| 928,14 → 928,12 |
|---|
| fi |
| groupadd -f havp |
| useradd -g havp havp |
| # création de la partition de stockage temporaire (100Mo) |
| dd if=/dev/zero of=/tmp/havp-disk bs=1024k count=30 |
| mkfs.ext4 -qF /tmp/havp-disk |
| # création de la zone de travail temporaire (50Mo) en mémoire |
| mkdir -p /var/tmp/havp /var/log/havp |
| chown -R havp /var/tmp/havp /var/log/havp /var/run/havp |
| echo "# Entry for havp tmp files scan partition" >> /etc/fstab |
| echo "/tmp/havp-disk /var/tmp/havp ext4 loop,mand,noatime,async" >> /etc/fstab |
| echo "tmpfs /var/tmp/havp tmpfs mand,noatime,size=50m,nosuid,noexec 0 0" >> /etc/fstab |
| $SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp |
| mkdir -p /var/tmp/havp /var/log/havp |
| chown -R havp /var/log/havp /var/run/havp |
| # configuration d'HAVP |
| [ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default |
| $SED "/^REMOVETHISLINE/d" /etc/havp/havp.config |
| 962,7 → 960,6 |
|---|
| ## Fonction firewall ## |
| ## - adaptation des scripts du parefeu ## |
| ## - mise en place des règles et sauvegarde pour un lancement automatique ## |
| ## - configuration Ulogd ## |
| ################################################################################## |
| firewall () |
| { |
| 971,12 → 968,6 |
|---|
| $SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
| $SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
| chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau) |
| [ -d /var/log/firewall ] || mkdir -p /var/log/firewall |
| [ -e /var/log/firewall/firewall.log ] || touch /var/log/firewall/firewall.log |
| chown -R root:apache /var/log/firewall |
| chmod 750 /var/log/firewall |
| chmod 640 /var/log/firewall/firewall.log |
| $SED "s?^file=\"/var/log/ulogd.syslogemu\"?file=\"/var/log/firewall/firewall.log\"?g" /etc/ulogd.conf |
| # création du fichier d'exception au filtrage |
| touch /usr/local/etc/alcasar-filter-exceptions |
| sh $DIR_DEST_BIN/alcasar-iptables.sh |
| 983,6 → 974,44 |
|---|
| } # End of firewall () |
| |
| ################################################################################## |
| ## param_ulogd function ## |
| ## - Ulog config for multi-log files ## |
| ################################################################################## |
| param_ulogd () |
| { |
| # Three instances of ulogd (three different logfiles) |
| [ -d /var/log/firewall ] || mkdir -p /var/log/firewall |
| [ -e /var/log/firewall/tracability.log ] || touch /var/log/firewall/tracability.log |
| [ -e /var/log/firewall/ssh.log ] || touch /var/log/firewall/ssh.log |
| [ -e /var/log/firewall/ext-access.log ] || touch /var/log/firewall/ext-access.log |
| chown -R root:apache /var/log/firewall |
| chmod 750 /var/log/firewall |
| chmod 640 /var/log/firewall/* |
| cat <<EOF > /etc/ulogd-tracability.conf |
| # ulogd configuration for ALCASAR |
| [global] |
| nlgroup=1 |
| logfile="/var/log/ulogd.log" |
| loglevel=5 |
| rmem=131071 |
| bufsize=150000 |
| plugin="/usr/lib/ulogd/ulogd_BASE.so" |
| plugin="/usr/lib/ulogd/ulogd_LOGEMU.so" |
| [LOGEMU] |
| file="/var/log/firewall/tracability.log" |
| sync=1 |
| EOF |
| cp -f /etc/ulogd-tracability.conf /etc/ulogd-ssh.conf |
| $SED "s?^nlgroup=.*?nlgroup=2?g" /etc/ulogd-ssh.conf |
| $SED "s?^file=\"/var/log/firewall/.*?file=\"/var/log/firewall/ssh.log\"?g" /etc/ulogd-ssh.conf |
| cp -f /etc/ulogd-tracability.conf /etc/ulogd-ext-access.conf |
| $SED "s?^nlgroup=.*?nlgroup=3?g" /etc/ulogd-ext-access.conf |
| $SED "s?^file=\"/var/log/firewall/.*?file=\"/var/log/firewall/ext-access.log\"?g" /etc/ulogd-ext-access.conf |
| [ -e /etc/init.d/ulogd.default ] || cp /etc/init.d/ulogd /etc/init.d/ulogd.default |
| cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd |
| } # End of param_ulogd () |
| |
| ################################################################################## |
| ## Fonction param_awstats ## |
| ## - configuration de l'interface des logs de consultation WEB (AWSTAT) ## |
| ################################################################################## |
| 1355,7 → 1384,7 |
|---|
| else |
| mode="install" |
| fi |
| for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus firewall param_awstats param_dnsmasq BL cron post_install |
| for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus firewall param_ulogd param_awstats param_dnsmasq BL cron post_install |
| |
| do |
| $func |