/scripts/sbin/alcasar-url_filter.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/sbin/alcasar-logout.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/sbin/alcasar-uninstall.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/sbin/alcasar-profil.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/sbin/alcasar-dns-local.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-native |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
/scripts/sbin/alcasar-load_balancing.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/sbin/alcasar-bl.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/sbin/alcasar-dhcp.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/sbin/alcasar-bypass.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/sbin/alcasar-https.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/sbin/alcasar-rpm-download.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/sbin/alcasar-nf.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/sbin/alcasar-certificates.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
/scripts/sbin/alcasar-version.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/sbin/alcasar-mysql.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/alcasar-archive.sh |
---|
96,7 → 96,7 |
# make an archive |
archive |
# Saving of the database |
/usr/local/sbin/alcasar-mysql.sh --dump |
/usr/local/bin/alcasar-mysql.sh --dump |
# Encryption of the archive |
if [ -e /tmp/$FILE ]; then |
if [ $CRYPT -eq "1" ]; then |
127,7 → 127,7 |
cd /var/log/nfsen/profiles-data/live/alcasar_netflow |
find . -mtime -$gap -name 'nfcapd.[0-9]*' | xargs tar -cf /tmp/live/traceability-ALL-$NOW.tar; |
# Saving of the database |
/usr/local/sbin/alcasar-mysql.sh --dump |
/usr/local/bin/alcasar-mysql.sh --dump |
mv $(echo $(ls -rt $DIR_BASE/alcasar-users-database-*.sql.gz | tail -n 1 -)) /tmp/live/ |
cp /var/log/firewall/traceability.log /tmp/live/traceability-HTTP-$NOW.log |
tar -czf $DIR_ARCHIVE/traceability-$NOW.tar.gz /tmp/live/* |
/scripts/alcasar-bl.sh |
---|
0,0 → 1,240 |
#/bin/bash |
# $Id$ |
# alcasar-bl.sh |
# by Franck BOUIJOUX and Richard REY |
# This script is distributed under the Gnu General Public License (GPL) |
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian) |
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian) |
DIR_CONF="/usr/local/etc" |
CONF_FILE="$DIR_CONF/alcasar.conf" |
private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2` |
private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
DIR_tmp="/tmp/blacklists" |
FILE_tmp="/tmp/filesfilter.txt" |
FILE_ip_tmp="/tmp/filesipfilter.txt" |
DIR_DG="/etc/dansguardian/lists" |
DIR_DG_BL="$DIR_DG/blacklists" |
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories |
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" #' ' WL ' |
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" # ' ' BL enabled categories |
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled" # ' ' WL enabled categories |
OSSI_DOMAINS_WL="$DIR_DG/blacklists/ossi/domains_wl" # Domain names for the ossi category |
DIR_SHARE="/usr/local/share" |
DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl" # all the BL in the DNSMASQ format |
DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl" # all the WL ' ' ' |
DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL |
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the domains BL (only enabled categories) |
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' ' ' |
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories) |
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf" # conf file of dnsmasq-blacklist |
DNS1=`grep "DNS1" $CONF_FILE | cut -d '=' -f 2` # server DNS1 (for WL domain names) |
BL_SERVER="dsi.ut-capitole.fr" |
SED="/bin/sed -i" |
# enable/disable the BL & WL categories |
function cat_choice (){ |
# saving ossi category |
mkdir $DIR_tmp |
cp $DIR_IP_BL/ossi $DIR_tmp |
if [ -d $DIR_IP_BL_ENABLED ] |
then |
for file in `ls -1 $DIR_IP_BL_ENABLED | grep -v "^ossi-*"` |
do |
rm -f $DIR_IP_BL_ENABLED/$file |
done |
else |
mkdir $DIR_IP_BL_ENABLED |
chown apache $DIR_IP_BL_ENABLED |
fi |
if [ -d $DIR_DNS_BL_ENABLED ] |
then |
for file in `ls -1 $DIR_DNS_BL_ENABLED | grep -v "^ossi-*"` |
do |
rm -f $DIR_DNS_BL_ENABLED/$file |
done |
else |
mkdir $DIR_DNS_BL_ENABLED |
chown apache $DIR_DNS_BL_ENABLED |
fi |
rm -rf $DIR_DNS_WL_ENABLED # cleaning for dnsmasq and iptables |
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG |
$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines) |
mkdir $DIR_DNS_WL_ENABLED |
# process the file $BL_CATEGORIES with the choice of categories |
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` |
do |
$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES |
ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE |
ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE |
# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # Blacklisted domains are managed by dnsmasq |
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist |
done |
sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp |
mv $FILE_tmp $BL_CATEGORIES |
# process the file $WL_CATEGORIES with the choice of categories |
for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED` |
do |
$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES |
$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES |
ln -sf $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE |
done |
sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp |
mv $FILE_tmp $WL_CATEGORIES |
# restoring ip files and ossi category |
mv $DIR_tmp/ossi $DIR_IP_BL |
chown apache $DIR_IP_BL/ossi |
rm -rf $DIR_tmp |
} |
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload }" |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
args="-h" |
fi |
case $args in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
# Retrieve Toulouse BL |
-download | --download) |
rm -rf /tmp/con_ok.html |
`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html` |
if [ ! -e /tmp/con_ok.html ] |
then |
echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable" |
else |
rm -rf /tmp/con_ok.html $DIR_tmp |
mkdir $DIR_tmp |
wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz |
md5sum $DIR_tmp/blacklists.tar.gz | cut -d" " -f1 > $DIR_tmp/md5sum |
chown -R apache:apache $DIR_tmp |
fi |
;; |
# enable/disable categories (used only during the alcasar install process) |
-cat_choice | --cat_choice) |
cat_choice |
;; |
# Adapt Toulouse BL to ALCASAR architecture (dnsmasq + DG + iptables) |
-adapt | --adapt) |
echo -n "Toulouse BlackList migration process. Please wait : " |
if [ ! -e $DIR_SHARE/ossi-ip-wl ] |
then |
touch $DIR_SHARE/ossi-ip-wl |
chown apache $DIR_SHARE/ossi-ip-wl |
fi |
if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL |
then |
[ -d $DIR_DG_BL/ossi ] && mv $DIR_DG_BL/ossi $DIR_tmp |
[ -e $DIR_IP_BL/ossi ] && mv $DIR_IP_BL/ossi $DIR_tmp/ossi-ip-bl |
rm -rf $DIR_DG_BL $DIR_IP_BL |
mkdir $DIR_DG_BL $DIR_IP_BL |
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/ |
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/ |
fi |
rm -f $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED |
rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL |
touch $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED |
mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL |
chown -R dansguardian:apache $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED |
chmod -R g+w $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED |
find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist |
$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix |
for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files |
do |
categorie=`echo $dir_categorie|cut -d "/" -f6` |
categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie $DIR_DG_BL/global_usage | grep ^DEFAULT_TYPE | cut -d":" -f2 | tr -d " \t"` |
if [ "$categorie_type" == "white" ] |
then |
echo "$dir_categorie" >> $WL_CATEGORIES |
echo `basename $dir_categorie` >> $WL_CATEGORIES_ENABLED # by default all WL are enabled |
fi |
echo "$dir_categorie" >> $BL_CATEGORIES # By default all categories are in BL |
done |
rm -f $FILE_tmp |
# Verify that the enabled categories are effectively in the BL (need after an update of the BL) |
for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` |
do |
ok=`grep /$ENABLE_CATEGORIE$ $BL_CATEGORIES|wc -l` |
if [ $ok != "1" ] |
then |
$SED "/^$ENABLE_CATEGORIE$/d" $BL_CATEGORIES_ENABLED |
fi |
done |
# Creation of DNSMASQ and Iptables BL and WL |
for LIST in $BL_CATEGORIES $WL_CATEGORIES # for each list (bl and wl) |
do |
for PATH_FILE in `cat $LIST` # for each category |
do |
DOMAINE=`basename $PATH_FILE` |
echo -n "$DOMAINE, " |
if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist |
then |
touch $PATH_FILE/urls |
chown dansguardian:apache $PATH_FILE/urls |
fi |
$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors |
# extract ip addresses for iptables |
awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add blacklist_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp |
# for dnsmask, remove IP addesses, accented characters and commented lines. |
egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp |
$SED "/[äâëêïîöôüû]/d" $FILE_tmp |
