Line 1... |
Line 1... |
1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
2 |
# $Id: alcasar.sh 988 2012-08-20 21:33:01Z franck $
|
2 |
# $Id: alcasar.sh 990 2012-08-24 22:47:27Z franck $
|
3 |
|
3 |
|
4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
5 |
|
5 |
|
6 |
# ALCASAR - Portail captif d'accès à l'Internet - Copyright (C) [2005] [ALcasar team - Rexy - 3abtux - ...]
|
6 |
# ALCASAR - Portail captif d'accès à l'Internet - Copyright (C) [2005] [ALcasar team - Rexy - 3abtux - ...]
|
7 |
# Ce programme est un logiciel libre ; vous pouvez le redistribuer et/ou le modifier au titre des clauses de la Licence Publique Générale GNU,
|
7 |
# Ce programme est un logiciel libre ; vous pouvez le redistribuer et/ou le modifier au titre des clauses de la Licence Publique Générale GNU,
|
Line 542... |
Line 542... |
542 |
$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
|
542 |
$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
|
543 |
$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
|
543 |
$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
|
544 |
$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
|
544 |
$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
|
545 |
$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
|
545 |
$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
|
546 |
$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
|
546 |
$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
|
- |
|
547 |
$SED "s?LoadModule speling_module.*?LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/httpd.conf
|
547 |
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
|
548 |
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
|
548 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF
|
549 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF
|
549 |
$SED "s?background-color.*?background-color: #EFEFEF; }?g" /var/www/error/include/top.html
|
550 |
$SED "s?background-color.*?background-color: #EFEFEF; }?g" /var/www/error/include/top.html
|
550 |
[ -e /var/www/error/include/bottom.html.default ] || mv /var/www/error/include/bottom.html /var/www/error/include/bottom.html.default
|
551 |
[ -e /var/www/error/include/bottom.html.default ] || mv /var/www/error/include/bottom.html /var/www/error/include/bottom.html.default
|
551 |
cat <<EOF > /var/www/error/include/bottom.html
|
552 |
cat <<EOF > /var/www/error/include/bottom.html
|
Line 622... |
Line 623... |
622 |
AllowOverride None
|
623 |
AllowOverride None
|
623 |
Order deny,allow
|
624 |
Order deny,allow
|
624 |
Deny from all
|
625 |
Deny from all
|
625 |
Allow from 127.0.0.1
|
626 |
Allow from 127.0.0.1
|
626 |
Allow from $PRIVATE_NETWORK_MASK
|
627 |
Allow from $PRIVATE_NETWORK_MASK
|
- |
|
628 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
|
627 |
require valid-user
|
629 |
require valid-user
|
628 |
AuthType digest
|
630 |
AuthType digest
|
629 |
AuthName $HOSTNAME
|
631 |
AuthName $HOSTNAME
|
630 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
632 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
631 |
AuthUserFile $DIR_DEST_ETC/digest/key_all
|
633 |
AuthUserFile $DIR_DEST_ETC/digest/key_all
|
Line 636... |
Line 638... |
636 |
AllowOverride None
|
638 |
AllowOverride None
|
637 |
Order deny,allow
|
639 |
Order deny,allow
|
638 |
Deny from all
|
640 |
Deny from all
|
639 |
Allow from 127.0.0.1
|
641 |
Allow from 127.0.0.1
|
640 |
Allow from $PRIVATE_NETWORK_MASK
|
642 |
Allow from $PRIVATE_NETWORK_MASK
|
- |
|
643 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
|
641 |
require valid-user
|
644 |
require valid-user
|
642 |
AuthType digest
|
645 |
AuthType digest
|
643 |
AuthName $HOSTNAME
|
646 |
AuthName $HOSTNAME
|
644 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
647 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
645 |
AuthUserFile $DIR_DEST_ETC/digest/key_admin
|
648 |
AuthUserFile $DIR_DEST_ETC/digest/key_admin
|
Line 650... |
Line 653... |
650 |
AllowOverride None
|
653 |
AllowOverride None
|
651 |
Order deny,allow
|
654 |
Order deny,allow
|
652 |
Deny from all
|
655 |
Deny from all
|
653 |
Allow from 127.0.0.1
|
656 |
Allow from 127.0.0.1
|
654 |
Allow from $PRIVATE_NETWORK_MASK
|
657 |
Allow from $PRIVATE_NETWORK_MASK
|
- |
|
658 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
|
655 |
require valid-user
|
659 |
require valid-user
|
656 |
AuthType digest
|
660 |
AuthType digest
|
657 |
AuthName $HOSTNAME
|
661 |
AuthName $HOSTNAME
|
658 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
662 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
659 |
AuthUserFile $DIR_DEST_ETC/digest/key_manager
|
663 |
AuthUserFile $DIR_DEST_ETC/digest/key_manager
|
Line 664... |
Line 668... |
664 |
AllowOverride None
|
668 |
AllowOverride None
|
665 |
Order deny,allow
|
669 |
Order deny,allow
|
666 |
Deny from all
|
670 |
Deny from all
|
667 |
Allow from 127.0.0.1
|
671 |
Allow from 127.0.0.1
|
668 |
Allow from $PRIVATE_NETWORK_MASK
|
672 |
Allow from $PRIVATE_NETWORK_MASK
|
- |
|
673 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
|
669 |
require valid-user
|
674 |
require valid-user
|
670 |
AuthType digest
|
675 |
AuthType digest
|
671 |
AuthName $HOSTNAME
|
676 |
AuthName $HOSTNAME
|
672 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
677 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
673 |
AuthUserFile $DIR_DEST_ETC/digest/key_backup
|
678 |
AuthUserFile $DIR_DEST_ETC/digest/key_backup
|
Line 679... |
Line 684... |
679 |
Options Indexes
|
684 |
Options Indexes
|
680 |
Order deny,allow
|
685 |
Order deny,allow
|
681 |
Deny from all
|
686 |
Deny from all
|
682 |
Allow from 127.0.0.1
|
687 |
Allow from 127.0.0.1
|
683 |
Allow from $PRIVATE_NETWORK_MASK
|
688 |
Allow from $PRIVATE_NETWORK_MASK
|
- |
|
689 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
|
684 |
require valid-user
|
690 |
require valid-user
|
685 |
AuthType digest
|
691 |
AuthType digest
|
686 |
AuthName $HOSTNAME
|
692 |
AuthName $HOSTNAME
|
687 |
AuthUserFile $DIR_DEST_ETC/digest/key_backup
|
693 |
AuthUserFile $DIR_DEST_ETC/digest/key_backup
|
688 |
ErrorDocument 404 https://$HOSTNAME/
|
694 |
ErrorDocument 404 https://$HOSTNAME/
|
Line 1120... |
Line 1126... |
1120 |
# configuration d'HAVP
|
1126 |
# configuration d'HAVP
|
1121 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
|
1127 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
|
1122 |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
|
1128 |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
|
1123 |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090
|
1129 |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090
|
1124 |
$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback
|
1130 |
$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback
|
- |
|
1131 |
$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config # Log format
|
1125 |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV
|
1132 |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV
|
1126 |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches
|
1133 |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches
|
1127 |
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously
|
1134 |
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously
|
1128 |
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files
|
1135 |
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files
|
1129 |
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
|
1136 |
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
|
Line 1213... |
Line 1220... |
1213 |
DirectoryIndex awstats.pl
|
1220 |
DirectoryIndex awstats.pl
|
1214 |
Order deny,allow
|
1221 |
Order deny,allow
|
1215 |
Deny from all
|
1222 |
Deny from all
|
1216 |
Allow from 127.0.0.1
|
1223 |
Allow from 127.0.0.1
|
1217 |
Allow from $PRIVATE_NETWORK_MASK
|
1224 |
Allow from $PRIVATE_NETWORK_MASK
|
- |
|
1225 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
|
1218 |
require valid-user
|
1226 |
require valid-user
|
1219 |
AuthType digest
|
1227 |
AuthType digest
|
1220 |
AuthName $HOSTNAME
|
1228 |
AuthName $HOSTNAME
|
1221 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
1229 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
1222 |
AuthUserFile $DIR_DEST_ETC/digest/key_admin
|
1230 |
AuthUserFile $DIR_DEST_ETC/digest/key_admin
|