Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2936 → Rev 2937

/CHANGELOG
12,6 → 12,7
- adapt CA certificate to edge/chrome (add the "Subject Alt Name" - SAN)
- improve "alcasar-CA.sh" script : can create server certificate for every hostname (not only alcasar.localdomain)
- kernel 5.10.14 + coova-chilli 1.6 + nfdump 1.6.22
- move all alcasar systemd units in "/etc/systemd" (compliant with Linux file-hierarchy)
BUGS
- Fix a display bug in ACC activity & stat page
- Add the CA chain certificates in Coova in order to allow authentication with the last versions of Chrome/Edge
/alcasar.sh
735,8 → 735,8
# load ipt_NETFLOW module
echo "ipt_NETFLOW" >> /etc/modprobe.preload
# modify iptables service files (start with "alcasar-iptables.sh" and stop with flush)
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
cp /lib/systemd/system/iptables.service /etc/systemd/system/iptables.service
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /etc/systemd/system/iptables.service
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default
$SED "s?\[ -f \$IPTABLES_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test (flush all rules & policies)
#
803,7 → 803,7
done
chown -R root:apache $DIR_SAVE
# Configuring & securing php
[ -e /etc/php.d/05_date.ini ] || cp /etc/php.d/05_date.ini /etc/php.d/05_date.ini.default
[ -e /etc/php.d/05_date.ini.default ] || cp /etc/php.d/05_date.ini /etc/php.d/05_date.ini.default
timezone=`timedatectl show --property=Timezone|cut -d"=" -f2`
$SED "s?^;date.timezone =.*?date.timezone = $timezone?g" /etc/php.d/05_date.ini
[ -e /etc/php.ini.default ] || cp /etc/php.ini /etc/php.ini.default
873,7 → 873,8
[ -d /var/www/html/certs ] || mkdir /var/www/html/certs
ln -s /etc/pki/CA/alcasar-ca.crt /var/www/html/certs/certificat_alcasar_ca.crt
# Run lighttpd after coova (in order waiting tun0 to be up)
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /lib/systemd/system/lighttpd.service
cp /lib/systemd/system/lighttpd.service /etc/systemd/system/lighttpd.service
$SED "s?^After=.*?After=network.target remote-fs.target nss-lookup.target chilli.service?g" /etc/systemd/system/lighttpd.service
# Log file for ACC access imputability
[ -e $DIR_SAVE/security/acc_access.log ] || touch $DIR_SAVE/security/acc_access.log
chown root:apache $DIR_SAVE/security/acc_access.log
959,9 → 960,9
# Add an empty radius database structure
/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/empty-radiusd-db.sql
# modify the start script in order to close accounting connexion when the system is comming down or up
[ -e /lib/systemd/system/mysqld.service.default ] || cp /lib/systemd/system/mysqld.service /lib/systemd/system/mysqld.service.default
$SED "/^ExecStart=/a ExecStop=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /usr/lib/systemd/system/mysqld.service
$SED "/^ExecStop=/a ExecStartPost=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service
cp /lib/systemd/system/mysqld.service /etc/systemd/system/mysqld.service
$SED "/^ExecStart=/a ExecStop=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /etc/systemd/system/mysqld.service
$SED "/^ExecStop=/a ExecStartPost=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /etc/systemd/system/mysqld.service
/usr/bin/systemctl unset-environment MYSQLD_OPTS
/usr/bin/systemctl daemon-reload
} # End of init_db()
1044,8 → 1045,8
cp -f $DIR_CONF/radius/sqlcounter /etc/raddb/mods-available/sqlcounter
chown -R radius:radius /etc/raddb/mods-available/sqlcounter
# make certain that mysql is up before freeradius start
[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
cp /lib/systemd/system/radiusd.service /etc/systemd/system/radiusd.service
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /etc/systemd/system/radiusd.service
/usr/bin/systemctl daemon-reload
# Allow apache to change some conf files (ie : ldap on/off)
chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available
1060,7 → 1061,7
chilli()
{
# chilli unit for systemd
cat << EOF > /lib/systemd/system/chilli.service
cat << EOF > /etc/systemd/system/chilli.service
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
1260,11 → 1261,11
e2guardian()
{
# Adapt systemd unit
[ -e /lib/systemd/system/e2guardian.service.default ] || cp /lib/systemd/system/e2guardian.service /lib/systemd/system/e2guardian.service.default
