| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 2831 2020-06-07 21:43:19Z rexy $
|
2 |
# $Id: alcasar.sh 2833 2020-06-14 10:13:18Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
5 |
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
# team@alcasar.net
|
7 |
# team@alcasar.net
|
| Line 1582... |
Line 1582... |
| 1582 |
[ -d /etc/unbound/conf.d/common/local-dns ] || mkdir /etc/unbound/conf.d/common/local-dns
|
1582 |
[ -d /etc/unbound/conf.d/common/local-dns ] || mkdir /etc/unbound/conf.d/common/local-dns
|
| 1583 |
[ -d /etc/unbound/conf.d/forward ] || mkdir /etc/unbound/conf.d/forward
|
1583 |
[ -d /etc/unbound/conf.d/forward ] || mkdir /etc/unbound/conf.d/forward
|
| 1584 |
[ -d /etc/unbound/conf.d/blacklist ] || mkdir /etc/unbound/conf.d/blacklist
|
1584 |
[ -d /etc/unbound/conf.d/blacklist ] || mkdir /etc/unbound/conf.d/blacklist
|
| 1585 |
[ -d /etc/unbound/conf.d/whitelist ] || mkdir /etc/unbound/conf.d/whitelist
|
1585 |
[ -d /etc/unbound/conf.d/whitelist ] || mkdir /etc/unbound/conf.d/whitelist
|
| 1586 |
[ -d /etc/unbound/conf.d/blackhole ] || mkdir /etc/unbound/conf.d/blackhole
|
1586 |
[ -d /etc/unbound/conf.d/blackhole ] || mkdir /etc/unbound/conf.d/blackhole
|
| 1587 |
[ -d /var/log/unbound ] || { mkdir /var/log/unbound; chown unbound:unbound /var/log/unbound; }
|
1587 |
[ -d /var/log/unbound ] || mkdir /var/log/unbound
|
| - |
|
1588 |
chown unbound:unbound /var/log/unbound
|
| 1588 |
[ -e /etc/unbound/unbound.conf.default ] || cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default
|
1589 |
[ -e /etc/unbound/unbound.conf.default ] || cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default
|
| 1589 |
|
1590 |
|
| 1590 |
# Forward zone configuration file for all unbound dns servers
|
1591 |
# Forward zone configuration file for all unbound dns servers
|
| 1591 |
cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf
|
1592 |
cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf
|
| 1592 |
forward-zone:
|
1593 |
forward-zone:
|
| Line 1626... |
Line 1627... |
| 1626 |
access-control-view: 127.0.0.1/8 lo
|
1627 |
access-control-view: 127.0.0.1/8 lo
|
| 1627 |
view:
|
1628 |
view:
|
| 1628 |
name: "lo"
|
1629 |
name: "lo"
|
| 1629 |
local-zone: "$DOMAIN" static
|
1630 |
local-zone: "$DOMAIN" static
|
| 1630 |
local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1"
|
1631 |
local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1"
|
| 1631 |
local-data-ptr "127.0.0.1 $HOSTNAME.$DOMAIN"
|
- |
|
| 1632 |
view-first: yes
|
1632 |
view-first: yes
|
| 1633 |
EOF
|
1633 |
EOF
|
| 1634 |
|
1634 |
|
| 1635 |
# Configuration file for $INTIF of forward unbound
|
1635 |
# Configuration file for $INTIF of forward unbound
|
| 1636 |
cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf
|
1636 |
cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf
|
| Line 1720... |
Line 1720... |
| 1720 |
access-control-view: $PRIVATE_NETWORK_MASK $INTIF
|
1720 |
access-control-view: $PRIVATE_NETWORK_MASK $INTIF
|
| 1721 |
view:
|
1721 |
view:
|
| 1722 |
name: "$INTIF"
|
1722 |
name: "$INTIF"
|
| 1723 |
local-zone: "." redirect
|
1723 |
local-zone: "." redirect
|
| 1724 |
local-data: ". A $PRIVATE_IP"
|
1724 |
local-data: ". A $PRIVATE_IP"
|
| - |
|
1725 |
local-zone: "$DOMAIN" static
|
| - |
|
1726 |
local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"
|
| - |
|
1727 |
local-data-ptr: "$PRIVATE_IP $HOSTNAME.$DOMAIN"
|
| 1725 |
EOF
|
1728 |
EOF
|
| 1726 |
|
1729 |
|
| 1727 |
# Configuration file for blackhole unbound
|
1730 |
# Configuration file for blackhole unbound
|
| 1728 |
cat << EOF > /etc/unbound/unbound-blackhole.conf
|
1731 |
cat << EOF > /etc/unbound/unbound-blackhole.conf
|
| 1729 |
server:
|
1732 |
server:
|
| 1730 |
verbosity: 1
|
1733 |
verbosity: 1
|
| 1731 |
hide-version: yes
|
1734 |
hide-version: yes
|
| 1732 |
hide-identity: yes
|
1735 |
hide-identity: yes
|
| 1733 |
do-ip6: no
|
1736 |
do-ip6: no
|
| 1734 |
include: /etc/unbound/conf.d/blackhole/*
|
1737 |
include: /etc/unbound/conf.d/blackhole/*
|
| 1735 |
include: /etc/unbound/conf.d/common/local-dns/*
|
- |
|
| 1736 |
include: /etc/unbound/conf.d/common/local-forward/*
|
1738 |
include: /etc/unbound/conf.d/common/local-forward/*
|
| 1737 |
EOF
|
1739 |
EOF
|
| 1738 |
|
1740 |
|
| 1739 |
if [ ! -e /lib/systemd/system/unbound.service.default ]
|
1741 |
if [ ! -e /lib/systemd/system/unbound.service.default ]
|
| 1740 |
then
|
1742 |
then
|