Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 613 → Rev 615

/alcasar.sh
673,12 → 673,16
sleep 4
mysqladmin -u root password $mysqlpwd
MYSQL="/usr/bin/mysql -uroot -p$mysqlpwd --exec"
# On supprime les tables d'exemple
# Delete exemple databases if exist
$MYSQL="DROP DATABASE IF EXISTS test;DROP DATABASE IF EXISTS tmp;CONNECT mysql;DELETE from user where user='';FLUSH PRIVILEGES;"
# On crée la base 'radius'
# Create 'radius' database
$MYSQL="CREATE DATABASE IF NOT EXISTS $DB_RADIUS;GRANT ALL ON $DB_RADIUS.* TO $DB_USER@localhost IDENTIFIED BY '$radiuspwd';FLUSH PRIVILEGES"
# Ajout d'une base vierge
# Add an empty radius database structure
mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < $DIR_CONF/radiusd-db-vierge.sql
# modify the start script in order to close accounting connexion when the system is comming down or up
[ -e /etc/init.d/mysqld.default ] || cp /etc/init.d/mysqld /etc/init.d/mysqld.default
$SED "/wait_for_pid created/a echo \"Flush ALCASAR open accounting sessions\"; /usr/local/sbin/alcasar-mysql.sh -acct_stop" /etc/init.d/mysqld
$SED "/'stop')/a echo \"Flush ALCASAR open accounting sessions\"; /usr/local/sbin/alcasar-mysql.sh -acct_stop" /etc/init.d/mysqld
} # End init_db ()
 
##########################################################################
1275,6 → 1279,7
/sbin/chkconfig --del sshd
echo "SSH=off" >> $FIC_CONF
echo "QOS=off" >> $FIC_CONF
echo "LDAP=off" >> $FIC_CONF
echo "PROTOCOLS_FILTERING=off" >> $FIC_CONF
echo "DNS_FILTERING=off" >> $FIC_CONF
echo "WEB_ANTIVIRUS=on" >> $FIC_CONF
/CHANGELOG
1,6 → 1,9
# $Id$
 
************ CHANGELOG ***********
- 'alcasar-nf.sh' and 'alcasar-bl.sh' scripts now use the global parameters file (alcasar.conf)
- allow LDAP/AD connections both on WAN and LAN servers
- close all accounting session when the system goes down ou up
- if activate, sshd listen both on LAN and on WAN
- add a central conf file (/usr/local/etc/alcasar.conf)
- add the equipment name in the activity window when MAC authenticate
/scripts/alcasar-iptables.sh
11,14 → 11,23
 
conf_file="/usr/local/etc/alcasar.conf"
private_ip_mask=`grep PRIVATE_IP $conf_file|cut -d"=" -f2`
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
private_network=`/bin/ipcalc -n $private_ip_mask|cut -d"=" -f2` # LAN IP address (ie.: 192.168.182.0)
private_prefix=`/bin/ipcalc -p $private_ip_mask|cut -d"=" -f2` # LAN prefix (ie. 24)
dns1=`grep DNS1 $conf_file|cut -d"=" -f2` # first public DNS server
dns1=${dns1:=208.67.220.220}
dns2=`grep DNS2 $conf_file|cut -d"=" -f2` # second public DNS server
PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING $conf_file|cut -d"=" -f2` # Network protocols filter (yes/no)
DNS_FILTERING=`grep DNS_FILTERING $conf_file|cut -d"=" -f2` # DNS and URLs filter (yes/no)
QOS=`grep QOS $conf_file|cut -d"=" -f2` # QOS (yse/no)
SSH=`grep SSH $conf_file|cut -d"=" -f2` # sshd active (yes/no)
dns2=${dns2:=208.67.222.222}
PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING $conf_file|cut -d"=" -f2` # Network protocols filter (on/off)
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off}
DNS_FILTERING=`grep DNS_FILTERING $conf_file|cut -d"=" -f2` # DNS and URLs filter (on/off)
DNS_FILTERING=${DNS_FILTERING:=off}
QOS=`grep QOS $conf_file|cut -d"=" -f2` # QOS (on/off)
QOS=${QOS:=off}
SSH=`grep SSH $conf_file|cut -d"=" -f2` # sshd active (on/off)
SSH=${SSH:=off}
LDAP=`grep LDAP $conf_file|cut -d"=" -f2` # ldap external server active (on/off)
LDAP=${LDAP:=off}
PRIVATE_NETWORK_MASK=$private_network/$private_prefix # Lan IP address + prefix (192.168.182.0/24)
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address
DNSSERVERS="$dns1,$dns2" # first and second DNS IP servers addresses
236,16 → 245,22
# On autorise les requêtes DNS vers les serveurs DNS identifiés
# Allow DNS requests to identified DNS servers
$IPTABLES -A OUTPUT -o $EXTIF -d $DNSSERVERS -p udp --dport domain -m state --state NEW -j ACCEPT
# On autorise les requêtes http sortantes
# On autorise les requêtes HTTP sortantes
# HTTP requests are allowed
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
# On autorise les requêtes ntp
# On autorise les requêtes NTP
# NTP requests are allowed
$IPTABLES -A OUTPUT -o $EXTIF -p udp --dport ntp -j ACCEPT
# On autorise les requêtes ICMP (ping)
# ICMP (ping) requests are allowed
$IPTABLES -A OUTPUT -o $EXTIF -p icmp --icmp-type 8 -j ACCEPT
 
