| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 2327 2017-07-10 22:29:15Z richard $
|
2 |
# $Id: alcasar.sh 2330 2017-07-11 12:51:51Z tom.houdayer $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
|
5 |
|
| 6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
| 7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
| Line 37... |
Line 37... |
| 37 |
# chilli : coovachilli initialisation (+authentication page)
|
37 |
# chilli : coovachilli initialisation (+authentication page)
|
| 38 |
# dansguardian : DansGuardian filtering HTTP proxy configuration
|
38 |
# dansguardian : DansGuardian filtering HTTP proxy configuration
|
| 39 |
# antivirus : HAVP + libclamav configuration
|
39 |
# antivirus : HAVP + libclamav configuration
|
| 40 |
# tinyproxy : little proxy for user filtered with "WL + antivirus" and "antivirus"
|
40 |
# tinyproxy : little proxy for user filtered with "WL + antivirus" and "antivirus"
|
| 41 |
# ulogd : log system in userland (match NFLOG target of iptables)
|
41 |
# ulogd : log system in userland (match NFLOG target of iptables)
|
| 42 |
# nfsen : : Configuration of Nfsen Netflow grapher
|
42 |
# nfsen : Configuration of Nfsen Netflow grapher
|
| 43 |
# dnsmasq : Name server configuration
|
43 |
# dnsmasq : Name server configuration
|
| 44 |
# vnstat : little network stat daemon
|
44 |
# vnstat : little network stat daemon
|
| 45 |
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
|
45 |
# BL : Adaptation of Toulouse University BlackList : split into 3 BL (for Dnsmasq, for dansguardian and for Netfilter)
|
| 46 |
# cron : Logs export + watchdog + connexion statistics
|
46 |
# cron : Logs export + watchdog + connexion statistics
|
| 47 |
# fail2ban : Fail2ban IDS installation and configuration
|
47 |
# fail2ban : Fail2ban IDS installation and configuration
|
| Line 1516... |
Line 1516... |
| 1516 |
## - install the nfsen grapher ##
|
1516 |
## - install the nfsen grapher ##
|
| 1517 |
## - install the two plugins porttracker & surfmap ##
|
1517 |
## - install the two plugins porttracker & surfmap ##
|
| 1518 |
##########################################################
|
1518 |
##########################################################
|
| 1519 |
nfsen()
|
1519 |
nfsen()
|
| 1520 |
{
|
1520 |
{
|
| 1521 |
tar xzf ./conf/nfsen/nfsen-1.3.7.tar.gz -C /tmp/
|
1521 |
tar xzf ./conf/nfsen/nfsen-*.tar.gz -C /tmp/
|
| 1522 |
# Add PortTracker plugin
|
1522 |
# Add PortTracker plugin
|
| 1523 |
for i in /var/www/html/acc/manager/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
|
1523 |
for i in /var/www/html/acc/manager/nfsen/plugins /var/log/netflow/porttracker /usr/share/nfsen/plugins
|
| 1524 |
do
|
1524 |
do
|
| 1525 |
[ ! -d $i ] && mkdir -p $i && chown -R apache:apache $i
|
1525 |
[ ! -d $i ] && mkdir -p $i && chown -R apache:apache $i
|
| 1526 |
done
|
1526 |
done
|
| 1527 |
$SED "s?^my \$PORTSDBDIR =.*?my \$PORTSDBDIR = \"/var/log/netflow/porttracker\";?g" /tmp/nfsen-1.3.7/contrib/PortTracker/PortTracker.pm
|
1527 |
$SED "s?^my \$PORTSDBDIR =.*?my \$PORTSDBDIR = \"/var/log/netflow/porttracker\";?g" /tmp/nfsen-*/contrib/PortTracker/PortTracker.pm
