Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1376 → Rev 1377

/scripts/sbin/alcasar-bl.sh
23,13 → 23,17
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" #' ' WL '
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" # ' ' BL enabled categories
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled" # ' ' WL enabled categories
OSSI_DOMAINS_WL="$DIR_DG/blacklists/ossi/domains_wl" # Domain names for the ossi category
DIR_SHARE="/usr/local/share"
DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl" # all the BL in the DNSMASQ format
DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl" # all the WL ' ' '
DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL
DIR_IP_WL="$DIR_SHARE/iptables-wl" # all the IP addresses of the WL
OSSI_WL_IP="$DIR_IP_WL/ossi" # all the IP addresses of the WL ossi category
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the domains BL (only enabled categories)
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' ' '
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories)
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories)
DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled" # ' ' ip WL (only enabled categories)
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf" # conf file of dnsmasq-blacklist
DNS1=`grep "DNS1" $CONF_FILE | cut -d '=' -f 2` # server DNS1 (for WL domain names)
BL_SERVER="dsi.ut-capitole.fr"
39,12 → 43,13
function cat_choice (){
# saving ip files and ossi category
mkdir $DIR_tmp
cp $DIR_IP_BL_ENABLED/ossi-* $DIR_tmp
cp $DIR_IP_BL/ossi $DIR_tmp
rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED # cleaning for dnsmasq and iptables
rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED # cleaning for dnsmasq and iptables
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG
$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines)
mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED
chown apache $DIR_IP_BL_ENABLED
mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED
chown apache $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED
# process the file $BL_CATEGORIES with the choice of categories
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
do
63,12 → 68,14
$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES
ln -s $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE
ln -s $DIR_IP_WL/$ENABLE_CATEGORIE $DIR_IP_WL_ENABLED/$ENABLE_CATEGORIE
done
sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp
mv $FILE_tmp $WL_CATEGORIES
# restoring ip files and ossi category
mv $DIR_tmp/ossi $DIR_IP_BL
chown apache $DIR_IP_BL/*
chown apache $DIR_IP_BL/ossi
mv $DIR_tmp/ossi-* $DIR_IP_BL_ENABLED
rm -rf $DIR_tmp
}
function bl_enable (){
77,6 → 84,8
then
service dansguardian restart
service dnsmasq restart
service dnsmasq-blacklist restart
service dnsmasq-whitelist restart
/usr/local/bin/alcasar-iptables.sh
fi
}
90,10 → 99,73
then
service dansguardian restart
service dnsmasq restart
service dnsmasq-blacklist restart
service dnsmasq-whitelist restart
/usr/local/bin/alcasar-iptables.sh
fi
}
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload }"
function ip_retrieving (){
# retrieving IPs of all domain names for the whitelist
index=0
if [ ! -d $DIR_IP_WL ]
then
mkdir $DIR_IP_WL
else
rm -rf $DIR_IP_WL/*
fi
echo "Retrieving IPs :"
cd $DIR_DNS_WL
for category in `ls | cut -d '.' -f 1`
do
echo -n "$category :"
for domain in `cat $category.conf | cut -d '/' -f 2`
do
echo `host $domain | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}'` >> $DIR_IP_WL/$category.tmp &
((index++))
echo -n "."
if [ $index -eq 100 ]
then
index=0
sleep 1
fi
done
done
echo "done"
sleep 2
cd $DIR_IP_WL
for category in `ls`
do
# one IP per line
$SED 's/ /\n/g' $category
# add SET syntax
$SED 's/^/add whitelist_ip_allowed /g' $category
# delete empty lines
$SED '/^$/d' $category
# delete false entries
$SED -r '/([0-9]{1,3}.){3}[0-9]{1,3}/!d' $category
# delete duplicate lines
sort -u $category > ${category%%.*}
done
rm -f *.tmp
}
function ip_retrieving_ossi (){
# retrieving IPs of all domain names for the ossi category
> $OSSI_WL_IP
for domain in `cat $OSSI_DOMAINS_WL`
do
echo `host $domain | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}'` >> $OSSI_WL_IP &
done
sleep 2
# one IP per line
$SED 's/ /\n/g' $OSSI_WL_IP
# add SET syntax
$SED 's/^/add whitelist_ip_allowed /g' $OSSI_WL_IP
# delete empty lines
$SED '/^$/d' $OSSI_WL_IP
# delete false entries
$SED -r '/([0-9]{1,3}.){3}[0-9]{1,3}/!d' $OSSI_WL_IP
}
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload } | { -ip_retrieving or --ip_retrieving } | { -ip_retrieving_ossi or --ip_retrieving_ossi }"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
184,8 → 256,8
fi
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors
# retrieve the ip addresses for iptables
# create an set save for the selected category
# retrieving ip addresses for iptables
# create a set save for the selected category
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add blacklist_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp
# for dnsmask, remove IP addesses, accented characters and commented lines.
egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp
229,6 → 301,14
cp -f $DIR_DG_BL/ossi/domains_wl $DIR_DNS_WL/ossi.conf
bl_enable
;;
# retrieving IPs of all domain names for the whitelist
-ip_retrieving | --ip_retrieving)
ip_retrieving
;;
# retrieving IPs of all domain names for the whitelist ossi category
-ip_retrieving_ossi | --ip_retrieving_ossi)
ip_retrieving_ossi
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
/scripts/sbin/alcasar-bypass.sh
33,8 → 33,8
ifup eth1
sh /usr/local/bin/alcasar-iptables-bypass.sh
echo "Configure dnsmasq ..."
$SED "s?^conf-dir=.*?#&?g" /etc/dnsmasq-blackhole.conf
$SED "s?^no-dhcp-interface=.*?#&?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf
$SED "s?^conf-dir=.*?#&?g" /etc/dnsmasq-blacklist.conf
$SED "s?^no-dhcp-interface=.*?#&?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf
/etc/init.d/dnsmasq start
echo "Le contournement des modules d'authentification de filtrage est activé"
echo "les journaux de connexions continuent néanmoins d'être enregistrés"
43,8 → 43,8
# désactivation du contournement
if (pgrep dnsmasq) > /dev/null ; then /etc/init.d/dnsmasq stop ; fi
echo "Configure dnsmasq ..."
$SED "s?^#conf-dir=.*?conf-dir=/usr/local/share/dnsmasq-bl-enabled?g" /etc/dnsmasq-blackhole.conf
$SED "s?^#no-dhcp-interface=.*?no-dhcp-interface=eth1?g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf
$SED "s?^#conf-dir=.*?conf-dir=/usr/local/share/dnsmasq-bl-enabled?g" /etc/dnsmasq-blacklist.conf
$SED "s?^#no-dhcp-interface=.*?no-dhcp-interface=eth1?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf
rm -f /etc/sysconfig/network-scripts/ifcfg-eth1
for i in chilli dansguardian havp mysqld radiusd httpd freshclam dnsmasq squid
do
/scripts/sbin/alcasar-havp.sh
14,7 → 14,6
$SED "s/^cache_peer.*/#cache_peer 127\.0\.0\.1 parent 8090 0 no-query default/g" /etc/squid/squid.conf
$SED "s/^never_direct.*/#never_direct allow all/g" /etc/squid/squid.conf
$SED "s/^WEB_ANTIVIRUS=.*/WEB_ANTIVIRUS=off/g" /usr/local/etc/alcasar.conf
service squid reload
service havp stop
}
function av_enable (){
21,7 → 20,6
$SED "s/^#cache_peer.*/cache_peer 127\.0\.0\.1 parent 8090 0 no-query default/g" /etc/squid/squid.conf
$SED "s/^#never_direct.*/never_direct allow all/g" /etc/squid/squid.conf
$SED "s/^WEB_ANTIVIRUS=.*/WEB_ANTIVIRUS=on/g" /usr/local/etc/alcasar.conf
service squid reload
service havp start
}
usage="Usage: alcasar-havp.sh {--on or -on} | {--off or -off} | {--update or -update}"
/scripts/sbin/alcasar-url_filter.sh
10,7 → 10,7
# Enable / disable : filter of urls containing ip address instead of domain name
 
DIR_DG="/etc/dansguardian/lists"
DNSMASQ_BL_CONF="/etc/dnsmasq-blackhole.conf"
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf"
CONF_FILE="/usr/local/etc/alcasar.conf"
SED="/bin/sed -i"
safesearch="Off"