Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 805 → Rev 806

/alcasar.sh
10,7 → 10,7
# Install script for ALCASAR (a secured and authenticated Internet access control captive portal)
# ALCASAR is based on a stripped Mandriva (LSB) with the following open source softwares :
#
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, mondo, mindi, awstat, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes
# Coovachilli (a fork of chillispot), freeradius, mysql, apache, netfilter, squid, dansguardian, awstat, ntpd, openssl, dnsmasq, havp, libclamav and firewalleyes
 
# Options :
# -i or --install
43,7 → 43,7
DIR_INSTALL=`pwd` # répertoire d'installation
DIR_CONF="$DIR_INSTALL/conf" # répertoire d'installation contenant les fichiers de configuration
DIR_SCRIPTS="$DIR_INSTALL/scripts" # répertoire d'installation contenant les scripts
DIR_SAVE="/var/Save" # répertoire de sauvegarde (ISO, backup, etc.)
DIR_SAVE="/var/Save" # répertoire de sauvegarde (system_backup, user_db_backup, logs)
DIR_WEB="/var/www/html" # répertoire racine APACHE
DIR_DG="/etc/dansguardian" # répertoire de config de DansGuardian
DIR_ACC="$DIR_WEB/acc" # répertoire du centre de gestion 'ALCASAR Control Center'
254,7 → 254,7
echo "$secretradius" >> $PASSWD_FILE
chmod 640 $PASSWD_FILE
# On installe les scripts et fichiers de configuration d'ALCASAR
# - dans /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log-clean.sh,log-export.sh,mondo.sh,watchdog.sh}
# - dans /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log-clean.sh,log-export.sh,watchdog.sh}
cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
# - dans /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
478,7 → 478,7
$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php
chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php
chown -R apache:apache $DIR_WEB/*
for i in ISO base logs/firewall logs/httpd logs/squid ;
for i in system_backup base logs/firewall logs/httpd logs/squid ;
do
[ -d $DIR_SAVE/$i ] || mkdir -p $DIR_SAVE/$i
done
503,7 → 503,6
$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
$SED "s?^LoadModule cgi_module.*?#LoadModule cgi_module modules/mod_cgi.so?g" /etc/httpd/conf/httpd.conf
$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
/conf/rpms/i586/mindi-2.0.7.8-1.mdv2010.1.i586.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/i586/mindi-busybox-1.18.3-3.mdv2010.1.i586.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/i586/mondo-2.2.9.7-1.mdv2010.1.i586.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/x86_64/mindi-2.0.7.8-1.mdv2010.1.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/x86_64/mindi-busybox-1.18.3-3.mdv2010.1.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/rpms/x86_64/mondo-2.2.9.7-1.mdv2010.1.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/conf/sudoers
17,7 → 17,7
Cmnd_Alias BYPASS=/usr/local/sbin/alcasar-bypass.sh # contournement du système d'authentification
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # pour la gestion des usagers en ligne
Cmnd_Alias SQL=/usr/local/sbin/alcasar-mysql.sh # pour exporter la base mysql
Cmnd_Alias GHOST=/usr/local/bin/alcasar-mondo.sh # pour générer une image iso du serveur
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # pour générer une image iso du serveur
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-log-export.sh # pour exporter/sauvegarder les fichiers journaux
Cmnd_Alias BL=/usr/local/sbin/alcasar-bl.sh,/usr/local/sbin/alcasar-havp.sh # pour gérer le filtrage WEB (blacklists, whitelist et antivirus)
Cmnd_Alias NF=/usr/local/sbin/alcasar-nf.sh,/usr/local/bin/alcasar-iptables.sh # pour gérer le filtrage réseau
44,6 → 44,6
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
 
ADMWEB LAN_ORG=(root) NOPASSWD: NET,GHOST,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,SSL
ADMIN LAN_ORG=(root) NOPASSWD: NET,/sbin/poweroff,/sbin/shutdown -h now,/sbin/reboot,URPMI,BYPASS,GHOST,SQL,EXPORT,SERVICE
ADMWEB LAN_ORG=(root) NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,SSL
ADMIN LAN_ORG=(root) NOPASSWD: NET,/sbin/poweroff,/sbin/shutdown -h now,/sbin/reboot,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE
 