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/e2guardian -c /etc/e2guardian/e2guardian.conf?g" /lib/systemd/system/e2guardian.service
$SED "s?^After=.*?After=network.target chilli.service?g" /lib/systemd/system/e2guardian.service
cp /lib/systemd/system/e2guardian.service /etc/systemd/system/e2guardian.service
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/e2guardian -c /etc/e2guardian/e2guardian.conf?g" /etc/systemd/system/e2guardian.service
$SED "s?^After=.*?After=network.target chilli.service?g" /etc/systemd/system/e2guardian.service
# Adapt the main conf file
[ -e $DIR_DG/e2guardian.conf.default ] || cp $DIR_DG/e2guardian.conf $DIR_DG/e2guardian.conf.default
# Adapt the main conf file
# French deny HTML page
$SED "s?^language =.*?language = 'french'?g" $DIR_DG/e2guardian.conf
# 2 filtergroups (8080 & 8090)
1370,14 → 1371,14
##################################################################
antivirus()
{
# Clamd adaptation to e2guardian
[ -e /lib/systemd/system/clamav-daemon.service.default ] || cp /lib/systemd/system/clamav-daemon.service /lib/systemd/system/clamav-daemon.service.default
$SED "/^[Service]/a ExecStartPre=\/bin\/chown e2guardian:e2guardian \/run\/clamav" /lib/systemd/system/clamav-daemon.service
$SED "/^[Service]/a ExecStartPre=\/bin\/mkdir -p \/run\/clamav" /lib/systemd/system/clamav-daemon.service
[ -e /lib/systemd/system/clamav-daemon.socket.default ] || cp /lib/systemd/system/clamav-daemon.socket /lib/systemd/system/clamav-daemon.socket.default
$SED "s?^SocketUser=.*?SocketUser=e2guardian?g" /lib/systemd/system/clamav-daemon.socket
$SED "s?^SocketGroup=.*?SocketGroup=e2guardian?g" /lib/systemd/system/clamav-daemon.socket
# Clamd unit adaptation to e2guardian
cp /lib/systemd/system/clamav-daemon.service /etc/systemd/system/clamav-daemon.service
$SED "/^[Service]/a ExecStartPre=\/bin\/chown e2guardian:e2guardian \/run\/clamav" /etc/systemd/system/clamav-daemon.service
$SED "/^[Service]/a ExecStartPre=\/bin\/mkdir -p \/run\/clamav" /etc/systemd/system/clamav-daemon.service
cp /lib/systemd/system/clamav-daemon.socket /etc/systemd/system/clamav-daemon.socket
$SED "s?^SocketUser=.*?SocketUser=e2guardian?g" /etc/systemd/system/clamav-daemon.socket
$SED "s?^SocketGroup=.*?SocketGroup=e2guardian?g" /etc/systemd/system/clamav-daemon.socket
# Clamd conf adaptation to e2guardian
[ -e /etc/clamd.conf.default ] || cp /etc/clamd.conf /etc/clamd.conf.default
$SED "s?^MaxThreads.*?MaxThreads 32?g" /etc/clamd.conf
$SED "s?^#LogTime.*?LogTime yes?g" /etc/clamd.conf # enable logtime for each message
1410,7 → 1411,7
nl=1
for log_type in traceability ssh ext-access
do
[ -e /lib/systemd/system/ulogd-$log_type.service ] || cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-$log_type.service
cp -f /lib/systemd/system/ulogd.service /etc/systemd/system/ulogd-$log_type.service
[ -e /var/log/firewall/$log_type.log ] || echo "" > /var/log/firewall/$log_type.log
cp -f $DIR_CONF/ulogd-sample.conf /etc/ulogd-$log_type.conf
$SED "s?^group=.*?group=$nl?g" /etc/ulogd-$log_type.conf
1419,7 → 1420,7
file="/var/log/firewall/$log_type.log"
sync=1
EOF
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -u ulogd -c /etc/ulogd-$log_type.conf $ULOGD_OPTIONS?g" /lib/systemd/system/ulogd-$log_type.service
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -u ulogd -c /etc/ulogd-$log_type.conf $ULOGD_OPTIONS?g" /etc/systemd/system/ulogd-$log_type.service
nl=`expr $nl + 1`
done
chown -R root:apache /var/log/firewall
1437,7 → 1438,7
groupadd -f nfcapd
id -u nfcapd >/dev/null 2>&1 || useradd -r -g nfcapd -s /bin/false -c "system user for nfcapd" nfcapd
# nfcapd unit for systemd
cat << EOF > /lib/systemd/system/nfcapd.service
cat << EOF > /etc/systemd/system/nfcapd.service
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
1479,8 → 1480,8
$SED "s?^MaxBandwidth.*?MaxBandwidth 10000?g" /etc/vnstat.conf
# vnstat-dashboard
$SED "s?^\$thisInterface.*?\$thisInterface = \"$EXTIF\";?" $DIR_ACC/manager/vnstat/index.php
[ -e /lib/systemd/system/vnstat.service.default ] || cp /lib/systemd/system/vnstat.service /lib/systemd/system/vnstat.service.default
$SED "s?^PIDFILE=.*?PIDFILE=/run/vnstat/vnstat.pid?g" /lib/systemd/system/vnstat.service
cp /lib/systemd/system/vnstat.service /etc/systemd/system/vnstat.service
$SED "s?^PIDFILE=.*?PIDFILE=/run/vnstat/vnstat.pid?g" /etc/systemd/system/vnstat.service
} # End of vnstat()
 
