WebSVN – ALCASAR – Diff – /scripts/alcasar-bl.sh


#/bin/bash
 
# $Id: alcasar-bl.sh 2192 2017-05-01 19:52:53Z richard $
 
# alcasar-bl.sh
# by Franck BOUIJOUX and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
 
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian)
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian)
 
DIR_CONF="/usr/local/etc"
CONF_FILE="$DIR_CONF/alcasar.conf"
private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1`			# ALCASAR LAN IP address
DIR_tmp="/tmp/blacklists"
DIR_WL_tmp="/tmp/whitelists"
FILE_tmp="/tmp/filesfilter.txt"
FILE_ip_tmp="/tmp/filesipfilter.txt"
DIR_DG="/etc/dansguardian/lists"
DIR_DG_BL="$DIR_DG/blacklists"
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories"				# list of names of the 	BL categories
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories"				#	'	'	WL categories
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled"		#	'	'	BL enabled categories
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled"		#	'	'	WL enabled categories
DIR_SHARE="/usr/local/share"
DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl"					# all the BL in the DNSMASQ format
DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl"					# all the WL	'	'	'
DIR_IP_BL="$DIR_SHARE/iptables-bl"					# all the IP addresses of the BL 
DIR_IP_WL="$DIR_SHARE/iptables-wl"					# IP ossi disabled WL 
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled"			# symbolic link to the domains BL (only enabled categories)
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled"			#	'	'	'	WL	'	'
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled"			#	'	'	ip BL (only enabled categories)
DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled"			#	'	'	ip WL (ossi and ossi-* imported from ACC)
DNS1=`grep "DNS1" $CONF_FILE | cut -d '=' -f 2` 			# server DNS1 (for WL domain names)
BL_SERVER="dsi.ut-capitole.fr"
SED="/bin/sed -i"
 
# enable/disable the BL & WL categories
function cat_choice (){
	mkdir -p $DIR_tmp
	for LIST in $DIR_IP_BL_ENABLED $DIR_DNS_BL_ENABLED $DIR_IP_WL_ENABLED $DIR_DNS_WL_ENABLED
	do
		if [ ! -e $LIST ] #  only on install stage
		then
			mkdir $LIST
		else
			rm -rf $LIST/*
		fi
		chown root:apache $LIST
		chmod 770 $LIST
	done
	# update categories with rsync
	if [ ! -e $DIR_CONF/update_cat.conf ]
	then
		touch $DIR_CONF/update_cat.conf
		chown root:apache $DIR_CONF/update_cat.conf
		chmod 660 $DIR_CONF/update_cat.conf
	fi
	$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG
	$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines)
 
	# process the file $BL_CATEGORIES with the choice of categories 
	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` 
	do
		$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES 
		$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
		ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE
		ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE
		# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist  # Blacklisted domains are managed by dnsmasq
		echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist
	done
	sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp
	mv $FILE_tmp $BL_CATEGORIES
	chown root:apache $BL_CATEGORIES
	chmod 660 $BL_CATEGORIES
 
# process the file $WL_CATEGORIES with the choice of categories 
	for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED` 
	do
		$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES 
		$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES
		ln -sf $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE
	done
	sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp
	mv $FILE_tmp $WL_CATEGORIES
	chown root:apache $WL_CATEGORIES
	chmod 660 $WL_CATEGORIES
}
 
# cleaning file and split it ("domains" in $FILE_tmp & "IP" in $FILE_ip_tmp)
function clean_split (){
	$SED '/^#.*/d' $FILE_tmp # remove commented lines
	$SED '/^\s*$/d' $FILE_tmp # remove empty lines
	$SED '/[äâëêïîöôüû@,]/d' $FILE_tmp # remove line with "chelou" characters
	# extract ip addresses for iptables.
	awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $FILE_tmp > $FILE_ip_tmp
	# extract domain names for dnsmasq.
	$SED -n '/^\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/!p' $FILE_tmp
	# Retrieve max Top Level Domain for domain name synthax
	#MAX_TLD=$(curl http://data.iana.org/TLD/tlds-alpha-by-domain.txt | grep -v '-' | grep -v '#' | wc -L)
	#if [ $(echo $MAX_TLD | wc -c) -eq 0 ];then
	#	MAX_TLD=18
	#fi
	# search for correction	egrep "([a-zA-Z0-9_-.]+\.){1,2}[a-zA-Z]{2,$MAX_TLD}" $ossi_custom_dir/domains > $FILE_tmp
}
 
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload } | { -update_cat or --update_cat }"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
	  args="-h"
fi
case $args in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	# Retrieve Toulouse University BL
	-download | --download)
		rm -rf /tmp/con_ok.html
		`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`
		if [ ! -e /tmp/con_ok.html ]
		then
			echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable"
		else 
			rm -rf /tmp/con_ok.html $DIR_tmp
			mkdir $DIR_tmp
			wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz
			md5sum $DIR_tmp/blacklists.tar.gz | cut -d" " -f1 > $DIR_tmp/md5sum
			chown -R apache:apache $DIR_tmp
		fi
		;;		
	# enable/disable categories (used only during the alcasar install process)
	-cat_choice | --cat_choice)
		cat_choice
		;;
	# Adapt Toulouse University BL to ALCASAR architecture (dnsmasq + DG + iptables)
	-adapt | --adapt)
		echo -n "Adaptation process of Toulouse University blackList. Please wait : "
		if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL
		then
			# keep custom files (ossi) 
			for x in $(ls -1 $DIR_DG_BL | grep "^ossi-*")
			do
				mv $DIR_DG_BL/$x $DIR_tmp
			done
			rm -rf $DIR_DG_BL $DIR_IP_BL
			mkdir $DIR_DG_BL $DIR_IP_BL
			tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
			chown -R dansguardian:apache $DIR_DG
			chmod -R 770 $DIR_DG
			# Add the two local categories (ossi-bl & ossi-wl) to the usage file
			# Add the custom categories (ossi-tor_nodes) to the usage file
			cat << EOF >> $DIR_DG_BL/global_usage 
 
NAME: ossi-bl
DEFAULT_TYPE: black
SOURCE: ALCASAR Team
DESC FR: sites blacklistés ajoutés localement
DESC EN: blacklisted sites add locally
NAME FR: ossi-bl
NAME EN: ossi-bl
 
NAME: ossi-wl
DEFAULT_TYPE: white
SOURCE: ALCASAR Team
DESC FR: sites autorisés ajoutés localement
DESC EN: whitelisted sites add locally
NAME FR: ossi-wl
NAME EN: ossi-wl
 
