| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 988 2012-08-20 21:33:01Z franck $
|
2 |
# $Id: alcasar.sh 990 2012-08-24 22:47:27Z franck $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
|
5 |
|
| 6 |
# ALCASAR - Portail captif d'accès à l'Internet - Copyright (C) [2005] [ALcasar team - Rexy - 3abtux - ...]
|
6 |
# ALCASAR - Portail captif d'accès à l'Internet - Copyright (C) [2005] [ALcasar team - Rexy - 3abtux - ...]
|
| 7 |
# Ce programme est un logiciel libre ; vous pouvez le redistribuer et/ou le modifier au titre des clauses de la Licence Publique Générale GNU,
|
7 |
# Ce programme est un logiciel libre ; vous pouvez le redistribuer et/ou le modifier au titre des clauses de la Licence Publique Générale GNU,
|
| Line 542... |
Line 542... |
| 542 |
$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
|
542 |
$SED "s?^LoadModule status_module.*?#LoadModule status_module modules/mod_status.so?g" /etc/httpd/conf/httpd.conf
|
| 543 |
$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
|
543 |
$SED "s?^LoadModule autoindex_module.*?#LoadModule autoindex_module modules/mod_autoindex.so?g" /etc/httpd/conf/httpd.conf
|
| 544 |
$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
|
544 |
$SED "s?^LoadModule info_module.*?#LoadModule info_module modules/mod_info.so?g" /etc/httpd/conf/httpd.conf
|
| 545 |
$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
|
545 |
$SED "s?^LoadModule imagemap_module.*?#LoadModule imagemap_module modules/mod_imagemap.so?g" /etc/httpd/conf/httpd.conf
|
| 546 |
$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
|
546 |
$SED "s?^LoadModule rewrite_module.*?#LoadModule rewrite_module modules/mod_rewrite.so?g" /etc/httpd/conf/httpd.conf
|
| - |
|
547 |
$SED "s?LoadModule speling_module.*?LoadModule speling_module modules/mod_speling.so?g" /etc/httpd/conf/httpd.conf
|
| 547 |
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
|
548 |
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
|
| 548 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF
|
549 |
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL # On écoute en SSL que sur INTIF
|
| 549 |
$SED "s?background-color.*?background-color: #EFEFEF; }?g" /var/www/error/include/top.html
|
550 |
$SED "s?background-color.*?background-color: #EFEFEF; }?g" /var/www/error/include/top.html
|
| 550 |
[ -e /var/www/error/include/bottom.html.default ] || mv /var/www/error/include/bottom.html /var/www/error/include/bottom.html.default
|
551 |
[ -e /var/www/error/include/bottom.html.default ] || mv /var/www/error/include/bottom.html /var/www/error/include/bottom.html.default
|
| 551 |
cat <<EOF > /var/www/error/include/bottom.html
|
552 |
cat <<EOF > /var/www/error/include/bottom.html
|
| Line 622... |
Line 623... |
| 622 |
AllowOverride None
|
623 |
AllowOverride None
|
| 623 |
Order deny,allow
|
624 |
Order deny,allow
|
| 624 |
Deny from all
|
625 |
Deny from all
|
| 625 |
Allow from 127.0.0.1
|
626 |
Allow from 127.0.0.1
|
| 626 |
Allow from $PRIVATE_NETWORK_MASK
|
627 |
Allow from $PRIVATE_NETWORK_MASK
|
| - |
|
628 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
|
| 627 |
require valid-user
|
629 |
require valid-user
|
| 628 |
AuthType digest
|
630 |
AuthType digest
|
| 629 |
AuthName $HOSTNAME
|
631 |
AuthName $HOSTNAME
|
| 630 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
632 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
| 631 |
AuthUserFile $DIR_DEST_ETC/digest/key_all
|
633 |
AuthUserFile $DIR_DEST_ETC/digest/key_all
|
| Line 636... |
Line 638... |
| 636 |
AllowOverride None
|
638 |
AllowOverride None
|
| 637 |
Order deny,allow
|
639 |
Order deny,allow
|
| 638 |
Deny from all
|
640 |
Deny from all
|
| 639 |
Allow from 127.0.0.1
|
641 |
Allow from 127.0.0.1
|
| 640 |
Allow from $PRIVATE_NETWORK_MASK
|
642 |
Allow from $PRIVATE_NETWORK_MASK
|
| - |
|
643 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
|
| 641 |
require valid-user
|
644 |
require valid-user
|
| 642 |
AuthType digest
|
645 |
AuthType digest
|
| 643 |
AuthName $HOSTNAME
|
646 |
AuthName $HOSTNAME
|
| 644 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
647 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
| 645 |
AuthUserFile $DIR_DEST_ETC/digest/key_admin
|
648 |
AuthUserFile $DIR_DEST_ETC/digest/key_admin
|
| Line 650... |
Line 653... |
| 650 |
AllowOverride None
|
653 |
AllowOverride None
|
| 651 |
Order deny,allow
|
654 |
