Subversion Repositories ALCASAR

Rev

Rev 1927 | Rev 1930 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1927 Rev 1928
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 1927 2016-06-05 21:36:32Z richard $ 
2
#  $Id: alcasar.sh 1928 2016-06-05 21:52:03Z richard $ 
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
 
5
 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
7
# Ce programme est un logiciel libre ; This software is free and open source
7
# Ce programme est un logiciel libre ; This software is free and open source
Line 1486... Line 1486...
1486
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
1486
	[ -d /var/log/dnsmasq ] || mkdir /var/log/dnsmasq
1487
	[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
1487
	[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default
1488
	$SED "s?^OPTION=.*?OPTION=-C /etc/dnsmasq.conf?g" /etc/sysconfig/dnsmasq # default conf file for the first dnsmasq instance
1488
	$SED "s?^OPTION=.*?OPTION=-C /etc/dnsmasq.conf?g" /etc/sysconfig/dnsmasq # default conf file for the first dnsmasq instance
1489
	[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
1489
	[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default
1490
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if "alcasar-bypass" is on.
1490
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if "alcasar-bypass" is on.
1491
	cat << EOF > /etc/dnsmasq.conf 
1491
	cat << EOF > /etc/dnsmasq.conf
1492
# Configuration file for "dnsmasq in forward mode"
1492
# Configuration file for "dnsmasq in forward mode"
1493
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1493
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1494
listen-address=$PRIVATE_IP
1494
listen-address=$PRIVATE_IP
1495
pid-file=/var/run/dnsmasq.pid
1495
pid-file=/var/run/dnsmasq.pid
1496
listen-address=127.0.0.1
1496
listen-address=127.0.0.1
Line 1513... Line 1513...
1513
 
1513
 
1514
# Exemple of static dhcp assignation : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
1514
# Exemple of static dhcp assignation : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
1515
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
1515
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
1516
EOF
1516
EOF
1517
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
1517
# 2nd dnsmasq listen on udp 54 ("dnsmasq with blacklist")
1518
	cat << EOF > /etc/dnsmasq-blacklist.conf 
1518
	cat << EOF > /etc/dnsmasq-blacklist.conf
1519
# Configuration file for "dnsmasq with blacklist"
1519
# Configuration file for "dnsmasq with blacklist"
1520
# Add Toulouse University blacklist domains
1520
# Add Toulouse University blacklist domains
1521
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1521
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1522
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
1522
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled
1523
pid-file=/var/run/dnsmasq-blacklist.pid
1523
pid-file=/var/run/dnsmasq-blacklist.pid
Line 1535... Line 1535...
1535
filterwin2k
1535
filterwin2k
1536
server=$DNS1
1536
server=$DNS1
1537
server=$DNS2
1537
server=$DNS2
1538
EOF
1538
EOF
1539
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
1539
# 3rd dnsmasq listen on udp 55 ("dnsmasq with whitelist")
1540
	cat << EOF > /etc/dnsmasq-whitelist.conf 
1540
	cat << EOF > /etc/dnsmasq-whitelist.conf
1541
# Configuration file for "dnsmasq with whitelist"
1541
# Configuration file for "dnsmasq with whitelist"
1542
# ADD Toulouse university whitelist domains
1542
# ADD Toulouse university whitelist domains
1543
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1543
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1544
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
1544
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled
1545
pid-file=/var/run/dnsmasq-whitelist.pid
1545
pid-file=/var/run/dnsmasq-whitelist.pid
Line 1557... Line 1557...
1557
filterwin2k
1557
filterwin2k
1558
ipset=/#/wl_ip_allowed			# dynamicly add the resolv IP address in the Firewall rules
1558
ipset=/#/wl_ip_allowed			# dynamicly add the resolv IP address in the Firewall rules
1559
address=/#/$PRIVATE_IP				# for Domain name without local resolution (WL)  
1559
address=/#/$PRIVATE_IP				# for Domain name without local resolution (WL)  
1560
EOF
1560
EOF
1561
# 4th dnsmasq listen on udp 56 ("blackhole")
1561
# 4th dnsmasq listen on udp 56 ("blackhole")
1562
	cat << EOF > /etc/dnsmasq-blackhole.conf 
1562
	cat << EOF > /etc/dnsmasq-blackhole.conf
1563
# Configuration file for "dnsmasq as a blackhole"
1563
# Configuration file for "dnsmasq as a blackhole"
1564
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1564
conf-file=$DIR_DEST_ETC/alcasar-dns-name	# local DNS resolutions
1565
address=/#/$PRIVATE_IP				# redirect all on ALCASAR IP address
1565
address=/#/$PRIVATE_IP				# redirect all on ALCASAR IP address
1566
pid-file=/var/run/dnsmasq-blackhole.pid
1566
pid-file=/var/run/dnsmasq-blackhole.pid
1567
listen-address=$PRIVATE_IP
1567
listen-address=$PRIVATE_IP
Line 1630... Line 1630...
1630
		mkdir $DIR_DG/lists/blacklists/ossi-bl
1630
		mkdir $DIR_DG/lists/blacklists/ossi-bl
1631
		touch $DIR_DG/lists/blacklists/ossi-bl/domains
1631
		touch $DIR_DG/lists/blacklists/ossi-bl/domains
1632
		mkdir $DIR_DG/lists/blacklists/ossi-wl
1632
		mkdir $DIR_DG/lists/blacklists/ossi-wl
1633
		touch $DIR_DG/lists/blacklists/ossi-wl/domains
1633
		touch $DIR_DG/lists/blacklists/ossi-wl/domains
1634
# add custom ALCASAR BL files
1634
# add custom ALCASAR BL files
1635
		for x in $(ls -1 $DIR_CONF/etc/ | grep "^ossi-*")
1635
		for x in $(ls $DIR_CONF/etc/ | grep "^ossi-*")
1636
		do
1636
		do
1637
			mkdir $DIR_DG/lists/blacklists/$x
1637
			mkdir $DIR_DG/lists/blacklists/$x
1638
			cp $DIR_CONF/etc/$x  $DIR_DG/lists/blacklists/$x/domains
1638
			cp $DIR_CONF/etc/$x  $DIR_DG/lists/blacklists/$x/domains
1639
		done
1639
		done
1640
		chown -R dansguardian:apache $DIR_DG $DIR_DEST_SHARE
1640
		chown -R dansguardian:apache $DIR_DG $DIR_DEST_SHARE