###################################################################
1509,11 → 1510,11
server=$DNS1
server=$DNS2
EOF
# Create dnsmasq-whitelist unit
mv /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default
cp /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq-whitelist.service
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
$SED "s?^PIDFile=.*?PIDFile=/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service
# Don't run dnsmasq service. Create dnsmasq-whitelist unit
systemctl disable dnsmasq.service
cp -f /lib/systemd/system/dnsmasq.service /etc/systemd/system/dnsmasq-whitelist.service
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /etc/systemd/system/dnsmasq-whitelist.service
$SED "s?^PIDFile=.*?PIDFile=/run/dnsmasq-whitelist.pid?g" /etc/systemd/system/dnsmasq-whitelist.service
} # End of dnsmasq()
 
#########################################################
1682,19 → 1683,16
include: /etc/unbound/conf.d/blackhole/*
EOF
 
if [ ! -e /lib/systemd/system/unbound.service.default ]
then
cp -f /lib/systemd/system/unbound.service /lib/systemd/system/unbound.service.default
fi
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound.conf?g" /lib/systemd/system/unbound.service
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /lib/systemd/system/unbound.service
cp /lib/systemd/system/unbound.service /etc/systemd/system/unbound.service
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound.conf?g" /etc/systemd/system/unbound.service
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /etc/systemd/system/unbound.service
for list in blacklist blackhole whitelist
do
cp -f /lib/systemd/system/unbound.service /lib/systemd/system/unbound-$list.service
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound-$list.conf?g" /lib/systemd/system/unbound-$list.service
$SED "s?^PIDFile=.*?PIDFile=/run/unbound-$list.pid?g" /lib/systemd/system/unbound-$list.service
cp -f /lib/systemd/system/unbound.service /etc/systemd/system/unbound-$list.service
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound-$list.conf?g" /etc/systemd/system/unbound-$list.service
$SED "s?^PIDFile=.*?PIDFile=/run/unbound-$list.pid?g" /etc/systemd/system/unbound-$list.service
done
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service dnsmasq-whitelist.service?g" /lib/systemd/system/unbound-whitelist.service
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service dnsmasq-whitelist.service?g" /etc/systemd/system/unbound-whitelist.service
} # End of unbound()
 
