Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2886 → Rev 2887

/alcasar.sh
797,15 → 797,16
# - archive = tarball of "base + http firewall + netflow"
# - security = watchdog log
# - conf_file = archive conf file (usefull in updating process)
for i in base archive security activity_report conf_file;
for i in base archive security activity_report iot_captures;
do
[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
done
chown -R root:apache $DIR_SAVE
# Configuring & securing php
[ -e /etc/php.d/05_date.ini ] || cp /etc/php.d/05_date.ini /etc/php.d/05_date.ini.default
timezone=`timedatectl show --property=Timezone|cut -d"=" -f2`
$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.d/05_date.ini
[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default
timezone=`cat /etc/sysconfig/clock|grep ZONE|cut -d"=" -f2`
$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.ini
$SED "s?^upload_max_filesize.*?upload_max_filesize = 100M?g" /etc/php.ini
$SED "s?^post_max_size.*?post_max_size = 100M?g" /etc/php.ini
$SED "s?^display_errors.*?display_errors = Off?" /etc/php.ini
874,9 → 875,9
# Run lighttpd after coova (in order waiting tun0 to be up)
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/lighttpd.service
# Log file for ACC access imputability
[ -e /var/Save/security/acc_access.log ] || touch /var/Save/security/acc_access.log
chown root:apache /var/Save/security/acc_access.log
chmod 664 /var/Save/security/acc_access.log
[ -e $DIR_SAVE/security/acc_access.log ] || touch $DIR_SAVE/security/acc_access.log
chown root:apache $DIR_SAVE/security/acc_access.log
chmod 664 $DIR_SAVE/security/acc_access.log
} # End of ACC()
 
#############################################################
1931,9 → 1932,9
 
# allow reading of 2 log files (fail2ban & watchdog).
[ -e /var/log/fail2ban.log ] || /usr/bin/touch /var/log/fail2ban.log
[ -e /var/Save/security/watchdog.log ] || /usr/bin/touch /var/Save/security/watchdog.log
[ -e $DIR_SAVE/security/watchdog.log ] || /usr/bin/touch $DIR_SAVE/security/watchdog.log
chmod 644 /var/log/fail2ban.log
chmod 644 /var/Save/security/watchdog.log
chmod 644 $DIR_SAVE/security/watchdog.log
/usr/bin/touch /var/log/auth.log
# fail2ban unit
[ -e /lib/systemd/system/fail2ban.service.default ] || cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default
2279,7 → 2280,7
# Load and apply the previous conf file
if [ "$mode" = "update" ]
then
$DIR_DEST_BIN/alcasar-archive.sh --now # exports current logs in /var/Save/archive
$DIR_DEST_BIN/alcasar-archive.sh --now # exports current logs in $DIR_SAVE/archive
$DIR_DEST_BIN/alcasar-conf.sh --load
PARENT_SCRIPT=`basename $0`
export PARENT_SCRIPT # to avoid stop&start process during the installation process
/scripts/alcasar-conf.sh
471,8 → 471,6
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/e2guardian/e2guardian.conf
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/french/alcasar-e2g.html
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html
# Watchdog
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh
# Prompts
$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc
# sudoers
/scripts/alcasar-iot_capture.sh
29,12 → 29,12
 
function launch
{
tcpdump ether host $1 -i $INTIF -n -w /tmp/capture_$1.pcap
tcpdump ether host $1 -i $INTIF -n -w /var/Save/iot_captures/$1.pcap
}
 
function flush
{
sudo rm /tmp/capture_$1.pcap -f
sudo rm /var/Save/iot_captures/$1.pcap -f
}
 