|
| 1528 |
# use of our conf file and init unit
|
1528 |
# use of our conf file and init unit
|
| 1529 |
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-1.3.7/etc/
|
1529 |
cp $DIR_CONF/nfsen/nfsen.conf /tmp/nfsen-*/etc/
|
| 1530 |
# Installation of nfsen (we change a little 'install.pl in order not to ask the user for the perl version)
|
1530 |
# Installation of nfsen (we change a little 'install.pl in order not to ask the user for the perl version)
|
| 1531 |
DirTmp=$(pwd)
|
1531 |
DirTmp=$(pwd)
|
| 1532 |
cd /tmp/nfsen-1.3.7/
|
1532 |
cd /tmp/nfsen-*/
|
| 1533 |
/usr/bin/perl install.pl etc/nfsen.conf
|
1533 |
/usr/bin/perl install.pl etc/nfsen.conf
|
| 1534 |
/usr/bin/perl install.pl etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable"
|
1534 |
/usr/bin/perl install.pl etc/nfsen.conf # to avoid a Perl mistake "Semaphore introuvable"
|
| 1535 |
# Create RRD DB for porttracker (only in it still doesn't exist)
|
1535 |
# Create RRD DB for porttracker (only in it still doesn't exist)
|
| 1536 |
cp contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
|
1536 |
cp contrib/PortTracker/PortTracker.pm /usr/share/nfsen/plugins/
|
| 1537 |
cp contrib/PortTracker/PortTracker.php /var/www/html/acc/manager/nfsen/plugins/
|
1537 |
cp contrib/PortTracker/PortTracker.php /var/www/html/acc/manager/nfsen/plugins/
|
| 1538 |
if [ "$(ls -A "/var/log/netflow/porttracker" 2>&1)" = "" ]; then sudo -u apache nftrack -I -d /var/log/netflow/porttracker; else echo "RRD DB already exists"; fi
|
1538 |
if [ "$(ls -A "/var/log/netflow/porttracker" 2>&1)" = "" ]; then sudo -u apache nftrack -I -d /var/log/netflow/porttracker; else echo "RRD DB already exists"; fi
|
| 1539 |
chmod -R 770 /var/log/netflow/porttracker
|
1539 |
chmod -R 770 /var/log/netflow/porttracker
|
| 1540 |
# nfsen unit for systemd
|
1540 |
# nfsen unit for systemd
|
| 1541 |
cat << EOF > /lib/systemd/system/nfsen.service
|
1541 |
cat << EOF > /lib/systemd/system/nfsen.service
|
| 1542 |
# This file is part of systemd.
|
1542 |
# This file is part of systemd.
|
| 1543 |
#
|
1543 |
#
|
| 1544 |
# systemd is free software; you can redistribute it and/or modify it
|
1544 |
# systemd is free software; you can redistribute it and/or modify it
|
| 1545 |
# under the terms of the GNU General Public License as published by
|
1545 |
# under the terms of the GNU General Public License as published by
|
| 1546 |
# the Free Software Foundation; either version 2 of the License, or
|
1546 |
# the Free Software Foundation; either version 2 of the License, or
|
| Line 1564... |
Line 1564... |
| 1564 |
|
1564 |
|
| 1565 |
[Install]
|
1565 |
[Install]
|
| 1566 |
WantedBy=multi-user.target
|
1566 |
WantedBy=multi-user.target
|
| 1567 |
EOF
|
1567 |
EOF
|
| 1568 |
# Add the listen port to collect netflow packet (nfcapd)
|
1568 |
# Add the listen port to collect netflow packet (nfcapd)
|
| 1569 |
$SED "s?'\$ziparg $extensions.*?\$ziparg $extensions -b 127.0.0.1;'?g" /usr/libexec/NfSenRC.pm
|
1569 |
$SED "s?'\$ziparg $extensions.*?\$ziparg $extensions -b 127.0.0.1;'?g" /usr/libexec/NfSenRC.pm
