Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 647 → Rev 648

/alcasar.sh
45,6 → 45,7
DIR_SCRIPTS="$DIR_INSTALL/scripts" # répertoire d'installation contenant les scripts
DIR_SAVE="/var/Save" # répertoire de sauvegarde (ISO, backup, etc.)
DIR_WEB="/var/www/html" # répertoire racine APACHE
DIR_DG="/etc/dansguardian" # répertoire de config de DansGuardian
DIR_ACC="$DIR_WEB/acc" # répertoire du centre de gestion 'ALCASAR Control Center'
DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts
DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin
235,7 → 236,7
# - dans /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
# - des fichiers de conf dans /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,ethers,iptables-local.sh,services}
cp -f $DIR_SCRIPTS/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
879,7 → 880,6
##################################################################
param_dansguardian ()
{
DIR_DG="/etc/dansguardian"
mkdir /var/dansguardian
chown dansguardian /var/dansguardian
[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
1116,24 → 1116,24
BL ()
{
# on copie par défaut la BL de toulouse embarqués dans l'archive d'ALCASAR
rm -rf /etc/dansguardian/lists/blacklists
tar zxf $DIR_CONF/blacklists.tar.gz --directory=/etc/dansguardian/lists/ > /dev/null 2>&1
rm -rf $DIR_DG/lists/blacklists
tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
cp -f $DIR_CONF/VERSION-BL $DIR_ACC/
chown apache:apache $DIR_ACC/VERSION-BL
# on crée le répertoire de la BL secondaire
mkdir /etc/dansguardian/lists/blacklists/ossi
touch /etc/dansguardian/lists/blacklists/ossi/domains
touch /etc/dansguardian/lists/blacklists/ossi/urls
# on crée le répertoire de la BL secondaire et le répertoire "pureip" (catégorie virtuelle)
mkdir $DIR_DG/lists/blacklists/ossi $DIR_DG/lists/blacklists/ip
touch $DIR_DG/lists/blacklists/ossi/domains $DIR_DG/lists/blacklists/ip/domains
touch $DIR_DG/lists/blacklists/ossi/urls $DIR_DG/lists/blacklists/ip/urls
# On crée les fichiers vides de sites ou d'URL réhabilités
[ -e /etc/dansguardian/lists/exceptionsitelist.default ] || mv /etc/dansguardian/lists/exceptionsitelist /etc/dansguardian/lists/exceptionsitelist.default
[ -e /etc/dansguardian/lists/exceptionurllist.default ] || mv /etc/dansguardian/lists/exceptionurllist /etc/dansguardian/lists/exceptionurllist.default
touch /etc/dansguardian/lists/exceptionsitelist
touch /etc/dansguardian/lists/exceptionurllist
[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIr_DG/lists/exceptionurllist.default
touch $DIR_DG/lists/exceptionsitelist
touch $DIR_DG/lists/exceptionurllist
# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian
cat <<EOF > /etc/dansguardian/lists/bannedurllist
cat <<EOF > $DIR_DG/lists/bannedurllist
# Dansguardian filter config for ALCASAR
EOF
cat <<EOF > /etc/dansguardian/lists/bannedsitelist
cat <<EOF > $DIR_DG/lists/bannedsitelist
# Dansguardian domain filter config for ALCASAR
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
#**
1144,8 → 1144,8
# block all sites specified only by an IP
*ip
EOF
chown -R dansguardian:apache /etc/dansguardian/
chmod -R g+rw /etc/dansguardian
chown -R dansguardian:apache $DIR_DG
chmod -R g+rw $DIR_DG
# On crée la structure du DNS-blackhole :
mkdir $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
chown -R 770 $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
1152,7 → 1152,7
chown -R root:apache $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
# On fait pointer le black-hole sur une page interne
$SED "s?^IP_RETOUR=.*?IP_RETOUR=\"$PRIVATE_IP\"?g" $DIR_DEST_SBIN/alcasar-bl.sh
# On récupère la dernière version de la BL Toulouse
# On récupère la dernière version de la BL Toulouse et on l'adapte à notre structure
$DIR_DEST_SBIN/alcasar-bl.sh --download
}
 
