Line 1... |
Line 1... |
1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
2 |
# $Id: alcasar.sh 2840 2020-06-27 22:35:40Z rexy $
|
2 |
# $Id: alcasar.sh 2841 2020-06-28 21:49:00Z rexy $
|
3 |
|
3 |
|
4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
5 |
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
5 |
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
7 |
# team@alcasar.net
|
7 |
# team@alcasar.net
|
Line 1288... |
Line 1288... |
1288 |
$SED "s?^#authplugin = '/etc/e2guardian/authplugins/port.conf'?authplugin = '/etc/e2guardian/authplugins/port.conf'?g" $DIR_DG/e2guardian.conf
|
1288 |
$SED "s?^#authplugin = '/etc/e2guardian/authplugins/port.conf'?authplugin = '/etc/e2guardian/authplugins/port.conf'?g" $DIR_DG/e2guardian.conf
|
1289 |
$SED "s?^#mapauthtoports =.*?mapauthtoports = off?g" $DIR_DG/e2guardian.conf
|
1289 |
$SED "s?^#mapauthtoports =.*?mapauthtoports = off?g" $DIR_DG/e2guardian.conf
|
1290 |
# Enable clamd scanner
|
1290 |
# Enable clamd scanner
|
1291 |
$SED "s?^#contentscanner = '/etc/e2guardian/contentscanners/clamdscan.conf'?contentscanner = '/etc/e2guardian/contentscanners/clamdscan.conf'?g" $DIR_DG/e2guardian.conf
|
1291 |
$SED "s?^#contentscanner = '/etc/e2guardian/contentscanners/clamdscan.conf'?contentscanner = '/etc/e2guardian/contentscanners/clamdscan.conf'?g" $DIR_DG/e2guardian.conf
|
1292 |
|
1292 |
|
- |
|
1293 |
# Adapt the first group conf file
|
- |
|
1294 |
[ -e $DIR_DG/e2guardianf1.conf.default ] || cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf1.conf.default
|
- |
|
1295 |
# Reporting (deny page) in HTML
|
- |
|
1296 |
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/e2guardianf1.conf
|
- |
|
1297 |
$SED "s/^groupname =.*/groupname = 'blacklisted users'/g" $DIR_DG/e2guardianf1.conf
|
- |
|
1298 |
|
- |
|
1299 |
###### ALCASAR special filtering ####
|
1293 |
# RAZ bannedphraselist
|
1300 |
# RAZ bannedphraselist
|
1294 |
cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
|
1301 |
cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
|
1295 |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (comment what is not)
|
1302 |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (comment what is not)
|
1296 |
|
- |
|
1297 |
# Disable URL control with regex
|
1303 |
# Disable URL control with regex
|
1298 |
cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
|
1304 |
cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
|
1299 |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (comment what is not)
|
1305 |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (comment what is not)
|
1300 |
|
- |
|
1301 |
# Adapt the first group conf file
|
- |
|
1302 |
[ -e $DIR_DG/e2guardianf1.conf.default ] || cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf1.conf.default
|
- |
|
1303 |
# Reporting (deny page) in HTML
|
- |
|
1304 |
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/e2guardianf1.conf
|
- |
|
1305 |
|
- |
|
1306 |
# Copy the fist group conf file to the second
|
- |
|
1307 |
cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf2.conf
|
- |
|
1308 |
|
- |
|
1309 |
# Replace the default deny HTML page (only fr & uk) --> !!! search why our pages make the server crash...
|
1306 |
# Replace the default deny HTML page (only fr & uk) --> !!! search why our pages make the server crash...
|
1310 |
# [ -e /usr/share/e2guardian/languages/french/template.html.default ] || mv /usr/share/e2guardian/languages/french/template.html /usr/share/e2guardian/languages/french/template.html.default
|
1307 |
# [ -e /usr/share/e2guardian/languages/french/template.html.default ] || mv /usr/share/e2guardian/languages/french/template.html /usr/share/e2guardian/languages/french/template.html.default
|
1311 |
# cp -f $DIR_CONF/template-fr.html /usr/share/e2guardian/languages/french/template.html
|
1308 |
# cp -f $DIR_CONF/template-fr.html /usr/share/e2guardian/languages/french/template.html
|
1312 |
# [ -e /usr/share/e2guardian/languages/ukenglish/template.html.default ] || mv /usr/share/e2guardian/languages/ukenglish/template.html /usr/share/e2guardian/languages/ukenglish/template.html.default
|
1309 |
# [ -e /usr/share/e2guardian/languages/ukenglish/template.html.default ] || mv /usr/share/e2guardian/languages/ukenglish/template.html /usr/share/e2guardian/languages/ukenglish/template.html.default
|
1313 |
# cp -f $DIR_CONF/template.html /usr/share/e2guardian/languages/ukenglish/template.html
|
1310 |
# cp -f $DIR_CONF/template.html /usr/share/e2guardian/languages/ukenglish/template.html
|
Line 1318... |
Line 1315... |
1318 |
touch $DIR_DG/lists/bannedmimetypelist
|
1315 |
touch $DIR_DG/lists/bannedmimetypelist
|
1319 |
# Empty LAN IP list that won't be WEB filtered
|
1316 |
# Empty LAN IP list that won't be WEB filtered
|
1320 |
[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
|
1317 |
[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
|
1321 |
touch $DIR_DG/lists/exceptioniplist
|
1318 |
touch $DIR_DG/lists/exceptioniplist
|
1322 |
# Creation of ALCASAR banned site list
|
1319 |
# Creation of ALCASAR banned site list
|
1323 |
[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
|
1320 |
[ -e $DIR_DG/lists/greysitelist.default ] || mv $DIR_DG/lists/greysitelist $DIR_DG/lists/greysitelist.default
|
1324 |
cat <<EOF > $DIR_DG/lists/bannedsitelist
|
1321 |
cat <<EOF > $DIR_DG/lists/greysitelist
|
1325 |
# E2guardian filter config for ALCASAR
|
1322 |
# E2guardian filter config for ALCASAR
|
1326 |
# In ALCASAR E2guardian filters only URLs (domains are filtered with unbound)
|
1323 |
# In ALCASAR E2guardian filters only URLs (domains are filtered with unbound)
|
1327 |
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
|
- |
|
1328 |
#**
|
- |
|
1329 |
# block all SSL and CONNECT tunnels
|
1324 |
# block all SSL and CONNECT tunnels
|
1330 |
**s
|
1325 |
**s
|
1331 |
# block all SSL and CONNECT tunnels specified only as an IP
|
1326 |
# block all SSL and CONNECT tunnels specified only as an IP
|
1332 |
*ips
|
1327 |
*ips
|
1333 |
# block all sites specified only by an IP
|
1328 |
# block all sites specified only by an IP
|
Line 1352... |
Line 1347... |
1352 |
EOF
|
1347 |
EOF
|
1353 |
# 'Safesearch' regex actualisation
|
1348 |
# 'Safesearch' regex actualisation
|
1354 |
$SED "s?images?search?g" $DIR_DG/lists/urlregexplist
|
1349 |
$SED "s?images?search?g" $DIR_DG/lists/urlregexplist
|
1355 |
# change the google safesearch ("safe=strict" instead of "safe=vss")
|
1350 |
# change the google safesearch ("safe=strict" instead of "safe=vss")
|
1356 |
$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
|
1351 |
$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
|
- |
|
1352 |
|
- |
|
1353 |
# Create & adapt the second group conf file (av + av_wl)
|
- |
|
1354 |
cp $DIR_DG/e2guardianf1.conf.default $DIR_DG/e2guardianf2.conf
|
- |
|
1355 |
$SED "s?^reportinglevel =.*?reportinglevel = 3?g" $DIR_DG/e2guardianf2.conf
|
- |
|
1356 |
$SED "s/^groupname =.*/groupname = 'antimalware & whitelested users'/g" $DIR_DG/e2guardianf2.conf
|
- |
|
1357 |
$SED "s/\/lists\/bannedurllist'/urllist = 'name=banned,messageno=501,path=\/etc\/e2guardian\/lists\/bannedurllist.default'/g" $DIR_DG/e2guardianf2.conf # no banned urls
|
- |
|
1358 |
|
1357 |
# create log folder
|
1359 |
# create log folder
|
1358 |
mkdir -p /var/log/e2guardian
|
1360 |
mkdir -p /var/log/e2guardian
|
1359 |
chown -R e2guardian /etc/e2guardian /var/log/e2guardian
|
1361 |
chown -R e2guardian /etc/e2guardian /var/log/e2guardian
|
1360 |
} # End of e2guardian()
|
1362 |
} # End of e2guardian()
|
1361 |
|
1363 |
|
Line 1364... |
Line 1366... |
1364 |
## - Set the parameters of clamav and freshclam ##
|
1366 |
## - Set the parameters of clamav and freshclam ##
|
1365 |
##################################################################
|
1367 |
##################################################################
|
1366 |
antivirus()
|
1368 |
antivirus()
|
1367 |
{
|
1369 |
{
|
1368 |
# Clamd adaptation to e2guardian
|
1370 |
# Clamd adaptation to e2guardian
|
- |
|
1371 |
[ -e /lib/systemd/system/clamav-daemon.service.default ] || cp /lib/systemd/system/clamav-daemon.service /lib/systemd/system/clamav-daemon.service.default
|
- |
|
1372 |
$SED "/^[Service]/a ExecStartPre=\/bin\/chown e2guardian:e2guardian \/run\/clamav" /lib/systemd/system/clamav-daemon.service
|
- |
|
1373 |
$SED "/^[Service]/a ExecStartPre=\/bin\/mkdir -p \/run\/clamav" /lib/systemd/system/clamav-daemon.service
|
1369 |
[ -e /etc/clamd.conf.default ] || cp /etc/clamd.conf /etc/clamd.conf.default
|
1374 |
[ -e /etc/clamd.conf.default ] || cp /etc/clamd.conf /etc/clamd.conf.default
|
1370 |
$SED "s?^User.*?User e2guardian?g" /etc/clamd.conf
|
1375 |
$SED "s?^User.*?User e2guardian?g" /etc/clamd.conf
|
- |
|
1376 |
$SED "s?^MaxThreads.*?MaxThreads 32?g" /etc/clamd.conf
|
- |
|
1377 |
$SED "s?^#LogTime.*?LogTime yes?g" /etc/clamd.conf # enable logtime for each message
|
- |
|
1378 |
$SED "s?^LogVerbose.*?LogVerbose no?g" /etc/clamd.conf
|
- |
|
1379 |
$SED "s?^#LogRotate.*?LogRotate yes?g" /etc/clamd.conf
|
1371 |
chown -R e2guardian:e2guardian /var/log/clamav /var/lib/clamav
|
1380 |
chown -R e2guardian:e2guardian /var/log/clamav /var/lib/clamav
|
1372 |
chmod 775 /var/log/clamav /var/lib/clamav
|
1381 |
chmod 775 /var/log/clamav /var/lib/clamav
|
1373 |
chmod 664 /var/log/clamav/*
|
1382 |
chmod 664 /var/log/clamav/*
|
1374 |
# update virus database every 4 hours (24h/6)
|
1383 |
# update virus database every 4 hours (24h/6)
|
1375 |
[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
|
1384 |
[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
|
1376 |
$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
|
1385 |
$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
|
1377 |
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
|
1386 |
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
|
1378 |
$SED "/^DatabaseMirror/a DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
|
1387 |
$SED "/^DatabaseMirror/a DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
|
1379 |
$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
|
1388 |
$SED "s?^MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
|
1380 |
$SED "s?^DatabaseOwner.*?DatabaseOwner e2guardian?g" /etc/freshclam
|
1389 |
$SED "s?^DatabaseOwner.*?DatabaseOwner e2guardian?g" /etc/freshclam.conf
|
1381 |
|
- |
|
1382 |
# update now
|
1390 |
# update now
|
1383 |
/usr/bin/freshclam --no-warnings --quiet
|
1391 |
/usr/bin/freshclam --no-warnings --quiet
|
1384 |
} # End of antivirus()
|
1392 |
} # End of antivirus()
|
1385 |
|
1393 |
|
1386 |
##############################################################
|
1394 |
##############################################################
|
Line 2169... |
Line 2177... |
2169 |
# GRUB2 modifications (Wait time : 3s - ALCASAR entry - VGA=791 - Change the default banner
|
2177 |
# GRUB2 modifications (Wait time : 3s - ALCASAR entry - VGA=791 - Change the default banner
|
2170 |
[ -e /etc/default/grub.default ] || cp /etc/default/grub /etc/default/grub.default
|
2178 |
[ -e /etc/default/grub.default ] || cp /etc/default/grub /etc/default/grub.default
|
2171 |
$SED "s?^GRUB_TIMEOUT=.*?GRUB_TIMEOUT=3?g" /etc/default/grub
|
2179 |
$SED "s?^GRUB_TIMEOUT=.*?GRUB_TIMEOUT=3?g" /etc/default/grub
|
2172 |
$SED "s?^GRUB_DISTRIBUTOR=.*?GRUB_DISTRIBUTOR=ALCASAR?g" /etc/default/grub
|
2180 |
$SED "s?^GRUB_DISTRIBUTOR=.*?GRUB_DISTRIBUTOR=ALCASAR?g" /etc/default/grub
|
2173 |
[ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default
|
2181 |
[ -e /etc/mageia-release.default ] || cp /etc/mageia-release /etc/mageia-release.default
|
2174 |
vm_vga=`lsmod | egrep -c "virtio|vmwgfx|vbox"` # test if in VM
|
2182 |
vm_vga=`lsmod | egrep -c "virtio|vmwgfx"` # test if in VM
|
2175 |
if [ $vm_vga == 0 ] # is not a VM
|
2183 |
if [ $vm_vga == 0 ] # is not a VM
|
2176 |
then
|
2184 |
then
|
2177 |
cp -f $DIR_CONF/banner /etc/mageia-release # ALCASAR ASCII-Art
|
2185 |
cp -f $DIR_CONF/banner /etc/mageia-release # ALCASAR ASCII-Art
|
2178 |
echo >> /etc/mageia-release
|
2186 |
echo >> /etc/mageia-release
|
2179 |
$SED "s?^GRUB_CMDLINE_LINUX_DEFAULT=\"?&vga=791 ?" /etc/default/grub
|
2187 |
$SED "s?^GRUB_CMDLINE_LINUX_DEFAULT=\"?&vga=791 ?" /etc/default/grub
|