WebSVN – ALCASAR – Diff – /scripts/alcasar-bl.sh


#/bin/bash
 
# $Id: alcasar-bl.sh 1870 2016-05-04 14:55:06Z raphael.pion $
 
# alcasar-bl.sh
# by Franck BOUIJOUX and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
 
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian)
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian)
 
DIR_CONF="/usr/local/etc"
CONF_FILE="$DIR_CONF/alcasar.conf"
private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1`			# ALCASAR LAN IP address
DIR_tmp="/tmp/blacklists"
DIR_WL_tmp="/tmp/whitelists"
FILE_tmp="/tmp/filesfilter.txt"
FILE_ip_tmp="/tmp/filesipfilter.txt"
DIR_DG="/etc/dansguardian/lists"
DIR_DG_BL="$DIR_DG/blacklists"
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories"				# list of names of the 	BL categories
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories"				#'	'		WL	'
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled"		#	'	'	BL enabled categories
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled"		#	'	'	WL enabled categories
DIR_SHARE="/usr/local/share"
DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl"					# all the BL in the DNSMASQ format
DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl"					# all the WL	'	'	'
DIR_IP_BL="$DIR_SHARE/iptables-bl"					# all the IP addresses of the BL 
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled"			# symbolic link to the domains BL (only enabled categories)
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled"			#	'	'	'	WL	'	'	'
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled"			#	'	'	ip BL (only enabled categories)
DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled"			#	'	'	ip WL (ossi and ossi-* imported from ACC)
DIR_IP_WL="$DIR_SHARE/iptables-wl-enabled"			#	'	'	ip WL (ossi and ossi-* imported from ACC)
DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf"				# conf file of dnsmasq-blacklist
DNS1=`grep "DNS1" $CONF_FILE | cut -d '=' -f 2` 			# server DNS1 (for WL domain names)
BL_SERVER="dsi.ut-capitole.fr"
SED="/bin/sed -i"
 
# enable/disable the BL & WL categories
function cat_choice (){
	# saving ossi category
	mkdir $DIR_tmp
	cp $DIR_IP_BL/ossi $DIR_tmp
 
	#ip BL ENABLE
	if [ -d $DIR_IP_BL_ENABLED ]
	then
		for file in `ls -1 $DIR_IP_BL_ENABLED | grep -v "^ossi-*"`
		do
			rm -f $DIR_IP_BL_ENABLED/$file
		done
	else
		mkdir $DIR_IP_BL_ENABLED
		chown apache $DIR_IP_BL_ENABLED
	fi
	
	
	#dns BL ENABLED
	if [ -d $DIR_DNS_BL_ENABLED ]
	then
		for file in `ls -1 $DIR_DNS_BL_ENABLED | grep -v "^ossi-*"`
		do
			rm -f $DIR_DNS_BL_ENABLED/$file
		done
	else
		mkdir $DIR_DNS_BL_ENABLED
		chown apache $DIR_DNS_BL_ENABLED
	fi
	
	
	#ip WL ENABLE
	if [ -d $DIR_IP_WL_ENABLED ]
	then
		for file in `ls -1 $DIR_IP_WL_ENABLED | grep -v "^ossi*"`
		do
			rm -f $DIR_IP_WL_ENABLED/$file
		done
	else
		mkdir $DIR_IP_WL_ENABLED
		chown apache $DIR_IP_WL_ENABLED
		touch $DIR_IP_WL_ENABLED/ossi
		chown apache $DIR_IP_WL_ENABLED/ossi
	fi
 
	#dns WL ENABLED
	if [ -d $DIR_DNS_WL_ENABLED ]
	then
		for file in `ls -1 $DIR_DNS_WL_ENABLED | grep -v "^ossi-*"`
		do
			rm -f $DIR_DNS_WL_ENABLED/$file
		done
	else
		mkdir $DIR_DNS_WL_ENABLED
		chown apache $DIR_DNS_WL_ENABLED
	fi
	
	#dns WL ossi.conf 
	if [ ! -e $DIR_DNS_WL/ossi.conf ]
	then
		touch $DIR_DNS_WL/ossi.conf
		chown apache $DIR_DNS_WL/ossi.conf
		ln -s $DIR_DNS_WL/ossi.conf $DIR_DNS_WL_ENABLED/ossi
	fi
 
	# update categories with rsync
	if [ ! -e $DIR_CONF/update_cat.conf ]
	then
		touch $DIR_CONF/update_cat.conf
		chown root:apache $DIR_CONF/update_cat.conf
		chmod 660 $DIR_CONF/update_cat.conf
	fi
	
	$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG
	$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines)
	# process the file $BL_CATEGORIES with the choice of categories 
	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` 
	do
		$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES 
		$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
		ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE
		ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE
		# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist  # Blacklisted domains are managed by dnsmasq
		echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist
	done
	sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp
	mv $FILE_tmp $BL_CATEGORIES
	# process the file $WL_CATEGORIES with the choice of categories 
	for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED` 
	do
		$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES 
		$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES
		ln -sf $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE
	done
	sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp
	mv $FILE_tmp $WL_CATEGORIES
	
