Subversion Repositories ALCASAR

Rev

Rev 2739 | Rev 2745 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2739 Rev 2744
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 2739 2019-06-06 22:11:37Z rexy $
2
#  $Id: alcasar.sh 2744 2019-07-28 09:29:15Z rexy $
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
#  team@alcasar.net
7
#  team@alcasar.net
Line 907... Line 907...
907
	chown root:apache /var/Save/security/acc_access.log
907
	chown root:apache /var/Save/security/acc_access.log
908
	chmod 664 /var/Save/security/acc_access.log
908
	chmod 664 /var/Save/security/acc_access.log
909
} # End of ACC()
909
} # End of ACC()
910
 
910
 
911
##################################################################
911
##################################################################
912
##                               Fonction "CA"                  ##
912
##                      Fonction "CA"                           ##
913
## - Creating the CA and the server certificate (lighttpd)      ##
913
## - Creating the CA and the server certificate (lighttpd)      ##
914
##################################################################
914
##################################################################
915
CA()
915
CA()
916
{
916
{
917
	$DIR_DEST_BIN/alcasar-CA.sh
917
	$DIR_DEST_BIN/alcasar-CA.sh
Line 1589... Line 1589...
1589
ipset=/#/wl_ip_allowed	# dynamically add the resolv IP address in the Firewall rules
1589
ipset=/#/wl_ip_allowed	# dynamically add the resolv IP address in the Firewall rules
1590
server=$DNS1
1590
server=$DNS1
1591
server=$DNS2
1591
server=$DNS2
1592
EOF
1592
EOF
1593
	# Create dnsmasq-whitelist unit
1593
	# Create dnsmasq-whitelist unit
-
 
1594
	if [ "$mode" != "update" ]
-
 
1595
	then
1594
	mv /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default
1596
        mv /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default
-
 
1597
    fi
1595
	cp /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq-whitelist.service
1598
	cp /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq-whitelist.service
1596
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
1599
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
1597
	$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service
1600
	$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service
1598
} # End of dnsmasq()
1601
} # End of dnsmasq()
1599
 
1602
 
Line 1964... Line 1967...
1964
##- Secure items : DDOS, SSH-Brute-Force, Intercept.php Brute-Force ##
1967
##- Secure items : DDOS, SSH-Brute-Force, Intercept.php Brute-Force ##
1965
######################################################################
1968
######################################################################
1966
fail2ban()
1969
fail2ban()
1967
{
1970
{
1968
	/usr/bin/sh $DIR_CONF/fail2ban.sh
1971
	/usr/bin/sh $DIR_CONF/fail2ban.sh
1969
# Autorise la lecture seule 2 des 3 fichiers de log concernés, havp est traité dans le script d'init de havp
1972
# allow reading of 2 log files (fail2ban & watchdog). HAVP is treated in its section
1970
	[ -e /var/log/fail2ban.log ] || touch /var/log/fail2ban.log
1973
	[ -e /var/log/fail2ban.log ] || /usr/bin/touch /var/log/fail2ban.log
1971
	[ -e /var/Save/security/watchdog.log ] || touch /var/Save/security/watchdog.log
1974
	[ -e /var/Save/security/watchdog.log ] || /usr/bin/touch /var/Save/security/watchdog.log
1972
	chmod 644 /var/log/fail2ban.log
1975
	chmod 644 /var/log/fail2ban.log
1973
	chmod 644 /var/Save/security/watchdog.log
1976
	chmod 644 /var/Save/security/watchdog.log
1974
	/usr/bin/touch /var/log/auth.log
1977
	/usr/bin/touch /var/log/auth.log
1975
# fail2ban unit
1978
# fail2ban unit
1976
[ -e /lib/systemd/system/fail2ban.service.default ] || cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default
1979
[ -e /lib/systemd/system/fail2ban.service.default ] || cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default