Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 3098 → Rev 3099

/CHANGELOG
7,6 → 7,7
- Mageia 8
CHANGES
- Add SHA256 in PAP protocol (coovachilli). Thanks to Paul BAESKENS (aka StaringCat)
- Remove "dnsmasq" resolver used with whitelist filtering system (we now use ipset capabilities of "unbound")
ACC
BUGS
- Replace deprecated php functions (php7 --> php8)
/alcasar.sh
2,7 → 2,7
# $Id$
 
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, lighttpd, php, netfilter, e2guardian, ntpd, openssl, dnsmasq, unbound, gammu, clamav, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, lighttpd, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, clamav, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
# contact : info@alcasar.net
 
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
27,7 → 27,6
# ulogd : Log system in userland (match NFLOG target of iptables)
# nfsen : Configuration of Netflow grapher (nfsen) & netflow collector (nfcapd)
# unbound : Name server configuration
# dnsmasq : Name server configuration (for whitelist ipset support)
# vnstat : Little network stat daemon
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for unbound, for e2guardian and for Netfilter)
# cron : Logs export + watchdog + connexion statistics
1497,40 → 1496,6
$SED "s?^ReadWritePaths=.*?ReadWritePaths=/var/log?g" /etc/systemd/system/vnstat.service
} # End of vnstat()
 
###################################################################
## "dnsmasq" ##
## - creation of the conf files of dnsmasq (whitelist for ipset )##
###################################################################
dnsmasq()
{
[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
[ -e /etc/dnsmasq.conf.default ] || mv /etc/dnsmasq.conf /etc/dnsmasq.conf.default
# dnsmasq listen on udp 55 ("dnsmasq with whitelist")
cat << EOF > /etc/dnsmasq-whitelist.conf
# Configuration file for "dnsmasq with whitelist"
# ADD Toulouse university whitelist domains
pid-file=/run/dnsmasq-whitelist.pid
listen-address=127.0.0.1
port=55
no-dhcp-interface=lo
bind-interfaces
cache-size=1024
domain-needed
expand-hosts
bogus-priv
filterwin2k
ipset=/#/wl_ip_allowed # dynamically add the resolv IP address in the Firewall rules
server=$DNS1
server=$DNS2
EOF
 
# Don't run dnsmasq service. Create dnsmasq-whitelist unit
systemctl disable dnsmasq.service
cp -f /lib/systemd/system/dnsmasq.service /etc/systemd/system/dnsmasq-whitelist.service
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /etc/systemd/system/dnsmasq-whitelist.service
$SED "s?^PIDFile=.*?PIDFile=/run/dnsmasq-whitelist.pid?g" /etc/systemd/system/dnsmasq-whitelist.service
} # End of dnsmasq()
 
#########################################################
## "unbound" ##
## - create the conf files for 4 unbound services ##
1657,6 → 1622,7
# Configuration file for whitelist unbound
cat << EOF > /etc/unbound/unbound-whitelist.conf
server:
module-config: "ipset validator iterator"
verbosity: 1
hide-version: yes
hide-identity: yes
1665,13 → 1631,14
define-tag: "whitelist"
local-zone: "." transparent
local-zone-tag: "." "whitelist"
include: /etc/unbound/conf.d/common/forward-zone.conf
include: /etc/unbound/conf.d/common/local-forward/*
include: /etc/unbound/conf.d/common/local-dns/*
include: /etc/unbound/conf.d/whitelist/*
include: /usr/local/share/unbound-wl-enabled/*
forward-zone:
name: "."
forward-addr: 127.0.0.1@55
username: ""
ipset:
name-v4: "wl_ip_allowed"
EOF
 
# Configuration file for $INTIF of blackhole unbound
1705,7 → 1672,7
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound-$list.conf?g" /etc/systemd/system/unbound-$list.service
$SED "s?^PIDFile=.*?PIDFile=/run/unbound-$list.pid?g" /etc/systemd/system/unbound-$list.service
done
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service dnsmasq-whitelist.service?g" /etc/systemd/system/unbound-whitelist.service
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /etc/systemd/system/unbound-whitelist.service
} # End of unbound()
 
