WebSVN – ALCASAR – Path Comparison – / – /alcasar.sh Rev 3192 and /alcasar.sh Rev 3193

Regard whitespace Rev 3192 → Rev 3193

 /alcasar.sh
 ,8 → 909,6
         [ -e $DIR_SAVE/security/acc_access.log ] || touch $DIR_SAVE/security/acc_access.log
         chown root:apache $DIR_SAVE/security/acc_access.log
         chmod 664 $DIR_SAVE/security/acc_access.log
-# Copy IEEE-MAC-manuf list (origin from sanitized nmac file : see linuxnet.ca)
-    cp $DIR_CONF/nmap-mac-prefixes /usr/local/share/
 } # End of ACC()
 #############################################################
 ,11 → 919,12
 {
 [ -e /etc/ntp.conf.default ] || cp /etc/ntp.conf /etc/ntp.conf.default
 $SED "s?^pool.*?pool fr.pool.ntp.org iburst?g" /etc/ntp.conf
-$SED '$ainterface ignore wildcard' /etc/ntp.conf
-$SED '$ainterface listen lo' /etc/ntp.conf
-$SED '$ainterface listen $INTIF' /etc/ntp.conf
+echo "interface ignore wildcard" >> /etc/ntp.conf
+echo "interface listen lo" >> /etc/ntp.conf
+echo "interface listen $INTIF" >> /etc/ntp.conf
 # Synchronize now
         ntpdate fr.pool.ntp.org &
+sleep 2 # wait for time server responce
 } # End of time_server()
 #####################################################################
 ,7 → 1269,7
 ################################################################
 ##                        "e2guardian"                        ##
-## - Set the parameters of this HTML proxy (as controler)     ##
+## - Set the parameters of this HTTP proxy (as controler)     ##
 ################################################################
 e2guardian()
 {
 ,15 → 1283,18
         [ -e $DIR_DG/e2guardian.conf.default ] || cp $DIR_DG/e2guardian.conf $DIR_DG/e2guardian.conf.default
 # French deny HTML page
         $SED "s?^language =.*?language = 'french'?g" $DIR_DG/e2guardian.conf
+# +++ listen & loop prevention on loopback
+        $SED "s?^#checkip = 127.0.0.1.*?checkip = 127.0.0.1?g" $DIR_DG/e2guardian.conf
 # 2 filtergroups (8080 & 8090)
-        $SED "s?^filtergroups =.*?filtergroups = 2?g" $DIR_DG/e2guardian.conf
-# Listen on 8080 (HTTP for BL users) only on LAN side
-        $SED "s?^filterip =.*?filterip = $PRIVATE_IP?g" $DIR_DG/e2guardian.conf
-        $SED "s?^filterports =.*?filterports = 8080?g" $DIR_DG/e2guardian.conf
-# Listen on 8090 (HTTP for WL/AV users) only on LAN side
-        $SED "/^filterip = $PRIVATE_IP/a filterip = $PRIVATE_IP" $DIR_DG/e2guardian.conf
-        $SED "/^filterports = 8080/a filterports = 8090" $DIR_DG/e2guardian.conf
-# E2guardian doesn't listen transparently on 8443 (HTTPS) (only in future version)
+        $SED "s?^#filtergroups =.*?filtergroups = 2?g" $DIR_DG/e2guardian.conf
+# Listen on LAN only
+        $SED "s?^#filterip =.*?filterip = $PRIVATE_IP?g" $DIR_DG/e2guardian.conf
+# Listen on 8080 (group1 : BL users on HTTP)
+        $SED "s?^#filterports = 8080.*?filterports = 8080?g" $DIR_DG/e2guardian.conf
+# Listen on 8081 (group2 : previously AV users --> to be redefine)
+#       $SED "/^filterip = $PRIVATE_IP/a filterip = $PRIVATE_IP" $DIR_DG/e2guardian.conf
+        $SED "s?^#filterports = 8081.*?filterports = 8081?g" $DIR_DG/e2guardian.conf
+# for now we don't listen transparently on 8443 (HTTPS) (only in future version)
         $SED "s?^transparenthttpsport =.*?#transparenthttpsport = 8443?g" $DIR_DG/e2guardian.conf
 # Don't log
         $SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/e2guardian.conf
 ,15 → 1303,10
 # Enable authport plugin
         $SED "s?^#authplugin = '/etc/e2guardian/authplugins/port.conf'?authplugin = '/etc/e2guardian/authplugins/port.conf'?g" $DIR_DG/e2guardian.conf
         $SED "s?^#mapauthtoports =.*?mapauthtoports = off?g" $DIR_DG/e2guardian.conf
-# Set Max RAM cache to 10Mb
