| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 1512 2014-12-01 23:07:12Z richard $
|
2 |
# $Id: alcasar.sh 1513 2014-12-02 10:33:11Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
|
5 |
|
| 6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
| 7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
| Line 589... |
Line 589... |
| 589 |
# load conntrack ftp module
|
589 |
# load conntrack ftp module
|
| 590 |
[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
|
590 |
[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default
|
| 591 |
echo "ip_conntrack_ftp" >> /etc/modprobe.preload
|
591 |
echo "ip_conntrack_ftp" >> /etc/modprobe.preload
|
| 592 |
# load ipt_NETFLOW module
|
592 |
# load ipt_NETFLOW module
|
| 593 |
echo "ipt_NETFLOW" >> /etc/modprobe.preload
|
593 |
echo "ipt_NETFLOW" >> /etc/modprobe.preload
|
| - |
|
594 |
# modify iptables service files (start with "alcasar-iptables.sh" and stop with flush)
|
| - |
|
595 |
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default
|
| - |
|
596 |
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
|
| - |
|
597 |
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default
|
| - |
|
598 |
$SED "s?\[ -f \$IPTABLE_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test in order the stop function run (fluxh all rules & policies)
|
| 594 |
#
|
599 |
#
|
| 595 |
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
|
600 |
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
|
| 596 |
} # End of network ()
|
601 |
} # End of network ()
|
| 597 |
|
602 |
|
| 598 |
##################################################################
|
603 |
##################################################################
|
| Line 1561... |
Line 1566... |
| 1561 |
##########################################################
|
1566 |
##########################################################
|
| 1562 |
## Fonction "BL" ##
|
1567 |
## Fonction "BL" ##
|
| 1563 |
##########################################################
|
1568 |
##########################################################
|
| 1564 |
BL ()
|
1569 |
BL ()
|
| 1565 |
{
|
1570 |
{
|
| 1566 |
# modify iptables boot file to start alcasar-iptables.sh when the system is booting
|
- |
|
| 1567 |
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default
|
- |
|
| 1568 |
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
|
- |
|
| 1569 |
# copy and extract toulouse BL
|
1571 |
# copy and extract toulouse BL
|
| 1570 |
rm -rf $DIR_DG/lists/blacklists
|
1572 |
rm -rf $DIR_DG/lists/blacklists
|
| 1571 |
tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
|
1573 |
tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
|
| 1572 |
# creation of the OSSI BL and WL categories (domain name and url)
|
1574 |
# creation of the OSSI BL and WL categories (domain name and url)
|
| 1573 |
mkdir $DIR_DG/lists/blacklists/ossi
|
1575 |
mkdir $DIR_DG/lists/blacklists/ossi
|
| Line 1606... |
Line 1608... |
| 1606 |
$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
|
1608 |
$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
|
| 1607 |
# adapt the BL to ALCASAR architecture. Enable the default categories
|
1609 |
# adapt the BL to ALCASAR architecture. Enable the default categories
|
| 1608 |
if [ "$mode" != "update" ]; then
|
1610 |
if [ "$mode" != "update" ]; then
|
| 1609 |
$DIR_DEST_SBIN/alcasar-bl.sh --adapt
|
1611 |
$DIR_DEST_SBIN/alcasar-bl.sh --adapt
|
| 1610 |
$DIR_DEST_SBIN/alcasar-bl.sh --cat_choice
|
1612 |
$DIR_DEST_SBIN/alcasar-bl.sh --cat_choice
|
| 1611 |
# !!! we can be banned by DNS server (waiting for a cool solution $DIR_DEST_SBIN/alcasar-bl.sh --ip_retrieving
|
- |
|
| 1612 |
fi
|
1613 |
fi
|
| 1613 |
}
|
1614 |
}
|
| 1614 |
|
1615 |
|
| 1615 |
##########################################################
|
1616 |
##########################################################
|
| 1616 |
## Fonction "cron" ##
|
1617 |
## Fonction "cron" ##
|