##################################################
1823,7 → 1790,7
EOF
cat <<EOF > /etc/cron.d/alcasar-watchdog
# 'alcasar-watchdog.sh' : run the "watchdog" (every 10')
# 'alcasar-flush_ipset_wl.sh' : empty the IPSET of the whitelisted IP loaded dynamically with dnsmasq-whitelist hook (every sunday at 0:05 am)
# 'alcasar-flush_ipset_wl.sh' : empty the IPSET of the whitelisted IP loaded dynamically with unbound-whitelist hook (every sunday at 0:05 am)
# 'alcasar-watchdog.sh --disconnect-permanent-users' : disconnect users with attribute "Alcasar-Status-Page-Must-Stay-Open" (daily --> see "cron.daily")
# 'alcasar-watchdog-hl.sh' : (optionnaly) remove the IP 0.0.0.0 from chilli cache memory
*/10 * * * * root $DIR_DEST_BIN/alcasar-watchdog.sh > /dev/null 2>&1
2232,7 → 2199,7
done
/usr/bin/systemctl daemon-reload
# processes started at boot time (Systemctl)
for i in alcasar-network mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd
for i in alcasar-network mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd
do
/usr/bin/systemctl -q enable $i.service
done
2477,7 → 2444,7
fi
mode="update"
fi
for func in init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat dnsmasq unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt mail_service post_install
for func in init network CA ACC time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat unbound dhcpd BL cron fail2ban gammu_smsd msec letsencrypt mail_service post_install
do
$func
if [ $DEBUG_ALCASAR == "on" ]
/conf/logrotate.d/dnsmasq-blacklist
File deleted
/scripts/alcasar-activity_report.sh
164,7 → 164,7
#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
if [ "$(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l)" -gt 1 ]
then
PACKAGE='php|lighttpd|iptables|dnsmasq|unbound|radius|nfdump|e2guardian|clamav|ulogd|chilli|fail2ban|openssh|ipt-netflow|wget|mariadb|gnupg|openssl'
PACKAGE='php|lighttpd|iptables|unbound|radius|nfdump|e2guardian|clamav|ulogd|chilli|fail2ban|openssh|ipt-netflow|wget|mariadb|gnupg|openssl'
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
do
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
/scripts/alcasar-bl.sh
271,6 → 271,7
else
# adapt to the unbound syntax for the whitelist
$SED "s?.*?local-zone: & transparent?g" $FILE_tmp
$SED "p; s? transparent? ipset?g" $FILE_tmp # duplicate lines to enable ipset module
mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
fi
done
362,7 → 363,6
then
/usr/bin/systemctl restart unbound-blacklist
/usr/bin/systemctl restart unbound-whitelist
/usr/bin/systemctl restart dnsmasq-whitelist
/usr/bin/systemctl restart e2guardian
/usr/local/bin/alcasar-iptables.sh
fi
/scripts/alcasar-conf.sh
195,6 → 195,9
# Apply changes between versions
## V5.4 --> V5.5 ##
[ -e $DIR_ETC/alcasar-iptables-local.sh ] && cp $DIR_ETC/alcasar-iptables-local.sh $DIR_ETC/alcasar-iptables-local.sh.old && cp $CURRENT_DIR/conf/etc/alcasar-iptables-local.sh $DIR_ETC/ # new rule for SMTP output flows
## V5.5 --> V6.0 ## remove dnsmasq service
[ -e /etc/dnsmasq-whitelist.conf ] && rm -f /etc/dnsmasq*
[ -e /etc/systemd/system/dnsmasq-whitelist.service ] && rm -f /etc/systemd/system/dnsmasq* && urpme dnsmasq
# Remove the update folder
rm -rf $DIR_UPDATE
;;
297,7 → 300,7
$DIR_BIN/alcasar-logout.sh all
# Services stop
echo -n "Stop services : "
for i in ntpd e2guardian unbound unbound-whitelist dnsmasq-whitelist unbound-blacklist unbound-blackhole chilli network lighttpd
for i in ntpd e2guardian unbound unbound-whitelist unbound-blacklist unbound-blackhole chilli network lighttpd
do
/usr/bin/systemctl stop $i && echo -n "$i, "
done
372,10 → 375,6
$SED "s?^uamlisten.*?uamlisten\t$PRIVATE_IP?g" /etc/chilli.conf
# modify the DHCP static ip file. Reserve the second IP address for INTIF (the first one is for tun0). Keep previous entries
$SED "s?^$PRIVATE_MAC.*?$PRIVATE_MAC $PRIVATE_SECOND_IP?" $DIR_ETC/alcasar-ethers $DIR_ETC/alcasar-ethers-info
# dnsmasq-whitelist
$SED "/^server=/d" /etc/dnsmasq-whitelist.conf
echo "server=$DNS1" >> /etc/dnsmasq-whitelist.conf
echo "server=$DNS2" >> /etc/dnsmasq-whitelist.conf
# unbound
# removing unbound configuration files
rm -f /etc/unbound/conf.d/{forward,blacklist,whitelist,blackhole}/iface.*
490,7 → 489,7
sleep 1
/usr/bin/systemctl start $i && echo -n ", $i"
done
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", unbound-blacklist, unbound-whitelist, dnsmasq-whitelist, e2guardian, iptables"
$DIR_BIN/alcasar-bl.sh -reload && echo -n ", unbound-blacklist, unbound-whitelist, e2guardian, iptables"
/usr/bin/systemctl restart lighttpd && echo -n ", lighttpd"
fi
# Email user registration
/scripts/alcasar-daemon.sh
15,7 → 15,7
LDAP=${LDAP:=off}
INTIF=`grep ^INTIF= $conf_file|cut -d"=" -f2` # INTIF name
EXTIF=`grep ^EXTIF= $conf_file|cut -d"=" -f2` # EXTIF name
SERVICES="mysqld lighttpd php-fpm ntpd unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
SERVICES="mysqld lighttpd php-fpm ntpd unbound unbound-blacklist unbound-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat gammu-smsd"
nb_available_srv=`echo $SERVICES|wc -w`
 