$SED "/^#.*/d" $FILE_tmp |
if [ "$LIST" == "$BL_CATEGORIES" ] |
then |
# adapt to the dnsmasq syntax for the blacklist |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf |
mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE |
else |
# adapt to the dnsmasq syntax for the whitelist |
$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp |
mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf |
fi |
done |
done |
rm -f $FILE_tmp $FILE_ip_tmp |
# Restoring ossi file of BL IP |
[ -e $DIR_tmp/ossi-ip-bl ] && mv $DIR_tmp/ossi-ip-bl $DIR_IP_BL/ossi |
rm -rf $DIR_tmp |
echo |
;; |
# reload when categories are changed |
-reload | --reload) |
# for DG |
chown -R dansguardian:apache $DIR_DG_BL/ossi |
chmod -R g+w $DIR_DG_BL/ossi |
cat_choice |
# for dnsmasq (rehabited domain names) |
if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ] |
then |
for i in `cat $DIR_DG/exceptionsitelist` |
do |
$SED "/$i/d" $DIR_DNS_BL/* |
done |
fi |
cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_BL/ossi.conf |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_BL/ossi.conf |
cp -f $OSSI_DOMAINS_WL $DIR_DNS_WL/ossi.conf |
$SED "s?.*?server=/&/$DNS1?g" $DIR_DNS_WL/ossi.conf |
ln -s $DIR_DNS_WL/ossi.conf $DIR_DNS_WL_ENABLED/ossi |
/usr/bin/systemctl restart dnsmasq-blacklist |
/usr/bin/systemctl restart dnsmasq-whitelist |
/usr/local/bin/alcasar-iptables.sh |
;; |
*) |
echo "Argument inconnu :$1"; |
echo "$usage" |
exit 1 |
;; |
esac |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/scripts/alcasar-bypass.sh |
---|
0,0 → 1,69 |
#!/bin/bash |
# $Id$ |
# alcasar-bypass.sh |
# by 3abtux and Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# activation / désactivation du contournement de l'authentification et du filtrage WEB |
# enable / disable the bypass of authenticate process and filtering |
usage="Usage: alcasar-bypass.sh {--on or -on } | {--off or -off}" |
SED="/bin/sed -i" |
CONF_FILE="/usr/local/etc/alcasar.conf" |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
nb_args=1 |
args="-h" |
fi |
case $args in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
--on | -on) |
/usr/local/bin/alcasar-logout.sh all |
/usr/bin/systemctl stop chilli |
cp -f /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF /etc/sysconfig/network-scripts/ifcfg-$INTIF |
ifup $INTIF |
sh /usr/local/bin/alcasar-iptables-bypass.sh |
DHCP=`grep ^DHCP= $CONF_FILE|cut -d"=" -f2` |
if [ $DHCP != off ] |
then |
$SED "s?^#route.*?&?g" /etc/dnsmasq.conf # dnsmasq become the DHCP server |
$SED "s?^no-dhcp-interface.*?#&?g" /etc/dnsmasq.conf # |
/usr/bin/systemctl restart dnsmasq |
fi |
rm -f /etc/cron.d/alcasar-daemon-watchdog # don't restart daemons (specially coova) |
echo "ALCASAR est en mode 'bypass'" |
echo "ALCASAR is in 'bypass' mode" |
;; |
--off | -off) |
cp -f /etc/sysconfig/network-scripts/default-ifcfg-$INTIF /etc/sysconfig/network-scripts/ifcfg-$INTIF |
ifup $INTIF |
$SED "s?^route.*?#&?g" /etc/dnsmasq.conf # |
$SED "s?^#no-dhcp-interface=$INTIF?no-dhcp-interface=$INTIF?g" /etc/dnsmasq.conf |
$SED "s?^#no-dhcp-interface=tun0?no-dhcp-interface=tun0?g" /etc/dnsmasq.conf |
$SED "s?^#no-dhcp-interface=lo?no-dhcp-interface=lo?g" /etc/dnsmasq.conf |
/usr/bin/systemctl restart dnsmasq |
/usr/bin/systemctl start chilli |
sh /usr/local/bin/alcasar-iptables.sh |
# activation of the "daemon-watchdog" every 18' |
cat << EOF > /etc/cron.d/alcasar-daemon-watchdog |
# activation du "chien de garde" (daemon-watchdog) toutes les 18' |
*/18 * * * * root /usr/local/bin/alcasar-daemon.sh > /dev/null 2>&1 |
EOF |
echo "L'authentification et le filtrage sont actifs" |
echo "Authentication and filtering system are enabled" |
;; |
*) |
echo "Argument inconnu :$1"; |
echo "$usage" |
exit 1 |
;; |
esac |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/scripts/alcasar-certificates.sh |
---|
0,0 → 1,115 |
#!/bin/sh |
# Id: $Id$ |
# alcasar-certificates.sh |
# by Franck BOUIJOUX and REXY |
# This script is distributed under the Gnu General Public License (GPL) |
# Script permettant |
# - d'exporter les certificats d'un serveur pour les transposer sur un autre. |
# This script allows |
# - export certificates server to move them. |
DIR_EXPORT="/root/Certificats" |
DIR_PKI="/etc/pki" |
DIR_SAVE="/root/PKI_SAVE" |
DIR_IMPORT="/root/Certificats" |
usage="Usage: alcasar-certificates.sh {--export or -x} | {--import or -i <FileOfCertificate.tar.gz>} " |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
nb_args=1 |
args="-h" |
fi |
NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment |
FILE="certificates-$NOW" |
DIR_SAVE=$DIR_SAVE-$NOW |
# Function of export |
function certs_export() { |
# Export of CA Certificate |
cd /root |
tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key} |
# Export of server Certificate |
tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt} |
gzip $FILE.tar |
echo "Le ficher des certificats exportés est : $FILE.tar.gz" |
} # end function export |
function archive() { |
# Sauvegarde de la pki actuelle |
[ -d $DIR_SAVE ] || mkdir $DIR_SAVE |
# Save of CA Certificate |
cd $DIR_PKI/CA/ |
cp alcasar-ca.crt $DIR_SAVE/. |
cp private/alcasar-ca.key $DIR_SAVE/. |
# Save of server Certificate |
cd $DIR_PKI/tls |
cp certs/alcasar.crt $DIR_SAVE/. |
cp private/alcasar.key $DIR_SAVE/. |
cp certs/server-chain.crt $DIR_SAVE/. |
} # end function archive |
function import() { |
echo "Would you like to Import New Certificates in ALCASAR ?" |
read response |
if [ $response = "y" ] || [ $response = "o" ] || [ $response = "Y" ] || [ $response = "O" ] |
then |
[ -d $DIR_IMPORT ] || mkdir $DIR_IMPORT |
rm -rf $DIR_IMPORT/* |
# Import of CA Certificate |
tar xzvf $1 --directory=$DIR_IMPORT |
echo "Import new certificates in ALCASAR !!!" |
cp -r $DIR_IMPORT/* /. |
chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key} |
chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt} |
# Service apache restart |
service httpd restart |
else |
echo "You are not import new certificates !!!" |
exit 0 |
fi |
} # end import |
# Core script |
case $args in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
--export | -x) |
archive |
certs_export |
;; |
--import | -i) |
nb_args=$# |
if [ $nb_args -eq 1 ] |
then |
echo "Il faut passer un fichier de certificat en paramètre !!!" |
exit 0 |
fi |
import $2 |
;; |
*) |
echo "Unknown argument :$1"; |
echo "$usage" |
exit 1 |
;; |
esac |
exit 0 |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
/scripts/alcasar-conf.sh |
---|
19,7 → 19,6 |
DIR_UPDATE="/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour |
DIR_WEB="/var/www/html" # répertoire du centre de gestion |
DIR_BIN="/usr/local/bin" # répertoire des scripts d'admin |
DIR_SBIN="/usr/local/sbin" # répertoire des scripts d'admin |
DIR_ETC="/usr/local/etc" # répertoire des fichiers de conf |
CONF_FILE="$DIR_ETC/alcasar.conf" # main alcasar conf file |
VERSION="/var/www/html/VERSION" # contient la version en cours |
69,7 → 68,7 |
[ -d $DIR_UPDATE ] && rm -rf $DIR_UPDATE |
mkdir $DIR_UPDATE |
# backup the users database |
$DIR_SBIN/alcasar-mysql.sh -dump |
$DIR_BIN/alcasar-mysql.sh -dump |
cp /var/Save/base/`ls -1t /var/Save/base|head -1` $DIR_UPDATE |
# backup the logo |
cp -f $DIR_WEB/images/organisme.png $DIR_UPDATE |
138,14 → 137,14 |
# Adapt DNS/URL filtering |
PARENT_SCRIPT=`basename $0` |
export PARENT_SCRIPT |
$DIR_SBIN/alcasar-bl.sh -adapt |
$DIR_SBIN/alcasar-bl.sh -reload |
$DIR_BIN/alcasar-bl.sh -adapt |
$DIR_BIN/alcasar-bl.sh -reload |
# retrieve dnsmasq general config file |
[ -e $DIR_UPDATE/dnsmasq ] && cp -f $DIR_UPDATE/dnsmasq /etc/sysconfig/dnsmasq \ |
&& chown root.root /etc/sysconfig/dnsmasq \ |
&& chmod 644 /etc/sysconfig/dnsmasq |
# admin profile update (admin + manager + backup) |
$DIR_SBIN/alcasar-profil.sh --list |
$DIR_BIN/alcasar-profil.sh --list |
# Start / Stop SSH Daemon |
ssh_active=`grep SSH= $CONF_FILE|cut -d"=" -f2` |
if [ $ssh_active = "on" ] |
221,23 → 220,24 |
then |
if [ $DHCP_mode = "off" ] |
then |
$DIR_SBIN/alcasar-dhcp.sh --off |
$DIR_BIN/alcasar-dhcp.sh --off |
fi |
# Implementation of the local DNS |
$DIR_SBIN/alcasar-dns-local.sh --$INT_DNS_active |
$DIR_BIN/alcasar-dns-local.sh --$INT_DNS_active |
# Implementation of the authentification LDAP |
# $DIR_SBIN/alcasar-ldap.sh --$INT_LDAP_active |
# $DIR_BIN/alcasar-ldap.sh --$INT_LDAP_active |
# Logout everybody |
$DIR_SBIN/alcasar-logout.sh all |
$DIR_BIN/alcasar-logout.sh all |
# Services stop |
echo -n "Stop services : " |
for i in ntpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist chilli network httpd |
for i in ntpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist chilli network |
do |
/usr/bin/systemctl stop $i && echo -n "$i, " |
done |
/usr/bin/kill -s SIGSTOP $(pidof httpd) |
echo |
fi |
330,13 → 330,15 |
then |
# Services start |
/usr/bin/systemctl start network && echo -n "Start service : network" && sleep 1 |
$DIR_SBIN/alcasar-dhcp.sh -$DHCP_mode && echo -n ", coova" # apply DHCP mode and start coova |
for i in dnsmasq tinyproxy ntpd httpd |
$DIR_BIN/alcasar-dhcp.sh -$DHCP_mode && echo -n ", coova" # apply DHCP mode and start coova |
for i in dnsmasq tinyproxy ntpd |
do |
sleep 1 |
/usr/bin/systemctl start $i && echo -n ", $i" |
done |