 
/scripts/alcasar-uninstall.sh
22,16 → 22,17
 
ACC ()
{
echo -en "(9) : "
echo -en "(10) : "
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, "
[ -d /etc/freeradius-web ] && rm -rf /etc/freeradius-web && echo -n "2, "
[ -e /etc/php.ini.default ] && mv -f /etc/php.ini.default /etc/php.ini && echo -n "3, "
[ -e /etc/lighttpd/lighttpd.conf.default ] && mv -f /etc/lighttpd/lighttpd.conf.default /etc/lighttpd/lighttpd.conf && echo -n "4, "
[ -e /etc/lighttpd/modules.conf.default ] && mv -f /etc/lighttpd/modules.conf.default /etc/lighttpd/modules.conf && echo -n "5, "
[ -e /etc/lighttpd/conf.d/fastcgi.conf.default ] && mv -f /etc/lighttpd/conf.d/fastcgi.conf.default /etc/lighttpd/conf.d/fastcgi.conf && echo -n "6, "
[ -e /etc/php-fpm.conf.default ] && mv -f /etc/php-fpm.conf.default /etc/php-fpm.conf && echo -n "7, "
[ -d /etc/lighttpd/vhosts.d ] && rm -rf /etc/lighttpd/vhosts.d && echo -n "8, "
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "9"
[ -e /etc/php.d/05_date.ini.default ] && mv -f /etc/php.d/05_date.ini.default /etc/php.d/05_date.ini && echo -n "3, "
[ -e /etc/php.ini.default ] && mv -f /etc/php.ini.default /etc/php.ini && echo -n "4, "
[ -e /etc/lighttpd/lighttpd.conf.default ] && mv -f /etc/lighttpd/lighttpd.conf.default /etc/lighttpd/lighttpd.conf && echo -n "5, "
[ -e /etc/lighttpd/modules.conf.default ] && mv -f /etc/lighttpd/modules.conf.default /etc/lighttpd/modules.conf && echo -n "6, "
[ -e /etc/lighttpd/conf.d/fastcgi.conf.default ] && mv -f /etc/lighttpd/conf.d/fastcgi.conf.default /etc/lighttpd/conf.d/fastcgi.conf && echo -n "7, "
[ -e /etc/php-fpm.conf.default ] && mv -f /etc/php-fpm.conf.default /etc/php-fpm.conf && echo -n "8, "
[ -d /etc/lighttpd/vhosts.d ] && rm -rf /etc/lighttpd/vhosts.d && echo -n "9, "
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "10"
}
 
CA ()
/scripts/alcasar-watchdog.sh
114,7 → 114,7
fi
}
 
usage="Usage: alcasar-watchdog.sh {-lt --lan_test}"
usage="Usage: alcasar-watchdog.sh {-lt --lan_test | --disconnect-permanent-users}"
case $1 in
-\? | -h* | --h*)
echo "$usage"
124,10 → 124,10
lan_test
exit 0
;;
--disconnect-permanent-users)
/bin/sed -i '/PERM/d' $current_users_file
exit 0
;;
--disconnect-permanent-users)
/bin/sed -i '/PERM/d' $current_users_file
exit 0
;;
*)
lan_test
# We disconnect inactive users (its means that their 'status.php' tab has been closed --> their ip address isn't in $current_users_file)
/web/acc/backup/sauvegarde.php
129,7 → 129,7
while ( $i > 0)
{
$i--;
echo "<a href=\"/save/$dir[$j]/$liste_f[$i]\">$liste_f[$i]</A> (";echo taille_fichier("/var/Save/".$dir[$j]."/".$liste_f[$i]);echo ")<br>\n";
echo "<a href=\"/save/$dir[$j]/$liste_f[$i]\">$liste_f[$i]</a> (";echo taille_fichier("/var/Save/".$dir[$j]."/".$liste_f[$i]);echo ")<br>\n";
}
}
echo "</td>\n";
/web/acc/manager/htdocs/activity.php
90,70 → 90,45
$l_captureoff = "Stop capture";
$l_captureonly_on = "Capture";
}
function taille_fichier($fichier)
{
$taille_fichier = filesize($fichier);
if ($taille_fichier >= 1073741824){
$taille_fichier = round($taille_fichier / 1073741824 * 100) / 100 . " Go";}
elseif ($taille_fichier >= 1048576){
$taille_fichier = round($taille_fichier / 1048576 * 100) / 100 . " Mo";}
elseif ($taille_fichier >= 1024){
$taille_fichier = round($taille_fichier / 1024 * 100) / 100 . " Ko";}
else {$taille_fichier = $taille_fichier . " o";}
return $taille_fichier;
}
 
