| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 3195 2024-04-23 22:39:48Z rexy $
|
2 |
# $Id: alcasar.sh 3197 2024-04-24 17:43:09Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
4 |
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
| 5 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, lighttpd, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
|
5 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, lighttpd, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
|
| 6 |
# contact : info@alcasar.net
|
6 |
# contact : info@alcasar.net
|
| 7 |
|
7 |
|
| Line 46... |
Line 46... |
| 46 |
DIR_CONF="$DIR_INSTALL/conf" # install directory (with conf files)
|
46 |
DIR_CONF="$DIR_INSTALL/conf" # install directory (with conf files)
|
| 47 |
DIR_SCRIPTS="$DIR_INSTALL/scripts" # install directory (with script files)
|
47 |
DIR_SCRIPTS="$DIR_INSTALL/scripts" # install directory (with script files)
|
| 48 |
DIR_BLACKLIST="$DIR_INSTALL/blacklist" # install directory (with blacklist files)
|
48 |
DIR_BLACKLIST="$DIR_INSTALL/blacklist" # install directory (with blacklist files)
|
| 49 |
DIR_SAVE="/var/Save" # backup directory (traceability_log, user_db, security_log)
|
49 |
DIR_SAVE="/var/Save" # backup directory (traceability_log, user_db, security_log)
|
| 50 |
DIR_WEB="/var/www/html" # directory of Lighttpd
|
50 |
DIR_WEB="/var/www/html" # directory of Lighttpd
|
| 51 |
DIR_DG="/etc/e2guardian" # directory of E2Guardian
|
51 |
DIR_E2G="/etc/e2guardian" # directory of E2Guardian
|
| 52 |
DIR_ACC="$DIR_WEB/acc" # directory of the 'ALCASAR Control Center'
|
52 |
DIR_ACC="$DIR_WEB/acc" # directory of the 'ALCASAR Control Center'
|
| 53 |
DIR_DEST_BIN="/usr/local/bin" # directory of ALCASAR scripts
|
53 |
DIR_DEST_BIN="/usr/local/bin" # directory of ALCASAR scripts
|
| 54 |
DIR_DEST_ETC="/usr/local/etc" # directory of ALCASAR conf files
|
54 |
DIR_DEST_ETC="/usr/local/etc" # directory of ALCASAR conf files
|
| 55 |
DIR_DEST_SHARE="/usr/local/share" # directory of share files used by ALCASAR (unbound for instance)
|
55 |
DIR_DEST_SHARE="/usr/local/share" # directory of share files used by ALCASAR (unbound for instance)
|
| 56 |
CONF_FILE="$DIR_DEST_ETC/alcasar.conf" # central ALCASAR conf file
|
56 |
CONF_FILE="$DIR_DEST_ETC/alcasar.conf" # central ALCASAR conf file
|
| Line 919... |
Line 919... |
| 919 |
{
|
919 |
{
|
| 920 |
[ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default
|
920 |
[ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default
|
| 921 |
$SED "s?^pool.*?pool fr.pool.ntp.org iburst?g" /etc/ntp.conf
|
921 |
$SED "s?^pool.*?pool fr.pool.ntp.org iburst?g" /etc/ntp.conf
|
| 922 |
echo "interface ignore wildcard" >> /etc/ntp.conf
|
922 |
echo "interface ignore wildcard" >> /etc/ntp.conf
|
| 923 |
echo "interface listen lo" >> /etc/ntp.conf
|
923 |
echo "interface listen lo" >> /etc/ntp.conf