$DIR_SBIN/alcasar-bl.sh -reload && echo ", dnsmasq-blacklist, dnsmasq-whitelist, iptables" |
$DIR_BIN/alcasar-bl.sh -reload && echo ", dnsmasq-blacklist, dnsmasq-whitelist, iptables," |
/usr/bin/kill -s SIGCONT $(pidof httpd) |
/usr/bin/systemctl reload httpd && echo -n ", httpd" |
fi |
# Start / Stop SSH Daemon |
ssh_active=`grep SSH= $CONF_FILE|cut -d"=" -f2` |
/scripts/alcasar-dhcp.sh |
---|
0,0 → 1,90 |
#/bin/bash |
# $Id$ |
# alcasar-dhcp.sh |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# active ou desactive le service DHCP sur le réseau de consultation |
# enable or disable the DHCP service on consultation LAN |
SED="/bin/sed -i" |
CHILLI_CONF_FILE="/etc/chilli.conf" |
ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf" |
DNSMASQ_CONF_FILE="/etc/dnsmasq.conf" |
# define DHCP parameters (LAN side) |
PRIVATE_IP_MASK=`grep PRIVATE_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` |
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24) |
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24 |
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # ie.: 2=classe B, 3=classe C |
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255) |
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address |
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast |
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1) |
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254) |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX |
EXT_DHCP_IP=`grep EXT_DHCP_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse du serveur DHCP externe |
RELAY_DHCP_IP=`grep RELAY_DHCP_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse de l'agent Relay : IP interne (défaut 192.168.182.1) dans le cas de DHCP dans le LAN de consultation |
RELAY_DHCP_IP=${RELAY_DHCP_IP:=$PRIVATE_IP} # IP externe (défaut x.y.z.t) dans le cas de DHCP du côté WAN |
RELAY_DHCP_PORT=`grep RELAY_DHCP_PORT $ALCASAR_CONF_FILE|cut -d"=" -f2` # Port de redirection vers le relay DHCP : 67 par défaut |
RELAY_DHCP_PORT=${RELAY_DHCP_PORT:=67} |
usage="Usage: alcasar-dhcp.sh {--on | -on} | {--off | -off}" |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
echo "$usage" |
exit 1 |
fi |
case $args in |
-\? | -h | --h) |
echo "$usage" |
exit 0 |
;; |
--off|-off) # disable DHCP service |
$SED "s?.*statip.*?statip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
$SED "s?^#nodynip.*?nodynip?g" $CHILLI_CONF_FILE |
$SED "s?^dynip.*?#dynip?g" $CHILLI_CONF_FILE |
$SED "s?^#dynip.*?#dynip?g" $CHILLI_CONF_FILE |
$SED "s?^DHCP.*?DHCP=off?g" $ALCASAR_CONF_FILE |
if [ "$EXT_DHCP_IP" != "none" ] |
then |
$SED "s?.*dhcpgateway\t.*?dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcprelayagent.*?dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgatewayport.*?dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
else |
$SED "s?.*dhcpgateway\t.*?#dhcpgateway\t\t$EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?.*dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
fi |
/usr/bin/systemctl restart chilli |
;; |
--on|-on) # enable DHCP service on all range of IP addresses |
$SED "s?^.*statip.*?#statip?g" $CHILLI_CONF_FILE |
$SED "s?^nodynip.*?#nodynip?g" $CHILLI_CONF_FILE |
$SED "s?^DHCP.*?DHCP=on?g" $ALCASAR_CONF_FILE |
$SED "s?^dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
$SED "s?^#dynip.*?dynip\t\t$PRIVATE_NETWORK_MASK?g" $CHILLI_CONF_FILE |
$SED "s?^dhcp_range.*?dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h?g" $DNSMASQ_CONF_FILE |
$SED "s?^dhcpgateway\t.*?#dhcpgateway\t\t $EXT_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcprelayagent.*?#dhcprelayagent\t\t$RELAY_DHCP_IP?g" $CHILLI_CONF_FILE |
$SED "s?^dhcpgatewayport.*?#dhcpgatewayport\t\t$RELAY_DHCP_PORT?g" $CHILLI_CONF_FILE |
$SED "s?^EXT_DHCP_IP.*?EXT_DHCP_IP=$EXT_DHCP_IP?g" $ALCASAR_CONF_FILE |
$SED "s?^RELAY_DHCP_IP.*?RELAY_DHCP_IP=$RELAY_DHCP_IP?g" $ALCASAR_CONF_FILE |
$SED "s?^RELAY_DHCP_PORT.*?RELAY_DHCP_PORT=$RELAY_DHCP_PORT?g" $ALCASAR_CONF_FILE |
/usr/bin/systemctl restart chilli |
;; |
*) |
echo "Argument inconnu :$1"; |
echo "$usage" |
exit 1 |
;; |
esac |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/scripts/alcasar-dns-local.sh |
---|
0,0 → 1,63 |
#/bin/bash |
# $Id: alcasar-dhcp.sh 1484 2014-11-11 23:14:36Z richard $ |
# alcasar-dns-interne.sh |
# by Rexy - 3abtux |
# This script is distributed under the Gnu General Public License (GPL) |
# active ou desactive la redirection du service DNS sur le réseau de consultation |
# enable or disable the redirector of internal DNS service on consultation LAN |
SED="/bin/sed -i" |
ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf" |
DNSMASQ_CONF_FILE="/etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf" |
DNSMASQ_CONF_LOCAL_FILE="/usr/local/etc/alcasar-dns-name" |
# define DNS parameters (LAN side) |
INT_DNS_DOMAIN=`grep INT_DNS_DOMAIN $ALCASAR_CONF_FILE|cut -d"=" -f2` # Nom du domaine DNS interne |
INT_DNS_IP=`grep INT_DNS_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse du serveur DNS interne |
INT_DNS_ACTIVE=`grep INT_DNS_ACTIVE $ALCASAR_CONF_FILE|cut -d"=" -f2` # Activation de la redirection DNS interne |
usage="Usage: alcasar-dns-interne.sh {--on | -on} | {--off | -off}" |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
echo "$usage" |
exit 1 |
fi |
case $args in |
-\? | -h | --h) |
echo "$usage" |
exit 0 |
;; |
--off|-off) # disable DNS redirector |
$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE |
$SED "s?^server.*?#&?g" $DNSMASQ_CONF_LOCAL_FILE |
$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=off?g" $ALCASAR_CONF_FILE |
/usr/bin/systemctl restart dnsmasq |
/usr/bin/systemctl restart dnsmasq-blacklist |
/usr/bin/systemctl restart dnsmasq-blackhole |
/usr/bin/systemctl restart dnsmasq-whitelist |
;; |
--on|-on) # enable DHCP service on all range of IP addresses |
$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE |
$SED "s?^server=/.*?server=/$INT_DNS_DOMAIN/$INT_DNS_IP?g" $DNSMASQ_CONF_LOCAL_FILE |
$SED "s?^#server=/.*?server=/$INT_DNS_DOMAIN/$INT_DNS_IP?g" $DNSMASQ_CONF_LOCAL_FILE |
$SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=on?g" $ALCASAR_CONF_FILE |
/usr/bin/systemctl restart dnsmasq |
/usr/bin/systemctl restart dnsmasq-blacklist |
/usr/bin/systemctl restart dnsmasq-blackhole |
/usr/bin/systemctl restart dnsmasq-whitelist |
;; |
*) |
echo "Argument inconnu :$1"; |
echo "$usage" |
exit 1 |
;; |
esac |
Property changes: |
Added: svn:eol-style |
+native |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
/scripts/alcasar-https.sh |
---|
0,0 → 1,44 |
#/bin/bash |
# $Id$ |
# alcasar-dhcp.sh |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# active ou désactive le chiffrement sur les flux d'authentification |
# enable or disable encryption on authentication flows |
SED="/bin/sed -i" |
CHILLI_CONF_FILE="/etc/chilli.conf" |
INTERCEPT_FILE="/var/www/html/intercept.php" |
usage="Usage: alcasar-https.sh {--on | -on} | {--off | -off}" |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
echo "$usage" |
exit 1 |
fi |
case $args in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
--off|-off) # disable HTTPS |
$SED "/# If https not use/,/}/s?^?#?" $INTERCEPT_FILE |
$SED "s?uamserver.*?uamserver\thttp://alcasar.localdomain/intercept.php?" $CHILLI_CONF_FILE |
/usr/bin/systemctl restart chilli |
;; |
--on|-on) # enable HTTPS |
$SED "/## If https not use/,/#}/s?^#??" $INTERCEPT_FILE |
$SED "s?uamserver.*?uamserver\thttps://alcasar.localdomain/intercept.php?" $CHILLI_CONF_FILE |
/usr/bin/systemctl restart chilli |
;; |
*) |
echo "Argument inconnu :$1"; |
echo "$usage" |
exit 1 |
;; |
esac |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/scripts/alcasar-iptables.sh |
---|
153,6 → 153,13 |
############################# |
# PREROUTING # |
############################# |
# Redirection des requetes DNS des utilisateurs non connectés dans le DNS-Blackhole |
# Redirect users not connected DNS requests in DNS-Blackhole |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 56 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 56 |
# Marquage des paquets qui tentent d'accéder directement à un serveur sans authentification en mode proxy pour pouvoir les rejeter en INPUT |
# Mark packets that attempt to directly access a server without authentication with proxy client to reject them in INPUT rules |
#$IPTABLES -A PREROUTING -t mangle -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp -m tcp --dport 80 -m string --string 'GET http' --algo bm --from 50 --to 70 -j MARK --set-mark 10 |
212,11 → 219,6 |
# Redirect NTP request in local NTP server |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -s $PRIVATE_NETWORK_MASK ! -d $PRIVATE_IP -p udp --dport ntp -j REDIRECT --to-port 123 |
# Redirection des requetes DNS des utilisateurs non connectés dans le DNS-Blackhole |
# Redirect users not connected DNS requests in DNS-Blackhole |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 56 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 56 |
############################# |
# INPUT # |
############################# |
/scripts/alcasar-load_balancing.sh |
---|
0,0 → 1,407 |
#!/bin/bash |