##################################################
1941,10 → 1939,10
chmod 644 $DIR_SAVE/security/watchdog.log
/usr/bin/touch /var/log/auth.log
# fail2ban unit
[ -e /lib/systemd/system/fail2ban.service.default ] || cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default
$SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /usr/lib/systemd/system/fail2ban.service
$SED '/Type=/a\PIDFile=/run/fail2ban/fail2ban.pid' /usr/lib/systemd/system/fail2ban.service
$SED '/After=*/c After=syslog.target network.target lighttpd.service' /usr/lib/systemd/system/fail2ban.service
cp /lib/systemd/system/fail2ban.service /etc/systemd/system/fail2ban.service
$SED '/ExecStart=/a\ExecStop=/usr/bin/fail2ban-client stop' /etc/systemd/system/fail2ban.service
$SED '/Type=/a\PIDFile=/run/fail2ban/fail2ban.pid' /etc/systemd/system/fail2ban.service
$SED '/After=*/c After=syslog.target network.target lighttpd.service' /etc/systemd/system/fail2ban.service
} # End of fail2ban()
 
#########################################################
2005,7 → 2003,7
chmod 755 /etc/gammu_smsd_conf /etc/gammurc
 
# Create the systemd unit
cat << EOF > /lib/systemd/system/gammu-smsd.service
cat << EOF > /etc/systemd/system/gammu-smsd.service
[Unit]
Description=SMS daemon for Gammu
Documentation=man:gammu-smsd(1)
2193,7 → 2191,7
find /var/log/$dir -type f -name "*.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]" -exec gzip {} \;
done
# create the alcasar-load_balancing unit
cat << EOF > /lib/systemd/system/alcasar-load_balancing.service
cat << EOF > /etc/systemd/system/alcasar-load_balancing.service
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
2375,7 → 2373,7
exit 0
;;
-i | --install)
for func in license testing_system
for func in license testing_system testing_network
do
header_install
$func
2451,7 → 2449,7
fi
mode="update"
fi
for func in testing_network init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat dnsmasq unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt post_install
for func in init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat dnsmasq unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt post_install
do
$func
if [ $DEBUG_ALCASAR == "on" ]
/scripts/alcasar-uninstall.sh
22,7 → 22,7
 
ACC ()
{
echo -en "(10) : "
echo -en "(11) : "
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, "
[ -d /etc/freeradius-web ] && rm -rf /etc/freeradius-web && echo -n "2, "
[ -e /etc/php.d/05_date.ini.default ] && mv -f /etc/php.d/05_date.ini.default /etc/php.d/05_date.ini && echo -n "3, "
32,7 → 32,8
[ -e /etc/lighttpd/conf.d/fastcgi.conf.default ] && mv -f /etc/lighttpd/conf.d/fastcgi.conf.default /etc/lighttpd/conf.d/fastcgi.conf && echo -n "7, "
[ -e /etc/php-fpm.conf.default ] && mv -f /etc/php-fpm.conf.default /etc/php-fpm.conf && echo -n "8, "
[ -d /etc/lighttpd/vhosts.d ] && rm -rf /etc/lighttpd/vhosts.d && echo -n "9, "
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "10"
[ -d /usr/local/etc/digest ] && rm -rf /usr/local/etc/digest && echo -n "10, "
[ -e /etc/systemd/system/lighttpd.service ] && rm -f /etc/systemd/system/lighttpd.service && echo -n "11"
}
 