|
| 924 |
echo "interface listen $INTIF" >> /etc/ntp.conf
|
924 |
echo "interface listen tun0" >> /etc/ntp.conf
|
| 925 |
# Synchronize now
|
925 |
# Synchronize now
|
| 926 |
ntpdate fr.pool.ntp.org &
|
926 |
ntpdate fr.pool.ntp.org &
|
| 927 |
sleep 2 # wait for time server responce
|
927 |
sleep 2 # wait for time server responce
|
| 928 |
} # End of time_server()
|
928 |
} # End of time_server()
|
| 929 |
|
929 |
|
| Line 1278... |
Line 1278... |
| 1278 |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/e2guardian -c /etc/e2guardian/e2guardian.conf?g" /etc/systemd/system/e2guardian.service
|
1278 |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/e2guardian -c /etc/e2guardian/e2guardian.conf?g" /etc/systemd/system/e2guardian.service
|
| 1279 |
$SED "s?^After=.*?After=network-online.target chilli.service?g" /etc/systemd/system/e2guardian.service
|
1279 |
$SED "s?^After=.*?After=network-online.target chilli.service?g" /etc/systemd/system/e2guardian.service
|
| 1280 |
$SED "/^PIDFile=/d" /etc/systemd/system/e2guardian.service
|
1280 |
$SED "/^PIDFile=/d" /etc/systemd/system/e2guardian.service
|
| 1281 |
|
1281 |
|
| 1282 |
# Adapt the main conf file
|
1282 |
# Adapt the main conf file
|
| 1283 |
[ -e $DIR_DG/e2guardian.conf.default ] || cp $DIR_DG/e2guardian.conf $DIR_DG/e2guardian.conf.default
|
1283 |
[ -e $DIR_E2G/e2guardian.conf.default ] || cp $DIR_E2G/e2guardian.conf $DIR_E2G/e2guardian.conf.default
|
| 1284 |
# French deny HTML page
|
1284 |
# French deny HTML page
|
| 1285 |
$SED "s?^language =.*?language = 'french'?g" $DIR_DG/e2guardian.conf
|
1285 |
$SED "s?^language =.*?language = 'french'?g" $DIR_E2G/e2guardian.conf
|
| 1286 |
# +++ listen & loop prevention on loopback
|
1286 |
# +++ listen & loop prevention on loopback
|
| 1287 |
$SED "s?^#checkip = 127.0.0.1.*?checkip = 127.0.0.1?g" $DIR_DG/e2guardian.conf
|
1287 |
$SED "s?^#checkip = 127.0.0.1.*?checkip = 127.0.0.1?g" $DIR_E2G/e2guardian.conf
|
| 1288 |
# 2 filtergroups (8080 & 8090)
|
1288 |
# 2 filtergroups (8080 & 8090)
|
| 1289 |
$SED "s?^#filtergroups =.*?filtergroups = 2?g" $DIR_DG/e2guardian.conf
|
1289 |
$SED "s?^#filtergroups =.*?filtergroups = 2?g" $DIR_E2G/e2guardian.conf
|
| 1290 |
# Listen on LAN only
|
1290 |
# Listen on LAN only
|
| 1291 |
$SED "s?^#filterip =.*?filterip = $PRIVATE_IP?g" $DIR_DG/e2guardian.conf
|
1291 |
$SED "s?^#filterip =.*?filterip = $PRIVATE_IP?g" $DIR_E2G/e2guardian.conf
|
| 1292 |
# Listen on 8080 (group1 : BL users on HTTP)
|
1292 |
# Listen on 8080 (group1 : BL users on HTTP)
|
| 1293 |
$SED "s?^#filterports = 8080.*?filterports = 8080?g" $DIR_DG/e2guardian.conf
|
1293 |
$SED "s?^#filterports = 8080.*?filterports = 8080?g" $DIR_E2G/e2guardian.conf
|
| 1294 |
# Listen on 8081 (group2 : previously AV users --> to be redefine)
|
1294 |
# Listen on 8081 (group2 : previously AV users --> to be redefine)
|
