Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 884 → Rev 885

/web/acc/manager/htdocs/import_user.php
24,7 → 24,7
$l_send = "Envoyer";
$l_imported_files = "Fichiers des identifiants/mot_de_passe importés durant les dernières 24h :";
$l_db_import = "Importer à partir d'une sauvegarde de la base d'usagers (format SQL)";
$l_db_import_help = "Afin de pouvoir imputer les dernière traces de connexion, une sauvegarde de la base actuelle sera automatiquement réalisée.";
$l_db_import_help = "Afin de pouvoir imputer les dernières traces de connexion, une sauvegarde de la base actuelle sera automatiquement réalisée.";
$l_db_reset = "Remise à zéro de la base usagers";
$l_error_ext_txt = "Erreur! Veuillez sélectionner un fichier avec l'extension '.csv' ou '.txt'";
$l_error_ext_sql = "Erreur! Veuillez sélectionner un fichier avec l'extension '.sql'";
/web/acc/admin/dns_filter.php
33,7 → 33,8
$l_download_bl="Télécharger la dernière version";
$l_fingerprint="L'empreinte numérique du fichier téléchargé est : ";
$l_fingerprint2="Vérifiez-là en suivant ce lien (ligne 'blacklists.tar.gz') : ";
$l_activate_bl="Activer cette version";
$l_activate_bl="Activer la nouvelle version";
$l_reject_bl="Rejeter";
$l_warning="Temps estimé : une minute.";
$l_specific_filtering="Filtrage special";
$l_forbidden_dns="Noms de domaine filtrés";
51,8 → 52,9
$l_record="Enregistrer les modifications";
$l_wait="Une fois validées, 30 secondes sont nécessaires pour traiter vos modifications";
$l_ip_filtering="Filtrer les URLs contenant une adresse IP au lien d'un nom de domaine (ex: http://25.56.58.59/index.htm)";
$l_safe_searching="Activer le contrôle scolaire/parentale pour les moteurs de recherche suivants : google, yahoo, bing, alltheweb, lycos, metacrawler et Youtube.";
$l_safe_youtube="Pour Youtube, créez un ID et entrez le ici : ";
$l_safe_searching="Activer le contrôle scolaire/parentale des moteurs de recherche : google, yahoo, bing, metacrawler et Youtube.";
$l_safe_youtube="Pour Youtube, entrez votre identifiant ici : ";
$l_youtube_id="(<a href='http://www.youtube.com/education_signup' target='cat_help' onclick=window.open('http://www.youtube.com/education_signup','cat_help','width=800,height=600,toolbar=no,scrollbars=yes,resizable=yes') title='Youtube for school'>lien pour créer un identifiant Youtube (Id)</a>)";
}
else {
$l_title1 = "Domain names and URL filtering";
67,7 → 69,8
$l_download_bl="Download the last version";
$l_fingerprint="The digital fingerprint of the downloaded blacklist is : ";
$l_fingerprint2="Verify it with this link (line 'blacklists.tar.gz') : ";
$l_activate_bl="Activate this version";
$l_activate_bl="Activate the new version";
$l_reject_bl="Reject";
$l_warning="Estimated time : one minute.";
$l_specific_filtering="Specific filtering";
$l_forbidden_dns="Filtered domain names";
85,8 → 88,9
$l_record="Save changes";
$l_wait="Once validated, 30 seconds is necessary to compute your modifications";
$l_ip_filtering="Filtering URLs that contain an IP address instead of a domain name (ie: http://25.56.58.59/index.htm)";
$l_safe_searching="Enabling school/parental control for the following search engines : google, yahoo, bing, alltheweb, lycos, metacrawler and Youtube.";
$l_safe_youtube="For Youtube, create an ID and write it here : ";
$l_safe_searching="Enabling school/parental control for the search engines google, yahoo, bing, metacrawler and Youtube.";
$l_safe_youtube="For Youtube, enter your ID here : ";
$l_youtube_id="(<a href='http://www.youtube.com/education_signup' target='cat_help' onclick=window.open('http://www.youtube.com/education_signup','cat_help','width=800,height=600,toolbar=no,scrollbars=yes,resizable=yes') title='Youtube for school'>link to create a Youtube Id</a>)";
}
$bl_categories="/usr/local/etc/alcasar-bl-categories";
$bl_categories_enabled="/usr/local/etc/alcasar-bl-categories-enabled";
