Subversion Repositories ALCASAR

Rev

Rev 1898 | Rev 1900 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1898 Rev 1899
Line 1... Line 1...
1 
#/bin/bash
 1 
#/bin/bash
2 
 
 2 
 
3 
# $Id: alcasar-bl.sh 1898 2016-05-18 16:33:55Z richard $
 3 
# $Id: alcasar-bl.sh 1899 2016-05-19 08:58:02Z raphael.pion $
4 
 
 4 
 
5 
# alcasar-bl.sh
 5 
# alcasar-bl.sh
6 
# by Franck BOUIJOUX and Richard REY
 6 
# by Franck BOUIJOUX and Richard REY
7 
# This script is distributed under the Gnu General Public License (GPL)
 7 
# This script is distributed under the Gnu General Public License (GPL)
8 
 
 8 
 
Line 26... Line 26...
26 
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled"		#	'	'	WL enabled categories
 26 
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled"		#	'	'	WL enabled categories
27 
DIR_SHARE="/usr/local/share"
 27 
DIR_SHARE="/usr/local/share"
28 
DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl"					# all the BL in the DNSMASQ format
 28 
DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl"					# all the BL in the DNSMASQ format
29 
DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl"					# all the WL	'	'	'
 29 
DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl"					# all the WL	'	'	'
30 
DIR_IP_BL="$DIR_SHARE/iptables-bl"					# all the IP addresses of the BL
30 
DIR_IP_BL="$DIR_SHARE/iptables-bl"					# all the IP addresses of the BL
- 
 
 31 
DIR_IP_WL="$DIR_SHARE/iptables-wl"					# IP ossi disabled WL
31 
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled"			# symbolic link to the domains BL (only enabled categories)
 32 
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled"			# symbolic link to the domains BL (only enabled categories)
32 
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled"			#	'	'	'	WL	'	'	'
 33 
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled"			#	'	'	'	WL	'	'	'
33 
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled"			#	'	'	ip BL (only enabled categories)
 34 
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled"			#	'	'	ip BL (only enabled categories)
34 
DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled"			#	'	'	ip WL (ossi and ossi-* imported from ACC)
 35 
DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled"			#	'	'	ip WL (ossi and ossi-* imported from ACC)
- 
 
 36 
tmp_DIR_IP_BL="/tmp/ossi-iptables-bl"					#IP BL tmp directory to keep ossi files during an update
35 
DIR_IP_WL="$DIR_SHARE/iptables-wl-enabled"			#	'	'	ip WL (ossi and ossi-* imported from ACC)
 37 
tmp_DIR_IP_WL="/tmp/ossi-iptables-wl"					#IP WL tmp directory to keep ossi files during an update
- 
 
 38 
tmp_DIR_DNS_BL="/tmp/ossi-dnsmasq-bl"					#DNS BL tmp directory to keep ossi files during an update
- 
 
 39 
tmp_DIR_DNS_WL="/tmp/ossi-dnsmasq-wl"					#DNS WL tmp directory to keep ossi files during an update
- 
 
 40 
#BL tmp directory to keep ossi files
36 
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf"				# conf file of dnsmasq-blacklist
 41 
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf"				# conf file of dnsmasq-blacklist
37 
DNS1=`grep "DNS1" $CONF_FILE | cut -d '=' -f 2` 			# server DNS1 (for WL domain names)
 42 
DNS1=`grep "DNS1" $CONF_FILE | cut -d '=' -f 2` 			# server DNS1 (for WL domain names)
38 
BL_SERVER="dsi.ut-capitole.fr"
 43 
BL_SERVER="dsi.ut-capitole.fr"
39 
SED="/bin/sed -i"
 44 
SED="/bin/sed -i"
40 
 
 45 
 
Line 51... Line 56...
51 
		do
 56 
		do
52 
			rm -f $DIR_IP_BL_ENABLED/$file
 57 
			rm -f $DIR_IP_BL_ENABLED/$file
53 
		done
 58 
		done
54 
	else
 59 
	else
55 
		mkdir $DIR_IP_BL_ENABLED
 60 
		mkdir $DIR_IP_BL_ENABLED
56 
		chown apache $DIR_IP_BL_ENABLED
 61 
		chown dansguardian:apache $DIR_IP_BL_ENABLED
57 
	fi
 62 
	fi
58
63
59
64
60 
	#dns BL ENABLED
 65 
	#dns BL ENABLED
61 
	if [ -d $DIR_DNS_BL_ENABLED ]
 66 
	if [ -d $DIR_DNS_BL_ENABLED ]
Line 64... Line 69...
64 
		do
 69 
		do
65 
			rm -f $DIR_DNS_BL_ENABLED/$file
 70 
			rm -f $DIR_DNS_BL_ENABLED/$file
66 
		done
 71 
		done
67 
	else
 72 
	else
68 
		mkdir $DIR_DNS_BL_ENABLED
 73 
		mkdir $DIR_DNS_BL_ENABLED
69 
		chown apache $DIR_DNS_BL_ENABLED
 74 
		chown dansguardian:apache $DIR_DNS_BL_ENABLED
70 
	fi
 75 
	fi
71
76
- 
 
 77 
	#ip WL ENABLE
- 
 
 78 
	if [ -d $DIR_IP_WL ]
- 
 
 79 
	then
- 
 
 80 
		for file in `ls -1 $DIR_IP_WL | grep -v "^ossi*"`
- 
 
 81 
		do
- 
 
 82 
			rm -f $DIR_IP_WL/$file
- 
 
 83 
		done
- 
 
 84 
	else
- 
 
 85 
		mkdir $DIR_IP_WL
- 
 
 86 
		chown dansguardian:apache $DIR_IP_WL
- 
 
 87 
	fi
72
88
73 
	#ip WL ENABLE
 89 
	#ip WL ENABLE
74 
	if [ -d $DIR_IP_WL_ENABLED ]
 90 
	if [ -d $DIR_IP_WL_ENABLED ]
75 
	then
 91 
	then
76 
		for file in `ls -1 $DIR_IP_WL_ENABLED | grep -v "^ossi*"`
 92 
		for file in `ls -1 $DIR_IP_WL_ENABLED | grep -v "^ossi*"`
77 
		do
 93 
		do
78 
			rm -f $DIR_IP_WL_ENABLED/$file
 94 
			rm -f $DIR_IP_WL_ENABLED/$file
79 
		done
 95 
		done
80 
	else
 96 
	else
81 
		mkdir $DIR_IP_WL_ENABLED
 97 
		mkdir $DIR_IP_WL_ENABLED
82 
		chown apache $DIR_IP_WL_ENABLED
 98 
		chown dansguardian:apache $DIR_IP_WL_ENABLED
83 
		touch $DIR_IP_WL_ENABLED/ossi
 99 
		touch $DIR_IP_WL_ENABLED/ossi
84 
		chown apache $DIR_IP_WL_ENABLED/ossi
 100 
		chown dansguardian:apache $DIR_IP_WL_ENABLED/ossi
85 
	fi
 101 
	fi
86 
 
 102 
 
87 
	#dns WL ENABLED
 103 
	#dns WL ENABLED
88 
	if [ -d $DIR_DNS_WL_ENABLED ]
 104 
	if [ -d $DIR_DNS_WL_ENABLED ]
89 
	then
 105 
	then
Line 91... Line 107...
91 
		do
 107 
		do
92 
			rm -f $DIR_DNS_WL_ENABLED/$file
 108 
			rm -f $DIR_DNS_WL_ENABLED/$file
93 
		done
 109 
		done
94 
	else
 110 
	else
95 
		mkdir $DIR_DNS_WL_ENABLED
 111 
		mkdir $DIR_DNS_WL_ENABLED
96 
		chown apache $DIR_DNS_WL_ENABLED
 112 
		chown dansguardian:apache $DIR_DNS_WL_ENABLED
97 
	fi
 113 
	fi
98
114
99 
	#dns WL ossi.conf
115 
	#dns WL ossi.conf
100 
	if [ ! -e $DIR_DNS_WL/ossi.conf ]
 116 
	if [ ! -e $DIR_DNS_WL/ossi.conf ]
101 
	then
 117 
	then
102 
		touch $DIR_DNS_WL/ossi.conf
 118 
		touch $DIR_DNS_WL/ossi.conf
103 
		chown apache $DIR_DNS_WL/ossi.conf
 119 
		chown dansguardian:apache $DIR_DNS_WL/ossi.conf
104 
		if [ ! -e $DIR_DNS_WL_ENABLED/ossi ]
 120 
		if [ ! -e $DIR_DNS_WL_ENABLED/ossi ]
105 
		then
 121 
		then
106 
		ln -s $DIR_DNS_WL/ossi.conf $DIR_DNS_WL_ENABLED/ossi
 122 
		ln -s $DIR_DNS_WL/ossi.conf $DIR_DNS_WL_ENABLED/ossi
107 
		fi
 123 
		fi
108 
	fi
 124 
	fi
Line 179... Line 195...
179 
		;;
 195 
		;;
180 
	# Adapt Toulouse University BL to ALCASAR architecture (dnsmasq + DG + iptables)
 196 
	# Adapt Toulouse University BL to ALCASAR architecture (dnsmasq + DG + iptables)
181 
	-adapt | --adapt)
 197 
	-adapt | --adapt)
182 
		echo -n "Adaptation process of Toulouse University blackList. Please wait : "
 198 
		echo -n "Adaptation process of Toulouse University blackList. Please wait : "
183
199
- 
 
 200 
		#to keep ossi files
- 
 
 201 
		mkdir $tmp_DIR_IP_BL $tmp_DIR_IP_WL $tmp_DIR_DNS_BL $tmp_DIR_DNS_WL
- 
 
 202 
		for x in $(ls -1 $DIR_IP_BL | grep "^ossi*")
- 
 
 203 
		do
- 
 
 204 
			mv $DIR_IP_BL/$x $tmp_DIR_IP_BL
- 
 
 205 
		done
- 
 
 206 
		for x in $(ls -1 $DIR_IP_WL | grep "^ossi*")
- 
 
 207 
		do
- 
 
 208 
			mv $DIR_IP_WL/$x $tmp_DIR_IP_WL
- 
 
 209 
		done
- 
 
 210 
		for x in $(ls -1 $DIR_DNS_BL | grep "^ossi*")
- 
 
 211 
		do
- 
 
 212 
			mv $DIR_DNS_BL/$x $tmp_DIR_DNS_BL
- 
 
 213 
		done
- 
 
 214 
		for x in $(ls -1 $DIR_DNS_WL | grep "^ossi*")
- 
 
 215 
		do
- 
 
 216 
			mv $DIR_DNS_WL/$x $tmp_DIR_DNS_WL
- 
 
 217 
		done
184
218
- 
 
 219
185 
		if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL
 220 
		if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL
186 
		then
 221 
		then
187 
			[ -d $DIR_DG_BL/ossi ] && mv $DIR_DG_BL/ossi $DIR_tmp
 222 
			[ -d $DIR_DG_BL/ossi ] && mv $DIR_DG_BL/ossi $DIR_tmp
188 
			[ -e $DIR_IP_BL/ossi ] && mv $DIR_IP_BL/ossi $DIR_tmp/ossi-ip-bl
 223 
			[ -e $DIR_IP_BL/ossi ] && mv $DIR_IP_BL/ossi $DIR_tmp/ossi-ip-bl
189 
			rm -rf $DIR_DG_BL $DIR_IP_BL
 224 
			rm -rf $DIR_DG_BL $DIR_IP_BL
190 
			mkdir $DIR_DG_BL $DIR_IP_BL
 225 
			mkdir $DIR_DG_BL $DIR_IP_BL
191 
			tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
 226 
			tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
192 
			[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/
 227 
			[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/
193 
		fi
 228 
		fi
194 
		rm -f $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED
 229 
		rm -f $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED
195 
		rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL
 230 
		rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
196 
		touch $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED
 231 
		touch $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED
197 
		mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL
 232 
		mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
198 
		chown -R dansguardian:apache $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED
 233 
		chown -R dansguardian:apache $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
199 
		chmod -R g+w $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED
 234 
		chmod -R g+w $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
200 
		find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist
 235 
		find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist
201 
		$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix
 236 
		$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix
202 
		for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files
 237 
		for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files
203 
		do
 238 
		do
204 
			categorie=`echo $dir_categorie|cut -d "/" -f6`
 239 
			categorie=`echo $dir_categorie|cut -d "/" -f6`
Line 254... Line 289...
254 
		done
 289 
		done
255 
		rm -f $FILE_tmp $FILE_ip_tmp
 290 
		rm -f $FILE_tmp $FILE_ip_tmp
256 
		# Restoring ossi file of BL IP
 291 
		# Restoring ossi file of BL IP
257 
		[ -e $DIR_tmp/ossi-ip-bl ] && mv $DIR_tmp/ossi-ip-bl $DIR_IP_BL/ossi
 292 
		[ -e $DIR_tmp/ossi-ip-bl ] && mv $DIR_tmp/ossi-ip-bl $DIR_IP_BL/ossi
258 
		rm -rf $DIR_tmp
 293 
		rm -rf $DIR_tmp
- 
 
 294
- 
 
 295
- 
 
 296 
		for x in $(ls -1 $tmp_DIR_IP_BL | grep "^ossi*")
- 
 
 297 
		do
- 
 
 298 
			mv $tmp_DIR_IP_BL/$x $DIR_IP_BL
- 
 
 299 
		done
- 
 
 300 
		for x in $(ls -1 $tmp_DIR_IP_WL | grep "^ossi*")
- 
 
 301 
		do
- 
 
 302 
			mv $tmp_DIR_IP_WL/$x $DIR_IP_WL
- 
 
 303 
		done
- 
 
 304 
		for x in $(ls -1 $tmp_DIR_DNS_BL | grep "^ossi*")
- 
 
 305 
		do
- 
 
 306 
			mv $tmp_DIR_DNS_BL/$x $DIR_DNS_BL
- 
 
 307 
		done
- 
 
 308 
		for x in $(ls -1 $tmp_DIR_DNS_WL | grep "^ossi*")
- 
 
 309 
		do
- 
 
 310 
			mv $tmp_DIR_DNS_WL/$x $DIR_DNS_WL
- 
 
 311 
		done
- 
 
 312
- 
 
 313 
		rm -rf $tmp_DIR_IP_BL $tmp_DIR_IP_WL $tmp_DIR_DNS_BL $tmp_DIR_DNS_WL
259 
		echo
 314 
		echo
260 
		;;
 315 
		;;
261 
	# update the categories which are written in "/usr/local/etc/update_cat.conf" with rsync
 316 
	# update the categories which are written in "/usr/local/etc/update_cat.conf" with rsync
262 
	-update_cat | --update_cat)
 317 
	-update_cat | --update_cat)
263 
		if [ $(cat /usr/local/etc/update_cat.conf | wc -l) -ne 0 ]
 318 
		if [ $(cat /usr/local/etc/update_cat.conf | wc -l) -ne 0 ]