NAME: ossi-bl-tor_nodes
DEFAULT_TYPE: black
SOURCE: ALCASAR Team
DESC FR: Adresses IP des noeuds (routeurs) d'entrée du réseau TOR
DESC EN: IP addresses of input TOR nodes (routers)
NAME FR: Noeuds TOR
NAME EN: TOR nodes
EOF
			# Retrieve custom files (ossi)
			for x in $(ls -1 $DIR_tmp | grep "^ossi-*")
			do
				mv $DIR_tmp/$x $DIR_DG_BL
			done
		fi
		rm -f $BL_CATEGORIES $WL_CATEGORIES
		rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
		rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED
		touch $BL_CATEGORIES $WL_CATEGORIES
		mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
		mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED
		find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist
		$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix
		for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files
		do
			categorie=`echo $dir_categorie|cut -d "/" -f6`
			categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie$ $DIR_DG_BL/global_usage | grep ^DEFAULT_TYPE | cut -d":" -f2 | tr -d " \t"`
			if [ "$categorie_type" == "white" ]
			then
				echo "$dir_categorie" >> $WL_CATEGORIES 
			else
				echo "$dir_categorie" >> $BL_CATEGORIES
			fi
		done
		rm -f $FILE_tmp
		# Verify that the enabled categories are effectively in the BL (need after an update of the BL)
		for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` 
		do
			ok=`grep /$ENABLE_CATEGORIE$ $BL_CATEGORIES|wc -l`
			if [ $ok != "1" ] 
			then
				$SED "/^$ENABLE_CATEGORIE$/d" $BL_CATEGORIES_ENABLED
			fi
		done
		# Verify that the enabled categories are effectively in the WL (need after an update of the WL)
		for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED` 
		do
			ok=`grep /$ENABLE_CATEGORIE$ $WL_CATEGORIES|wc -l`
			if [ $ok != "1" ] 
			then
				$SED "/^$ENABLE_CATEGORIE$/d" $WL_CATEGORIES_ENABLED
			fi
		done
		# Creation of DNSMASQ and Iptables BL and WL
		for LIST in $BL_CATEGORIES $WL_CATEGORIES	# for each list (bl and wl)
		do
			for PATH_FILE in `cat $LIST` # for each category
			do
				DOMAIN=`basename $PATH_FILE`
				echo -n "$DOMAIN, "
		  		if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist
				then
					touch $PATH_FILE/urls
					chown dansguardian:apache $PATH_FILE/urls
				fi
 
				cp $PATH_FILE/domains  $FILE_tmp
 
 
 
				clean_split # clean ossi custom files & split them for dnsmasq and for iptables
 
				if [ "$LIST" == "$BL_CATEGORIES" ]
				then
					# adapt to the dnsmasq syntax for the blacklist
					$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp 
					mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
					mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
				else
					# adapt to the dnsmasq syntax for the whitelist
					$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp 
					mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
				fi
			done
		done
		echo
		chown -R root:apache $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
	       	chmod 770 $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
		chmod -f 660 $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL/* $DIR_DNS_WL/* $DIR_IP_BL/* $DIR_IP_WL/*
		rm -f $FILE_tmp $FILE_ip_tmp
		rm -rf $DIR_tmp
		;;
	# Rsync the categories which are listed in "/usr/local/etc/update_cat.conf". Cron run this function every 12h
	-update_cat | --update_cat)
		if [ $(cat /usr/local/etc/update_cat.conf | wc -l) -ne 0 ]
		then
			echo -n "Updating categories in /usr/local/etc/update_cat.conf ..."
			cat /usr/local/etc/update_cat.conf | while read LIGNE_RSYNC
			do
				CATEGORIE=$(echo $LIGNE_RSYNC | cut -d' ' -f1)
				URL=$(echo $LIGNE_RSYNC | cut -d' ' -f2)
				PATH_FILE=$(find $DIR_DG_BL/ -type d -name $CATEGORIE) # retrieve directory name of the category
				rsync -rv $URL $(dirname $PATH_FILE ) #rsync inside of the blacklist directory
				# Creation of DNSMASQ and Iptables BL and WL
				DOMAIN=$(basename $PATH_FILE)
 
				cp $PATH_FILE/domains $FILE_tmp
 
 
				clean_split  # clean ossi custom files & split them for dnsmasq and for iptables
 
 
 
				black=`grep black $PATH_FILE/usage |wc -l`
				if [ $black == "1" ]
				then
					# adapt to the dnsmasq syntax for the blacklist
					$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp 
					mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
					mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
				else
					# adapt to the dnsmasq syntax for the whitelist
					$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp 
					mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
					mv $FILE_ip_tmp $DIR_IP_WL/$DOMAIN
				fi
				rm -f $FILE_tmp $FILE_ip_tmp
			done
			/usr/bin/systemctl restart dnsmasq-whitelist
			/usr/bin/systemctl restart dnsmasq-blacklist
			/usr/bin/systemctl restart dansguardian
			/usr/local/bin/alcasar-iptables.sh
		else
			  echo -n "/usr/local/etc/update_cat.conf is empty ..."
		fi
		echo 
		;;
	# reload when selected categories are changed or when ossi change his custom files
	-reload | --reload)
		# for DG
		cat_choice
		#  for dnsmasq (rehabited domain names)
		if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ]
		then
			for i in `cat $DIR_DG/exceptionsitelist`
			do
				$SED "/$i/d" $DIR_DNS_BL/*
			done
		fi
		# adapt OSSI BL & WL custom files
		for dir in $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIr_IP_WL
		do
			rm -f $dir/ossi*
		done
		find $DIR_DG_BL/ -type f -name domains | grep ossi- > $FILE_tmp # retrieve ossi directories name where a domain file exist
		$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix
 
 
 
 
 
 
 
		for ossi_custom_dir in `cat $FILE_tmp` # create the blacklist and the whitelist files
		do
			chown -R root:apache $ossi_custom_dir
			chmod 770 $ossi_custom_dir
			ossi_categorie=`echo $ossi_custom_dir|cut -d "/" -f6`
			short_categorie=`echo "$ossi_categorie" | cut -d"-" -f2`
			if [ $short_categorie == "bl" ]
			then
				categorie_type="black"
			else
				categorie_type="white"
			fi
 
