Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2012 → Rev 2013

/alcasar.sh
1193,6 → 1193,7
#dhcpgateway none
#dhcprelayagent none
#dhcpgatewayport none
#dhcpopt none
EOF
# create file for DHCP static ip. Reserve the second IP address for INTIF (the first one is for tun0)
echo "$PRIVATE_MAC $PRIVATE_SECOND_IP" > $DIR_DEST_ETC/alcasar-ethers
1869,6 → 1870,8
# Put the default values in conf file
echo "SSH=on" >> $CONF_FILE
echo "SSH_ADMIN_FROM=0.0.0.0/0.0.0.0" >> $CONF_FILE
echo "CHILLI_NTP_ENABLED=off" >> $CONF_FILE
echo "CHILLI_NTP_IP=none" >> $CONF_FILE
echo "LDAP=off" >> $CONF_FILE
echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
echo "MULTIWAN=off" >> $CONF_FILE
/conf/sudoers
12,7 → 12,7
User_Alias ADMWEB=apache # web admin account
 
# Cmnd alias specification
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh # network commands
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-chilli_ntp.sh # network commands
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # to manage users in command line
/scripts/alcasar-activity_report.sh
193,7 → 193,7
#find data
 
#decompress every logs
if [ $(ls -1 /var/log/dnsmasq/ | grep dnsmasq-blacklist.log.*.gz | wc -l) -ge 1 ]
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
then
gunzip -d dnsmasq-blacklist.log.*.gz
fi
205,7 → 205,6
do
if [ $(echo $LOG_BL | grep config | grep $PRIVATE_IP | wc -c) -ge 1 ]
then
#find the current blacklisted category
website_bl=$(echo $LOG_BL | cut -d' ' -f6)
212,11 → 211,16
#we convert www.test.co.uk => test.co.uk to find the category of this website
if [ $(grep -o '\.' <<< "$website_bl" | wc -l) -ge "2" ]
then
website_bl=$(echo $website_bl | cut -d'.' -f2-)
website_bl=$(echo $website_bl | cut -d'.' -f2-)
fi
 
categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1)
 
#get BL category
categorie_bl=$(grep -R "$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1)
if [ $(echo $categorie_bl | wc -w) -gt 1 ]
then
categorie_bl=$(grep -R "/$website_bl/" /usr/local/share/dnsmasq-bl-enabled/ | cut -d':' -f1 | cut -d'/' -f6 | cut -d' ' -f1 | head -1)
fi
#Calculate its timestamp
Y=$(date -R | cut -d' ' -f4)
M=$(echo $LOG_BL | cut -d' ' -f1)
223,12 → 227,13
D=$(echo $LOG_BL | cut -d' ' -f2)
H=$(echo $LOG_BL | cut -d' ' -f3)
CURRENT_TS=$(date -d "$M $D $Y $H" +"%s")
echo "$CURRENT_TS:$categorie_bl" >> $TMP_BL
echo "$CURRENT_TS:$categorie_bl:" >> $TMP_BL
fi
done < /var/log/dnsmasq/$FILE
done
 
 
#if data exists, create this section in html document
if [ -e $TMP_BL ]
then
306,7 → 311,7
echo "" >> $HTML_REPORT
elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
then
echo "\"nb site\"" >> $HTML_REPORT
echo "\"Nombre de site bloqué par la blacklist\"" >> $HTML_REPORT
else
echo $LINE_JS >> $HTML_REPORT
fi
343,7 → 348,7
#then we count every occurence for each category in TMP_BL_WEEK
for CAT in $(ls /usr/local/share/dnsmasq-bl/ -1 | cut -d'.' -f1)
do
echo "$CAT:$(grep -o "$CAT" <<< "$(cat $TMP_BL_WEEK)" | wc -l)" >> $TMP_BL_WEEK_CAT
echo "$CAT:$(grep -o ":$CAT:" <<< "$(cat $TMP_BL_WEEK)" | wc -l):" >> $TMP_BL_WEEK_CAT
done
 
