213,6 → 213,7 |
for rm_rpm in shorewall dhcp-server c-icap-server cyrus-sasl distcache-server avahi mandi radeontool |
do |
/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null |
echo -n "." |
done |
for svc in alsa sound dm atd netfs bootlogd stop-bootlogd |
do |
474,6 → 475,7 |
$SED "s?\$DB_USER = .*?\$DB_USER = \"$DB_USER\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
$SED "s?\$radiuspwd = .*?\$radiuspwd = \"$radiuspwd\"\;?g" $DIR_ACC/phpsysinfo/includes/xml/portail.php |
$SED "s?^\$private_ip =.*?\$private_ip = \"$PRIVATE_IP\";?g" $DIR_WEB/index.php |
$SED "s?\$hostname =.*?\$hostname = \"$HOSTNAME\";?g" $DIR_WEB/index.php |
chmod 640 $DIR_ACC/phpsysinfo/includes/xml/portail.php |
chown -R apache:apache $DIR_WEB/* |
for i in ISO base logs/firewall logs/httpd logs/squid ; |
541,7 → 543,7 |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
# Allow from $SRC_ADMIN |
# Allow from $SRC_ADMIN |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
907,7 → 909,7 |
touch $DIR_DG/lists/bannedextensionlist |
touch $DIR_DG/lists/bannedmimetypelist |
# 'Safesearch' regex actualisation |
$SED "s?images?search?g" /etc/ |
$SED "s?images?search?g" $DIR_DG/lists/urlregexplist |
# empty LAN IP list that won't be WEB filtered |
[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default |
touch $DIR_DG/lists/exceptioniplist |
964,7 → 966,7 |
$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
$SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
$SED "s?^DNSSERVERS=.*?PRIVATE_IP=\"$DNS1,$DNS2\"?g" $DIR_DEST_BIN/alcasar-iptables.sh |
$SED "s?^DNSSERVERS=.*?DNSSERVERS=\"$DNS1,$DNS2\"?g" $DIR_DEST_BIN/alcasar-iptables.sh |
chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau) |
# création du fichier d'exception au filtrage |
touch /usr/local/etc/alcasar-filter-exceptions |
1048,14 → 1050,15 |
[ -d /etc/dnsmasq.d ] || mkdir /etc/dnsmasq.d |
[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq |
[ -e /etc/dnsmasq.conf ] && cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default |
$SED "s?^[^#]?#&?g" /etc/dnsmasq.conf # (on commente ce qui ne l'est pas) |
$SED "s?^[^#]?#&?g" /etc/dnsmasq.conf # on commente ce qui ne l'est pas |
$SED "s?^#conf-dir=.*?conf-dir=/etc/dnsmasq.d?g" /etc/dnsmasq.conf # les fichiers de config se trouvent dans /etc/dnsmasq.d/* |
$SED "s?^DHCP_LEASE=.*?DHCP_LEASE=/var/log/dnsmasq/lease.log?g" /etc/sysconfig/dnsmasq # fichier contenant les baux |
# on crée le fichier de conf spécifique pour Alcasar |
# 1st configuration file for "dnsmasq + blackhole" (listen on udp 52) |
cat << EOF > /etc/dnsmasq.d/alcasar-dnsmasq.conf |
# Configuration file for "dnsmasq + blackhole" |
# Inclusion de la blacklist <domains> de Toulouse dans la configuration |
conf-dir=/usr/local/etc/alcasar-dnsfilter-enabled |
conf-file=/usr/local/etc/alcasar-dns-name # zone de definition de noms DNS locaux si besoin |
conf-file=/usr/local/etc/alcasar-dns-name # zone de definition de noms DNS locaux |
|
listen-address=$PRIVATE_IP |
listen-address=127.0.0.1 |
1071,6 → 1074,7 |
server=$DNS1 |
server=$DNS2 |
|
# le servive DHCP est configuré mais n'est exploité que pour le "bypass" |
dhcp-range=$ORGANISME,$PRIVATE_DYN_FIRST_IP,$PRIVATE_DYN_LAST_IP,$PRIVATE_MASK,12h |
#dhcp-option=3,1.2.3.4 |
#dhcp-option=option:router,1.2.3.4 |
1080,7 → 1084,33 |
# Exemple de configuration statique : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail> |
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m |
EOF |
# 2nd dnsmasq configuration file for filter exception user (listen on udp 54) |
cat << EOF > /etc/dnsmasq-forward.conf |
# Dnsmasq configuration for exception filter users (no blackhole) |
conf-file=/usr/local/etc/alcasar-dns-name # zone de definition de noms DNS locaux |
|
listen-address=$PRIVATE_IP |
listen-address=127.0.0.1 |
port=54 |
no-dhcp-interface=$INTIF |
bind-interfaces |
|
cache-size=256 |
domain=$DOMAIN |
domain-needed |
expand-hosts |
bogus-priv |
filterwin2k |
server=$DNS1 |
server=$DNS2 |
EOF |
# On crée le fichier de résolution locale |
touch /usr/local/etc/alcasar-dns-name |
# On modifie le fichier d'initialisattion (lancement dune deuxième instance) |
[ -e /etc/init.d/dnsmasq ] && cp /etc/init.d/dnsmasq /etc/init.d/dnsmasq.default |
$SED "s?^DOMAIN_SUFFIX=.*?DOMAIN_SUFFIX=''?g" /etc/init.d/dnsmasq |
$SED "/daemon \$dnsmasq/a daemon \$dnsmasq -C /etc/dnsmasq-forward.conf" /etc/init.d/dnsmasq |
$SED "/killproc \$iDAEMON_NAME/a killall \$DAEMON_NAME" /etc/init.d/dnsmasq |
} # End dnsmasq |
|
########################################################## |
1399,6 → 1429,8 |
if [ "$reponse" = "o" ] || [ "$reponse" = "O" ] |
then |
$DIR_SCRIPT/alcasar-conf.sh --create |
else |
rm -f /tmp/alcasar-conf* |
fi |
# On désinstalle la version actuelle |
$DIR_SCRIPTS/sbin/alcasar-uninstall.sh |