/alcasar.sh |
---|
10,7 → 10,7 |
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal) |
# ALCASAR is based on a stripped Mandriva (LSB) with the following open source softwares : |
# |
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, mondo, mindi, awstat, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes |
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes |
# Options : |
# -i or --install |
43,7 → 43,7 |
DIR_INSTALL=`pwd` # répertoire d'installation |
DIR_CONF="$DIR_INSTALL/conf" # répertoire d'installation contenant les fichiers de configuration |
DIR_SCRIPTS="$DIR_INSTALL/scripts" # répertoire d'installation contenant les scripts |
DIR_SAVE="/var/Save" # répertoire de sauvegarde (ISO, backup, etc.) |
DIR_SAVE="/var/Save" # répertoire de sauvegarde (system_backup, user_db_backup, logs) |
DIR_WEB="/var/www/html" # répertoire racine APACHE |
DIR_DG="/etc/dansguardian" # répertoire de config de DansGuardian |
DIR_ACC="$DIR_WEB/acc" # répertoire du centre de gestion 'ALCASAR Control Center' |
254,7 → 254,7 |
echo "$secretradius" >> $PASSWD_FILE |
chmod 640 $PASSWD_FILE |
# On installe les scripts et fichiers de configuration d'ALCASAR |
# - dans /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log-clean.sh,log-export.sh,mondo.sh,watchdog.sh} |
# - dans /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log-clean.sh,log-export.sh,watchdog.sh} |
cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar* |
# - dans /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh} |
cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar* |
478,7 → 478,7 |
$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php |
chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php |
chown -R apache:apache $DIR_WEB/* |
for i in ISO base logs/firewall logs/httpd logs/squid ; |
for i in system_backup base logs/firewall logs/httpd logs/squid ; |
do |
[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i |
done |
503,7 → 503,6 |
$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf |
$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf |
$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf |
$SED "s?^LoadModule cgi_module.*?#LoadModule cgi_module modules/mod_cgi.so?g" /etc/httpd/conf/httpd.conf |
$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf |
$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf |
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf` |
/conf/rpms/i586/mindi-2.0.7.8-1.mdv2010.1.i586.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/i586/mindi-busybox-1.18.3-3.mdv2010.1.i586.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/i586/mondo-2.2.9.7-1.mdv2010.1.i586.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/x86_64/mindi-2.0.7.8-1.mdv2010.1.x86_64.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/x86_64/mindi-busybox-1.18.3-3.mdv2010.1.x86_64.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/rpms/x86_64/mondo-2.2.9.7-1.mdv2010.1.x86_64.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
Property changes: |
Deleted: svn:mime-type |
-application/octet-stream |
\ No newline at end of property |
/conf/sudoers |
---|
17,7 → 17,7 |
Cmnd_Alias BYPASS=/usr/local/sbin/alcasar-bypass.sh # contournement du système d'authentification |
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # pour la gestion des usagers en ligne |
Cmnd_Alias SQL=/usr/local/sbin/alcasar-mysql.sh # pour exporter la base mysql |
Cmnd_Alias GHOST=/usr/local/bin/alcasar-mondo.sh # pour générer une image iso du serveur |
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # pour générer une image iso du serveur |
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-log-export.sh # pour exporter/sauvegarder les fichiers journaux |
Cmnd_Alias BL=/usr/local/sbin/alcasar-bl.sh,/usr/local/sbin/alcasar-havp.sh # pour gérer le filtrage WEB (blacklists, whitelist et antivirus) |
Cmnd_Alias NF=/usr/local/sbin/alcasar-nf.sh,/usr/local/bin/alcasar-iptables.sh # pour gérer le filtrage réseau |
44,6 → 44,6 |
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom |
# %users localhost=/sbin/shutdown -h now |
ADMWEB LAN_ORG=(root) NOPASSWD: NET,GHOST,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,SSL |
ADMIN LAN_ORG=(root) NOPASSWD: NET,/sbin/poweroff,/sbin/shutdown -h now,/sbin/reboot,URPMI,BYPASS,GHOST,SQL,EXPORT,SERVICE |
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,SSL |
ADMIN LAN_ORG=(root) NOPASSWD: NET,/sbin/poweroff,/sbin/shutdown -h now,/sbin/reboot,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE |
/CHANGELOG |
---|
11,6 → 11,7 |
- control that watchdog can't execute if already running |
- allow FTP in output |
- eth1 is no more configured. Tun0 works better (only one arp cache) |
- modoarchive is deleted (too many bugs and too hard to debug) |
Improve Core |
- new alcasar-iptables.sh script (more logically strutured) |
- update phpsysinfo page ("Internet access flag" nom show the right status) |
/scripts/alcasar-mondo.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/alcasar-conf.sh |
---|
12,6 → 12,8 |
# - create and load the configuration files backup (/tmp/alcasar-conf.tar.gz) |
# - apply ALCASAR central configuration file (/usr/local/etc/alcasar.conf) |
new="$(date +%F-%Hh%M)" # date et heure des fichiers |
fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde |
DIR_UPDATE="/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour |
DIR_WEB="/var/www/html" # répertoire du centre de gestion |
DIR_BIN="/usr/local/bin" # répertoire des scripts d'admin |
185,10 → 187,13 |
if [ $param_ext_lan_filtering -eq "0" ]; then |
echo "EXT_LAN_FILTERING=off" >> $DIR_UPDATE/etc/alcasar.conf |
fi |
# création de l'archive |
# le répertoire "ISO" est remplacé par "system_backup" suite à la suppression de "mondoarchive" (V2.5) |
rm -rf /var/Save/ISO |
# création de l'archive et copie dans le répertoire WEB associé |
cd /tmp |
tar -cf alcasar-conf.tar conf/ |
gzip -f alcasar-conf.tar |
cp alcasar-conf.tar.gz /var/Save/system_backup/$fichier |
rm -rf $DIR_UPDATE |
;; |
--load|-load) |
/scripts/alcasar-urpmi.sh |
---|
11,7 → 11,7 |
VERSION="2010.2" |
ARCH="i586" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php squid dansguardian postfix MySQL logwatch ntp awstats mondo cdrecord buffer vim-enhanced bind-utils wget arpscan ulogd openssh-server php-xml php-ldap pam_ccreds rng-utils lsb-release dnsmasq sudo cronie-anacron pciutils clamav pm-fallback-policy " |
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php squid dansguardian postfix MySQL logwatch ntp awstats cdrecord buffer vim-enhanced bind-utils wget arpscan ulogd openssh-server php-xml php-ldap pam_ccreds rng-utils lsb-release dnsmasq sudo syslinux cronie-anacron pciutils clamav pm-fallback-policy " |
rpm_repository_sync () |
{ |
61,9 → 61,9 |
# Set the RPM repository |
MIRROR_NBR=2 |
# For french ALCASARistes |
MIRRORLIST2="http://ftp.free.fr/pub/Distributions_Linux/MandrivaLinux/official/$VERSION/$ARCH" |
MIRRORLIST1="http://ftp.free.fr/pub/Distributions_Linux/MandrivaLinux/official/$VERSION/$ARCH" |
# For International install |
MIRRORLIST1="http://api.mandriva.com/mirrors/basic.$VERSION.$ARCH.list" |
MIRRORLIST2="http://api.mandriva.com/mirrors/basic.$VERSION.$ARCH.list" |
try_nb="0"; nb_repository="0" |
while [ "$nb_repository" != "4" ] |
do |
96,7 → 96,7 |
done |
# delete unused RPMs |
echo "Cleaning the system : " |
for rm_rpm in shorewall dhcp-server cyrus-sasl distcache-server avahi mandi radeontool |
for rm_rpm in shorewall dhcp-server cyrus-sasl distcache-server avahi mandi radeontool mondo mindi |
do |
/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null |
echo -n "." |
/scripts/sbin/alcasar-uninstall.sh |
---|
32,7 → 32,7 |
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, " |
[ -e /etc/httpd/conf/httpd.conf.default ] && mv /etc/httpd/conf/httpd.conf.default /etc/httpd/conf/httpd.conf && echo -n "2, " |
[ -e /etc/php.ini.default ] && mv /etc/php.ini.default /etc/php.ini && echo -n "3, " |
[ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl*` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL && echo -n "4, " |
[ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL && echo -n "4, " |
if [ -d /usr/local/etc/digest ] # v >= 2.0 |
then rm -rf /usr/local/etc/digest && echo -n "5, " |
else echo -n "5, " |
/web/images/footer_mondo.png |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/png |
Property changes: |
Deleted: svn:mime-type |
-image/png |
\ No newline at end of property |
/web/images/footer_dnsmasq.png |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = image/png |
Property changes: |
Added: svn:mime-type |
+image/png |
\ No newline at end of property |
/web/acc/about.htm |
---|
73,7 → 73,7 |