Order deny,allow
|
| 652 |
Deny from all
|
655 |
Deny from all
|
| 653 |
Allow from 127.0.0.1
|
656 |
Allow from 127.0.0.1
|
| 654 |
Allow from $PRIVATE_NETWORK_MASK
|
657 |
Allow from $PRIVATE_NETWORK_MASK
|
| - |
|
658 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
|
| 655 |
require valid-user
|
659 |
require valid-user
|
| 656 |
AuthType digest
|
660 |
AuthType digest
|
| 657 |
AuthName $HOSTNAME
|
661 |
AuthName $HOSTNAME
|
| 658 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
662 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
| 659 |
AuthUserFile $DIR_DEST_ETC/digest/key_manager
|
663 |
AuthUserFile $DIR_DEST_ETC/digest/key_manager
|
| Line 664... |
Line 668... |
| 664 |
AllowOverride None
|
668 |
AllowOverride None
|
| 665 |
Order deny,allow
|
669 |
Order deny,allow
|
| 666 |
Deny from all
|
670 |
Deny from all
|
| 667 |
Allow from 127.0.0.1
|
671 |
Allow from 127.0.0.1
|
| 668 |
Allow from $PRIVATE_NETWORK_MASK
|
672 |
Allow from $PRIVATE_NETWORK_MASK
|
| - |
|
673 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
|
| 669 |
require valid-user
|
674 |
require valid-user
|
| 670 |
AuthType digest
|
675 |
AuthType digest
|
| 671 |
AuthName $HOSTNAME
|
676 |
AuthName $HOSTNAME
|
| 672 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
677 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
| 673 |
AuthUserFile $DIR_DEST_ETC/digest/key_backup
|
678 |
AuthUserFile $DIR_DEST_ETC/digest/key_backup
|
| Line 679... |
Line 684... |
| 679 |
Options Indexes
|
684 |
Options Indexes
|
| 680 |
Order deny,allow
|
685 |
Order deny,allow
|
| 681 |
Deny from all
|
686 |
Deny from all
|
| 682 |
Allow from 127.0.0.1
|
687 |
Allow from 127.0.0.1
|
| 683 |
Allow from $PRIVATE_NETWORK_MASK
|
688 |
Allow from $PRIVATE_NETWORK_MASK
|
| - |
|
689 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
|
| 684 |
require valid-user
|
690 |
require valid-user
|
| 685 |
AuthType digest
|
691 |
AuthType digest
|
| 686 |
AuthName $HOSTNAME
|
692 |
AuthName $HOSTNAME
|
| 687 |
AuthUserFile $DIR_DEST_ETC/digest/key_backup
|
693 |
AuthUserFile $DIR_DEST_ETC/digest/key_backup
|
| 688 |
ErrorDocument 404 https://$HOSTNAME/
|
694 |
ErrorDocument 404 https://$HOSTNAME/
|
| Line 1120... |
Line 1126... |
| 1120 |
# configuration d'HAVP
|
1126 |
# configuration d'HAVP
|
| 1121 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
|
1127 |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
|
| 1122 |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
|
1128 |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
|
| 1123 |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090
|
1129 |
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090
|
| 1124 |
$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback
|
1130 |
$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback
|
| - |
|
1131 |
$SED "s?^# TIMEFORMAT.*?TIMEFORMAT %Y %b %d %H:%M:%S?g" /etc/havp/havp.config # Log format
|
| 1125 |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV
|
1132 |
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV
|
| 1126 |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches
|
1133 |
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches
|
| 1127 |
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously
|
1134 |
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously
|
| 1128 |
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files
|
1135 |
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files
|
| 1129 |
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
|
1136 |
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
|
| Line 1213... |
Line 1220... |
| 1213 |
DirectoryIndex awstats.pl
|
1220 |
DirectoryIndex awstats.pl
|
| 1214 |
Order deny,allow
|
1221 |
Order deny,allow
|
| 1215 |
Deny from all
|
1222 |
Deny from all
|
| 1216 |
Allow from 127.0.0.1
|
1223 |
Allow from 127.0.0.1
|
| 1217 |
Allow from $PRIVATE_NETWORK_MASK
|
1224 |
Allow from $PRIVATE_NETWORK_MASK
|
| - |
|
1225 |
# Allow from AA.BB.CC.DD/32 # Allow from specific @IP
|
| 1218 |
require valid-user
|
1226 |
require valid-user
|
| 1219 |
AuthType digest
|
1227 |
AuthType digest
|
| 1220 |
AuthName $HOSTNAME
|
1228 |
AuthName $HOSTNAME
|
| 1221 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
1229 |
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
|
| 1222 |
AuthUserFile $DIR_DEST_ETC/digest/key_admin
|
1230 |
AuthUserFile $DIR_DEST_ETC/digest/key_admin
|