 
			$SED "s/\r//" $ossi_custom_dir/domains $ossi_custom_dir/urls # remove Windows <CR> from custom file
			cp $ossi_custom_dir/domains $FILE_tmp
 
			clean_split # clean ossi custom files & split them for dnsmasq and for iptables
 
			if [ $categorie_type == "white" ]
			then
			# adapt the file to the dnsmasq syntax and enable it if needed
			# for the WL
				$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp 
				mv $FILE_tmp $DIR_DNS_WL/$ossi_categorie.conf
				mv $FILE_ip_tmp $DIR_IP_WL/$ossi_categorie
				enabled=`grep ^$ossi_categorie$ $WL_CATEGORIES_ENABLED | wc -l`
				if [ $enabled == "1" ]
				then
					$SED "/\/$ossi_categorie$/d" $WL_CATEGORIES 
					$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $WL_CATEGORIES
					ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie
					ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie
				fi
			else
			# for the BL
				$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp 
				mv $FILE_tmp $DIR_DNS_BL/$ossi_categorie.conf
				mv $FILE_ip_tmp $DIR_IP_BL/$ossi_categorie
				enabled=`grep ^$ossi_categorie$ $BL_CATEGORIES_ENABLED | wc -l`
				if [ $enabled == "1" ]
				then
					$SED "/\/$ossi_categorie$/d" $BL_CATEGORIES 
					$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $BL_CATEGORIES
					ln -sf $DIR_DNS_BL/$ossi_categorie.conf $DIR_DNS_BL_ENABLED/$ossi_categorie
					ln -sf $DIR_IP_BL/$ossi_categorie $DIR_IP_BL_ENABLED/$ossi_categorie
				fi
			fi
		done
		for file in $BL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES $WL_CATEGORIES_ENABLED
		do
			sort +0.0 -0.2 $file -o $FILE_tmp
			mv $FILE_tmp $file
			chown root:apache $file
			chmod 660 $file
		done
		chown -R root:apache $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
		chmod 660 $DIR_DNS_BL/* $DIR_DNS_WL/* $DIR_IP_BL/* $DIR_IP_WL/*
		if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage
		then
			/usr/bin/systemctl restart dnsmasq-blacklist
			/usr/bin/systemctl restart dnsmasq-whitelist
			/usr/local/bin/alcasar-iptables.sh
		fi
		;;
	*)
		echo "Argument inconnu :$1";
		echo "$usage"
		exit 1
		;;
esac
 
 