	# restoring ip files and ossi category BL/WL
	mv $DIR_tmp/ossi $DIR_IP_BL
	chown apache $DIR_IP_BL/ossi
	rm -rf $DIR_tmp
	
}
 
usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } | { -download or --download } | { -adapt or --adapt } | { -reload or --reload } | { -update_cat or --update_cat }"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
	  args="-h"
fi
case $args in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	# Retrieve Toulouse BL
	-download | --download)
		rm -rf /tmp/con_ok.html
		`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`
		if [ ! -e /tmp/con_ok.html ]
		then
			echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable"
		else 
			rm -rf /tmp/con_ok.html $DIR_tmp
			mkdir $DIR_tmp
			wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz
			md5sum $DIR_tmp/blacklists.tar.gz | cut -d" " -f1 > $DIR_tmp/md5sum
			chown -R apache:apache $DIR_tmp
		fi
		;;		
	# enable/disable categories (used only during the alcasar install process)
	-cat_choice | --cat_choice)
		cat_choice
		;;
	# Adapt Toulouse BL to ALCASAR architecture (dnsmasq + DG + iptables)
	-adapt | --adapt)
		echo -n "Toulouse BlackList migration process. Please wait : "
	
	
		if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL
		then
			[ -d $DIR_DG_BL/ossi ] && mv $DIR_DG_BL/ossi $DIR_tmp
			[ -e $DIR_IP_BL/ossi ] && mv $DIR_IP_BL/ossi $DIR_tmp/ossi-ip-bl
			rm -rf $DIR_DG_BL $DIR_IP_BL
			mkdir $DIR_DG_BL $DIR_IP_BL
			tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
			[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/
		fi
		rm -f $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED
		rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL
		touch $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED
		mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL
		chown -R dansguardian:apache $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED
		chmod -R g+w $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED
		find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist
		$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix
		for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files
		do
			categorie=`echo $dir_categorie|cut -d "/" -f6`
			categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie $DIR_DG_BL/global_usage | grep ^DEFAULT_TYPE | cut -d":" -f2 | tr -d " \t"`
			if [ "$categorie_type" == "white" ]
			then
				echo "$dir_categorie" >> $WL_CATEGORIES 
				echo `basename $dir_categorie` >> $WL_CATEGORIES_ENABLED  # by default all WL are enabled 
			fi
			echo "$dir_categorie" >> $BL_CATEGORIES # By default all categories are in BL
		done
		rm -f $FILE_tmp
		# Verify that the enabled categories are effectively in the BL (need after an update of the BL)
		for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED` 
		do
			ok=`grep /$ENABLE_CATEGORIE$ $BL_CATEGORIES|wc -l`
			if [ $ok != "1" ] 
			then
				$SED "/^$ENABLE_CATEGORIE$/d" $BL_CATEGORIES_ENABLED
			fi
		done
		# Creation of DNSMASQ and Iptables BL and WL
		for LIST in $BL_CATEGORIES $WL_CATEGORIES	# for each list (bl and wl)
		do
			for PATH_FILE in `cat $LIST` # for each category
			do
				DOMAINE=`basename $PATH_FILE`
				echo -n "$DOMAINE, "
		  		if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist
				then
					touch $PATH_FILE/urls
					chown dansguardian:apache $PATH_FILE/urls
				fi
				$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors
				# extract ip addresses for iptables
				awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp
				# for dnsmask, remove IP addesses, accented characters and commented lines.
				egrep  -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp
				$SED "/[äâëêïîöôüû]/d" $FILE_tmp
				$SED "/^#.*/d" $FILE_tmp
				if [ "$LIST" == "$BL_CATEGORIES" ]
				then
					# adapt to the dnsmasq syntax for the blacklist
					$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp 
					mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf
					mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE
				else
					# adapt to the dnsmasq syntax for the whitelist
					$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp 
					mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf
				fi
			done
		done
		rm -f $FILE_tmp $FILE_ip_tmp
		# Restoring ossi file of BL IP
		[ -e $DIR_tmp/ossi-ip-bl ] && mv $DIR_tmp/ossi-ip-bl $DIR_IP_BL/ossi
		rm -rf $DIR_tmp
		echo
		;;
		#mise a jour d'une categorie avec rsync
		-update_cat | --update_cat)
		
		echo -n "Updating categories in /usr/local/etc/update_cat.conf ..."
 
		
		for LIGNE_RSYNC in $(cat /usr/local/etc/update_cat.conf)
		do
 
		$CATEGORIE=$(echo $LIGNE_RSYNC | cut -d' ' -f0)
		$URL=$(echo $LIGNE_RSYNC | cut -d' ' -f1)
	
		PATH_FILE=$(find $DIR_DG_BL/ -type d -name $CATEGORIE) # retrieve directory name of the category
		echo "rsync -rv $URL $(dirname $PATH_FILE )" #rsync inside of the blacklist directory
		echo $PATH_FILE
		
		# Creation of DNSMASQ and Iptables BL and WL
		DOMAINE=$(basename $PATH_FILE)
		
		$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors
		# extract ip addresses for iptables
		awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp
		# for dnsmask, remove IP addesses, accented characters and commented lines.
		egrep  -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp
		$SED "/[äâëêïîöôüû]/d" $FILE_tmp
		$SED "/^#.*/d" $FILE_tmp
		
		black=`grep black $PATH_FILE/usage |wc -l`
		if [ $black == "1" ]
		then
			# adapt to the dnsmasq syntax for the blacklist
			$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp 
			mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf
			mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE
 
		else
			# adapt to the dnsmasq syntax for the whitelist
			$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp 
			mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf
 
		fi
 
		rm -f $FILE_tmp $FILE_ip_tmp
 
		done
		
		/usr/bin/systemctl restart dnsmasq-whitelist
		/usr/bin/systemctl restart dnsmasq-blacklist
		/usr/bin/systemctl restart dansguardian
		/usr/local/bin/alcasar-iptables.sh
		
		echo "MAJ RSYNC réussie"
	