function ServiceTest () {
/scripts/alcasar-dns-local.sh
33,7 → 33,7
fi
 
function restart_dns(){
for dns in unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole
for dns in unbound unbound-blacklist unbound-whitelist unbound-blackhole
do
echo "Restarting $dns. Please wait..."
systemctl restart $dns
100,7 → 100,6
hosts_to_unbound
;;
--off|-off) # disable DNS redirector
#$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE
rm -f $LOCAL_DOMAIN_CONF_FILE
$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=off?g" $ALCASAR_CONF_FILE
restart_dns
107,13 → 106,11
/usr/local/bin/alcasar-iptables.sh
;;
--off-without-restart|-off-without-restart) # disable DNS redirector
#$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE
rm -f $LOCAL_DOMAIN_CONF_FILE
$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=off?g" $ALCASAR_CONF_FILE
/usr/local/bin/alcasar-iptables.sh
;;
--on|-on) # enable DNS redirector
#$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE
cat > $LOCAL_DOMAIN_CONF_FILE << EOF
server:
local-zone: "$INT_DNS_DOMAIN." transparent
126,7 → 123,6
/usr/local/bin/alcasar-iptables.sh
;;
--on-without-restart|-on-without-restart) # enable DNS redirector
#$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE
cat > $LOCAL_DOMAIN_CONF_FILE << EOF
server:
local-zone: "$INT_DNS_DOMAIN." transparent
/scripts/alcasar-iptables.sh
165,7 → 165,7
done
 
###### WL set ###########
# taille fixe, car peuplé par dnsmasq / fixe length due to dnsmasq dynamic loading
# taille fixe, car peuplé par unbound / fixe length due to unbound dynamic loading
wl_set_length=65536
# Chargement Loading
echo "create wl_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save
/scripts/alcasar-rpm-download.sh
20,7 → 20,7
# "sudo" : needed after a reinstallation (to be investigated)
# "clamav" + "clamav-db" : needed because of a lack of mutual dependance
# "postfix" + "cyrus-sasl" + "lib64sasl2-plug-plain" : email registration method
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop"
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop"
 
rpm_repository_sync ()
{
/scripts/alcasar-rpm.sh
21,7 → 21,7
# "sudo" : needed after a reinstallation (to be investigated)
# "clamav" + "clamav-db" : needed because of a lack of mutual dependance
# "postfix" + "cyrus-sasl" + "lib64sasl2-plug-plain" : email registration method
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-dom unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop"
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli php-dom unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware kernel-firmware-nonfree dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat postfix cyrus-sasl lib64sasl2-plug-plain iftop"
 
rpm_repository_sync ()
{
/scripts/alcasar-uninstall.sh
173,17 → 173,6
fi
}
 
dnsmasq ()
{
echo -en "(3) : "
[ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf && echo -n "1, "
[ -e /etc/dnsmasq-whitelist.conf ] && rm /etc/dnsmasq-whitelist.conf && echo -n "2, "
if [ -e /etc/systemd/system/dnsmasq-whitelist.service ]; then
rm -f /etc/systemd/system/dnsmasq-whitelist.service
echo -n "3, "
fi
}
 
unbound ()
{
echo -en "(9) : "
327,7 → 316,7
echo "----------------------------------------------------------------------------"
echo "** Uninstall/Désinstallation d'ALCASAR **"
echo "----------------------------------------------------------------------------"
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli"
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist unbound-blackhole nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli"
/usr/local/bin/alcasar-logout.sh all # logout everybody
else
echo "--------------------------------------------------------------------------"
334,7 → 323,7
echo "** update/mise à jour d'ALCASAR **"
echo "--------------------------------------------------------------------------"
# unbound, iptables & sshd should stay on to allow remote update
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli"
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist unbound-blackhole nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli"
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update + users stay connected during the update
fi
 