Rev 2187	Rev 2192
1	`#/bin/bash`	1	`#/bin/bash`
2		2
3	`# $Id: alcasar-bl.sh 2187 2017-04-27 22:18:45Z richard $`	3	`# $Id: alcasar-bl.sh 2192 2017-05-01 19:52:53Z richard $`
4		4
5	`# alcasar-bl.sh`	5	`# alcasar-bl.sh`
6	`# by Franck BOUIJOUX and Richard REY`	6	`# by Franck BOUIJOUX and Richard REY`
7	`# This script is distributed under the Gnu General Public License (GPL)`	7	`# This script is distributed under the Gnu General Public License (GPL)`
8		8
9	`# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian)`	9	`# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian)`
10	`# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian)`	10	`# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian)`
11		11
12	`DIR_CONF="/usr/local/etc"`	12	`DIR_CONF="/usr/local/etc"`
13	`CONF_FILE="$DIR_CONF/alcasar.conf"`	13	`CONF_FILE="$DIR_CONF/alcasar.conf"`
14	private_ip_mask=`grep PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`	14	private_ip_mask=`grep PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`
15	`private_ip_mask=${private_ip_mask:=192.168.182.1/24}`	15	`private_ip_mask=${private_ip_mask:=192.168.182.1/24}`
16	PRIVATE_IP=`echo $private_ip_mask \| cut -d"/" -f1` # ALCASAR LAN IP address	16	PRIVATE_IP=`echo $private_ip_mask \| cut -d"/" -f1` # ALCASAR LAN IP address
17	`DIR_tmp="/tmp/blacklists"`	17	`DIR_tmp="/tmp/blacklists"`
18	`DIR_WL_tmp="/tmp/whitelists"`	18	`DIR_WL_tmp="/tmp/whitelists"`
19	`FILE_tmp="/tmp/filesfilter.txt"`	19	`FILE_tmp="/tmp/filesfilter.txt"`
20	`FILE_ip_tmp="/tmp/filesipfilter.txt"`	20	`FILE_ip_tmp="/tmp/filesipfilter.txt"`
21	`DIR_DG="/etc/dansguardian/lists"`	21	`DIR_DG="/etc/dansguardian/lists"`
22	`DIR_DG_BL="$DIR_DG/blacklists"`	22	`DIR_DG_BL="$DIR_DG/blacklists"`
23	`BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories`	23	`BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories`
24	`WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" # ' ' WL categories`	24	`WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" # ' ' WL categories`
25	`BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" # ' ' BL enabled categories`	25	`BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" # ' ' BL enabled categories`
26	`WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled" # ' ' WL enabled categories`	26	`WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled" # ' ' WL enabled categories`
27	`DIR_SHARE="/usr/local/share"`	27	`DIR_SHARE="/usr/local/share"`
28	`DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl" # all the BL in the DNSMASQ format`	28	`DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl" # all the BL in the DNSMASQ format`
29	`DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl" # all the WL ' ' '`	29	`DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl" # all the WL ' ' '`
30	`DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL`	30	`DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL`
31	`DIR_IP_WL="$DIR_SHARE/iptables-wl" # IP ossi disabled WL`	31	`DIR_IP_WL="$DIR_SHARE/iptables-wl" # IP ossi disabled WL`
32	`DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the domains BL (only enabled categories)`	32	`DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the domains BL (only enabled categories)`
33	`DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' '`	33	`DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' '`
34	`DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories)`	34	`DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories)`
35	`DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled" # ' ' ip WL (ossi and ossi-* imported from ACC)`	35	`DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled" # ' ' ip WL (ossi and ossi-* imported from ACC)`
36	DNS1=`grep "DNS1" $CONF_FILE \| cut -d '=' -f 2` # server DNS1 (for WL domain names)	36	DNS1=`grep "DNS1" $CONF_FILE \| cut -d '=' -f 2` # server DNS1 (for WL domain names)
37	`BL_SERVER="dsi.ut-capitole.fr"`	37	`BL_SERVER="dsi.ut-capitole.fr"`
38	`SED="/bin/sed -i"`	38	`SED="/bin/sed -i"`
39		39
40	`# enable/disable the BL & WL categories`	40	`# enable/disable the BL & WL categories`
41	`function cat_choice (){`	41	`function cat_choice (){`
42	`mkdir -p $DIR_tmp`	42	`mkdir -p $DIR_tmp`
43	`for LIST in $DIR_IP_BL_ENABLED $DIR_DNS_BL_ENABLED $DIR_IP_WL_ENABLED $DIR_DNS_WL_ENABLED`	43	`for LIST in $DIR_IP_BL_ENABLED $DIR_DNS_BL_ENABLED $DIR_IP_WL_ENABLED $DIR_DNS_WL_ENABLED`
44	`do`	44	`do`
45	`if [ ! -e $LIST ] # only on install stage`	45	`if [ ! -e $LIST ] # only on install stage`
46	`then`	46	`then`
47	`mkdir $LIST`	47	`mkdir $LIST`
48	`else`	48	`else`
49	`rm -rf $LIST/*`	49	`rm -rf $LIST/*`
50	`fi`	50	`fi`
51	`chown root:apache $LIST`	51	`chown root:apache $LIST`
52	`chmod 770 $LIST`	52	`chmod 770 $LIST`
53	`done`	53	`done`
54	`# update categories with rsync`	54	`# update categories with rsync`
55	`if [ ! -e $DIR_CONF/update_cat.conf ]`	55	`if [ ! -e $DIR_CONF/update_cat.conf ]`
56	`then`	56	`then`
57	`touch $DIR_CONF/update_cat.conf`	57	`touch $DIR_CONF/update_cat.conf`
58	`chown root:apache $DIR_CONF/update_cat.conf`	58	`chown root:apache $DIR_CONF/update_cat.conf`
59	`chmod 660 $DIR_CONF/update_cat.conf`	59	`chmod 660 $DIR_CONF/update_cat.conf`
60	`fi`	60	`fi`
61	`$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG`	61	`$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG`
62	`$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines)`	62	`$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines)`
63		63
64	`# process the file $BL_CATEGORIES with the choice of categories`	64	`# process the file $BL_CATEGORIES with the choice of categories`
65	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`	65	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
66	`do`	66	`do`
67	`$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES`	67	`$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES`
68	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES`	68	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES`
69	`ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE`	69	`ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE`
70	`ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE`	70	`ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE`
71	`# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # Blacklisted domains are managed by dnsmasq`	71	`# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # Blacklisted domains are managed by dnsmasq`