CA ()
56,7 → 57,17
{
echo -en "(2) : "
[ -e /etc/my.cnf.default ] && mv -f /etc/my.cnf.default /etc/my.cnf && echo -n "1, "
[ -e /lib/systemd/system/mysqld.service.default ] && mv -f /lib/systemd/system/mysqld.service.default /lib/systemd/system/mysqld.service && echo -n "2"
if [ -e /lib/systemd/system/mysqld.service.default ]
then
mv -f /lib/systemd/system/mysqld.service.default /lib/systemd/system/mysqld.service
echo -n "2"
else
if [ -e /etc/systemd/system/mysqld.service ]
then
rm /etc/systemd/system/mysqld.service
echo -n "2"
fi
fi
/usr/bin/systemctl daemon-reload
rm -rf /var/lib/mysql
}
64,7 → 75,7
freeradius ()
{
echo -en "(22) : "
[ -e /etc/raddb/empty-radiusd-db.sql ] && rm -f /etc/raddb/empty-radiusd-db.sql && echo -n "1, "
[ -e /etc/raddb/empty-radiusd-db.sql ] && rm /etc/raddb/empty-radiusd-db.sql && echo -n "1, "
[ -e /etc/raddb/radiusd.conf.default ] && mv /etc/raddb/radiusd.conf.default /etc/raddb/radiusd.conf && echo -n "2, "
[ -e /etc/raddb/dictionary.default ] && mv /etc/raddb/dictionary.default /etc/raddb/dictionary && echo -n "3, "
[ -e /etc/raddb/dictionary.alcasar ] && rm /etc/raddb/dictionary.alcasar && echo -n "4, "
73,17 → 84,27
[ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar && echo -n "7, "
[ -e /etc/raddb/sites-available/alcasar ] && rm /etc/raddb/sites-available/alcasar && echo -n "8, "
[ -e /etc/raddb/sites-available/alcasar-with-ldap ] && rm /etc/raddb/sites-available/alcasar-with-ldap && echo -n "9, "
[ -e /etc/raddb/mods-available/ldap-alcasar ] && rm -f /etc/raddb/mods-enabled/ldap-alcasar && rm -f /etc/raddb/mods-available/ldap-alcasar && echo -n "10, "
[ -e /etc/raddb/mods-available/ldap-alcasar ] && rm /etc/raddb/mods-enabled/ldap-alcasar && rm -f /etc/raddb/mods-available/ldap-alcasar && echo -n "10, "
i=10
for mods in sql sqlcounter attr_filter expiration logintime pap expr always
do
i=`expr $i + 1`
rm /etc/raddb/mods-enabled/$mods && echo -n "$i, "
[ -e /etc/raddb/mods-enabled/$mods ] && rm /etc/raddb/mods-enabled/$mods && echo -n "$i, "
done
[ -e /etc/raddb/mods-available/sql.default ] && mv /etc/raddb/mods-available/sql.default /etc/raddb/mods-available/sql && echo -n "19, "
[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] && mv /etc/raddb/mods-config/sql/main/mysql/queries.conf.default /etc/raddb/mods-config/sql/main/mysql/queries.conf && echo -n "20, "
[ -e /etc/raddb/mods-available/sqlcounter.default ] && mv /etc/raddb/mods-available/sqlcounter.default /etc/raddb/mods-available/sqlcounter && echo -n "21, "
[ -e /lib/systemd/system/radiusd.service.default ] && mv /lib/systemd/system/radiusd.service.default /lib/systemd/system/radiusd.service && echo -n "22"
if [ -e /lib/systemd/system/radiusd.service.default ]
then
mv /lib/systemd/system/radiusd.service.default /lib/systemd/system/radiusd.service
echo -n "22"
else
if [ -e /etc/systemd/system/radiusd.service ]
then
rm -f /etc/systemd/system/radiusd.service
echo -n "22"
fi
fi
}
 
chilli ()
92,7 → 113,7
[ -e /etc/init.d/chilli.default ] && mv /etc/init.d/chilli.default /etc/init.d/chilli && echo -n "1, "
[ -e /usr/libexec/chilli ] && rm /usr/libexec/chilli && echo -n "2, "
[ -e /etc/chilli.conf.default ] && mv /etc/chilli.conf.default /etc/chilli.conf && echo -n "3, "
[ -e /lib/systemd/system/chilli.service ] && rm /lib/systemd/system/chilli.service && echo -n "4"
[ -e /etc/systemd/system/chilli.service ] && rm /etc/systemd/system/chilli.service && echo -n "4"
}
 
