928,14 → 928,12 |
fi |
groupadd -f havp |
useradd -g havp havp |
# création de la partition de stockage temporaire (100Mo) |
dd if=/dev/zero of=/tmp/havp-disk bs=1024k count=30 |
mkfs.ext4 -qF /tmp/havp-disk |
# création de la zone de travail temporaire (50Mo) en mémoire |
mkdir -p /var/tmp/havp /var/log/havp |
chown -R havp /var/tmp/havp /var/log/havp /var/run/havp |
echo "# Entry for havp tmp files scan partition" >> /etc/fstab |
echo "/tmp/havp-disk /var/tmp/havp ext4 loop,mand,noatime,async" >> /etc/fstab |
echo "tmpfs /var/tmp/havp tmpfs mand,noatime,size=50m,nosuid,noexec 0 0" >> /etc/fstab |
$SED "/$HAVP_BIN -c $HAVP_CONFIG/i chown -R havp:havp \/var\/tmp\/havp" /etc/init.d/havp |
mkdir -p /var/tmp/havp /var/log/havp |
chown -R havp /var/log/havp /var/run/havp |
# configuration d'HAVP |
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default |
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config |
962,7 → 960,6 |
## Fonction firewall ## |
## - adaptation des scripts du parefeu ## |
## - mise en place des règles et sauvegarde pour un lancement automatique ## |
## - configuration Ulogd ## |
################################################################################## |
firewall () |
{ |
971,12 → 968,6 |
$SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau) |
[ -d /var/log/firewall ] || mkdir -p /var/log/firewall |
[ -e /var/log/firewall/firewall.log ] || touch /var/log/firewall/firewall.log |
chown -R root:apache /var/log/firewall |
chmod 750 /var/log/firewall |
chmod 640 /var/log/firewall/firewall.log |
$SED "s?^file=\"/var/log/ulogd.syslogemu\"?file=\"/var/log/firewall/firewall.log\"?g" /etc/ulogd.conf |
# création du fichier d'exception au filtrage |
touch /usr/local/etc/alcasar-filter-exceptions |
sh $DIR_DEST_BIN/alcasar-iptables.sh |
983,6 → 974,44 |
} # End of firewall () |
|
################################################################################## |
## param_ulogd function ## |
## - Ulog config for multi-log files ## |
################################################################################## |
param_ulogd () |
{ |
# Three instances of ulogd (three different logfiles) |
[ -d /var/log/firewall ] || mkdir -p /var/log/firewall |
[ -e /var/log/firewall/tracability.log ] || touch /var/log/firewall/tracability.log |
[ -e /var/log/firewall/ssh.log ] || touch /var/log/firewall/ssh.log |
[ -e /var/log/firewall/ext-access.log ] || touch /var/log/firewall/ext-access.log |
chown -R root:apache /var/log/firewall |
chmod 750 /var/log/firewall |
chmod 640 /var/log/firewall/* |
cat <<EOF > /etc/ulogd-tracability.conf |
# ulogd configuration for ALCASAR |
[global] |
nlgroup=1 |
logfile="/var/log/ulogd.log" |
loglevel=5 |
rmem=131071 |
bufsize=150000 |
plugin="/usr/lib/ulogd/ulogd_BASE.so" |
plugin="/usr/lib/ulogd/ulogd_LOGEMU.so" |
[LOGEMU] |
file="/var/log/firewall/tracability.log" |
sync=1 |
EOF |
cp -f /etc/ulogd-tracability.conf /etc/ulogd-ssh.conf |
$SED "s?^nlgroup=.*?nlgroup=2?g" /etc/ulogd-ssh.conf |
$SED "s?^file=\"/var/log/firewall/.*?file=\"/var/log/firewall/ssh.log\"?g" /etc/ulogd-ssh.conf |
cp -f /etc/ulogd-tracability.conf /etc/ulogd-ext-access.conf |
$SED "s?^nlgroup=.*?nlgroup=3?g" /etc/ulogd-ext-access.conf |
$SED "s?^file=\"/var/log/firewall/.*?file=\"/var/log/firewall/ext-access.log\"?g" /etc/ulogd-ext-access.conf |
[ -e /etc/init.d/ulogd.default ] || cp /etc/init.d/ulogd /etc/init.d/ulogd.default |
cp -f $DIR_CONF/ulogd-init /etc/init.d/ulogd |
} # End of param_ulogd () |
|
################################################################################## |
## Fonction param_awstats ## |
## - configuration de l'interface des logs de consultation WEB (AWSTAT) ## |
################################################################################## |
1355,7 → 1384,7 |
else |
mode="install" |
fi |
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus firewall param_awstats param_dnsmasq BL cron post_install |
for func in init network gestion AC init_db param_radius param_web_radius param_chilli param_squid param_dansguardian antivirus firewall param_ulogd param_awstats param_dnsmasq BL cron post_install |
|
do |
$func |