Line 1... |
Line 1... |
1 |
#!/bin/sh
|
1 |
#!/bin/sh
|
2 |
# $Id: alcasar.sh 638 2011-06-18 21:19:04Z richard $
|
2 |
# $Id: alcasar.sh 648 2011-06-25 21:31:06Z richard $
|
3 |
|
3 |
|
4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
7 |
|
7 |
|
Line 43... |
Line 43... |
43 |
DIR_INSTALL=`pwd` # répertoire d'installation
|
43 |
DIR_INSTALL=`pwd` # répertoire d'installation
|
44 |
DIR_CONF="$DIR_INSTALL/conf" # répertoire d'installation contenant les fichiers de configuration
|
44 |
DIR_CONF="$DIR_INSTALL/conf" # répertoire d'installation contenant les fichiers de configuration
|
45 |
DIR_SCRIPTS="$DIR_INSTALL/scripts" # répertoire d'installation contenant les scripts
|
45 |
DIR_SCRIPTS="$DIR_INSTALL/scripts" # répertoire d'installation contenant les scripts
|
46 |
DIR_SAVE="/var/Save" # répertoire de sauvegarde (ISO, backup, etc.)
|
46 |
DIR_SAVE="/var/Save" # répertoire de sauvegarde (ISO, backup, etc.)
|
47 |
DIR_WEB="/var/www/html" # répertoire racine APACHE
|
47 |
DIR_WEB="/var/www/html" # répertoire racine APACHE
|
- |
|
48 |
DIR_DG="/etc/dansguardian" # répertoire de config de DansGuardian
|
48 |
DIR_ACC="$DIR_WEB/acc" # répertoire du centre de gestion 'ALCASAR Control Center'
|
49 |
DIR_ACC="$DIR_WEB/acc" # répertoire du centre de gestion 'ALCASAR Control Center'
|
49 |
DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts
|
50 |
DIR_DEST_BIN="/usr/local/bin" # répertoire des scripts
|
50 |
DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin
|
51 |
DIR_DEST_SBIN="/usr/local/sbin" # répertoire des scripts d'admin
|
51 |
DIR_DEST_ETC="/usr/local/etc" # répertoire des fichiers de conf
|
52 |
DIR_DEST_ETC="/usr/local/etc" # répertoire des fichiers de conf
|
52 |
CONF_FILE="$DIR_DEST_ETC/alcasar.conf" # fichier de conf d'alcasar
|
53 |
CONF_FILE="$DIR_DEST_ETC/alcasar.conf" # fichier de conf d'alcasar
|
Line 233... |
Line 234... |
233 |
# - dans /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log-clean.sh,log-export.sh,mondo.sh,watchdog.sh}
|
234 |
# - dans /usr/local/bin : alcasar-{CA.sh,conf.sh,import-clean.sh,iptables-bypass.sh,iptables.sh,log-clean.sh,log-export.sh,mondo.sh,watchdog.sh}
|
234 |
cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
|
235 |
cp -f $DIR_SCRIPTS/alcasar* $DIR_DEST_BIN/. ; chown root:root $DIR_DEST_BIN/alcasar* ; chmod 740 $DIR_DEST_BIN/alcasar*
|
235 |
# - dans /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
|
236 |
# - dans /usr/local/sbin : alcasar-{bl.sh,bypass.sh,dateLog.sh,havp.sh,logout.sh,mysql.sh,nf.sh,profil.sh,uninstall.sh,version-list.sh,load-balancing.sh}
|
236 |
cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
|
237 |
cp -f $DIR_SCRIPTS/sbin/alcasar* $DIR_DEST_SBIN/. ; chown root:root $DIR_DEST_SBIN/alcasar* ; chmod 740 $DIR_DEST_SBIN/alcasar*
|
237 |
# - des fichiers de conf dans /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,ethers,iptables-local.sh,services}
|
238 |
# - des fichiers de conf dans /usr/local/etc : alcasar-{bl-categories-enabled,dns-name,ethers,iptables-local.sh,services}
|
238 |
cp -f $DIR_SCRIPTS/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
|
239 |
cp -f $DIR_CONF/etc/alcasar* $DIR_DEST_ETC/. ; chown root:apache $DIR_DEST_ETC/alcasar* ; chmod 660 $DIR_DEST_ETC/alcasar*
|
239 |
$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh
|
240 |
$SED "s?^radiussecret.*?radiussecret=\"$secretradius\"?g" $DIR_DEST_SBIN/alcasar-logout.sh