<TD align="center"><A HREF=javascript:ouvrir("http://www.mandriva.com")><img border="0" src="/images/footer_mandriva.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.coova.org/CoovaChilli")><img border="0" src="/images/footer_coova.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.freeradius.org")><img border="0" src="/images/footer_freeradius.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.mysql.org")><img border="0" src="/images/footer_mysql.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.mysql.com")><img border="0" src="/images/footer_mysql.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.apache.org")><img border="0" src="/images/footer_apache.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.php.net")><img border="0" src="/images/footer_php.png"></A></TD> |
</TR> |
81,11 → 81,10 |
<TD align="center"><A HREF=javascript:ouvrir("http://www.gnupg.org")><img border="0" src="/images/footer_gnupg.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://awstats.sourceforge.net")><img border="0" src="/images/footer_awstats.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://firewalleyes.creabilis.com")><img border="0" src="/images/footer_firewalleyes.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.mondorescue.org")><img border="0" src="/images/footer_mondo.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.netfilter.org")><img border="0" src="/images/footer_netfilter.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://www.squid-cache.org")><img border="0" src="/images/footer_squid.png"></A></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://dansguardian.org")><img border="0" src="/images/footer_dansguardian.png"></A></TD> |
<TD></TD> |
<TD align="center"><A HREF=javascript:ouvrir("http://thekelleys.org.uk/dnsmasq/doc.html")><img border="0" src="/images/footer_dnsmasq.png"></A></TD> |
</TR> |
</TABLE> |
</BODY> |
/web/acc/backup/sauvegarde.php |
---|
13,26 → 13,24 |
$Language = strtolower(substr(chop($Langue[0]),0,2));} |
if ($Language == 'fr'){ |
$l_backups = "Sauvegarde"; |
$l_user_db_save = "Sauvegarder la base des usagers"; |
$l_system_iso = "Créer une image ISO à chaud du système"; |
$l_create_user_db_backup = "Sauvegarder la base des usagers"; |
$l_create_system_backup = "Créer une archive système"; |
$l_execute = "Exécuter"; |
$l_warning = "(attention, la création de l'image ISO du système dure plusieurs dizaines de minutes)"; |
$l_backup_files = "Fichiers disponibles pour archivage"; |
$l_firewall_log = "Journaux du parefeu (Firewall)"; |
$l_users_db_files = "Base des usagers"; |
$l_iso_files = "images ISO du système"; |
$l_users_db_backups = "Base des usagers"; |
$l_system_backup = "Archive système"; |
$l_empty = "vide"; |
} |
else { |
$l_backups = "Backups"; |
$l_user_db_save = "Save the users database"; |
$l_system_iso = "Create a system iso image"; |
$l_create_user_db_backup = "Save the users database"; |
$l_create_system_backup = "Create a system backup"; |
$l_execute = "Execute"; |
$l_warning = "(warning, the creation of the system iso image takes few minutes)"; |
$l_backup_files = "Archive backup files"; |
$l_firewall_log = "Firewall log files"; |
$l_users_db_files = "Users database"; |
$l_iso_files = "System ISO images"; |
$l_users_db_backups = "Users database"; |
$l_system_backup = "system backup"; |
$l_empty = "empty"; |
} |
function taille_fichier($fichier) |
56,12 → 54,11 |
<tr><td valign="middle" align="left"> |
<FORM action="sauvegarde.php" method=POST><b> |
<select name='choix'></b> |
<option value="sauvegarde_DB"><?echo "$l_user_db_save";?> |
<option value="image_ISO"><?echo "$l_system_iso";?> |
<option value="user_DB_backup"><?echo "$l_create_user_db_backup";?> |
<option value="system_backup"><?echo "$l_create_system_backup";?> |
</select> |
<input type=submit value="<?echo "$l_execute";?>"> |
</FORM> |
<?echo "$l_warning";?> |
</td></tr> |
</TABLE> |
<TABLE width="100%" border="0" cellspacing="0" cellpadding="0"> |
71,26 → 68,26 |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<TR align="center"> |
<TD><b><?echo "$l_firewall_log";?></b></TD> |
<TD><b><?echo "$l_users_db_files";?></b></TD> |
<TD><b><?echo "$l_iso_files";?></b></TD> |
<TD><b><?echo "$l_users_db_backups";?></b></TD> |
<TD><b><?echo "$l_system_backup";?></b></TD> |
</TR><TR align="center"> |
<? |
if (isset($_POST['choix'])){ |
switch ($_POST['choix']){ |
case 'sauvegarde_DB' : |
case 'user_DB_backup' : |
exec ("sudo /usr/local/sbin/alcasar-mysql.sh --dump"); |
break; |
case 'archivage_logs' : |
exec ("sudo /usr/local/bin/alcasar-log-export.sh"); |
break; |
case 'image_ISO' : |
exec ("sudo /usr/local/bin/alcasar-mondo.sh"); |
case 'system_backup' : |
exec ("sudo /usr/local/bin/alcasar-conf.sh --create"); |
break; |
} |
} |
$dir[0]="logs/firewall"; |
$dir[1]="base"; |
$dir[2]="ISO"; |
$dir[2]="system_backup"; |
$j=0; |
$nb=count($dir); |
while ($j != $nb) |