/web/acc/admin/bl_categories_help.php |
---|
36,7 → 36,6 |
$l_explain_gambling="Sites de jeux d'argent en ligne (casino, grattage virtuel, etc.)"; |
$l_explain_games="Sites de jeux en ligne"; |
$l_explain_hacking="Sites relatifs au piratage informatique"; |
$l_explain_ip="Sites appelés par une addresse IP plutôt que par un nom de domaine"; |
$l_explain_jobsearch="Sites de recherche d'emplois"; |
$l_explain_liste_bu="Liste de sites éducatifs pour bibliothèque"; |
$l_explain_malware="Site relatifs au logiciels malveillants (virus, vers, trojans, etc.)"; |
44,7 → 43,7 |
$l_explain_marketingware="Sites marchands douteux (X, organes, enfants, etc.)"; |
$l_explain_mixed_adult="Sites pour adultes (image-choc, gore, guerre, etc.)"; |
$l_explain_mobile_phone="Sites relatifs aux mobiles GSM (sonneries, logos, etc.)"; |
$l_explain_ossi="Liste noire secondaire"; |
$l_explain_ossi="Noms de domaine et URLs que vous ajoutez à la liste noire (voir ci-dessous)"; |
$l_explain_phishing="Sites relatifs à l'hammeçonnage (pièges bancaires, redirection, etc.)"; |
$l_explain_press="Sites de presse"; |
$l_explain_publicite="Sites ou bannières publicitaires"; |
90,7 → 89,6 |
$l_explain_gambling="Online gambling sites (casino, virtual scratching, etc.)"; |
$l_explain_games="Online games sites"; |
$l_explain_hacking="Sites related to hacking"; |
$l_explain_ip="Sites specified by an IP address instead of a domain name"; |
$l_explain_jobsearch="Job search sites"; |
$l_explain_liste_bu="List of educational sites for library"; |
$l_explain_malware="Malware sites (viruses, worms, trojans, etc.)."; |
98,7 → 96,7 |
$l_explain_marketingware="doubtful commercial sites"; |
$l_explain_mixed_adult="Adult sites (shock, gore, war, etc.)."; |
$l_explain_mobile_phone="Sites related to GSM mobile (ringtones, logos, etc.)"; |
$l_explain_ossi="Secondary blaclist"; |
$l_explain_ossi="Domain names and URLs you add to the blacklist (see below)"; |
$l_explain_phishing="Phishing sites (traps banking, redirect, etc..)"; |
$l_explain_press="News sites"; |
$l_explain_publicite="Advertising sites"; |
/web/acc/admin/dns_filter2.php |
---|
24,13 → 24,25 |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left" colspan=10> |
<FORM action='dns_filter.php' method=POST> |
<input type='hidden' name='choix' value='MAJ_bl'> |
<?php |
echo "<center>$l_bl_version"; |
echo date ("F d Y", filemtime ('/etc/dansguardian/lists/blacklists/README')); |
echo "</center><BR>"; |
echo "<input type='submit' value='$l_download'>"; |
echo " ($l_warning)"; |
$dir_tmp="/tmp/blacklists"; |
if (file_exists("$dir_tmp/blacklists.tar.gz")) |
{ |
echo "$l_fingerprint"; echo_file ("$dir_tmp/md5sum"); |
echo "<br>$l_fingerprint2<a href='http://dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST' target='cat_help' onclick=window.open('http://dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST','cat_help','width=600,height=150,toolbar=no,scrollbars=yes,resizable=yes') title='verify fingerprint'>dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST</a><br>"; |
echo "<input type='hidden' name='choix' value='Active_bl'>"; |
echo "<input type='submit' value='$l_activate_bl'>"; |
echo " ($l_warning)"; |
} |
else |
{ |
echo "<input type='hidden' name='choix' value='Download_bl'>"; |
echo "<input type='submit' value='$l_download_bl'>"; |
echo " ($l_warning)"; |
} |