72	`echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist`	72	`echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist`
73	`done`	73	`done`
74	`sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp`	74	`sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp`
75	`mv $FILE_tmp $BL_CATEGORIES`	75	`mv $FILE_tmp $BL_CATEGORIES`
76	`chown root:apache $BL_CATEGORIES`	76	`chown root:apache $BL_CATEGORIES`
77	`chmod 660 $BL_CATEGORIES`	77	`chmod 660 $BL_CATEGORIES`
78		78
79	`# process the file $WL_CATEGORIES with the choice of categories`	79	`# process the file $WL_CATEGORIES with the choice of categories`
80	for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`	80	for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`
81	`do`	81	`do`
82	`$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES`	82	`$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES`
83	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES`	83	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES`
84	`ln -sf $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE`	84	`ln -sf $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE`
85	`done`	85	`done`
86	`sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp`	86	`sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp`
87	`mv $FILE_tmp $WL_CATEGORIES`	87	`mv $FILE_tmp $WL_CATEGORIES`
88	`chown root:apache $WL_CATEGORIES`	88	`chown root:apache $WL_CATEGORIES`
89	`chmod 660 $WL_CATEGORIES`	89	`chmod 660 $WL_CATEGORIES`
90	`}`	90	`}`
91		91
-		92	`# cleaning file and split it ("domains" in $FILE_tmp & "IP" in $FILE_ip_tmp)`
-		93	`function clean_split (){`
-		94	`$SED '/^#.*/d' $FILE_tmp # remove commented lines`
-		95	`$SED '/^\s*$/d' $FILE_tmp # remove empty lines`
-		96	`$SED '/[äâëêïîöôüû@,]/d' $FILE_tmp # remove line with "chelou" characters`
-		97	`# extract ip addresses for iptables.`
-		98	`awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $FILE_tmp > $FILE_ip_tmp`
-		99	`# extract domain names for dnsmasq.`
-		100	`$SED -n '/^\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/!p' $FILE_tmp`
-		101	`# Retrieve max Top Level Domain for domain name synthax`
-		102	`#MAX_TLD=$(curl http://data.iana.org/TLD/tlds-alpha-by-domain.txt \| grep -v '-' \| grep -v '#' \| wc -L)`
-		103	`#if [ $(echo $MAX_TLD \| wc -c) -eq 0 ];then`
-		104	`# MAX_TLD=18`
-		105	`#fi`
-		106	`# search for correction egrep "([a-zA-Z0-9_-.]+\.){1,2}[a-zA-Z]{2,$MAX_TLD}" $ossi_custom_dir/domains > $FILE_tmp`
-		107	`}`
-		108
92	`usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } \| { -download or --download } \| { -adapt or --adapt } \| { -reload or --reload } \| { -update_cat or --update_cat }"`	109	`usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } \| { -download or --download } \| { -adapt or --adapt } \| { -reload or --reload } \| { -update_cat or --update_cat }"`
93	`nb_args=$#`	110	`nb_args=$#`
94	`args=$1`	111	`args=$1`
95	`if [ $nb_args -eq 0 ]`	112	`if [ $nb_args -eq 0 ]`
96	`then`	113	`then`
97	`args="-h"`	114	`args="-h"`
98	`fi`	115	`fi`
99	`case $args in`	116	`case $args in`
100	`-\? \| -h* \| --h*)`	117	`-\? \| -h* \| --h*)`
101	`echo "$usage"`	118	`echo "$usage"`
102	`exit 0`	119	`exit 0`
103	`;;`	120	`;;`
104	`# Retrieve Toulouse University BL`	121	`# Retrieve Toulouse University BL`
105	`-download \| --download)`	122	`-download \| --download)`
106	`rm -rf /tmp/con_ok.html`	123	`rm -rf /tmp/con_ok.html`
107	`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`	124	`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`
108	`if [ ! -e /tmp/con_ok.html ]`	125	`if [ ! -e /tmp/con_ok.html ]`
109	`then`	126	`then`
110	`echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable"`	127	`echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable"`
111	`else`	128	`else`
112	`rm -rf /tmp/con_ok.html $DIR_tmp`	129	`rm -rf /tmp/con_ok.html $DIR_tmp`
113	`mkdir $DIR_tmp`	130	`mkdir $DIR_tmp`
114	`wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz`	131	`wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz`
115	`md5sum $DIR_tmp/blacklists.tar.gz \| cut -d" " -f1 > $DIR_tmp/md5sum`	132	`md5sum $DIR_tmp/blacklists.tar.gz \| cut -d" " -f1 > $DIR_tmp/md5sum`
116	`chown -R apache:apache $DIR_tmp`	133	`chown -R apache:apache $DIR_tmp`
117	`fi`	134	`fi`
118	`;;`	135	`;;`
119	`# enable/disable categories (used only during the alcasar install process)`	136	`# enable/disable categories (used only during the alcasar install process)`
120	`-cat_choice \| --cat_choice)`	137	`-cat_choice \| --cat_choice)`
121	`cat_choice`	138	`cat_choice`
122	`;;`	139	`;;`
123	`# Adapt Toulouse University BL to ALCASAR architecture (dnsmasq + DG + iptables)`	140	`# Adapt Toulouse University BL to ALCASAR architecture (dnsmasq + DG + iptables)`
124	`-adapt \| --adapt)`	141	`-adapt \| --adapt)`
125	`echo -n "Adaptation process of Toulouse University blackList. Please wait : "`	142	`echo -n "Adaptation process of Toulouse University blackList. Please wait : "`
126	`if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL`	143	`if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL`
127	`then`	144	`then`
128	`# keep custom files (ossi)`	145	`# keep custom files (ossi)`
129	`for x in $(ls -1 $DIR_DG_BL \| grep "^ossi-*")`	146	`for x in $(ls -1 $DIR_DG_BL \| grep "^ossi-*")`
130	`do`	147	`do`
131	`mv $DIR_DG_BL/$x $DIR_tmp`	148	`mv $DIR_DG_BL/$x $DIR_tmp`
132	`done`	149	`done`
133	`rm -rf $DIR_DG_BL $DIR_IP_BL`	150	`rm -rf $DIR_DG_BL $DIR_IP_BL`
134	`mkdir $DIR_DG_BL $DIR_IP_BL`	151	`mkdir $DIR_DG_BL $DIR_IP_BL`
135	`tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/`	152	`tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/`
136	`chown -R root:apache $DIR_DG`	153	`chown -R dansguardian:apache $DIR_DG`
137	`chmod -R 770 $DIR_DG`	154	`chmod -R 770 $DIR_DG`
138	`# Add the two local categories (ossi-bl & ossi-wl) to the usage file`	155	`# Add the two local categories (ossi-bl & ossi-wl) to the usage file`
139	`# Add the custom categories (ossi-tor_nodes) to the usage file`	156	`# Add the custom categories (ossi-tor_nodes) to the usage file`
140	`cat << EOF >> $DIR_DG_BL/global_usage`	157	`cat << EOF >> $DIR_DG_BL/global_usage`
141		158
142	`NAME: ossi-bl`	159	`NAME: ossi-bl`
143	`DEFAULT_TYPE: black`	160	`DEFAULT_TYPE: black`
144	`SOURCE: ALCASAR Team`	161	`SOURCE: ALCASAR Team`
145	`DESC FR: sites blacklistés ajoutés localement`	162	`DESC FR: sites blacklistés ajoutés localement`