94,6 → 98,22
$conf_file="/usr/local/etc/alcasar.conf";
$urlregex_file="/etc/dansguardian/lists/urlregexplist";
$bannedsite_file="/etc/dansguardian/lists/bannedsitelist";
$dir_tmp="/tmp/blacklists";
# default values
if (is_file ($conf_file))
{
$tab=file($conf_file);
if ($tab)
{
foreach ($tab as $line)
{
$field=explode("=", $line);
if ($field[0] == "DNS_FILTERING") {$DNS_FILTERING=trim($field[1]);}
if ($field[0] == "YOUTUBE_ID") {$YOUTUBE_ID=trim($field[1]);}
}
}
}
else { echo "$l_error_open_file $conf_file";}
if (isset($_POST['choix'])){ $choix=$_POST['choix']; } else { $choix=""; }
switch ($choix)
{
110,6 → 130,9
exec ("sudo /usr/local/sbin/alcasar-bl.sh --adapt");
exec ("sudo /usr/local/sbin/alcasar-bl.sh --reload");
break;
case 'Reject_bl' :
unlink ("$dir_tmp/blacklists.tar.gz"); unlink ("$dir_tmp/md5sum");
break;
case 'MAJ_cat' :
$tab=file($bl_categories_enabled);
if ($tab)
151,8 → 174,12
if (strstr($key,'chk-ip')) $pureip="-pureip_on";
if (strstr($key,'chk-safesearch')) $safesearch="-safesearch_on";
}
echo "$pureip, $safesearch";
break;
if ($_POST['Youtube_ID'] == '') { $New_ID="ABCD1234567890abcdef";} // default ID (no action)
else {$New_ID=$_POST['Youtube_ID'];}
file_put_contents($conf_file, str_replace("YOUTUBE_ID=$YOUTUBE_ID", "YOUTUBE_ID=$New_ID", file_get_contents($conf_file)));
$YOUTUBE_ID=$New_ID;
exec ("sudo /usr/local/sbin/alcasar-url_filter.sh $safesearch $pureip");
break;
}
?>
</TABLE>
163,20 → 190,6
<TABLE width="100%" border=1 cellspacing=0 cellpadding=0>
<tr><td valign="middle" align="left">
<?php
# default values
if (is_file ($conf_file))
{
$tab=file($conf_file);
if ($tab)
{
foreach ($tab as $line)
{
$field=explode("=", $line);
if ($field[0] == "DNS_FILTERING") {$DNS_FILTERING=trim($field[1]);}
}
}
}
else { echo "$l_error_open_file $conf_file";}
if ($DNS_FILTERING == "on")
{
echo "<CENTER><H3>$l_dnsfilter_on</H3></CENTER>";
/web/acc/admin/network.php
37,8 → 37,8
$l_DHCP_full = "DHCP complet";
$l_DHCP_half = "Demi DHCP ";
$l_DHCP_off = "Sans DHCP";
$l_DHCP_full_explain = "Tous les équipements sont en adressage dynamique. Des adresses statiques peuvent être réservées.";
$l_DHCP_half_explain = "La première moitié des équipements est en adressage statique, l'autre moitié en dynamique.";
$l_DHCP_full_explain = "Tous les équipements sont en adressage dynamique (DHCP). Des adresses statiques peuvent être réservées (cf. ci-dessous).";
$l_DHCP_half_explain = "La première moitié du réseau est réservé à l'adressage statique, l'autre moitié est en adressage dynamique (DHCP).";
$l_DHCP_off_explain = "Tous les équipements sont en adressage statique. Le serveur DHCP est arrété.";
$l_static_dhcp_title = "Réservation d'adresses IP statiques";
$l_mac_address = "Adresse MAC";
64,8 → 64,8
$l_DHCP_full = "Full DHCP";
$l_DHCP_half = "Half DHCP ";
$l_DHCP_off = "No DHCP";
$l_DHCP_full_explain = "All equipments are in DHCP mode. Some static addresses can be reserved.";
$l_DHCP_half_explain = "The first half of equipments is in static mode, the other are in DHCP mode.";
$l_DHCP_full_explain = "All equipments are in DHCP mode. Some static addresses can be reserved (see bellow).";
$l_DHCP_half_explain = "The first half of LAN's equipments are in static mode, the other are in dynamic mode (DHCP).";
$l_DHCP_off_explain = "All equipments are in static mode. The DHCP server is off.";
$l_static_dhcp_title = "Static IP addresses reservation";
$l_mac_address = "MAC Address";
/web/acc/admin/auth_exceptions.php
34,8 → 34,10
$l_comment_explain2 = "Laissez vide si non affiché";
$l_remove = "Retirer de la liste";
$l_trusted_ip = "adresses IP de confiance";
$l_trusted_equipments = "Equipements de consultation de confiance";
$l_comment = "Commentaires";
$l_trusted_domain_explain = "Gérez ici les noms de domaine Internet pouvant &ecirc;tre joints sans authentification";
