WebSVN – ALCASAR – Diff – /alcasar.sh

 #!/bin/sh
-#  $Id: alcasar.sh 490 2011-02-13 20:26:03Z richard $
+#  $Id: alcasar.sh 497 2011-02-17 21:36:20Z richard $
 # alcasar.sh
 # by Franck BOUIJOUX, Pascal LEVANT and Richard REY
 # This script is distributed under the Gnu General Public License (GPL)
 ## - Paramètrage du gestionnaire de contenu Dansguardian	##
 ## - Copie de la blacklist de toulouse  			##
 ##################################################################
 param_dansguardian ()
+{
+	DIR_DG="/etc/dansguardian"
 	mkdir /var/dansguardian
 	chown dansguardian /var/dansguardian
-	[ -e /etc/dansguardian/dansguardian.conf.default ] || cp /etc/dansguardian/dansguardian.conf /etc/dansguardian/dansguardian.conf.default
+	[ -e $DIR_DG/dansguardian.conf.default ] || cp $DIR_DG/dansguardian.conf $DIR_DG/dansguardian.conf.default
 # Le filtrage est désactivé par défaut
-	$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf
+	$SED "s/^reportinglevel =.*/reportinglevel = -1/g" $DIR_DG/dansguardian.conf
 # la page d'interception est en français
-	$SED "s?^language =.*?language = french?g" /etc/dansguardian/dansguardian.conf
+	$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
 # on limite l'écoute de Dansguardian côté LAN
-	$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf
+	$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
 # on chaîne Dansguardian au proxy antivirus HAVP
-	$SED "s?^proxyport.*?proxyport = 8090?g" /etc/dansguardian/dansguardian.conf
+	$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf
 # on remplace la page d'interception (template)
 	cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
 	cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
 # on ne loggue que les deny (pour le reste, on a squid)
-	$SED "s?^loglevel =.*?loglevel = 1?g" /etc/dansguardian/dansguardian.conf
+	$SED "s?^loglevel =.*?loglevel = 1?g" $DIR_DG/dansguardian.conf
 # on désactive par défaut le controle de contenu des pages html
-	$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" /etc/dansguardian/dansguardian.conf
+	$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf
-	cp /etc/dansguardian/lists/bannedphraselist /etc/dansguardian/lists/bannedphraselist.default
+	cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
-	$SED "s?^[^#]?#&?g" /etc/dansguardian/lists/bannedphraselist # (on commente ce qui ne l'est pas)
+	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
 # on désactive par défaut le contrôle d'URL par expressions régulières
-	cp /etc/dansguardian/lists/bannedregexpurllist /etc/dansguardian/lists/bannedregexpurllist.default
+	cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
-	$SED "s?^[^#]?#&?g" /etc/dansguardian/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
+	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
 # on désactive par défaut le contrôle de téléchargement de fichiers
-	[ -e /etc/dansguardian/dansguardianf1.conf.default ] || cp /etc/dansguardian/dansguardianf1.conf /etc/dansguardian/dansguardianf1.conf.default
+	[ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
-	$SED "s?^blockdownloads =.*?blockdownloads = off?g" /etc/dansguardian/dansguardianf1.conf
+	$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
-	[ -e /etc/dansguardian/lists/bannedextensionlist.default ] || mv /etc/dansguardian/lists/bannedextensionlist /etc/dansguardian/lists/bannedextensionlist.default
+	[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
-	[ -e /etc/dansguardian/lists/bannedmimetypelist.default ] || mv /etc/dansguardian/lists/bannedmimetypelist /etc/dansguardian/lists/bannedmimetypelist.default
+	[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
-	touch /etc/dansguardian/lists/bannedextensionlist
+	touch $DIR_DG/lists/bannedextensionlist
-	touch /etc/dansguardian/lists/bannedmimetypelist
+	touch $DIR_DG/lists/bannedmimetypelist
+# 'Safesearch' regex actualisation
+	$SED "s?images?search?g" /etc/
-# on vide la liste des @IP du Lan ne subissant pas le filtrage WEB
+# empty LAN IP list that won't be WEB filtered
-	[ -e /etc/dansguardian/lists/exceptioniplist.default ] || mv /etc/dansguardian/lists/exceptioniplist /etc/dansguardian/lists/exceptioniplist.default
+	[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
-	touch /etc/dansguardian/lists/exceptioniplist
+	touch $DIR_DG/lists/exceptioniplist
-# on garde une copie des fichiers de configuration du filtrage d'URL et de domaine
+# Keep a copy of URL & domain filter configuration files
-	[ -e /etc/dansguardian/lists/bannedsitelist.default ] || mv /etc/dansguardian/lists/bannedsitelist /etc/dansguardian/lists/bannedsitelist.default
+	[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
-	[ -e /etc/dansguardian/lists/bannedurllist.default ] || mv /etc/dansguardian/lists/bannedurllist /etc/dansguardian/lists/bannedurllist.default
+	[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
 } # End of param_dansguardian ()
 ##################################################################
 ##			Fonction antivirus			##
 ## - configuration havp + libclamav				##
+{
 	$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
 	$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
 	$SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh  $DIR_DEST_BIN/alcasar-iptables-bypass.sh
 	$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh
+	$SED "s?^DNSSERVERS=.*?PRIVATE_IP=\"$DNS1,$DNS2\"?g" $DIR_DEST_BIN/alcasar-iptables.sh
 	chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau)
 # création du fichier d'exception au filtrage
 	touch /usr/local/etc/alcasar-filter-exceptions
 # le script $DIR_DEST_BIN/alcasar-iptables.sh est lancé à la fin (pour ne pas perturber une mise à jour via ssh)
 }  # End of firewall ()
 	do
 		/sbin/chkconfig --add $i
 	done
 # pour éviter les alertes de dépendance avec le service 'netfs'.
 	$SED "s?^# Required-Start.*?# Required-Start: \$local_fs \$network?g" /etc/init.d/mysqld
-	$SED "s?^# Required-Stop.*?# Required-Stop: $local_fs $network?g" /etc/init.d/mysqld
+	$SED "s?^# Required-Stop.*?# Required-Stop: \$local_fs \$network?g" /etc/init.d/mysqld
 # On affecte le niveau de sécurité du système : type "fileserver"
 	$SED "s?BASE_LEVEL=.*?BASE_LEVEL=fileserver?g" /etc/security/msec/security.conf
 # On supprime la vérification du mode promiscious des interfaces réseaux ( nombreuses alertes sur eth1 dûes à Tun0 )
 	$SED "s?CHECK_PROMISC=.*?CHECK_PROMISC=no?g" /etc/security/msec/level.fileserver
 # On supprime les log_martians
 	echo "- ALCASAR sera fonctionnel après redémarrage du système"
 	echo
 	echo "- Lisez attentivement la documentation d'exploitation"
 	echo
 	echo "- L'interface de gestion est consultable à partir de n'importe quel poste"
-	echo "	situé sur le réseau de consultation à l'URL https://$PRIVATE_IP "
+	echo "	situé sur le réseau de consultation à l'URL http://alcasar"
-	echo "					 ou à l'URL https://alcasar "
+	echo "					 ou à l'URL http://$PRIVATE_IP"
 	echo
 	echo "                   Appuyez sur 'Entrée' pour continuer"
 	read a
 # On applique les règles de filtrage (et on les sauvegarde)
  	sh $DIR_DEST_BIN/alcasar-iptables.sh

Subversion Repositories ALCASAR

(root)/alcasar.sh @ 2681 – Rev 490 → 497