-        $SED "s?^maxcontentramcachescansize =.*?maxcontentramcachescansize = 10240?g" $DIR_DG/e2guardian.conf
-# Set Max file size cache to 20Mb
-        $SED "s?^maxcontentfilecachescansize =.*?maxcontentfilecachescansize = 20480?g" $DIR_DG/e2guardian.conf
-# Adapt the first group conf file
-        [ -e $DIR_DG/e2guardianf1.conf.default ] || cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf1.conf.default
-        $SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/e2guardianf1.conf
-        $SED "s/^groupname =.*/groupname = 'blacklisted users'/g" $DIR_DG/e2guardianf1.conf
-        $SED "s/^#htmltemplate =.*/htmltemplate = 'alcasar-e2g.html'/g" $DIR_DG/e2guardianf1.conf
+        # !!! Set Max RAM cache to 10Mb (for antimalware/EDR)
+        #$SED "s?^maxcontentramcachescansize =.*?maxcontentramcachescansize = 10240?g" $DIR_DG/e2guardian.conf
+        # !!! Set Max file size cache to 20Mb (for antimalware/EDR)
+        #$SED "s?^maxcontentfilecachescansize =.*?maxcontentfilecachescansize = 20480?g" $DIR_DG/e2guardian.conf
 # copy & adapt HTML templates
         cp $DIR_CONF/alcasar-e2g-fr.html /usr/share/e2guardian/languages/french/alcasar-e2g.html
 ,29 → 1314,26
         $SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/french/alcasar-e2g.html
         $SED "s?\/\/[a-z.]*\/?\/\/$HOSTNAME.$DOMAIN\/?g" /usr/share/e2guardian/languages/ukenglish/alcasar-e2g.html
-###### ALCASAR special filtering ####
+###### ALCASAR filtering for group1 (blacklisted_users) ####
+# Adapt group1 conf file
+        [ -e $DIR_DG/e2guardianf1.conf.default ] || cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf1.conf.default
+        $SED "s/^#reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/e2guardianf1.conf
+        $SED "s/^#groupname =.*/groupname = 'blacklisted_users'/g" $DIR_DG/e2guardianf1.conf
+        $SED "s/^#htmltemplate =.*/htmltemplate = 'alcasar-e2g.html'/g" $DIR_DG/e2guardianf1.conf
+        $SED "s/^.Define LISTDIR.*/.Define LISTDIR <$DIR_DG/lists/group1/g" $DIR_DG/e2guardianf1.conf
+        DIR_GROUP1="$DIR_DG/lists/group1"
+        cp -r $DIR_DG/lists/example.group $DIR_GROUP1
+        chown -R e2guardian:root $DIR_GROUP1
 # RAZ bannedphraselist
-        cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
-        $SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (comment what is not)
+        $SED "s?^[^#]?#&?g" $DIR_GROUP1/bannedphraselist # (comment what is not)
 # Disable URL control with regex
-    cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
-        $SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (comment what is not)
-# Replace the default deny HTML page (only fr & uk) --> !!! search why our pages make the server crash...
-#       [ -e /usr/share/e2guardian/languages/french/template.html.default ] || mv /usr/share/e2guardian/languages/french/template.html /usr/share/e2guardian/languages/french/template.html.default
-#       cp -f $DIR_CONF/template-fr.html /usr/share/e2guardian/languages/french/template.html
-#       [ -e /usr/share/e2guardian/languages/ukenglish/template.html.default ] || mv /usr/share/e2guardian/languages/ukenglish/template.html /usr/share/e2guardian/languages/ukenglish/template.html.default
-#       cp -f $DIR_CONF/template.html /usr/share/e2guardian/languages/ukenglish/template.html
+        $SED "s?^[^#]?#&?g" $DIR_GROUP1/bannedregexpurllist # (comment what is not)
 # Dont filtering files by extension or mime-type (empty list)
-        [ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
-        touch $DIR_DG/lists/bannedextensionlist
-        [ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
-        touch $DIR_DG/lists/bannedmimetypelist
-# Empty LAN IP list that won't be WEB filtered
