Subversion Repositories ALCASAR

Rev

Rev 2829 | Rev 2833 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2829 Rev 2831
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
#  $Id: alcasar.sh 2829 2020-06-01 21:56:41Z rexy $
 2 
#  $Id: alcasar.sh 2831 2020-06-07 21:43:19Z rexy $
3 
 
 3 
 
4 
# alcasar.sh
 4 
# alcasar.sh
5 
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
 5 
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6 
# This script is distributed under the Gnu General Public License (GPL)
 6 
# This script is distributed under the Gnu General Public License (GPL)
7 
#  team@alcasar.net
 7 
#  team@alcasar.net
Line 1584... Line 1584...
1584 
	[ -d /etc/unbound/conf.d/blacklist ] || mkdir /etc/unbound/conf.d/blacklist
 1584 
	[ -d /etc/unbound/conf.d/blacklist ] || mkdir /etc/unbound/conf.d/blacklist
1585 
	[ -d /etc/unbound/conf.d/whitelist ] || mkdir /etc/unbound/conf.d/whitelist
 1585 
	[ -d /etc/unbound/conf.d/whitelist ] || mkdir /etc/unbound/conf.d/whitelist
1586 
	[ -d /etc/unbound/conf.d/blackhole ] || mkdir /etc/unbound/conf.d/blackhole
 1586 
	[ -d /etc/unbound/conf.d/blackhole ] || mkdir /etc/unbound/conf.d/blackhole
1587 
	[ -d /var/log/unbound ] || { mkdir /var/log/unbound; chown unbound:unbound /var/log/unbound; }
 1587 
	[ -d /var/log/unbound ] || { mkdir /var/log/unbound; chown unbound:unbound /var/log/unbound; }
1588 
	[ -e /etc/unbound/unbound.conf.default ] || cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default
 1588 
	[ -e /etc/unbound/unbound.conf.default ] || cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default
1589 
	# Local static DNS configuration
 - 
 
1590 
	[ -e /etc/unbound/conf.d/common/local-dns/global.conf ] || touch /etc/unbound/conf.d/common/local-dns/global.conf
 - 
 
1591 
 
 1589 
 
1592 
# Forward zone configuration file for all unbound dns servers
 1590 
# Forward zone configuration file for all unbound dns servers
1593 
	cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf
 1591 
	cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf
1594 
forward-zone:
 1592 
forward-zone:
1595 
	name: "."
 1593 
	name: "."
Line 1614... Line 1612...
1614 
EOF
 1612 
EOF
1615 
 
 1613 
 
1616 
# Configuration file of ALCASAR main domains for $INTIF
 1614 
# Configuration file of ALCASAR main domains for $INTIF
1617 
	cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
 1615 
	cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
1618 
server:
 1616 
server:
1619 
	local-zone: "$HOSTNAME.$DOMAIN" static
 1617 
	local-zone: "$DOMAIN" static
1620 
	local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"
 1618 
	local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"
1621 
	local-zone: "$HOSTNAME" static
 - 
 
1622 
	local-data: "$HOSTNAME A $PRIVATE_IP"
 1619 
	local-data-ptr: "$PRIVATE_IP $HOSTNAME.$DOMAIN"
1623 
	local-zone: "$DOMAIN." static
 - 
 
1624 
	local-data: "$DOMAIN. A"
 - 
 
1625 
EOF
 1620 
EOF
1626 
 
 1621 
 
1627 
# Configuration file for lo of forward unbound
 1622 
# Configuration file for lo of forward unbound
1628 
	cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf
 1623 
	cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf
1629 
server:
 1624 
server:
1630 
	interface: 127.0.0.1@53
 1625 
	interface: 127.0.0.1@53
1631 
	access-control-view: 127.0.0.1/8 lo
 1626 
	access-control-view: 127.0.0.1/8 lo
1632 
 
 - 
 
1633 
view:
 1627 
view:
1634 
	name: "lo"
 1628 
	name: "lo"
1635 
	local-zone: "$HOSTNAME.$DOMAIN" static
 1629 
	local-zone: "$DOMAIN" static
1636 
	local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1"
 1630 
	local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1"
1637 
	local-zone: "$HOSTNAME" static
 - 
 
1638 
	local-data: "$HOSTNAME A 127.0.0.1"
 1631 
	local-data-ptr "127.0.0.1 $HOSTNAME.$DOMAIN"
1639 
	view-first: yes
 1632 
	view-first: yes
1640 
EOF
 1633 
EOF
1641 
 
 1634 
 
1642 
# Configuration file for $INTIF of forward unbound
 1635 
# Configuration file for $INTIF of forward unbound
1643 
	cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf
 1636 
	cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf
1644 
server:
 1637 
server:
1645 
	interface: ${PRIVATE_IP}@53
 1638 
	interface: ${PRIVATE_IP}@53
1646 
	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
 1639 
	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
1647 
 
 - 
 
1648 
view:
 1640 
view:
1649 
	name: "$INTIF"
 1641 
	name: "$INTIF"
1650 
	local-zone: "$HOSTNAME.$DOMAIN" static
 - 
 
1651 
	local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"
 - 
 
1652 
	local-zone: "$HOSTNAME" static
 - 
 
1653 
	local-data: "$HOSTNAME A $PRIVATE_IP"
 - 
 
1654 
	view-first: yes
 1642 
	view-first: yes
1655 
EOF
 1643 
EOF
1656 
 
 1644 
 
1657 
# Configuration file for forward unbound
 1645 
# Configuration file for main unbound
1658 
	cat << EOF > /etc/unbound/unbound.conf
 1646 
	cat << EOF > /etc/unbound/unbound.conf
1659 
server:
 1647 
server:
1660 
	verbosity: 1
 1648 
	verbosity: 1
1661 
	hide-version: yes
 1649 
	hide-version: yes
1662 
	hide-identity: yes
 1650 
	hide-identity: yes
Line 1728... Line 1716...
1728 
# Configuration file for $INTIF of blackhole unbound
 1716 
# Configuration file for $INTIF of blackhole unbound
1729 
	cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf
 1717 
	cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf
1730 
server:
 1718 
server:
1731 
	interface: ${PRIVATE_IP}@56
 1719 
	interface: ${PRIVATE_IP}@56
1732 
	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
 1720 
	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
1733 
 
 - 
 
1734 
view:
 1721 
view:
1735 
	name: "$INTIF"
 1722 
	name: "$INTIF"
1736 
	local-zone: "." redirect
 1723 
	local-zone: "." redirect
1737 
	local-data: ". A $PRIVATE_IP"
 1724 
	local-data: ". A $PRIVATE_IP"
1738 
EOF
 1725 
EOF