| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 1391 2014-06-17 17:17:42Z richard $
|
2 |
# $Id: alcasar.sh 1393 2014-06-19 08:44:51Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
|
5 |
|
| 6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
| 7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
| Line 1162... |
Line 1162... |
| 1162 |
groupdel havp 2>/dev/null
|
1162 |
groupdel havp 2>/dev/null
|
| 1163 |
fi
|
1163 |
fi
|
| 1164 |
groupadd -f havp
|
1164 |
groupadd -f havp
|
| 1165 |
useradd -r -g havp -s /bin/false -c "system user for havp" havp
|
1165 |
useradd -r -g havp -s /bin/false -c "system user for havp" havp
|
| 1166 |
mkdir -p /var/tmp/havp /var/log/havp /var/run/havp
|
1166 |
mkdir -p /var/tmp/havp /var/log/havp /var/run/havp
|
| - |
|
1167 |
mkdir -p /var/tmp/havp2 /var/log/havp2
|
| 1167 |
chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
|
1168 |
chown -R havp /var/tmp/havp /var/log/havp /var/run/havp
|
| - |
|
1169 |
chown -R havp /var/tmp/havp2 /var/log/havp2
|
| 1168 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
|
1170 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
|
| 1169 |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
|
1171 |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
|
| - |
|
1172 |
$SED "s?^# PIDFILE.*?PIDFILE /var/run/havp/havp.pid?g" /etc/havp/havp.config # pidfile
|
| - |
|
1173 |
$SED "s?^# TRANSPARENT.*?TRANSPARENT false?g" /etc/havp/havp.config # transparent mode
|
| 1170 |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090
|
1174 |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090
|
| 1171 |
$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback
|
1175 |
$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback
|
| 1172 |
$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config # Log format
|
1176 |
$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config # Log format
|
| 1173 |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV
|
1177 |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV
|
| 1174 |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches
|
1178 |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches
|
| 1175 |
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously
|
1179 |
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously
|
| 1176 |
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files
|
1180 |
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files
|
| 1177 |
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
|
1181 |
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
|
| - |
|
1182 |
cp /etc/havp/havp.config /etc/havp/havp2.config
|
| - |
|
1183 |
$SED "s?^PIDFILE.*?PIDFILE /var/run/havp/havp2.pid?g" /etc/havp/havp2.config # pidfile
|
| - |
|
1184 |
$SED "s?^TRANSPARENT.*?TRANSPARENT true?g" /etc/havp/havp2.config # transparent mode
|
| - |
|
1185 |
$SED "s?^PORT.*?PORT 8091?g" /etc/havp/havp2.config # datas come on 8091
|
| - |
|
1186 |
$SED "s?^BIND_ADDRESS.*?BIND_ADDRESS 192.168.182.1?g" /etc/havp/havp2.config # we listen only on tun0
|
| 1178 |
# skip checking of youtube flow (too heavy load / risk too low)
|
1187 |
# skip checking of youtube flow (too heavy load / risk too low)
|
| 1179 |
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
|
1188 |
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
|
| 1180 |
echo "# Whitelist youtube flow" >> /etc/havp/whitelist
|
1189 |
echo "# Whitelist youtube flow" >> /etc/havp/whitelist
|
| 1181 |
echo "*.youtube.com/*" >> /etc/havp/whitelist
|
1190 |
echo "*.youtube.com/*" >> /etc/havp/whitelist
|
| 1182 |
# replacement of init script
|
1191 |
# replacement of init script
|
| 1183 |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
|
1192 |
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
|
| 1184 |
cp -f $DIR_CONF/havp-init /etc/init.d/havp
|
1193 |
cp -f $DIR_CONF/havp-init /etc/init.d/havp
|
| - |
|
1194 |
cp /etc/init.d/havp /etc/init.d/havp2
|
| - |
|
1195 |
$SED "s?^# description.*?# description: starts HAVP2 the High Availability Antivirus Proxy?g" /etc/init.d/havp2 # description
|
| - |
|
1196 |
$SED "s?^HAVP_CONFIG.*?HAVP_CONFIG=/etc/havp/havp2.config?g" /etc/init.d/havp2 # config file
