/alcasar.sh |
---|
1193,6 → 1193,7 |
#dhcpgateway none |
#dhcprelayagent none |
#dhcpgatewayport none |
#dhcpopt none |
EOF |
# create file for DHCP static ip. Reserve the second IP address for INTIF (the first one is for tun0) |
echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers |
1869,6 → 1870,8 |
# Put the default values in conf file |
echo "SSH=on" >> $CONF_FILE |
echo "SSH_ADMIN_FROM=0.0.0.0/0.0.0.0" >> $CONF_FILE |
echo "CHILLI_NTP_ENABLED=off" >> $CONF_FILE |
echo "CHILLI_NTP_IP=none" >> $CONF_FILE |
echo "LDAP=off" >> $CONF_FILE |
echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE |
echo "MULTIWAN=off" >> $CONF_FILE |
/conf/sudoers |
---|
12,7 → 12,7 |
User_Alias ADMWEB=apache # web admin account |
# Cmnd alias specification |
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh # network commands |
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-chilli_ntp.sh # network commands |
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment |
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass |
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # to manage users in command line |
/scripts/alcasar-activity_report.sh |
---|
193,7 → 193,7 |
#find data |
#decompress every logs |
if [ $(ls -1 /var/log/dnsmasq/ | grep dnsmasq-blacklist.log.*.gz | wc -l) -ge 1 ] |
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.*.gz 2>/dev/null | wc -l) -ge 1 ] |
then |
gunzip -d dnsmasq-blacklist.log.*.gz |
fi |
205,7 → 205,6 |
do |
if [ $(echo $LOG_BL | grep config | grep $PRIVATE_IP | wc -c) -ge 1 ] |
then |
#find the current blacklisted category |
website_bl=$(echo $LOG_BL | cut -d' ' -f6) |
212,11 → 211,16 |
#we convert www.test.co.uk => test.co.uk to find the category of this website |
if [ $(grep -o '\.' <<< "$website_bl" | wc -l) -ge "2" ] |
then |
website_bl=$(echo $website_bl | cut -d'.' -f2-) |
website_bl=$(echo $website_bl | cut -d'.' -f2-) |
fi |
categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1) |
#get BL category |
categorie_bl=$(grep -R "$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1) |
if [ $(echo $categorie_bl | wc -w) -gt 1 ] |
then |
categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1) |
fi |
#Calculate its timestamp |
Y=$(date -R | cut -d' ' -f4) |
M=$(echo $LOG_BL | cut -d' ' -f1) |
223,12 → 227,13 |
D=$(echo $LOG_BL | cut -d' ' -f2) |
H=$(echo $LOG_BL | cut -d' ' -f3) |
CURRENT_TS=$(date -d "$M $D $Y $H" +"%s") |
echo "$CURRENT_TS:$categorie_bl" >> $TMP_BL |
echo "$CURRENT_TS:$categorie_bl:" >> $TMP_BL |
fi |
done < /var/log/dnsmasq/$FILE |
done |
#if data exists, create this section in html document |
if [ -e $TMP_BL ] |
then |
306,7 → 311,7 |
echo "" >> $HTML_REPORT |
elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ] |
then |
echo "\"nb site\"" >> $HTML_REPORT |
echo "\"Nombre de site bloqué par la blacklist\"" >> $HTML_REPORT |
else |
echo $LINE_JS >> $HTML_REPORT |
fi |
343,7 → 348,7 |
#then we count every occurence for each category in TMP_BL_WEEK |
for CAT in $(ls /usr/local/share/dnsmasq-bl/ -1 | cut -d'.' -f1) |
do |
echo "$CAT:$(grep -o "$CAT" <<< "$(cat $TMP_BL_WEEK)" | wc -l)" >> $TMP_BL_WEEK_CAT |
echo "$CAT:$(grep -o ":$CAT:" <<< "$(cat $TMP_BL_WEEK)" | wc -l):" >> $TMP_BL_WEEK_CAT |