146	`DESC EN: blacklisted sites add locally`	163	`DESC EN: blacklisted sites add locally`
147	`NAME FR: ossi-bl`	164	`NAME FR: ossi-bl`
148	`NAME EN: ossi-bl`	165	`NAME EN: ossi-bl`
149		166
150	`NAME: ossi-wl`	167	`NAME: ossi-wl`
151	`DEFAULT_TYPE: white`	168	`DEFAULT_TYPE: white`
152	`SOURCE: ALCASAR Team`	169	`SOURCE: ALCASAR Team`
153	`DESC FR: sites autorisés ajoutés localement`	170	`DESC FR: sites autorisés ajoutés localement`
154	`DESC EN: whitelisted sites add locally`	171	`DESC EN: whitelisted sites add locally`
155	`NAME FR: ossi-wl`	172	`NAME FR: ossi-wl`
156	`NAME EN: ossi-wl`	173	`NAME EN: ossi-wl`
157		174
158	`NAME: ossi-bl-tor_nodes`	175	`NAME: ossi-bl-tor_nodes`
159	`DEFAULT_TYPE: black`	176	`DEFAULT_TYPE: black`
160	`SOURCE: ALCASAR Team`	177	`SOURCE: ALCASAR Team`
161	`DESC FR: Adresses IP des noeuds (routeurs) d'entrée du réseau TOR`	178	`DESC FR: Adresses IP des noeuds (routeurs) d'entrée du réseau TOR`
162	`DESC EN: IP addresses of input TOR nodes (routers)`	179	`DESC EN: IP addresses of input TOR nodes (routers)`
163	`NAME FR: Noeuds TOR`	180	`NAME FR: Noeuds TOR`
164	`NAME EN: TOR nodes`	181	`NAME EN: TOR nodes`
165	`EOF`	182	`EOF`
166	`# Retrieve custom files (ossi)`	183	`# Retrieve custom files (ossi)`
167	`for x in $(ls -1 $DIR_tmp \| grep "^ossi-*")`	184	`for x in $(ls -1 $DIR_tmp \| grep "^ossi-*")`
168	`do`	185	`do`
169	`mv $DIR_tmp/$x $DIR_DG_BL`	186	`mv $DIR_tmp/$x $DIR_DG_BL`
170	`done`	187	`done`
171	`fi`	188	`fi`
172	`rm -f $BL_CATEGORIES $WL_CATEGORIES`	189	`rm -f $BL_CATEGORIES $WL_CATEGORIES`
173	`rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL`	190	`rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL`
174	`rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED`	191	`rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED`
175	`touch $BL_CATEGORIES $WL_CATEGORIES`	192	`touch $BL_CATEGORIES $WL_CATEGORIES`
176	`mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL`	193	`mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL`
177	`mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED`	194	`mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED`
178	`find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist`	195	`find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist`
179	`$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix`	196	`$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix`
180	for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files	197	for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files
181	`do`	198	`do`
182	categorie=`echo $dir_categorie\|cut -d "/" -f6`	199	categorie=`echo $dir_categorie\|cut -d "/" -f6`
183	categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie$ $DIR_DG_BL/global_usage \| grep ^DEFAULT_TYPE \| cut -d":" -f2 \| tr -d " \t"`	200	categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie$ $DIR_DG_BL/global_usage \| grep ^DEFAULT_TYPE \| cut -d":" -f2 \| tr -d " \t"`
184	`if [ "$categorie_type" == "white" ]`	201	`if [ "$categorie_type" == "white" ]`
185	`then`	202	`then`
186	`echo "$dir_categorie" >> $WL_CATEGORIES`	203	`echo "$dir_categorie" >> $WL_CATEGORIES`
187	`else`	204	`else`
188	`echo "$dir_categorie" >> $BL_CATEGORIES`	205	`echo "$dir_categorie" >> $BL_CATEGORIES`
189	`fi`	206	`fi`
190	`done`	207	`done`
191	`rm -f $FILE_tmp`	208	`rm -f $FILE_tmp`
192	`# Verify that the enabled categories are effectively in the BL (need after an update of the BL)`	209	`# Verify that the enabled categories are effectively in the BL (need after an update of the BL)`
193	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`	210	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
194	`do`	211	`do`
195	ok=`grep /$ENABLE_CATEGORIE$ $BL_CATEGORIES\|wc -l`	212	ok=`grep /$ENABLE_CATEGORIE$ $BL_CATEGORIES\|wc -l`
196	`if [ $ok != "1" ]`	213	`if [ $ok != "1" ]`
197	`then`	214	`then`
198	`$SED "/^$ENABLE_CATEGORIE$/d" $BL_CATEGORIES_ENABLED`	215	`$SED "/^$ENABLE_CATEGORIE$/d" $BL_CATEGORIES_ENABLED`
199	`fi`	216	`fi`
200	`done`	217	`done`
201	`# Verify that the enabled categories are effectively in the WL (need after an update of the WL)`	218	`# Verify that the enabled categories are effectively in the WL (need after an update of the WL)`
202	for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`	219	for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`
203	`do`	220	`do`
204	ok=`grep /$ENABLE_CATEGORIE$ $WL_CATEGORIES\|wc -l`	221	ok=`grep /$ENABLE_CATEGORIE$ $WL_CATEGORIES\|wc -l`
205	`if [ $ok != "1" ]`	222	`if [ $ok != "1" ]`
206	`then`	223	`then`
207	`$SED "/^$ENABLE_CATEGORIE$/d" $WL_CATEGORIES_ENABLED`	224	`$SED "/^$ENABLE_CATEGORIE$/d" $WL_CATEGORIES_ENABLED`
208	`fi`	225	`fi`
209	`done`	226	`done`
210	`# Creation of DNSMASQ and Iptables BL and WL`	227	`# Creation of DNSMASQ and Iptables BL and WL`
211	`for LIST in $BL_CATEGORIES $WL_CATEGORIES # for each list (bl and wl)`	228	`for LIST in $BL_CATEGORIES $WL_CATEGORIES # for each list (bl and wl)`
212	`do`	229	`do`
213	for PATH_FILE in `cat $LIST` # for each category	230	for PATH_FILE in `cat $LIST` # for each category
214	`do`	231	`do`
215	DOMAIN=`basename $PATH_FILE`	232	DOMAIN=`basename $PATH_FILE`
216	`echo -n "$DOMAIN, "`	233	`echo -n "$DOMAIN, "`
217	`if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist`	234	`if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist`
218	`then`	235	`then`
219	`touch $PATH_FILE/urls`	236	`touch $PATH_FILE/urls`
220	`chown dansguardian:apache $PATH_FILE/urls`	237	`chown dansguardian:apache $PATH_FILE/urls`
221	`fi`	238	`fi`
222	`$SED "/[äâëêïîöôüû@]/d" $FILE_tmp`	-
223	`$SED "/^#.*/d" $FILE_tmp`	239	`cp $PATH_FILE/domains $FILE_tmp`
224	`$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors`	-
225	`# extract ip addresses for iptables`	-
226	`awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp`	-
227	`# for dnsmask, remove IP addesses, accented characters and commented lines.`	240	`clean_split # clean ossi custom files & split them for dnsmasq and for iptables`
228	`egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp`	-
229	`if [ "$LIST" == "$BL_CATEGORIES" ]`	241	`if [ "$LIST" == "$BL_CATEGORIES" ]`
230	`then`	242	`then`
231	`# adapt to the dnsmasq syntax for the blacklist`	243	`# adapt to the dnsmasq syntax for the blacklist`
232	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp`	244	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp`
