| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 1870 2016-05-04 14:55:06Z raphael.pion $
|
2 |
# $Id: alcasar.sh 1873 2016-05-05 10:31:32Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
|
5 |
|
| 6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
| 7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
| Line 37... |
Line 37... |
| 37 |
# chilli : coovachilli initialisation (+authentication page)
|
37 |
# chilli : coovachilli initialisation (+authentication page)
|
| 38 |
# dansguardian : DansGuardian filtering HTTP proxy configuration
|
38 |
# dansguardian : DansGuardian filtering HTTP proxy configuration
|
| 39 |
# antivirus : HAVP + libclamav configuration
|
39 |
# antivirus : HAVP + libclamav configuration
|
| 40 |
# tinyproxy : little proxy for user filtered with "WL + antivirus" and "antivirus"
|
40 |
# tinyproxy : little proxy for user filtered with "WL + antivirus" and "antivirus"
|
| 41 |
# ulogd : log system in userland (match NFLOG target of iptables)
|
41 |
# ulogd : log system in userland (match NFLOG target of iptables)
|
| 42 |
# nfsen : : Configuration du grapheur nfsen pour apache
|
42 |
# nfsen : : Configuration of Nfsen Netflow grapher
|
| 43 |
# dnsmasq : Name server configuration
|
43 |
# dnsmasq : Name server configuration
|
| 44 |
# vnstat : little network stat daemon
|
44 |
# vnstat : little network stat daemon
|
| 45 |
# BL : BlackList of Toulouse configuration : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
|
45 |
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
|
| 46 |
# cron : Logs export + watchdog + connexion statistics
|
46 |
# cron : Logs export + watchdog + connexion statistics
|
| 47 |
# fail2ban : Fail2ban IDS installation and configuration
|
47 |
# fail2ban : Fail2ban IDS installation and configuration
|
| 48 |
# gammu_smsd : Autoregister addon via SMS (gammu-smsd)
|
48 |
# gammu_smsd : Autoregister addon via SMS (gammu-smsd)
|
| 49 |
# post_install : Security, log rotation, etc.
|
49 |
# post_install : Security, log rotation, etc.
|
| 50 |
|
50 |
|
| Line 1515... |
Line 1515... |
| 1515 |
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
|
1515 |
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
|
| 1516 |
EOF
|
1516 |
EOF
|
| 1517 |
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
|
1517 |
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
|
| 1518 |
cat << EOF > /etc/dnsmasq-blacklist.conf
|
1518 |
cat << EOF > /etc/dnsmasq-blacklist.conf
|
| 1519 |
# Configuration file for "dnsmasq with blacklist"
|
1519 |
# Configuration file for "dnsmasq with blacklist"
|
| 1520 |
# Add Toulouse blacklist domains
|
1520 |
# Add Toulouse University blacklist domains
|
| 1521 |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions
|
1521 |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions
|
| 1522 |
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
|
1522 |
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
|
| 1523 |
pid-file=/var/run/dnsmasq-blacklist.pid
|
1523 |
pid-file=/var/run/dnsmasq-blacklist.pid
|
| 1524 |
listen-address=$PRIVATE_IP
|
1524 |
listen-address=$PRIVATE_IP
|
| 1525 |
port=54
|
1525 |
port=54
|
| Line 1537... |
Line 1537... |
| 1537 |
server=$DNS2
|
1537 |
server=$DNS2
|
| 1538 |
EOF
|
1538 |
EOF
|
| 1539 |
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
|
1539 |
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
|
| 1540 |
cat << EOF > /etc/dnsmasq-whitelist.conf
|
1540 |
cat << EOF > /etc/dnsmasq-whitelist.conf
|
| 1541 |
# Configuration file for "dnsmasq with whitelist"
|
1541 |
# Configuration file for "dnsmasq with whitelist"
|
| 1542 |
# Inclusion de la whitelist <domains> de Toulouse dans la configuration
|
1542 |
# ADD Toulouse university whitelist domains
|
| 1543 |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions
|
1543 |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions
|
| 1544 |
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
|
1544 |
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
|
| 1545 |
pid-file=/var/run/dnsmasq-whitelist.pid
|
1545 |
pid-file=/var/run/dnsmasq-whitelist.pid
|
| 1546 |
listen-address=$PRIVATE_IP
|
1546 |
listen-address=$PRIVATE_IP
|
| 1547 |
port=55
|
1547 |
port=55
|
| Line 1593... |
Line 1593... |
| 1593 |
##########################################################
|
1593 |
##########################################################
|
| 1594 |
## Fonction "BL" ##
|
1594 |
## Fonction "BL" ##
|
| 1595 |
##########################################################
|
1595 |
##########################################################
|
| 1596 |
BL ()
|
1596 |
BL ()
|
| 1597 |
{
|
1597 |
{
|
| 1598 |
# copy and extract toulouse BL
|
1598 |
# copy and extract Toulouse university BL
|
| 1599 |
rm -rf $DIR_DG/lists/blacklists
|
1599 |
rm -rf $DIR_DG/lists/blacklists
|
| 1600 |
tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
|
1600 |
tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
|
| 1601 |
# creation of the OSSI BL and WL categories (domain name and url)
|
1601 |
# creation of the OSSI BL and WL categories (domain name and url)
|
| 1602 |
mkdir $DIR_DG/lists/blacklists/ossi
|
1602 |
mkdir $DIR_DG/lists/blacklists/ossi
|
| 1603 |
touch $DIR_DG/lists/blacklists/ossi/domains
|
1603 |
touch $DIR_DG/lists/blacklists/ossi/domains
|