if (isset($_POST['action'])){
$mac= str_replace ("'",'',escapeshellarg($_POST['mac_addr']));
unset($_POST['mac_addr']);
switch ($_POST['action']){
case "$l_disconnect" :
$mac= $_POST['mac_addr'];
exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($_POST['mac_addr']));
unset($_POST['mac_addr']);
exec("sudo /usr/sbin/chilli_query logout ".$mac);
break;
case "$l_stop_capture_disconnect" :
$mac= $_POST['mac_addr'];
exec('sudo /usr/local/bin/alcasar-iot_capture.sh -k '.$mac.' &>/dev/null &');
$file = '/tmp/capture_'.$mac.'.pcap';
if (file_exists($file))
{
header('Content-Description : File Transfer');
header('Content-Type: application/octet-stream');
header('Content-disposition: attachement; filename='.basename($file).'');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Lenght: '.filesize($file));
readfile($file);
exec('sudo /usr/local/bin/alcasar-iot_capture.sh -f '.$macc);
exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($_POST['mac_addr']));
unset($_POST['mac_addr']);
exit;
}
exec("sudo /usr/sbin/chilli_query logout ".$mac);
break;
case "$l_dissociate" :
exec("sudo /usr/sbin/chilli_query dhcp-release ".escapeshellarg($_POST['mac_addr']));
unset($_POST['mac_addr']);
exec("sudo /usr/sbin/chilli_query dhcp-release ".$mac);
break;
case "$l_connect" :
exec("sudo /usr/sbin/chilli_query authorize mac ".escapeshellarg($_POST['mac_addr']));
unset($_POST['mac_addr']);
exec("sudo /usr/sbin/chilli_query authorize mac ".$mac);
break;
case "$l_captureon" :
$mac= $_POST['mac_addr'];
exec('sudo /usr/local/bin/alcasar-iot_capture.sh -l '.$mac.' &>/dev/null &');
exec("sudo /usr/sbin/chilli_query authorize mac ".escapeshellarg($_POST['mac_addr']));
unset($_POST['mac_addr']);
exec("sudo /usr/sbin/chilli_query authorize mac ".$mac);
break;
case "$l_captureonly_on" :
$mac= $_POST['mac_addr'];
exec('sudo /usr/local/bin/alcasar-iot_capture.sh -l '.$mac.' &>/dev/null &');
break;
case "$l_captureoff" :
$mac= $_POST['mac_addr'];
exec('sudo /usr/local/bin/alcasar-iot_capture.sh -k '.$mac.' &>/dev/null &');
$file = '/tmp/capture_'.$mac.'.pcap';
if (file_exists($file))
{
header('Content-Description : File Transfer');
header('Content-Type: application/octet-stream');
header('Content-disposition: attachement; filename='.basename($file).'');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Lenght: '.filesize($file));
readfile($file);
exec('sudo /usr/local/bin/alcasar-iot_capture.sh -f '.$mac);
unset($_POST['mac_addr']);
exit;
}
break;
}
}
250,7 → 225,12
else
{
echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_disconnect\">";
echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureonly_on\">";
echo "<BR><INPUT type=\"submit\" name=\"action\" value=\"$l_captureonly_on\">";
$file = '/var/Save/iot_captures/'.$mac.'.pcap';
if (file_exists($file))
{
echo "<BR><a href=\"/save/iot_captures/$mac.pcap\">$mac.pcap</a> (";echo taille_fichier("/var/Save/iot_captures/".$mac.".pcap");echo ")";
}
}
}
else
295,12 → 275,17
{
if(exec('sudo /usr/local/bin/alcasar-iot_capture.sh -i '.$detail[0]) == "CaptureON")
{
echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureoff\">";
echo "<BR><INPUT type=\"submit\" name=\"action\" value=\"$l_captureoff\">";
}
else
{
echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureon\">";
echo "<BR><INPUT type=\"submit\" name=\"action\" value=\"$l_captureon\">";
echo "<INPUT type=\"submit\" name=\"action\" value=\"$l_captureonly_on\">";
$file = '/var/Save/iot_captures/'.$mac.'.pcap';
if (file_exists($file))
{
echo "<BR><a href=\"/save/iot_captures/$mac.pcap\">$mac.pcap</a> (";echo taille_fichier("/var/Save/iot_captures/".$mac.".pcap");echo ")";
}
}
}
echo "</FORM></TD>";
/web/acc/manager/html/user_admin.html.php
21,7 → 21,6
if (isset($logged_now) && $logged_now)
print <<<EOM
<script Language="JavaScript">
<!--
var start;
var our_time;
 
