.conf |
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/french/alcasar-e2g.html |
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html |
# Watchdog |
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh |
# Prompts |
$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc |
# sudoers |
/scripts/alcasar-iot_capture.sh |
---|
29,12 → 29,12 |
function launch |
{ |
tcpdump ether host $1 -i $INTIF -n -w /tmp/capture_$1.pcap |
tcpdump ether host $1 -i $INTIF -n -w /var/Save/iot_captures/$1.pcap |
} |
function flush |
{ |
sudo rm /tmp/capture_$1.pcap -f |
sudo rm /var/Save/iot_captures/$1.pcap -f |
} |
/scripts/alcasar-uninstall.sh |
---|
22,16 → 22,17 |
ACC () |
{ |
echo -en "(9) : " |
echo -en "(10) : " |
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, " |
[ -d /etc/freeradius-web ] && rm -rf /etc/freeradius-web && echo -n "2, " |
[ -e /etc/php.ini.default ] && mv -f /etc/php.ini.default /etc/php.ini && echo -n "3, " |
[ -e /etc/lighttpd/lighttpd.conf.default ] && mv -f /etc/lighttpd/lighttpd.conf.default /etc/lighttpd/lighttpd.conf && echo -n "4, " |
[ -e /etc/lighttpd/modules.conf.default ] && mv -f /etc/lighttpd/modules.conf.default /etc/lighttpd/modules.conf && echo -n "5, " |
[ -e /etc/lighttpd/conf.d/fastcgi.conf.default ] && mv -f /etc/lighttpd/conf.d/fastcgi.conf.default /etc/lighttpd/conf.d/fastcgi.conf && echo -n "6, " |
[ -e /etc/php-fpm.conf.default ] && mv -f /etc/php-fpm.conf.default /etc/php-fpm.conf && echo -n "7, " |
[ -d /etc/lighttpd/vhosts.d ] && rm -rf /etc/lighttpd/vhosts.d && echo -n "8, " |
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "9" |
[ -e /etc/php.d/05_date.ini.default ] && mv -f /etc/php.d/05_date.ini.default /etc/php.d/05_date.ini && echo -n "3, " |
[ -e /etc/php.ini.default ] && mv -f /etc/php.ini.default /etc/php.ini && echo -n "4, " |
[ -e /etc/lighttpd/lighttpd.conf.default ] && mv -f /etc/lighttpd/lighttpd.conf.default /etc/lighttpd/lighttpd.conf && echo -n "5, " |
[ -e /etc/lighttpd/modules.conf.default ] && mv -f /etc/lighttpd/modules.conf.default /etc/lighttpd/modules.conf && echo -n "6, " |
[ -e /etc/lighttpd/conf.d/fastcgi.conf.default ] && mv -f /etc/lighttpd/conf.d/fastcgi.conf.default /etc/lighttpd/conf.d/fastcgi.conf && echo -n "7, " |
[ -e /etc/php-fpm.conf.default ] && mv -f /etc/php-fpm.conf.default /etc/php-fpm.conf && echo -n "8, " |
[ -d /etc/lighttpd/vhosts.d ] && rm -rf /etc/lighttpd/vhosts.d && echo -n "9, " |
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "10" |
} |
CA () |
/scripts/alcasar-watchdog.sh |
---|
114,7 → 114,7 |
fi |
} |
usage="Usage: alcasar-watchdog.sh {-lt --lan_test}" |
usage="Usage: alcasar-watchdog.sh {-lt --lan_test | --disconnect-permanent-users}" |
case $1 in |
-\? | -h* | --h*) |
echo "$usage" |
124,10 → 124,10 |
lan_test |
exit 0 |
;; |
--disconnect-permanent-users) |
/bin/sed -i '/PERM/d' $current_users_file |
exit 0 |
;; |
--disconnect-permanent-users) |
/bin/sed -i '/PERM/d' $current_users_file |
exit 0 |
;; |
*) |
lan_test |
# We disconnect inactive users (its means that their 'status.php' tab has been closed --> their ip address isn't in $current_users_file) |
/web/acc/backup/sauvegarde.php |
---|
129,7 → 129,7 |
while ( $i > 0) |
{ |
$i--; |
echo "<a href=\"/save/$dir[$j]/$liste_f[$i]\">$liste_f[$i]</A> (";echo taille_fichier("/var/Save/".$dir[$j]."/".$liste_f[$i]);echo ")<br>\n"; |
echo "<a href=\"/save/$dir[$j]/$liste_f[$i]\">$liste_f[$i]</a> (";echo taille_fichier("/var/Save/".$dir[$j]."/".$liste_f[$i]);echo ")<br>\n"; |
} |
} |
echo "</td>\n"; |
