/alcasar.sh |
---|
45,6 → 45,7 |
DIR_SCRIPTS="$DIR_INSTALL/scripts" # répertoire d'installation contenant les scripts |
DIR_SAVE="/var/Save" # répertoire de sauvegarde (ISO, backup, etc.) |
DIR_WEB="/var/www/html" # répertoire racine APACHE |
DIR_DG="/etc/dansguardian" # répertoire de config de DansGuardian |
DIR_ACC="$DIR_WEB/acc" # répertoire du centre de gestion 'ALCASAR Control Center' |
DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts |
DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin |
235,7 → 236,7 |
# - dans /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh} |
cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar* |
# - des fichiers de conf dans /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,ethers,iptables-local.sh,services} |
cp -f $DIR_SCRIPTS/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar* |
cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar* |
$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh |
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh |
$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh |
879,7 → 880,6 |
################################################################## |
param_dansguardian () |
{ |
DIR_DG="/etc/dansguardian" |
mkdir /var/dansguardian |
chown dansguardian /var/dansguardian |
[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default |
1116,24 → 1116,24 |
BL () |
{ |
# on copie par défaut la BL de toulouse embarqués dans l'archive d'ALCASAR |
rm -rf /etc/dansguardian/lists/blacklists |
tar zxf $DIR_CONF/blacklists.tar.gz --directory=/etc/dansguardian/lists/ > /dev/null 2>&1 |
rm -rf $DIR_DG/lists/blacklists |
tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1 |
cp -f $DIR_CONF/VERSION-BL $DIR_ACC/ |
chown apache:apache $DIR_ACC/VERSION-BL |
# on crée le répertoire de la BL secondaire |
mkdir /etc/dansguardian/lists/blacklists/ossi |
touch /etc/dansguardian/lists/blacklists/ossi/domains |
touch /etc/dansguardian/lists/blacklists/ossi/urls |
# on crée le répertoire de la BL secondaire et le répertoire "pureip" (catégorie virtuelle) |
mkdir $DIR_DG/lists/blacklists/ossi $DIR_DG/lists/blacklists/ip |
touch $DIR_DG/lists/blacklists/ossi/domains $DIR_DG/lists/blacklists/ip/domains |
touch $DIR_DG/lists/blacklists/ossi/urls $DIR_DG/lists/blacklists/ip/urls |
# On crée les fichiers vides de sites ou d'URL réhabilités |
[ -e /etc/dansguardian/lists/exceptionsitelist.default ] || mv /etc/dansguardian/lists/exceptionsitelist /etc/dansguardian/lists/exceptionsitelist.default |
[ -e /etc/dansguardian/lists/exceptionurllist.default ] || mv /etc/dansguardian/lists/exceptionurllist /etc/dansguardian/lists/exceptionurllist.default |
touch /etc/dansguardian/lists/exceptionsitelist |
touch /etc/dansguardian/lists/exceptionurllist |
[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default |
[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIr_DG/lists/exceptionurllist.default |
touch $DIR_DG/lists/exceptionsitelist |
touch $DIR_DG/lists/exceptionurllist |
# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian |
cat <<EOF > /etc/dansguardian/lists/bannedurllist |
cat <<EOF > $DIR_DG/lists/bannedurllist |
# Dansguardian filter config for ALCASAR |
EOF |
cat <<EOF > /etc/dansguardian/lists/bannedsitelist |
cat <<EOF > $DIR_DG/lists/bannedsitelist |
# Dansguardian domain filter config for ALCASAR |
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée) |
#** |
1144,8 → 1144,8 |
# block all sites specified only by an IP |
*ip |
EOF |
chown -R dansguardian:apache /etc/dansguardian/ |
chmod -R g+rw /etc/dansguardian |
chown -R dansguardian:apache $DIR_DG |
chmod -R g+rw $DIR_DG |
# On crée la structure du DNS-blackhole : |
mkdir $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled} |
chown -R 770 $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled} |
1152,7 → 1152,7 |
chown -R root:apache $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled} |
# On fait pointer le black-hole sur une page interne |
$SED "s?^IP_RETOUR=.*?IP_RETOUR=\"$PRIVATE_IP\"?g" $DIR_DEST_SBIN/alcasar-bl.sh |
# On récupère la dernière version de la BL Toulouse |
# On récupère la dernière version de la BL Toulouse et on l'adapte à notre structure |
$DIR_DEST_SBIN/alcasar-bl.sh --download |
} |
/conf/VERSION-BL |
---|
1,0 → 0,0 |
Univ-tlse du 17 décembre 2009 - 23h00 |
Univ-tlse du 25 juin 2011 - 23h00 |
/conf/sudoers |
---|
24,6 → 24,7 |
Cmnd_Alias LOGOUT=/usr/local/sbin/alcasar-logout.sh # pour déconnecter les usagers |
Cmnd_Alias UAM=/usr/local/sbin/alcasar-uamallowed.sh # pour gérer les site de confiance (uamallowed) |
Cmnd_Alias SERVICE=/sbin/service,/usr/bin/killall,/sbin/chkconfig # pour gérer les services |
Cmnd_Alias SSL=/usr/bin/openssl # pour récupérer les info des certificats |
# Defaults specification |
# Defaults syslog=auth |
43,6 → 44,6 |
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom |
# %users localhost=/sbin/shutdown -h now |
ADMWEB LAN_ORG=(root) NOPASSWD: NET,GHOST,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE |
ADMWEB LAN_ORG=(root) NOPASSWD: NET,GHOST,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,SSL |
ADMIN LAN_ORG=(root) NOPASSWD: NET,/sbin/poweroff,/sbin/shutdown -h now,/sbin/reboot,URPMI,BYPASS,GHOST,SQL,EXPORT,SERVICE |
/conf/blacklists.tar.gz |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
/scripts/alcasar-conf.sh |
---|
102,6 → 102,7 |
cp -f /etc/pki/tls/private/alcasar.key $DIR_UPDATE |
cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE |
cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE |
[ -e /etc/pki/tls/certs/server-chain.crt ] && cp -f /etc/pki/tls/certs/server-chain.crt $DIR_UPDATE # cas d'un certificat officiel |
fi |
# si version < 2.2 |
if [ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 2 ]) |
182,6 → 183,11 |
[ -e $DIR_UPDATE/alcasar-ca.key ] && cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/ |
[ -e $DIR_UPDATE/alcasar.crt ] && cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/ |
[ -e $DIR_UPDATE/alcasar.key ] && cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/ |
if [ -e $DIR_UPDATE/server-chain.crt ]; then # si un certificat officiel est installé |
cp -f $DIR_UPDATE/server-chain.crt /etc/pki/tls/certs/ |
FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl*` |
$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?g" $FIC_VIRTUAL_SSL |
fi |
chown -R root:apache /etc/pki |
chmod -R 750 /etc/pki |
# Import de la dernière base usagers |
/scripts/sbin/alcasar-bl.sh |
---|
23,17 → 23,17 |
cd $DIR_tmp |
wget http://$BL_SERVER/blacklists/download/blacklists.tar.gz |
} |
# Décompression de la BL (en conservant la WL) |
function install () { |
[ -d $DIR_DG ] || mkdir -p $DIR_DG |
[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp |
[ -d $DIR_DG_BL/ip ] && mv -f $DIR_DG_BL/ip $DIR_tmp |
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/ |
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/ |
[ -d $DIR_tmp/ip ] && mv -f $DIR_tmp/ip $DIR_DG_BL/ |
cd /root |
rm -rf $DIR_tmp |
} |
# Adaptation de la BL Toulouse à la structure Dnsmasq |
function adapt () { |
# On récupère le nom des répertoire (catégories) |
46,13 → 46,13 |
