| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 2512 2018-03-11 15:19:43Z tom.houdayer $
|
2 |
# $Id: alcasar.sh 2519 2018-03-26 19:40:51Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
5 |
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
# team@alcasar.net
|
7 |
# team@alcasar.net
|
| Line 829... |
Line 829... |
| 829 |
chown -R root:apache /etc/pki
|
829 |
chown -R root:apache /etc/pki
|
| 830 |
chmod -R 750 /etc/pki
|
830 |
chmod -R 750 /etc/pki
|
| 831 |
} # End of CA ()
|
831 |
} # End of CA ()
|
| 832 |
|
832 |
|
| 833 |
##################################################################
|
833 |
##################################################################
|
| 834 |
## Function "time_server" ##
|
834 |
## Function "time_server" ##
|
| 835 |
## - Configuring NTP server ##
|
835 |
## - Configuring NTP server ##
|
| 836 |
##################################################################
|
836 |
##################################################################
|
| 837 |
time_server ()
|
837 |
time_server ()
|
| 838 |
{
|
838 |
{
|
| 839 |
# Set the Internet time server
|
839 |
# Set the Internet time server
|
| 840 |
[ -e /etc/ntp/step-tickers.default ] || cp /etc/ntp/step-tickers /etc/ntp/step-tickers.default
|
840 |
[ -e /etc/ntp/step-tickers.default ] || cp /etc/ntp/step-tickers /etc/ntp/step-tickers.default
|
| Line 1223... |
Line 1223... |
| 1223 |
groupadd -f chilli
|
1223 |
groupadd -f chilli
|
| 1224 |
useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
|
1224 |
useradd -r -g chilli -s /bin/false -c "system user for coova-chilli" chilli
|
| 1225 |
} # End of chilli ()
|
1225 |
} # End of chilli ()
|
| 1226 |
|
1226 |
|
| 1227 |
##################################################################
|
1227 |
##################################################################
|
| 1228 |
## Fonction "dansguardian" ##
|
1228 |
## Function "dansguardian" ##
|
| 1229 |
## - Paramètrage du gestionnaire de contenu Dansguardian ##
|
1229 |
## - Set the parameters of this HTML proxy (as controler) ##
|
| 1230 |
##################################################################
|
1230 |
##################################################################
|
| 1231 |
dansguardian ()
|
1231 |
dansguardian ()
|
| 1232 |
{
|
1232 |
{
|
| 1233 |
mkdir -p /var/dansguardian /var/log/dansguardian
|
1233 |
mkdir -p /var/dansguardian /var/log/dansguardian
|
| 1234 |
chown -R dansguardian /var/dansguardian /var/log/dansguardian
|
1234 |
chown -R dansguardian /var/dansguardian /var/log/dansguardian
|
| Line 1246... |
Line 1246... |
| 1246 |
# replace the default deny HTML page
|
1246 |
# replace the default deny HTML page
|
| 1247 |
cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
|
1247 |
cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
|
| 1248 |
cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
|
1248 |
cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
|
| 1249 |
# Don't log
|
1249 |
# Don't log
|
| 1250 |
$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/dansguardian.conf
|
1250 |
$SED "s?^loglevel =.*?loglevel = 0?g" $DIR_DG/dansguardian.conf
|
| 1251 |
# on désactive par défaut le controle de contenu des pages html
|
1251 |
# # Change the default report page
|
| - |
|
1252 |
$SED "s?^accessdeniedaddress =.*?accessdeniedaddress = http://$HOSTNAME.$DOMAIN?g" $DIR_DG/dansguardian.conf
|
| - |
|
1253 |
# Disable HTML content control
|
| 1252 |
$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf
|
1254 |
$SED "s?^weightedphrasemode =.*?weightedphrasemode = 0?g" $DIR_DG/dansguardian.conf
|
| 1253 |
cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
|
1255 |
cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
|
| 1254 |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
|
