Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2520 → Rev 2521

/scripts/alcasar-activity_report.sh
156,7 → 156,7
elif [ $(echo $LINE_HTML | grep 'XXMAJBLXX' | wc -l) -eq 1 ]
then
VALUE=$(cat /etc/dansguardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6)
VALUE=$(cat /etc/e2guardian/lists/blacklists/README | grep 'Last version' | cut -d' ' -f4-6)
echo ${LINE_HTML/XXMAJBLXX/$VALUE} >> $HTML_REPORT
elif [ $(echo $LINE_HTML | grep 'XXRPMXX' | wc -l) -eq 1 ]
165,7 → 165,7
#get timestamp of X day ago. Then we get every packets chich have been updated since this date.
if [ $(rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | wc -l) -gt 1 ]
then
PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|dansguardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
PACKAGE='php|lighttpd|iptables|dnsmasq|radius|tinyproxy|nfdump|e2guardian|clamav|ulogd|chilli|fail2ban|openssh|havp|ipt-netflow|wget'
rpm -qa --queryformat '%{installtime} %{name} %{version}\n' | awk -v seuil="$SECS_AGO" '$1 > seuil' | sort -n | grep -E "$PACKAGE" | while read RPM_ALCASAR
do
RPM_TIMESTAMP=$(echo $RPM_ALCASAR | cut -d' ' -f1)
/scripts/alcasar-bl.sh
6,8 → 6,8
# by Franck BOUIJOUX and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
 
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian)
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian)
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via E2guardian)
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (E2guardian)
 