 
 
 
		;;
	# reload when categories are changed 
	-reload | --reload)
		# for DG
		chown -R dansguardian:apache $DIR_DG_BL/ossi
		chmod -R g+w $DIR_DG_BL/ossi
		cat_choice
		#  for dnsmasq (rehabited domain names)
		if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ]
		then
			for i in `cat $DIR_DG/exceptionsitelist`
			do
				$SED "/$i/d" $DIR_DNS_BL/*
			done
		fi
		cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_BL/ossi.conf
		$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_BL/ossi.conf
		$SED "s?.*?server=/&/$DNS1?g" $DIR_DNS_WL/ossi.conf
		
		/usr/bin/systemctl restart dnsmasq-blacklist
		/usr/bin/systemctl restart dnsmasq-whitelist
		/usr/local/bin/alcasar-iptables.sh
		;;
	*)
		echo "Argument inconnu :$1";
		echo "$usage"
		exit 1
		;;
esac
 
 
 
 

Rev 1867	Rev 1870
1	`#/bin/bash`	1	`#/bin/bash`
2		2
3	`# $Id: alcasar-bl.sh 1867 2016-05-04 12:22:08Z raphael.pion $`	3	`# $Id: alcasar-bl.sh 1870 2016-05-04 14:55:06Z raphael.pion $`
4		4
5	`# alcasar-bl.sh`	5	`# alcasar-bl.sh`
6	`# by Franck BOUIJOUX and Richard REY`	6	`# by Franck BOUIJOUX and Richard REY`
7	`# This script is distributed under the Gnu General Public License (GPL)`	7	`# This script is distributed under the Gnu General Public License (GPL)`
8		8
9	`# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian)`	9	`# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via Dansguardian)`
10	`# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian)`	10	`# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (Dansguardian)`
11		11
12	`DIR_CONF="/usr/local/etc"`	12	`DIR_CONF="/usr/local/etc"`
13	`CONF_FILE="$DIR_CONF/alcasar.conf"`	13	`CONF_FILE="$DIR_CONF/alcasar.conf"`
14	private_ip_mask=`grep PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`	14	private_ip_mask=`grep PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`
15	`private_ip_mask=${private_ip_mask:=192.168.182.1/24}`	15	`private_ip_mask=${private_ip_mask:=192.168.182.1/24}`
16	PRIVATE_IP=`echo $private_ip_mask \| cut -d"/" -f1` # ALCASAR LAN IP address	16	PRIVATE_IP=`echo $private_ip_mask \| cut -d"/" -f1` # ALCASAR LAN IP address
17	`DIR_tmp="/tmp/blacklists"`	17	`DIR_tmp="/tmp/blacklists"`
18	`DIR_WL_tmp="/tmp/whitelists"`	18	`DIR_WL_tmp="/tmp/whitelists"`
19	`FILE_tmp="/tmp/filesfilter.txt"`	19	`FILE_tmp="/tmp/filesfilter.txt"`
20	`FILE_ip_tmp="/tmp/filesipfilter.txt"`	20	`FILE_ip_tmp="/tmp/filesipfilter.txt"`
21	`DIR_DG="/etc/dansguardian/lists"`	21	`DIR_DG="/etc/dansguardian/lists"`
22	`DIR_DG_BL="$DIR_DG/blacklists"`	22	`DIR_DG_BL="$DIR_DG/blacklists"`
23	`BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories`	23	`BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories`
24	`WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" #' ' WL '`	24	`WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" #' ' WL '`
25	`BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" # ' ' BL enabled categories`	25	`BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" # ' ' BL enabled categories`
26	`WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled" # ' ' WL enabled categories`	26	`WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled" # ' ' WL enabled categories`
27	`DIR_SHARE="/usr/local/share"`	27	`DIR_SHARE="/usr/local/share"`
28	`DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl" # all the BL in the DNSMASQ format`	28	`DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl" # all the BL in the DNSMASQ format`
29	`DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl" # all the WL ' ' '`	29	`DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl" # all the WL ' ' '`
30	`DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL`	30	`DIR_IP_BL="$DIR_SHARE/iptables-bl" # all the IP addresses of the BL`
31	`DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the domains BL (only enabled categories)`	31	`DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled" # symbolic link to the domains BL (only enabled categories)`
32	`DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' ' '`	32	`DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled" # ' ' ' WL ' ' '`
33	`DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories)`	33	`DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled" # ' ' ip BL (only enabled categories)`