# On autorise les requêtes LDAP si un serveur externe est configué
# LDAP requests are allowed if an external server is declared
if [ $LDAP = on ]
then
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ldap -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF -p udp --dport ldap -j ACCEPT
fi
# Traduction dynamique d'adresse en sortie
# Dynamic NAT on EXTIF
$IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE
/scripts/sbin/alcasar-nf.sh
10,7 → 10,7
FIC_EXCEPTIONS="/usr/local/etc/alcasar-filter-exceptions"
FIC_CONF="/usr/local/etc/alcasar.conf"
 
usage="Usage: alcasar-nf.sh {--on or -on} | {--off | -off} "
usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off} | {-conf}"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
23,26 → 23,29
echo "$usage"
exit 0
;;
-on|-on)
# activation du filtrage réseau
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF
# tri du fichier de services
$SED "/^$/d" $FIC_SERVICES # suppression lignes vides
-on|-on) # enable protocols filter
# sort service file
$SED "/^$/d" $FIC_SERVICES # delete empty lines
sort -k2n $FIC_SERVICES > /tmp/alcasar-services-sort
mv -f /tmp/alcasar-services-sort $FIC_SERVICES
chown root:apache $FIC_SERVICES
chmod 660 $FIC_SERVICES
# vérification de présence du fichier d'exception
# vérify exception file
[ -e $FIC_EXCEPTIONS ] || touch $FIC_EXCEPTIONS
chown root:apache $FIC_EXCEPTIONS
chmod 664 $FIC_EXCEPTIONS
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF
/usr/local/bin/alcasar-iptables.sh
;;
--off|-off)
# désactivation du filtrage réseau
--off|-off) # disable protocols filter
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $FIC_CONF
/usr/local/bin/alcasar-iptables.sh
;;
--conf|-conf)
PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING $FIC_CONF|cut -d"=" -f2` # Network protocols filter (on/off)
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off}
/usr/local/bin/alcasar-iptables.sh
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
/scripts/sbin/alcasar-uninstall.sh
47,8 → 47,9
sleep 1
 
#init_db
echo -en "\n- init_db(1) : "
[ -e /etc/my.cnf.default ] && mv -f /etc/my.cnf.default /etc/my.cnf && echo -n "1"
echo -en "\n- init_db(2) : "
[ -e /etc/my.cnf.default ] && mv -f /etc/my.cnf.default /etc/my.cnf && echo -n "1, "
[ -e /etc/init.d/mysqld.default ] && mv -f /etc/init.d/mysqld.default /etc/init.d/mysqld && echo -n "2"
rm -rf /var/lib/mysql*
sleep 1
 
/scripts/sbin/alcasar-bl.sh
85,7 → 85,27
echo ".Include<$DIR_DG_BL/$i/urls>" >> $DIR_DG/bannedurllist
done
}
usage="Usage: alcasar-bl.sh {-on or --on} | { -off or --off } | { -download or --download } | { -reload - --reload }"
function bl_enable (){
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # Enable 'safesearch'
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage
then
service dansguardian restart
service dnsmasq restart
/usr/local/bin/alcasar-iptables.sh
fi
}
function bl_disable (){
rm -rf $DIR_DNS_FILTER_ENABLED/*
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist # Disable 'safesearch'
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage
then
service dansguardian restart
/usr/local/bin/alcasar-iptables.sh
fi
}
usage="Usage: alcasar-bl.sh {-on or --on} | { -off or --off } | { -download or --download } | { -reload or --reload } | { -conf or --conf}"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
101,28 → 121,24
# activation du filtrage
-on | --on)
cat_choice
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # Enable 'safesearch'
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=on?g" $CONF_FILE
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # on ne relance lors d'une install
then
service dansguardian restart
service dnsmasq restart
/usr/local/bin/alcasar-iptables.sh
fi
bl_enable
;;
# désactivation du filtrage
-off | --off)
rm -rf $DIR_DNS_FILTER_ENABLED/*
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist # Disable 'safesearch'
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # on ne relance lors d'une install
then
service dansguardian restart
/usr/local/bin/alcasar-iptables.sh
bl_disable
;;
-conf | --conf)
DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off)
DNS_FILTERING=${DNS_FILTERING:=off}
if [ $DNS_FILTERING = on ]; then
cat_choice
bl_enable
else
bl_disable
fi
;;
;;
# Mise a jour de la blacklist 'Toulouse' et adaptation à dansguardian et dnsmasq
-download | --download)
rm -rf /tmp/con_ok.html
/web/acc/admin/update_ldap.php
6,6 → 6,7
 
define ("ALCASAR_RADIUS_SITE", "/etc/raddb/sites-available/alcasar");
define ("ALCASAR_RADIUS_MODULE_LDAP", "/etc/raddb/modules/ldap");
define ("ALCASAR_CONF_FILE", "/usr/local/etc/alcasar.conf");
 
/********************************************************************
* FONCTION ERREUR *
225,10 → 226,15
 
} //test $auth_enable
 
/********************************************************************
* Redémarage du service radius *
*********************************************************************/
/****************************************************************
* Redémarage des service *
*****************************************************************/
 
if ($auth_enable == "1"){
file_put_contents(ALCASAR_CONF_FILE, str_replace('LDAP=off', 'LDAP=on', file_get_contents(ALCASAR_CONF_FILE)));}
else {
file_put_contents(ALCASAR_CONF_FILE, str_replace('LDAP=on', 'LDAP=off', file_get_contents(ALCASAR_CONF_FILE)));}
exec ("sudo /usr/local/bin/alcasar-iptables.sh");
exec ("sudo service radiusd restart");
 
/********************************************************************
237,4 → 243,4
 
header('Location:ldap.php?update=ok');
exit();
?>
?>