DIR_CONF="/usr/local/etc"
CONF_FILE="$DIR_CONF/alcasar.conf"
18,7 → 18,7
DIR_WL_tmp="/tmp/whitelists"
FILE_tmp="/tmp/filesfilter.txt"
FILE_ip_tmp="/tmp/filesipfilter.txt"
DIR_DG="/etc/dansguardian/lists"
DIR_DG="/etc/e2guardian/lists"
DIR_DG_BL="$DIR_DG/blacklists"
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" # ' ' WL categories
65,7 → 65,7
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
do
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE
ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE
# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # Blacklisted domains are managed by dnsmasq
82,7 → 82,7
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`
do
$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES
ln -sf $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE
done
sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp
154,7 → 154,7
rm -rf $DIR_DG_BL $DIR_IP_BL
mkdir $DIR_DG_BL $DIR_IP_BL
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
chown -R dansguardian:apache $DIR_DG
chown -R e2guardian:apache $DIR_DG
chmod -R 770 $DIR_DG
# Add the two local categories (ossi-bl & ossi-wl) to the usage file
# Add the custom categories (ossi-tor_nodes) to the usage file
238,7 → 238,7
if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist
then
touch $PATH_FILE/urls
chown dansguardian:apache $PATH_FILE/urls
chown e2guardian:apache $PATH_FILE/urls
fi
cp $PATH_FILE/domains $FILE_tmp
clean_split # clean ossi custom files & split them for dnsmasq and for iptables
294,7 → 294,7
done
/usr/bin/systemctl restart dnsmasq-whitelist
/usr/bin/systemctl restart dnsmasq-blacklist
/usr/bin/systemctl restart dansguardian
/usr/bin/systemctl restart e2guardian
/usr/local/bin/alcasar-iptables.sh
else
echo -n "/usr/local/etc/update_cat.conf is empty ..."
350,7 → 350,7
if [ $enabled == "1" ]
then
$SED "/\/$ossi_categorie$/d" $WL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $WL_CATEGORIES
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ossi_categorie" $WL_CATEGORIES
ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie
ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie
fi
363,7 → 363,7
if [ $enabled == "1" ]
then
$SED "/\/$ossi_categorie$/d" $BL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $BL_CATEGORIES
$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ossi_categorie" $BL_CATEGORIES
ln -sf $DIR_DNS_BL/$ossi_categorie.conf $DIR_DNS_BL_ENABLED/$ossi_categorie
ln -sf $DIR_IP_BL/$ossi_categorie $DIR_IP_BL_ENABLED/$ossi_categorie
fi
/scripts/alcasar-conf.sh
21,7 → 21,7
DIR_BIN="/usr/local/bin" # scripts directory
DIR_ETC="/usr/local/etc" # conf directory
DIR_SHARE="/usr/local/share" # data directory
DIR_BLACKLIST="/etc/dansguardian/lists/blacklists" # Toulouse BL directory
DIR_BLACKLIST="/etc/e2guardian/lists/blacklists" # Toulouse BL directory
CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
87,12 → 87,12
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE
# backup BL/WL custom files
mkdir $DIR_UPDATE/custom_bl
cp -f /etc/dansguardian/lists/exceptioniplist $DIR_UPDATE/custom_bl/
cp -f /etc/dansguardian/lists/urlregexplist $DIR_UPDATE/custom_bl/
cp -f /etc/dansguardian/lists/exceptionsitelist $DIR_UPDATE/custom_bl/
cp -f /etc/dansguardian/lists/bannedsitelist $DIR_UPDATE/custom_bl/
cp -f /etc/dansguardian/lists/exceptionurllist $DIR_UPDATE/custom_bl/
cp -f /etc/dansguardian/lists/bannedurllist $DIR_UPDATE/custom_bl/
cp -f /etc/e2guardian/lists/exceptioniplist $DIR_UPDATE/custom_bl/
cp -f /etc/e2guardian/lists/urlregexplist $DIR_UPDATE/custom_bl/
cp -f /etc/e2guardian/lists/exceptionsitelist $DIR_UPDATE/custom_bl/
cp -f /etc/e2guardian/lists/bannedsitelist $DIR_UPDATE/custom_bl/
cp -f /etc/e2guardian/lists/exceptionurllist $DIR_UPDATE/custom_bl/
cp -f /etc/e2guardian/lists/bannedurllist $DIR_UPDATE/custom_bl/
cp -rf $DIR_BLACKLIST/ossi-* $DIR_UPDATE/custom_bl/ 2>/dev/null
# backup of different conf files (main conf file, filtering, digest, etc)
mkdir $DIR_UPDATE/etc/
134,15 → 134,15
# Retrieve local parameters
[ -d $DIR_UPDATE/etc ] && cp -rf $DIR_UPDATE/etc/* $DIR_ETC/
# Retrieve BL/WL custom files
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/custom_bl/bannedsitelist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/custom_bl/exceptionurllist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/custom_bl/bannedurllist /etc/dansguardian/lists/
cp -f $DIR_UPDATE/custom_bl/exceptioniplist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/urlregexplist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/bannedsitelist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/exceptionurllist /etc/e2guardian/lists/
cp -f $DIR_UPDATE/custom_bl/bannedurllist /etc/e2guardian/lists/
cp -rf $DIR_UPDATE/custom_bl/ossi-* $DIR_BLACKLIST/ 2>/dev/null
chown -R dansguardian:apache /etc/dansguardian/lists
chmod -R g+rw /etc/dansguardian/lists
chown -R e2guardian:apache /etc/e2guardian/lists
chmod -R g+rw /etc/e2guardian/lists
# Adapt DNS/URL filtering
PARENT_SCRIPT=`basename $0`
export PARENT_SCRIPT
360,7 → 360,7
# tinyproxy
$SED "s?^Listen.*?Listen $PRIVATE_IP?g" /etc/tinyproxy/tinyproxy.conf
# DG + BL
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/e2guardian/e2guardian.conf
# Watchdog
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh
# Prompts
/scripts/alcasar-daemon.sh
10,7 → 10,7
conf_file="/usr/local/etc/alcasar.conf"
SSH=`grep ^SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off)
SSH=${SSH:=off}
SERVICES="mysqld lighttpd ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat"
SERVICES="mysqld lighttpd ntpd havp dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd tinyproxy nfsen e2guardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban sshd vnstat"
nb_available_srv=`echo $SERVICES|wc -w`
 
function ServiceTest () {
/scripts/alcasar-iptables.sh
42,7 → 42,7
SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2`
SSH_ADMIN_FROM=${SSH_ADMIN_FROM:="0.0.0.0/0.0.0.0"} # WAN IP address to reduce ssh access (all ip allowed on LAN side)
IPTABLES="/sbin/iptables"
IP_REHABILITEES="/etc/dansguardian/lists/exceptioniplist" # Rehabilitated IP
IP_REHABILITEES="/etc/e2guardian/lists/exceptioniplist" # Rehabilitated IP
SITE_DIRECT="/usr/local/etc/alcasar-site-direct" # Site Direct (no havp and no filtrage) for user BL
 
# Sauvegarde des SET des utilisateurs connectés si ils existent
159,8 → 159,8
# Mark packets that attempt to directly access a server without authentication with proxy client to reject them in INPUT rules
#$IPTABLES -A PREROUTING -t mangle -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp -m tcp --dport 80 -m string --string 'GET http' --algo bm --from 50 --to 70 -j MARK --set-mark 10
 