?> |
</FORM> |
</td></tr> |
64,18 → 76,12 |
} |
} |
fclose($pointeur); |
echo "<tr><td colspan=10><input type='submit' value='$l_record'>"; |
} |
else { |
echo "$l_error_open_file $bl_categories"; |
} |
echo "</form> ($l_wait)"; |
?> |
</td></tr> |
<tr><td valign="middle" align="left" colspan=10> |
<FORM action='dns_filter.php' method=POST> |
<input type='hidden' name='choix' value='MAJ_rehabilited'> |
<?php |
echo "</td></tr>"; |
echo "<tr><td valign='middle' align='left' colspan=10>"; |
echo "<center><b>$l_maj_rehabilitated</b></center></td></tr>"; |
echo "<tr><td colspan=5 align=center>"; |
echo "<H3>$l_rehabilitated_dns</H3>$l_rehabilitated_dns_explain<BR>$l_one_dns<BR>"; |
87,6 → 93,18 |
echo "<textarea name='OSSI_wl_urls' rows=5 cols=40>"; |
echo_file ("/etc/dansguardian/lists/exceptionurllist"); |
echo "</textarea></td></tr><tr><td colspan=10>"; |
echo "<tr><td valign='middle' align='left' colspan=10>"; |
echo "<center><b>$l_add_to_bl</b></center></td></tr>"; |
echo "<tr><td colspan=5 align=center>"; |
echo "<H3>$l_forbidden_dns</H3>$l_forbidden_dns_explain<BR>"; |
echo "<textarea name='OSSI_bl_domains' rows=5 cols=40>"; |
echo_file ("/etc/dansguardian/lists/blacklists/ossi/domains"); |
echo "</textarea></td>"; |
echo "<td colspan=5 align=center>"; |
echo "<H3>$l_forbidden_url</H3>$l_forbidden_url_explain<BR>"; |
echo "<textarea name='OSSI_bl_urls' rows=5 cols=40>"; |
echo_file ("/etc/dansguardian/lists/blacklists/ossi/urls"); |
echo "</textarea></td></tr><tr><td colspan=10>"; |
echo "<input type='submit' value='$l_record'>"; |
echo "</form> ($l_wait)"; |
?> |
93,25 → 111,21 |
</td></tr> |
</TABLE> |
<table width="100%" border="0" cellspacing="0" cellpadding="0"> |
<tr><th><?php echo $l_secondary_bl; ?></th></tr> |
<tr><th><?php echo $l_specific_filtering; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr> |
</table> |
<TABLE width="100%" border=1 cellspacing=0 cellpadding=1> |
<FORM action='dns_filter.php' method='POST'> |
<input type='hidden' name='choix' value='Specific_filtering'> |
<?php |
echo "<tr><td width=50% align=center>"; |
echo "<H3>$l_forbidden_dns</H3>$l_forbidden_dns_explain<BR>"; |
echo "<textarea name='OSSI_bl_domains' rows=5 cols=40>"; |
echo_file ("/etc/dansguardian/lists/blacklists/ossi/domains"); |
echo "</textarea></td><td width=50% align=center>"; |
echo "<H3>$l_forbidden_url</H3>$l_forbidden_url_explain<BR>"; |
echo "<textarea name='OSSI_bl_urls' rows=5 cols=40>"; |
echo_file ("/etc/dansguardian/lists/blacklists/ossi/urls"); |
echo "</textarea></td></tr>"; |
?> |
<tr><td colspan=2> |
<input type='hidden' name='choix' value='MAJ_OSSI'> |
<tr><td> |
<input type='checkbox' name='chk-ip'> <?php echo "$l_ip_filtering"?> |
<tr><td> |
<input type='checkbox' name='chk-safe-search'> <?php echo "$l_safe_searching"?> |
<br><?php echo "$l_safe_youtube"?><input type='text' name='Youtube-ID' size='30'> |
<tr><td> |
<input type='submit' value='<?php echo "$l_record"?>'> |
</form> <? echo "($l_wait)";?> |
</form> |
</td></tr> |
</TABLE> |
/web/acc/admin/dns_filter.php |
---|
27,25 → 27,32 |
$l_dnsfilter_off="Le filtrage de noms de domaine et d'URL est actuellement désactivé"; |
$l_switch_filtering_on="Activer le filtrage"; |
$l_switch_filtering_off="Désactiver le filtrage"; |
$l_main_bl="Liste noire principale"; |
$l_main_bl="Liste noire"; |
$l_bl_version="Version actuelle :"; |