#we sort by number of occurence and we take the top 10 BL categories
418,10 → 423,6
fi
done
echo "</script>" >> $HTML_REPORT
#Then we finish and remove our files
rm $TMP_BL
rm $TMP_BL_WEEK
rm $TMP_BL_WEEK_CAT
else
echo "<h3>Aucune activité de la Blacklist cette semaine.</h3>" >> $HTML_REPORT
fi
430,7 → 431,7
echo "Create AV logs since the installation of ALCASAR"
 
#decompress every logs, if they exist
if [ $(ls -1 /var/log/havp/ | grep access.log.*.gz | wc -l) -ge 1 ]
if [ $(ls -1 /var/log/havp/access.log.*.gz 2>/dev/null | wc -l) -ge 1 ]
then
gunzip -d access.log.*.gz
fi
522,7 → 523,7
echo "" >> $HTML_REPORT
elif [ $(echo $LINE_JS | grep 'XXYLABELXX' | wc -l) -eq 1 ]
then
echo "\"Menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT
echo "\"Nombre de menaces virales bloqués par l'antivirus\"" >> $HTML_REPORT
else
echo $LINE_JS >> $HTML_REPORT
fi
624,9 → 625,6
cat $TMP_STATS | sed -n "/$DELIM_1/,/$DELIM_2/p" | tail -n+3 | head -n-2 >> $TMP_STATS_2
cat $TMP_STATS_2 | sed -e 's:images/pixel.gif:../../manager/htdocs/images/pixel.gif:g' >> $HTML_REPORT
 
rm $TMP_STATS
rm $TMP_STATS_2
 
#we delete our user if he still exists
if [ $(grep "$compte:" $DIR_KEY/key_only_manager | wc -l) -ge 1 ]
then
668,11 → 666,28
echo "</body>" >> $HTML_REPORT
echo "</html>" >> $HTML_REPORT
 
 
#convert html document to PDF
/usr/bin/wkhtmltopdf $HTML_REPORT $(echo $HTML_REPORT | cut -d'.' -f1).pdf
chown apache:apache $(echo $HTML_REPORT | cut -d'.' -f1).pdf
chmod 644 $(echo $HTML_REPORT | cut -d'.' -f1).pdf
 
#remove HTML report
#compress every logs, if they exist
if [ $(ls -1 /var/log/havp/access.log.* 2>/dev/null | wc -l) -ge 1 ]
then
gzip /var/log/havp/access.log.*
fi
 
#compress every logs
if [ $(ls -1 /var/log/dnsmasq/dnsmasq-blacklist.log.* 2>/dev/null | wc -l) -ge 1 ]
then
gzip /var/log/dnsmasq/dnsmasq-blacklist.log.*
fi
 
#remove our files
rm $TMP_BL
rm $TMP_BL_WEEK
rm $TMP_BL_WEEK_CAT
rm $TMP_STATS
rm $TMP_STATS_2
rm $HTML_REPORT
 
/scripts/alcasar-chilli_ntp.sh
0,0 → 1,77
#/bin/bash
# alcasar-dhcp.sh
 
# by Raphaël Pion
# This script is distributed under the Gnu General Public License (GPL)
 
# active ou desactive l'option NTP du DHCP sur le réseau de consultation
# enable or disable the NTP option of DHCP service on consultation LAN
 
 
#configuration files
SED="/bin/sed -i"
CHILLI_CONF_FILE="/etc/chilli.conf"
ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf"
 
#NTP parameters
NTP_STATE=$(grep 'DHCP=' $ALCASAR_CONF_FILE | cut -d'=' -f2)
CHILLI_NTP_IP=$(grep 'CHILLI_NTP_IP=' $ALCASAR_CONF_FILE | cut -d'=' -f2)
 