done |
#we sort by number of occurence and we take the top 10 BL categories |
418,10 → 423,6 |
fi |
done |
echo "</script>" >> $HTML_REPORT |
#Then we finish and remove our files |
rm $TMP_BL |
rm $TMP_BL_WEEK |
rm $TMP_BL_WEEK_CAT |
else |
echo "<h3>Aucune activité de la Blacklist cette semaine.</h3>" >> $HTML_REPORT |
fi |
430,7 → 431,7 |
echo "Create AV logs since the installation of ALCASAR" |
#decompress every logs, if they exist |
if [ $(ls -1 /var/log/havp/ | grep access.log.*.gz | wc -l) -ge 1 ] |
if [ $(ls -1 /var/log/havp/access.log.*.gz 2>/dev/null | wc -l) -ge 1 ] |
then |
gunzip -d access.log.*.gz |
fi |
522,7 → 523,7 |
echo "" >> $HTML_REPORT |
elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ] |
then |
echo "\"Menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT |
echo "\"Nombre de menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT |
else |
echo $LINE_JS >> $HTML_REPORT |
fi |
624,9 → 625,6 |
cat $TMP_STATS | sed -n "/$DELIM_1/,/$DELIM_2/p" | tail -n+3 | head -n-2 >> $TMP_STATS_2 |
cat $TMP_STATS_2 | sed -e 's:images/pixel.gif:../../manager/htdocs/images/pixel.gif:g' >> $HTML_REPORT |
rm $TMP_STATS |
rm $TMP_STATS_2 |
#we delete our user if he still exists |
if [ $(grep "$compte:" $DIR_KEY/key_only_manager | wc -l) -ge 1 ] |
then |
668,11 → 666,28 |
echo "</body>" >> $HTML_REPORT |
echo "</html>" >> $HTML_REPORT |
#convert html document to PDF |
/usr/bin/wkhtmltopdf $HTML_REPORT $(echo $HTML_REPORT | cut -d'.' -f1).pdf |
chown apache:apache $(echo $HTML_REPORT | cut -d'.' -f1).pdf |
chmod 644 $(echo $HTML_REPORT | cut -d'.' -f1).pdf |
#remove HTML report |
#compress every logs, if they exist |
if [ $(ls -1 /var/log/havp/access.log.* 2>/dev/null | wc -l) -ge 1 ] |
then |
gzip /var/log/havp/access.log.* |
fi |
#compress every logs |
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.* 2>/dev/null | wc -l) -ge 1 ] |
then |
gzip /var/log/dnsmasq/dnsmasq-blacklist.log.* |
fi |
#remove our files |
rm $TMP_BL |
rm $TMP_BL_WEEK |
rm $TMP_BL_WEEK_CAT |
rm $TMP_STATS |
rm $TMP_STATS_2 |
rm $HTML_REPORT |
/scripts/alcasar-chilli_ntp.sh |
---|
0,0 → 1,77 |
#/bin/bash |
# alcasar-dhcp.sh |
# by Raphaël Pion |
# This script is distributed under the Gnu General Public License (GPL) |
# active ou desactive l'option NTP du DHCP sur le réseau de consultation |
# enable or disable the NTP option of DHCP service on consultation LAN |
#configuration files |
SED="/bin/sed -i" |
CHILLI_CONF_FILE="/etc/chilli.conf" |
ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf" |
#NTP parameters |
NTP_STATE=$(grep 'DHCP=' $ALCASAR_CONF_FILE | cut -d'=' -f2) |
CHILLI_NTP_IP=$(grep 'CHILLI_NTP_IP=' $ALCASAR_CONF_FILE | cut -d'=' -f2) |
usage="Usage: alcasar-chilli_ntp.sh {--on | -on} | {--off | -off} " |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
echo "$usage" |
exit 1 |
fi |
case $args in |
-\? | -h | --h) |
echo "$usage" |
exit 0 |
;; |
--off|-off) # disable NTP options over DHCP of coovachilli |
$SED "s?^CHILLI_NTP_ENABLED.*?CHILLI_NTP_ENABLED=off?g" $ALCASAR_CONF_FILE |
$SED "s?.*dhcpopt\t.*?#dhcpopt\t\t$CHILLI_NTP_IP?g" $CHILLI_CONF_FILE |
#/usr/bin/systemctl restart chilli |
;; |
--on|-on) # enable NTP options over DHCP of coovachilli |
if [ $NTP_STATE == "on" ] |