$l_trusted_equipments_explain = "Pour gérer les équipements du réseau de consultation pouvant accéder à Internet sans aêtre interceptés : lisez la documentation d'exploitation (ch.4.7c)";
$l_trusted_ip_explain = "Gérez ici les adresses IP de systèmes ou de réseaux pouvant être joints sans authentification";
$l_submit = "Enregistrer";
$l_add_to_list = "Ajouter à la liste";
49,6 → 51,8
$l_comment_explain2 = "Let empty to not display link";
$l_remove = "Remove from list";
$l_trusted_ip = "Trusted Internet domain and IP addresses";
$l_trusted_equipments = "Trusted consultation equipements";
$l_trusted_equipments_explain = "To manage consultation equipments allowed to be connected to Internet withoout interception, read exploitation documentation (ch.4.7c)";
$l_comment = "Comments";
$l_trusted_domain_explain = "Manage Internet domain names that can be joined without authentication";
$l_trusted_ip_explain = "Manage systems or networks IP addresses that can be joined without authentication";
225,24 → 229,22
</td><td valign='middle' align='center'>
<form action='<?echo"$_SERVER[PHP_SELF]"?>' method='POST'>
<table cellspacing=2 cellpadding=3 border=1>
<tr><th><?echo"$l_domain</th><th>$l_comment_explain";?>
<tr><th><?echo "$l_domain</th><th>$l_comment_explain";?>
<td></td></tr>
<tr><td>exemple1 : www.mydomain.com <br>exemple2 : .yourdomain.net</td>
<td>My domain<br><?echo"$l_comment_explain2";?></td></tr>
<td>My domain<br><?echo "$l_comment_explain2";?></td></tr>
<tr><td><input type='text' name='add_uamdomain' size='20'></td>
<td><input type='text' name='add_domain_comment' size='15'></td>
<input type='hidden' name='choix' value='new_uamdomain'>
<td><input type='submit' value='<?echo"$l_add_to_list";?>'></td>
<td><input type='submit' value='<?echo "$l_add_to_list";?>'></td>
</tr></table>
</form>
</td></tr>
</table>
<TABLE width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo $l_trusted_ip ;?></th></tr>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo "$l_trusted_ip" ;?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</TABLE>
<TABLE width="100%" border=0 cellspacing=0 cellpadding=1>
</TABLE>
</table>
<table width="100%" border=1 cellspacing=0 cellpadding=1>
<tr><td colspan=2 align="center">
<?
281,9 → 283,9
?>
</form>
</td><td valign='middle' align='center'>
<form action='<?echo"$_SERVER[PHP_SELF]"?>' method='POST'>
<form action='<?echo "$_SERVER[PHP_SELF]"?>' method='POST'>
<table cellspacing=2 cellpadding=3 border=1>
<tr><th><?echo"$l_trusted_ip</th><th>$l_comment";?>
<tr><th><?echo "$l_trusted_ip</th><th>$l_comment";?>
<td></td></tr>
<tr><td>exemple1 : 170.25.23.10 <br>exemple2 : 15.20.20.0/16</td>
<td>my_web_server <br>my_dmz</td>
290,10 → 292,19
<tr><td><input type='text' name='add_ip' size='20'></td>
<td><input type='text' name='add_ip_comment' size='15'></td>
<input type='hidden' name='choix' value='new_ip'>
<td><input type='submit' value='<?echo"$l_add_to_list";?>'></td>
<td><input type='submit' value='<?echo "$l_add_to_list";?>'></td>
</tr></table>
</form>
</td></tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><th><?php echo "$l_trusted_equipments";?></th></tr>
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width="1" height="2"></td></tr>
</table>
<table width="100%" border=1 cellspacing=0 cellpadding=1>
<tr><td colspan=2 align="center">
<?echo "$l_trusted_equipments_explain";?>
</td></tr>
</table>
</BODY>
</HTML>
/web/acc/admin/dns_filter2.php
28,14 → 28,15
echo "<center>$l_bl_version";
echo date ("F d Y", filemtime ('/etc/dansguardian/lists/blacklists/README'));
echo "</center><BR>";
$dir_tmp="/tmp/blacklists";
if ((file_exists("$dir_tmp/blacklists.tar.gz")) && (file_exists("$dir_tmp/md5sum")))
{
echo "$l_fingerprint"; echo_file ("$dir_tmp/md5sum");