|
240 |
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
|
241 |
$SED "s?^DB_RADIUS=.*?DB_RADIUS=\"$DB_RADIUS\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh
|
241 |
$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
|
242 |
$SED "s?^DB_USER=.*?DB_USER=\"$DB_USER\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
|
242 |
$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
|
243 |
$SED "s?^radiuspwd=.*?radiuspwd=\"$radiuspwd\"?g" $DIR_DEST_SBIN/alcasar-mysql.sh $DIR_DEST_BIN/alcasar-conf.sh
|
243 |
# generate central conf file
|
244 |
# generate central conf file
|
Line 877... |
Line 878... |
877 |
## Fonction param_dansguardian ##
|
878 |
## Fonction param_dansguardian ##
|
878 |
## - Paramètrage du gestionnaire de contenu Dansguardian ##
|
879 |
## - Paramètrage du gestionnaire de contenu Dansguardian ##
|
879 |
##################################################################
|
880 |
##################################################################
|
880 |
param_dansguardian ()
|
881 |
param_dansguardian ()
|
881 |
{
|
882 |
{
|
882 |
DIR_DG="/etc/dansguardian"
|
- |
|
883 |
mkdir /var/dansguardian
|
883 |
mkdir /var/dansguardian
|
884 |
chown dansguardian /var/dansguardian
|
884 |
chown dansguardian /var/dansguardian
|
885 |
[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
|
885 |
[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
|
886 |
# Le filtrage est désactivé par défaut
|
886 |
# Le filtrage est désactivé par défaut
|
887 |
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" $DIR_DG/dansguardian.conf
|
887 |
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" $DIR_DG/dansguardian.conf
|
Line 1114... |
Line 1114... |
1114 |
## Fonction BL (BlackList) ##
|
1114 |
## Fonction BL (BlackList) ##
|
1115 |
##########################################################
|
1115 |
##########################################################
|
1116 |
BL ()
|
1116 |
BL ()
|
1117 |
{
|
1117 |
{
|
1118 |
# on copie par défaut la BL de toulouse embarqués dans l'archive d'ALCASAR
|
1118 |
# on copie par défaut la BL de toulouse embarqués dans l'archive d'ALCASAR
|
1119 |
rm -rf /etc/dansguardian/lists/blacklists
|
1119 |
rm -rf $DIR_DG/lists/blacklists
|
1120 |
tar zxf $DIR_CONF/blacklists.tar.gz --directory=/etc/dansguardian/lists/ > /dev/null 2>&1
|
1120 |
tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
|
1121 |
cp -f $DIR_CONF/VERSION-BL $DIR_ACC/
|
1121 |
cp -f $DIR_CONF/VERSION-BL $DIR_ACC/
|
1122 |
chown apache:apache $DIR_ACC/VERSION-BL
|
1122 |
chown apache:apache $DIR_ACC/VERSION-BL
|
1123 |
# on crée le répertoire de la BL secondaire
|
1123 |
# on crée le répertoire de la BL secondaire et le répertoire "pureip" (catégorie virtuelle)
|
1124 |
mkdir /etc/dansguardian/lists/blacklists/ossi
|
1124 |
mkdir $DIR_DG/lists/blacklists/ossi $DIR_DG/lists/blacklists/ip
|
1125 |
touch /etc/dansguardian/lists/blacklists/ossi/domains
|
1125 |
touch $DIR_DG/lists/blacklists/ossi/domains $DIR_DG/lists/blacklists/ip/domains
|
1126 |
touch /etc/dansguardian/lists/blacklists/ossi/urls
|
1126 |
touch $DIR_DG/lists/blacklists/ossi/urls $DIR_DG/lists/blacklists/ip/urls
|
1127 |
# On crée les fichiers vides de sites ou d'URL réhabilités
|
1127 |
# On crée les fichiers vides de sites ou d'URL réhabilités
|
1128 |