1256 |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (on commente ce qui ne l'est pas)
|
| 1255 |
# on désactive par défaut le contrôle d'URL par expressions régulières
|
1257 |
# Disable URL control with regex
|
| 1256 |
cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
|
1258 |
cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
|
| 1257 |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
|
1259 |
$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (on commente ce qui ne l'est pas)
|
| 1258 |
|
- |
|
| 1259 |
# Configure Dansguardian for large site
|
1260 |
# Configure Dansguardian for large site
|
| 1260 |
# Minimum number of processus to handle connections
|
1261 |
# Minimum number of processus to handle connections
|
| 1261 |
$SED "s?^minchildren =.*?minchildren = 15?g" $DIR_DG/dansguardian.conf
|
1262 |
$SED "s?^minchildren =.*?minchildren = 15?g" $DIR_DG/dansguardian.conf
|
| 1262 |
# Maximum number of processus to handle connections
|
1263 |
# Maximum number of processus to handle connections
|
| 1263 |
$SED "s?^maxchildren =.*?maxchildren = 200?g" $DIR_DG/dansguardian.conf
|
1264 |
$SED "s?^maxchildren =.*?maxchildren = 200?g" $DIR_DG/dansguardian.conf
|
| Line 1265... |
Line 1266... |
| 1265 |
$SED "s?^minsparechildren =.*?minsparechildren = 8?g" $DIR_DG/dansguardian.conf
|
1266 |
$SED "s?^minsparechildren =.*?minsparechildren = 8?g" $DIR_DG/dansguardian.conf
|
| 1266 |
# minimum number of processes to spawn
|
1267 |
# minimum number of processes to spawn
|
| 1267 |
$SED "s?^preforkchildren =.*?preforkchildren = 10?g" $DIR_DG/dansguardian.conf
|
1268 |
$SED "s?^preforkchildren =.*?preforkchildren = 10?g" $DIR_DG/dansguardian.conf
|
| 1268 |
# maximum age of a child process before it croaks it
|
1269 |
# maximum age of a child process before it croaks it
|
| 1269 |
$SED "s?^maxagechildren =.*?maxagechildren = 1000?g" $DIR_DG/dansguardian.conf
|
1270 |
$SED "s?^maxagechildren =.*?maxagechildren = 1000?g" $DIR_DG/dansguardian.conf
|
| 1270 |
|
- |
|
| 1271 |
# on désactive par défaut le contrôle de téléchargement de fichiers
|
1271 |
# Disable download files control
|
| 1272 |
[ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
|
1272 |
[ -e $DIR_DG/dansguardianf1.conf.default ] || cp $DIR_DG/dansguardianf1.conf $DIR_DG/dansguardianf1.conf.default
|
| 1273 |
$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
|
1273 |
$SED "s?^blockdownloads =.*?blockdownloads = off?g" $DIR_DG/dansguardianf1.conf
|
| 1274 |
[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
|
1274 |
[ -e $DIR_DG/lists/bannedextensionlist.default ] || mv $DIR_DG/lists/bannedextensionlist $DIR_DG/lists/bannedextensionlist.default
|
| 1275 |
[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
|
1275 |
[ -e $DIR_DG/lists/bannedmimetypelist.default ] || mv $DIR_DG/lists/bannedmimetypelist $DIR_DG/lists/bannedmimetypelist.default
|
| 1276 |
touch $DIR_DG/lists/bannedextensionlist
|
1276 |
touch $DIR_DG/lists/bannedextensionlist
|
| Line 1284... |
Line 1284... |
| 1284 |
[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
|
1284 |
[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
|
| 1285 |
[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
|
1285 |
[ -e $DIR_DG/lists/bannedurllist.default ] || mv $DIR_DG/lists/bannedurllist $DIR_DG/lists/bannedurllist.default
|
| 1286 |
} # End of dansguardian ()
|
1286 |
} # End of dansguardian ()
|
| 1287 |
|
1287 |
|
| 1288 |
##################################################################
|
1288 |
##################################################################
|
| 1289 |
## Fonction "antivirus" ##
|
1289 |
## Function "antivirus" ##
|
| 1290 |
## - configuration of havp, libclamav and freshclam ##
|
1290 |
## - Set the parameters of havp, libclamav and freshclam ##
|
| 1291 |