echo "<br>$l_fingerprint2<a href='http://dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST' target='cat_help' onclick=window.open('http://dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST','cat_help','width=600,height=150,toolbar=no,scrollbars=yes,resizable=yes') title='verify fingerprint'>dsi.ut-capitole.fr/blacklists/download/MD5SUM.LST</a><br>";
echo "<input type='hidden' name='choix' value='Active_bl'>";
echo "<input type='submit' value='$l_activate_bl'>";
echo " ($l_warning)";
echo "<input type='submit' value='$l_activate_bl'> ($l_warning)</FORM>";
echo "<FORM action='dns_filter.php' method=POST>";
echo "<input type='hidden' name='choix' value='Reject_bl'>";
echo "<input type='submit' value='$l_reject_bl'></form>";
}
else
{
170,10 → 171,17
}
echo "> $l_safe_searching";
echo "<br>$l_safe_youtube";
echo "<input type='text' name='Youtube_ID' size='30' value='";
if ($YOUTUBE_ID == "ABCD1234567890abcdef") // generic ID (do nothing)
{
echo "'>";
}
else {
echo "$YOUTUBE_ID'>";
}
echo " $l_youtube_id<tr><td>";
echo "<input type='submit' value='$l_record'>";
?>
<input type='text' name='Youtube-ID' size='30'>
<tr><td>
<input type='submit' value='<?php echo "$l_record"?>'>
</form>
</td></tr>
</TABLE>
/alcasar.sh
1292,7 → 1292,7
# Bing - add 'adlt=strict'
#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
# Youtube - add 'edufilter=your_ID'
#"(^http://[0-9a-z]+\.youtube\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&edufilter=AAGG0dDxGViM51LeLNifnw"
#"(^http://[0-9a-z]+\.youtube\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&edufilter=ABCD1234567890abcdef"
EOF
chown -R dansguardian:apache $DIR_DG
chmod -R g+rw $DIR_DG
1421,9 → 1421,10
echo "QOS=off" >> $CONF_FILE
echo "LDAP=off" >> $CONF_FILE
echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE
echo "DNS_FILTERING=off" >> $CONF_FILE
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE
echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE
# Coloration des prompts
[ -e /etc/bashrc.default ] || cp /etc/bashrc /etc/bashrc.default
cp -f $DIR_CONF/bashrc /etc/. ; chmod 644 /etc/bashrc ; chown root:root /etc/bashrc
/conf/sudoers
19,7 → 19,7
Cmnd_Alias SQL=/usr/local/sbin/alcasar-mysql.sh # pour exporter la base mysql
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # pour générer l'archive de configuration du serveur
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-log.sh # pour exporter/sauvegarder les fichiers journaux
Cmnd_Alias BL=/usr/local/sbin/alcasar-bl.sh,/usr/local/sbin/alcasar-havp.sh,/usr/local/bin/alcasar-file-clean.sh # pour gérer le filtrage WEB (blacklists, whitelist et antivirus)
Cmnd_Alias BL=/usr/local/sbin/alcasar-bl.sh,/usr/local/sbin/alcasar-havp.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/sbin/alcasar-url_filter.sh # pour gérer le filtrage WEB (blacklists, whitelist et antivirus)
Cmnd_Alias NF=/usr/local/sbin/alcasar-nf.sh,/usr/local/bin/alcasar-iptables.sh # pour gérer le filtrage réseau
Cmnd_Alias LOGOUT=/usr/local/sbin/alcasar-logout.sh # pour déconnecter les usagers
Cmnd_Alias UAM=/usr/local/sbin/alcasar-uamallowed.sh # pour gérer les site de confiance (uamallowed)
/CHANGELOG
12,7 → 12,7
- Dansguardian deny domain when request via proxy http
- The database is checked (and repair) every week
Improve security
- The blacklist if now verified before activating it (ANSSI need)
- The blacklist is now verified before activating (ANSSI need)
- The scholl/parental control can now filter search engines (google, bing, yahoo, alltheweb, etc.) and youtube
News
- The IP addresses in the consultation network are dynamicly allocated. Static ip can be reserved in the Alcasar Control Center
23,6 → 23,7
- DHCP service is more flexible : it can be {off | half | full}
- ACC : admin can now export the curent tracability file
- ACC : admin can define the exception domains that will be showed in intercept page
- The script "alcasar-https.sh" disable https on LAN side (only for mastered LAN).