/conf/VERSION-BL
1,0 → 0,0
Univ-tlse du 17 décembre 2009 - 23h00
Univ-tlse du 25 juin 2011 - 23h00
/conf/sudoers
24,6 → 24,7
Cmnd_Alias LOGOUT=/usr/local/sbin/alcasar-logout.sh # pour déconnecter les usagers
Cmnd_Alias UAM=/usr/local/sbin/alcasar-uamallowed.sh # pour gérer les site de confiance (uamallowed)
Cmnd_Alias SERVICE=/sbin/service,/usr/bin/killall,/sbin/chkconfig # pour gérer les services
Cmnd_Alias SSL=/usr/bin/openssl # pour récupérer les info des certificats
 
# Defaults specification
# Defaults syslog=auth
43,6 → 44,6
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
 
ADMWEB LAN_ORG=(root) NOPASSWD: NET,GHOST,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE
ADMWEB LAN_ORG=(root) NOPASSWD: NET,GHOST,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,SSL
ADMIN LAN_ORG=(root) NOPASSWD: NET,/sbin/poweroff,/sbin/shutdown -h now,/sbin/reboot,URPMI,BYPASS,GHOST,SQL,EXPORT,SERVICE
 
/conf/blacklists.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
/scripts/alcasar-conf.sh
102,6 → 102,7
cp -f /etc/pki/tls/private/alcasar.key $DIR_UPDATE
cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE
[ -e /etc/pki/tls/certs/server-chain.crt ] && cp -f /etc/pki/tls/certs/server-chain.crt $DIR_UPDATE # cas d'un certificat officiel
fi
# si version < 2.2
if [ $MAJ_RUNNING_VERSION -lt 2 ] || ([ $MAJ_RUNNING_VERSION -eq 2 ] && [ $MIN_RUNNING_VERSION -lt 2 ])
182,6 → 183,11
[ -e $DIR_UPDATE/alcasar-ca.key ] && cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/
[ -e $DIR_UPDATE/alcasar.crt ] && cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
[ -e $DIR_UPDATE/alcasar.key ] && cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
if [ -e $DIR_UPDATE/server-chain.crt ]; then # si un certificat officiel est installé
cp -f $DIR_UPDATE/server-chain.crt /etc/pki/tls/certs/
FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl*`
$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?g" $FIC_VIRTUAL_SSL
fi
chown -R root:apache /etc/pki
chmod -R 750 /etc/pki
# Import de la dernière base usagers
/scripts/sbin/alcasar-bl.sh
23,17 → 23,17
cd $DIR_tmp
wget http://$BL_SERVER/blacklists/download/blacklists.tar.gz
}
 
# Décompression de la BL (en conservant la WL)
function install () {
[ -d $DIR_DG ] || mkdir -p $DIR_DG
[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp
[ -d $DIR_DG_BL/ip ] && mv -f $DIR_DG_BL/ip $DIR_tmp
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/
[ -d $DIR_tmp/ip ] && mv -f $DIR_tmp/ip $DIR_DG_BL/
cd /root
rm -rf $DIR_tmp
}
 
# Adaptation de la BL Toulouse à la structure Dnsmasq
function adapt () {
# On récupère le nom des répertoire (catégories)
46,13 → 46,13
for PATH_FILE in `cat $BL_CATEGORIES`
do
echo -n "."
# on crée le le fichier 'urls' s'il n'existe pas
# on crée le fichier 'urls' s'il n'existe pas
if [ ! -f $PATH_FILE/urls ]
then
touch $PATH_FILE/urls
chown dansguardian:apache $PATH_FILE/urls
fi
# on suppression des @IP, des lignes commentées et des caractères bizarres comme les ô et û ö ü
# suppression des @IP, des lignes commentées et des caractères bizarres comme les ô et û ö ü
egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > /tmp/dnsmasq-bl.tmp
$SED "/[äâëêïîöôüû]/d" /tmp/dnsmasq-bl.tmp
$SED "/^#.*/d" /tmp/dnsmasq-bl.tmp
63,7 → 63,6
done
echo
}
 