/web/acc/manager/htdocs/activity.php |
---|
90,70 → 90,45 |
$l_captureoff = "Stop capture"; |
$l_captureonly_on = "Capture"; |
} |
function taille_fichier($fichier) |
{ |
$taille_fichier = filesize($fichier); |
if ($taille_fichier >= 1073741824){ |
$taille_fichier = round($taille_fichier / 1073741824 * 100) / 100 . " Go";} |
elseif ($taille_fichier >= 1048576){ |
$taille_fichier = round($taille_fichier / 1048576 * 100) / 100 . " Mo";} |
elseif ($taille_fichier >= 1024){ |
$taille_fichier = round($taille_fichier / 1024 * 100) / 100 . " Ko";} |
else {$taille_fichier = $taille_fichier . " o";} |
return $taille_fichier; |
} |
if (isset($_POST['action'])){ |
$mac= str_replace ("'",'',escapeshellarg($_POST['mac_addr'])); |
unset($_POST['mac_addr']); |
switch ($_POST['action']){ |
case "$l_disconnect" : |
$mac= $_POST['mac_addr']; |
exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($_POST['mac_addr'])); |
unset($_POST['mac_addr']); |
exec("sudo /usr/sbin/chilli_query logout ".$mac); |
break; |
case "$l_stop_capture_disconnect" : |
$mac= $_POST['mac_addr']; |
exec('sudo /usr/local/bin/alcasar-iot_capture.sh -k '.$mac.' &>/dev/null &'); |
$file = '/tmp/capture_'.$mac.'.pcap'; |
if (file_exists($file)) |
{ |
header('Content-Description : File Transfer'); |
header('Content-Type: application/octet-stream'); |
header('Content-disposition: attachement; filename='.basename($file).''); |
header('Expires: 0'); |
header('Cache-Control: must-revalidate'); |
header('Pragma: public'); |
header('Content-Lenght: '.filesize($file)); |
readfile($file); |
exec('sudo /usr/local/bin/alcasar-iot_capture.sh -f '.$macc); |
exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($_POST['mac_addr'])); |
unset($_POST['mac_addr']); |
exit; |
} |
exec("sudo /usr/sbin/chilli_query logout ".$mac); |
break; |
case "$l_dissociate" : |
exec("sudo /usr/sbin/chilli_query dhcp-release ".escapeshellarg($_POST['mac_addr'])); |
unset($_POST['mac_addr']); |
exec("sudo /usr/sbin/chilli_query dhcp-release ".$mac); |
break; |
case "$l_connect" : |
exec("sudo /usr/sbin/chilli_query authorize mac ".escapeshellarg($_POST['mac_addr'])); |
unset($_POST['mac_addr']); |
exec("sudo /usr/sbin/chilli_query authorize mac ".$mac); |
break; |
case "$l_captureon" : |
$mac= $_POST['mac_addr']; |
exec('sudo /usr/local/bin/alcasar-iot_capture.sh -l '.$mac.' &>/dev/null &'); |
exec("sudo /usr/sbin/chilli_query authorize mac ".escapeshellarg($_POST['mac_addr'])); |
unset($_POST['mac_addr']); |
exec("sudo /usr/sbin/chilli_query authorize mac ".$mac); |
break; |
case "$l_captureonly_on" : |
$mac= $_POST['mac_addr']; |
exec('sudo /usr/local/bin/alcasar-iot_capture.sh -l '.$mac.' &>/dev/null &'); |
break; |
case "$l_captureoff" : |
$mac= $_POST['mac_addr']; |
exec('sudo /usr/local/bin/alcasar-iot_capture.sh -k '.$mac.' &>/dev/null &'); |
$file = '/tmp/capture_'.$mac.'.pcap'; |
if (file_exists($file)) |
{ |
header('Content-Description : File Transfer'); |
header('Content-Type: application/octet-stream'); |
header('Content-disposition: attachement; filename='.basename($file).''); |
header('Expires: 0'); |
header('Cache-Control: must-revalidate'); |
header('Pragma: public'); |
header('Content-Lenght: '.filesize($file)); |
readfile($file); |
exec('sudo /usr/local/bin/alcasar-iot_capture.sh -f '.$mac); |
unset($_POST['mac_addr']); |
exit; |
} |
break; |
} |
} |
250,7 → 225,12 |
else |
{ |
echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_disconnect\">"; |
echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureonly_on\">"; |