# Marquage (et journalisation) des paquets qui tentent d'accéder directement au 8080 (DansGuardian) pour pouvoir les rejeter en INPUT
# Mark (and log) the direct attempts to TCP port 8090 (dansguardian) in order to REJECT them in INPUT rules
# Marquage (et journalisation) des paquets qui tentent d'accéder directement au 8080 (E2Guardian) pour pouvoir les rejeter en INPUT
# Mark (and log) the direct attempts to TCP port 8090 (e2guardian) in order to REJECT them in INPUT rules
$IPTABLES -A PREROUTING -t nat -i $TUNIF -p tcp -d $PRIVATE_IP -m tcp --dport 8080 -j NFLOG --nflog-group 1 --nflog-prefix "RULE direct-proxy -- DENY "
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -d $PRIVATE_IP -p tcp -m tcp --dport 8080 -j MARK --set-mark 1
 
211,8 → 211,8
# Redirect HTTP of 'havp_wl' users who want IP not in the WL to ALCASAR ('access denied' page)
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_wl src -m set ! --match-set wl_ip_allowed dst -p tcp --dport http -j REDIRECT --to-port 80
 
# Redirection des requêtes HTTP sortantes des usagers 'havp_bl' vers DansGuardian
# Redirect outbound HTTP requests of "BL" users to DansGuardian (transparent proxy)
# Redirection des requêtes HTTP sortantes des usagers 'havp_bl' vers E2Guardian
# Redirect outbound HTTP requests of "BL" users to E2Guardian (transparent proxy)
# $IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl src -m set ! --match-set site_direct dst ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080
# Redirection des requêtes HTTP sortantes des usager 'havp_wl' et 'havp' vers Tinyproxy
257,12 → 257,12
# Conntrack on INPUT
$IPTABLES -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
# On interdit les connexions directes au port utilisé par DansGuardian (8080). Les packets concernés ont été marqués et loggués dans la table mangle (PREROUTING)
# Deny direct connections on DansGuardian port (8080). The concerned paquets have been marked and logged in mangle table (PREROUTING)
# On interdit les connexions directes au port utilisé par E2Guardian (8080). Les packets concernés ont été marqués et loggués dans la table mangle (PREROUTING)
# Deny direct connections on E2Guardian port (8080). The concerned paquets have been marked and logged in mangle table (PREROUTING)
$IPTABLES -A INPUT -i $TUNIF -p tcp --dport 8080 -m mark --mark 1 -j REJECT --reject-with tcp-reset
 
# Autorisation des connexions légitimes à DansGuardian
# Allow connections for DansGuardian
# Autorisation des connexions légitimes à E2Guardian
# Allow connections for E2Guardian
$IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp --dport 8080 -m conntrack --ctstate NEW --syn -j ACCEPT
 
# On interdit les connexions directes au port utilisé par tinyproxy (8090). Les packets concernés ont été marqués et loggués dans la table mangle (PREROUTING)
452,8 → 452,8
# Allow DNS requests to identified DNS servers
$IPTABLES -A OUTPUT -o $EXTIF -d $DNSSERVERS -p udp --dport domain -m conntrack --ctstate NEW -j ACCEPT
 
# On autorise les requêtes HTTP avec log Netflow (en provenance de Dansguardian)
# HTTPS requests are allowed with netflow log (from Dansguardian)
# On autorise les requêtes HTTP avec log Netflow (en provenance de E2guardian)
# HTTPS requests are allowed with netflow log (from E2guardian)
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
 
/scripts/alcasar-rpm-download.sh
13,7 → 13,7
# The kernel version we compile netflow for
KERNEL="kernel-server-4.14.20-1.mga6-1-1.mga6"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional"
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap apache apache-mod_ssl apache-mod_php e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional"
 
rpm_repository_sync ()
{
/scripts/alcasar-uninstall.sh
101,17 → 101,17
[ -e /lib/systemd/system/chilli.service ] && rm /lib/systemd/system/chilli.service && echo -n "4"
}
 