# Permet d'activer/désactiver les catégories de la BL
function cat_choice (){
# un peu de ménage
71,20 → 70,16
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist
# on adapte le fichier $BL_CATEGORIES au choix de catégorie
$SED "s?^[^#]?#&?g" $BL_CATEGORIES # on commente ce qui ne l'est pas
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` # on affecte les catégories à dansguardian et dnsmasq
do
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
ln -s $DIR_DNS_FILTER_AVAILABLE/$ENABLE_CATEGORIE.conf $DIR_DNS_FILTER_ENABLED/$ENABLE_CATEGORIE
# echo ".Include<$DIR_DANSGUARDIAN/blacklists/$ENABLE_CATEGORIES/domains>" >> $DIR_DANSGUARDIAN/bannedsitelist # dansguardian ne s'occupe plus des noms de domaine
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist
done
sort -k2n $BL_CATEGORIES > $FILE_tmp
mv $FILE_tmp $BL_CATEGORIES
# on affecte les catégories à dansguardian et dnsmasq
for i in `cat $BL_CATEGORIES_ENABLED`
do
ln -s $DIR_DNS_FILTER_AVAILABLE/$i.conf $DIR_DNS_FILTER_ENABLED/$i
# echo ".Include<$DIR_DANSGUARDIAN/blacklists/$i/domains>" >> $DIR_DANSGUARDIAN/bannedsitelist
echo ".Include<$DIR_DG_BL/$i/urls>" >> $DIR_DG/bannedurllist
done
}
function bl_enable (){
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf
174,6 → 169,12
fi
cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_FILTER_AVAILABLE/ossi.conf
$SED "s?.*?address=/&/$IP_RETOUR?g" $DIR_DNS_FILTER_AVAILABLE/ossi.conf
IP_PURE=`grep '^ip' $BL_CATEGORIES_ENABLED|wc -l`
if [ $IP_PURE -eq "1" ]; then # filtrage des url sans nom de domaine
$SED "s/^\#\*ip$/*ip/g" $DIR_DG/bannedsitelist
else
$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist
fi
DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off)
DNS_FILTERING=${DNS_FILTERING:=off}
if [ $DNS_FILTERING = on ]; then
/web/acc/admin/bl_categories_help.php
36,6 → 36,7
$l_explain_gambling="Sites de jeux d'argent en ligne (casino, grattage virtuel, etc.)";
$l_explain_games="Sites de jeux en ligne";
$l_explain_hacking="Sites relatifs au piratage informatique";
$l_explain_ip="Sites appelés par une addresse IP plutôt que par un nom de domaine";
$l_explain_jobsearch="Sites de recherche d'emplois";
$l_explain_liste_bu="Liste de sites éducatifs pour bibliothèque";
$l_explain_malware="Site relatifs au logiciels malveillants (virus, vers, trojans, etc.)";
89,6 → 90,7
$l_explain_gambling="Online gambling sites (casino, virtual scratching, etc.)";
$l_explain_games="Online games sites";
$l_explain_hacking="Sites related to hacking";
$l_explain_ip="Sites specified by an IP address instead of a domain name";
$l_explain_jobsearch="Job search sites";
$l_explain_liste_bu="List of educational sites for library";
$l_explain_malware="Malware sites (viruses, worms, trojans, etc.).";
/web/acc/phpsysinfo/includes/xml/portail.php
29,7 → 29,7
$host = "localhost";
$DB_USER = "radius";
$DB_RADIUS = "radius";
$radiuspwd = "X01WDItQ";
$radiuspwd = "JbzwD8FP";
// Connexion au serveur
mysql_connect($host, $DB_USER,$radiuspwd) or die("erreur de connexion au serveur");
mysql_select_db($DB_RADIUS) or die("erreur de connexion a la base de donnees");
75,7 → 75,6
fclose($sock);
return true;
}
 