# $Id$ |
# Generic Load balancer for multiple WAN links - version 1.1 (04 Feb 2011) |
# (c) 2011 Pau Oliva Fora - http://pof.eslack.org |
# |
# Licensed under GPLv3 - for full terms see: |
# http://www.gnu.org/licenses/gpl-3.0.html |
# |
# Adapted and debugged (adr et ping -S) by ALCASAR Team (3abtux@alcasar.net) |
# (c) 2013 3abtux - http://www.alcasar.net |
# |
# Specify each WAN link in a separate column, example: |
# In this example we have 3 wan links (vlanXXX interfaces) attached to a single |
# physical interface because we use a vlan-enabled switch between the balancer |
# machine and the ADSL routers we want to balance. The weight parameter should |
# be kept to a low integer. |
# |
# |
# Modified by ALCASAR team : |
prog="alcasar-load_balancing.sh" |
pidfile="/var/run/alcasar-load_balancing.pid" |
############################### |
# MAIN PARAMETERs Configuration |
############################### |
DIR_ETC="/usr/local/etc" |
CONF_FILE="$DIR_ETC/alcasar.conf" |
MULTIWAN=`grep MULTIWAN= $CONF_FILE|cut -d"=" -f2` |
MULTIWAN=${MULTIWAN:=off} |
FAILOVER=`grep FAILOVER= $CONF_FILE|cut -d"=" -f2` |
FAILOVER=${FAILOVER:=30} |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
# space separated list of public IPs to ping in watchdog mode |
# set this to some public ip addresses pingable and always on. |
TESTIPS="8.8.8.8 192.0.32.10" |
# set to 1 when testing, set to 0 when happy with the results |
VERBOSE=0 |
# CONFIGURATION ENDS HERE |
############################### |
if [ $(whoami) != "root" ]; then |
echo "You must be root to run this!" ; echo ; exit 1 |
fi |
# Adapter for ALCASAR project |
CONF_FILE="/usr/local/etc/alcasar.conf" |
# Virtual interfaces creating |
function create_eth () { |
routecmd="ip route replace default scope global" |
NBIFACE=`grep "^WAN" $CONF_FILE | wc -l` # Nbre interfaces virtuelles |
i=0 |
while [ $i -le $NBIFACE ] |
do |
INT="WAN$i" |
echo $INT |
ACTIVE=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $1}'` # Active |
WT=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # WEIGHT |
WT=${WT:-1} |
IP=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $3}' | cut -d"/" -f1` # @IP |
if [ $i -ne 0 ]; then |
[ -e /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i ] && ifdown $EXTIF:$i && rm -f /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i |
IFACE=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $2}'` # IFACE |
IP_NET=`grep "^$INT=" $CONF_FILE | awk -F'"' '{print $2}' | awk -F, '{ print $3}'` # IP |
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`" |
GW=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW |
MTU=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $6}'` # MTU |
# Config $EXTIF:$i (Internet) |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i |
DEVICE=$IFACE |
BOOTPROTO=static |
IPADDR=`echo $IP | cut -d"/" -f1` |
NETMASK=`ipcalc -m $IP_NET | cut -d= -f2` |
NETWORK=`ipcalc -n $IP_NET | cut -d= -f2` |
MTU=$MTU |
ONBOOT=yes |
NOZEROCONF=yes |
MII_NOT_SUPPORTED=yes |
IPV6INIT=no |
IPV6TO4INIT=no |
ACCOUNTING=no |
USERCTL=no |
EOF |
echo "ifup $EXTIF:$i" |
ifup $EXTIF:$i |
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`" |
else |
IFACE="$EXTIF" |
IP_NET=`grep "^PUBLIC_IP=" $CONF_FILE | awk -F'=' '{print $2}'` # IP/MSK |
IP=`grep "^PUBLIC_IP=" $CONF_FILE | awk -F= '{ print $2 }' | cut -d"/" -f1` # @IP |
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW |
# MTU=`grep "^PUBLIC_MTU=" $CONF_FILE | awk -F= '{print $2}'` # MTU |
fi # End |
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`" |
if [ "$PARAM" == "add" ]; then |
set -x |
table=$(($i + 1)) |
ip route ${PARAM} ${NET} dev ${IFACE} src ${IP} table $table |
ip route ${PARAM} default via ${GW} table $table |
ip rule ${PARAM} from ${IP} table $table |
set +x |
fi |
echo " Iface: ${IFACE}" |
echo " IP: ${IP}" |
echo " IP_NET: ${IP_NET}" |
echo " NET: ${NET}" |
echo " GW: ${GW}" |
echo " Weight: ${WT}" |
echo " MTU : ${MTU}" |
echo |
routecmd="${routecmd} nexthop via ${GW} dev ${IFACE} weight ${WT}" |
i=$(($i + 1)) |
done # End While |
if [ "$PARAM" == "add" ]; then |
echo "[] Balanced routing:" |
# suppress default route |
ip route del default scope global |
set -x |
${routecmd} |
set +x |
echo |
fi |
} # end create_eth |
########################### |
# Fonction virtual Interfaces deleting |
########################### |
delete_eth () { |
IFACE_COUNT=`ls -l /etc/sysconfig/network-scripts/ifcfg-$EXTIF:* | wc -l` |
echo $IFACE_COUNT |
while [ $IFACE_COUNT -ne 0 ] |
do |
i=$IFACE_COUNT |
echo "ifdown $EXTIF:$i" |
ifdown $EXTIF:$i |
rm -f /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i |
IFACE_COUNT=$(($IFACE_COUNT - 1)) |
done |
ip route del default scope global |
# ip route add default gw 192.168.1.1 |
} |
# do not modify below this line unless you know what you're doing :) |
function getvalue() { |
index=$1 |
VAR=$2 |
n=1 |
for f in ${VAR} ; do |
if [ "${n}" == "${index}" ]; then |
echo "$f" |
break |
fi |
n=$(($n++)) |
done |
} |
###################### |
# Fonction de FailOver |
###################### |
function failover () { |
echo "[] Watchdog started" |
# 0 == all links ok, 1 == some link down |
STATE=0 |
DOWNCOUNT_BAK=0 |
DOWN_BAK="" |
NBIFACE=`grep "^WAN" $CONF_FILE | wc -l` # Nbre interfaces virtuelles |
echo "Nombre interfaces = "$NBIFACE |
WANIFACE[0]="$EXTIF" |
c=0 |
while [ $c -le $NBIFACE ]; do |
ITH=(`grep "WAN$c=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $2}'`) # IFACE |
echo $ITH |
WANIFACE="${WANIFACE} $ITH" |
echo $WANIFACE |
c=$(($c + 1)) |
done |
echo "Liste des interfaces : "${WANIFACE[*]} |
# Failover test |
while : ; do |
if [ $VERBOSE -eq 1 ]; then |
echo "[] Sleeping, state=$STATE" |
fi |
sleep $FAILOVER |
IFINDEX=1 |
DOWN="" # liste des interfaces down |
DOWNCOUNT=0 # nombre d'interface down |
for iface in $WANIFACE ; do |
COUNT=0 # compteur de test |
FAIL=0 # Nombre de fois down |
# Recup de l'adresse IP dynamiquement |
IP=`ifconfig $iface |grep "inet adr" |cut -f 2 -d ":" |awk '{print $1}'` |
if [ $i -ne 0 ]; then |
GW=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW |
WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @WT |
else |
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW |
fi |
for TESTIP in $TESTIPS ; do |
COUNT=$(($COUNT + 1)) |
ping -W 3 -I $IP -c 1 $TESTIP > /dev/null 2>&1 |
# ping -W 3 -I $IP -c 1 $TESTIP |
# Si ping de la première adresse --> ok --> stop du test pour l'interface testée |
if [ $? -eq 0 ]; then |
break |
else |
# sinon on compte une erreur |
FAIL=$(($FAIL + 1)) |
fi |
done # End of test sur un serveur Internet |
# Affichage du nombre de down |
echo "FAIL=$FAIL" |
# Si nombre de fois down = nombre de tests --> Iface down --> log dans fichier log avec l'heure |
if [ $FAIL -eq $COUNT ]; then |
echo "`date +%F-%Hh%mm%Ss` : [WARN] $iface is down!" |
# Si etat différent de 1 (déjà tombé) --> changement de l'état général en default |
if [ $STATE -ne 1 ]; then |
echo "Switching state $STATE -> 1" |
STATE=1 |
fi |
# Rajout de l'iface dans la liste des interfaces down |
DOWN="${DOWN} $IFINDEX" |
echo "DOWN=$DOWN" |
# Nombre d'interface down |
DOWNCOUNT=$(($DOWNCOUNT + 1)) |
echo "DOWNCOUNT=$DOWNCOUNT" |
fi |
IFINDEX=$(($IFINDEX + 1)) |
echo "IFINDEX =$IFINDEX" |
done # End Test Interface in WANIFACE |
# 0 Passerelle down et état précédent différent (retour à la normale)) --> mise à la normale des passerelles |
# if [ $DOWNCOUNT -eq 0 ] && [ $DOWNCOUNT -ne $DOWNCOUNT_BAK ]; then |
if [ $DOWNCOUNT -eq 0 ] ; then |
if [ $STATE -eq 1 ]; then |
echo |
echo "[] All links up and running :)" |
set -x |
${routecmd} |
set +x |
# Changement de l'état en normal |
STATE=0 |
echo "Switching state 1 -> 0" |
fi # End retour etat normal |
# if no interface is down, go to the next cycle |
continue |
# cas ou au moins une passerelle down mais état identique au précédent Test --> rien à changer |
else |
if [ "$DOWN_BAK" == "$DOWN" ]; then |
echo "DOWN_BAK == DOWN = $DOWN" |
continue # --> état identique test precedent --> boucle suivante |
# cas ou au moins une passerelle down mais état différent de test précédent --> remplacement par nouvelle règle |
else |
cmd="ip route replace default scope global" |
IFINDEX=1 |
suffix="" |
# Pour chaque interface --> traitement et application de la règle de routage |
for iface in $WANIFACE ; do |
echo "-------------------------" |
echo "iface=$iface" |
echo "Index = " $IFINDEX |
FAILIF=0 |
# Pour chaque interface down --> |
echo "Interfaces DOWN = $DOWN" |
for lnkdwn in $DOWN ; do |
echo "LINKDOWN = "$lnkdown |
if [ $lnkdwn -eq $IFINDEX ]; then |
FAILIF=1 |
break |
else |
continue |
fi |
done # End linkdown in DOWN |
# Interface en etat normal --> rajout de la règle en mode nexthop |
if [ $FAILIF -eq 0 ]; then |
IP=`ifconfig $iface |grep "inet adr" |cut -f 2 -d ":" |awk '{print $1}'` |
if [ $iface != "$EXTIF" ]; then |
GW=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW |
WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @GW |
else |
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW |
fi |
echo "GW=$GW" |
echo "WT=$WT" |
echo "suffix=$sufix" |
suffix="${suffix} nexthop via ${GW} dev ${iface} weight ${WT:-1}" |
fi # End interface = noFAIL |
IFINDEX=$(($IFINDEX + 1)) |
done # End iface IN WANIFACE |
# Commande globale |
cmd="ip route replace default scope global $suffix" |
if [ $VERBOSE -eq 1 ]; then |
set -x |
# echo "Avec commentaire : " ${cmd} |
${cmd} |
set +x |
