BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 678

  → / @ 679

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 678 → Rev 679

/alcasar.sh
630,7 → 630,7
[ -e /etc/httpd/conf/vhosts-ssl.default ] || cp $FIC_VIRTUAL_SSL /etc/httpd/conf/vhosts-ssl.default
$SED "s?localhost.crt?alcasar.crt?g" $FIC_VIRTUAL_SSL
$SED "s?localhost.key?alcasar.key?g" $FIC_VIRTUAL_SSL
$SED "s^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?" $FIC_VIRTUAL_SSL
$SED "s?^#SSLCertificateChainFile.*?SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt?" $FIC_VIRTUAL_SSL
chown -R root:apache /etc/pki
chmod -R 750 /etc/pki
} # End AC ()
1305,40 → 1305,53
$SED "s?^ACCEPT_BOGUS_ERROR_RESPONSES=.*?ACCEPT_BOGUS_ERROR_RESPONSES=no?g" /etc/security/msec/level.fileserver
sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
# désactiver l'envoi et la réponse aux ICMP redirects
sysctl -w net.ipv4.conf.all.accept_redirects=0
accept_redirect=`grep accept_redirect /etc/sysctl.conf|wc -l`
if [ "$accept_redirect" == "0" ]
then
echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_redirects = 0" >> /etc/sysctl.conf
else
$SED "s?accept_redirects.*?accept_redirects = 0?g" /etc/sysctl.conf
fi
sysctl -w net.ipv4.conf.all.send_redirects=0
send_redirect=`grep send_redirect /etc/sysctl.conf|wc -l`
if [ "$send_redirect" == "0" ]
then
echo "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.send_redirects = 0" >> /etc/sysctl.conf
else
$SED "s?send_redirects.*?send_redirects = 0?g" /etc/sysctl.conf
fi
$SED "s?accept_redirects.*?accept_redirects = 0?g" /etc/sysctl.conf
$SED "s?send_redirects.*?send_redirects = 0?g" /etc/sysctl.conf
sysctl -w net.ipv4.conf.all.accept_redirects=0
sysctl -w net.ipv4.conf.all.send_redirects=0
# activer les SYN Cookies (attaque syn flood)
sysctl -w net.ipv4.tcp_syncookies=1
tcp_syncookies=`grep tcp_syncookies /etc/sysctl.conf|wc -l`
if [ "$tcp_syncookies" == "0" ]
then
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
else
$SED "s?tcp_syncookies.*?tcp_syncookies = 1?g" /etc/sysctl.conf
fi
$SED "s?tcp_syncookies.*?tcp_syncookies = 1?g" /etc/sysctl.conf
sysctl -w net.ipv4.tcp_syncookies=1
# activer l'antispoofing niveau Noyau
$SED "s?^ENABLE_IP_SPOOFING_PROTECTION.*?ENABLE_IP_SPOOFING_PROTECTION=yes?g" /etc/security/msec/level.fileserver
sysctl -w net.ipv4.conf.all.rp_filter=1
# ignorer le source routing
sysctl -w net.ipv4.conf.all.accept_source_route=0
accept_source_route=`grep accept_source_route /etc/sysctl.conf|wc -l`
if [ "$accept_source_route" == "0" ]
then
echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.conf
else
$SED "s?accept_source_route.*?accept_source_route = 0?g" /etc/sysctl.conf
fi
$SED "s?accept_source_route.*?accept_source_route = 0?g" /etc/sysctl.conf
sysctl -w net.ipv4.conf.all.accept_source_route=0
# On supprime les log_martians (ALCASAR est souvent entre deux réseaux dont les plans d'adressage sont de type 'privée')
# réglage du timer de maintien de suivi de session à 1h (3600s) au lieu de 5 semaines
sysctl -w net.netfilter.nf_conntrack_tcp_timeout_established=3600
timeout_established=`grep timeout_established /etc/sysctl.conf|wc -l`
if [ "$timeout_established" == "0" ]
then
echo "net.netfilter.nf_conntrack_tcp_timeout_established = 3600" >> /etc/sysctl.conf
else
$SED "s?timeout_established.*?itimeout_established = 3600?g" /etc/sysctl.conf
fi
# suppression des log_martians (ALCASAR est souvent entre deux réseaux en adressage privée)
sysctl -w net.ipv4.conf.all.log_martians=0
$SED "s?^ENABLE_LOG_STRANGE_PACKETS=.*?ENABLE_LOG_STRANGE_PACKETS=no?g" /etc/security/msec/level.fileserver

/web/acc/admin/network.php
164,7 → 164,7
// Fonction de test de connectivité internet
function internetTest(){
$host = "74.125.230.83"; #www.google.fr
$host = "208.67.220.220"; # opendns
$port = "80";
//var $num; //non utilisé
//var $error; //non utilisé

/web/acc/phpsysinfo/includes/xml/portail.php
29,7 → 29,7
$host = "localhost";
$DB_USER = "radius";
$DB_RADIUS = "radius";
$radiuspwd = "JbzwD8FP";
$radiuspwd = "w9VMtJD1";
// Connexion au serveur
mysql_connect($host, $DB_USER,$radiuspwd) or die("erreur de connexion au serveur");
mysql_select_db($DB_RADIUS) or die("erreur de connexion a la base de donnees");
57,25 → 57,21
}
// Fonction de test de connectivité internet
function internetTest(){
$host = "www.alcasar.info";
$host2 = "74.125.230.83"; #www.google.fr
$host = "208.67.220.220"; # opendns
$host2 = "www.alcasar.info";
$port = "80";
//var $num; //non utilisé
//var $error; //non utilisé
if (! $sock = @fsockopen($host, $port, $num, $error, 2)) {
if (! $sock = @fsockopen($host2, $port, $num, $error, 3)) {
return false;
} else {
fclose($sock);
return true;
}
} else {
fputs($sock,"GET http://$host/images/M_images/weblink.png HTTP/1.0\n\n");
fclose($sock);
return true;
}
}
if (! $sock = @fsockopen($host, $port, $num, $error, 2)) {
return false; } # Internet access is down
else {
fclose($sock);
if ($sock = @fsockopen($host2, $port, $num, $error, 2)) {
fputs($sock,"GET http://$host2/images/M_images/weblink.png HTTP/1.0\n\n");
fclose($sock); }
return true;
}
}
// Fonction de test du filtrage
function filtrageTest($file, $search_regex){
$pointeur = fopen($file,"r");