233	`mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf`	245	`mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf`
234	`mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN`	246	`mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN`
235	`else`	247	`else`
236	`# adapt to the dnsmasq syntax for the whitelist`	248	`# adapt to the dnsmasq syntax for the whitelist`
237	`$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp`	249	`$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp`
238	`mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf`	250	`mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf`
239	`fi`	251	`fi`
240	`done`	252	`done`
241	`done`	253	`done`
242	`echo`	254	`echo`
243	`chown -R root:apache $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL`	255	`chown -R root:apache $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL`
244	`chmod 770 $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL`	256	`chmod 770 $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL`
245	`chmod -f 660 $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL/* $DIR_DNS_WL/* $DIR_IP_BL/* $DIR_IP_WL/*`	257	`chmod -f 660 $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL/* $DIR_DNS_WL/* $DIR_IP_BL/* $DIR_IP_WL/*`
246	`rm -f $FILE_tmp $FILE_ip_tmp`	258	`rm -f $FILE_tmp $FILE_ip_tmp`
247	`rm -rf $DIR_tmp`	259	`rm -rf $DIR_tmp`
248	`;;`	260	`;;`
249	`# update the categories which are written in "/usr/local/etc/update_cat.conf" with rsync`	261	`# Rsync the categories which are listed in "/usr/local/etc/update_cat.conf". Cron run this function every 12h`
250	`-update_cat \| --update_cat)`	262	`-update_cat \| --update_cat)`
251	`if [ $(cat /usr/local/etc/update_cat.conf \| wc -l) -ne 0 ]`	263	`if [ $(cat /usr/local/etc/update_cat.conf \| wc -l) -ne 0 ]`
252	`then`	264	`then`
253	`echo -n "Updating categories in /usr/local/etc/update_cat.conf ..."`	265	`echo -n "Updating categories in /usr/local/etc/update_cat.conf ..."`
254	`cat /usr/local/etc/update_cat.conf \| while read LIGNE_RSYNC`	266	`cat /usr/local/etc/update_cat.conf \| while read LIGNE_RSYNC`
255	`do`	267	`do`
256	`CATEGORIE=$(echo $LIGNE_RSYNC \| cut -d' ' -f1)`	268	`CATEGORIE=$(echo $LIGNE_RSYNC \| cut -d' ' -f1)`
257	`URL=$(echo $LIGNE_RSYNC \| cut -d' ' -f2)`	269	`URL=$(echo $LIGNE_RSYNC \| cut -d' ' -f2)`
258	`PATH_FILE=$(find $DIR_DG_BL/ -type d -name $CATEGORIE) # retrieve directory name of the category`	270	`PATH_FILE=$(find $DIR_DG_BL/ -type d -name $CATEGORIE) # retrieve directory name of the category`
259	`rsync -rv $URL $(dirname $PATH_FILE ) #rsync inside of the blacklist directory`	271	`rsync -rv $URL $(dirname $PATH_FILE ) #rsync inside of the blacklist directory`
260	`# Creation of DNSMASQ and Iptables BL and WL`	272	`# Creation of DNSMASQ and Iptables BL and WL`
261	`DOMAIN=$(basename $PATH_FILE)`	273	`DOMAIN=$(basename $PATH_FILE)`
262	`$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correction 'coma' instead of 'dot'`	-
263	`$SED "/^$/d" $PATH_FILE/domains $PATH_FILE/urls # remove empty lines`	274	`cp $PATH_FILE/domains $FILE_tmp`
264	`# extract ip addresses for iptables`	-
265	`awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp`	-
266	`# for dnsmask, remove IP addresses, accentuated characters and commented lines.`	275	`clean_split # clean ossi custom files & split them for dnsmasq and for iptables`
267	`egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp`	-
268	`$SED "/[äâëêïîöôüû@]/d" $FILE_tmp`	-
269	`$SED "/^#.*/d" $FILE_tmp`	-
270	black=`grep black $PATH_FILE/usage \|wc -l`	276	black=`grep black $PATH_FILE/usage \|wc -l`
271	`if [ $black == "1" ]`	277	`if [ $black == "1" ]`
272	`then`	278	`then`
273	`# adapt to the dnsmasq syntax for the blacklist`	279	`# adapt to the dnsmasq syntax for the blacklist`
274	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp`	280	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp`
275	`mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf`	281	`mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf`
276	`mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN`	282	`mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN`
277	`else`	283	`else`
278	`# adapt to the dnsmasq syntax for the whitelist`	284	`# adapt to the dnsmasq syntax for the whitelist`
279	`$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp`	285	`$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp`
280	`mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf`	286	`mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf`
281	`mv $FILE_ip_tmp $DIR_IP_WL/$DOMAIN`	287	`mv $FILE_ip_tmp $DIR_IP_WL/$DOMAIN`
282	`fi`	288	`fi`
283	`rm -f $FILE_tmp $FILE_ip_tmp`	289	`rm -f $FILE_tmp $FILE_ip_tmp`
284	`done`	290	`done`
285	`/usr/bin/systemctl restart dnsmasq-whitelist`	291	`/usr/bin/systemctl restart dnsmasq-whitelist`
286	`/usr/bin/systemctl restart dnsmasq-blacklist`	292	`/usr/bin/systemctl restart dnsmasq-blacklist`
287	`/usr/bin/systemctl restart dansguardian`	293	`/usr/bin/systemctl restart dansguardian`
288	`/usr/local/bin/alcasar-iptables.sh`	294	`/usr/local/bin/alcasar-iptables.sh`
289	`else`	295	`else`
290	`echo -n "/usr/local/etc/update_cat.conf is empty ..."`	296	`echo -n "/usr/local/etc/update_cat.conf is empty ..."`
291	`fi`	297	`fi`
292	`echo`	298	`echo`
293	`;;`	299	`;;`
294	`# reload when selected categories are changed or when ossi change his custom files`	300	`# reload when selected categories are changed or when ossi change his custom files`
295	`-reload \| --reload)`	301	`-reload \| --reload)`
296	`# for DG`	302	`# for DG`
297	`cat_choice`	303	`cat_choice`
298	`# for dnsmasq (rehabited domain names)`	304	`# for dnsmasq (rehabited domain names)`
299	if [ `wc -w $DIR_DG/exceptionsitelist\|cut -d " " -f1` != "0" ]	305	if [ `wc -w $DIR_DG/exceptionsitelist\|cut -d " " -f1` != "0" ]
300	`then`	306	`then`
301	for i in `cat $DIR_DG/exceptionsitelist`	307	for i in `cat $DIR_DG/exceptionsitelist`
302	`do`	308	`do`
303	`$SED "/$i/d" $DIR_DNS_BL/*`	309	`$SED "/$i/d" $DIR_DNS_BL/*`
304	`done`	310	`done`
305	`fi`	311	`fi`
306	`# adapt OSSI BL & WL custom files`	312	`# adapt OSSI BL & WL custom files`
307	`for dir in $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIr_IP_WL`	313	`for dir in $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIr_IP_WL`
308	`do`	314	`do`
309	`rm -f $dir/ossi*`	315	`rm -f $dir/ossi*`
310	`done`	316	`done`