usage="Usage: alcasar-chilli_ntp.sh {--on | -on} | {--off | -off} "
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
echo "$usage"
exit 1
fi
case $args in
-\? | -h | --h)
echo "$usage"
exit 0
;;
--off|-off) # disable NTP options over DHCP of coovachilli
$SED "s?^CHILLI_NTP_ENABLED.*?CHILLI_NTP_ENABLED=off?g" $ALCASAR_CONF_FILE
$SED "s?.*dhcpopt\t.*?#dhcpopt\t\t$CHILLI_NTP_IP?g" $CHILLI_CONF_FILE
#/usr/bin/systemctl restart chilli
;;
--on|-on) # enable NTP options over DHCP of coovachilli
if [ $NTP_STATE == "on" ]
then
#DHCP Options : rfc2132
#dhcp option value will be convert in hexa.
#NTP option (or 'option 42') is like :
#
# Code Len Address 1 Address 2
# +-----+-----+-----+-----+-----+-----+-----+-----+--
# | 42 | n | a1 | a2 | a3 | a4 | a1 | a2 | ...
# +-----+-----+-----+-----+-----+-----+-----+-----+--
#
#Code : 42 => 2a
#Len : 4 => 04
#Convert CHILLI_NTP_IP into hexadecimal value
if [ $CHILLI_NTP_IP != "none" ]
then
a1=$( printf "%02x\n" $(cat /usr/local/etc/alcasar.conf | grep CHILLI_NTP_IP | cut -d'=' -f2 | cut -d'.' -f1))
a2=$( printf "%02x\n" $(cat /usr/local/etc/alcasar.conf | grep CHILLI_NTP_IP | cut -d'=' -f2 | cut -d'.' -f2))
a3=$( printf "%02x\n" $(cat /usr/local/etc/alcasar.conf | grep CHILLI_NTP_IP | cut -d'=' -f2 | cut -d'.' -f3))
a4=$( printf "%02x\n" $(cat /usr/local/etc/alcasar.conf | grep CHILLI_NTP_IP | cut -d'=' -f2 | cut -d'.' -f4))
HEXA_CHILLI_NTP_IP="2a04$a1$a2$a3$a4"
$SED "s?.*dhcpopt.*?dhcpopt\t\t$HEXA_CHILLI_NTP_IP?g" $CHILLI_CONF_FILE
$SED "s?^CHILLI_NTP_ENABLED.*?CHILLI_NTP_ENABLED=on?g" $ALCASAR_CONF_FILE
/usr/bin/systemctl restart chilli
else
echo "Vous devez spécifier une addresse IP désignant votre serveur NTP"
fi
else
echo "L'option NTP du DHCP de coovachilli ne peut pas s'activer. En effet le DHCP est 'off' sur ALCASAR"
fi
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
exit 1
;;
esac
 
/scripts/alcasar-dhcp.sh
35,7 → 35,7
RELAY_DHCP_PORT=`grep RELAY_DHCP_PORT $ALCASAR_CONF_FILE|cut -d"=" -f2` # Port de redirection vers le relay DHCP : 67 par défaut
RELAY_DHCP_PORT=${RELAY_DHCP_PORT:=67}
 
usage="Usage: alcasar-dhcp.sh {--on | -on} | {--off | -off}"
usage="Usage: alcasar-dhcp.sh {--on | -on} | {--off | -off} "
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
/web/acc/admin/network.php
36,7 → 36,11
$l_dhcp_state = "Mode actuel";
$l_DHCP_on = "actif";
$l_DHCP_off = "inactif";
$l_chilliNTP_on = "actif";
$l_chilliNTP_off = "inactif";
$l_chilliNTP_explain = "Activer l'option NTP dans les requêtes DHCP de coova-chilli ?<br> si oui, vous devez spécifier l'addresse IP du serveur NTP dans le fichier '/usr/local/etc/alcasar.conf' et changer la valeur de CHILLI_NTP_IP par l'ip de votre serveur NTP. Ensuite rendez le NTP 'actif' et appliquez.";
$l_DHCP_off_explain = "! Avant d'arrêter le serveur DHCP, vous devez renseigner les paramètres d'un serveur externe (cf. documentation).";
$l_DHCP_explain = "Activer le DHCP";
$l_static_dhcp_title = "Réservation d'adresses IP statiques";
$l_mac_address = "Adresse MAC";
$l_ip_address = "Adresse IP";
69,6 → 73,10
$l_DHCP_on = "enabled";
$l_DHCP_off = "disabled";
$l_DHCP_off_explain = "! Before disabling the DHCP server, you must write the extern DHCP parameters in the config file (see Documentation)";
$l_DHCP_explain = "Enable DHCP";
$l_chilliNTP_on = "enabled";
$l_chilliNTP_off = "disabled";
$l_chilliNTP_explain = "Would you like to enable NTP option in DHCP request of coova-chilli?<br> You have to specify IP address of NTP server in this file '/usr/local/etc/alcasar.conf' and change the value of CHILLI_NTP_IP by @IP of NTP server. Then select 'enabled' and 'Apply change'.";
$l_static_dhcp_title = "Static IP addresses reservation";
$l_mac_address = "MAC Address";
$l_ip_address = "IP Address";
90,6 → 98,12
if (isset($_POST['choix'])){$choix=$_POST['choix'];} else {$choix="";}
switch ($choix)
{
case 'chilliNTP_On' :
exec ("sudo /usr/local/bin/alcasar-chilli_ntp.sh -on");
break;
case 'chilliNTP_Off' :
exec ("sudo /usr/local/bin/alcasar-chilli_ntp.sh -off");
break;
case 'DHCP_On' :
exec ("sudo /usr/local/bin/alcasar-dhcp.sh -on");
break;
361,12 → 375,26
$dhcp_state=trim($conf["DHCP"]);
echo "<CENTER><H3>$l_dhcp_state : ${"l_DHCP_".$dhcp_state}</H3></CENTER>";
echo "<FORM action='$_SERVER[PHP_SELF]' method=POST>";
echo "<br><b>$l_DHCP_explain : </b><br>";
echo "<select name='choix'>";
echo "<option value=\"DHCP_Off\" ";if (!strcmp($dhcp_state,"off")) echo "selected";echo ">$l_DHCP_off";
echo "<option value=\"DHCP_On\" ";if (!strcmp($dhcp_state,"on")) echo "selected";echo ">$l_DHCP_on";
echo "</select>";
echo "<input type=submit value='$l_apply'>";
echo "<br>$l_DHCP_off_explain";
 