$l_bl_categories="Choix des catégories à filtrer"; |
$l_download="Télécharger la dernière version"; |
$l_warning="<B>Attention</B> : ce téléchargement peut durer plusieurs minutes."; |
$l_secondary_bl="Liste noire et liste blanche secondaires"; |
$l_download_bl="Télécharger la dernière version"; |
$l_fingerprint="L'empreinte numérique du fichier téléchargé est : "; |
$l_fingerprint2="Vérifiez-là en suivant ce lien (ligne 'blacklists.tar.gz') : "; |
$l_activate_bl="Activer cette version"; |
$l_warning="Temps estimé : une minute."; |
$l_specific_filtering="Filtrage special"; |
$l_forbidden_dns="Noms de domaine filtrés"; |
$l_forbidden_dns_explain="Entrez un nom de domaine par ligne (exemple : .domaine.org)"; |
$l_one_dns="Entrez un nom de domaine par ligne (exemple : .domaine.org)"; |
$l_maj_rehabilitated="Réhabilitation de noms de domaine ou d'URLs"; |
$l_maj_rehabilitated="Noms de domaine ou URLs réhabilités"; |
$l_rehabilitated_dns="Noms de domaine réhabilités"; |
$l_rehabilitated_dns_explain="Entrez ici des noms de domaine bloqués par la liste noire principale <BR> que vous désirez réhabiliter."; |
$l_rehabilitated_dns_explain="Entrez ici des noms de domaine bloqués par la liste noire <BR> que vous souhaitez réhabiliter."; |
$l_add_to_bl="Noms de domaine ou URLs ajoutés à la liste noire"; |
$l_forbidden_url="URL filtrés"; |
$l_forbidden_url_explain="Entrez une URL par ligne (exemple : www.domaine.org/perso/index.htm)"; |
$l_rehabilitated_url="URL réhabilités"; |
$l_rehabilitated_url_explain="Entrez ici des URL bloquées par la liste noire principale <BR> que vous désirez réhabiliter."; |
$l_rehabilitated_url_explain="Entrez ici des URL bloquées par la liste noire <BR> que vous souhaitez réhabiliter."; |
$l_one_url="Entrez une URL par ligne (exemple : www.domaine.org/perso/index.htm)"; |
$l_record="Enregistrer les modifications"; |
$l_wait="Une fois validées, 30 secondes sont nécessaires pour traiter vos modifications"; |
$l_ip_filtering="Filtrer les URLs contenant une adresse IP au lien d'un nom de domaine (ex: http://25.56.58.59/index.htm)"; |
$l_safe_searching="Activer le contrôle scolaire/parentale pour les moteurs de recherche suivants : google, yahoo, bing, alltheweb, lycos, metacrawler et Youtube."; |
$l_safe_youtube="Pour Youtube, créez un ID et entrez le ici : "; |
} |
else { |
$l_title1 = "Domain names and URL filtering"; |
54,25 → 61,32 |
$l_dnsfilter_off="Actually, the Domain name and URL filter is off"; |
$l_switch_filtering_on="Switch the Filter on"; |
$l_switch_filtering_off="Switch the Filter off"; |
$l_main_bl="Main blacklist"; |
$l_main_bl="Blacklist"; |
$l_bl_version="Current version : "; |
$l_bl_categories="Choice of filtered categories"; |
$l_download="Download the last version"; |
$l_warning="<B>Be carefull</B> : this download is estimate to fiew minutes."; |
$l_secondary_bl="Secondary blacklist and whitelist"; |
$l_download_bl="Download the last version"; |
$l_fingerprint="The digital fingerprint of the downloaded blacklist is : "; |
$l_fingerprint2="Verify it with this link (line 'blacklists.tar.gz') : "; |
$l_activate_bl="Activate this version"; |
$l_warning="Estimated time : one minute."; |
$l_specific_filtering="Specific filtering"; |
$l_forbidden_dns="Filtered domain names"; |
$l_forbidden_dns_explain="Enter one domain name per row (exemple : .domain.org)"; |