|
| - |
|
1197 |
$SED "s?^PIDFILE.*?PIDFILE=/var/run/havp/havp2.pid?g" /etc/init.d/havp2 # pidfile
|
| - |
|
1198 |
$SED "s?^NAME.*?NAME=havp2?g" /etc/init.d/havp2 # name
|
| - |
|
1199 |
$SED "s?^DESC.*?DESC=havp2?g" /etc/init.d/havp2 # desc
|
| - |
|
1200 |
#$SED "s?if [ -f /etc/sysconfig/havp ] ; then.*?if [ -f /etc/sysconfig/havp2 ] ; then?g" /etc/init.d/havp2 # defaults
|
| - |
|
1201 |
#$SED "s?. /etc/sysconfig/havp.*?. /etc/sysconfig/havp2?g" /etc/init.d/havp2 # defaults
|
| - |
|
1202 |
$SED "s?^havp_mountpoint.*?havp_mountpoint=/var/tmp/havp2?g" /etc/init.d/havp2 # mountpoint
|
| - |
|
1203 |
$SED "s?echo \"Reloading HAVP ...\".*?echo \"Reloading HAVP2 ...\"?g" /etc/init.d/havp2 # reloading havp
|
| - |
|
1204 |
$SED "s?echo \"Error: HAVP not running\".*?echo \"Error : HAVP2 not running\"?g" /etc/init.d/havp2 # error havp
|
| - |
|
1205 |
$SED "s?echo \"Error: HAVP not running or PIDFILE not readable\".*?echo \"Error : HAVP2 not running or PIDFILE not readable\"?g" /etc/init.d/havp2 # error havp
|
| - |
|
1206 |
$SED "s?echo \"Error: HAVP not running or PIDFILE unreadable\".*?echo \"Error : HAVP2 not running or PIDFILE unreadable\"?g" /etc/init.d/havp2 # error havp
|
| - |
|
1207 |
$SED "s?echo \"Shutting down HAVP ...\".*?echo \"Shutting down HAVP2 ...\"?g" /etc/init.d/havp2 # shutting down havp
|
| - |
|
1208 |
$SED "s?status havp.*?status havp2?g" /etc/init.d/havp2 # status havp
|
| 1185 |
# replace of the intercept page (template)
|
1209 |
# replace of the intercept page (template)
|
| 1186 |
cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
|
1210 |
cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
|
| 1187 |
cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
|
1211 |
cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
|
| 1188 |
# update virus database every 4 hours (24h/6)
|
1212 |
# update virus database every 4 hours (24h/6)
|
| 1189 |
[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
|
1213 |
[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
|
| Line 1228... |
Line 1252... |
| 1228 |
##########################################################
|
1252 |
##########################################################
|
| 1229 |
## Function "nfsen" ##
|
1253 |
## Function "nfsen" ##
|
| 1230 |
##########################################################
|
1254 |
##########################################################
|
| 1231 |
nfsen()
|
1255 |
nfsen()
|
| 1232 |
{
|
1256 |
{
|
| 1233 |
tar xvzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
|
1257 |
tar xzf ./conf/nfsen/nfsen-1.3.6p1.tar.gz -C /tmp/
|
| 1234 |
# Create a specific user and group
|
1258 |
# Create a specific user and group
|
| 1235 |
[ `grep "^www-data:" /etc/group | wc -l` == 1 ] || groupadd www-data
|
1259 |
[ `grep "^apache:" /etc/group | wc -l` == 1 ] || groupadd apache
|
| 1236 |
[ `grep "^nfsen:" /etc/passwd | wc -l` == 1 ] || useradd -r -g nfsen -s /bin/false -c "system user for the grapher nfsen" nfsen
|
1260 |
#[ `grep "^nfsen:" /etc/passwd | wc -l` == 1 ] || useradd -r -g nfsen -s /bin/false -c "system user for the grapher nfsen" nfsen
|
| 1237 |
groupadd -f chilli
|
1261 |
groupadd -f chilli
|
| 1238 |
# Add PortTracker plugin
|
1262 |
# Add PortTracker plugin
|
| 1239 |
mkdir -p /var/www/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
|
1263 |
mkdir -p /var/www/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
|
| 1240 |
chown -R nfsen:www-data /var/www/nfsen
|
1264 |
chown -R apache:apache /var/www/nfsen
|
| 1241 |
chown -R apache:apache /usr/share/nfsen
|
1265 |
chown -R apache:apache /usr/share/nfsen
|
| - |
|
1266 |
chown -R apache:apache /var/log/netflow
|
| 1242 |
cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
|
1267 |
cp -f $DIR_CONF/nfsen/PortTracker.pm /tmp/nfsen-1.3.6p1/contrib/PortTracker/
|
| 1243 |
# use of our conf file and init unit
|
1268 |
# use of our conf file and init unit
|
| 1244 |
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
|
1269 |
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.6p1/etc/
|
| 1245 |
# Installation of nfsen
|
1270 |
# Installation of nfsen
|
| 1246 |
DirTmp=$(pwd)