| 1295 |
# $SED "/^filterip = $PRIVATE_IP/a filterip = $PRIVATE_IP" $DIR_DG/e2guardian.conf
|
1295 |
# $SED "/^filterip = $PRIVATE_IP/a filterip = $PRIVATE_IP" $DIR_E2G/e2guardian.conf
|
| 1296 |
$SED "s?^#filterports = 8081.*?filterports = 8081?g" $DIR_DG/e2guardian.conf
|
1296 |
$SED "s?^#filterports = 8081.*?filterports = 8081?g" $DIR_E2G/e2guardian.conf
|
| 1297 |
# for now we don't listen transparently on 8443 (HTTPS) (only in future version)
|
1297 |
# for now we don't listen transparently on 8443 (HTTPS) (only in future version)
|
| 1298 |
$SED "s?^transparenthttpsport =.*?#transparenthttpsport = 8443?g" $DIR_DG/e2guardian.conf
|
1298 |
$SED "s?^transparenthttpsport =.*?#transparenthttpsport = 8443?g" $DIR_E2G/e2guardian.conf
|
| 1299 |
# Don't log
|
1299 |
# Don't log
|
| 1300 |
$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/e2guardian.conf
|
1300 |
$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_E2G/e2guardian.conf
|
| 1301 |
# Disable HTML content control (weighted & banned)
|
1301 |
# Disable HTML content control (weighted & banned)
|
| 1302 |
$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/e2guardian.conf
|
1302 |
$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_E2G/e2guardian.conf
|
| 1303 |
# Enable authport plugin
|
1303 |
# Enable authport plugin
|
| 1304 |
$SED "s?^#authplugin = '/etc/e2guardian/authplugins/port.conf'?authplugin = '/etc/e2guardian/authplugins/port.conf'?g" $DIR_DG/e2guardian.conf
|
1304 |
$SED "s?^#authplugin = '/etc/e2guardian/authplugins/port.conf'?authplugin = '/etc/e2guardian/authplugins/port.conf'?g" $DIR_E2G/e2guardian.conf
|
| 1305 |
$SED "s?^#mapauthtoports =.*?mapauthtoports = off?g" $DIR_DG/e2guardian.conf
|
1305 |
$SED "s?^#mapauthtoports =.*?mapauthtoports = off?g" $DIR_E2G/e2guardian.conf
|
| 1306 |
# !!! Set Max RAM cache to 10Mb (for antimalware/EDR)
|
1306 |
# !!! Set Max RAM cache to 10Mb (for antimalware/EDR)
|
| 1307 |
#$SED "s?^maxcontentramcachescansize =.*?maxcontentramcachescansize = 10240?g" $DIR_DG/e2guardian.conf
|
1307 |
#$SED "s?^maxcontentramcachescansize =.*?maxcontentramcachescansize = 10240?g" $DIR_E2G/e2guardian.conf
|
| 1308 |
# !!! Set Max file size cache to 20Mb (for antimalware/EDR)
|
1308 |
# !!! Set Max file size cache to 20Mb (for antimalware/EDR)
|
| 1309 |
#$SED "s?^maxcontentfilecachescansize =.*?maxcontentfilecachescansize = 20480?g" $DIR_DG/e2guardian.conf
|
1309 |
#$SED "s?^maxcontentfilecachescansize =.*?maxcontentfilecachescansize = 20480?g" $DIR_E2G/e2guardian.conf
|
| 1310 |
|
1310 |
|
| 1311 |
# copy & adapt HTML templates
|
1311 |
# copy & adapt HTML templates
|
| 1312 |
cp $DIR_CONF/alcasar-e2g-fr.html /usr/share/e2guardian/languages/french/alcasar-e2g.html
|
1312 |
cp $DIR_CONF/alcasar-e2g-fr.html /usr/share/e2guardian/languages/french/alcasar-e2g.html