34	`DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled" # ' ' ip WL (ossi and ossi-* imported from ACC)`	34	`DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled" # ' ' ip WL (ossi and ossi-* imported from ACC)`
35	`DIR_IP_WL="$DIR_SHARE/iptables-wl-enabled" # ' ' ip WL (ossi and ossi-* imported from ACC)`	35	`DIR_IP_WL="$DIR_SHARE/iptables-wl-enabled" # ' ' ip WL (ossi and ossi-* imported from ACC)`
36	`DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf" # conf file of dnsmasq-blacklist`	36	`DNSMASQ_BL_CONF="/etc/dnsmasq-blacklist.conf" # conf file of dnsmasq-blacklist`
37	DNS1=`grep "DNS1" $CONF_FILE \| cut -d '=' -f 2` # server DNS1 (for WL domain names)	37	DNS1=`grep "DNS1" $CONF_FILE \| cut -d '=' -f 2` # server DNS1 (for WL domain names)
38	`BL_SERVER="dsi.ut-capitole.fr"`	38	`BL_SERVER="dsi.ut-capitole.fr"`
39	`SED="/bin/sed -i"`	39	`SED="/bin/sed -i"`
40		40
41	`# enable/disable the BL & WL categories`	41	`# enable/disable the BL & WL categories`
42	`function cat_choice (){`	42	`function cat_choice (){`
43	`# saving ossi category`	43	`# saving ossi category`
44	`mkdir $DIR_tmp`	44	`mkdir $DIR_tmp`
45	`cp $DIR_IP_BL/ossi $DIR_tmp`	45	`cp $DIR_IP_BL/ossi $DIR_tmp`
46		46
47	`#ip BL ENABLE`	47	`#ip BL ENABLE`
48	`if [ -d $DIR_IP_BL_ENABLED ]`	48	`if [ -d $DIR_IP_BL_ENABLED ]`
49	`then`	49	`then`
50	for file in `ls -1 $DIR_IP_BL_ENABLED \| grep -v "^ossi-*"`	50	for file in `ls -1 $DIR_IP_BL_ENABLED \| grep -v "^ossi-*"`
51	`do`	51	`do`
52	`rm -f $DIR_IP_BL_ENABLED/$file`	52	`rm -f $DIR_IP_BL_ENABLED/$file`
53	`done`	53	`done`
54	`else`	54	`else`
55	`mkdir $DIR_IP_BL_ENABLED`	55	`mkdir $DIR_IP_BL_ENABLED`
56	`chown apache $DIR_IP_BL_ENABLED`	56	`chown apache $DIR_IP_BL_ENABLED`
57	`fi`	57	`fi`
58		58
59		59
60	`#dns BL ENABLED`	60	`#dns BL ENABLED`
61	`if [ -d $DIR_DNS_BL_ENABLED ]`	61	`if [ -d $DIR_DNS_BL_ENABLED ]`
62	`then`	62	`then`
63	for file in `ls -1 $DIR_DNS_BL_ENABLED \| grep -v "^ossi-*"`	63	for file in `ls -1 $DIR_DNS_BL_ENABLED \| grep -v "^ossi-*"`
64	`do`	64	`do`
65	`rm -f $DIR_DNS_BL_ENABLED/$file`	65	`rm -f $DIR_DNS_BL_ENABLED/$file`
66	`done`	66	`done`
67	`else`	67	`else`
68	`mkdir $DIR_DNS_BL_ENABLED`	68	`mkdir $DIR_DNS_BL_ENABLED`
69	`chown apache $DIR_DNS_BL_ENABLED`	69	`chown apache $DIR_DNS_BL_ENABLED`
70	`fi`	70	`fi`
71		71
72		72
73	`#ip WL ENABLE`	73	`#ip WL ENABLE`
74	`if [ -d $DIR_IP_WL_ENABLED ]`	74	`if [ -d $DIR_IP_WL_ENABLED ]`
75	`then`	75	`then`
76	for file in `ls -1 $DIR_IP_WL_ENABLED \| grep -v "^ossi*"`	76	for file in `ls -1 $DIR_IP_WL_ENABLED \| grep -v "^ossi*"`
77	`do`	77	`do`
78	`rm -f $DIR_IP_WL_ENABLED/$file`	78	`rm -f $DIR_IP_WL_ENABLED/$file`
79	`done`	79	`done`
80	`else`	80	`else`
81	`mkdir $DIR_IP_WL_ENABLED`	81	`mkdir $DIR_IP_WL_ENABLED`
82	`chown apache $DIR_IP_WL_ENABLED`	82	`chown apache $DIR_IP_WL_ENABLED`
83	`touch $DIR_IP_WL_ENABLED/ossi`	83	`touch $DIR_IP_WL_ENABLED/ossi`
84	`chown apache $DIR_IP_WL_ENABLED/ossi`	84	`chown apache $DIR_IP_WL_ENABLED/ossi`
85	`fi`	85	`fi`
86		86
87	`#dns WL ENABLED`	87	`#dns WL ENABLED`
88	`if [ -d $DIR_DNS_WL_ENABLED ]`	88	`if [ -d $DIR_DNS_WL_ENABLED ]`
89	`then`	89	`then`
90	for file in `ls -1 $DIR_DNS_WL_ENABLED \| grep -v "^ossi-*"`	90	for file in `ls -1 $DIR_DNS_WL_ENABLED \| grep -v "^ossi-*"`
91	`do`	91	`do`
92	`rm -f $DIR_DNS_WL_ENABLED/$file`	92	`rm -f $DIR_DNS_WL_ENABLED/$file`
93	`done`	93	`done`
94	`else`	94	`else`
95	`mkdir $DIR_DNS_WL_ENABLED`	95	`mkdir $DIR_DNS_WL_ENABLED`
96	`chown apache $DIR_DNS_WL_ENABLED`	96	`chown apache $DIR_DNS_WL_ENABLED`
97	`fi`	97	`fi`
98		98
99	`#dns WL ossi.conf`	99	`#dns WL ossi.conf`
100	`if [ ! -e $DIR_DNS_WL/ossi.conf ]`	100	`if [ ! -e $DIR_DNS_WL/ossi.conf ]`
101	`then`	101	`then`
102	`touch $DIR_DNS_WL/ossi.conf`	102	`touch $DIR_DNS_WL/ossi.conf`
103	`chown apache $DIR_DNS_WL/ossi.conf`	103	`chown apache $DIR_DNS_WL/ossi.conf`
104	`ln -s $DIR_DNS_WL/ossi.conf $DIR_DNS_WL_ENABLED/ossi`	104	`ln -s $DIR_DNS_WL/ossi.conf $DIR_DNS_WL_ENABLED/ossi`
105	`fi`	105	`fi`
106		106
-		107	`# update categories with rsync`
-		108	`if [ ! -e $DIR_CONF/update_cat.conf ]`
-		109	`then`
-		110	`touch $DIR_CONF/update_cat.conf`
-		111	`chown root:apache $DIR_CONF/update_cat.conf`
-		112	`chmod 660 $DIR_CONF/update_cat.conf`
107		113	`fi`
108		114
109	`$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG`	115	`$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG`