|
1271 |
DirTmp=$(pwd)
|
| Line 1249... |
Line 1274... |
| 1249 |
/usr/bin/perl5 install.pl etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable"
|
1274 |
/usr/bin/perl5 install.pl etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable"
|
| 1250 |
# Create RRD DB for porttracker (only in it still doesn't exist)
|
1275 |
# Create RRD DB for porttracker (only in it still doesn't exist)
|
| 1251 |
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
|
1276 |
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
|
| 1252 |
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
|
1277 |
cp /tmp/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
|
| 1253 |
[ -d /var/log/netflow/porttracker ] || sudo -u apache nftrack -I -d /var/log/netflow/porttracker
|
1278 |
[ -d /var/log/netflow/porttracker ] || sudo -u apache nftrack -I -d /var/log/netflow/porttracker
|
| 1254 |
chown -R apache:www-data /var/log/netflow/porttracker/
|
1279 |
chown -R apache:apache /var/log/netflow/porttracker/
|
| 1255 |
chmod -R 775 /var/log/netflow/porttracker
|
1280 |
chmod -R 775 /var/log/netflow/porttracker
|
| 1256 |
# Apache conf file
|
1281 |
# Apache conf file
|
| 1257 |
rm -f /etc/httpd/conf/conf.d/nfsen.conf
|
1282 |
rm -f /etc/httpd/conf/conf.d/nfsen.conf
|
| 1258 |
cat <<EOF >> /etc/httpd/conf/conf.d/nfsen.conf
|
1283 |
cat <<EOF >> /etc/httpd/conf/conf.d/nfsen.conf
|
| 1259 |
Alias /nfsen /var/www/nfsen
|
1284 |
Alias /nfsen /var/www/nfsen
|
| Line 1283... |
Line 1308... |
| 1283 |
After=network.target iptables.service
|
1308 |
After=network.target iptables.service
|
| 1284 |
|
1309 |
|
| 1285 |
[Service]
|
1310 |
[Service]
|
| 1286 |
Type=oneshot
|
1311 |
Type=oneshot
|
| 1287 |
RemainAfterExit=yes
|
1312 |
RemainAfterExit=yes
|
| - |
|
1313 |
PIDFile=/var/run/nfsen/nfsen.pid
|
| - |
|
1314 |
ExecStartPre=/bin/mkdir -p /var/run/nfsen
|
| - |
|
1315 |
ExecStartPre=/bin/chown apache:apache /var/run/nfsen
|
| 1288 |
ExecStart=/usr/bin/nfsen start
|
1316 |
ExecStart=/usr/bin/nfsen start
|
| 1289 |
ExecStop=/usr/bin/nfsen stop
|
1317 |
ExecStop=/usr/bin/nfsen stop
|
| 1290 |
ExecRestart=/usr/bin/nfsen restart
|
1318 |
ExecReload=/usr/bin/nfsen restart
|
| 1291 |
TimeoutSec=0
|
1319 |
TimeoutSec=0
|
| 1292 |
|
1320 |
|
| 1293 |
[Install]
|
1321 |
[Install]
|
| 1294 |
WantedBy=multi-user.target
|
1322 |
WantedBy=multi-user.target
|
| 1295 |
EOF
|
1323 |
EOF
|
| 1296 |
# Add the listen port to collect netflow packet (nfcapd)
|
1324 |
# Add the listen port to collect netflow packet (nfcapd)
|
| 1297 |
$SED s?'\$ziparg $extensions.*?\$ziparg $extensions -b 127.0.0.1";'?g /usr/libexec/NfSenRC.pm
|
1325 |
$SED "s?'\$ziparg $extensions.*?\$ziparg $extensions -b 127.0.0.1;'?g" /usr/libexec/NfSenRC.pm
|
| 1298 |
# expire delay for the profile "live"
|
1326 |
# expire delay for the profile "live"
|
| - |
|
1327 |
systemctl start nfsen
|
| 1299 |
nfsen -m live -e 62d 2>/dev/null
|
1328 |
/bin/nfsen -m live -e 62d 2>/dev/null
|
| 1300 |
# clear the installation
|
1329 |
# clear the installation
|
| 1301 |
cd $DirTmp
|
1330 |
cd $DirTmp
|
| 1302 |
rm -rf /tmp/nfsen-1.3.6p1/
|
1331 |
rm -rf /tmp/nfsen-1.3.6p1/
|
| 1303 |
} # End of nfsen ()
|
1332 |
} # End of nfsen ()
|
| 1304 |
|
1333 |
|
| Line 1693... |
Line 1722... |
| 1693 |
for i in havp
|
1722 |
for i in havp
|
| 1694 |
do
|
1723 |
do
|
| 1695 |
/sbin/chkconfig --add $i
|
1724 |
/sbin/chkconfig --add $i
|
| 1696 |
done
|
1725 |
done
|
| 1697 |
# processes launched at boot time (Systemctl)
|
1726 |
# processes launched at boot time (Systemctl)
|
| 1698 |
for i in alcasar-load_balancing nfsen mysqld httpd ntpd iptables ulogd dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban
|
1727 |
for i in alcasar-load_balancing mysqld httpd ntpd iptables ulogd dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban
|
| 1699 |
do
|
1728 |
do
|
| 1700 |
systemctl -q enable $i.service
|
1729 |
systemctl -q enable $i.service
|
| 1701 |
done
|
1730 |
done
|
| 1702 |
# Apply French Security Agency (ANSSI) rules
|
1731 |
# Apply French Security Agency (ANSSI) rules
|
| 1703 |
# ignore ICMP broadcast (smurf attack)
|
1732 |
# ignore ICMP broadcast (smurf attack)
|