e2guardian ()
100,13 → 121,23
echo -en "(15) : "
[ -d /var/e2guardian ] && rm -rf /var/e2guardian
[ -d /var/dansguardian ] && rm -rf /var/dansguardian
[ -e /lib/systemd/system/e2guardian.service.default ] && mv /lib/systemd/system/e2guardian.service.default /lib/systemd/system/e2guardian.service && echo -n "1, "
if [ -e /lib/systemd/system/e2guardian.service.default ]
then
mv /lib/systemd/system/e2guardian.service.default /lib/systemd/system/e2guardian.service
echo -n "1, "
else
if [ -e /etc/systemd/system/e2guardian.service ]
then
rm -f /etc/systemd/system/e2guardian.service
echo -n "1, "
fi
fi
[ -e /etc/e2guardian/e2guardian.conf.default ] && mv /etc/e2guardian/e2guardian.conf.default /etc/e2guardian/e2guardian.conf && echo -n "2, "
[ -e /etc/e2guardian/lists/bannedphraselist.default ] && mv /etc/e2guardian/lists/bannedphraselist.default /etc/e2guardian/lists/bannedphraselist && echo -n "3, "
[ -e /etc/e2guardian/e2guardianf1.conf.default ] && mv /etc/e2guardian/e2guardianf1.conf.default /etc/e2guardian/e2guardianf1.conf && echo -n "4, "
[ -e /etc/e2guardian/e2guardianf2.conf ] && rm -f /etc/e2guardian/e2guardianf2.conf && echo -n "5, "
[ -e /usr/share/e2guardian/languages/french/template.html.default ] && mv /usr/share/e2guardian/languages/french/template.html.default /usr/share/e2guardian/languages/french/template.html && echo -n "6, "
[ -e /usr/share/e2guardian/languages/ukenglish/template.html.default ] && mv /usr/share/e2guardian/languages/ukenglish/template.html.default /usr/share/e2guardian/languages/ukenglish/template.html && echo -n "7, "
[ -e /usr/share/e2guardian/languages/french/alcasar-e2g.html ] && rm /usr/share/e2guardian/languages/french/alcasar-e2g.html && echo -n "6, "
[ -e /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html ] && rm /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html && echo -n "7, "
[ -e /etc/e2guardian/lists/bannedextensionlist.default ] && mv /etc/e2guardian/lists/bannedextensionlist.default /etc/e2guardian/lists/bannedextensionlist && echo -n "8, "
[ -e /etc/e2guardian/lists/bannedmimetypelist.default ] && mv /etc/e2guardian/lists/bannedmimetypelist.default /etc/e2guardian/lists/bannedmimetypelist && echo -n "9, "
[ -e /etc/e2guardian/lists/exceptioniplist.default ] && mv /etc/e2guardian/lists/exceptioniplist.default /etc/e2guardian/lists/exceptioniplist && echo -n "10, "
120,8 → 151,28
antivirus ()
{
echo -en "(4) : "
[ -e /lib/systemd/system/clamav-daemon.service.default ] && mv /lib/systemd/system/clamav-daemon.service.default /lib/systemd/system/clamav-daemon.service && echo -n "1, "
[ -e /lib/systemd/system/clamav-daemon.socket.default ] && mv /lib/systemd/system/clamav-daemon.socket.default /lib/systemd/system/clamav-daemon.socket && echo -n "2, "
if [ -e /lib/systemd/system/clamav-daemon.service.default ]
then
mv /lib/systemd/system/clamav-daemon.service.default /lib/systemd/system/clamav-daemon.service
echo -n "1, "
else
if [ -e /etc/systemd/system/clamav-daemon.service ]
then
rm -f /etc/systemd/system/clamav-daemon.service
echo -n "1, "
fi
fi
if [ -e /lib/systemd/system/clamav-daemon.socket.default ]
then
mv /lib/systemd/system/clamav-daemon.socket.default /lib/systemd/system/clamav-daemon.socket
echo -n "2, "
else
if [ -e /etc/systemd/system/clamav-daemon.socket ]
then
rm -f /etc/systemd/system/clamav-daemon.socket
echo -n "2, "
fi
fi
[ -e /etc/clamd.conf.default ] && mv /etc/clamd.conf.default /etc/clamd.conf && echo -n "3, "
[ -e /etc/freshclam.conf.default ] && mv /etc/freshclam.conf.default /etc/freshclam.conf && echo -n "4"
}
135,7 → 186,7
i=`expr $i + 1`
[ -e /etc/ulogd-$log_type.conf ] && rm -f /etc/ulogd-$log_type.conf && echo -n "$i, "
i=`expr $i + 1`
[ -e /lib/systemd/system/ulogd-$log_type.service ] && rm -f /lib/systemd/system/ulogd-$log_type.service && echo -n "$i, "
[ -e /etc/systemd/system/ulogd-$log_type.service ] && rm -f /etc/systemd/system/ulogd-$log_type.service && echo -n "$i, "
done
}
 