then |
#DHCP Options : rfc2132 |
#dhcp option value will be convert in hexa. |
#NTP option (or 'option 42') is like : |
# |
# Code Len Address 1 Address 2 |
# +-----+-----+-----+-----+-----+-----+-----+-----+-- |
# | 42 | n | a1 | a2 | a3 | a4 | a1 | a2 | ... |
# +-----+-----+-----+-----+-----+-----+-----+-----+-- |
# |
#Code : 42 => 2a |
#Len : 4 => 04 |
#Convert CHILLI_NTP_IP into hexadecimal value |
if [ $CHILLI_NTP_IP != "none" ] |
then |
a1=$( printf "%02x\n" $(cat /usr/local/etc/alcasar.conf | grep CHILLI_NTP_IP | cut -d'=' -f2 | cut -d'.' -f1)) |
a2=$( printf "%02x\n" $(cat /usr/local/etc/alcasar.conf | grep CHILLI_NTP_IP | cut -d'=' -f2 | cut -d'.' -f2)) |
a3=$( printf "%02x\n" $(cat /usr/local/etc/alcasar.conf | grep CHILLI_NTP_IP | cut -d'=' -f2 | cut -d'.' -f3)) |
a4=$( printf "%02x\n" $(cat /usr/local/etc/alcasar.conf | grep CHILLI_NTP_IP | cut -d'=' -f2 | cut -d'.' -f4)) |
HEXA_CHILLI_NTP_IP="2a04$a1$a2$a3$a4" |
$SED "s?.*dhcpopt.*?dhcpopt\t\t$HEXA_CHILLI_NTP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^CHILLI_NTP_ENABLED.*?CHILLI_NTP_ENABLED=on?g" $ALCASAR_CONF_FILE |
/usr/bin/systemctl restart chilli |
else |
echo "Vous devez spécifier une addresse IP désignant votre serveur NTP" |
fi |
else |
echo "L'option NTP du DHCP de coovachilli ne peut pas s'activer. En effet le DHCP est 'off' sur ALCASAR" |
fi |
;; |
*) |
echo "Argument inconnu :$1"; |
echo "$usage" |
exit 1 |
;; |
esac |
/scripts/alcasar-dhcp.sh |
---|
35,7 → 35,7 |
RELAY_DHCP_PORT=`grep RELAY_DHCP_PORT $ALCASAR_CONF_FILE|cut -d"=" -f2` # Port de redirection vers le relay DHCP : 67 par défaut |
RELAY_DHCP_PORT=${RELAY_DHCP_PORT:=67} |
usage="Usage: alcasar-dhcp.sh {--on | -on} | {--off | -off}" |
usage="Usage: alcasar-dhcp.sh {--on | -on} | {--off | -off} " |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
/web/acc/admin/network.php |
---|
36,7 → 36,11 |
$l_dhcp_state = "Mode actuel"; |
$l_DHCP_on = "actif"; |
$l_DHCP_off = "inactif"; |
$l_chilliNTP_on = "actif"; |
$l_chilliNTP_off = "inactif"; |
$l_chilliNTP_explain = "Activer l'option NTP dans les requêtes DHCP de coova-chilli ?<br> si oui, vous devez spécifier l'addresse IP du serveur NTP dans le fichier '/usr/local/etc/alcasar.conf' et changer la valeur de CHILLI_NTP_IP par l'ip de votre serveur NTP. Ensuite rendez le NTP 'actif' et appliquez."; |
$l_DHCP_off_explain = "! Avant d'arrêter le serveur DHCP, vous devez renseigner les paramètres d'un serveur externe (cf. documentation)."; |
$l_DHCP_explain = "Activer le DHCP"; |
$l_static_dhcp_title = "Réservation d'adresses IP statiques"; |
$l_mac_address = "Adresse MAC"; |
$l_ip_address = "Adresse IP"; |
69,6 → 73,10 |
$l_DHCP_on = "enabled"; |
$l_DHCP_off = "disabled"; |
$l_DHCP_off_explain = "! Before disabling the DHCP server, you must write the extern DHCP parameters in the config file (see Documentation)"; |
$l_DHCP_explain = "Enable DHCP"; |
$l_chilliNTP_on = "enabled"; |
$l_chilliNTP_off = "disabled"; |
$l_chilliNTP_explain = "Would you like to enable NTP option in DHCP request of coova-chilli?<br> You have to specify IP address of NTP server in this file '/usr/local/etc/alcasar.conf' and change the value of CHILLI_NTP_IP by @IP of NTP server. Then select 'enabled' and 'Apply change'."; |
