| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 2776 2020-03-10 23:06:07Z rexy $
|
2 |
# $Id: alcasar.sh 2801 2020-04-07 17:31:42Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
5 |
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
# team@alcasar.net
|
7 |
# team@alcasar.net
|
| Line 762... |
Line 762... |
| 762 |
## - Creating the CA and the server certificate (lighttpd) ##
|
762 |
## - Creating the CA and the server certificate (lighttpd) ##
|
| 763 |
##################################################################
|
763 |
##################################################################
|
| 764 |
CA()
|
764 |
CA()
|
| 765 |
{
|
765 |
{
|
| 766 |
$DIR_DEST_BIN/alcasar-CA.sh
|
766 |
$DIR_DEST_BIN/alcasar-CA.sh
|
| - |
|
767 |
chown root:apache /etc/pki/CA; chmod 750 /etc/pki/CA
|
| - |
|
768 |
chmod 640 /etc/pki/CA/*
|
| - |
|
769 |
chown root:root /etc/pki/CA/private, chmod 700 /etc/pki/CA/private
|
| - |
|
770 |
chmod 600 /etc/pki/CA/private/*
|
| - |
|
771 |
chown -R root:apache /etc/pki/tls/private; chmod 750 /etc/pki/tls/private
|
| - |
|
772 |
chmod 640 /etc/pki/tls/private/*
|
| 767 |
} # End of CA()
|
773 |
} # End of CA()
|
| 768 |
|
774 |
|
| 769 |
###################################################
|
775 |
###################################################
|
| 770 |
## Function "ACC" ##
|
776 |
## Function "ACC" ##
|
| 771 |
## - copy ALCASAR Control Center (ACC) files ##
|
777 |
## - copy ALCASAR Control Center (ACC) files ##
|
| Line 1393... |
Line 1399... |
| 1393 |
$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
|
1399 |
$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
|
| 1394 |
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
|
1400 |
$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
|
| 1395 |
$SED "/^DatabaseMirror/a DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
|
1401 |
$SED "/^DatabaseMirror/a DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
|
| 1396 |
$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
|
1402 |
$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
|
| 1397 |
# update now
|
1403 |
# update now
|
| 1398 |
/usr/bin/freshclam --no-warnings
|
1404 |
/usr/bin/freshclam --no-warnings --quiet
|
| 1399 |
} # End of antivirus()
|
1405 |
} # End of antivirus()
|
| 1400 |
|
1406 |
|
| 1401 |
################################################################################
|
1407 |
################################################################################
|
| 1402 |
## Function "tinyproxy" ##
|
1408 |
## Function "tinyproxy" ##
|
| 1403 |
## - Set the parameters of tinyproxy (proxy between filtered users and havp) ##
|
1409 |
## - Set the parameters of tinyproxy (proxy between filtered users and havp) ##
|
| Line 2031... |
Line 2037... |
| 2031 |
[ -e /etc/security/msec/security.conf.default ] || cp /etc/security/msec/security.conf /etc/security/msec/security.conf.default
|
2037 |
[ -e /etc/security/msec/security.conf.default ] || cp /etc/security/msec/security.conf /etc/security/msec/security.conf.default
|
| 2032 |
echo "BASE_LEVEL=fileserver" > /etc/security/msec/security.conf
|
2038 |
echo "BASE_LEVEL=fileserver" > /etc/security/msec/security.conf
|
| 2033 |
|
2039 |
|
| 2034 |
# Set permissions monitoring and enforcement
|
2040 |
# Set permissions monitoring and enforcement
|
| 2035 |
cat <<EOF > /etc/security/msec/perm.local
|
2041 |
cat <<EOF > /etc/security/msec/perm.local
|
| 2036 |
/var/log/firewall/ root.apache 750
|
2042 |
/var/log/firewall/ root.apache 750
|
| 2037 |
/var/log/firewall/* root.apache 640
|
2043 |
/var/log/firewall/* root.apache 640
|
| 2038 |
/etc/security/msec/perm.local root.root 640
|
2044 |
/etc/security/msec/perm.local root.root 640
|
| 2039 |
/etc/security/msec/level.local root.root 640
|
2045 |
/etc/security/msec/level.local root.root 640
|
| 2040 |
/etc/freeradius-web root.apache 750
|
2046 |
/etc/freeradius-web root.apache 750
|
| 2041 |
/etc/freeradius-web/admin.conf root.apache 640
|
2047 |
/etc/freeradius-web/admin.conf root.apache 640
|
| 2042 |
/etc/raddb/client.conf radius.radius 640
|
2048 |
/etc/raddb/client.conf radius.radius 640
|
| 2043 |
/etc/raddb/radius.conf radius.radius 640
|
2049 |
/etc/raddb/radius.conf radius.radius 640
|
| 2044 |
/etc/raddb/mods-available/ldap radius.apache 660
|
2050 |
/etc/raddb/mods-available/ldap radius.apache 660
|
| 2045 |
/etc/raddb/sites-available/alcasar radius.apache 660
|
2051 |
/etc/raddb/sites-available/alcasar radius.apache 660
|
| 2046 |
/etc/pki/* root.apache 750
|
2052 |
/etc/pki/CA/ root.apache 750
|
| - |
|
2053 |
/etc/pki/CA/* root.apache 640
|
| - |
|
2054 |
/etc/pki/CA/private/ root.root 700
|
| - |
|
2055 |
/etc/pki/CA/private/* root.root 600
|
| - |
|
2056 |
/etc/pki/tls/private/ root.apache 750
|
| - |
|
2057 |
/etc/pki/tls/private/* root.apache 640
|
| 2047 |
/var/log/netflow/porttracker root.apache 770
|
2058 |
/var/log/netflow/porttracker root.apache 770
|
| 2048 |
/var/log/netflow/porttracker/* root.apache 660
|
2059 |
/var/log/netflow/porttracker/* root.apache 660
|
| 2049 |
EOF
|
2060 |
EOF
|
| 2050 |
# apply now hourly & daily checks
|
2061 |
# apply now hourly & daily checks
|
| 2051 |
/usr/sbin/msec
|
2062 |
/usr/sbin/msec
|