WebSVN – ALCASAR – Diff – /alcasar.sh

 #!/bin/sh
-#  $Id: alcasar.sh 310 2010-11-05 17:01:52Z richard $
+#  $Id: alcasar.sh 311 2010-11-07 22:31:52Z richard $
 # alcasar.sh
 # by Franck BOUIJOUX, Pascal LEVANT and Richard REY
 # This script is distributed under the Gnu General Public License (GPL)
 	touch /etc/dansguardian/lists/bannedextensionlist
 	touch /etc/dansguardian/lists/bannedmimetypelist
 # on vide la liste des @IP du Lan ne subissant pas le filtrage WEB
 	[ -e /etc/dansguardian/lists/exceptioniplist.default ] || mv /etc/dansguardian/lists/exceptioniplist /etc/dansguardian/lists/exceptioniplist.default
 	touch /etc/dansguardian/lists/exceptioniplist
-# on configure le filtrage de domaine
+# on garde une copie des fichiers de configuration du filtrage d'URL et de domaine
-	[ -e /etc/dansguardian/lists/bannedsitelist.default ] || cp /etc/dansguardian/lists/bannedsitelist /etc/dansguardian/lists/bannedsitelist.default
+	[ -e /etc/dansguardian/lists/bannedsitelist.default ] || mv /etc/dansguardian/lists/bannedsitelist /etc/dansguardian/lists/bannedsitelist.default
-	$SED "s?^[^#]?#&?g" /etc/dansguardian/lists/bannedsitelist # (on commente ce qui ne l'est pas)
-# on bloque les sites ne possédant pas de nom de domaine (ex: http://12.13.14.15)
-	$SED "s?^#\*ip?\*ip?g" /etc/dansguardian/lists/bannedsitelist
-# on bloque le ssl sur port 80
-	$SED "s?^#\*\*s?\*\*s?g" /etc/dansguardian/lists/bannedsitelist
-# on configure le filtrage d'url
-[ -e /etc/dansguardian/lists/bannedurllist.default ] || cp /etc/dansguardian/lists/bannedurllist /etc/dansguardian/lists/bannedurllist.default
+	[ -e /etc/dansguardian/lists/bannedurllist.default ] || mv /etc/dansguardian/lists/bannedurllist /etc/dansguardian/lists/bannedurllist.default
-	$SED "s?^[^#]?#&?g" /etc/dansguardian/lists/bannedurllist # (on commente ce qui ne l'est pas)
-	chown -R dansguardian:apache /etc/dansguardian/
-	chmod -R g+rw /etc/dansguardian
 } # End of param_dansguardian ()
 ##################################################################
 ##			Fonction antivirus			##
 ## - configuration havp + clamav				##
 	touch /etc/dansguardian/lists/blacklists/ossi/urls
 # On crée les fichiers vides de sites ou d'URL réhabilités
 	[ -e /etc/dansguardian/lists/exceptionsitelist.default ] || mv /etc/dansguardian/lists/exceptionsitelist  /etc/dansguardian/lists/exceptionsitelist.default
 	[ -e /etc/dansguardian/lists/exceptionurllist.default ] || mv /etc/dansguardian/lists/exceptionurllist  /etc/dansguardian/lists/exceptionurllist.default
 	touch /etc/dansguardian/lists/exceptionsitelist
+# On crée la configuration de base du filtrage de domaine et d'URL pour Dansguardian
-	touch /etc/dansguardian/lists/exceptionurllist
+	cat <<EOF > /etc/dansguardian/lists/bannedurllist
+# Dansguardian filter config for ALCASAR
+EOF
+	cat <<EOF > /etc/dansguardian/lists/bannedsitelist
+# Dansguardian domain filter config for ALCASAR
+# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
+#**
+# block all SSL and CONNECT tunnels
+**s
+# block all SSL and CONNECT tunnels specified only as an IP
+*ips
+# block all sites specified only by an IP
+*ip
+EOF
+	chown -R dansguardian:apache /etc/dansguardian/
+	chmod -R g+rw /etc/dansguardian
 # On crée la structure du DNS-blackhole :
   	mkdir /usr/local/etc/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
 	chown -R 770 /usr/local/etc/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
 	chown -R root:apache /usr/local/etc/{alcasar-dnsfilter-available,alcasar-dnsfilter-enabled}
 # On fait pointer le black-hole sur une page interne

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2681 – Rev 310 → 311