110	`$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines)`	116	`$SED "s?^[^#]?#&?g" $BL_CATEGORIES $WL_CATEGORIES # cleaning BL & WL categories file (comment all lines)`
111	`# process the file $BL_CATEGORIES with the choice of categories`	117	`# process the file $BL_CATEGORIES with the choice of categories`
112	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`	118	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
113	`do`	119	`do`
114	`$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES`	120	`$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES`
115	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES`	121	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES`
116	`ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE`	122	`ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE`
117	`ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE`	123	`ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE`
118	`# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # Blacklisted domains are managed by dnsmasq`	124	`# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist # Blacklisted domains are managed by dnsmasq`
119	`echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist`	125	`echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist`
120	`done`	126	`done`
121	`sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp`	127	`sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp`
122	`mv $FILE_tmp $BL_CATEGORIES`	128	`mv $FILE_tmp $BL_CATEGORIES`
123	`# process the file $WL_CATEGORIES with the choice of categories`	129	`# process the file $WL_CATEGORIES with the choice of categories`
124	for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`	130	for ENABLE_CATEGORIE in `cat $WL_CATEGORIES_ENABLED`
125	`do`	131	`do`
126	`$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES`	132	`$SED "/\/$ENABLE_CATEGORIE$/d" $WL_CATEGORIES`
127	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES`	133	`$SED "1i\/etc\/dansguardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $WL_CATEGORIES`
128	`ln -sf $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE`	134	`ln -sf $DIR_DNS_WL/$ENABLE_CATEGORIE.conf $DIR_DNS_WL_ENABLED/$ENABLE_CATEGORIE`
129	`done`	135	`done`
130	`sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp`	136	`sort +0.0 -0.2 $WL_CATEGORIES -o $FILE_tmp`
131	`mv $FILE_tmp $WL_CATEGORIES`	137	`mv $FILE_tmp $WL_CATEGORIES`
132		138
133	`# restoring ip files and ossi category BL/WL`	139	`# restoring ip files and ossi category BL/WL`
134	`mv $DIR_tmp/ossi $DIR_IP_BL`	140	`mv $DIR_tmp/ossi $DIR_IP_BL`
135	`chown apache $DIR_IP_BL/ossi`	141	`chown apache $DIR_IP_BL/ossi`
136	`rm -rf $DIR_tmp`	142	`rm -rf $DIR_tmp`
137		143
138	`}`	144	`}`
139		145
140	`usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } \| { -download or --download } \| { -adapt or --adapt } \| { -reload or --reload } \| { -update_cat or --update_cat } & categorie & url_rsync"`	146	`usage="Usage: alcasar-bl.sh { -cat_choice or --cat_choice } \| { -download or --download } \| { -adapt or --adapt } \| { -reload or --reload } \| { -update_cat or --update_cat }"`
141	`nb_args=$#`	147	`nb_args=$#`
142	`args=$1`	148	`args=$1`
143	`if [ $nb_args -eq 0 ]`	149	`if [ $nb_args -eq 0 ]`
144	`then`	150	`then`
145	`args="-h"`	151	`args="-h"`
146	`fi`	152	`fi`
147	`case $args in`	153	`case $args in`
148	`-\? \| -h* \| --h*)`	154	`-\? \| -h* \| --h*)`
149	`echo "$usage"`	155	`echo "$usage"`
150	`exit 0`	156	`exit 0`
151	`;;`	157	`;;`
152	`# Retrieve Toulouse BL`	158	`# Retrieve Toulouse BL`
153	`-download \| --download)`	159	`-download \| --download)`
154	`rm -rf /tmp/con_ok.html`	160	`rm -rf /tmp/con_ok.html`
155	`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`	161	`/usr/bin/curl $BL_SERVER -# -o /tmp/con_ok.html`
156	`if [ ! -e /tmp/con_ok.html ]`	162	`if [ ! -e /tmp/con_ok.html ]`
157	`then`	163	`then`
158	`echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable"`	164	`echo "Erreur : le serveur de blacklist ($BL_SERVER) n'est pas joignable"`
159	`else`	165	`else`
160	`rm -rf /tmp/con_ok.html $DIR_tmp`	166	`rm -rf /tmp/con_ok.html $DIR_tmp`
161	`mkdir $DIR_tmp`	167	`mkdir $DIR_tmp`
162	`wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz`	168	`wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz`
163	`md5sum $DIR_tmp/blacklists.tar.gz \| cut -d" " -f1 > $DIR_tmp/md5sum`	169	`md5sum $DIR_tmp/blacklists.tar.gz \| cut -d" " -f1 > $DIR_tmp/md5sum`