$l_one_dns="Enter one domain name per row (example : .domain.org)"; |
$l_maj_rehabilitated="Domain names or URLs rehabilitation"; |
$l_maj_rehabilitated="Domain names or URLs rehabilitated"; |
$l_rehabilitated_dns="Rehabilitated domain names"; |
$l_rehabilitated_dns_explain="Enter here domain names that are blocked by the main blacklist <BR> and which you want to rehabilitate."; |
$l_rehabilitated_dns_explain="Enter here domain names that are blocked by the blacklist <BR> and you want to rehabilitate."; |
$l_add_to_bl="Domain names or URLs to add to blacklist"; |
$l_forbidden_url="Filtered URL"; |
$l_forbidden_url_explain="Enter one URL per row (example : www.domaine.org/perso/index.htm)"; |
$l_rehabilitated_url="Rehabilitated URL"; |
$l_rehabilitated_url_explain="Enter here URL that are blocked by the main blacklist <BR> and which you want to rehabilitate."; |
$l_rehabilitated_url_explain="Enter here URL that are blocked by the blacklist <BR> and you want to rehabilitate."; |
$l_one_url="Enter one URL per row (example : www.domaine.org/perso/index.htm)"; |
$l_record="Save changes"; |
$l_wait="Once validated, 30 seconds is necessary to compute your modifications"; |
$l_ip_filtering="Filtering URLs that contain an IP address instead of a domain name (ie: http://25.56.58.59/index.htm)"; |
$l_safe_searching="Enabling school/parental control for the following search engines : google, yahoo, bing, alltheweb, lycos, metacrawler and Youtube."; |
$l_safe_youtube="For Youtube, create an ID and write it here : "; |
} |
$bl_categories="/usr/local/etc/alcasar-bl-categories"; |
$bl_categories_enabled="/usr/local/etc/alcasar-bl-categories-enabled"; |
87,8 → 101,11 |
case 'BL_Off' : |
exec ("sudo /usr/local/sbin/alcasar-bl.sh --off"); |
break; |
case 'MAJ_bl' : |
case 'Download_bl' : |
exec ("sudo /usr/local/sbin/alcasar-bl.sh --download"); |
break; |
case 'Active_bl' : |
exec ("sudo /usr/local/sbin/alcasar-bl.sh --adapt"); |
exec ("sudo /usr/local/sbin/alcasar-bl.sh --reload"); |
break; |
case 'MAJ_cat' : |
107,9 → 124,6 |
fclose($pointeur); |
} |
else {echo "$l_error_open_file $bl_categories_enabled";} |
exec ("sudo /usr/local/sbin/alcasar-bl.sh --reload"); |
break; |
case 'MAJ_OSSI' : |
$fichier=fopen("/etc/dansguardian/lists/blacklists/ossi/domains","w+"); |
fputs($fichier, form_filter($_POST['OSSI_bl_domains'])); |
fclose($fichier); |
128,6 → 142,8 |
unset($_POST['OSSI_wl_urls']); |
exec ("sudo /usr/local/sbin/alcasar-bl.sh --reload"); |
break; |
case 'Specific_filtering' : |
break; |
} |
?> |
</TABLE> |
/alcasar.sh |
---|
1263,10 → 1263,10 |
# on copie par défaut la BL de toulouse embarqués dans l'archive d'ALCASAR |
rm -rf $DIR_DG/lists/blacklists |
tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1 |
# on crée le répertoire de la BL secondaire et le répertoire "pureip" (catégorie virtuelle) |
mkdir $DIR_DG/lists/blacklists/ossi $DIR_DG/lists/blacklists/ip |
touch $DIR_DG/lists/blacklists/ossi/domains $DIR_DG/lists/blacklists/ip/domains |
touch $DIR_DG/lists/blacklists/ossi/urls $DIR_DG/lists/blacklists/ip/urls |
# on crée le répertoire ossi (noms de domaine et URLs ajoutés à la BL) |
mkdir $DIR_DG/lists/blacklists/ossi |
touch $DIR_DG/lists/blacklists/ossi/domains |
touch $DIR_DG/lists/blacklists/ossi/urls |
# On crée les fichiers vides de sites ou d'URL réhabilités |
[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default |