}
// Fonction de test du filtrage
function filtrageTest($file, $search_regex){
132,6 → 131,10
}
$_text = "<table border=\"0\" width=\"100%\" align=\"center\">\n"
. " <tr>\n"
. " <td valign=\"top\"><font size=\"-1\">" . $text['internet_link'] . "</font></td>\n"
. " <td><font size=\"-1\">" . $internet_status . "</font></td>\n"
. " </tr>\n"
. " <tr>\n"
. " <td valign=\"top\"><font size=\"-1\">" . $text['portail-version'] . "</font></td>\n"
. " <td><font size=\"-1\">" . $INSTALLEDVERSION . "</font></td>\n"
. " </tr>\n"
159,10 → 162,6
. " <td valign=\"top\"><font size=\"-1\">" . $text['bl-version'] . "</font></td>\n"
. " <td><font size=\"-1\">" . $VERSIONBL . "</font></td>\n"
. " </tr>\n"
. " <tr>\n"
. " <td valign=\"top\"><font size=\"-1\">" . $text['internet_link'] . "</font></td>\n"
. " <td><font size=\"-1\">" . $internet_status . "</font></td>\n"
. " </tr>\n"
. "</table>\n";
return $_text;
}
/web/acc/phpsysinfo/includes/xml/vitals.php
62,7 → 62,7
$scale_factor = 2;
$strLoadbar = "";
$uptime = "";
$cert_ca_expiration_date = exec ("sudo /usr/bin/openssl x509 -noout -in /etc/pki/tls/certs/alcasar.crt -dates|grep After|cut -d\"=\" -f2");
if( $XPath->match( "/phpsysinfo/Vitals/CPULoad" ) )
$strLoadbar = "<br>" . create_bargraph( $XPath->getData( "/phpsysinfo/Vitals/CPULoad" ), 100, $scale_factor ) . "&nbsp;" . $XPath->getData( "/phpsysinfo/Vitals/CPULoad" ) . "%";
71,6 → 71,10
. " <td valign=\"top\"><font size=\"-1\">" . $text['hostname'] . "</font></td>\n"
. " <td><font size=\"-1\">" . $XPath->getData( "/phpsysinfo/Vitals/Hostname" ) . "</font></td>\n"
. " </tr>\n"
. " <tr>\n"
. " <td valign=\"top\"><font size=\"-1\">" . $text['cert_expiration_date'] . "</font></td>\n"
. " <td><font size=\"-1\">" . $cert_ca_expiration_date . "</font></td>\n"
. " </tr>\n"
// . " <tr>\n"
// . " <td valign=\"top\"><font size=\"-1\">" . $text['ip'] . "</font></td>\n"
// . " <td><font size=\"-1\">" . $XPath->getData( "/phpsysinfo/Vitals/IPAddr" ) . "</font></td>\n"
/web/acc/phpsysinfo/includes/lang/fr.php
54,6 → 54,7
$text['disable'] = "inactif";
$text['web_filter'] = "Filtrage WEB";
$text['net_filter'] = "Filtrage protocoles r&eacute;seau";
$text['cert_expiration_date'] = "Date d'expiration du certificat";
//
 
$text['netusage'] = 'R&eacute;seau';
/web/acc/phpsysinfo/includes/lang/en.php
54,6 → 54,7
$text['disable'] = "disable";
$text['web_filter'] = "WEB filtering";
$text['net_filter'] = "Network protocols filtering";
$text['cert_expiration_date'] = "Certificate expiration date";
//
 
$text['netusage'] = 'Network Usage';
/web/pass/index.php
78,7 → 78,7
$R_form_l3 = "Nouveau mot de passe :";
$R_form_l4 = "Nouveau mot de passe (confirmation) :";
$R_eval_pass = "";
$R_passwordmeter = "Propuls� par <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>";
$R_passwordmeter = "Propulsé par <a href=\"http://www.shibbo.com/pwdmeter.php\" target=\"_blank\">Shibbo Password Analyser</a>";
$R_form_button_valid = "Modifier";
$R_form_button_retour = "Annuler";
$R_form_result1 = "Votre mot de passe a &eacute;t&eacute; modifi&eacute; avec succ&egrave;s";