366,7 → 355,7
[ $mode == "update" ] && /usr/bin/systemctl reload sshd # reload sshd in case of remote update
 
echo "Reset ALCASAR main functions : "
for func in init ACC CA time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat unbound dnsmasq dhcpd cron fail2ban gammu_smsd msec letsencrypt mail_service post_install
for func in init ACC CA time_server init_db freeradius chilli e2guardian antivirus ulogd nfsen vnstat unbound dhcpd cron fail2ban gammu_smsd msec letsencrypt mail_service post_install
do
echo -en "\n- $func "
$func
/web/acc/about.htm
19,7 → 19,7
<dd><img src="/images/mini-tux.png" alt="linux" WIDTH="65" HEIGHT="72"></dd>
</div>
<script LANGUAGE="javascript">
//Fonction pour ouvrir une nouvelle fenêtre
//Open a new Window
function ouvrir(page)
{
window.open(page, "From Rexy", "alwaysRaised=yes,toolbar=yes,location=yes,directories=no,status=no,menubar=yes,scrollbars=yes,resizable=no,copyhistory=no,hotkeys=no,width=640 ,height=480");
69,22 → 69,22
</script>
<table width="100%" border="0" cellspacing="0" cellpadding="0" style="background-color: rgba(255, 255, 255, 0.5);">
<TR>
<TD align="center"><A HREF="javascript:ouvrir('http://www.linux.org')"><img border="0" src="/images/footer_linux.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://www.mageia.org')"><img border="0" src="/images/footer_mageia.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://www.coova.org/CoovaChilli')"><img border="0" src="/images/footer_coova.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://www.freeradius.org')"><img border="0" src="/images/footer_freeradius.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://www.mariadb.org')"><img border="0" src="/images/footer_mariadb.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://lighttpd.net')"><img border="0" src="/images/footer_lighttpd.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://www.php.net')"><img border="0" src="/images/footer_php.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://www.linux.org')"><img border="0" src="/images/footer_linux.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://www.mageia.org')"><img border="0" src="/images/footer_mageia.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://coova.github.io/')"><img border="0" src="/images/footer_coova.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://freeradius.org')"><img border="0" src="/images/footer_freeradius.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://mariadb.org')"><img border="0" src="/images/footer_mariadb.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://www.lighttpd.net')"><img border="0" src="/images/footer_lighttpd.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://www.php.net')"><img border="0" src="/images/footer_php.png"></A></TD>
</TR>
<TR>
<TD align="center"><A HREF="javascript:ouvrir('http://www.fpdf.org')"><img border="0" src="/images/footer_fpdf.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://sourceforge.net/projects/ipt-netflow')"><img border="0" src="/images/footer_netflow.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://www.postfix.org')"><img border="0" src="/images/footer_postfix.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://github.com/aabc/ipt-netflow')"><img border="0" src="/images/footer_netflow.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://www.clamav.net')"><img border="0" src="/images/footer_clamav.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://www.netfilter.org')"><img border="0" src="/images/footer_netfilter.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://www.wammu.eu')"><img border="0" src="/images/footer_gammu.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://www.netfilter.org')"><img border="0" src="/images/footer_netfilter.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://wammu.eu')"><img border="0" src="/images/footer_gammu.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://e2guardian.org')"><img border="0" src="/images/footer_e2guardian.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('http://thekelleys.org.uk/dnsmasq/doc.html')"><img border="0" src="/images/footer_dnsmasq.png"></A></TD>
<TD align="center"><A HREF="javascript:ouvrir('https://nlnetlabs.nl/projects/unbound/about/')"><img border="0" src="/images/footer_unbound.png"></A></TD>
</TR>
</table>
</body>
/web/acc/admin/services.php
35,7 → 35,6
$l_unbound = "Serveur DNS principal";
$l_unbound_blacklist = "Serveur DNS pour la Blacklist";
$l_unbound_whitelist = "Serveur DNS pour la Whitelist";
$l_dnsmasq_whitelist = "Serveur DNS pour la Whitelist (IPSET)";
$l_unbound_blackhole = "Serveur DNS 'trou noir'";
$l_ulogd_ssh = "journalisation des accès par SSH";
$l_ulogd_ext_access = "journalisation des tentatives d'accès externes";
74,7 → 73,6
$l_unbound = "Servidor DNS principal ";
$l_unbound_blacklist = "Servidor DNS de Lista Negra";
$l_unbound_whitelist = "Servidor DNS de Lista Blanca";
$l_dnsmasq_whitelist = "Servidor DNS de Lista Blanca (IPSET)";
$l_unbound_blackhole = "Agujero negro DNS";
$l_ulogd_ssh = "Proceso de registro para accesos SSH";
$l_ulogd_ext_access = "Proceso de registro de intentos de accesos externos";
113,7 → 111,6
$l_unbound = "Main DNS server";
$l_unbound_blacklist = "Blacklist DNS server";
$l_unbound_whitelist = "Whitelist DNS server";
$l_dnsmasq_whitelist = "Whitelist DNS server (IPSET)";
$l_unbound_blackhole = "Blackhole DNS server";
$l_ulogd_ssh = "SSH access logging process";
$l_ulogd_ext_access = "Extern access attempts logging process";
215,7 → 212,7
//-------------------------------
// Actions on services
//-------------------------------
$autorizeService = array("radiusd","chilli","mysqld","lighttpd","unbound-forward","ulogd-ssh","ulogd-ext-access","ulogd-traceability","unbound-blacklist","unbound-whitelist","dnsmasq-whitelist","unbound-blackhole","e2guardian","clamav-daemon","clamav-freshclam","sshd","ntpd","fail2ban","nfcapd","vnstat","postfix");
$autorizeService = array("radiusd","chilli","mysqld","lighttpd","unbound-forward","ulogd-ssh","ulogd-ext-access","ulogd-traceability","unbound-blacklist","unbound-whitelist","unbound-blackhole","e2guardian","clamav-daemon","clamav-freshclam","sshd","ntpd","fail2ban","nfcapd","vnstat","postfix");
$autorizeAction = array("start","stop","restart");
 