55,7 → 54,6
document.online.status.value = timeValue;
setTimeout("showcounter()", 1000);
}
//-->
</script>
EOM;
 
221,199 → 219,6
</table>
</table>
</table>
<br>
EOM;
/*
if ($user_info){
echo <<<EOM
<table border=0 width=620 cellpadding=1 cellspacing=1>
<tr valign=top>
<td width=340></td>
<td bgcolor="black" width=250>
<table border=0 width=100% cellpadding=2 cellspacing=0>
<tr bgcolor="#907030" align=right valign=top><th>
<font color="white">Informations personnelles</font>
</th></tr>
</table>
</td></tr>
<tr bgcolor="black" valign=top><td colspan=2>
<table border=0 width=100% cellpadding=12 cellspacing=0 bgcolor="#ffffd0" valign=top>
<tr><td>
<table border=1 bordercolordark=#ffffe0 bordercolorlight=#000000 width=100% cellpadding=2 cellspacing=0 bgcolor="#ffffe0" valign=top>
<tr>
<td align=center bgcolor="#d0ddb0">
<b>nom</b>
</td>
<td>
$cn
</td>
</tr>
EOM;
if ($config[general_prefered_lang] != 'en'){
echo <<<EOM
<tr>
<td align=center bgcolor="#d0ddb0">
<b>nom ($config[general_prefered_lang_name])</b>
</td>
<td>
$cn_lang
</td>
</tr>
EOM;
}
echo <<<EOM
<tr>
<td align=center bgcolor="#d0ddb0">
<b>service</b>
</td>
<td>
$ou
</td>
</tr>
EOM;
if ($config[general_prefered_lang] != 'en'){
echo <<<EOM
<tr>
<td align=center bgcolor="#d0ddb0">
<b>service ($config[general_prefered_lang_name])</b>
</td>
<td>
$ou_lang
</td>
</tr>
EOM;
}
echo <<<EOM
<tr>
<td align=center bgcolor="#d0ddb0">
<b>titre</b>
</td>
<td>
$title
</td>
</tr>
EOM;
if ($config[general_prefered_lang] != 'en'){
echo <<<EOM
<tr>
<td align=center bgcolor="#d0ddb0">
<b>title ($config[general_prefered_lang_name])</b>
</td>
<td>
$title_lang
</td>
</tr>
EOM;
}
echo <<<EOM
<tr>
<td align=center bgcolor="#d0ddb0">
<b>adresse</b>
</td>
<td>
$address
</td>
</tr>
EOM;
if ($config[general_prefered_lang] != 'en'){
echo <<<EOM
<tr>
<td align=center bgcolor="#d0ddb0">
<b>adresse ($config[general_prefered_lang_name])</b>
</td>
<td>
$address_lang
</td>
</tr>
EOM;
}
echo <<<EOM
<tr>
<td align=center bgcolor="#d0ddb0">
<b>adresse personnelle</b>
</td>
<td>
$homeaddress
</td>
</tr>
EOM;
if ($config[general_prefered_lang] != 'en'){
echo <<<EOM
<tr>
<td align=center bgcolor="#d0ddb0">
<b>adresse personnelle ($config[general_prefered_lang_name])</b>
</td>
<td>
$homeaddress_lang
</td>
</tr>
EOM;
}
echo <<<EOM
<tr>
<td align=center bgcolor="#d0ddb0">
<b>t&eacute;l&eacute;phone</b>
</td>
<td>
$telephonenumber
</td>
</tr>
<tr>
<td align=center bgcolor="#d0ddb0">
<b>t&eacute;l&eacute;phone personnel</b>
</td>
<td>
$homephone
</td>
</tr>
<tr>
<td align=center bgcolor="#d0ddb0">
<b>mobile</b>
</td>
<td>
$mobile
</td>
</tr>
<tr>
<td align=center bgcolor="#d0ddb0">
<b>fax</b>
</td>
<td>
$fax
</td>
</tr>
<tr>
<td align=center bgcolor="#d0ddb0">
<b>home page</b>
</td>
<td>
<a href="$url" target=userpage onclick=window.open("$url","userpage","width=1000,height=550,toolbar=no,scrollbars=yes,resizable=yes") title="Aller à&agrave; la page d'accueil de l'utilisateur">$url</a>
</td>
</tr>
<tr>
<td align=center bgcolor="#d0ddb0">
<b>e-mail</b>
</td>
<td>
<a href="mailto: $mail" title="Envoyer un email">$mail</a>
</td>
</tr>
<tr>
<td align=center bgcolor="#d0ddb0">
<b>e-mail alias</b>
</td>
<td>
<a href="mailto: $mailalt" title="Envoyer un email">$mailalt</a>
</td>
</tr>
</table>
</table>
</table>
 
