Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 302 → Rev 303

/alcasar.sh
411,6 → 411,8
logfile /var/log/ntp.log
EOF
chown -R ntp:ntp /etc/ntp
# synchronisation horaire
ntpd -q -g &
# Renseignement des fichiers hosts.allow et hosts.deny
[ -e /etc/hosts.allow.default ] || cp /etc/hosts.allow /etc/hosts.allow.default
cat <<EOF > /etc/hosts.allow
460,7 → 462,7
# Configuration et sécurisation Apache
[ -e /etc/httpd/conf/httpd.conf.default ] || cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.default
$SED "s?^#ServerName.*?ServerName $PRIVATE_IP?g" /etc/httpd/conf/httpd.conf
$SED "s?^Listen.*?#Listen 127.0.0.1:80?g" /etc/httpd/conf/httpd.conf
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
$SED "s?^ServerTokens.*?ServerTokens Prod?g" /etc/httpd/conf/httpd.conf
$SED "s?^ServerSignature.*?ServerSignature Off?g" /etc/httpd/conf/httpd.conf
$SED "s?^#ErrorDocument 404 /missing.html.*?ErrorDocument 404 /index.html?g" /etc/httpd/conf/httpd.conf
473,6 → 475,16
</html>
EOF
echo "- URL d'accès au centre de gestion : https://$PRIVATE_IP" >> $FIC_PARAM
# On crée le VirtualHost pour l'accès au port 80 (redirection après filtrage)
FIC_VIRTUAL=`find /etc/httpd/conf -type f -name *default_vhosts*`
[ -e /etc/httpd/conf/vhosts.default ] || cp $FIC_VIRTUAL /etc/httpd/conf/vhosts.default
cat <<EOF > $FIC_VIRTUAL
NameVirtualHost *:80
<VirtualHost *:80>
ServerName $HOSTNAME
DocumentRoot $DIR_WEB/redirect
</VirtualHost>
EOF
# Définition du premier compte lié au profil 'admin'
if [ "$mode" = "install" ]
then
498,8 → 510,6
# Création des fichiers de clés des deux autres profils (backup + manager) contenant ce compte
$DIR_DEST_SBIN/alcasar-profil.sh -list
fi
# synchronisation horaire
ntpd -q -g &
# Sécurisation du centre
rm -f /etc/httpd/conf/webapps.d/*
cat <<EOF > /etc/httpd/conf/webapps.d/alcasar.conf
590,9 → 600,10
{
$SED "s?ifcfg-eth.?ifcfg-$INTIF?g" $DIR_DEST_BIN/alcasar-CA.sh
$DIR_DEST_BIN/alcasar-CA.sh $mode
MOD_SSL=`find /etc/httpd/conf -type f -name *default_ssl*`
$SED "s?localhost.crt?alcasar.crt?g" $MOD_SSL
$SED "s?localhost.key?alcasar.key?g" $MOD_SSL
FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl*`
[ -e /etc/httpd/conf/vhosts-ssl.default ] || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL
chown -R root:apache /etc/pki
chmod -R 750 /etc/pki
} # End AC ()
/scripts/alcasar-iptables.sh
62,11 → 62,10
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp --icmp-type 0 -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p icmp --icmp-type 8 -j ACCEPT
 
# On ajoute ici les règles spécifiques de filtrage réseau --> dans /usr/local/sbin/alcasar-iptables-local.sh
# On ajoute ici les règles spécifiques de filtrage réseau
if [ -f /usr/local/etc/alcasar-iptables-local.sh ]; then
. /usr/local/etc/alcasar-iptables-local.sh
fi
# On autorise le transfert de flux dans les deux sens (avec log sur les demandes de connexion sortantes)
# On ajoute ici les règles de filtrage réseau
if [ -f /usr/local/bin/alcasar-iptables-filter.sh ]; then
. /usr/local/bin/alcasar-iptables-filter.sh
80,6 → 79,7
$IPTABLES -A INPUT -i $TUNIF -p udp --dport domain -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -p udp --dport ntp -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport https -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport http -j ACCEPT
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport ssh -j ACCEPT
################## FILTRAGE PARTICULIER ##################
# Administration à distance par exemple :
/scripts/sbin/alcasar-uninstall.sh
24,12 → 24,14
sleep 1
 
# gestion
echo -en "\n- gestion(5) : "
echo -en "\n- gestion(7) : "
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, "
[ -e /etc/httpd/conf/httpd.conf.default ] && mv /etc/httpd/conf/httpd.conf.default /etc/httpd/conf/httpd.conf && echo -n "2, "
[ -e /etc/php.ini.default ] && mv /etc/php.ini.default /etc/php.ini && echo -n "3, "
[ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf && echo -n "4, "
[ -e /var/www/error/include/bottom.html.default ] && mv /var/www/error/include/bottom.html.default /var/www/error/include/bottom.html && echo -n "5 "
[ -e /etc/httpd/conf/vhosts.default ] && FIC_VIRTUAL=`find /etc/httpd/conf -type f -name *default_vhosts*` && mv /etc/httpd/conf/vhosts.default $FIC_VIRTUAL && echo -n "4, "
[ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl*` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL && echo -n "5, "
[ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf && echo -n "6, "
[ -e /var/www/error/include/bottom.html.default ] && mv /var/www/error/include/bottom.html.default /var/www/error/include/bottom.html && echo -n "7"
sleep 1
 