dansguardian ()
e2guardian ()
{
echo -en "(8) : "
[ -d /var/dansguardian ] && rm -rf /var/dansguardian && echo -n "1, "
[ -e /etc/dansguardian/dansguardian.conf.default ] && mv /etc/dansguardian/dansguardian.conf.default /etc/dansguardian/dansguardian.conf && echo -n "2, "
[ -e /etc/dansguardian/lists/bannedphraselist.default ] && mv /etc/dansguardian/lists/bannedphraselist.default /etc/dansguardian/lists/bannedphraselist && echo -n "3, "
[ -e /etc/dansguardian/dansguardianf1.conf.default ] && mv /etc/dansguardian/dansguardianf1.conf.default /etc/dansguardian/dansguardianf1.conf && echo -n "4, "
[ -e /etc/dansguardian/lists/bannedextensionlist.default ] && mv /etc/dansguardian/lists/bannedextensionlist.default /etc/dansguardian/lists/bannedextensionlist && echo -n "5, "
[ -e /etc/dansguardian/lists/bannedmimetypelist.default ] && mv /etc/dansguardian/lists/bannedmimetypelist.default /etc/dansguardian/lists/bannedmimetypelist && echo -n "6, "
[ -e /etc/dansguardian/lists/exceptioniplist.default ] && mv /etc/dansguardian/lists/exceptioniplist.default /etc/dansguardian/lists/exceptioniplist && echo -n "7, "
[ -e /etc/dansguardian/lists/bannedsitelist.default ] && mv /etc/dansguardian/lists/bannedsitelist.default /etc/dansguardian/lists/bannedsitelist && echo -n "8"
[ -d /var/e2guardian ] && rm -rf /var/e2guardian && echo -n "1, "
[ -e /etc/e2guardian/e2guardian.conf.default ] && mv /etc/e2guardian/e2guardian.conf.default /etc/e2guardian/e2guardian.conf && echo -n "2, "
[ -e /etc/e2guardian/lists/bannedphraselist.default ] && mv /etc/e2guardian/lists/bannedphraselist.default /etc/e2guardian/lists/bannedphraselist && echo -n "3, "
[ -e /etc/e2guardian/e2guardianf1.conf.default ] && mv /etc/e2guardian/e2guardianf1.conf.default /etc/e2guardian/e2guardianf1.conf && echo -n "4, "
[ -e /etc/e2guardian/lists/bannedextensionlist.default ] && mv /etc/e2guardian/lists/bannedextensionlist.default /etc/e2guardian/lists/bannedextensionlist && echo -n "5, "
[ -e /etc/e2guardian/lists/bannedmimetypelist.default ] && mv /etc/e2guardian/lists/bannedmimetypelist.default /etc/e2guardian/lists/bannedmimetypelist && echo -n "6, "
[ -e /etc/e2guardian/lists/exceptioniplist.default ] && mv /etc/e2guardian/lists/exceptioniplist.default /etc/e2guardian/lists/exceptioniplist && echo -n "7, "
[ -e /etc/e2guardian/lists/bannedsitelist.default ] && mv /etc/e2guardian/lists/bannedsitelist.default /etc/e2guardian/lists/bannedsitelist && echo -n "8"
}
 
antivirus ()
285,7 → 285,7
echo "----------------------------------------------------------------------------"
echo "** Uninstall/Désinstallation d'ALCASAR **"
echo "----------------------------------------------------------------------------"
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian dnsmasq sshd chilli"
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian dnsmasq sshd chilli"
/usr/local/bin/alcasar-logout.sh all # logout everybody
else
echo "--------------------------------------------------------------------------"
292,7 → 292,7
echo "** update/mise à jour d'ALCASAR **"
echo "--------------------------------------------------------------------------"
# dnsmasq & sshd should stay on to allow remote update
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian chilli"
services="alcasar-load_balancing vnstat havp freshclam ntpd lighttpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli"
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update
fi
 
326,7 → 326,7
/usr/bin/systemctl reload sshd
fi
echo "Reset ALCASAR main functions : "
for func in init ACC CA time_server init_db freeradius chilli dansguardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq cron fail2ban gammu_smsd msec letsencrypt post_install
for func in init ACC CA time_server init_db freeradius chilli e2guardian antivirus tinyproxy ulogd nfsen vnstat dnsmasq cron fail2ban gammu_smsd msec letsencrypt post_install
do
echo -en "\n- $func "
$func
/scripts/alcasar-url_filter_bl.sh
11,7 → 11,7
# Active / désactive : le filtrage des url contenant une adresse ip à la place d'un nom de domaine
# Enable / disable : filter of urls containing ip address instead of domain name
 
DIR_DG="/etc/dansguardian/lists"
DIR_DG="/etc/e2guardian/lists"
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf"
CONF_FILE="/usr/local/etc/alcasar.conf"
SED="/bin/sed -i"
85,6 → 85,6
else
$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist
fi
systemctl restart dansguardian
systemctl restart e2guardian
systemctl restart dnsmasq-blacklist
fi
/scripts/alcasar-urpmi.sh
14,7 → 14,7
# The kernel version we compile netflow for
KERNEL="kernel-server-4.14.30-3.mga6-1-1.mga6"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional"
PACKAGES="arp-scan vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm e2guardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop man dos2unix p7zip bc msec kernel-userspace-headers dnsmasq netcat-traditional"
 
rpm_repository_sync ()
{