EOM;
}
*/
print <<<EOM
</tr></table>
EOM;
if (isset($logged_now) && $logged_now)
/web/acc/welcome.php
68,6 → 68,7
$Language = strtolower(substr(chop($Langue[0]), 0, 2));
}
if ($Language === 'fr') {
$locale_time = "fr_FR";
$l_title = "Bienvenue dans l'ACC (ALCASAR Control Center)";
$l_internet_link = "Connexion Internet";
$l_enable = "Active";
76,9 → 77,10
$l_available = "Version disponible";
$l_users = "Nombre d'utilisateurs / connectés";
$l_groups = "Nombre de groupes";
$l_bl_version = "Date de la blacklist";
$l_system_date = "Date du système";
}
else if ($Language === 'es') {
$locale_time = "es_ES";
$l_title = "Bienvenido al ACC (Centro de Control de ALCASAR)";
$l_internet_link = "Conexión a Internet";
$l_enable = "Activo";
87,9 → 89,10
$l_available = "Versión disponible";
$l_users = "Número de usuarios / conectados";
$l_groups = "Número de grupos";
$l_bl_version = "Fecha de la lista negra";
$l_system_date = "Fecha del sistema";
}
else {
$locale_time = "en_EN";
$l_title = "Welcome in ACC (ALCASAR Control Center)";
$l_internet_link = "Internet connection";
$l_enable = "Enabled";
98,7 → 101,7
$l_available = "Available version";
$l_users = "Number of users / connected.";
$l_groups = "Number of groups";
$l_bl_version = "Blacklist date";
$l_system_data = "System date";
}
?>
<!DOCTYPE html>
127,7 → 130,8
fclose($file_conf);
// Get current version
$INSTALLEDVERSION = $conf['VERSION'];
$VERSIONBL = date ("F d Y", filemtime ('/etc/e2guardian/lists/blacklists/README'));
setlocale (LC_TIME, $locale_time);
$SYSTEM_DATE = strftime('%A, %e %B %Y, %T %Z');
$nb_users = request ('user');
$nb_groups = request ('group');
$nb_online_users = exec ("sudo /usr/sbin/chilli_query list | cut -d\" \" -f5 | grep \"1\" | wc -l");
149,7 → 153,7
echo "</div><div class=\"panel-cell\">";
echo $l_users." : ".$nb_users." / ".$nb_online_users."<br>\n";
echo $l_groups." : ".$nb_groups."<br>\n";
echo $l_bl_version." : ".$VERSIONBL."<br>\n";
echo $l_system_date." : ".$SYSTEM_DATE."<br>\n";
?>
</div>
</div>