164	`chown -R apache:apache $DIR_tmp`	170	`chown -R apache:apache $DIR_tmp`
165	`fi`	171	`fi`
166	`;;`	172	`;;`
167	`# enable/disable categories (used only during the alcasar install process)`	173	`# enable/disable categories (used only during the alcasar install process)`
168	`-cat_choice \| --cat_choice)`	174	`-cat_choice \| --cat_choice)`
169	`cat_choice`	175	`cat_choice`
170	`;;`	176	`;;`
171	`# Adapt Toulouse BL to ALCASAR architecture (dnsmasq + DG + iptables)`	177	`# Adapt Toulouse BL to ALCASAR architecture (dnsmasq + DG + iptables)`
172	`-adapt \| --adapt)`	178	`-adapt \| --adapt)`
173	`echo -n "Toulouse BlackList migration process. Please wait : "`	179	`echo -n "Toulouse BlackList migration process. Please wait : "`
174		180
175		181
176	`if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL`	182	`if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL`
177	`then`	183	`then`
178	`[ -d $DIR_DG_BL/ossi ] && mv $DIR_DG_BL/ossi $DIR_tmp`	184	`[ -d $DIR_DG_BL/ossi ] && mv $DIR_DG_BL/ossi $DIR_tmp`
179	`[ -e $DIR_IP_BL/ossi ] && mv $DIR_IP_BL/ossi $DIR_tmp/ossi-ip-bl`	185	`[ -e $DIR_IP_BL/ossi ] && mv $DIR_IP_BL/ossi $DIR_tmp/ossi-ip-bl`
180	`rm -rf $DIR_DG_BL $DIR_IP_BL`	186	`rm -rf $DIR_DG_BL $DIR_IP_BL`
181	`mkdir $DIR_DG_BL $DIR_IP_BL`	187	`mkdir $DIR_DG_BL $DIR_IP_BL`
182	`tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/`	188	`tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/`
183	`[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/`	189	`[ -d $DIR_tmp/ossi ] && mv -f $DIR_tmp/ossi $DIR_DG_BL/`
184	`fi`	190	`fi`
185	`rm -f $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED`	191	`rm -f $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED`
186	`rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL`	192	`rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL`
187	`touch $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED`	193	`touch $BL_CATEGORIES $WL_CATEGORIES $WL_CATEGORIES_ENABLED`
188	`mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL`	194	`mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL`
189	`chown -R dansguardian:apache $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED`	195	`chown -R dansguardian:apache $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED`
190	`chmod -R g+w $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED`	196	`chmod -R g+w $DIR_DG $BL_CATEGORIES $WL_CATEGORIES $BL_CATEGORIES_ENABLED $WL_CATEGORIES_ENABLED`
191	`find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist`	197	`find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist`
192	`$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix`	198	`$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix`
193	for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files	199	for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files
194	`do`	200	`do`
195	categorie=`echo $dir_categorie\|cut -d "/" -f6`	201	categorie=`echo $dir_categorie\|cut -d "/" -f6`
196	categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie $DIR_DG_BL/global_usage \| grep ^DEFAULT_TYPE \| cut -d":" -f2 \| tr -d " \t"`	202	categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie $DIR_DG_BL/global_usage \| grep ^DEFAULT_TYPE \| cut -d":" -f2 \| tr -d " \t"`
197	`if [ "$categorie_type" == "white" ]`	203	`if [ "$categorie_type" == "white" ]`
198	`then`	204	`then`
199	`echo "$dir_categorie" >> $WL_CATEGORIES`	205	`echo "$dir_categorie" >> $WL_CATEGORIES`
200	echo `basename $dir_categorie` >> $WL_CATEGORIES_ENABLED # by default all WL are enabled	206	echo `basename $dir_categorie` >> $WL_CATEGORIES_ENABLED # by default all WL are enabled
201	`fi`	207	`fi`
202	`echo "$dir_categorie" >> $BL_CATEGORIES # By default all categories are in BL`	208	`echo "$dir_categorie" >> $BL_CATEGORIES # By default all categories are in BL`
203	`done`	209	`done`
204	`rm -f $FILE_tmp`	210	`rm -f $FILE_tmp`
205	`# Verify that the enabled categories are effectively in the BL (need after an update of the BL)`	211	`# Verify that the enabled categories are effectively in the BL (need after an update of the BL)`
206	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`	212	for ENABLE_CATEGORIE in `cat $BL_CATEGORIES_ENABLED`
207	`do`	213	`do`
208	ok=`grep /$ENABLE_CATEGORIE$ $BL_CATEGORIES\|wc -l`	214	ok=`grep /$ENABLE_CATEGORIE$ $BL_CATEGORIES\|wc -l`