$l_static_dhcp_title = "Static IP addresses reservation"; |
$l_mac_address = "MAC Address"; |
$l_ip_address = "IP Address"; |
90,6 → 98,12 |
if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";} |
switch ($choix) |
{ |
case 'chilliNTP_On' : |
exec ("sudo /usr/local/bin/alcasar-chilli_ntp.sh -on"); |
break; |
case 'chilliNTP_Off' : |
exec ("sudo /usr/local/bin/alcasar-chilli_ntp.sh -off"); |
break; |
case 'DHCP_On' : |
exec ("sudo /usr/local/bin/alcasar-dhcp.sh -on"); |
break; |
361,12 → 375,26 |
$dhcp_state=trim($conf["DHCP"]); |
echo "<CENTER><H3>$l_dhcp_state : ${"l_DHCP_".$dhcp_state}</H3></CENTER>"; |
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>"; |
echo "<br><b>$l_DHCP_explain : </b><br>"; |
echo "<select name='choix'>"; |
echo "<option value=\"DHCP_Off\" ";if (!strcmp($dhcp_state,"off")) echo "selected";echo ">$l_DHCP_off"; |
echo "<option value=\"DHCP_On\" ";if (!strcmp($dhcp_state,"on")) echo "selected";echo ">$l_DHCP_on"; |
echo "</select>"; |
echo "<input type=submit value='$l_apply'>"; |
echo "<br>$l_DHCP_off_explain"; |
echo "<br>$l_DHCP_off_explain<br>"; |
//DHCP option NTP (as known as 'option 42') with coovachilli |
if (!strcmp($dhcp_state,"on")) |
{ |
$chilliNTP_state=trim($conf["CHILLI_NTP_ENABLED"]); |
echo "<br><b>$l_chilliNTP_explain : </b><br>"; |
echo "<select name='chilliNTP_choix'>"; |
echo "<option value=\"chilliNTP_Off\" ";if (!strcmp($chilliNTP_state,"off")) echo "selected";echo ">$l_chilliNTP_off"; |
echo "<option value=\"chilliNTP_On\" ";if (!strcmp($chilliNTP_state,"on")) echo "selected";echo ">$l_chilliNTP_on"; |
echo "</select>"; |
} |
echo "<br><br><input type=submit value='$l_apply'>"; |
echo "</FORM>"; |
echo "</td></tr>"; |
if (strncmp($conf["DHCP"],"on",2) == 0) { require ('network2.php');} |
496,3 → 524,4 |
} |
} |
?> |
/web/acc/manager/activity_report/models/Chart.report.js |
---|
28,6 → 28,9 |
XXCOMMENT-BEGINXX |
scales: { |
yAxes: [{ |
ticks: { |
beginAtZero:true |
} |
scaleLabel: { |
display: |
true, |
36,13 → 39,6 |
} |
}] |
}, |
scales: { |
yAxes: [{ |
ticks: { |
beginAtZero:true |
} |
}] |
} |
XXCOMMENT-ENDXX |
} |
}; |
/web/status.php |
---|
252,6 → 252,49 |
$a_connection = $l_a_connection." ".$a_connected." ".$l_a_connection_time; } |
} |
} |
//store in a file user @IP who can join this page. |
$filename='/tmp/current_users.txt'; |
//change me avoid duplicate user @IP |
$change_me = 1; |
//check if filename exists |
if(file_exists($filename)){ |
$fichier = fopen($filename, "r"); |
$content = file($filename); |
//if file is empty, we put user @IP in it. |
if(empty($content)) |
{ |
file_put_contents($filename, $_SERVER['REMOTE_ADDR']); |
} |
else |
{ |
//if we found duplicate IP, it will not write user @IP in filename (set change_me = 0) |
foreach($content as $line){ |
$line = preg_replace('/\s+/', '', $line); |
if($line == $_SERVER['REMOTE_ADDR']) |
{ |
$change_me = 0; |
} |
} |
//if user @IP does not exist, we will write it in filename |
if($change_me) |
{ |
file_put_contents($filename, $_SERVER['REMOTE_ADDR'].PHP_EOL , FILE_APPEND); |
} |
} |
} |
else |
{ |
//we create filename and we put user @IP in it. |
file_put_contents($filename, $_SERVER['REMOTE_ADDR'].PHP_EOL); |
} |
} |
} |
?> |