Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2832 → Rev 2833

/scripts/alcasar-conf.sh
153,7 → 153,7
[ -e $DIR_UPDATE/etc/alcasar-uamallowed ] && cp -f $DIR_UPDATE/etc/alcasar-uamallowed $DIR_ETC/ # exception IP_addresses or network_IP_addresses
[ -e $DIR_UPDATE/etc/alcasar-ethers ] && cp -f $DIR_UPDATE/etc/alcasar-ethers $DIR_ETC/ # DHCP static hosts
[ -e $DIR_UPDATE/etc/alcasar-ethers-info ] && cp -f $DIR_UPDATE/etc/alcasar-ethers-info $DIR_ETC/ # DHCP static hosts information
[ -e $DIR_UPDATE/etc/hosts ] && cp -f $DIR_UPDATE/etc/hosts /etc/ && $DIR_BIN/alcasar-dns-local.sh -hosts_to_unbound # local hosts name
[ -e $DIR_UPDATE/etc/hosts ] && cp -f $DIR_UPDATE/etc/hosts /etc/ # local host name resolution
# Retrieve BL/WL custom files
cp -f $DIR_UPDATE/custom_bl/exceptioniplist $DIR_E2G/
cp -f $DIR_UPDATE/custom_bl/exceptionsitelist $DIR_E2G/
377,20 → 377,6
forward-addr: $DNS1
forward-addr: $DNS2
EOF
# Configuration file of ALCASAR main domains for $INTIF
cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
server:
local-zone: "$DOMAIN" static
local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"
local-data-ptr: "$PRIVATE_IP $HOSTNAME.$DOMAIN"
EOF
if [ "$HOSTNAME" != 'alcasar' ]
then
echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
echo -e "\tlocal-zone: \"alcasar A $PRIVATE_IP\"" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf
echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf
fi
# Configuration file for lo of forward
cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf
server:
429,16 → 415,6
access-control-tag-action: $PRIVATE_IP_MASK "whitelist" redirect
access-control-tag-data: $PRIVATE_IP_MASK "whitelist" "A $PRIVATE_IP"
EOF
# Configuration file for $INTIF of blackhole
cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf
server:
interface: ${PRIVATE_IP}@56
access-control-view: $PRIVATE_NETWORK_MASK $INTIF
view:
name: "$INTIF"
local-zone: "." redirect
local-data: ". A $PRIVATE_IP"
EOF
# dhcpd
cat <<EOF > /etc/dhcpd.conf
ddns-update-style none;
451,6 → 427,7
max-lease-time 43200;
}
EOF
$DIR_BIN/alcasar-dns-local.sh -hosts_to_unbound # add local name resoution to unbound (forward & blackhole)
# tinyproxy
$SED "s?^Listen.*?Listen $PRIVATE_IP?g" /etc/tinyproxy/tinyproxy.conf
# DG + BL
/scripts/alcasar-dns-local.sh
17,10 → 17,12
# define DNS parameters (LAN side)
INT_DNS_DOMAIN=`grep ^DOMAIN $ALCASAR_CONF_FILE|cut -d"=" -f2`
INT_DNS_HOST=`grep ^HOSTNAME $ALCASAR_CONF_FILE|cut -d"=" -f2`
INT_DNS_IP_MASK=`grep ^PRIVATE_IP $ALCASAR_CONF_FILE|cut -d"=" -f2`
INT_DNS_IP=`grep ^PRIVATE_IP $ALCASAR_CONF_FILE|cut -d"=" -f2|cut -d"/" -f1`
INTIF=`grep ^INTIF $ALCASAR_CONF_FILE|cut -d"=" -f2`
INT_DNS_ACTIVE=`grep INT_DNS_ACTIVE $ALCASAR_CONF_FILE|cut -d"=" -f2`
LOCAL_DNS_FILE="/etc/unbound/conf.d/common/local-dns/$INTIF.conf"
LOCAL_DNS_BLACKHOLE_FILE="/etc/unbound/conf.d/blackhole/iface.$INTIF.conf"
 
usage="Usage: alcasar-dns-local.sh {--on | -on} | {--off | -off} | {--add | -add} ip domain | {--del | -del} ip domain | {--reload | -reload}"
nb_args=$#
38,7 → 40,7
done
}
 
function hosts_to_unbound(){
function hosts_to_unbound(){ # configure the unbound conf file with local host names resolution (forward + blackhole)
cat << EOF > $LOCAL_DNS_FILE
server:
local-zone: "$INT_DNS_DOMAIN" static
45,6 → 47,26
local-data: "$INT_DNS_HOST.$INT_DNS_DOMAIN A $INT_DNS_IP"
local-data-ptr: "$INT_DNS_IP $INT_DNS_HOST.$INT_DNS_DOMAIN"
EOF
if [ "$HOSTNAME" != 'alcasar' ]
then
echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
echo -e "\tlocal-zone: \"alcasar A $PRIVATE_IP\"" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf
echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf
fi
cat << EOF > $LOCAL_DNS_BLACKHOLE_FILE
server:
server:
interface: ${INT_DNS_IP}@56
access-control-view: $INT_DNS_IP_MASK $INTIF
view:
name: "$INTIF"
local-zone: "." redirect
local-data: ". A $INT_DNS_IP"
local-zone: "$INT_DNS_DOMAIN" static
local-data: "$INT_DNS_HOST.$INT_DNS_DOMAIN A $INT_DNS_IP"
local-data-ptr: "$INT_DNS_IP $INT_DNS_HOST.$INT_DNS_DOMAIN"
EOF
while read -r line
do
ip_address=$(echo $line | awk '{ print $1 }')
51,8 → 73,10
domain=$(echo $line | awk '{ print $2 }')
if ! echo $line | grep -E -q "^([0-9\.\t ]+alcasar( |$)|127\.0\.0)"
then
echo -e "\tlocal-data: \"$domaini.$INT_DNS_DOMAIN A $ip_address\"" >> $LOCAL_DNS_FILE
echo -e "\tlocal-data: \"$domain.$INT_DNS_DOMAIN A $ip_address\"" >> $LOCAL_DNS_FILE
echo -e "\tlocal-data-ptr: \"$ip_address $domain.$INT_DNS_DOMAIN\"" >> $LOCAL_DNS_FILE
echo -e "\tlocal-data: \"$domain.$INT_DNS_DOMAIN A $ip_address\"" >> $LOCAL_DNS_BLACKHOLE_FILE
echo -e "\tlocal-data-ptr: \"$ip_address $domain.$INT_DNS_DOMAIN\"" >> $LOCAL_DNS_BLACKHOLE_FILE
fi
done < $LOCAL_HOSTNAME_FILE
}
/scripts/alcasar-uninstall.sh
196,7 → 196,7
cron ()
{
# /etc/cron.d/alcasar-daemon-watchdog is removed at the beginning of this script
echo -en "(13) : "
echo -en "(12) : "
i=1
for cron in `ls /etc/cron.d/alcasar-* 2>/dev/null`
do
203,8 → 203,8
rm $cron && echo -n "$i, "
i=`expr $i + 1`
done
[ -e /etc/crontab.default ] && mv /etc/crontab.default /etc/crontab && echo -n "12, "
[ -e /etc/anacrontab.default ] && mv /etc/anacrontab.default /etc/anacrontab && echo -n "13"
[ -e /etc/crontab.default ] && mv /etc/crontab.default /etc/crontab && echo -n "11, "
[ -e /etc/anacrontab.default ] && mv /etc/anacrontab.default /etc/anacrontab && echo -n "12"
}
 
fail2ban ()