/CHANGELOG
11,6 → 11,7
- control that watchdog can't execute if already running
- allow FTP in output
- eth1 is no more configured. Tun0 works better (only one arp cache)
- modoarchive is deleted (too many bugs and too hard to debug)
Improve Core
- new alcasar-iptables.sh script (more logically strutured)
- update phpsysinfo page ("Internet access flag" nom show the right status)
/scripts/alcasar-mondo.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property
/scripts/alcasar-conf.sh
12,6 → 12,8
# - create and load the configuration files backup (/tmp/alcasar-conf.tar.gz)
# - apply ALCASAR central configuration file (/usr/local/etc/alcasar.conf)
 
new="$(date +%F-%Hh%M)" # date et heure des fichiers
fichier="alcasar-conf-$new.tar.gz" # nom du fichier de sauvegarde
DIR_UPDATE="/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour
DIR_WEB="/var/www/html" # répertoire du centre de gestion
DIR_BIN="/usr/local/bin" # répertoire des scripts d'admin
185,10 → 187,13
if [ $param_ext_lan_filtering -eq "0" ]; then
echo "EXT_LAN_FILTERING=off" >> $DIR_UPDATE/etc/alcasar.conf
fi
# création de l'archive
# le répertoire "ISO" est remplacé par "system_backup" suite à la suppression de "mondoarchive" (V2.5)
rm -rf /var/Save/ISO
# création de l'archive et copie dans le répertoire WEB associé
cd /tmp
tar -cf alcasar-conf.tar conf/
gzip -f alcasar-conf.tar
cp alcasar-conf.tar.gz /var/Save/system_backup/$fichier
rm -rf $DIR_UPDATE
;;
--load|-load)
/scripts/alcasar-urpmi.sh
11,7 → 11,7
VERSION="2010.2"
ARCH="i586"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php squid dansguardian postfix MySQL logwatch ntp awstats mondo cdrecord buffer vim-enhanced bind-utils wget arpscan ulogd openssh-server php-xml php-ldap pam_ccreds rng-utils lsb-release dnsmasq sudo cronie-anacron pciutils clamav pm-fallback-policy "
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php squid dansguardian postfix MySQL logwatch ntp awstats cdrecord buffer vim-enhanced bind-utils wget arpscan ulogd openssh-server php-xml php-ldap pam_ccreds rng-utils lsb-release dnsmasq sudo syslinux cronie-anacron pciutils clamav pm-fallback-policy "
 