143,7 → 194,7
{
# we don't remove user "nfcapd" & nfcapd folders in order to keep data when updating
echo -en "(1) : "
[ -e /lib/systemd/system/nfcapd.service ] && rm -f /lib/systemd/system/nfcapd.service && echo -n "1"
[ -e /etc/systemd/system/nfcapd.service ] && rm -f /etc/systemd/system/nfcapd.service && echo -n "1"
}
 
vnstat ()
150,26 → 201,72
{
echo -en "(2) : "
[ -e /etc/vnstat.conf.default ] && mv /etc/vnstat.conf.default /etc/vnstat.conf && echo -n "1, "
[ -e /lib/systemd/system/vnstat.service.default ] && mv /lib/systemd/system/vnstat.service.default /lib/systemd/system/vnstat.service && echo -n "2"
if [ -e /lib/systemd/system/vnstat.service.default ]
then
mv /lib/systemd/system/vnstat.service.default /lib/systemd/system/vnstat.service
echo -n "2"
else
if [ -e /etc/systemd/system/vnstat.service ]
then
rm -f /etc/systemd/system/vnstat.service
echo -n "2"
fi
fi
}
 
dnsmasq ()
{
echo -en "(4) : "
echo -en "(3) : "
[ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf && echo -n "1, "
[ -e /etc/dnsmasq-whitelist.conf ] && rm /etc/dnsmasq-whitelist.conf && echo -n "2, "
[ -e /lib/systemd/system/dnsmasq.service.default ] && mv /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq.service && echo -n "3, "
[ -e /lib/systemd/system/dnsmasq-whitelist.service ] && rm /lib/systemd/system/dnsmasq-whitelist.service && echo -n "4"
if [ -e /lib/systemd/system/dnsmasq.service.default ]
then
mv /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq.service
echo -n "3, "
else
if [ -e /etc/systemd/system/dnsmasq-whitelist.service ]
then
rm -f /etc/systemd/system/dnsmasq-whitelist.service
echo -n "3, "
fi
fi
}
 
unbound ()
{
echo -en "(5) : "
echo -en "(9) : "
[ -e /etc/unbound/unbound.conf.default ] && mv /etc/unbound/unbound.conf.default /etc/unbound/unbound.conf && echo -n "1, "
[ -e /etc/unbound/unbound-blacklist.conf ] && rm -f /etc/unbound/unbound-blacklist.conf && echo -n "2, "
[ -e /etc/unbound/unbound-whitelist.conf ] && rm -f /etc/unbound/unbound-whitelist.conf && echo -n "3, "
[ -e /etc/unbound/unbound-blackhole.conf ] && rm -f /etc/unbound/unbound-blackhole.conf && echo -n "4, "
[ -e /etc/unbound/conf.d ] && rm -rf /etc/unbound/conf.d && echo -n "5"
[ -e /etc/unbound/conf.d ] && rm -rf /etc/unbound/conf.d && echo -n "5, "
i=6
for list in blacklist blackhole whitelist
do
if [ -e /lib/systemd/system/unbound-$list.service ]
then
rm -f /lib/systemd/system/unbound-$list.service
echo -n "$i, "
else
if [ -e /etc/systemd/system/unbound-$list.service ]
then
rm -f /etc/systemd/system/unbound-$list.service
echo -n "$i, "
fi
fi
i=`expr $i + 1`
done
if [ -e /lib/systemd/system/unbound.service.default ]
then
mv /lib/systemd/system/unbound.service.default /lib/systemd/system/unbound.service
echo -n "9"
else
if [ -e /etc/systemd/system/unbound.service ]
then
rm -f /etc/systemd/system/unbound.service
echo -n "9"
fi
fi
}
 
dhcpd ()
208,15 → 305,26
i=`expr $i + 1`
rm $jail && echo -n "$i, "
done
[ -e /lib/systemd/system/fail2ban.service.default ] && mv /lib/systemd/system/fail2ban.service.default /lib/systemd/system/fail2ban.service && echo -n "11"
if [ -e /lib/systemd/system/fail2ban.service.default ]
then
mv /lib/systemd/system/fail2ban.service.default /lib/systemd/system/fail2ban.service
echo -n "11"
else
if [ -e /etc/systemd/system/fail2ban.service ]
then
rm -f /etc/systemd/system/fail2ban.service
echo -n "11"
fi
fi
}
 