---------------------- 2.5 --------------------
Bugs
- watchdog of Daemons for service's test
/scripts/sbin/alcasar-url_filter.sh
10,6 → 10,7
# Enable / disable : filter of urls containing ip address instead of domain name
 
DIR_DG="/etc/dansguardian/lists"
CONF_FILE="/usr/local/etc/alcasar.conf"
SED="/bin/sed -i"
safesearch="Off"
pureip="Off"
54,7 → 55,9
done
if [ $safesearch == "On" ]
then
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist #on décommente les lignes de regles
youtube_id=`grep YOUTUBE_ID $CONF_FILE|cut -d"=" -f2`
$SED "s?\&edufilter=.*?\&edufilter=$youtube_id\"?g" $DIR_DG/urlregexplist
else
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist
fi
65,6 → 68,6
$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist
fi
 
#service dansguardian restart
service dansguardian restart
fi
 
/scripts/sbin/alcasar-bl.sh
104,10 → 104,9
else
rm -rf /tmp/con_ok.html $DIR_tmp
mkdir $DIR_tmp
cd $DIR_tmp
wget http://$BL_SERVER/blacklists/download/blacklists.tar.gz
wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz
md5sum $DIR_tmp/blacklists.tar.gz | cut -d" " -f1 > $DIR_tmp/md5sum
cd /root
chown -R apache:apache $DIR_tmp
fi
;;
# Adaptation de la BL de Toulouse à notre structure (dnsmasq + DG)
/scripts/alcasar-conf.sh
175,12 → 175,39
if [ $DHCP_mode = "on" ]; then
$SED "s?^DHCP=on.*?DHCP=half?" $CONF_FILE # DHCP option can be "off/half/full" since V2.6
fi
cp $CONF_FILE $DIR_UPDATE/etc/
# le paramêtre 'EXT_LAN_FILTERING' n'existe plus depuis la V2.6
$SED "/^EXT_LAN/d" $DIR_UPDATE/etc/alcasar.conf
$SED "/^EXT_LAN/d" $CONF_FILE
# la catégorie de sites filtrés "ip" n'existe plus depuis la V2.6
$SED "/\/ip\/urls/d" $DIR_UPDATE/bannedurllist; $SED "/\/ip\/domains/d" $DIR_UPDATE/bannedsitelist
$SED "/blacklists\/ip/d" $DIR_UPDATE/etc/alcasar-bl-categories; $SED "/^ip/d" $DIR_UPDATE/alcasar-bl-categories-enabled
$SED "/blacklists\/ip/d" $DIR_UPDATE/etc/alcasar-bl-categories; $SED "/^ip/d" $DIR_UPDATE/etc/alcasar-bl-categories-enabled
# bing et Youtube sont ajoutés au safesearching depuis la V2.6
Bing=`grep bing $DIR_UPDATE/urlregexplist | wc -l`
if [ $Bing -ne "1" ]; then
SafeSearch=`grep ^\"\(\^http\:\/\/ $DIR_UPDATE/urlregexplist | wc -l`
if [ $SafeSearch -eq "0" ]; then
cat <<EOF >> $DIR_UPDATE/urlregexplist
# Bing - add 'adlt=strict'
#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
# Youtube - add 'edufilter=your_ID'
#"(^http://[0-9a-z]+\.youtube\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&edufilter=ABCD1234567890abcdef"
EOF
else
cat <<EOF >> $DIR_UPDATE/urlregexplist
# Bing - add 'adlt=strict'
"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
# Youtube - add 'edufilter=your_ID'
"(^http://[0-9a-z]+\.youtube\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&edufilter=ABCD1234567890abcdef"
EOF
fi
fi
# la variable YOUTUBE_ID est déclarée dans le fichier de conf depuis la V2.6
YOUTUBE_ID=`grep ^YOUTUBE_ID $CONF_FILE | cut -d"=" -f2`
YOUTUBE_ID=${YOUTUBE_ID:="-1"}
if [ $YOUTUBE_ID = "-1" ]; then
echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE
fi
# copie du fichier de conf modifié
cp $CONF_FILE $DIR_UPDATE/etc/
# le répertoire "ISO" est remplacé par "system_backup" suite à la suppression de "mondoarchive" (V2.5)
rm -rf /var/Save/ISO
# création de l'archive et copie dans le répertoire WEB associé