|
| 1570 |
# expire delay for the profile "live"
|
1570 |
# expire delay for the profile "live"
|
| 1571 |
/usr/bin/systemctl start nfsen
|
1571 |
/usr/bin/systemctl start nfsen
|
| 1572 |
/bin/nfsen -m live -e 62d 2>/dev/null
|
1572 |
/bin/nfsen -m live -e 62d 2>/dev/null
|
| 1573 |
# add SURFmap plugin
|
1573 |
# add SURFmap plugin
|
| 1574 |
cp $DIR_CONF/nfsen/SURFmap_v3.3.1.tar.gz /tmp/
|
1574 |
cp $DIR_CONF/nfsen/SURFmap_*.tar.gz /tmp/
|
| 1575 |
cp $DIR_CONF/nfsen/GeoLiteCity* /tmp/
|
1575 |
cp $DIR_CONF/nfsen/GeoLiteCity* /tmp/
|
| 1576 |
tar xzf /tmp/SURFmap_v3.3.1.tar.gz -C /tmp/
|
1576 |
tar xzf /tmp/SURFmap_*.tar.gz -C /tmp/
|
| 1577 |
cd /tmp/
|
1577 |
cd /tmp/
|
| 1578 |
/usr/bin/sh SURFmap/install.sh
|
1578 |
/usr/bin/sh SURFmap/install.sh
|
| 1579 |
chown -R apache:apache /var/www/html/acc/manager/nfsen /usr/share/nfsen
|
1579 |
chown -R apache:apache /var/www/html/acc/manager/nfsen /usr/share/nfsen
|
| 1580 |
# clear the installation
|
1580 |
# clear the installation
|
| 1581 |
cd $DirTmp
|
1581 |
cd $DirTmp
|
| 1582 |
rm -rf /tmp/nfsen*
|
1582 |
rm -rf /tmp/nfsen-*
|
| 1583 |
rm -rf /tmp/SURFmap*
|
1583 |
rm -rf /tmp/SURFmap_*
|
| 1584 |
} # End of nfsen ()
|
1584 |
} # End of nfsen ()
|
| 1585 |
|
1585 |
|
| 1586 |
##################################################
|
1586 |
##################################################
|
| 1587 |
## Function "vnstat" ##
|
1587 |
## Function "vnstat" ##
|
| 1588 |
## Initialization of Vnstat and vnstat phpFE ##
|
1588 |
## Initialization of Vnstat and vnstat phpFE ##
|
| 1589 |
##################################################
|
1589 |
##################################################
|
| 1590 |
vnstat ()
|
1590 |
vnstat ()
|
| 1591 |
{
|
1591 |
{
|
| 1592 |
[ -e /etc/vnstat.conf.default ] || cp /etc/vnstat.conf /etc/vnstat.conf.default
|
1592 |
[ -e /etc/vnstat.conf.default ] || cp /etc/vnstat.conf /etc/vnstat.conf.default
|
| 1593 |
$SED "s?Interface.*?Interface \"$EXTIF\"?g" /etc/vnstat.conf
|
1593 |
$SED "s?Interface.*?Interface \"$EXTIF\"?g" /etc/vnstat.conf
|
| 1594 |
[ -e $DIR_ACC/manager/stats/config.php.default ] || cp $DIR_ACC/manager/stats/config.php $DIR_ACC/manager/stats/config.php.default
|
1594 |
[ -e $DIR_ACC/manager/stats/config.php.default ] || cp $DIR_ACC/manager/stats/config.php $DIR_ACC/manager/stats/config.php.default
|
| 1595 |
$SED "s?\$iface_list =.*?\$iface_list = array('$EXTIF');?" $DIR_ACC/manager/stats/config.php
|
1595 |
$SED "s?\$iface_list =.*?\$iface_list = array('$EXTIF');?" $DIR_ACC/manager/stats/config.php
|
| 1596 |
$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php
|
1596 |
$SED "s?\$iface_title\['.*?\$iface_title\['$EXTIF'\] = \$title;?" $DIR_ACC/manager/stats/config.php
|
| 1597 |
/usr/bin/vnstat -u -i $EXTIF
|
1597 |
/usr/bin/vnstat -u -i $EXTIF
|
| 1598 |
} # End of vnstat
|
1598 |
} # End of vnstat
|
| 1599 |
|
1599 |
|
| 1600 |
##################################################
|
1600 |
##################################################
|
| 1601 |
## Function "dnsmasq" ##
|
1601 |
## Function "dnsmasq" ##
|