Subversion Repositories ALCASAR

Rev

Rev 1472 | Rev 1478 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1472 Rev 1474
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 1472 2014-11-03 17:56:00Z richard $ 
2
#  $Id: alcasar.sh 1474 2014-11-03 22:55:09Z richard $ 
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
 
5
 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
7
# Ce programme est un logiciel libre ; This software is free and open source
7
# Ce programme est un logiciel libre ; This software is free and open source
Line 1493... Line 1493...
1493
filterwin2k
1493
filterwin2k
1494
EOF
1494
EOF
1495
 
1495
 
1496
# Start after chilli (which create tun0)
1496
# Start after chilli (which create tun0)
1497
	$SED "s?^After=.*?After=syslog.target network.target chilli.service?g" /lib/systemd/system/dnsmasq.service
1497
	$SED "s?^After=.*?After=syslog.target network.target chilli.service?g" /lib/systemd/system/dnsmasq.service
1498
# Create dnsmasq-blacklist and dnsmasq-whitelist unit
1498
# Create dnsmasq-blacklist, dnsmasq-whitelist and dnsmasq-blackhole unit
1499
	cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service /lib/systemd/system/dnsmasq-whitelist.service /lib/systemd/system/dnsmasq-blackhole.service
-
 
1500
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service
1499
	for list in blacklist whitelist blackhole
-
 
1500
	do
1501
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
1501
		cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-$list.service
1502
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-blackhole.conf?g" /lib/systemd/system/dnsmasq-blackhole.service
1502
		$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-$list.conf?g" /lib/systemd/system/dnsmasq-$list.service
1503
	$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-blacklist.pid?g" /lib/systemd/system/dnsmasq-blacklist.service
-
 
1504
	$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service
1503
		$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-$list.pid?g" /lib/systemd/system/dnsmasq-$list.service
1505
	$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-blackhole.pid?g" /lib/systemd/system/dnsmasq-blackhole.service
-
 
-
 
1504
	done
1506
} # End dnsmasq
1505
} # End dnsmasq
1507
 
1506
 
1508
##########################################################
1507
##########################################################
1509
##		Fonction "BL"				##
1508
##		Fonction "BL"				##
1510
##########################################################
1509
##########################################################
Line 1644... Line 1643...
1644
##- Sécurisation DDOS, SSH-Brute-Force, Intercept.php ...	##
1643
##- Sécurisation DDOS, SSH-Brute-Force, Intercept.php ...	##
1645
##################################################################
1644
##################################################################
1646
fail2ban()
1645
fail2ban()
1647
{
1646
{
1648
	$DIR_CONF/fail2ban.sh
1647
	$DIR_CONF/fail2ban.sh
1649
#Autorise la lecture seule 2 des 3 fichiers de log concernés, havp est traité dans le script d'init de havp
1648
# Autorise la lecture seule 2 des 3 fichiers de log concernés, havp est traité dans le script d'init de havp
1650
	[ -e /var/log/fail2ban.log ] || touch /var/log/fail2ban.log
1649
	[ -e /var/log/fail2ban.log ] || touch /var/log/fail2ban.log
1651
	[ -e /var/Save/logs/security/watchdog.log ] || touch /var/Save/logs/security/watchdog.log
1650
	[ -e /var/Save/logs/security/watchdog.log ] || touch /var/Save/logs/security/watchdog.log
1652
	chmod 644 /var/log/fail2ban.log
1651
	chmod 644 /var/log/fail2ban.log
1653
	chmod 644 /var/Save/logs/security/watchdog.log
1652
	chmod 644 /var/Save/logs/security/watchdog.log
1654
	/usr/bin/touch /var/log/auth.log
1653
	/usr/bin/touch /var/log/auth.log