Subversion Repositories ALCASAR

Rev

Rev 2831 | Rev 2834 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2831 Rev 2833
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 2831 2020-06-07 21:43:19Z rexy $
2
#  $Id: alcasar.sh 2833 2020-06-14 10:13:18Z rexy $
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
#  team@alcasar.net
7
#  team@alcasar.net
Line 1582... Line 1582...
1582
	[ -d /etc/unbound/conf.d/common/local-dns ] || mkdir /etc/unbound/conf.d/common/local-dns
1582
	[ -d /etc/unbound/conf.d/common/local-dns ] || mkdir /etc/unbound/conf.d/common/local-dns
1583
	[ -d /etc/unbound/conf.d/forward ] || mkdir /etc/unbound/conf.d/forward
1583
	[ -d /etc/unbound/conf.d/forward ] || mkdir /etc/unbound/conf.d/forward
1584
	[ -d /etc/unbound/conf.d/blacklist ] || mkdir /etc/unbound/conf.d/blacklist
1584
	[ -d /etc/unbound/conf.d/blacklist ] || mkdir /etc/unbound/conf.d/blacklist
1585
	[ -d /etc/unbound/conf.d/whitelist ] || mkdir /etc/unbound/conf.d/whitelist
1585
	[ -d /etc/unbound/conf.d/whitelist ] || mkdir /etc/unbound/conf.d/whitelist
1586
	[ -d /etc/unbound/conf.d/blackhole ] || mkdir /etc/unbound/conf.d/blackhole
1586
	[ -d /etc/unbound/conf.d/blackhole ] || mkdir /etc/unbound/conf.d/blackhole
1587
	[ -d /var/log/unbound ] || { mkdir /var/log/unbound; chown unbound:unbound /var/log/unbound; }
1587
	[ -d /var/log/unbound ] || mkdir /var/log/unbound
-
 
1588
	chown unbound:unbound /var/log/unbound
1588
	[ -e /etc/unbound/unbound.conf.default ] || cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default
1589
	[ -e /etc/unbound/unbound.conf.default ] || cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.default
1589
 
1590
 
1590
# Forward zone configuration file for all unbound dns servers
1591
# Forward zone configuration file for all unbound dns servers
1591
	cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf
1592
	cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf
1592
forward-zone:
1593
forward-zone:
Line 1626... Line 1627...
1626
	access-control-view: 127.0.0.1/8 lo
1627
	access-control-view: 127.0.0.1/8 lo
1627
view:
1628
view:
1628
	name: "lo"
1629
	name: "lo"
1629
	local-zone: "$DOMAIN" static
1630
	local-zone: "$DOMAIN" static
1630
	local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1"
1631
	local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1"
1631
	local-data-ptr "127.0.0.1 $HOSTNAME.$DOMAIN"
-
 
1632
	view-first: yes
1632
	view-first: yes
1633
EOF
1633
EOF
1634
 
1634
 
1635
# Configuration file for $INTIF of forward unbound
1635
# Configuration file for $INTIF of forward unbound
1636
	cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf
1636
	cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf
Line 1720... Line 1720...
1720
	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
1720
	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
1721
view:
1721
view:
1722
	name: "$INTIF"
1722
	name: "$INTIF"
1723
	local-zone: "." redirect
1723
	local-zone: "." redirect
1724
	local-data: ". A $PRIVATE_IP"
1724
	local-data: ". A $PRIVATE_IP"
-
 
1725
	local-zone: "$DOMAIN" static
-
 
1726
	local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"
-
 
1727
	local-data-ptr: "$PRIVATE_IP $HOSTNAME.$DOMAIN"
1725
EOF
1728
EOF
1726
 
1729
 
1727
# Configuration file for blackhole unbound
1730
# Configuration file for blackhole unbound
1728
	cat << EOF > /etc/unbound/unbound-blackhole.conf
1731
	cat << EOF > /etc/unbound/unbound-blackhole.conf
1729
server:
1732
server:
1730
	verbosity: 1
1733
	verbosity: 1
1731
	hide-version: yes
1734
	hide-version: yes
1732
	hide-identity: yes
1735
	hide-identity: yes
1733
	do-ip6: no
1736
	do-ip6: no
1734
	include: /etc/unbound/conf.d/blackhole/*
1737
	include: /etc/unbound/conf.d/blackhole/*
1735
	include: /etc/unbound/conf.d/common/local-dns/*
-
 
1736
	include: /etc/unbound/conf.d/common/local-forward/*
1738
	include: /etc/unbound/conf.d/common/local-forward/*
1737
EOF
1739
EOF
1738
 
1740
 
1739
	if [ ! -e /lib/systemd/system/unbound.service.default ]
1741
	if [ ! -e /lib/systemd/system/unbound.service.default ]
1740
	then
1742
	then