Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1851 → Rev 1852

/scripts/alcasar-bl.sh
15,6 → 15,7
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address
DIR_tmp="/tmp/blacklists"
DIR_WL_tmp="/tmp/whitelists"
FILE_tmp="/tmp/filesfilter.txt"
FILE_ip_tmp="/tmp/filesipfilter.txt"
DIR_DG="/etc/dansguardian/lists"
31,6 → 32,8
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the domains BL (only enabled categories)
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' ' '
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories)
DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled" # ' ' ip WL (ossi and ossi-* imported from ACC)
DIR_IP_WL="$DIR_SHARE/iptables-wl-enabled" # ' ' ip WL (ossi and ossi-* imported from ACC)
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf" # conf file of dnsmasq-blacklist
DNS1=`grep "DNS1" $CONF_FILE | cut -d '=' -f 2` # server DNS1 (for WL domain names)
BL_SERVER="dsi.ut-capitole.fr"
41,6 → 44,7
# saving ossi category
mkdir $DIR_tmp
cp $DIR_IP_BL/ossi $DIR_tmp
if [ -d $DIR_IP_BL_ENABLED ]
then
for file in `ls -1 $DIR_IP_BL_ENABLED | grep -v "^ossi-*"`
51,6 → 55,18
mkdir $DIR_IP_BL_ENABLED
chown apache $DIR_IP_BL_ENABLED
fi
if [ -d $DIR_IP_WL_ENABLED ]
then
for file in `ls -1 $DIR_IP_WL_ENABLED | grep -v "^ossi-*"`
do
rm -f $DIR_IP_WL_ENABLED/$file
done
else
mkdir $DIR_IP_WL_ENABLED
chown apache $DIR_IP_WL_ENABLED
fi
if [ -d $DIR_DNS_BL_ENABLED ]
then
for file in `ls -1 $DIR_DNS_BL_ENABLED | grep -v "^ossi-*"`
61,10 → 77,18
mkdir $DIR_DNS_BL_ENABLED
chown apache $DIR_DNS_BL_ENABLED
fi
rm -rf $DIR_DNS_WL_ENABLED # cleaning for dnsmasq and iptables
if [ -d $DIR_DNS_WL_ENABLED ]
then
for file in `ls -1 $DIR_DNS_WL_ENABLED | grep -v "^ossi-*"`
do
rm -f $DIR_DNS_WL_ENABLED/$file
done
else
mkdir $DIR_DNS_WL_ENABLED
chown apache $DIR_DNS_WL_ENABLED
fi
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG
$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines)
mkdir $DIR_DNS_WL_ENABLED
# process the file $BL_CATEGORIES with the choice of categories
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
do
86,10 → 110,12
done
sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp
mv $FILE_tmp $WL_CATEGORIES
# restoring ip files and ossi category
# restoring ip files and ossi category BL/WL
mv $DIR_tmp/ossi $DIR_IP_BL
chown apache $DIR_IP_BL/ossi
rm -rf $DIR_tmp
}
 
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload }"
126,10 → 152,10
# Adapt Toulouse BL to ALCASAR architecture (dnsmasq + DG + iptables)
-adapt | --adapt)
echo -n "Toulouse BlackList migration process. Please wait : "
if [ ! -e $DIR_SHARE/ossi-ip-wl ]
if [ ! -e $DIR_IP_WL_ENABLED/ossi ]
then
touch $DIR_SHARE/ossi-ip-wl
chown apache $DIR_SHARE/ossi-ip-wl
touch $DIR_IP_WL_ENABLED/ossi
chown apache $DIR_IP_WL_ENABLED/ossi
fi
if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL
then
/scripts/alcasar-iptables.sh
37,8 → 37,7
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off}
BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP
BL_IP_OSSI="/usr/local/share/iptables-bl/ossi" # ossi categoty
WL_IP_OSSI="/usr/local/share/ossi-ip-wl" # ip of the whitelist
DNSMASQ_WL_ENABLED="/usr/local/share/dnsmasq-wl-enabled" # enabled domain names for the Whitelist
DIR_WL_IP_ENABLED="/usr/local/share/iptables-wl-enabled/" # ip files repository of the WL (feature : imported wl file from ACC)
TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set
TMP_set_save="/tmp/ipset_save" # tmp file for blacklist and whitelist creation
SSH=`grep ^SSH= $CONF_FILE|cut -d"=" -f2` # sshd active (on/off)
121,10 → 120,15
 
###### WL set ###########
# Calcul de la taille / Compute the length
wl_set_length=$(($(wc -l $DNSMASQ_WL_ENABLED/* | awk '{print $1}' | tail -n 1)*3))
wl_set_length=$(($(wc -l $DIR_WL_IP_ENABLED/* | awk '{print $1}' | tail -n 1)*3))
# Chargement Loading
echo "create whitelist_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save
cat $WL_IP_OSSI >> $TMP_set_save
#get ip-wl files from ACC
for ossi in `ls -1 $DIR_WL_IP_ENABLED`
do
echo $ossi
cat $DIR_WL_IP_ENABLED/$ossi >> $TMP_set_save
done
ipset -! restore < $TMP_set_save
rm -f $TMP_set_save
 
/scripts/alcasar-url_filter_wl.sh
11,7 → 11,7
 
TINY_CONF="/etc/tinyproxy/tinyproxy.conf"
DNSMASQ_WL_CONF="/etc/dnsmasq-whitelist.conf"
IP_WL="/usr/local/share/ossi-ip-wl"
IP_WL="/usr/local/share/iptables-wl-enabled/ossi-ip-safesearch"
CONF_FILE="/usr/local/etc/alcasar.conf"
SED="/bin/sed -i"
safesearch="Off"
60,7 → 60,7
echo "add whitelist_ip_allowed $forcesafesearch_server" >> $IP_WL
else
$SED "/google/d" $DNSMASQ_WL_CONF
$SED "/$forcesafesearch_server/d" $IP_WL
rm $IP_WL
fi
systemctl restart dnsmasq-whitelist
fi