for PATH_FILE in `cat $BL_CATEGORIES` |
do |
echo -n "." |
# on crée le le fichier 'urls' s'il n'existe pas |
# on crée le fichier 'urls' s'il n'existe pas |
if [ ! -f $PATH_FILE/urls ] |
then |
touch $PATH_FILE/urls |
chown dansguardian:apache $PATH_FILE/urls |
fi |
# on suppression des @IP, des lignes commentées et des caractères bizarres comme les ô et û ö ü |
# suppression des @IP, des lignes commentées et des caractères bizarres comme les ô et û ö ü |
egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > /tmp/dnsmasq-bl.tmp |
$SED "/[äâëêïîöôüû]/d" /tmp/dnsmasq-bl.tmp |
$SED "/^#.*/d" /tmp/dnsmasq-bl.tmp |
63,7 → 63,6 |
done |
echo |
} |
# Permet d'activer/désactiver les catégories de la BL |
function cat_choice (){ |
# un peu de ménage |
71,20 → 70,16 |
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist |
# on adapte le fichier $BL_CATEGORIES au choix de catégorie |
$SED "s?^[^#]?#&?g" $BL_CATEGORIES # on commente ce qui ne l'est pas |
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` |
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` # on affecte les catégories à dansguardian et dnsmasq |
do |
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES |
ln -s $DIR_DNS_FILTER_AVAILABLE/$ENABLE_CATEGORIE.conf $DIR_DNS_FILTER_ENABLED/$ENABLE_CATEGORIE |
# echo ".Include<$DIR_DANSGUARDIAN/blacklists/$ENABLE_CATEGORIES/domains>" >> $DIR_DANSGUARDIAN/bannedsitelist # dansguardian ne s'occupe plus des noms de domaine |
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist |
done |
sort -k2n $BL_CATEGORIES > $FILE_tmp |
mv $FILE_tmp $BL_CATEGORIES |
# on affecte les catégories à dansguardian et dnsmasq |
for i in `cat $BL_CATEGORIES_ENABLED` |
do |
ln -s $DIR_DNS_FILTER_AVAILABLE/$i.conf $DIR_DNS_FILTER_ENABLED/$i |
# echo ".Include<$DIR_DANSGUARDIAN/blacklists/$i/domains>" >> $DIR_DANSGUARDIAN/bannedsitelist |
echo ".Include<$DIR_DG_BL/$i/urls>" >> $DIR_DG/bannedurllist |
done |
} |
function bl_enable (){ |
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf |
174,6 → 169,12 |
fi |
cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_FILTER_AVAILABLE/ossi.conf |
$SED "s?.*?address=/&/$IP_RETOUR?g" $DIR_DNS_FILTER_AVAILABLE/ossi.conf |
IP_PURE=`grep '^ip' $BL_CATEGORIES_ENABLED|wc -l` |
if [ $IP_PURE -eq "1" ]; then # filtrage des url sans nom de domaine |
$SED "s/^\#\*ip$/*ip/g" $DIR_DG/bannedsitelist |
else |
$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist |
fi |
DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off) |
DNS_FILTERING=${DNS_FILTERING:=off} |
if [ $DNS_FILTERING = on ]; then |
/web/acc/admin/bl_categories_help.php |
---|
36,6 → 36,7 |
$l_explain_gambling="Sites de jeux d'argent en ligne (casino, grattage virtuel, etc.)"; |
$l_explain_games="Sites de jeux en ligne"; |
$l_explain_hacking="Sites relatifs au piratage informatique"; |
$l_explain_ip="Sites appelés par une addresse IP plutôt que par un nom de domaine"; |
$l_explain_jobsearch="Sites de recherche d'emplois"; |
$l_explain_liste_bu="Liste de sites éducatifs pour bibliothèque"; |
$l_explain_malware="Site relatifs au logiciels malveillants (virus, vers, trojans, etc.)"; |
89,6 → 90,7 |
$l_explain_gambling="Online gambling sites (casino, virtual scratching, etc.)"; |
$l_explain_games="Online games sites"; |
$l_explain_hacking="Sites related to hacking"; |
$l_explain_ip="Sites specified by an IP address instead of a domain name"; |
$l_explain_jobsearch="Job search sites"; |
$l_explain_liste_bu="List of educational sites for library"; |
$l_explain_malware="Malware sites (viruses, worms, trojans, etc.)."; |