[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default |
1287,6 → 1287,13 |
# block all sites specified only by an IP |
*ip |
EOF |
# On ajoute Bing et Youtube à la récriture d'URL liée au contrôle scolaire/parental |
cat <<EOF >> $DIR_DG/lists/urlregexplist |
# Bing - add 'adlt=strict' |
#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict" |
# Youtube - add 'edufilter=your_ID' |
#"(^http://[0-9a-z]+\.youtube\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&edufilter=AAGG0dDxGViM51LeLNifnw" |
EOF |
chown -R dansguardian:apache $DIR_DG |
chmod -R g+rw $DIR_DG |
# On crée la structure du DNS-blackhole : |
/conf/etc/alcasar-bl-categories-enabled |
---|
5,7 → 5,6 |
drogue |
gambling |
hacking |
ip |
malware |
marketingware |
mixed_adult |
/CHANGELOG |
---|
11,6 → 11,9 |
- change the order of http chain (DG --> squid --> HAVP --> Internet) more réactivity and less charge of CPU |
- Dansguardian deny domain when request via proxy http |
- The database is checked (and repair) every week |
Improve security |
- The blacklist if now verified before activating it (ANSSI need) |
- The scholl/parental control can now filter search engines (google, bing, yahoo, alltheweb, etc.) and youtube |
News |
- The IP addresses in the consultation network are dynamicly allocated. Static ip can be reserved in the Alcasar Control Center |
- The script "alcasar-https.sh {-on|-off}" enable or disable encryption on authentication flows |
/scripts/sbin/alcasar-dg-safesearch.sh |
---|
0,0 → 1,45 |
#/bin/bash |
# alcasar-dg-safesearch.sh |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# Activation / désactivation du contrôle scolaire/parental sur les moteurs de recherche et Youtube |
# enable/disable safesearching on search engines and Youtube |
DIR_DG="/etc/dansguardian/lists" |
SED="/bin/sed -i" |
function safesearch_disable (){ |
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist # Disable 'safesearch' |
service dansguardian reload |
} |
function safesearch_enable (){ |
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # Enable 'safesearch' |
service dansguardian reload |
} |
usage="Usage: alcasar-dg-safesearch.sh {--on or -on} | {--off or -off} " |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
nb_args=1 |
args="-h" |
fi |
case $args in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
--on|-on) |
safesearch_enable |
;; |
--off|-off) |
safesearch_disable |
;; |
*) |
echo "Argument inconnu :$1"; |
echo "$usage" |
exit 1 |
;; |
esac |
Property changes: |
Added: svn:eol-style |
+native |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
/scripts/sbin/alcasar-bl.sh |
---|
8,7 → 8,8 |
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian) |
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian) |
CONF_FILE="/usr/local/etc/alcasar.conf" |
DIR_CONF="/usr/local/etc" |
CONF_FILE="$DIR_CONF/alcasar.conf" |
private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2` |
private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
16,30 → 17,14 |
FILE_tmp="/tmp/fileFilter.txt" |
DIR_DG="/etc/dansguardian/lists" |
DIR_DG_BL="$DIR_DG/blacklists" |
BL_CATEGORIES="/usr/local/etc/alcasar-bl-categories" |
BL_CATEGORIES_ENABLED="/usr/local/etc/alcasar-bl-categories-enabled" |
DIR_DNS_FILTER_AVAILABLE="/usr/local/etc/alcasar-dnsfilter-available" |