rpm_repository_sync ()
{
61,9 → 61,9
# Set the RPM repository
MIRROR_NBR=2
# For french ALCASARistes
MIRRORLIST2="http://ftp.free.fr/pub/Distributions_Linux/MandrivaLinux/official/$VERSION/$ARCH"
MIRRORLIST1="http://ftp.free.fr/pub/Distributions_Linux/MandrivaLinux/official/$VERSION/$ARCH"
# For International install
MIRRORLIST1="http://api.mandriva.com/mirrors/basic.$VERSION.$ARCH.list"
MIRRORLIST2="http://api.mandriva.com/mirrors/basic.$VERSION.$ARCH.list"
try_nb="0"; nb_repository="0"
while [ "$nb_repository" != "4" ]
do
96,7 → 96,7
done
# delete unused RPMs
echo "Cleaning the system : "
for rm_rpm in shorewall dhcp-server cyrus-sasl distcache-server avahi mandi radeontool
for rm_rpm in shorewall dhcp-server cyrus-sasl distcache-server avahi mandi radeontool mondo mindi
do
/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null
echo -n "."
/scripts/sbin/alcasar-uninstall.sh
32,7 → 32,7
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, "
[ -e /etc/httpd/conf/httpd.conf.default ] && mv /etc/httpd/conf/httpd.conf.default /etc/httpd/conf/httpd.conf && echo -n "2, "
[ -e /etc/php.ini.default ] && mv /etc/php.ini.default /etc/php.ini && echo -n "3, "
[ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl*` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL && echo -n "4, "
[ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL && echo -n "4, "
if [ -d /usr/local/etc/digest ] # v >= 2.0
then rm -rf /usr/local/etc/digest && echo -n "5, "
else echo -n "5, "
/web/images/footer_mondo.png
Cannot display: file marked as a binary type.
svn:mime-type = image/png
Property changes:
Deleted: svn:mime-type
-image/png
\ No newline at end of property
/web/images/footer_dnsmasq.png
Cannot display: file marked as a binary type.
svn:mime-type = image/png
Property changes:
Added: svn:mime-type
+image/png
\ No newline at end of property
/web/acc/about.htm
73,7 → 73,7
<TD align="center"><A HREF=javascript:ouvrir("http://www.mandriva.com")><img border="0" src="/images/footer_mandriva.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.coova.org/CoovaChilli")><img border="0" src="/images/footer_coova.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.freeradius.org")><img border="0" src="/images/footer_freeradius.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.mysql.org")><img border="0" src="/images/footer_mysql.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.mysql.com")><img border="0" src="/images/footer_mysql.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.apache.org")><img border="0" src="/images/footer_apache.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.php.net")><img border="0" src="/images/footer_php.png"></A></TD>
</TR>
81,11 → 81,10
<TD align="center"><A HREF=javascript:ouvrir("http://www.gnupg.org")><img border="0" src="/images/footer_gnupg.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://awstats.sourceforge.net")><img border="0" src="/images/footer_awstats.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://firewalleyes.creabilis.com")><img border="0" src="/images/footer_firewalleyes.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.mondorescue.org")><img border="0" src="/images/footer_mondo.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.netfilter.org")><img border="0" src="/images/footer_netfilter.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://www.squid-cache.org")><img border="0" src="/images/footer_squid.png"></A></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://dansguardian.org")><img border="0" src="/images/footer_dansguardian.png"></A></TD>
<TD></TD>
<TD align="center"><A HREF=javascript:ouvrir("http://thekelleys.org.uk/dnsmasq/doc.html")><img border="0" src="/images/footer_dnsmasq.png"></A></TD>
</TR>
</TABLE>
</BODY>
/web/acc/backup/sauvegarde.php
13,26 → 13,24
$Language = strtolower(substr(chop($Langue[0]),0,2));}
if ($Language == 'fr'){
$l_backups = "Sauvegarde";
$l_user_db_save = "Sauvegarder la base des usagers";
$l_system_iso = "Cr&eacute;er une image ISO &agrave; chaud du syst&egrave;me";
$l_create_user_db_backup = "Sauvegarder la base des usagers";
$l_create_system_backup = "Créer une archive système";
$l_execute = "Ex&eacute;cuter";
$l_warning = "(attention, la cr&eacute;ation de l'image ISO du syst&egrave;me dure plusieurs dizaines de minutes)";
$l_backup_files = "Fichiers disponibles pour archivage";
$l_firewall_log = "Journaux du parefeu (Firewall)";
$l_users_db_files = "Base des usagers";
$l_iso_files = "images ISO du syst&egrave;me";
$l_users_db_backups = "Base des usagers";
$l_system_backup = "Archive système";
$l_empty = "vide";
}
else {
$l_backups = "Backups";
$l_user_db_save = "Save the users database";
$l_system_iso = "Create a system iso image";
$l_create_user_db_backup = "Save the users database";
$l_create_system_backup = "Create a system backup";
$l_execute = "Execute";
$l_warning = "(warning, the creation of the system iso image takes few minutes)";
$l_backup_files = "Archive backup files";
$l_firewall_log = "Firewall log files";
$l_users_db_files = "Users database";
$l_iso_files = "System ISO images";
$l_users_db_backups = "Users database";
$l_system_backup = "system backup";
$l_empty = "empty";
}
function taille_fichier($fichier)
56,12 → 54,11
<tr><td valign="middle" align="left">
<FORM action="sauvegarde.php" method=POST><b>
<select name='choix'></b>
<option value="sauvegarde_DB"><?echo "$l_user_db_save";?>
<option value="image_ISO"><?echo "$l_system_iso";?>
<option value="user_DB_backup"><?echo "$l_create_user_db_backup";?>
<option value="system_backup"><?echo "$l_create_system_backup";?>
</select>
<input type=submit value="<?echo "$l_execute";?>">
</FORM>
<?echo "$l_warning";?>
</td></tr>
</TABLE>
<TABLE width="100%" border="0" cellspacing="0" cellpadding="0">
71,26 → 68,26
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1>
<TR align="center">
<TD><b><?echo "$l_firewall_log";?></b></TD>
<TD><b><?echo "$l_users_db_files";?></b></TD>
<TD><b><?echo "$l_iso_files";?></b></TD>
<TD><b><?echo "$l_users_db_backups";?></b></TD>
<TD><b><?echo "$l_system_backup";?></b></TD>
</TR><TR align="center">
<?
if (isset($_POST['choix'])){
switch ($_POST['choix']){
case 'sauvegarde_DB' :
case 'user_DB_backup' :
exec ("sudo /usr/local/sbin/alcasar-mysql.sh --dump");
break;
case 'archivage_logs' :
exec ("sudo /usr/local/bin/alcasar-log-export.sh");
break;
case 'image_ISO' :
exec ("sudo /usr/local/bin/alcasar-mondo.sh");
case 'system_backup' :
exec ("sudo /usr/local/bin/alcasar-conf.sh --create");
break;
}
}
$dir[0]="logs/firewall";
$dir[1]="base";
$dir[2]="ISO";
$dir[2]="system_backup";
$j=0;
$nb=count($dir);
while ($j != $nb)