Line 1... |
Line 1... |
1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
2 |
# $Id: alcasar.sh 1927 2016-06-05 21:36:32Z richard $
|
2 |
# $Id: alcasar.sh 1928 2016-06-05 21:52:03Z richard $
|
3 |
|
3 |
|
4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
5 |
|
5 |
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
Line 1486... |
Line 1486... |
1486 |
[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
|
1486 |
[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
|
1487 |
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
|
1487 |
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
|
1488 |
$SED "s?^OPTION=.*?OPTION=-C /etc/dnsmasq.conf?g" /etc/sysconfig/dnsmasq # default conf file for the first dnsmasq instance
|
1488 |
$SED "s?^OPTION=.*?OPTION=-C /etc/dnsmasq.conf?g" /etc/sysconfig/dnsmasq # default conf file for the first dnsmasq instance
|
1489 |
[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
|
1489 |
[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
|
1490 |
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if "alcasar-bypass" is on.
|
1490 |
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if "alcasar-bypass" is on.
|
1491 |
cat << EOF > /etc/dnsmasq.conf
|
1491 |
cat << EOF > /etc/dnsmasq.conf
|
1492 |
# Configuration file for "dnsmasq in forward mode"
|
1492 |
# Configuration file for "dnsmasq in forward mode"
|
1493 |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions
|
1493 |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions
|
1494 |
listen-address=$PRIVATE_IP
|
1494 |
listen-address=$PRIVATE_IP
|
1495 |
pid-file=/var/run/dnsmasq.pid
|
1495 |
pid-file=/var/run/dnsmasq.pid
|
1496 |
listen-address=127.0.0.1
|
1496 |
listen-address=127.0.0.1
|
Line 1513... |
Line 1513... |
1513 |
|
1513 |
|
1514 |
# Exemple of static dhcp assignation : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
|
1514 |
# Exemple of static dhcp assignation : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
|
1515 |
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
|
1515 |
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
|
1516 |
EOF
|
1516 |
EOF
|
1517 |
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
|
1517 |
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
|
1518 |
cat << EOF > /etc/dnsmasq-blacklist.conf
|
1518 |
cat << EOF > /etc/dnsmasq-blacklist.conf
|
1519 |
# Configuration file for "dnsmasq with blacklist"
|
1519 |
# Configuration file for "dnsmasq with blacklist"
|
1520 |
# Add Toulouse University blacklist domains
|
1520 |
# Add Toulouse University blacklist domains
|
1521 |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions
|
1521 |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions
|
1522 |
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
|
1522 |
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
|
1523 |
pid-file=/var/run/dnsmasq-blacklist.pid
|
1523 |
pid-file=/var/run/dnsmasq-blacklist.pid
|
Line 1535... |
Line 1535... |
1535 |
filterwin2k
|
1535 |
filterwin2k
|
1536 |
server=$DNS1
|
1536 |
server=$DNS1
|
1537 |
server=$DNS2
|
1537 |
server=$DNS2
|
1538 |
EOF
|
1538 |
EOF
|
1539 |
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
|
1539 |
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
|
1540 |
cat << EOF > /etc/dnsmasq-whitelist.conf
|
1540 |
cat << EOF > /etc/dnsmasq-whitelist.conf
|
1541 |
# Configuration file for "dnsmasq with whitelist"
|
1541 |
# Configuration file for "dnsmasq with whitelist"
|
1542 |
# ADD Toulouse university whitelist domains
|
1542 |
# ADD Toulouse university whitelist domains
|
1543 |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions
|
1543 |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions
|
1544 |
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
|
1544 |
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
|
1545 |
pid-file=/var/run/dnsmasq-whitelist.pid
|
1545 |
pid-file=/var/run/dnsmasq-whitelist.pid
|
Line 1557... |
Line 1557... |
1557 |
filterwin2k
|
1557 |
filterwin2k
|
1558 |
ipset=/#/wl_ip_allowed # dynamicly add the resolv IP address in the Firewall rules
|
1558 |
ipset=/#/wl_ip_allowed # dynamicly add the resolv IP address in the Firewall rules
|
1559 |
address=/#/$PRIVATE_IP # for Domain name without local resolution (WL)
|
1559 |
address=/#/$PRIVATE_IP # for Domain name without local resolution (WL)
|
1560 |
EOF
|
1560 |
EOF
|
1561 |
# 4th dnsmasq listen on udp 56 ("blackhole")
|
1561 |
# 4th dnsmasq listen on udp 56 ("blackhole")
|
1562 |
cat << EOF > /etc/dnsmasq-blackhole.conf
|
1562 |
cat << EOF > /etc/dnsmasq-blackhole.conf
|
1563 |
# Configuration file for "dnsmasq as a blackhole"
|
1563 |
# Configuration file for "dnsmasq as a blackhole"
|
1564 |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions
|
1564 |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions
|
1565 |
address=/#/$PRIVATE_IP # redirect all on ALCASAR IP address
|
1565 |
address=/#/$PRIVATE_IP # redirect all on ALCASAR IP address
|
1566 |
pid-file=/var/run/dnsmasq-blackhole.pid
|
1566 |
pid-file=/var/run/dnsmasq-blackhole.pid
|
1567 |
listen-address=$PRIVATE_IP
|
1567 |
listen-address=$PRIVATE_IP
|
Line 1630... |
Line 1630... |
1630 |
mkdir $DIR_DG/lists/blacklists/ossi-bl
|
1630 |
mkdir $DIR_DG/lists/blacklists/ossi-bl
|
1631 |
touch $DIR_DG/lists/blacklists/ossi-bl/domains
|
1631 |
touch $DIR_DG/lists/blacklists/ossi-bl/domains
|
1632 |
mkdir $DIR_DG/lists/blacklists/ossi-wl
|
1632 |
mkdir $DIR_DG/lists/blacklists/ossi-wl
|
1633 |
touch $DIR_DG/lists/blacklists/ossi-wl/domains
|
1633 |
touch $DIR_DG/lists/blacklists/ossi-wl/domains
|
1634 |
# add custom ALCASAR BL files
|
1634 |
# add custom ALCASAR BL files
|
1635 |
for x in $(ls -1 $DIR_CONF/etc/ | grep "^ossi-*")
|
1635 |
for x in $(ls $DIR_CONF/etc/ | grep "^ossi-*")
|
1636 |
do
|
1636 |
do
|
1637 |
mkdir $DIR_DG/lists/blacklists/$x
|
1637 |
mkdir $DIR_DG/lists/blacklists/$x
|
1638 |
cp $DIR_CONF/etc/$x $DIR_DG/lists/blacklists/$x/domains
|
1638 |
cp $DIR_CONF/etc/$x $DIR_DG/lists/blacklists/$x/domains
|
1639 |
done
|
1639 |
done
|
1640 |
chown -R dansguardian:apache $DIR_DG $DIR_DEST_SHARE
|
1640 |
chown -R dansguardian:apache $DIR_DG $DIR_DEST_SHARE
|