/web/acc/phpsysinfo/includes/xml/portail.php |
---|
29,7 → 29,7 |
$host = "localhost"; |
$DB_USER = "radius"; |
$DB_RADIUS = "radius"; |
$radiuspwd = "X01WDItQ"; |
$radiuspwd = "JbzwD8FP"; |
// Connexion au serveur |
mysql_connect($host, $DB_USER,$radiuspwd) or die("erreur de connexion au serveur"); |
mysql_select_db($DB_RADIUS) or die("erreur de connexion a la base de donnees"); |
75,7 → 75,6 |
fclose($sock); |
return true; |
} |
} |
// Fonction de test du filtrage |
function filtrageTest($file, $search_regex){ |
132,6 → 131,10 |
} |
$_text = "<table border=\"0\" width=\"100%\" align=\"center\">\n" |
. " <tr>\n" |
. " <td valign=\"top\"><font size=\"-1\">" . $text['internet_link'] . "</font></td>\n" |
. " <td><font size=\"-1\">" . $internet_status . "</font></td>\n" |
. " </tr>\n" |
. " <tr>\n" |
. " <td valign=\"top\"><font size=\"-1\">" . $text['portail-version'] . "</font></td>\n" |
. " <td><font size=\"-1\">" . $INSTALLEDVERSION . "</font></td>\n" |
. " </tr>\n" |
159,10 → 162,6 |
. " <td valign=\"top\"><font size=\"-1\">" . $text['bl-version'] . "</font></td>\n" |
. " <td><font size=\"-1\">" . $VERSIONBL . "</font></td>\n" |
. " </tr>\n" |
. " <tr>\n" |
. " <td valign=\"top\"><font size=\"-1\">" . $text['internet_link'] . "</font></td>\n" |
. " <td><font size=\"-1\">" . $internet_status . "</font></td>\n" |
. " </tr>\n" |
. "</table>\n"; |
return $_text; |
} |
/web/acc/phpsysinfo/includes/xml/vitals.php |
---|
62,7 → 62,7 |
$scale_factor = 2; |
$strLoadbar = ""; |
$uptime = ""; |
$cert_ca_expiration_date = exec ("sudo /usr/bin/openssl x509 -noout -in /etc/pki/tls/certs/alcasar.crt -dates|grep After|cut -d\"=\" -f2"); |
if( $XPath->match( "/phpsysinfo/Vitals/CPULoad" ) ) |
$strLoadbar = "<br>" . create_bargraph( $XPath->getData( "/phpsysinfo/Vitals/CPULoad" ), 100, $scale_factor ) . " " . $XPath->getData( "/phpsysinfo/Vitals/CPULoad" ) . "%"; |
71,6 → 71,10 |
. " <td valign=\"top\"><font size=\"-1\">" . $text['hostname'] . "</font></td>\n" |
. " <td><font size=\"-1\">" . $XPath->getData( "/phpsysinfo/Vitals/Hostname" ) . "</font></td>\n" |
. " </tr>\n" |
. " <tr>\n" |
. " <td valign=\"top\"><font size=\"-1\">" . $text['cert_expiration_date'] . "</font></td>\n" |
. " <td><font size=\"-1\">" . $cert_ca_expiration_date . "</font></td>\n" |
. " </tr>\n" |
// . " <tr>\n" |
// . " <td valign=\"top\"><font size=\"-1\">" . $text['ip'] . "</font></td>\n" |
// . " <td><font size=\"-1\">" . $XPath->getData( "/phpsysinfo/Vitals/IPAddr" ) . "</font></td>\n" |
/web/acc/phpsysinfo/includes/lang/fr.php |
---|
54,6 → 54,7 |
$text['disable'] = "inactif"; |
$text['web_filter'] = "Filtrage WEB"; |
$text['net_filter'] = "Filtrage protocoles réseau"; |
$text['cert_expiration_date'] = "Date d'expiration du certificat"; |
// |
$text['netusage'] = 'Réseau'; |
/web/acc/phpsysinfo/includes/lang/en.php |
---|
54,6 → 54,7 |
$text['disable'] = "disable"; |
$text['web_filter'] = "WEB filtering"; |
$text['net_filter'] = "Network protocols filtering"; |
$text['cert_expiration_date'] = "Certificate expiration date"; |
// |
$text['netusage'] = 'Network Usage'; |
/web/pass/index.php |
---|
78,7 → 78,7 |
$R_form_l3 = "Nouveau mot de passe :"; |
$R_form_l4 = "Nouveau mot de passe (confirmation) :"; |
$R_eval_pass = ""; |
$R_passwordmeter = "Propuls� par <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>"; |
$R_passwordmeter = "Propulsé par <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>"; |
$R_form_button_valid = "Modifier"; |
$R_form_button_retour = "Annuler"; |
$R_form_result1 = "Votre mot de passe a été modifié avec succès"; |