echo |
else |
${cmd} 2>/dev/null |
echo ${cmd} |
fi # end Application de la commande de routage globale |
fi # |
DOWN_BAK=$DOWN # Enregistrement de l'etat |
fi # End |
done |
} # End of Failover |
################# |
# Main |
################# |
echo "[] Load balancer for multiple WAN interfaces - v2.1" |
echo "[] (c) 2011 Pau Oliva Fora <pof> @eslack.org" |
echo "[] (c) 2013 3abtux ALCASAR <3abtux> @alcasar.net" |
echo |
case $1 in |
create) |
create_eth |
;; |
delete) |
delete_eth |
;; |
start) |
if [ "$MULTIWAN" != "on" ] && [ "$MULTIWAN" != "On" ]; then |
echo "The MultiGateway is not activated !" |
exit 0 |
fi |
PARAM="add" |
create_eth |
ip route flush cache |
if [ $FAILOVER -eq 0 ]; then |
echo "The MultiWAN Mode is actived but not failover connectivity !" |
exit 0 |
fi |
echo "Starting down $prog: " |
pid=`pidof -x "alcasar-load_balancing.sh"` |
if [ $pid != "" ]; then |
echo $pid > $pidfile |
fi |
touch /var/lock/subsys/alcasar-load_balancing |
failover |
;; |
stop) |
PARAM="del" |
echo "Shutting down $prog: " |
if [ -f $pidfile ]; then |
pid=`cat $pidfile` |
kill -9 $pid |
else |
echo "$prog is not running." |
exit 1 |
fi |
RETVAL=$? |
echo |
[ $RETVAL -eq 0 ] && rm -f $pidfile && rm -f /var/lock/subsys/alcasar-load_balancing |
echo "Delete of virtual interfaces" |
delete_eth |
echo "Network restart" |
service network restart 2>&1 > /dev/null |
ip route |
;; |
status) |
echo "Checking $prog : " |
if [ -f $pidfile ]; then |
pid=`cat $pidfile` |
CHECK=`ps -p $pid --no-heading | awk {'printf $1'}` |
if [ "$CHECK" = "" ]; then |
echo "$prog is NOT running." |
else |
echo "$prog is running !" |
fi |
else |
echo "$prog is Not running." |
fi |
;; |
fail) |
failover |
;; |
*) |
echo "Usage: $0 [start|stop|status|create|delete]" ; echo ; exit 1 |
;; |
esac |
exit 0 |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/scripts/alcasar-logout.sh |
---|
0,0 → 1,54 |
#/bin/bash |
# $Id$ |
# alcasar-logout.sh |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# Déconnexion d'un ou de tous les usagers |
# Logout one user (or all users) |
radiussecret="" |
OLDIFS=$IFS |
IFS=$'\n' |
usage="Usage: alcasar-logout.sh {user_name} | {all}" |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
nb_args=1 |
args="-h" |
fi |
case $args in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
all) |
# Compute each equipments known by chilli |
for system in `/usr/sbin/chilli_query list |grep -v "\.0\.0\.0"` |
do |
logout_users="" |
active_session=`echo $system |cut -d" " -f5` |
active_user=`echo $system|cut -d" " -f6` |
active_mac=`echo $system | cut -d" " -f1` |
# Logout only authenticated users |
if [[ $(expr $active_session) -eq 1 ]] |
then |
# Don't logout MAC authenticated |
if [ "$active_mac" != "$active_user" ] |
then |
logout_users=$logout_users" $active_user" |
/usr/sbin/chilli_query logout $active_mac |
fi |
fi |
done |
echo "All users are now logout : ($logout_users)" |
;; |
*) |
echo "User-Name = $args" | /usr/bin/radclient 127.0.0.1:3799 40 $radiussecret |
;; |
esac |
IFS=$OLDIFS |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/scripts/alcasar-mysql.sh |
---|
0,0 → 1,139 |
#! /bin/bash |
# $Id$ |
# alcasar-mysql.sh |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY |
# This script is distributed under the Gnu General Public License (GPL) |
# Gestion (sauvegarde / import / RAZ) de la base MySQL 'radius'. Fermeture des sessions de comptabilité ouvertes |
# Management of mysql 'radius' database (save / import / RAZ). Close the accounting open sessions |
rep_tr="/var/Save/base" # répertoire d'accueil des sauvegardes |
ext="sql" # extension des fichiers de sauvegarde |
DB_RADIUS="radius" |
DB_USER="radius" |
radiuspwd="MotdePasse" |
new="$(date +%G%m%d-%Hh%M)" # date et heure des fichiers |
fichier="alcasar-users-database-$new.$ext" # nom du fichier de sauvegarde |
stop_acct () |
{ |
date_now=`date "+%F %X"` |
echo "UPDATE radacct SET acctstoptime = '$date_now', acctterminatecause = 'Admin-Reset' WHERE acctstoptime IS NULL" | mysql -u$DB_USER -p$radiuspwd $DB_RADIUS |
} |
check () |
{ |
echo "check (and repair if needed) the database :" |
mysqlcheck --databases $DB_RADIUS -u $DB_USER -p$radiuspwd --auto-repair |
} |
expire_user () # remove users whom expiration date has passed to 7 days |
{ |
del_date=`date +%F` |
MYSQL_USER="" |
MYSQL_USER=`/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS -ss --exec "SELECT username FROM radcheck WHERE ( DATE_SUB(CURDATE(),INTERVAL 7 DAY) > STR_TO_DATE(value,'%d %M %Y')) AND attribute='Expiration';"` |
for u in $MYSQL_USER |
do |
/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS --exec "DELETE FROM radusergroup WHERE username = '$u'; DELETE FROM radreply WHERE username = '$u'; DELETE FROM userinfo WHERE UserName = '$u'; DELETE FROM radcheck WHERE username = '$u';" |
if [ $? = 0 ] |
then |
echo "User $u was deleted $del_date" >> /var/log/mysqld/delete_user.log |
else |
echo "Delete User $u : Error $del_date" >> /var/log/mysqld/delete_user.log |
fi |
done |
} |
expire_group () # remove users of group whom expiration date has passed to 7 days |
{ |
del_date=`date +%F` |
MYSQL_GROUP="" |
MYSQL_GROUP=`/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS -ss --exec "SELECT groupname FROM radgroupcheck WHERE ( DATE_SUB(CURDATE(),INTERVAL 7 DAY) > STR_TO_DATE(value,'%d %M %Y')) AND attribute='Expiration';"` |
for g in $MYSQL_GROUP |
do |
MYSQL_USERGROUP="" |
MYSQL_USERGROUP=`/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS -ss --exec "SELECT username FROM radusergroup WHERE groupname = '$g';"` |
for u in $MYSQL_USERGROUP |
do |
/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS --exec "DELETE FROM radusergroup WHERE username = '$u'; DELETE FROM radreply WHERE username = '$u'; DELETE FROM userinfo WHERE UserName = '$u'; DELETE FROM radcheck WHERE username = '$u';" |
if [ $? = 0 ] |
then |
echo "User $u was deleted $del_date" >> /var/log/mysqld/delete_user.log |
else |
echo "Delete User $u : Error $del_date" >> /var/log/mysqld/delete_user.log |
fi |
done |
/usr/bin/mysql -u$DB_USER -p$radiuspwd $DB_RADIUS --exec "DELETE FROM radgroupreply WHERE groupname = '$g'; DELETE FROM radgroupcheck WHERE groupname = '$g';" |
if [ $? = 0 ] |
then |
echo "Group $g was deleted $del_date" >> /var/log/mysqld/delete_group.log |
else |
echo "Delete Group $g : Error $del_date" >> /var/log/mysqld/delete_group.log |
fi |
done |
} |
usage="Usage: alcasar-mysql.sh { -d or --dump } | { -c or --check } | { -i or --import } | { -r or --raz } | { -a or --acct_stop } | [ -e or --expire_user ]" |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
nb_args=1 |
args="-h" |
fi |
case $args in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
-d | --dump | -dump) |
[ -d $rep_tr ] || mkdir -p $rep_tr |
if [ -e $fichier ]; |
then rm -f $fichier |
fi |
check |
echo "Export the database in file : $fichier" |
mysqldump -u $DB_USER -p$radiuspwd --opt -BcQC $DB_RADIUS > $rep_tr/$fichier |
gzip -f $rep_tr/$fichier |
echo "End of export $( date "+%Hh %Mmn" )" |
;; |
-c | --check | -check) |
check |
;; |
-i | --import | -import) |
if [ $nb_args -ne 2 ] |
then |
echo "Enter a SQL file name ('.sql' or '.sql.gz')" |
exit 0 |
else |
case $2 in |
*.sql.gz ) |
gunzip -f < $2 | mysql -u $DB_USER -p$radiuspwd |
stop_acct |
;; |
*.sql ) |
mysql -u $DB_USER -p$radiuspwd < $2 |
stop_acct |
;; |
esac |
fi |
;; |
-r | --raz | -raz) |
mysqldump -u $DB_USER -p$radiuspwd --opt -BcQC $DB_RADIUS > $rep_tr/$fichier |
gzip -f $rep_tr/$fichier |
mysql -u$DB_USER -p$radiuspwd $DB_RADIUS < /etc/raddb/empty-radiusd-db.sql |
;; |
-a | --acct_stop | -acct_stop) |
stop_acct |
;; |
-e | --expire_user) |
expire_user |
expire_group |
;; |
*) |
echo "Unknown argument :$1"; |
echo "$usage" |
exit 1 |
;; |
esac |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/scripts/alcasar-nf.sh |
---|
0,0 → 1,41 |
#/bin/bash |
# $Id$ |
# alcasar-nf.sh |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# active ou desactive le filtrage de protocoles réseau |
# enable or disable the network protocols filter |
SED="/bin/sed -i" |
CONF_FILE="/usr/local/etc/alcasar.conf" |
usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off}" |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
echo $usage |
exit 1 |
fi |
case $args in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
--on|-on) # enable protocols filter |
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $CONF_FILE |
/usr/local/bin/alcasar-iptables.sh |
;; |
--off|-off) # disable protocols filter |
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $CONF_FILE |
/usr/local/bin/alcasar-iptables.sh |
;; |
*) |
echo "Argument inconnu :$1"; |
echo "$usage" |
exit 1 |
;; |
esac |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/scripts/alcasar-profil.sh |
---|
0,0 → 1,175 |
#/bin/bash |
# $Id$ |
# alcasar-profil.sh |
# by Richard REY |
# This script is distributed under the Gnu General Public License (GPL) |
# Gestion des comptes liés aux profiles |
# Manage the profil logins |
ADM_PROFIL="admin" |
PROFILS="backup manager" |
ALL_PROFILS=`echo $ADM_PROFIL $PROFILS` |
DIR_KEY="/usr/local/etc/digest" |
SED="/bin/sed -i" |
Lang=`echo $LANG|cut -c 1-2` |
# liste les comptes de chaque profile |
function list () { |
for i in $ALL_PROFILS |
do |
if [ $Lang == "fr" ] |
then |
echo -n "Comptes liés au profil '$i' : " |
else |
echo -n "accounts linked with profile '$i' : " |
fi |
account_list=`cat $DIR_KEY/key_only_$i | cut -d':' -f1|sort` |
for account in $account_list |
do |
echo -n "$account " |
done |
echo |
done |
} |
# ajoute les comptes du profil "admin" aux autres profils |
# crée le fichier de clés contenant tous les compte (pour l'accès au centre de gestion) |
function concat () { |
> $DIR_KEY/key_all |
for i in $PROFILS |
do |
cp -f $DIR_KEY/key_only_$ADM_PROFIL $DIR_KEY/key_$i |
cat $DIR_KEY/key_only_$i >> $DIR_KEY/key_$i |
cat $DIR_KEY/key_only_$i >> $DIR_KEY/key_all |
done |
cp -f $DIR_KEY/key_only_$ADM_PROFIL $DIR_KEY/key_$ADM_PROFIL |
cat $DIR_KEY/key_only_$ADM_PROFIL >> $DIR_KEY/key_all |
chown -R root:apache $DIR_KEY |
chmod 640 $DIR_KEY/key_* |
} |
usage="Usage: alcasar-profil.sh [-l|--list] [-a|--add] [-d|--del] [-p|--pass]" |
nb_args=$# |
args=$1 |
# on met en place la structure minimale |
if [ ! -e $DIR_KEY/key_$ADM_PROFIL ] |
then |
touch $DIR_KEY/key_$ADM_PROFIL |
fi |
cp -f $DIR_KEY/key_$ADM_PROFIL $DIR_KEY/key_only_$ADM_PROFIL |
for i in $PROFILS |
do |
if [ ! -e $DIR_KEY/key_only_$i ] |
then |
touch $DIR_KEY/key_only_$i |
fi |
done |
concat |
if [ $nb_args -eq 0 ] |
then |
echo $usage |
exit 0 |
fi |
case $args in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
--add|-a) |
# ajout d'un compte |
list |
if [ $Lang == "fr" ] |
then |
echo -n "Choisissez un profil ($ALL_PROFILS) : " |
else |
echo -n "Select a profile ($ALL_PROFILS) : " |
fi |
read profil |
if [ $Lang == "fr" ] |
then |
echo -n "Entrez le nom du compte à créer (profil '$profil') : " |
else |
echo "Enter the name of the account to create (profile '$profil') : " |
fi |
read account |
# on teste s'il n'existe pas déjà |
for i in $ALL_PROFILS |
do |
tmp_account=`cat $DIR_KEY/key_only_$i | cut -d':' -f1` |
for j in $tmp_account |
do |
if [ "$j" = "$account" ] |
then if [ $Lang == "fr" ] |
then |
echo "Ce compte existe déjà" |
else |
echo "This account already exists" |
fi |
exit 0 |
fi |
done |
done |
/usr/bin/htdigest $DIR_KEY/key_only_$profil "ALCASAR Control Center (ACC)" $account |
concat |
list |
;; |
--del|-d) |
# suppression d'un compte |
list |
if [ $Lang == "fr" ] |
then |
echo -n "entrez le nom du compte à supprimer : " |
else |
echo -n "enter the name of the account to remove : " |
fi |
read account |
for i in $ALL_PROFILS |
do |
$SED "/^$account:/d" $DIR_KEY/key_only_$i |
done |
concat |
list |
;; |
--pass|-p) |
# changement du mot de passe d'un compte |
list |
if [ $Lang == "fr" ] |
then |
echo "Changement de mot de passe" |
echo -n "Entrez le nom du compte : " |
else |
echo "Password change" |
echo -n "Enter the name of the account : " |
fi |
read account |
for i in $ALL_PROFILS |
do |
tmp_account=`cat $DIR_KEY/key_only_$i | cut -d':' -f1` |
for j in $tmp_account |
do |
if [ "$j" = "$account" ] |
then |
/usr/bin/htdigest $DIR_KEY/key_only_$i "ALCASAR Control Center (ACC)" $account |
fi |
done |
done |
concat |
;; |
--list|-l) |
# liste des comptes par profile |
list |
;; |
*) |
if [ $Lang == "fr" ] |
then |
echo "Argument inconnu :$1"; |
else |
echo "Unknown argument : $i"; |
fi |
echo "$usage" |
exit 1 |
;; |
esac |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/scripts/alcasar-rpm-download.sh |
---|
0,0 → 1,145 |
#!/bin/bash |
# $Id$ |
# alcasar-urpmi.sh |
# by Franck BOUIJOUX and Richard REY |
# This script is distributed under the Gnu General Public License (GPL) |
# récupération des RPM nécessaire dans un fichier tarball |
# retrieve needed RPM in a tarball file |
VERSION="4" |
ARCH="i586" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap freeradius-web apache apache-mod_ssl apache-mod_php dansguardian postfix mariadb ntp bind-utils openssh-server php-xml php-ldap php-mysql php-mysqli php-mbstring php-sockets php-cli php-curl php-pdo_sqlite php-json rng-utils dnsmasq rsync clamav perl-rrdtool perl-MailTools perl-Socket6 fail2ban gnupg ulogd dkms-ipt_NETFLOW iptables-NETFLOW pm-fallback-policy ipset cronie-anacron gammu usbutils locales-en usb_modeswitch tinyproxy vnstat php-gd sudo iftop" |
rpm_repository_sync () |
{ |
cat <<EOF > /etc/urpmi/urpmi.cfg |
{ |
downloader: wget |
} |
EOF |
urpmi.addmedia --probe-synthesis --mirrorlist ${!MIRRORLIST} core /media/core/release |
urpmi.addmedia --update --probe-synthesis --mirrorlist ${!MIRRORLIST} core_updates /media/core/updates |
} |
rpm_error () |
{ |
echo |
echo "Relancez l'installation ultérieurement." |
echo "Si vous rencontrez à nouveau ce problème, modifier les variables MIRRORLIST[1&2] du fichier 'scripts/alcasar-urpmi.sh'" |
echo "Try an other install later." |
echo "If this problem occurs again, change the MIRRORLIST[1&2] variables in the file 'scripts/alcasar-urpmi.sh'" |
} |
# extract the current architecture (i586 ou X64) |
fic=`cat /etc/product.id` |
old="$IFS" |
IFS="," |
set $fic |
for i in $* |
do |
if [ "`echo $i|grep arch|cut -d'=' -f1`" == "arch" ] |
then |
ARCH=`echo $i|cut -d"=" -f2` |
fi |
done |
IFS="$old" |
# We prefer wget than curl |
wget_exist=`rpm -qa|grep wget|wc -l` |
if [ "$wget_exist" -eq "0" ] |
then |
urpmi --no-verify-rpm --auto ../../conf/rpms/$ARCH/wget*.rpm |
fi |
# Set the RPM repository |
MIRROR_NBR=2 |
# For french ALCASARistes |
MIRRORLIST1="http://www.mirrorservice.org/sites/mageia.org/pub/mageia/distrib/$VERSION/$ARCH" |
# For International install |
MIRRORLIST2="http://mirrors.mageia.org/api/mageia.$VERSION.$ARCH.list" |
try_nb="0"; nb_repository="0" |
while [ "$nb_repository" != "2" ] |
do |
try_nb=`expr $try_nb + 1` |
MIRRORLIST="MIRRORLIST$try_nb" |
rpm_repository_sync |
nb_repository=`cat /etc/urpmi/urpmi.cfg|grep mirrorlist|wc -l` |
if [ "$nb_repository" != "2" ] |
then |
echo "Une erreur a été détectée lors de la synchronisation avec le dépot N°$try_nb." |
echo "An error occurs when synchronising the repositories N°$try_nb" |
if [ $(expr $try_nb) -eq $MIRROR_NBR ] |
then |
rpm_error |
exit 1 |
fi |
echo "Voulez-vous tenter une synchronisation avec un autre dépôt?" |
echo "Do you wan't to try a synchronisation with an other repository?" |
response=0 |
PTN='^[oOnNyY]$' |
until [[ $(expr $response : $PTN) -gt 0 ]] |
do |
read response |
done |
if [ "$response" = "n" ] || [ "$response" = "N" ] |
then |
exit 1 |
fi |
fi |
done |
# delete unused RPMs |
echo "Cleaning the system : " |
for rm_rpm in shorewall dhcp-server cyrus-sasl distcache-server avahi mandi radeontool mondo mindi |
do |
/usr/sbin/urpme --auto $rm_rpm --auto-orphans 2>/dev/null |
echo -n "." |
done |
urpmi --clean |
# download RPM in cache |
echo "Récupération des paquetages de mise à jour. Veuillez patienter ..." |
echo "Updated RPM download. Please wait ..." |
echo "Il est temps d'aller prendre un café :-) " |
echo "You should now take a Beer ;-) " |
urpmi --auto --auto-update --quiet --test --retry 2 |
if [ "$?" != "0" ] |
then |
echo |
echo "Une erreur a été détectée lors de la récupération des paquetages." |
echo "An error occurs when downloading RPMS" |
rpm_error |
exit 1 |
fi |
# update with cached RPM |
urpmi --auto --auto-update --noclean |
if [ "$?" != "0" ] |
then |
echo |
echo "Une erreur a été détectée lors de la mise à jour des paquetages." |
echo "An error occurs when updating packages" |
rpm_error |
exit 1 |
fi |
# Download of ALCASAR specifics RPM in cache (and test) |
echo "Récupération des paquetages complémentaires. Veuillez patienter ..." |
echo "Download of complementary packages. Please wait ..." |
urpmi --auto $PACKAGES --quiet --test --retry 2 |
if [ "$?" != "0" ] |
then |
echo |
echo "Une erreur a été détectée lors de la récupération des paquetages complémentaires." |
echo "An error occurs when downloading complementary packages" |
rpm_error |
exit 1 |
fi |
echo "archive creation. Please wait..." |
cd /var/cache/urpmi |
tar -czf rpms-$ARCH.tar.gz rpms/ |
# Clean the RPM cache |
urpmi --clean |
mv rpms-$ARCH.tar.gz /root/ |
cd |
echo "Your RPM archive file is /root/rpms-$ARCH.tar.gz" |
exit 0 |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/scripts/alcasar-uninstall.sh |
---|
0,0 → 1,279 |
#!/bin/bash |
# $Id$ |
# alcasar-uninstall.sh |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY |
# This script is distributed under the Gnu General Public License (GPL) |
# Désisntallation d'ALCASAR |
# Uninstall ALCASAR |
SED="/bin/sed -i" |
clear |
echo "-----------------------------------------------------------------------------" |
echo "** Uninstall/Update ALCASAR **" |
echo "-----------------------------------------------------------------------------" |
echo |
# logout all logged users |
/usr/local/bin/alcasar-logout.sh all |
# services_stop |
echo "Stopping service : " |
/usr/local/bin/alcasar-sms.sh --stop |
for i in alcasar-load_balancing vnstat havp freshclam ntpd httpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian dnsmasq sshd chilli |
do |
if [ -e /lib/systemd/system/$i.service ] |
then |
/usr/bin/systemctl disable $i.service |
/usr/bin/systemctl stop $i.service 1>/dev/null |
sleep 1 |
else |
echo "The service $i.service doesn't exist !" |
fi |
done |
echo "Check the service clearing" |