if (isset($_GET['service'])&&(in_array($_GET['service'], $autorizeService))) {
247,7 → 244,6
$FilterServiceStatus = array();
$FilterServiceStatus['unbound_blacklist'] = checkServiceStatus("unbound-blacklist");
$FilterServiceStatus['unbound_whitelist'] = checkServiceStatus("unbound-whitelist");
$FilterServiceStatus['dnsmasq_whitelist'] = checkServiceStatus("dnsmasq-whitelist");
$FilterServiceStatus['unbound_blackhole'] = checkServiceStatus("unbound-blackhole");
$FilterServiceStatus['e2guardian'] = checkServiceStatus("e2guardian");
$FilterServiceStatus['clamav_daemon'] = checkServiceStatus("clamav-daemon");
/web/acc/manager/auth_exceptions.php
118,7 → 118,7
fwrite ($pointeur, $line);
fclose ($pointeur);
exec ("sudo /usr/local/bin/alcasar-file-clean.sh"); # Clean & sort conf files. Add uamallowed domains to the dns-blackhole conf
sleep (1); # be sure that dnsmasq-blackhole is restarted before killing tun0 !
sleep (1); # be sure that unbound-blackhole is restarted before killing tun0 !
exec ("sudo /usr/bin/systemctl restart chilli");
}
}
153,7 → 153,7
fclose($pointeur);
}
exec ("sudo /usr/local/bin/alcasar-file-clean.sh"); # Clean & sort conf files. Add uamallowed domains to the dns-blackhole conf
sleep (1); # be sure that dnsmasq-blackhole is restarted before killing tun0 !
sleep (1); # be sure that unbound-blackhole is restarted before killing tun0 !
exec ("sudo /usr/bin/systemctl restart chilli");
break;
case 'new_ip' :
/web/images/footer_dnsmasq.png
Cannot display: file marked as a binary type.
svn:mime-type = image/png
Property changes:
Deleted: svn:mime-type
-image/png
\ No newline at end of property
/web/images/footer_fpdf.png
Cannot display: file marked as a binary type.
svn:mime-type = image/png
Property changes:
Deleted: svn:mime-type
-image/png
\ No newline at end of property
/web/images/footer_postfix.png
Cannot display: file marked as a binary type.
svn:mime-type = image/png
Property changes:
Added: svn:mime-type
+image/png
\ No newline at end of property
/web/images/footer_unbound.png
Cannot display: file marked as a binary type.
svn:mime-type = image/png
Property changes:
Added: svn:mime-type
+image/png
\ No newline at end of property