DIR_DNS_FILTER_ENABLED="/usr/local/etc/alcasar-dnsfilter-enabled" |
BL_SERVER="cri.univ-tlse1.fr" |
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" |
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" |
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" |
DIR_DNS_FILTER_AVAILABLE="$DIR_CONF/alcasar-dnsfilter-available" |
DIR_DNS_FILTER_ENABLED="$DIR_CONF/alcasar-dnsfilter-enabled" |
BL_SERVER="dsi.ut-capitole.fr" |
SED="/bin/sed -i" |
# Récupération de l'archive de la BL Toulouse |
function transfert () { |
mkdir -p $DIR_tmp |
cd $DIR_tmp |
wget http://$BL_SERVER/blacklists/download/blacklists.tar.gz |
} |
# Décompression de la BL (en conservant la WL) |
function install () { |
[ -d $DIR_DG ] || mkdir -p $DIR_DG |
[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp |
[ -d $DIR_DG_BL/ip ] && mv -f $DIR_DG_BL/ip $DIR_tmp |
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/ |
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/ |
[ -d $DIR_tmp/ip ] && mv -f $DIR_tmp/ip $DIR_DG_BL/ |
cd /root |
rm -rf $DIR_tmp |
} |
# Permet d'activer/désactiver les catégories de la BL |
function cat_choice (){ |
# un peu de ménage |
55,12 → 40,11 |
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # dansguardian s'occupe du contournement par proxy http ;-) |
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist |
done |
sort -k2n $BL_CATEGORIES > $FILE_tmp |
sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp |
mv $FILE_tmp $BL_CATEGORIES |
} |
function bl_enable (){ |
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf |
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # Enable 'safesearch' |
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage |
then |
service dansguardian restart |
71,7 → 55,6 |
function bl_disable (){ |
rm -rf $DIR_DNS_FILTER_ENABLED/* |
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf |
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist # Disable 'safesearch' |
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage |
then |
service dansguardian restart |
111,7 → 94,7 |
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE |
bl_disable |
;; |
# Mise a jour de la blacklist 'Toulouse' (attente validation md5 avant adaptation à notre structure) |
# Récupération de l'archive de la BL Toulouse |
-download | --download) |
rm -rf /tmp/con_ok.html |
`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html` |
119,18 → 102,47 |
then |
echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable" |
else |
transfert |
install |
rm -rf /tmp/con_ok.html $DIR_tmp |
mkdir $DIR_tmp |
cd $DIR_tmp |
wget http://$BL_SERVER/blacklists/download/blacklists.tar.gz |
md5sum $DIR_tmp/blacklists.tar.gz | cut -d" " -f1 > $DIR_tmp/md5sum |
cd /root |
fi |
;; |
# Adaptation de la BL de Toulouse à notre structure (dnsmasq + DG) |
-adapt | --adapt) |
if [ -f $DIR_tmp/blacklists.tar.gz ] |
then |
[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp |
rm -rf $DIR_DG_BL |
mkdir $DIR_DG_BL |
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/ |
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/ |
rm -rf $DIR_tmp |
chown -R dansguardian:apache $DIR_DG |
chmod -R g+w $DIR_DG |
rm -rf /tmp/con_ok.html |
fi |
;; |
# Adaptation de la BL à notre structure (dnsmasq + DG) |
-adapt | --adapt) |
