Subversion Repositories ALCASAR

Rev

Rev 1374 | Rev 1376 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1374 Rev 1375
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 1374 2014-06-04 17:09:43Z richard $ 
2
#  $Id: alcasar.sh 1375 2014-06-04 21:06:52Z richard $ 
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
 
5
 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
7
# Ce programme est un logiciel libre ; This software is free and open source
7
# Ce programme est un logiciel libre ; This software is free and open source
Line 1050... Line 1050...
1050
##################################################################
1050
##################################################################
1051
param_dansguardian ()
1051
param_dansguardian ()
1052
{
1052
{
1053
	mkdir /var/dansguardian
1053
	mkdir /var/dansguardian
1054
	chown dansguardian /var/dansguardian
1054
	chown dansguardian /var/dansguardian
1055
	$SED "s/^ExecStart=.*?ExecStart=/usr/sbin/dansguardian -c /etc/dansguardian/dansguardian.conf?g" /lib/systemd/system/dansguardian.service
1055
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dansguardian -c /etc/dansguardian/dansguardian.conf?g" /lib/systemd/system/dansguardian.service
1056
	$SED "s/^After=.*?After=network.target chilli.target?g" /lib/systemd/system/dansguardian.service
1056
	$SED "s?^After=.*?After=network.target chilli.target?g" /lib/systemd/system/dansguardian.service
1057
	[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
1057
	[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
1058
# By default the filter is off 
1058
# By default the filter is off 
1059
	$SED "s/^reportinglevel =.*/reportinglevel = -1/g" $DIR_DG/dansguardian.conf
1059
	$SED "s/^reportinglevel =.*/reportinglevel = -1/g" $DIR_DG/dansguardian.conf
1060
# French deny HTML page
1060
# French deny HTML page
1061
	$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
1061
	$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
Line 1155... Line 1155...
1155
	nl=1
1155
	nl=1
1156
	for log_type in traceability ssh ext-access
1156
	for log_type in traceability ssh ext-access
1157
	do
1157
	do
1158
		[ -e /lib/systemd/system/ulogd-$log_type.service ] || cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-$log_type.service
1158
		[ -e /lib/systemd/system/ulogd-$log_type.service ] || cp -f /lib/systemd/system/ulogd.service /lib/systemd/system/ulogd-$log_type.service
1159
		[ -e /var/log/firewall/$log_type.log ] || echo "" > /var/log/firewall/$log_type.log
1159
		[ -e /var/log/firewall/$log_type.log ] || echo "" > /var/log/firewall/$log_type.log
1160
		cp -f /etc/ulogd.conf /etc/ulogd-$log_type.conf
1160
		cp -f $DIR_CONF/ulogd-sample.conf /etc/ulogd-$log_type.conf
1161
		$SED "s?^nlgroup=.*?nlgroup=$nl?g" /etc/ulogd-$log_type.conf 
1161
		$SED "s?^nlgroup=.*?nlgroup=$nl?g" /etc/ulogd-$log_type.conf 
1162
		$SED '/OPRINT/,$d' /etc/ulogd-$log_type.conf
-
 
1163
		cat << EOF >> /etc/ulogd-$log_type.conf
1162
		cat << EOF >> /etc/ulogd-$log_type.conf
1164
[LOGEMU]
1163
[LOGEMU]
1165
file="/var/log/firewall/$log_type.log"
1164
file="/var/log/firewall/$log_type.log"
1166
sync=1
1165
sync=1
1167
EOF
1166
EOF
1168
		$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -c /etc/ulogd-$log_type.conf?g" /lib/systemd/system/ulogd-$log_type.service
1167
		$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/ulogd -d -c /etc/ulogd-$log_type.conf?g" /lib/systemd/system/ulogd-$log_type.service
1169
		nl=`expr $nl + 1`
1168
		nl=`expr $nl + 1`
1170
	done
1169
	done
1171
	chown -R root:apache /var/log/firewall
1170
	chown -R root:apache /var/log/firewall
1172
	chmod 750 /var/log/firewall
1171
	chmod 750 /var/log/firewall
1173
	chmod 640 /var/log/firewall/*
1172
	chmod 640 /var/log/firewall/*
Line 1513... Line 1512...
1513
	echo "SSH=off" >> $CONF_FILE
1512
	echo "SSH=off" >> $CONF_FILE
1514
	echo 'SSH_ADMIN_FROM=0.0.0.0/0.0.0.0' >> $CONF_FILE
1513
	echo 'SSH_ADMIN_FROM=0.0.0.0/0.0.0.0' >> $CONF_FILE
1515
	echo "QOS=off" >> $CONF_FILE
1514
	echo "QOS=off" >> $CONF_FILE
1516
	echo "LDAP=off" >> $CONF_FILE
1515
	echo "LDAP=off" >> $CONF_FILE
1517
	echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
1516
	echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
1518
	echo "WEB_ANTIVIRUS=on" >> $CONF_FILE # TODO to remove
-
 
1519
	echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE # TODO to remove
-
 
1520
	echo "DNS_FILTERING=off" >> $CONF_FILE # TODO to remove
-
 
1521
	echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE
1517
	echo "YOUTUBE_ID=ABCD1234567890abcdef" >> $CONF_FILE
1522
	echo "MULTIWAN=off" >> $CONF_FILE
1518
	echo "MULTIWAN=off" >> $CONF_FILE
1523
	echo "FAILOVER=30" >> $CONF_FILE
1519
	echo "FAILOVER=30" >> $CONF_FILE
1524
	echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE
1520
	echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE
1525
	echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE
1521
	echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE