8,7 → 8,8 |
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian) |
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian) |
|
CONF_FILE="/usr/local/etc/alcasar.conf" |
DIR_CONF="/usr/local/etc" |
CONF_FILE="$DIR_CONF/alcasar.conf" |
private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2` |
private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
16,30 → 17,14 |
FILE_tmp="/tmp/fileFilter.txt" |
DIR_DG="/etc/dansguardian/lists" |
DIR_DG_BL="$DIR_DG/blacklists" |
BL_CATEGORIES="/usr/local/etc/alcasar-bl-categories" |
BL_CATEGORIES_ENABLED="/usr/local/etc/alcasar-bl-categories-enabled" |
DIR_DNS_FILTER_AVAILABLE="/usr/local/etc/alcasar-dnsfilter-available" |
DIR_DNS_FILTER_ENABLED="/usr/local/etc/alcasar-dnsfilter-enabled" |
BL_SERVER="cri.univ-tlse1.fr" |
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" |
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" |
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" |
DIR_DNS_FILTER_AVAILABLE="$DIR_CONF/alcasar-dnsfilter-available" |
DIR_DNS_FILTER_ENABLED="$DIR_CONF/alcasar-dnsfilter-enabled" |
BL_SERVER="dsi.ut-capitole.fr" |
SED="/bin/sed -i" |
|
# Récupération de l'archive de la BL Toulouse |
function transfert () { |
mkdir -p $DIR_tmp |
cd $DIR_tmp |
wget http://$BL_SERVER/blacklists/download/blacklists.tar.gz |
} |
# Décompression de la BL (en conservant la WL) |
function install () { |
[ -d $DIR_DG ] || mkdir -p $DIR_DG |
[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp |
[ -d $DIR_DG_BL/ip ] && mv -f $DIR_DG_BL/ip $DIR_tmp |
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/ |
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/ |
[ -d $DIR_tmp/ip ] && mv -f $DIR_tmp/ip $DIR_DG_BL/ |
cd /root |
rm -rf $DIR_tmp |
} |
# Permet d'activer/désactiver les catégories de la BL |
function cat_choice (){ |
# un peu de ménage |
55,12 → 40,11 |
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # dansguardian s'occupe du contournement par proxy http ;-) |
echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist |
done |
sort -k2n $BL_CATEGORIES > $FILE_tmp |
sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp |
mv $FILE_tmp $BL_CATEGORIES |
} |
function bl_enable (){ |
$SED "s/^reportinglevel =.*/reportinglevel = 3/g" /etc/dansguardian/dansguardian.conf |
$SED "s?^#\"?\"?g" $DIR_DG/urlregexplist # Enable 'safesearch' |
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage |
then |
service dansguardian restart |
71,7 → 55,6 |
function bl_disable (){ |
rm -rf $DIR_DNS_FILTER_ENABLED/* |
$SED "s/^reportinglevel =.*/reportinglevel = -1/g" /etc/dansguardian/dansguardian.conf |
$SED "s?^[^#]?#&?g" $DIR_DG/urlregexplist # Disable 'safesearch' |
if [ "$PARENT_SCRIPT" != "/usr/local/bin/alcasar-conf.sh" ] # don't launch on install stage |
then |
service dansguardian restart |
111,7 → 94,7 |
$SED "s?^DNS_FILTERING.*?DNS_FILTERING=off?g" $CONF_FILE |
bl_disable |
;; |
# Mise a jour de la blacklist 'Toulouse' (attente validation md5 avant adaptation à notre structure) |
# Récupération de l'archive de la BL Toulouse |
-download | --download) |
rm -rf /tmp/con_ok.html |
`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html` |
119,18 → 102,47 |
then |
echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable" |
else |
transfert |
install |
rm -rf /tmp/con_ok.html $DIR_tmp |
mkdir $DIR_tmp |
cd $DIR_tmp |
wget http://$BL_SERVER/blacklists/download/blacklists.tar.gz |
md5sum $DIR_tmp/blacklists.tar.gz | cut -d" " -f1 > $DIR_tmp/md5sum |
cd /root |
fi |
;; |
# Adaptation de la BL de Toulouse à notre structure (dnsmasq + DG) |
-adapt | --adapt) |
if [ -f $DIR_tmp/blacklists.tar.gz ] |
then |
[ -d $DIR_DG_BL/ossi ] && mv -f $DIR_DG_BL/ossi $DIR_tmp |
rm -rf $DIR_DG_BL |
mkdir $DIR_DG_BL |
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/ |
[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/ |
rm -rf $DIR_tmp |
chown -R dansguardian:apache $DIR_DG |
chmod -R g+w $DIR_DG |
rm -rf /tmp/con_ok.html |
fi |
;; |
# Adaptation de la BL à notre structure (dnsmasq + DG) |
-adapt | --adapt) |
find $DIR_DG_BL/ -type f -name domains > $BL_CATEGORIES # On récupère le nom des répertoire (catégories) |
$SED "s?\/domains??g" $BL_CATEGORIES # On supprime le suffice "/domains" |
rm -f $DIR_DNS_FILTER_AVAILABLE/* |
rm -f $BL_CATEGORIES $WL_CATEGORIES $DIR_DNS_FILTER_AVAILABLE/* |
touch $BL_CATEGORIES $WL_CATEGORIES |
find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # On récupère le nom des répertoire (catégories) |
$SED "s?\/domains??g" $FILE_tmp # On supprime le suffixe "/domains" |
for categorie in `cat $FILE_tmp` # creation des deux fichiers de categories (BL / WL) |
do |
if [ -e $categorie/usage ] |
then |
is_whitelist=`grep white $categorie/usage|wc -l` |
else |
is_whitelist=0 # si le fichier 'usage' n'existe pas, on considère que la catégorie est une BL |
fi |
if [ $is_whitelist -eq "0" ] |
then |
echo "$categorie" >> $BL_CATEGORIES |
else |
echo "$categorie" >> $WL_CATEGORIES |
fi |
done |
rm -f $FILE_tmp |
echo -n "Toulouse BlackList migration process. Please wait : " |
for PATH_FILE in `cat $BL_CATEGORIES` # pour chaque catégorie |
do |
141,16 → 153,16 |
chown dansguardian:apache $PATH_FILE/urls |
fi |
# suppression des @IP, de caractères acccentués et des lignes commentées |
egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > /tmp/dnsmasq-bl.tmp |
$SED "/[äâëêïîöôüû]/d" /tmp/dnsmasq-bl.tmp |
$SED "/^#.*/d" /tmp/dnsmasq-bl.tmp |
$SED "s?.*?address=/&/$PRIVATE_IP?g" /tmp/dnsmasq-bl.tmp # Mise en forme dnsmasq |
egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" $PATH_FILE/domains > $FILE_tmp |
$SED "/[äâëêïîöôüû]/d" $FILE_tmp |
$SED "/^#.*/d" $FILE_tmp |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp # Mise en forme dnsmasq |
DOMAINE=`basename $PATH_FILE` |
mv /tmp/dnsmasq-bl.tmp $DIR_DNS_FILTER_AVAILABLE/$DOMAINE.conf |
mv $FILE_tmp $DIR_DNS_FILTER_AVAILABLE/$DOMAINE.conf |
done |
echo |
;; |
# regénération suite à modification de la BL secondaire ou du choix des catégories |
# regénération suite à modification du choix des catégories |
-reload | --reload) |
# pour Dansguardian |
chown -R dansguardian:apache $DIR_DG_BL/ossi |
166,12 → 178,6 |
fi |
cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_FILTER_AVAILABLE/ossi.conf |
$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_FILTER_AVAILABLE/ossi.conf |
IP_PURE=`grep '^ip' $BL_CATEGORIES_ENABLED|wc -l` |
if [ $IP_PURE -eq "1" ]; then # filtrage des url sans nom de domaine |
$SED "s/^\#\*ip$/*ip/g" $DIR_DG/bannedsitelist |
else |
$SED "s/^\*ip$/#*ip/g" $DIR_DG/bannedsitelist |
fi |
DNS_FILTERING=`grep DNS_FILTERING $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off) |
DNS_FILTERING=${DNS_FILTERING:=off} |
if [ $DNS_FILTERING = on ]; then |