-        [ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
-        touch $DIR_DG/lists/exceptioniplist
+        > $DIR_GROUP1/bannedextensionlist
+        > $DIR_GROUP1/bannedmimetypelist
 # Creation of ALCASAR banned site list
-        [ -e $DIR_DG/lists/greysitelist.default ] || mv $DIR_DG/lists/greysitelist $DIR_DG/lists/greysitelist.default
-        cat <<EOF > $DIR_DG/lists/greysitelist
+        [ -e $DIR_GROUP1/greysitelist.default ] || mv $DIR_GROUP1/greysitelist $DIR_GROUP1/greysitelist.default
+        cat <<EOF > $DIR_GROUP1/greysitelist
 # E2guardian filter config for ALCASAR
 # In ALCASAR E2guardian filters only URLs (domains are filtered with unbound)
 # block all SSL and CONNECT tunnels
 ,32 → 1344,31
 *ip
 EOF
 # Creation of ALCASAR empty banned URLs list (filled later with Toulouse BL --> see BL function)
-        [ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
-        cat <<EOF > $DIR_DG/lists/bannedurllist
-# E2guardian filter config for ALCASAR
+        [ -e $DIR_GROUP1/bannedurllist.default ] || mv $DIR_GROUP1/bannedurllist $DIR_GROUP1/bannedurllist.default
+        cat <<EOF > $DIR_GROUP1/bannedurllist
+# E2guardian URL filter config for ALCASAR
 EOF
 # Creation of files for rehabilited domains and urls
-        [ -e $DIR_DG/lists/exceptionsitelist.default ] || mv $DIR_DG/lists/exceptionsitelist $DIR_DG/lists/exceptionsitelist.default
-        [ -e $DIR_DG/lists/exceptionurllist.default ] || mv $DIR_DG/lists/exceptionurllist $DIR_DG/lists/exceptionurllist.default
-        touch $DIR_DG/lists/exceptionsitelist
-        touch $DIR_DG/lists/exceptionurllist
+        [ -e $DIR_GROUP1/exceptionsitelist.default ] || mv $DIR_GROUP1/exceptionsitelist $DIR_GROUP1/exceptionsitelist.default
+        [ -e $DIR_GROUP1/exceptionurllist.default ] || mv $DIR_GROUP1/exceptionurllist $DIR_GROUP1/exceptionurllist.default
+        touch $DIR_GROUP1/exceptionsitelist
+        touch $DIR_GROUP1/exceptionurllist
 # Add Bing to the safesearch url regext list (parental control)
-        [ -e $DIR_DG/lists/urlregexplist.default ] || cp $DIR_DG/lists/urlregexplist $DIR_DG/lists/urlregexplist.default
-        cat <<EOF >> $DIR_DG/lists/urlregexplist
+        [ -e $DIR_GROUP1/urlregexplist.default ] || cp $DIR_GROUP1/urlregexplist $DIR_GROUP1/urlregexplist.default
+        cat <<EOF >> $DIR_GROUP1/urlregexplist
 # Bing - add 'adlt=strict'
 #"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
 EOF
 # 'Safesearch' regex actualisation
-        $SED "s?images?search?g" $DIR_DG/lists/urlregexplist
+        $SED "s?images?search?g" $DIR_GROUP1/urlregexplist
 # change the google safesearch ("safe=strict" instead of "safe=vss")
-        $SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
+        $SED "s?safe=vss?safe=strict?g" $DIR_GROUP1/urlregexplist
-# Create & adapt the second group conf file (av + av_wl)
+# Create & adapt group2 conf file (av + av_wl)
         cp $DIR_DG/e2guardianf1.conf.default $DIR_DG/e2guardianf2.conf
         $SED "s?^reportinglevel =.*?reportinglevel = 3?g" $DIR_DG/e2guardianf2.conf
         $SED "s?^groupname =.*?groupname = 'antimalware + whitelested users'?g" $DIR_DG/e2guardianf2.conf
-        $SED "s?^urllist = 'name=banned,messageno=501,path=/etc/e2guardian/lists/bannedurllist'?urllist = 'name=banned,messageno=501,path=/etc/e2guardian/lists/bannedurllist.default'?g" $DIR_DG/e2guardianf2.conf # no banned urls
+        $SED "s?^urllist = 'name=banned,messageno=501,path=__LISTEN__/bannedurllist'?urllist = 'name=banned,messageno=501,path=__LISTEN__/bannedurllist.default'?g" $DIR_DG/e2guardianf2.conf # no banned urls
 # create log folder
     mkdir -p /var/log/e2guardian

Subversion Repositories ALCASAR

Compare Revisions

Regard whitespace Rev 3192 → Rev 3193