136,15 → 136,18 |
mode="update" |
fi |
else |
free_space=`df -BG --output=avail /var|tail -1|tr -d [:space:]G` |
if [ $free_space -lt 10 ] |
then |
if [ $Lang == "fr" ] |
then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)" |
else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)" |
if [ ! -d /var/log/netflow/porttracker ] |
then |
free_space=`df -BG --output=avail /var|tail -1|tr -d [:space:]G` |
if [ $free_space -lt 10 ] |
then |
if [ $Lang == "fr" ] |
then echo "place disponible sur /var insufisante ($free_space Go au lieu de 10 Go au minimum)" |
else echo "not enough free space on /var ($free_space GB instead of at least 10 GB)" |
fi |
exit 0 |
fi |
exit 0 |
fi |
fi |
fi |
if [ $Lang == "fr" ] |
then echo -n "Tests des paramètres réseau : " |
1125,14 → 1128,12 |
param_ulogd () |
{ |
# Three instances of ulogd (three different logfiles) |
cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-ssh.service |
cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-ext-access.service |
mv /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-traceability.service |
[ -d /var/log/firewall ] || mkdir -p /var/log/firewall |
nl=1 |
for log_type in traceability ssh ext-access |
do |
[ -e /var/log/firewall/$log_type.log ] || touch /var/log/firewall/$log_type.log |
[ -e /lib/systemd/system/ulogd-$log_type.service ] || cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-$log_type.service |
/var/log/firewall/$log_type.log ] || touch /var/log/firewall/$log_type.log |
cp -f /etc/ulogd.conf /etc/ulogd-$log_type.conf |
$SED "s?^nlgroup=.*?nlgroup=$nl?g" /etc/ulogd-$log_type.conf |
$SED '/OPRINT/,$d' /etc/ulogd-$log_type.conf |
1155,46 → 1156,32 |
########################################################## |
param_nfsen() |
{ |
#Decompression tarball |
tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/ |
#Création groupe et utilisteur |
if grep "^www-data:" /etc/group > /dev/null; then |
echo "Group already exists !" |
else |
groupadd www-data |
echo "Group 'www-data' created !" |
fi |
if grep "^nfsen:" /etc/passwd > /dev/null; then |
echo "User already exists !" |
else |
useradd -m nfsen |
echo "User 'nfsen' created !" |
fi |
# Create a specific user and group |
[ `grep "^www-data:" /etc/group | wc -l` == 1 ] || groupadd www-data |
[ `grep "^nfsen:" /etc/passwd | wc -l` == 1 ] || useradd -m nfsen |
usermod -G www-data nfsen |
#Ajout du plugin nfsen : PortTracker |
# Add PortTracker plugin |
mkdir -p /var/www/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins |
chown -R nfsen:www-data /var/www/nfsen |
chown -R apache:apache /usr/share/nfsen /var/log/netflow/porttracker |
cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/ |
#Copie du fichier de conf modifié de nfsen |
# use of our conf file and init unit |
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/ |
#Copie du script d'initialisation de nfsen |
cp $DIR_CONF/nfsen/nfsen.service /lib/systemd/system/ |
#Installation de nfsen via le scrip Perl |
# Installation of nfsen |
DirTmp=$(pwd) |
cd /tmp/nfsen-1.3.6p1/ |
/usr/bin/perl5 install.pl etc/nfsen.conf #script lancé deux fois pour corriger, |
/usr/bin/perl5 install.pl etc/nfsen.conf #un problème Perl : "Semaphore introuvable" |
#Création de la DB pour rrdtool |
/usr/bin/perl5 install.pl etc/nfsen.conf |
/usr/bin/perl5 install.pl etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable" |
# Create RRD DB for porttracker (only in it still doesn't exist) |
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/ |
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/ |
sudo -u apache nftrack -I -d /var/log/netflow/porttracker |
[ d /var/log/netflow/porttracker ] || sudo -u apache nftrack -I -d /var/log/netflow/porttracker |
chown -R apache:www-data /var/log/netflow/porttracker/ |
chmod -R 775 /var/log/netflow/porttracker |
#Configuration du fichier de conf d'apache |
if [ -f /etc/httpd/conf/conf.d/nfsen.conf ];then |
rm -f /etc/httpd/conf/conf.d/nfsen.conf |
fi |
# Apache conf file |
rm -f /etc/httpd/conf/conf.d/nfsen.conf |
cat <<EOF >> /etc/httpd/conf/conf.d/nfsen.conf |
Alias /nfsen /var/www/nfsen |
<Directory /var/www/nfsen/> |
1208,11 → 1195,11 |
php_flag track_vars on |
</Directory> |
EOF |
#Ajout du paramètre : IP d'écoute pour le collecteur (nfcapd) |
# Add the listen port to collect netflow packet (nfcapd) |
$SED s?'\$ziparg $extensions.*?\$ziparg $extensions -b 127.0.0.1";'?g /usr/libexec/NfSenRC.pm |
#Configuration du délais d'expiration des captures du profile "live" |
# expire delay for the profile "live" |
nfsen -m live -e 62d 2>/dev/null |
#Suppression des sources de nfsen |
# clear the installation |
cd $DirTmp |
rm -rf /tmp/nfsen-1.3.6p1/ |
} # End of param_nfsen |
1296,8 → 1283,8 |
# Create dnsmasq-blacklist and dnsmasq-whitelist unit |
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service |
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-whitelist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/bin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service |
# TODO Start after chilli which create tun0 |
# $SED "s?^# chkconfig:.*?# chkconfig: 2345 99 40?g" /etc/init.d/dnsmasq |
} # End dnsmasq |
1538,8 → 1525,7 |
/sbin/chkconfig --add $i |
done |
# processes launched at boot time (Systemctl) |
for i in alcasar-load_balancing nfsen mysqld httpd ntpd iptables ulogd dnsmasq radiusd dansguardian freshclam |
|
for i in alcasar-load_balancing nfsen mysqld httpd ntpd iptables ulogd dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access |
do |
systemctl -q enable $i |
done |
1576,7 → 1562,7 |
$SED "/^kernel/s/BOOT_IMAGE=linux /BOOT_IMAGE=linux-nonfb /" /boot/grub/menu.lst |
$SED "/^gfxmenu/d" /boot/grub/menu.lst |
# Remove unused services and users |
for svc in sshd.service |
for svc in sshd.service alsa-state |
do |
/bin/systemctl -q disable $svc |
done |