|
| 1313 |
cp $DIR_CONF/alcasar-e2g-en.html /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html
|
1313 |
cp $DIR_CONF/alcasar-e2g-en.html /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html
|
| 1314 |
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/french/alcasar-e2g.html
|
1314 |
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/french/alcasar-e2g.html
|
| 1315 |
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html
|
1315 |
$SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html
|
| 1316 |
|
1316 |
|
| 1317 |
###### ALCASAR filtering for group1 (blacklisted_users) ####
|
1317 |
###### ALCASAR filtering for group1 (blacklisted_users) ####
|
| 1318 |
# Adapt group1 conf file
|
1318 |
# Adapt group1 conf file
|
| 1319 |
[ -e $DIR_DG/e2guardianf1.conf.default ] || cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf1.conf.default
|
1319 |
[ -e $DIR_E2G/e2guardianf1.conf.default ] || cp $DIR_E2G/e2guardianf1.conf $DIR_E2G/e2guardianf1.conf.default
|
| 1320 |
$SED "s/^#reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/e2guardianf1.conf
|
1320 |
$SED "s/^#reportinglevel =.*/reportinglevel = 3/g" $DIR_E2G/e2guardianf1.conf
|
| 1321 |
$SED "s/^#groupname =.*/groupname = 'blacklisted_users'/g" $DIR_DG/e2guardianf1.conf
|
1321 |
$SED "s/^#groupname =.*/groupname = 'blacklisted_users'/g" $DIR_E2G/e2guardianf1.conf
|
| 1322 |
$SED "s/^#htmltemplate =.*/htmltemplate = 'alcasar-e2g.html'/g" $DIR_DG/e2guardianf1.conf
|
1322 |
$SED "s/^#htmltemplate =.*/htmltemplate = 'alcasar-e2g.html'/g" $DIR_E2G/e2guardianf1.conf
|
| 1323 |
$SED "s/^.Define LISTDIR.*/.Define LISTDIR <$DIR_DG/lists/group1/g" $DIR_DG/e2guardianf1.conf
|
1323 |
$SED "s/^.Define LISTDIR.*/.Define LISTDIR <$DIR_E2G/lists/group1/g" $DIR_E2G/e2guardianf1.conf
|
| 1324 |
DIR_COMMON="$DIR_DG/lists/common"
|
1324 |
DIR_E2G_GROUP1="$DIR_E2G/lists/group1"
|
| 1325 |
cp -r $DIR_DG/lists/example.group $DIR_GROUP1
|
1325 |
cp -r $DIR_E2G/lists/example.group $DIR_E2G_GROUP1
|
| 1326 |
chown -R e2guardian:root $DIR_GROUP1
|
1326 |
chown -R e2guardian:root $DIR_E2G_GROUP1
|
| 1327 |
# RAZ bannedphraselist
|
1327 |
# RAZ bannedphraselist
|
| 1328 |
[ -e $DIR_GROUP1/bannedphraselist.default ] || mv $DIR_GROUP1/bannedphraselist $DIR_GROUP1/bannedphraselist.default
|
- |
|
| 1329 |
$SED "s?^[^#]?#&?g" $DIR_GROUP1/bannedphraselist # (comment what is not)
|
1328 |
$SED "s?^[^#]?#&?g" $DIR_E2G_GROUP1/bannedphraselist # (comment what is not)
|
| 1330 |
# Disable URL control with regex
|
1329 |
# Disable URL control with regex
|
| 1331 |
[ -e $DIR_GROUP1/banned.regexpurllist.default ] || mv $DIR_GROUP1/regexpurllist $DIR_GROUP1/regexpurllist.default
|
- |
|
| 1332 |
$SED "s?^[^#]?#&?g" $DIR_GROUP1/bannedregexpurllist # (comment what is not)
|
1330 |
$SED "s?^[^#]?#&?g" $DIR_E2G_GROUP1/bannedregexpurllist # (comment what is not)
|
| 1333 |
# Dont filtering files by extension or mime-type (empty list)
|
1331 |
# Dont filtering files by extension or mime-type (empty list)
|
| 1334 |
> $DIR_GROUP1/bannedextensionlist
|
1332 |
> $DIR_E2G_GROUP1/bannedextensionlist
|
| 1335 |
> $DIR_GROUP1/bannedmimetypelist
|
1333 |
> $DIR_E2G_GROUP1/bannedmimetypelist
|
| 1336 |
# Creation of ALCASAR banned site list
|
1334 |
# Creation of ALCASAR banned site list
|
| 1337 |
[ -e $DIR_GROUP1/greysitelist.default ] || mv $DIR_GROUP1/greysitelist $DIR_GROUP1/greysitelist.default
|
- |
|
| 1338 |
cat <<EOF > $DIR_GROUP1/greysitelist
|
1335 |
cat <<EOF > $DIR_E2G_GROUP1/greysitelist
|
| 1339 |
# E2guardian filter config for ALCASAR
|
1336 |
# E2guardian filter config for ALCASAR
|
| 1340 |
# In ALCASAR E2guardian filters only URLs (domains are filtered with unbound)
|
1337 |
# In ALCASAR E2guardian filters only URLs (domains are filtered with unbound)
|
| 1341 |
# block all SSL and CONNECT tunnels
|
1338 |
# block all SSL and CONNECT tunnels
|
| 1342 |
**s
|
1339 |
**s
|
| 1343 |
# block all SSL and CONNECT tunnels specified only as an IP
|
1340 |
# block all SSL and CONNECT tunnels specified only as an IP
|
| 1344 |
*ips
|
1341 |
*ips
|
| 1345 |
# block all sites specified only by an IP
|
1342 |
# block all sites specified only by an IP
|
| 1346 |
*ip
|
1343 |
*ip
|
| 1347 |
EOF
|
1344 |
EOF
|
| 1348 |
# Creation of file for banned URLs (filled later with Toulouse BL --> see BL function)
|
1345 |
# Creation of file for banned URLs (filled later with Toulouse BL --> see BL function)
|
| 1349 |
[ -e $DIR_GROUP1/bannedurllist.default ] || mv $DIR_GROUP1/bannedurllist $DIR_GROUP1/bannedurllist.default
|
- |
|
| 1350 |
cat <<EOF > $DIR_GROUP1/bannedurllist
|
1346 |
cat <<EOF > $DIR_E2G_GROUP1/bannedurllist
|
| 1351 |
# E2guardian URL filter config for ALCASAR
|
1347 |
# E2guardian URL filter config for ALCASAR
|
| 1352 |
EOF
|
1348 |
EOF
|
| 1353 |
# Creation of files for rehabilited domains
|
1349 |
# Creation of files for rehabilited domains
|
| 1354 |
[ -e $DIR_GROUP1/exceptionsitelist.default ] || mv $DIR_GROUP1/exceptionsitelist $DIR_GROUP1/exceptionsitelist.default
|
- |
|
| 1355 |
touch $DIR_GROUP1/exceptionsitelist
|
1350 |
> $DIR_E2G_GROUP1/exceptionsitelist
|
| 1356 |
# Creation of files for rehabilited IP
|
1351 |
# Creation of files for rehabilited IP
|
| 1357 |
[ -e $DIR_DG/lists/common/exceptioniplist.default ] || mv $DIR_DG/lists/common/exceptioniplist $DIR_DG/lists/common/exceptioniplist.default
|
1352 |
[ -e $DIR_E2G/lists/common/exceptioniplist.default ] || mv $DIR_E2G/lists/common/exceptioniplist $DIR_E2G/lists/common/exceptioniplist.default
|
| 1358 |
touch $DIR_DG/lists/common/exceptioniplist
|
1353 |
touch $DIR_E2G/lists/common/exceptioniplist
|
| 1359 |
# Add Bing to the safesearch url regext list (parental control)
|
1354 |
# Add Bing to the safesearch url regext list (parental control)
|
| 1360 |
[ -e $DIR_GROUP1/urlregexplist.default ] || cp $DIR_GROUP1/urlregexplist $DIR_GROUP1/urlregexplist.default
|
- |
|
| 1361 |
cat <<EOF >> $DIR_GROUP1/urlregexplist
|
1355 |
cat <<EOF >> $DIR_E2G_GROUP1/urlregexplist
|
| 1362 |
# Bing - add 'adlt=strict'
|
1356 |
# Bing - add 'adlt=strict'
|
| 1363 |
#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
|
1357 |
#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
|
| 1364 |
EOF
|
1358 |
EOF
|
| 1365 |
# 'Safesearch' regex actualisation
|
1359 |
# 'Safesearch' regex actualisation
|
| 1366 |
$SED "s?images?search?g" $DIR_GROUP1/urlregexplist
|
1360 |
$SED "s?images?search?g" $DIR_E2G_GROUP1/urlregexplist
|
| 1367 |
# change the google safesearch ("safe=strict" instead of "safe=vss")
|
1361 |
# change the google safesearch ("safe=strict" instead of "safe=vss")
|
| 1368 |
$SED "s?safe=vss?safe=strict?g" $DIR_GROUP1/urlregexplist
|
1362 |
$SED "s?safe=vss?safe=strict?g" $DIR_E2G_GROUP1/urlregexplist
|
| 1369 |
|
1363 |
|
| 1370 |
# Create & adapt group2 conf file (av + av_wl)
|
1364 |
# Create & adapt group2 conf file (av + av_wl)
|
| 1371 |
cp $DIR_DG/e2guardianf1.conf.default $DIR_DG/e2guardianf2.conf
|
1365 |
cp $DIR_E2G/e2guardianf1.conf.default $DIR_E2G/e2guardianf2.conf
|
| 1372 |
$SED "s?^#reportinglevel =.*?reportinglevel = 3?g" $DIR_DG/e2guardianf2.conf
|
1366 |
$SED "s?^#reportinglevel =.*?reportinglevel = 3?g" $DIR_E2G/e2guardianf2.conf
|
| 1373 |
$SED "s?^#groupname =.*?groupname = 'antimalware + whitelested users'?g" $DIR_DG/e2guardianf2.conf
|
1367 |
$SED "s?^#groupname =.*?groupname = 'antimalware + whitelested users'?g" $DIR_E2G/e2guardianf2.conf
|
| 1374 |
$SED "s?^urllist = 'name=banned,messageno=501,path=__LISTDIR__/bannedurllist'?urllist = 'name=banned,messageno=501,path=__LISTDIR__/bannedurllist.default'?g" $DIR_DG/e2guardianf2.conf # no banned urls
|
1368 |
$SED "s?^urllist = 'name=banned,messageno=501,path=__LISTDIR__/bannedurllist'?urllist = 'name=banned,messageno=501,path=__LISTDIR__/bannedurllist.default'?g" $DIR_E2G/e2guardianf2.conf # no banned urls
|
| 1375 |
|
1369 |
|
| 1376 |
# create log folder
|
1370 |
# create log folder
|
| 1377 |
mkdir -p /var/log/e2guardian
|
1371 |
mkdir -p /var/log/e2guardian
|
| 1378 |
chown -R e2guardian /etc/e2guardian /var/log/e2guardian
|
1372 |
chown -R e2guardian /etc/e2guardian /var/log/e2guardian
|
| 1379 |
} # End of e2guardian()
|
1373 |
} # End of e2guardian()
|
| Line 1668... |
Line 1662... |
| 1668 |
## - copy additional BLs (TOR + Ultrasurf + C&C) ##
|
1662 |
## - copy additional BLs (TOR + Ultrasurf + C&C) ##
|
| 1669 |
##########################################################
|
1663 |
##########################################################
|
| 1670 |
BL()
|
1664 |
BL()
|
| 1671 |
{
|
1665 |
{
|
| 1672 |
# copy the Toulouse university BL in order to be adapted to ALCASAR architecture (alcasar-bl.sh -adapt)
|
1666 |
# copy the Toulouse university BL in order to be adapted to ALCASAR architecture (alcasar-bl.sh -adapt)
|
| 1673 |
rm -rf $DIR_DG/lists/blacklists
|
1667 |
rm -rf $DIR_E2G/lists/blacklists
|
| 1674 |
mkdir -p /tmp/blacklists
|
1668 |
mkdir -p /tmp/blacklists
|
| 1675 |
cp $DIR_BLACKLIST/blacklists.tar.gz /tmp/blacklists/
|
1669 |
cp $DIR_BLACKLIST/blacklists.tar.gz /tmp/blacklists/
|
| 1676 |
# creation of the additional BL and WL categorie named "ossi" (for domain names & ip only)
|
1670 |
# creation of the additional BL and WL categorie named "ossi" (for domain names & ip only)
|
| 1677 |
mkdir -p $DIR_DG/lists/blacklists/ossi-bl
|
1671 |
mkdir -p $DIR_E2G/lists/blacklists/ossi-bl
|
| 1678 |
touch $DIR_DG/lists/blacklists/ossi-bl/domains
|
1672 |
touch $DIR_E2G/lists/blacklists/ossi-bl/domains
|
| 1679 |
echo "ossi-bl" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
|
1673 |
echo "ossi-bl" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
|
| 1680 |
mkdir -p $DIR_DG/lists/blacklists/ossi-wl
|
1674 |
mkdir -p $DIR_E2G/lists/blacklists/ossi-wl
|
| 1681 |
touch $DIR_DG/lists/blacklists/ossi-wl/domains
|
1675 |
touch $DIR_E2G/lists/blacklists/ossi-wl/domains
|
| 1682 |
echo "ossi-wl" >> $DIR_DEST_ETC/alcasar-wl-categories-enabled
|
1676 |
echo "ossi-wl" >> $DIR_DEST_ETC/alcasar-wl-categories-enabled
|
| 1683 |
# add additional BL files
|
1677 |
# add additional BL files
|
| 1684 |
for x in $(ls $DIR_BLACKLIST | grep -v "^blacklists")
|
1678 |
for x in $(ls $DIR_BLACKLIST | grep -v "^blacklists")
|
| 1685 |
do
|
1679 |
do
|
| 1686 |
mkdir $DIR_DG/lists/blacklists/ossi-bl-$x
|
1680 |
mkdir $DIR_E2G/lists/blacklists/ossi-bl-$x
|
| 1687 |
cp $DIR_BLACKLIST/$x $DIR_DG/lists/blacklists/ossi-bl-$x/domains
|
1681 |
cp $DIR_BLACKLIST/$x $DIR_E2G/lists/blacklists/ossi-bl-$x/domains
|
| 1688 |
echo "ossi-bl-$x" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
|
1682 |
echo "ossi-bl-$x" >> $DIR_DEST_ETC/alcasar-bl-categories-enabled
|
| 1689 |
done
|
1683 |
done
|
| 1690 |
chown -R e2guardian:apache $DIR_DG
|
1684 |
chown -R e2guardian:apache $DIR_E2G
|
| 1691 |
chown -R root:apache $DIR_DEST_SHARE
|
1685 |
chown -R root:apache $DIR_DEST_SHARE
|
| 1692 |
chmod -R g+rw $DIR_DG $DIR_DEST_SHARE
|
1686 |
chmod -R g+rw $DIR_E2G $DIR_DEST_SHARE
|
| 1693 |
# adapt the Toulouse BL to ALCASAR architecture
|
1687 |
# adapt the Toulouse BL to ALCASAR architecture
|
| 1694 |
$DIR_DEST_BIN/alcasar-bl.sh --adapt
|
1688 |
$DIR_DEST_BIN/alcasar-bl.sh --adapt
|
| 1695 |
# enable the default categories
|
1689 |
# enable the default categories
|
| 1696 |
$DIR_DEST_BIN/alcasar-bl.sh --cat_choice
|
1690 |
$DIR_DEST_BIN/alcasar-bl.sh --cat_choice
|
| 1697 |
rm -rf /tmp/blacklists
|
1691 |
rm -rf /tmp/blacklists
|