209	`if [ $ok != "1" ]`	215	`if [ $ok != "1" ]`
210	`then`	216	`then`
211	`$SED "/^$ENABLE_CATEGORIE$/d" $BL_CATEGORIES_ENABLED`	217	`$SED "/^$ENABLE_CATEGORIE$/d" $BL_CATEGORIES_ENABLED`
212	`fi`	218	`fi`
213	`done`	219	`done`
214	`# Creation of DNSMASQ and Iptables BL and WL`	220	`# Creation of DNSMASQ and Iptables BL and WL`
215	`for LIST in $BL_CATEGORIES $WL_CATEGORIES # for each list (bl and wl)`	221	`for LIST in $BL_CATEGORIES $WL_CATEGORIES # for each list (bl and wl)`
216	`do`	222	`do`
217	for PATH_FILE in `cat $LIST` # for each category	223	for PATH_FILE in `cat $LIST` # for each category
218	`do`	224	`do`
219	DOMAINE=`basename $PATH_FILE`	225	DOMAINE=`basename $PATH_FILE`
220	`echo -n "$DOMAINE, "`	226	`echo -n "$DOMAINE, "`
221	`if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist`	227	`if [ ! -f $PATH_FILE/urls ] # create 'urls' file if it doesn't exist`
222	`then`	228	`then`
223	`touch $PATH_FILE/urls`	229	`touch $PATH_FILE/urls`
224	`chown dansguardian:apache $PATH_FILE/urls`	230	`chown dansguardian:apache $PATH_FILE/urls`
225	`fi`	231	`fi`
226	`$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors`	232	`$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors`
227	`# extract ip addresses for iptables`	233	`# extract ip addresses for iptables`
228	`awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp`	234	`awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp`
229	`# for dnsmask, remove IP addesses, accented characters and commented lines.`	235	`# for dnsmask, remove IP addesses, accented characters and commented lines.`
230	`egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp`	236	`egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp`
231	`$SED "/[äâëêïîöôüû]/d" $FILE_tmp`	237	`$SED "/[äâëêïîöôüû]/d" $FILE_tmp`
232	`$SED "/^#.*/d" $FILE_tmp`	238	`$SED "/^#.*/d" $FILE_tmp`
233	`if [ "$LIST" == "$BL_CATEGORIES" ]`	239	`if [ "$LIST" == "$BL_CATEGORIES" ]`
234	`then`	240	`then`
235	`# adapt to the dnsmasq syntax for the blacklist`	241	`# adapt to the dnsmasq syntax for the blacklist`
236	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp`	242	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp`
237	`mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf`	243	`mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf`
238	`mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE`	244	`mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE`
239	`else`	245	`else`
240	`# adapt to the dnsmasq syntax for the whitelist`	246	`# adapt to the dnsmasq syntax for the whitelist`
241	`$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp`	247	`$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp`
242	`mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf`	248	`mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf`
243	`fi`	249	`fi`
244	`done`	250	`done`
245	`done`	251	`done`
246	`rm -f $FILE_tmp $FILE_ip_tmp`	252	`rm -f $FILE_tmp $FILE_ip_tmp`
247	`# Restoring ossi file of BL IP`	253	`# Restoring ossi file of BL IP`
248	`[ -e $DIR_tmp/ossi-ip-bl ] && mv $DIR_tmp/ossi-ip-bl $DIR_IP_BL/ossi`	254	`[ -e $DIR_tmp/ossi-ip-bl ] && mv $DIR_tmp/ossi-ip-bl $DIR_IP_BL/ossi`
249	`rm -rf $DIR_tmp`	255	`rm -rf $DIR_tmp`
250	`echo`	256	`echo`
251	`;;`	257	`;;`
252	`#mise a jour d'une categorie avec rsync`	258	`#mise a jour d'une categorie avec rsync`
253	`-update_cat \| --update_cat)`	259	`-update_cat \| --update_cat)`
254		260
255	`if [ $# -ge 3 ]`	261	`echo -n "Updating categories in /usr/local/etc/update_cat.conf ..."`
-		262
256	`then`	263
257	`echo -n "Updating $2 category ..."`	264	`for LIGNE_RSYNC in $(cat /usr/local/etc/update_cat.conf)`
-		265	`do`
258		266
-		267	`$CATEGORIE=$(echo $LIGNE_RSYNC \| cut -d' ' -f0)`
-		268	`$URL=$(echo $LIGNE_RSYNC \| cut -d' ' -f1)`
-		269
259	`PATH_FILE=$(find $DIR_DG_BL/ -type d -name $2) # retrieve directory name of the category`	270	`PATH_FILE=$(find $DIR_DG_BL/ -type d -name $CATEGORIE) # retrieve directory name of the category`
260	`rsync -rv $3 $(dirname $PATH_FILE ) #rsync inside of the blacklist directory`	271	`echo "rsync -rv $URL $(dirname $PATH_FILE )" #rsync inside of the blacklist directory`
-		272	`echo $PATH_FILE`
261		273
262	`# Creation of DNSMASQ and Iptables BL and WL`	274	`# Creation of DNSMASQ and Iptables BL and WL`
263	`DOMAINE=$(basename $PATH_FILE)`	275	`DOMAINE=$(basename $PATH_FILE)`