gammu_smsd ()
{
echo -en "(3) : "
echo -en "(4) : "
[ -e /etc/gammu_smsd_conf ] && rm -f /etc/gammu_smsd_conf && echo -n "1, "
[ -e /var/log/gammu-smsd ] && rm -rf /var/log/gammu-smsd && echo -n "2, "
userdel -r gammu_smsd 2>/dev/null && echo -n "3"
[ -e /etc/systemd/system/gammu_smsd.service ] && rm -f /etc/systemd/system/gammu_smsd.service && echo -n "2, "
[ -e /var/log/gammu-smsd ] && rm -rf /var/log/gammu-smsd && echo -n "3, "
userdel -r gammu_smsd 2>/dev/null && echo -n "4"
#[ -e /lib/udev/rules.d/66-huawei.rules ] && rm -f /lib/udev/rules.d/66-huawei.rules && echo -n "4"
}
 
247,7 → 355,17
[ -e /etc/ssh/sshd_config.default ] && mv -f /etc/ssh/sshd_config.default /etc/ssh/sshd_config && echo -n "3, "
[ -e /etc/bashrc.default ] && mv -f /etc/bashrc.default /etc/bashrc && echo -n "4, "
[ -e /etc/sudoers.default ] && mv -f /etc/sudoers.default /etc/sudoers && echo -n "5, "
[ -e /lib/systemd/system/alcasar-load_balancing.service ] && rm -f /lib/systemd/system/alcasar-load_balancing.service && echo -n "6, "
if [ -e /lib/systemd/system/alcasar-load_balancing.service ]
then
rm -f /lib/systemd/system/alcasar-load_balancing.service
echo -n "6, "
else
if [ -e /etc/systemd/system/alcasar-load_balancing.service ]
then
rm -f /etc/systemd/system/alcasar-load_balancing.service
echo -n "6, "
fi
fi
[ -e /etc/security/limits.conf.default ] && mv -f /etc/security/limits.conf.default /etc/security/limits.conf && echo -n "7, "
[ -e /etc/default/grub.default ] && mv -f /etc/default/grub.default /etc/default/grub && echo -n "8"
}
302,7 → 420,8
/usr/local/bin/alcasar-sms.sh --stop
for i in $services
do
if [ -e /lib/systemd/system/$i.service ]
service_exist=`systemctl list-unit-files | grep ^$i.service | wc -l`
if [ $service_exist -eq 1 ]
then
/usr/bin/systemctl disable $i.service
/usr/bin/systemctl stop $i.service 1>/dev/null
353,7 → 472,17
[ -e /etc/hosts.allow.default ] && mv -f /etc/hosts.allow.default /etc/hosts.allow && echo -n "5, "
[ -e /etc/hosts.deny.default ] && mv -f /etc/hosts.deny.default /etc/hosts.deny && echo -n "6, "
[ -e /etc/modprobe.preload.default ] && mv -f /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "7, "
[ -e /lib/systemd/system/iptables.service.default ] && mv -f /lib/systemd/system/iptables.service.default /lib/systemd/system/iptables.service && echo -n "8, "
if [ -e /lib/systemd/system/iptables.service.default ]
then
mv -f /lib/systemd/system/iptables.service.default /lib/systemd/system/iptables.service
echo -n "8, "
else
if [ -e /etc/systemd/system/iptables.service ]
then
rm -f /etc/systemd/system/iptables.service
echo -n "8, "
fi
fi
[ -e /usr/libexec/iptables.init.default ] && mv -f /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo -n "9"
/usr/bin/systemctl restart network
sleep 1
/scripts/alcasar-urpmi.sh
272,5 → 272,4
echo "/^wkhtmltopdf/" >> /etc/urpmi/skip.list
echo "/^clamd/" >> /etc/urpmi/skip.list
echo "/^clamav/" >> /etc/urpmi/skip.list
echo "/^unbound/" >> /etc/urpmi/skip.list
exit 0