| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 3309 2026-01-04 00:29:23Z rexy $
|
2 |
# $Id: alcasar.sh 3310 2026-01-06 12:48:09Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
4 |
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
| 5 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
|
5 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
|
| 6 |
# contact : info@alcasar.net
|
6 |
# contact : info@alcasar.net
|
| 7 |
|
7 |
|
| Line 2360... |
Line 2360... |
| 2360 |
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.d/alcasar.conf
|
2360 |
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.d/alcasar.conf
|
| 2361 |
# enable kernel antispoofing
|
2361 |
# enable kernel antispoofing
|
| 2362 |
echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.d/alcasar.conf
|
2362 |
echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.d/alcasar.conf
|
| 2363 |
# ignore source routing
|
2363 |
# ignore source routing
|
| 2364 |
echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.d/alcasar.conf
|
2364 |
echo "net.ipv4.conf.all.accept_source_route = 0" >> /etc/sysctl.d/alcasar.conf
|
| 2365 |
# set conntrack timer to 1h (3600s) instead of 5 weeks
|
- |
|
| 2366 |
echo "net.netfilter.nf_conntrack_tcp_timeout_established = 3600" >> /etc/sysctl.d/alcasar.conf
|
- |
|
| 2367 |
# disable log_martians (ALCASAR is often installed between two private network addresses)
|
2365 |
# disable log_martians (ALCASAR is often installed between two private network addresses)
|
| 2368 |
echo "net.ipv4.conf.all.log_martians = 0" >> /etc/sysctl.d/alcasar.conf
|
2366 |
echo "net.ipv4.conf.all.log_martians = 0" >> /etc/sysctl.d/alcasar.conf
|
| 2369 |
# disable iptables_helpers
|
- |
|
| 2370 |
echo "net.netfilter.nf_conntrack_helper = 0" >> /etc/sysctl.d/alcasar.conf
|
- |
|
| 2371 |
# Switch to the router mode
|
2367 |
# Switch to the router mode
|
| 2372 |
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.d/alcasar.conf
|
2368 |
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.d/alcasar.conf
|
| 2373 |
# Remove unused service ipv6
|
2369 |
# Remove unused service ipv6
|
| 2374 |
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.d/alcasar.conf
|
2370 |
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.d/alcasar.conf
|
| 2375 |
echo "net.ipv6.conf.all.autoconf = 0" >> /etc/sysctl.d/alcasar.conf
|
2371 |
echo "net.ipv6.conf.all.autoconf = 0" >> /etc/sysctl.d/alcasar.conf
|