264		276
265	`$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors`	277	`$SED "s/\.\{2,10\}/\./g" $PATH_FILE/domains $PATH_FILE/urls # correct some syntax errors`
266	`# extract ip addresses for iptables`	278	`# extract ip addresses for iptables`
267	`awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp`	279	`awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $PATH_FILE/domains > $FILE_ip_tmp`
268	`# for dnsmask, remove IP addesses, accented characters and commented lines.`	280	`# for dnsmask, remove IP addesses, accented characters and commented lines.`
269	`egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp`	281	`egrep -v "^([0-9]{1,3}\.){3}[0-9]{1,3}$" $PATH_FILE/domains > $FILE_tmp`
270	`$SED "/[äâëêïîöôüû]/d" $FILE_tmp`	282	`$SED "/[äâëêïîöôüû]/d" $FILE_tmp`
271	`$SED "/^#.*/d" $FILE_tmp`	283	`$SED "/^#.*/d" $FILE_tmp`
272		284
273	black=`grep black $PATH_FILE/usage \|wc -l`	285	black=`grep black $PATH_FILE/usage \|wc -l`
274	`if [ $black == "1" ]`	286	`if [ $black == "1" ]`
275	`then`	287	`then`
276	`# adapt to the dnsmasq syntax for the blacklist`	288	`# adapt to the dnsmasq syntax for the blacklist`
277	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp`	289	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp`
278	`mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf`	290	`mv $FILE_tmp $DIR_DNS_BL/$DOMAINE.conf`
279	`mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE`	291	`mv $FILE_ip_tmp $DIR_IP_BL/$DOMAINE`
280	`/usr/bin/systemctl restart dnsmasq-blacklist`	-
281	`else`	292	`else`
282	`# adapt to the dnsmasq syntax for the whitelist`	293	`# adapt to the dnsmasq syntax for the whitelist`
283	`$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp`	294	`$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp`
284	`mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf`	295	`mv $FILE_tmp $DIR_DNS_WL/$DOMAINE.conf`
285	`/usr/bin/systemctl restart dnsmasq-whitelist`	-
286	`fi`	296	`fi`
287		-
288	`rm -f $FILE_tmp $FILE_ip_tmp`	297	`rm -f $FILE_tmp $FILE_ip_tmp`
-		298
-		299	`done`
-		300
-		301	`/usr/bin/systemctl restart dnsmasq-whitelist`
-		302	`/usr/bin/systemctl restart dnsmasq-blacklist`
289	`/usr/bin/systemctl restart dansguardian`	303	`/usr/bin/systemctl restart dansguardian`
290	`/usr/local/bin/alcasar-iptables.sh`	304	`/usr/local/bin/alcasar-iptables.sh`
291		305
292	`echo "MAJ RSYNC réussie"`	306	`echo "MAJ RSYNC réussie"`
293		307
294	`else`	-
295	`echo "$usage"`	-
296	`fi`	-
297	`;;`	308	`;;`
298	`# reload when categories are changed`	309	`# reload when categories are changed`
299	`-reload \| --reload)`	310	`-reload \| --reload)`
300	`# for DG`	311	`# for DG`
301	`chown -R dansguardian:apache $DIR_DG_BL/ossi`	312	`chown -R dansguardian:apache $DIR_DG_BL/ossi`
302	`chmod -R g+w $DIR_DG_BL/ossi`	313	`chmod -R g+w $DIR_DG_BL/ossi`
303	`cat_choice`	314	`cat_choice`
304	`# for dnsmasq (rehabited domain names)`	315	`# for dnsmasq (rehabited domain names)`
305	if [ `wc -w $DIR_DG/exceptionsitelist\|cut -d " " -f1` != "0" ]	316	if [ `wc -w $DIR_DG/exceptionsitelist\|cut -d " " -f1` != "0" ]
306	`then`	317	`then`
307	for i in `cat $DIR_DG/exceptionsitelist`	318	for i in `cat $DIR_DG/exceptionsitelist`
308	`do`	319	`do`
309	`$SED "/$i/d" $DIR_DNS_BL/*`	320	`$SED "/$i/d" $DIR_DNS_BL/*`
310	`done`	321	`done`
311	`fi`	322	`fi`
312	`cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_BL/ossi.conf`	323	`cp -f $DIR_DG_BL/ossi/domains $DIR_DNS_BL/ossi.conf`
313	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_BL/ossi.conf`	324	`$SED "s?.*?address=/&/$PRIVATE_IP?g" $DIR_DNS_BL/ossi.conf`
314	`$SED "s?.*?server=/&/$DNS1?g" $DIR_DNS_WL/ossi.conf`	325	`$SED "s?.*?server=/&/$DNS1?g" $DIR_DNS_WL/ossi.conf`
315		326
316	`/usr/bin/systemctl restart dnsmasq-blacklist`	327	`/usr/bin/systemctl restart dnsmasq-blacklist`
317	`/usr/bin/systemctl restart dnsmasq-whitelist`	328	`/usr/bin/systemctl restart dnsmasq-whitelist`
318	`/usr/local/bin/alcasar-iptables.sh`	329	`/usr/local/bin/alcasar-iptables.sh`
319	`;;`	330	`;;`
320	`*)`	331	`*)`
321	`echo "Argument inconnu :$1";`	332	`echo "Argument inconnu :$1";`
322	`echo "$usage"`	333	`echo "$usage"`
323	`exit 1`	334	`exit 1`
324	`;;`	335	`;;`
325	`esac`	336	`esac`
326		337
327		338
328		339
329		340

Subversion Repositories ALCASAR

(root)/scripts/alcasar-bl.sh @ 1938 – Rev 1867 → 1870