##################################################################
|
1291 |
##################################################################
|
| 1292 |
antivirus ()
|
1292 |
antivirus ()
|
| 1293 |
{
|
1293 |
{
|
| 1294 |
# create 'havp' user
|
1294 |
# create 'havp' user
|
| 1295 |
havp_exist=`grep -c ^havp: /etc/passwd`
|
1295 |
havp_exist=`grep -c ^havp: /etc/passwd`
|
| Line 1337... |
Line 1337... |
| 1337 |
$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
|
1337 |
$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
|
| 1338 |
# update now
|
1338 |
# update now
|
| 1339 |
/usr/bin/freshclam --no-warnings
|
1339 |
/usr/bin/freshclam --no-warnings
|
| 1340 |
} # End of antivirus ()
|
1340 |
} # End of antivirus ()
|
| 1341 |
|
1341 |
|
| 1342 |
##########################################################################
|
1342 |
################################################################################
|
| 1343 |
## Fonction "tinyproxy" ##
|
1343 |
## Function "tinyproxy" ##
|
| 1344 |
## - configuration of tinyproxy (proxy between filterde users and havp) ##
|
1344 |
## - Set the parameters of tinyproxy (proxy between filterde users and havp) ##
|
| 1345 |
##########################################################################
|
1345 |
################################################################################
|
| 1346 |
tinyproxy ()
|
1346 |
tinyproxy ()
|
| 1347 |
{
|
1347 |
{
|
| 1348 |
tinyproxy_exist=`grep -c ^tinyproxy: /etc/passwd`
|
1348 |
tinyproxy_exist=`grep -c ^tinyproxy: /etc/passwd`
|
| 1349 |
if [ "$tinyproxy_exist" == "1" ]
|
1349 |
if [ "$tinyproxy_exist" == "1" ]
|
| 1350 |
then
|
1350 |
then
|
| Line 1391... |
Line 1391... |
| 1391 |
[Install]
|
1391 |
[Install]
|
| 1392 |
WantedBy=multi-user.target
|
1392 |
WantedBy=multi-user.target
|
| 1393 |
EOF
|
1393 |
EOF
|
| 1394 |
|
1394 |
|
| 1395 |
} # end of tinyproxy
|
1395 |
} # end of tinyproxy
|
| 1396 |
##################################################################################
|
1396 |
##############################################################################
|
| 1397 |
## function "ulogd" ##
|
1397 |
## function "ulogd" ##
|
| 1398 |
## - Ulog config for multi-log files ##
|
1398 |
## - Ulog config for multi-log files ##
|
| 1399 |
##################################################################################
|
1399 |
##############################################################################
|
| 1400 |
ulogd ()
|
1400 |
ulogd ()
|
| 1401 |
{
|
1401 |
{
|
| 1402 |
# Three instances of ulogd (three different logfiles)
|
1402 |
# Three instances of ulogd (three different logfiles)
|
| 1403 |
[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
|
1403 |
[ -d /var/log/firewall ] || mkdir -p /var/log/firewall
|
| 1404 |
nl=1
|
1404 |
nl=1
|
| Line 1421... |
Line 1421... |
| 1421 |
chmod 640 /var/log/firewall/*
|
1421 |
chmod 640 /var/log/firewall/*
|
| 1422 |
} # End of ulogd ()
|
1422 |
} # End of ulogd ()
|
| 1423 |
|
1423 |
|
| 1424 |
|
1424 |
|
| 1425 |
##########################################################
|
1425 |
##########################################################
|
| 1426 |
## Function "nfsen" ##
|
1426 |
## Function "nfsen" ##
|
| 1427 |
## - install the nfsen grapher ##
|
1427 |
## - install the nfsen grapher ##
|
| 1428 |
## - install the two plugins porttracker & surfmap ##
|
1428 |
## - install the two plugins porttracker & surfmap ##
|
| 1429 |
##########################################################
|
1429 |
##########################################################
|
| 1430 |
nfsen()
|
1430 |
nfsen()
|
| 1431 |
{
|
1431 |
{
|
| 1432 |
tar xzf ./conf/nfsen/nfsen-*.tar.gz -C /tmp/
|
1432 |
tar xzf ./conf/nfsen/nfsen-*.tar.gz -C /tmp/
|
| 1433 |
# Add PortTracker plugin
|
1433 |
# Add PortTracker plugin
|