311	`find $DIR_DG_BL/ -type f -name domains \| grep ossi- > $FILE_tmp # retrieve ossi directories name where a domain file exist`	317	`find $DIR_DG_BL/ -type f -name domains \| grep ossi- > $FILE_tmp # retrieve ossi directories name where a domain file exist`
312	`$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix`	318	`$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix`
313		-
314	`#retrieve max Top Level Domain for domain name synthax`	-
315	`MAX_TLD=$(curl http://data.iana.org/TLD/tlds-alpha-by-domain.txt \| grep -v '-' \| grep -v '#' \| wc -L)`	-
316	`if [ $(echo $MAX_TLD \| wc -c) -eq 0 ];then`	-
317	`MAX_TLD=18`	-
318	`fi`	-
319		-
320	for ossi_custom_dir in `cat $FILE_tmp` # create the blacklist and the whitelist files	319	for ossi_custom_dir in `cat $FILE_tmp` # create the blacklist and the whitelist files
321	`do`	320	`do`
-		321	`chown -R root:apache $ossi_custom_dir`
-		322	`chmod 770 $ossi_custom_dir`
322	ossi_categorie=`echo $ossi_custom_dir\|cut -d "/" -f6`	323	ossi_categorie=`echo $ossi_custom_dir\|cut -d "/" -f6`
323	short_categorie=`echo "$ossi_categorie" \| cut -d"-" -f2`	324	short_categorie=`echo "$ossi_categorie" \| cut -d"-" -f2`
324	`if [ $short_categorie == "bl" ]`	325	`if [ $short_categorie == "bl" ]`
325	`then`	326	`then`
326	`categorie_type="black"`	327	`categorie_type="black"`
327	`else`	328	`else`
328	`categorie_type="white"`	329	`categorie_type="white"`
329	`fi`	330	`fi`
330	`$SED "s/\.\{2,10\}/\./g" $ossi_custom_dir/domains $ossi_custom_dir/urls # correction 'coma' instead of 'dot'`	-
331	`$SED "/^$/d" $ossi_custom_dir/domains $ossi_custom_dir/urls # remove empty lines`	-
332	`$SED "s/\r//" $ossi_custom_dir/domains $ossi_custom_dir/urls # remove Windows <CR>`	331	`$SED "s/\r//" $ossi_custom_dir/domains $ossi_custom_dir/urls # remove Windows <CR> from custom file`
333	`# extract ip addresses for iptables`	332	`cp $ossi_custom_dir/domains $FILE_tmp`
334	`awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $ossi_custom_dir/domains > $FILE_ip_tmp`	-
335	`egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $ossi_custom_dir/domains > $FILE_tmp`	333	`clean_split # clean ossi custom files & split them for dnsmasq and for iptables`
336	`# search for correction egrep "([a-zA-Z0-9_-.]+\.){1,2}[a-zA-Z]{2,$MAX_TLD}" $ossi_custom_dir/domains > $FILE_tmp`	-
337	`if [ $categorie_type == "white" ]`	334	`if [ $categorie_type == "white" ]`
338	`then`	335	`then`
339	`# adapt the file to the dnsmasq syntax and enable it if needed`	336	`# adapt the file to the dnsmasq syntax and enable it if needed`
340	`# for the WL`	337	`# for the WL`
341	`$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp`	338	`$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp`
342	`mv $FILE_tmp $DIR_DNS_WL/$ossi_categorie.conf`	339	`mv $FILE_tmp $DIR_DNS_WL/$ossi_categorie.conf`
343	`mv $FILE_ip_tmp $DIR_IP_WL/$ossi_categorie`	340	`mv $FILE_ip_tmp $DIR_IP_WL/$ossi_categorie`
344	enabled=`grep ^$ossi_categorie$ $WL_CATEGORIES_ENABLED \| wc -l`	341	enabled=`grep ^$ossi_categorie$ $WL_CATEGORIES_ENABLED \| wc -l`
345	`if [ $enabled == "1" ]`	342	`if [ $enabled == "1" ]`
346	`then`	343	`then`
347	`$SED "/\/$ossi_categorie$/d" $WL_CATEGORIES`	344	`$SED "/\/$ossi_categorie$/d" $WL_CATEGORIES`
348	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $WL_CATEGORIES`	345	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $WL_CATEGORIES`
349	`ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie`	346	`ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie`
350	`ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie`	347	`ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie`
351	`fi`	348	`fi`
352	`else`	349	`else`
353	`# for the BL`	350	`# for the BL`
354	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp`	351	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp`
355	`mv $FILE_tmp $DIR_DNS_BL/$ossi_categorie.conf`	352	`mv $FILE_tmp $DIR_DNS_BL/$ossi_categorie.conf`
356	`mv $FILE_ip_tmp $DIR_IP_BL/$ossi_categorie`	353	`mv $FILE_ip_tmp $DIR_IP_BL/$ossi_categorie`
357	enabled=`grep ^$ossi_categorie$ $BL_CATEGORIES_ENABLED \| wc -l`	354	enabled=`grep ^$ossi_categorie$ $BL_CATEGORIES_ENABLED \| wc -l`
358	`if [ $enabled == "1" ]`	355	`if [ $enabled == "1" ]`
359	`then`	356	`then`
360	`$SED "/\/$ossi_categorie$/d" $BL_CATEGORIES`	357	`$SED "/\/$ossi_categorie$/d" $BL_CATEGORIES`
361	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $BL_CATEGORIES`	358	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ossi_categorie" $BL_CATEGORIES`
362	`ln -sf $DIR_DNS_BL/$ossi_categorie.conf $DIR_DNS_BL_ENABLED/$ossi_categorie`	359	`ln -sf $DIR_DNS_BL/$ossi_categorie.conf $DIR_DNS_BL_ENABLED/$ossi_categorie`
363	`ln -sf $DIR_IP_BL/$ossi_categorie $DIR_IP_BL_ENABLED/$ossi_categorie`	360	`ln -sf $DIR_IP_BL/$ossi_categorie $DIR_IP_BL_ENABLED/$ossi_categorie`
364	`fi`	361	`fi`
365	`fi`	362	`fi`
366	`done`	363	`done`
367	`for file in $BL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES $WL_CATEGORIES_ENABLED`	364	`for file in $BL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES $WL_CATEGORIES_ENABLED`
368	`do`	365	`do`
369	`sort +0.0 -0.2 $file -o $FILE_tmp`	366	`sort +0.0 -0.2 $file -o $FILE_tmp`
370	`mv $FILE_tmp $file`	367	`mv $FILE_tmp $file`
371	`chown root:apache $file`	368	`chown root:apache $file`
372	`chmod 660 $file`	369	`chmod 660 $file`
373	`done`	370	`done`
374	`chown -R root:apache $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL`	371	`chown -R root:apache $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL`
375	`chmod 660 $DIR_DNS_BL/* $DIR_DNS_WL/* $DIR_IP_BL/* $DIR_IP_WL/*`	372	`chmod 660 $DIR_DNS_BL/* $DIR_DNS_WL/* $DIR_IP_BL/* $DIR_IP_WL/*`
376	`if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage`	373	`if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage`
377	`then`	374	`then`
378	`/usr/bin/systemctl restart dnsmasq-blacklist`	375	`/usr/bin/systemctl restart dnsmasq-blacklist`
379	`/usr/bin/systemctl restart dnsmasq-whitelist`	376	`/usr/bin/systemctl restart dnsmasq-whitelist`
380	`/usr/local/bin/alcasar-iptables.sh`	377	`/usr/local/bin/alcasar-iptables.sh`
381	`fi`	378	`fi`
382	`;;`	379	`;;`
383	`*)`	380	`*)`
384	`echo "Argument inconnu :$1";`	381	`echo "Argument inconnu :$1";`
385	`echo "$usage"`	382	`echo "$usage"`
386	`exit 1`	383	`exit 1`
387	`;;`	384	`;;`
388	`esac`	385	`esac`
389		386
390		387

Subversion Repositories ALCASAR

(root)/scripts/alcasar-bl.sh @ 2898 – Rev 2187 → 2192