Subversion Repositories ALCASAR

Rev

Rev 2739 | Rev 2745 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2739 Rev 2744
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
#  $Id: alcasar.sh 2739 2019-06-06 22:11:37Z rexy $
 2 
#  $Id: alcasar.sh 2744 2019-07-28 09:29:15Z rexy $
3 
 
 3 
 
4 
# alcasar.sh
 4 
# alcasar.sh
5 
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
 5 
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6 
# This script is distributed under the Gnu General Public License (GPL)
 6 
# This script is distributed under the Gnu General Public License (GPL)
7 
#  team@alcasar.net
 7 
#  team@alcasar.net
Line 907... Line 907...
907 
	chown root:apache /var/Save/security/acc_access.log
 907 
	chown root:apache /var/Save/security/acc_access.log
908 
	chmod 664 /var/Save/security/acc_access.log
 908 
	chmod 664 /var/Save/security/acc_access.log
909 
} # End of ACC()
 909 
} # End of ACC()
910 
 
 910 
 
911 
##################################################################
 911 
##################################################################
912 
##                               Fonction "CA"                  ##
 912 
##                      Fonction "CA"                           ##
913 
## - Creating the CA and the server certificate (lighttpd)      ##
 913 
## - Creating the CA and the server certificate (lighttpd)      ##
914 
##################################################################
 914 
##################################################################
915 
CA()
 915 
CA()
916 
{
 916 
{
917 
	$DIR_DEST_BIN/alcasar-CA.sh
 917 
	$DIR_DEST_BIN/alcasar-CA.sh
Line 1589... Line 1589...
1589 
ipset=/#/wl_ip_allowed	# dynamically add the resolv IP address in the Firewall rules
 1589 
ipset=/#/wl_ip_allowed	# dynamically add the resolv IP address in the Firewall rules
1590 
server=$DNS1
 1590 
server=$DNS1
1591 
server=$DNS2
 1591 
server=$DNS2
1592 
EOF
 1592 
EOF
1593 
	# Create dnsmasq-whitelist unit
 1593 
	# Create dnsmasq-whitelist unit
- 
 
 1594 
	if [ "$mode" != "update" ]
- 
 
 1595 
	then
1594 
	mv /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default
 1596 
        mv /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq.service.default
- 
 
 1597 
    fi
1595 
	cp /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq-whitelist.service
 1598 
	cp /lib/systemd/system/dnsmasq.service.default /lib/systemd/system/dnsmasq-whitelist.service
1596 
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
 1599 
	$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service
1597 
	$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service
 1600 
	$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service
1598 
} # End of dnsmasq()
 1601 
} # End of dnsmasq()
1599 
 
 1602 
 
Line 1964... Line 1967...
1964 
##- Secure items : DDOS, SSH-Brute-Force, Intercept.php Brute-Force ##
 1967 
##- Secure items : DDOS, SSH-Brute-Force, Intercept.php Brute-Force ##
1965 
######################################################################
 1968 
######################################################################
1966 
fail2ban()
 1969 
fail2ban()
1967 
{
 1970 
{
1968 
	/usr/bin/sh $DIR_CONF/fail2ban.sh
 1971 
	/usr/bin/sh $DIR_CONF/fail2ban.sh
1969 
# Autorise la lecture seule 2 des 3 fichiers de log concernés, havp est traité dans le script d'init de havp
 1972 
# allow reading of 2 log files (fail2ban & watchdog). HAVP is treated in its section
1970 
	[ -e /var/log/fail2ban.log ] || touch /var/log/fail2ban.log
 1973 
	[ -e /var/log/fail2ban.log ] || /usr/bin/touch /var/log/fail2ban.log
1971 
	[ -e /var/Save/security/watchdog.log ] || touch /var/Save/security/watchdog.log
 1974 
	[ -e /var/Save/security/watchdog.log ] || /usr/bin/touch /var/Save/security/watchdog.log
1972 
	chmod 644 /var/log/fail2ban.log
 1975 
	chmod 644 /var/log/fail2ban.log
1973 
	chmod 644 /var/Save/security/watchdog.log
 1976 
	chmod 644 /var/Save/security/watchdog.log
1974 
	/usr/bin/touch /var/log/auth.log
 1977 
	/usr/bin/touch /var/log/auth.log
1975 
# fail2ban unit
 1978 
# fail2ban unit
1976 
[ -e /lib/systemd/system/fail2ban.service.default ] || cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default
 1979 
[ -e /lib/systemd/system/fail2ban.service.default ] || cp /lib/systemd/system/fail2ban.service /lib/systemd/system/fail2ban.service.default