find $DIR_DG_BL/ -type f -name domains > $BL_CATEGORIES # On récupère le nom des répertoire (catégories) |
$SED "s?\/domains??g" $BL_CATEGORIES # On supprime le suffice "/domains" |
rm -f $DIR_DNS_FILTER_AVAILABLE/* |
rm -f $BL_CATEGORIES $WL_CATEGORIES $DIR_DNS_FILTER_AVAILABLE/* |
touch $BL_CATEGORIES $WL_CATEGORIES |
find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # On récupère le nom des répertoire (catégories) |
$SED "s?\/domains??g" $FILE_tmp # On supprime le suffixe "/domains" |
for categorie in `cat $FILE_tmp` # creation des deux fichiers de categories (BL / WL) |
do |
if [ -e $categorie/usage ] |
then |
is_whitelist=`grep white $categorie/usage|wc -l` |
else |
is_whitelist=0 # si le fichier 'usage' n'existe pas, on considère que la catégorie est une BL |
fi |
if [ $is_whitelist -eq "0" ] |
then |
echo "$categorie" >> $BL_CATEGORIES |
else |
echo "$categorie" >> $WL_CATEGORIES |
fi |
done |
rm -f $FILE_tmp |
echo -n "Toulouse BlackList migration process. Please wait : " |
for PATH_FILE in `cat $BL_CATEGORIES` # pour chaque catégorie |
do |
141,16 → 153,16 |
chown dansguardian:apache $PATH_FILE/urls |
fi |
# suppression des @IP, de caractères acccentués et des lignes commentées |
egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > /tmp/dnsmasq-bl.tmp |
$SED "/[äâëêïîöôüû]/d" /tmp/dnsmasq-bl.tmp |
$SED "/^#.*/d" /tmp/dnsmasq-bl.tmp |
$SED "s?.*?address=/&/$PRIVATE_IP?g" /tmp/dnsmasq-bl.tmp # Mise en forme dnsmasq |
egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > $FILE_tmp |
$SED "/[äâëêïîöôüû]/d" $FILE_tmp |
$SED "/^#.*/d" $FILE_tmp |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp # Mise en forme dnsmasq |
DOMAINE=`basename $PATH_FILE` |
mv /tmp/dnsmasq-bl.tmp $DIR_DNS_FILTER_AVAILABLE/$DOMAINE.conf |
mv $FILE_tmp $DIR_DNS_FILTER_AVAILABLE/$DOMAINE.conf |
done |
echo |
;; |
# regénération suite à modification de la BL secondaire ou du choix des catégories |
# regénération suite à modification du choix des catégories |
-reload | --reload) |
# pour Dansguardian |
chown -R dansguardian:apache $DIR_DG_BL/ossi |
166,12 → 178,6 |
fi |
cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_FILTER_AVAILABLE/ossi.conf |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_FILTER_AVAILABLE/ossi.conf |
IP_PURE=`grep '^ip' $BL_CATEGORIES_ENABLED|wc -l` |
if [ $IP_PURE -eq "1" ]; then # filtrage des url sans nom de domaine |
$SED "s/^\#\*ip$/*ip/g" $DIR_DG/bannedsitelist |
else |
$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist |
fi |
DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off) |
DNS_FILTERING=${DNS_FILTERING:=off} |
if [ $DNS_FILTERING = on ]; then |
/scripts/alcasar-conf.sh |
---|
176,7 → 176,10 |
fi |
cp $CONF_FILE $DIR_UPDATE/etc/ |
# le paramêtre 'EXT_LAN_FILTERING' n'existe plus depuis la V2.6 |
$SED "/^EXT_LAN/d" $DIR_UPDATE/etc/alcasar.conf |
$SED "/^EXT_LAN/d" $DIR_UPDATE/etc/alcasar.conf |
# la catégorie de sites filtrés "ip" n'existe plus depuis la V2.6 |
$SED "/\/ip\/urls/d" $DIR_UPDATE/bannedurllist; $SED "/\/ip\/domains/d" $DIR_UPDATE/bannedsitelist |
$SED "/blacklists\/ip/d" $DIR_UPDATE/etc/alcasar-bl-categories; $SED "/^ip/d" $DIR_UPDATE/alcasar-bl-categories-enabled |
# le répertoire "ISO" est remplacé par "system_backup" suite à la suppression de "mondoarchive" (V2.5) |
rm -rf /var/Save/ISO |
# création de l'archive et copie dans le répertoire WEB associé |