echo "<BR><INPUT type=\"submit\" name=\"action\" value=\"$l_captureonly_on\">"; |
$file = '/var/Save/iot_captures/'.$mac.'.pcap'; |
if (file_exists($file)) |
{ |
echo "<BR><a href=\"/save/iot_captures/$mac.pcap\">$mac.pcap</a> (";echo taille_fichier("/var/Save/iot_captures/".$mac.".pcap");echo ")"; |
} |
} |
} |
else |
295,12 → 275,17 |
{ |
if(exec('sudo /usr/local/bin/alcasar-iot_capture.sh -i '.$detail[0]) == "CaptureON") |
{ |
echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureoff\">"; |
echo "<BR><INPUT type=\"submit\" name=\"action\" value=\"$l_captureoff\">"; |
} |
else |
{ |
echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureon\">"; |
echo "<BR><INPUT type=\"submit\" name=\"action\" value=\"$l_captureon\">"; |
echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureonly_on\">"; |
$file = '/var/Save/iot_captures/'.$mac.'.pcap'; |
if (file_exists($file)) |
{ |
echo "<BR><a href=\"/save/iot_captures/$mac.pcap\">$mac.pcap</a> (";echo taille_fichier("/var/Save/iot_captures/".$mac.".pcap");echo ")"; |
} |
} |
} |
echo "</FORM></TD>"; |
/web/acc/manager/html/user_admin.html.php |
---|
21,7 → 21,6 |
if (isset($logged_now) && $logged_now) |
print <<<EOM |
<script Language="JavaScript"> |
<!-- |
var start; |
var our_time; |
55,7 → 54,6 |
document.online.status.value = timeValue; |
setTimeout("showcounter()", 1000); |
} |
//--> |
</script> |
EOM; |
221,199 → 219,6 |
</table> |
</table> |
</table> |
<br> |
EOM; |
/* |
if ($user_info){ |
echo <<<EOM |
<table border=0 width=620 cellpadding=1 cellspacing=1> |
<tr valign=top> |
<td width=340></td> |
<td bgcolor="black" width=250> |
<table border=0 width=100% cellpadding=2 cellspacing=0> |
<tr bgcolor="#907030" align=right valign=top><th> |
<font color="white">Informations personnelles</font> |
</th></tr> |
</table> |
</td></tr> |
<tr bgcolor="black" valign=top><td colspan=2> |
<table border=0 width=100% cellpadding=12 cellspacing=0 bgcolor="#ffffd0" valign=top> |
<tr><td> |
<table border=1 bordercolordark=#ffffe0 bordercolorlight=#000000 width=100% cellpadding=2 cellspacing=0 bgcolor="#ffffe0" valign=top> |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>nom</b> |
</td> |
<td> |
$cn |
</td> |
</tr> |
EOM; |
if ($config[general_prefered_lang] != 'en'){ |
echo <<<EOM |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>nom ($config[general_prefered_lang_name])</b> |
</td> |
<td> |
$cn_lang |
</td> |
</tr> |
EOM; |
} |
echo <<<EOM |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>service</b> |
</td> |
<td> |
$ou |
</td> |
</tr> |
EOM; |
if ($config[general_prefered_lang] != 'en'){ |
echo <<<EOM |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>service ($config[general_prefered_lang_name])</b> |
</td> |
<td> |
$ou_lang |
</td> |
</tr> |
EOM; |
} |
echo <<<EOM |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>titre</b> |
</td> |
<td> |
$title |
</td> |
</tr> |
EOM; |
if ($config[general_prefered_lang] != 'en'){ |
echo <<<EOM |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>title ($config[general_prefered_lang_name])</b> |
</td> |
<td> |
$title_lang |
</td> |
</tr> |
EOM; |
} |
echo <<<EOM |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>adresse</b> |
</td> |
<td> |
$address |
</td> |
</tr> |
EOM; |
if ($config[general_prefered_lang] != 'en'){ |
echo <<<EOM |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>adresse ($config[general_prefered_lang_name])</b> |
</td> |
<td> |
$address_lang |
</td> |
</tr> |
EOM; |
} |
echo <<<EOM |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>adresse personnelle</b> |
</td> |
<td> |
$homeaddress |
</td> |
</tr> |
EOM; |
if ($config[general_prefered_lang] != 'en'){ |
echo <<<EOM |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>adresse personnelle ($config[general_prefered_lang_name])</b> |
</td> |
<td> |
$homeaddress_lang |
</td> |
</tr> |
EOM; |
} |
echo <<<EOM |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>téléphone</b> |
</td> |
<td> |
$telephonenumber |
</td> |
</tr> |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>téléphone personnel</b> |
</td> |
<td> |
$homephone |
</td> |
</tr> |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>mobile</b> |
</td> |
<td> |
$mobile |
</td> |
</tr> |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>fax</b> |
</td> |
<td> |
$fax |
</td> |
</tr> |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>home page</b> |
</td> |
<td> |
<a href="$url" target=userpage onclick=window.open("$url","userpage","width=1000,height=550,toolbar=no,scrollbars=yes,resizable=yes") title="Aller àà la page d'accueil de l'utilisateur">$url</a> |
</td> |
</tr> |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>e-mail</b> |
</td> |
<td> |
<a href="mailto: $mail" title="Envoyer un email">$mail</a> |
</td> |
</tr> |
<tr> |
<td align=center bgcolor="#d0ddb0"> |
<b>e-mail alias</b> |
</td> |
<td> |
<a href="mailto: $mailalt" title="Envoyer un email">$mailalt</a> |
</td> |
</tr> |
</table> |
</table> |
</table> |
EOM; |
} |
*/ |
print <<<EOM |
</tr></table> |
EOM; |
if (isset($logged_now) && $logged_now) |
/web/acc/welcome.php |
---|
68,6 → 68,7 |
$Language = strtolower(substr(chop($Langue[0]), 0, 2)); |
} |
if ($Language === 'fr') { |
$locale_time = "fr_FR"; |
$l_title = "Bienvenue dans l'ACC (ALCASAR Control Center)"; |
$l_internet_link = "Connexion Internet"; |
$l_enable = "Active"; |
76,9 → 77,10 |
$l_available = "Version disponible"; |
$l_users = "Nombre d'utilisateurs / connectés"; |
$l_groups = "Nombre de groupes"; |
$l_bl_version = "Date de la blacklist"; |
$l_system_date = "Date du système"; |
} |
else if ($Language === 'es') { |
$locale_time = "es_ES"; |
$l_title = "Bienvenido al ACC (Centro de Control de ALCASAR)"; |
$l_internet_link = "Conexión a Internet"; |
$l_enable = "Activo"; |
87,9 → 89,10 |
$l_available = "Versión disponible"; |
$l_users = "Número de usuarios / conectados"; |
$l_groups = "Número de grupos"; |
$l_bl_version = "Fecha de la lista negra"; |
$l_system_date = "Fecha del sistema"; |
} |
else { |
$locale_time = "en_EN"; |
$l_title = "Welcome in ACC (ALCASAR Control Center)"; |
$l_internet_link = "Internet connection"; |
$l_enable = "Enabled"; |
98,7 → 101,7 |
$l_available = "Available version"; |
$l_users = "Number of users / connected."; |
$l_groups = "Number of groups"; |
$l_bl_version = "Blacklist date"; |
$l_system_data = "System date"; |
} |
?> |
<!DOCTYPE html> |
127,7 → 130,8 |
fclose($file_conf); |
// Get current version |
$INSTALLEDVERSION = $conf['VERSION']; |
$VERSIONBL = date ("F d Y", filemtime ('/etc/e2guardian/lists/blacklists/README')); |
setlocale (LC_TIME, $locale_time); |
$SYSTEM_DATE = strftime('%A, %e %B %Y, %T %Z'); |
$nb_users = request ('user'); |
$nb_groups = request ('group'); |
$nb_online_users = exec ("sudo /usr/sbin/chilli_query list | cut -d\" \" -f5 | grep \"1\" | wc -l"); |
149,7 → 153,7 |
echo "</div><div class=\"panel-cell\">"; |
echo $l_users." : ".$nb_users." / ".$nb_online_users."<br>\n"; |
echo $l_groups." : ".$nb_groups."<br>\n"; |
echo $l_bl_version." : ".$VERSIONBL."<br>\n"; |
echo $l_system_date." : ".$SYSTEM_DATE."<br>\n"; |
?> |
</div> |
</div> |