for i in alcasar-load_balancing vnstat havp freshclam ntpd httpd radiusd mysqld dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole tinyproxy nfsen fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability dansguardian dnsmasq sshd chilli |
do |
if [ `systemctl is-active $i.service` == "active" ] |
then |
echo "The service '$i' need to be killed" |
/usr/bin/systemctl stop $i.service |
killall $i |
fi |
done |
echo "Reset ALCASAR main functions : " |
#init |
echo -en "\n- init(1) : " |
# les fichiers situés dans /usr/local/ seront supprimés à la fin car encore utiles ici |
rm -f /root/ALCASAR* && echo -n "1" |
sleep 1 |
# gestion |
echo -en "\n- gestion(10) : " |
[ -d /var/www/html ] && rm -rf /var/www/html && echo -n "1, " |
[ -e /etc/httpd/conf/httpd.conf.default ] && mv /etc/httpd/conf/httpd.conf.default /etc/httpd/conf/httpd.conf && echo -n "2, " |
[ -e /etc/httpd/conf/modules.d/00_base.conf.default ] && mv /etc/httpd/conf/modules.d/00_base.conf.default /etc/httpd/conf/modules.d/00_base.conf && echo -n "3, " |
[ -e /etc/php.ini.default ] && mv /etc/php.ini.default /etc/php.ini && echo -n "4, " |
[ -e /etc/httpd/conf/vhosts-ssl.default ] && FIC_VIRTUAL_SSL=`find /etc/httpd/conf -type f -name *default_ssl_vhost.conf` && mv /etc/httpd/conf/vhosts-ssl.default $FIC_VIRTUAL_SSL && echo -n "5, " |
if [ -d /usr/local/etc/digest ] # v >= 2.0 |
then rm -rf /usr/local/etc/digest && echo -n "6, " |
else echo -n "6, " |
fi |
[ -e /etc/httpd/conf/webapps.d/alcasar.conf ] && rm -f /etc/httpd/conf/webapps.d/alcasar.conf && echo -n "7, " |
[ -e /etc/httpd/conf/conf.d/ssl.conf.default ] && mv /etc/httpd/conf/conf.d/ssl.conf.default /etc/httpd/conf/conf.d/ssl.conf && echo -n "8, " |
[ -e /usr/share/httpd/error/include/top.html.default ] && mv /usr/share/httpd/error/include/top.html.default /usr/share/httpd/error/include/top.html && echo -n "9, " |
[ -e /usr/share/httpd/error/include/bottom.html.default ] && mv /usr/share/httpd/error/include/bottom.html.default /usr/share/httpd/error/include/top.html && echo -n "10" |
sleep 1 |
# CA |
echo -en "\n- AC(4) : " |
[ -e /etc/pki/CA/alcasar-ca.crt ] && rm -f /etc/pki/CA/alcasar-ca.crt && echo -n "1, " |
[ -e /etc/pki/CA/private/alcasar-ca.key ] && rm -f /etc/pki/CA/private/alcasar-ca.key && echo -n "2, " |
[ -e /etc/pki/tls/certs/alcasar.crt ] && rm -f /etc/pki/tls/certs/alcasar.crt && echo -n "3, " |
[ -e /etc/pki/tls/private/alcasar.key ] && rm -f /etc/pki/tls/private/alcasar.key && echo -n "4" |
sleep 1 |
#init_db |
echo -en "\n- init_db(2) : " |
[ -e /etc/my.cnf.default ] && mv -f /etc/my.cnf.default /etc/my.cnf && echo -n "1, " |
[ -e /lib/systemd/system/mysqld.service.default ] && mv -f /lib/systemd/system/mysqld.service.default /lib/systemd/system/mysqld.service && echo -n "2" |
/usr/bin/systemctl daemon-reload |
rm -rf /var/lib/mysql |
sleep 1 |
#param_radius |
echo -en "\n- radius(9) : " |
[ -e /etc/raddb/radiusd-db-vierge.sql ] && rm -f /etc/raddb/radiusd-db-vierge.sql && echo -n "1, " |
[ -e /etc/raddb/radiusd.conf.default ] && mv /etc/raddb/radiusd.conf.default /etc/raddb/radiusd.conf && echo -n "2, " |
[ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar && echo -n "3, " |
[ -e /etc/raddb/sites-available/alcasar ] && rm /etc/raddb/sites-available/alcasar && echo -n "4, " |
[ -e /etc/raddb/clients.conf.default ] && mv /etc/raddb/clients.conf.default /etc/raddb/clients.conf && echo -n "5, " |
[ -e /etc/raddb/sql.conf.default ] && mv /etc/raddb/sql.conf.default /etc/raddb/sql.conf && echo -n "6, " |
[ -e /etc/raddb/sql/mysql/dialup.conf.default ] && mv /etc/raddb/sql/mysql/dialup.conf.default /etc/raddb/sql/mysql/dialup.conf && echo -n "7, " |
[ -e /etc/raddb/sql/mysql/counter.conf.default ] && mv /etc/raddb/sql/mysql/counter.conf.default /etc/raddb/sql/mysql/counter.conf && echo -n "8, " |
[ -e /lib/systemd/system/radiusd.service.default ] && mv /lib/systemd/system/radiusd.service.default /lib/systemd/system/radiusd.service && echo -n "9" |
sleep 1 |
#param_web_radius |
echo -en "\n- web_radius(4) : " |
[ -e /etc/freeradius-web/admin.conf.default ] && mv /etc/freeradius-web/admin.conf.default /etc/freeradius-web/admin.conf && echo -n "1, " |
[ -e /etc/freeradius-web/naslist.conf ] && rm /etc/freeradius-web/naslist.conf && echo -n "2, " |
[ -e /etc/freeradius-web/user_edit.attrs.default ] && mv /etc/freeradius-web/user_edit.attrs.default /etc/freeradius-web/user_edit.attrs && echo -n "3, " |
[ -e /etc/freeradius-web/sql.attrmap.default ] || mv /etc/freeradius-web/sql.attrmap.default /etc/freeradius-web/sql.attrmap && echo -n "4" |
sleep 1 |
#param_chilli |
echo -en "\n- chilli(4) : " |
[ -e /etc/init.d/chilli.default ] && mv /etc/init.d/chilli.default /etc/init.d/chilli && echo -n "1, " |
[ -e /usr/libexec/chilli ] && rm /usr/libexec/chilli && echo -n "2, " |
[ -e /etc/chilli.conf.default ] && mv /etc/chilli.conf.default /etc/chilli.conf && echo -n "3, " |
[ -e /lib/systemd/system/chilli.service ] && rm /lib/systemd/system/chilli.service && echo -n "4" |
sleep 1 |
#param_dansguardian |
echo -en "\n- dansguardian(8) : " |
[ -d /var/dansguardian ] && rm -rf /var/dansguardian && echo -n "1, " |
[ -e /etc/dansguardian/dansguardian.conf.default ] && mv /etc/dansguardian/dansguardian.conf.default /etc/dansguardian/dansguardian.conf && echo -n "2, " |
[ -e /etc/dansguardian/lists/bannedphraselist.default ] && mv /etc/dansguardian/lists/bannedphraselist.default /etc/dansguardian/lists/bannedphraselist && echo -n "3, " |
[ -e /etc/dansguardian/dansguardianf1.conf.default ] && mv /etc/dansguardian/dansguardianf1.conf.default /etc/dansguardian/dansguardianf1.conf && echo -n "4, " |
[ -e /etc/dansguardian/lists/bannedextensionlist.default ] && mv /etc/dansguardian/lists/bannedextensionlist.default /etc/dansguardian/lists/bannedextensionlist && echo -n "5, " |
[ -e /etc/dansguardian/lists/bannedmimetypelist.default ] && mv /etc/dansguardian/lists/bannedmimetypelist.default /etc/dansguardian/lists/bannedmimetypelist && echo -n "6, " |
[ -e /etc/dansguardian/lists/exceptioniplist.default ] && mv /etc/dansguardian/lists/exceptioniplist.default /etc/dansguardian/lists/exceptioniplist && echo -n "7, " |
[ -e /etc/dansguardian/lists/bannedsitelist.default ] && mv /etc/dansguardian/lists/bannedsitelist.default /etc/dansguardian/lists/bannedsitelist && echo -n "8" |
sleep 1 |
#antivirus |
echo -en "\n- antivirus(5) : " |
if [ -e /etc/init.d/havp ] |
then |
[ -e /etc/havp/havp.config.default ] && mv /etc/havp/havp.config.default /etc/havp/havp.config && echo -n "1, " |
userdel -r havp 2>/dev/null && echo -n "2, " |
[ `grep havp /etc/fstab|wc -l` -ne "0" ] && $SED "/havp/d" /etc/fstab # anciennes versions (mémoire tampon sur disque) |
[ -e /etc/init.d/havp.default ] && mv /etc/init.d/havp.default /etc/init.d/havp && echo -n "3, " |
[ -e /lib/systemd/system/havp.service.default ] && mv /lib/systemd/system/havp.service.default /lib/systemd/system/havp.service && echo -n "4, " |
[ -e /etc/freshclam.conf.default ] && mv /etc/freshclam.conf.default /etc/freshclam.conf && echo -n "5" |
else echo -n "uninstalled" |
fi |
sleep 1 |
#tinyproxy |
echo -en "\n- tinyproxy(2) : " |
if [ -e /etc/init.d/tinyproxy ] |
then |
[ -e /etc/tinyproxy/tinyproxy.conf.default ] && mv /etc/tinyproxy/tinyproxy.conf.default /etc/tinyproxy/tinyproxy.conf && echo -n "1, " |
userdel -r tinyproxy 2>/dev/null && echo -n "2" |
else echo -n "uninstalled" |
fi |
sleep 1 |
#param_ulogd |
echo -en "\n- ulogd(6) : " |
i=0 |
for log_type in traceability ssh ext-access |
do |
i=`expr $i + 1` |
[ -e /etc/ulogd-$log_type.conf ] && rm -f /etc/ulogd-$log_type.conf && echo -n "$i, " |
i=`expr $i + 1` |
[ -e /lib/systemd/system/ulogd-$log_type.service ] && rm -f /lib/systemd/system/ulogd-$log_type.service && echo -n "$i, " |
done |
sleep 1 |
#nfsen |
echo -en "\n- nfsen(1) : " |
[ -e /lib/systemd/system/nfsen.service ] && rm -f /lib/systemd/system/nfsen.service && echo -n "1" |
sleep 1 |
#vnstat |
echo -en "\n- vnstat(1) : " |
[ -e /etc/vnstat.conf.default ] && mv /etc/vnstat.conf.default /etc/vnstat.conf && echo -n "1" |
sleep 1 |
#DnsMasq |
echo -en "\n- dnsmasq(9) : " |
if [ -e /lib/systemd/system/dnsmasq.service ] |
then |
[ -e /etc/sysconfig/dnsmasq.default ] && mv /etc/sysconfig/dnsmasq.default /etc/sysconfig/dnsmasq && echo -n "1, " |
[ -e /etc/dnsmasq.conf.default ] && mv /etc/dnsmasq.conf.default /etc/dnsmasq.conf && echo -n "2, " |
[ -e /lib/systemd/system/dnsmasq.service.default ] && mv /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq.service && echo -n "3, " |
i=3 |
for list in blacklist whitelist blackhole |
do |
i=`expr $i + 1` |
[ -e /etc/dnsmasq-$list.conf ] && rm /etc/dnsmasq-$list.conf && echo -n "$i, " |
i=`expr $i + 1` |
[ -e /lib/systemd/system/dnsmasq-$list.service ] && rm /lib/systemd/system/dnsmasq-$list.service && echo -n "$i, " |
done |
else echo -n "uninstalled" |
fi |
sleep 1 |
#BL |
echo -en "\n- BL(0) : " |
sleep 1 |
#dhcpd |
echo -en "\n- dhcp-server(1) : " |
if [ -e /etc/init.d/dhcpd ] |
then |
/usr/sbin/urpme --auto dhcp-server --auto-orphans && echo -n "1" |
else echo -n "uninstalled" |
fi |
sleep 1 |
#fail2ban |
echo -en "\n- fail2ban(8) : " |
[ -e /etc/fail2ban/fail2ban.conf.default ] && mv /etc/fail2ban/fail2ban.conf.default /etc/fail2ban/fail2ban.conf && echo -n "1, " |