[ -e /etc/dansguardian/lists/exceptionsitelist.default ] || mv /etc/dansguardian/lists/exceptionsitelist /etc/dansguardian/lists/exceptionsitelist.default
|
1128 |
[ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
|
1129 |
[ -e /etc/dansguardian/lists/exceptionurllist.default ] || mv /etc/dansguardian/lists/exceptionurllist /etc/dansguardian/lists/exceptionurllist.default
|
1129 |
[ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIr_DG/lists/exceptionurllist.default
|
1130 |
touch /etc/dansguardian/lists/exceptionsitelist
|
1130 |
touch $DIR_DG/lists/exceptionsitelist
|
1131 |
touch /etc/dansguardian/lists/exceptionurllist
|
1131 |
touch $DIR_DG/lists/exceptionurllist
|
1132 |
# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian
|
1132 |
# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian
|
1133 |
cat <<EOF > /etc/dansguardian/lists/bannedurllist
|
1133 |
cat <<EOF > $DIR_DG/lists/bannedurllist
|
1134 |
# Dansguardian filter config for ALCASAR
|
1134 |
# Dansguardian filter config for ALCASAR
|
1135 |
EOF
|
1135 |
EOF
|
1136 |
cat <<EOF > /etc/dansguardian/lists/bannedsitelist
|
1136 |
cat <<EOF > $DIR_DG/lists/bannedsitelist
|
1137 |
# Dansguardian domain filter config for ALCASAR
|
1137 |
# Dansguardian domain filter config for ALCASAR
|
1138 |
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
|
1138 |
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
|
1139 |
#**
|
1139 |
#**
|
1140 |
# block all SSL and CONNECT tunnels
|
1140 |
# block all SSL and CONNECT tunnels
|
1141 |
**s
|
1141 |
**s
|
1142 |
# block all SSL and CONNECT tunnels specified only as an IP
|
1142 |
# block all SSL and CONNECT tunnels specified only as an IP
|
1143 |
*ips
|
1143 |
*ips
|
1144 |
# block all sites specified only by an IP
|
1144 |
# block all sites specified only by an IP
|
1145 |
*ip
|
1145 |
*ip
|
1146 |
EOF
|
1146 |
EOF
|
1147 |
chown -R dansguardian:apache /etc/dansguardian/
|
1147 |
chown -R dansguardian:apache $DIR_DG
|
1148 |
chmod -R g+rw /etc/dansguardian
|
1148 |
chmod -R g+rw $DIR_DG
|
1149 |
# On crée la structure du DNS-blackhole :
|
1149 |
# On crée la structure du DNS-blackhole :
|
1150 |
mkdir $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
|
1150 |
mkdir $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
|
1151 |
chown -R 770 $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
|
1151 |
chown -R 770 $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
|
1152 |
chown -R root:apache $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
|
1152 |
chown -R root:apache $DIR_DEST_ETC/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
|
1153 |
# On fait pointer le black-hole sur une page interne
|
1153 |
# On fait pointer le black-hole sur une page interne
|
1154 |
$SED "s?^IP_RETOUR=.*?IP_RETOUR=\"$PRIVATE_IP\"?g" $DIR_DEST_SBIN/alcasar-bl.sh
|
1154 |
$SED "s?^IP_RETOUR=.*?IP_RETOUR=\"$PRIVATE_IP\"?g" $DIR_DEST_SBIN/alcasar-bl.sh
|
1155 |
# On récupère la dernière version de la BL Toulouse
|
1155 |
# On récupère la dernière version de la BL Toulouse et on l'adapte à notre structure
|
1156 |
$DIR_DEST_SBIN/alcasar-bl.sh --download
|
1156 |
$DIR_DEST_SBIN/alcasar-bl.sh --download
|
1157 |
}
|
1157 |
}
|
1158 |
|
1158 |
|
1159 |
##########################################################
|
1159 |
##########################################################
|
1160 |
## Fonction cron ##
|
1160 |
## Fonction cron ##
|