# CA
/gestion/admin/web_filter.php
File deleted
/gestion/admin/web_filter2.php
File deleted
/gestion/admin/net_filter.php
53,6 → 53,12
if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";}
switch ($choix)
{
case 'AV_On' :
exec ("sudo /usr/local/sbin/alcasar-havp.sh -on");
break;
case 'AV_Off' :
exec ("sudo /usr/local/sbin/alcasar-havp.sh -off");
break;
case 'NF_On' :
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on");
break;
131,8 → 137,56
exec ("sudo /usr/local/sbin/alcasar-nf.sh -on");
break;
}
echo "<TABLE width=\"100%\" border=1 cellspacing=0 cellpadding=1>";
echo "<tr><td valign=\"middle\" align=\"left\">";
?>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=0>
<tr><th><?php echo "$l_title1"; ?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width=1 height=2></td></tr>
</TABLE>
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0>
<tr><td valign="middle" align="left">
<?php
$pointeur = fopen("/etc/dansguardian/dansguardian.conf", "r");
$result_antivir = false; $result_filter = false; $out=0;
if ($pointeur)
{
while (!feof($pointeur))
{
$ligne = fgets($pointeur);
if (preg_match("/^proxyport = 8090/", $ligne, $r))
{
$result_antivir = true;
$out++;
}
if (preg_match("/^reportinglevel = 3/", $ligne, $r))
{
$result_filter = true;
$out++;
}
if ($out == 2) break;
}
}
fclose($pointeur);
if ($result_antivir)
{
echo "<CENTER><H3>$l_antivir_on</H3></CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<input type=hidden name='choix' value=\"AV_Off\">";
echo "<input type=submit value=\"$l_switch_antivir_off\">";
}
else
{
echo "<CENTER><H3>$l_antivir_off</H3></CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<input type=hidden name='choix' value=\"AV_On\">";
echo "<input type=submit value=\"$l_switch_antivir_on\">";
}
?>
</FORM>
</td></tr>
</TABLE>
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1>";
<tr><td valign="middle" align="left">";
<?
$pointeur = fopen("/usr/local/bin/alcasar-iptables.sh", "r");
$result = False ;
if ($pointeur)
/gestion/menu.php
20,7 → 20,8
$l_statistics = "STATISTIQUES";
$l_backup = "SAUVEGARDES";
$l_activity = "Activité";
$l_network = "Réseau";
$l_domains = "Domaines et URLs";
$l_network = "Protocoles réseau";
$l_ldap = "Ldap/A.D.";
$l_access_nb = "Accès au centre";
$l_create_user = "Créer usager";
44,7 → 45,8
$l_statistics = "STATISTICS";
$l_backup = "BACKUPS";
$l_activity = "Activity";
$l_network = "Network";
$l_network = "Network protocols";
$l_domains = "Domains & URLs";
$l_ldap = "Ldap/A.D.";
$l_access_nb = "Access to center";
$l_create_user = "Create user";
144,7 → 146,7
fputs($fp, "$nb\n");
fclose($fp);
?>
<br>depuis le 99/99/9999<br></center></td></tr>
<br>depuis le 08/10/2010<br></center></td></tr>
</TABLE>
</td></tr>
</TABLE>
/gestion/redirect/logo-alcasar.png
Cannot display: file marked as a binary type.
svn:mime-type = image/png
Property changes:
Added: svn:mime-type
+image/png
\ No newline at end of property
/gestion/redirect/index.html
0,0 → 1,43
<html>
<head>
<title>ALCASAR - Access Denied</title>
</head>
<body bgcolor=#FFFFFF>
<center>
<table border=0 cellspacing=0 cellpadding=2 height=540 width=700>
<tr>
<td colspan=2 bgcolor=#FEA700 height=100 align=center>
<font face=arial,helvetica size=6>
<b>Acc&egrave;s refus&eacute;</b>
</td>
</tr>
<tr>
<td colspan=2 bgcolor=#FFFACD height=30 align=right>
<font face=arial,helvetica size=3 color=black>
<b>Nom de domaine filtr&eacute;</b>
</td>
</tr>
<tr>
<td align=center valign=bottom width=150 bgcolor=#B0C4DE>
<font face=arial,helvetica size=1 color=black>
<img src="logo-alcasar.png">
<BR><CENTER>ALCASAR</CENTER>
</td>
<td width=550 bgcolor=#FFFFFF align=center valign=center>
<font face=arial,helvetica color=black>
<font size=3>
<br><br><br><br>
Vous tentez d'acc&eacute;der &agrave; une ressource dont le contenu est r&eacute;put&eacute;
contenir des informations inappropri&eacute;es.
<br><br>
Contactez votre responsable informatique (RSSI/OSSI), si vous pensez que ce filtrage est abusif.
<br><br><br><br>
<font size=1>
Filtr&eacute; par <B>ALCASAR</B></a>
</td>
</tr>
</table>
</body>
</html>
 
 
/gestion/filtering.php
1,12 → 1,10
<?
$select[0]="$l_domains";
$select[1]="Web";
$select[2]=$l_network;
$select[3]="Exceptions";
$select[0]="$l_domains_filter";
$select[1]=$l_network_filter;
$select[2]="Exceptions";
$fich[0]="admin/dns_filter.php";
$fich[1]="admin/web_filter.php";
$fich[2]="admin/net_filter.php";
$fich[3]="admin/filter_exceptions.php";
$fich[1]="admin/net_filter.php";
$fich[2]="admin/filter_exceptions.php";
$j=0;
$nb=count($select);
while ($j != $nb)