echo "<br>$l_DHCP_off_explain<br>";
 
//DHCP option NTP (as known as 'option 42') with coovachilli
if (!strcmp($dhcp_state,"on"))
{
$chilliNTP_state=trim($conf["CHILLI_NTP_ENABLED"]);
echo "<br><b>$l_chilliNTP_explain : </b><br>";
echo "<select name='chilliNTP_choix'>";
echo "<option value=\"chilliNTP_Off\" ";if (!strcmp($chilliNTP_state,"off")) echo "selected";echo ">$l_chilliNTP_off";
echo "<option value=\"chilliNTP_On\" ";if (!strcmp($chilliNTP_state,"on")) echo "selected";echo ">$l_chilliNTP_on";
echo "</select>";
}
 
echo "<br><br><input type=submit value='$l_apply'>";
echo "</FORM>";
echo "</td></tr>";
if (strncmp($conf["DHCP"],"on",2) == 0) { require ('network2.php');}
496,3 → 524,4
}
}
?>
 
/web/acc/manager/activity_report/models/Chart.report.js
28,6 → 28,9
XXCOMMENT-BEGINXX
scales: {
yAxes: [{
ticks: {
beginAtZero:true
}
scaleLabel: {
display:
true,
36,13 → 39,6
}
}]
},
scales: {
yAxes: [{
ticks: {
beginAtZero:true
}
}]
}
XXCOMMENT-ENDXX
}
};
/web/status.php
252,6 → 252,49
$a_connection = $l_a_connection." ".$a_connected." ".$l_a_connection_time; }
}
}
//store in a file user @IP who can join this page.
$filename='/tmp/current_users.txt';
//change me avoid duplicate user @IP
$change_me = 1;
 
//check if filename exists
if(file_exists($filename)){
$fichier = fopen($filename, "r");
$content = file($filename);
 
//if file is empty, we put user @IP in it.
if(empty($content))
{
file_put_contents($filename, $_SERVER['REMOTE_ADDR']);
}
else
{
//if we found duplicate IP, it will not write user @IP in filename (set change_me = 0)
foreach($content as $line){
$line = preg_replace('/\s+/', '', $line);
if($line == $_SERVER['REMOTE_ADDR'])
{
$change_me = 0;
}
 
}
 
//if user @IP does not exist, we will write it in filename
if($change_me)
{
file_put_contents($filename, $_SERVER['REMOTE_ADDR'].PHP_EOL , FILE_APPEND);
}
}
 
}
else
{
//we create filename and we put user @IP in it.
file_put_contents($filename, $_SERVER['REMOTE_ADDR'].PHP_EOL);
}
}
}
?>