[ -e /etc/fail2ban/jail.conf.default ] && mv /etc/fail2ban/jail.conf.default /etc/fail2ban/jail.conf && echo -n "2, " |
[ -e /etc/fail2ban/action.d/iptables-allports.conf.default ] && mv /etc/fail2ban/action.d/iptables-allports.conf.default /etc/fail2ban/action.d/iptables-allports.conf && echo -n "3, " |
[ -e /etc/fail2ban/filter.d/alcasar_mod-evasive.conf ] && rm /etc/fail2ban/filter.d/alcasar_mod-evasive.conf && echo -n "4, " |
[ -e /etc/fail2ban/filter.d/alcasar_htdigest.conf ] && rm /etc/fail2ban/filter.d/alcasar_htdigest.conf && echo -n "5, " |
[ -e /etc/fail2ban/filter.d/alcasar_intercept.conf ] && rm /etc/fail2ban/filter.d/alcasar_intercept.conf && echo -n "6, " |
[ -e /etc/fail2ban/filter.d/alcasar_change-pwd.conf ] && rm /etc/fail2ban/filter.d/alcasar_change-pwd.conf && echo -n "7, " |
[ -e /lib/systemd/system/fail2ban.service.default ] && mv /lib/systemd/system/fail2ban.service.default /lib/systemd/system/fail2ban.service && echo -n "8" |
sleep 1 |
#cron |
echo -en "\n- cron(9) : " |
[ -e /etc/crontab.default ] && mv /etc/crontab.default /etc/crontab && echo -n "1, " |
[ -e /etc/anacrontab.default ] && mv /etc/anacrontab.default /etc/anacrontab && echo -n "2, " |
[ -e /etc/cron.d/alcasar-mysql ] && rm -f /etc/cron.d/alcasar-mysql && echo -n "3, " |
[ -e /etc/cron.d/alcasar-archive ] && rm -f /etc/cron.d/alcasar-archive && echo -n "4, " |
[ -e /etc/cron.d/alcasar-clean_import ] && rm -f /etc/cron.d/alcasar-clean_import && echo -n "5, " |
[ -e /etc/cron.d/alcasar-distrib-updates ] && rm -f /etc/cron.d/alcasar-distrib-updates && echo -n "6, " |
[ -e /etc/cron.d/freeradius-web ] && rm -f /etc/cron.d/freeradius-web && echo -n "7, " |
[ -e /etc/cron.d/alcasar-watchdog ] && rm -f /etc/cron.d/alcasar-watchdog && echo -n "8, " |
[ -e /etc/cron.d/alcasar-daemon-watchdog ] && rm -f /etc/cron.d/alcasar-daemon-watchdog && echo -n "9" |
sleep 1 |
#gammu-smsd |
echo -en "\n- gammu-smsd(3) : " |
[ -e /etc/gammu_smsd_conf ] && rm -f /etc/gammu_smsd_conf && echo -n "1, " |
[ -e /etc/udev/rules.d/66-huawei.rules ] && rm -f /etc/udev/rules.d/66-huawei.rules && echo -n "2, " |
[ -e /var/log/gammu-smsd ] && rm -rf /var/log/gammu-smsd && echo -n "3" |
sleep 1 |
#network |
echo -en "\n- network(10) : " |
hostname localhost |
CONF_FILE="/usr/local/etc/alcasar.conf" |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
i=0 |
for nic in $EXTIF $INTIF |
do |
i=`expr $i + 1` |
/sbin/ifdown $nic |
[ -e /etc/sysconfig/network-scripts/default-ifcfg-$nic ] && mv -f /etc/sysconfig/network-scripts/default-ifcfg-$nic /etc/sysconfig/network-scripts/ifcfg-$nic && echo -n "$i, " |
done |
[ -e /etc/sysconfig/network.default ] && mv /etc/sysconfig/network.default /etc/sysconfig/network && echo -n "3, " |
[ -e /etc/hosts.default ] && mv /etc/hosts.default /etc/hosts && echo -n "4, " |
[ -e /etc/ntp.conf.default ] && mv /etc/ntp.conf.default /etc/ntp.conf && echo -n "5, " |
[ -e /etc/hosts.allow.default ] && mv /etc/hosts.allow.default /etc/hosts.allow && echo -n "6, " |
[ -e /etc/hosts.deny.default ] && mv /etc/hosts.deny.default /etc/hosts.deny && echo -n "7, " |
[ -e /etc/modprobe.preload.default ] && mv /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "8, " |
[ -e /lib/systemd/system/iptables.service.default ] && mv /lib/systemd/system/iptables.service.default /lib/systemd/system/iptables.service && echo -n "9, " |
[ -e /usr/libexec/iptables.init.default ] && mv /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo -n "10" |
/sbin/ifup $EXTIF |
sleep 1 |
#post_install |
echo -en "\n- post_install(6) : " |
[ -e /etc/mageia-release.default ] && mv /etc/mageia-release.default /etc/mageia-release && echo -n "1, " |
[ -e /etc/ssh/alcasar-banner-ssh ] && rm -f /etc/ssh/alcasar-banner-ssh && echo -n "2, " |
[ -e /etc/ssh/sshd_config.default ] && mv /etc/ssh/sshd_config.default /etc/ssh/sshd_config && echo -n "3, " |
[ -e /etc/bashrc.default ] && mv /etc/bashrc.default /etc/bashrc && echo -n "4, " |
[ -e /etc/sudoers.default ] && mv /etc/sudoers.default /etc/sudoers && echo -n "5, " |
[ -e /lib/systemd/system/alcasar-load_balancing.service ] && rm -f /lib/systemd/system/alcasar-load_balancing.service && echo -n "6" |
sleep 1 |
#nettoyage (on retire les services supprimés ou remplacés dans la nouvelle version) |
echo -en "\n- cleaning() : " |
for rm_fic in /usr/local/bin /usr/local/etc |
do |
rm -rf $rm_fic/alcasar* |
done |
echo |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/scripts/alcasar-url_filter.sh |
---|
0,0 → 1,91 |
#/bin/bash |
# alcasar-url_filter.sh |
# by REXY |
# This script is distributed under the Gnu General Public License (GPL) |
# Active / désactive : safesearch des moteurs de recherche ainsi que le filtrage Youtube |
# Enable / disable : search engines safesearch and Youtube filtering |
# Active / désactive : le filtrage des url contenant une adresse ip à la place d'un nom de domaine |
# Enable / disable : filter of urls containing ip address instead of domain name |
DIR_DG="/etc/dansguardian/lists" |
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf" |
CONF_FILE="/usr/local/etc/alcasar.conf" |
SED="/bin/sed -i" |
safesearch="Off" |
pureip="Off" |
usage="Usage: alcasar-url_filter.sh { -safesearch_on or -safesearch_off } & { -pureip_on or --pureip_off }" |
nb_args=$# |
if [ $nb_args -le 1 ] |
then |
echo "$usage" |
nb_args=0 |
else |
while [ $nb_args -ge 1 ] |
do |
arg=${!nb_args} |
case $arg in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
# Safe search activation |
-safesearch_on | --safesearch_on) |
safesearch="On" |
;; |
# Safe search desactivation |
-safesearch_off | --safesearch_off) |
safesearch="Off" |
;; |
# pure_ip activation |
-pureip_on | --pureip_on) |
pureip="On" |
;; |
# pureip desactivation |
-pureip_off | --pureip_off) |
pureip="Off" |
;; |
*) |
echo "Argument inconnu :$arg"; |
echo "$usage" |
exit 1 |
;; |
esac |
nb_args=$(expr $nb_args - 1) |
done |
if [ $safesearch == "On" ] |
then |
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # on décommente les lignes de regles |
youtube_id=`grep YOUTUBE_ID $CONF_FILE|cut -d"=" -f2` |
$SED "s?\&edufilter=.*?\&edufilter=$youtube_id\"?g" $DIR_DG/urlregexplist |
# add 'nosslsearch' redirection for google searching |
# $SED "/google/d" $DNSMASQ_BL_CONF # remove old google declaration |
# nossl_server=`host -ta nosslsearch.google.com|cut -d" " -f4` # retrieve google nosslsearch ip |
# echo "# nosslsearch redirect server for google" >> $DNSMASQ_BL_CONF |
# for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat |
# do |
# echo "address=/$gg_dnsname/$nossl_server" >> $DNSMASQ_BL_CONF |
# done |
# add 'SafeSearch' redirection for google searching |
$SED "/google/d" $DNSMASQ_BL_CONF # remove old google declaration |
forcesafesearch_server=`host -ta forcesafesearch.google.com|cut -d" " -f4` # retrieve google forcesafesearch ip |
echo "# SafeSearch redirect server for google" >> $DNSMASQ_BL_CONF |
for gg_dnsname in .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gp .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.nf .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tk .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat |
do |
echo "address=/$gg_dnsname/$forcesafesearch_server" >> $DNSMASQ_BL_CONF |
done |
else |
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist |
$SED "/google/d" $DNSMASQ_BL_CONF |
fi |
if [ $pureip == "On" ] |
then |
$SED "s/^\#\*ip$/*ip/g" $DIR_DG/bannedsitelist |
else |
$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist |
fi |
systemctl restart dansguardian |
systemctl restart dnsmasq-blacklist |
fi |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/scripts/alcasar-version.sh |
---|
0,0 → 1,59 |
#!/bin/bash |
# $Id$ |
# alcasar-version-list.sh |
# by Richard REY |
# This script is distributed under the Gnu General Public License (GPL) |
# récupère les versions d'ALCASAR (stable et développement) |
# download the ALCASAR versions (stable / dev) |
VERSION="/var/www/html/VERSION" |
SITE_VERSION="version.alcasar.net" |
MAJ="False" |
DNS_VERSION_L=`dig $SITE_VERSION txt | grep ^$SITE_VERSION | cut -d"\"" -f2` |
DNS_VERSION=`echo $DNS_VERSION_L|cut -d" " -f1` |
MAJ_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f1` |
MIN_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f2` |
UPD_DNS_VERSION=`echo $DNS_VERSION|cut -d"." -f3` |
RUNNING_VERSION=`cat $VERSION|cut -d" " -f1` |
MAJ_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f1` |
MIN_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f2|cut -c1` |
UPD_RUNNING_VERSION=`echo $RUNNING_VERSION|cut -d"." -f3` |
#compare major number |
if [ $MAJ_RUNNING_VERSION -lt $MAJ_DNS_VERSION ] |
then |
MAJ="True" |
fi |
#compare minor number |
if [ $MAJ_RUNNING_VERSION -eq $MAJ_DNS_VERSION ] |
then |
if [ $MIN_RUNNING_VERSION -lt $MIN_DNS_VERSION ] |
then |
MAJ="True" |
fi |
#compare update number |
if [ $MIN_DNS_VERSION -eq $MIN_RUNNING_VERSION ] |
then |
if [ -n "$UPD_DNS_VERSION" ] |
then |
if [ -z "$UPD_RUNNING_VERSION" ] |
then |
MAJ="True" |
else |
if [ $UPD_RUNNING_VERSION -lt $UPD_DNS_VERSION ] |
then |
MAJ="True" |
fi |
fi |
fi |
fi |
fi |
if [ $MAJ = "True" ] |
then |
echo "An updated version is available ($DNS_VERSION)" |
else |
echo "The Running version ($RUNNING_VERSION) is up to date" |
fi |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |