WebSVN – ALCASAR – Diff – /alcasar.sh



#!/bin/bash
#  $Id: alcasar.sh 3238 2024-12-02 22:38:59Z rexy $
 
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
# contact : info@alcasar.net
 

DB_RADIUS="radius"						# database name used by FreeRadius server
DB_USER="radius"						# user name allows to request the users database
DB_GAMMU="gammu"						# database name used by Gammu-smsd
# ******* Network parameters - paramètres réseau *******
HOSTNAME="alcasar"						# default hostname
DOMAIN="lan"							# default local domain
EXTIF=''								# EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)
INTIF=''								# INTIF is connected to the consultation network
MTU="1500"
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24"	# Default ALCASAR IP address
# ****** Paths - chemin des commandes *******

	[ -e $DIR_E2G/e2guardian.conf.default ] || cp $DIR_E2G/e2guardian.conf $DIR_E2G/e2guardian.conf.default
# French deny HTML page
	$SED "s?^language =.*?language = 'french'?g" $DIR_E2G/e2guardian.conf
# Listen & loop prevention on loopback
	$SED "s?^#checkip = 127.0.0.1.*?checkip = 127.0.0.1?g" $DIR_E2G/e2guardian.conf
# 2 filtergroups (8080 & 8081)
	$SED "s?^#filtergroups =.*?filtergroups = 2?g" $DIR_E2G/e2guardian.conf
# Listen on LAN only
	$SED "s?^#filterip =.*?filterip = $PRIVATE_IP?g" $DIR_E2G/e2guardian.conf
# Listen on 8080 (group1 : BL users on HTTP)
	$SED "s?^#filterports = 8080:8081.*?filterports = 8080:8081?g" $DIR_E2G/e2guardian.conf
# Listen on 8081 (group2 : previously AV users --> to be redefine)
#	$SED "/^filterip = $PRIVATE_IP/a filterip = $PRIVATE_IP" $DIR_E2G/e2guardian.conf
	$SED "s?^#filterports = 8081.*?filterports = 8081?g" $DIR_E2G/e2guardian.conf
# for now we don't listen transparently on 8443 (HTTPS) (only in future version)
	$SED "s?^transparenthttpsport =.*?#transparenthttpsport = 8443?g" $DIR_E2G/e2guardian.conf

	# 'Safesearch' regex actualisation
	$SED "s?images?search?g" $DIR_E2G_GROUP1/urlregexplist
	# change the google safesearch ("safe=strict" instead of "safe=vss")
	$SED "s?safe=vss?safe=strict?g" $DIR_E2G_GROUP1/urlregexplist
 
###### ALCASAR filtering for group2 (previously av_users) ####
# Create & adapt group2 conf file (av + av_wl)
	cp $DIR_E2G/e2guardianf1.conf.default $DIR_E2G/e2guardianf2.conf
	$SED "s?^#reportinglevel =.*?reportinglevel = 3?g" $DIR_E2G/e2guardianf2.conf
	$SED "s?^#groupname =.*?groupname = 'antimalware + whitelested users'?g" $DIR_E2G/e2guardianf2.conf
 
 
# create log folder
	mkdir -p /var/log/e2guardian
	chown -R e2guardian /etc/e2guardian /var/log/e2guardian
} # End of e2guardian()

	range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;
	default-lease-time 21600;
	max-lease-time 43200;
}
EOF
chown -R dhcpd:dhcpd /var/lib/dhcpd
} # End of dhcpd()
 
##########################################################
##                         "BL"                         ##
## - copy & adapt Toulouse BL to ALCASAR architecture   ##

	echo "SSH_WAN=0" >> $CONF_FILE
	echo "SSH_ADMIN_FROM=0.0.0.0/0.0.0.0" >> $CONF_FILE
	echo "INTERLAN=off" >> $CONF_FILE
	echo "LDAP=off" >> $CONF_FILE
	echo "LDAP_SERVER=127.0.0.1" >> $CONF_FILE
	echo "LDAP_BASE=cn=Users;dc=serverad;dc=lan" >> $CONF_FILE
	echo "LDAP_UID=sAMAccountName" >> $CONF_FILE
	echo "LDAP_FILTER=" >> $CONF_FILE
	echo "LDAP_USER=alcasar" >> $CONF_FILE
	echo "LDAP_PASSWORD=" >> $CONF_FILE
	echo "LDAP_SSL=on" >> $CONF_FILE

Subversion Repositories ALCASAR

(root)/alcasar.sh – Rev 3231 → 3238

Rev 3231		Rev 3238
Line 1...		Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar.sh 3231 2024-11-10 23:12:08Z rexy $`	2	`# $Id: alcasar.sh 3238 2024-12-02 22:38:59Z rexy $`
3		3
4	`# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)`	4	`# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)`
5	`# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump`	5	`# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump`
6	`# contact : info@alcasar.net`	6	`# contact : info@alcasar.net`
7		7
Line 60...		Line 60...
60	`DB_RADIUS="radius" # database name used by FreeRadius server`	60	`DB_RADIUS="radius" # database name used by FreeRadius server`
61	`DB_USER="radius" # user name allows to request the users database`	61	`DB_USER="radius" # user name allows to request the users database`
62	`DB_GAMMU="gammu" # database name used by Gammu-smsd`	62	`DB_GAMMU="gammu" # database name used by Gammu-smsd`
63	`# ***** Network parameters - paramètres réseau *****`	63	`# ***** Network parameters - paramètres réseau *****`
64	`HOSTNAME="alcasar" # default hostname`	64	`HOSTNAME="alcasar" # default hostname`
65	`DOMAIN="localdomain" # default local domain`	65	`DOMAIN="lan" # default local domain`
66	`EXTIF='' # EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)`	66	`EXTIF='' # EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)`
67	`INTIF='' # INTIF is connected to the consultation network`	67	`INTIF='' # INTIF is connected to the consultation network`
68	`MTU="1500"`	68	`MTU="1500"`
69	`DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # Default ALCASAR IP address`	69	`DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24" # Default ALCASAR IP address`
70	`# **** Paths - chemin des commandes *****`	70	`# **** Paths - chemin des commandes *****`
Line 1398...		Line 1398...
1398	`[ -e $DIR_E2G/e2guardian.conf.default ] \|\| cp $DIR_E2G/e2guardian.conf $DIR_E2G/e2guardian.conf.default`	1398	`[ -e $DIR_E2G/e2guardian.conf.default ] \|\| cp $DIR_E2G/e2guardian.conf $DIR_E2G/e2guardian.conf.default`
1399	`# French deny HTML page`	1399	`# French deny HTML page`
1400	`$SED "s?^language =.*?language = 'french'?g" $DIR_E2G/e2guardian.conf`	1400	`$SED "s?^language =.*?language = 'french'?g" $DIR_E2G/e2guardian.conf`
1401	`# Listen & loop prevention on loopback`	1401	`# Listen & loop prevention on loopback`
1402	`$SED "s?^#checkip = 127.0.0.1.*?checkip = 127.0.0.1?g" $DIR_E2G/e2guardian.conf`	1402	`$SED "s?^#checkip = 127.0.0.1.*?checkip = 127.0.0.1?g" $DIR_E2G/e2guardian.conf`
1403	`# 2 filtergroups (8080 & 8090)`	1403	`# 2 filtergroups (8080 & 8081)`
1404	`$SED "s?^#filtergroups =.*?filtergroups = 2?g" $DIR_E2G/e2guardian.conf`	1404	`$SED "s?^#filtergroups =.*?filtergroups = 2?g" $DIR_E2G/e2guardian.conf`
1405	`# Listen on LAN only`	1405	`# Listen on LAN only`
1406	`$SED "s?^#filterip =.*?filterip = $PRIVATE_IP?g" $DIR_E2G/e2guardian.conf`	1406	`$SED "s?^#filterip =.*?filterip = $PRIVATE_IP?g" $DIR_E2G/e2guardian.conf`
1407	`# Listen on 8080 (group1 : BL users on HTTP)`	1407	`# Listen on 8080 (group1 : BL users on HTTP)`
1408	`$SED "s?^#filterports = 8080.*?filterports = 8080?g" $DIR_E2G/e2guardian.conf`	1408	`$SED "s?^#filterports = 8080:8081.*?filterports = 8080:8081?g" $DIR_E2G/e2guardian.conf`
1409	`# Listen on 8081 (group2 : previously AV users --> to be redefine)`	1409	`# Listen on 8081 (group2 : previously AV users --> to be redefine)`
1410	`# $SED "/^filterip = $PRIVATE_IP/a filterip = $PRIVATE_IP" $DIR_E2G/e2guardian.conf`	1410	`# $SED "/^filterip = $PRIVATE_IP/a filterip = $PRIVATE_IP" $DIR_E2G/e2guardian.conf`
1411	`$SED "s?^#filterports = 8081.*?filterports = 8081?g" $DIR_E2G/e2guardian.conf`	1411	`$SED "s?^#filterports = 8081.*?filterports = 8081?g" $DIR_E2G/e2guardian.conf`
1412	`# for now we don't listen transparently on 8443 (HTTPS) (only in future version)`	1412	`# for now we don't listen transparently on 8443 (HTTPS) (only in future version)`
1413	`$SED "s?^transparenthttpsport =.*?#transparenthttpsport = 8443?g" $DIR_E2G/e2guardian.conf`	1413	`$SED "s?^transparenthttpsport =.*?#transparenthttpsport = 8443?g" $DIR_E2G/e2guardian.conf`
Line 1474...		Line 1474...
1474	`# 'Safesearch' regex actualisation`	1474	`# 'Safesearch' regex actualisation`
1475	`$SED "s?images?search?g" $DIR_E2G_GROUP1/urlregexplist`	1475	`$SED "s?images?search?g" $DIR_E2G_GROUP1/urlregexplist`
1476	`# change the google safesearch ("safe=strict" instead of "safe=vss")`	1476	`# change the google safesearch ("safe=strict" instead of "safe=vss")`
1477	`$SED "s?safe=vss?safe=strict?g" $DIR_E2G_GROUP1/urlregexplist`	1477	`$SED "s?safe=vss?safe=strict?g" $DIR_E2G_GROUP1/urlregexplist`
1478		1478
-		1479	`###### ALCASAR filtering for group2 (previously av_users) ####`
1479	`# Create & adapt group2 conf file (av + av_wl)`	1480	`# Create & adapt group2 conf file (av + av_wl)`
1480	`cp $DIR_E2G/e2guardianf1.conf.default $DIR_E2G/e2guardianf2.conf`	1481	`cp $DIR_E2G/e2guardianf1.conf.default $DIR_E2G/e2guardianf2.conf`
1481	`$SED "s?^#reportinglevel =.*?reportinglevel = 3?g" $DIR_E2G/e2guardianf2.conf`	1482	`$SED "s?^#reportinglevel =.*?reportinglevel = 3?g" $DIR_E2G/e2guardianf2.conf`
1482	`$SED "s?^#groupname =.*?groupname = 'antimalware + whitelested users'?g" $DIR_E2G/e2guardianf2.conf`	1483	`$SED "s?^#groupname =.*?groupname = 'antimalware + whitelested users'?g" $DIR_E2G/e2guardianf2.conf`
1483	`$SED "s?^urllist = 'name=banned,messageno=501,path=__LISTDIR__/bannedurllist'?urllist = 'name=banned,messageno=501,path=__LISTDIR__/bannedurllist.default'?g" $DIR_E2G/e2guardianf2.conf # no banned urls`	-
1484		1484
1485	`# create log folder`	1485	`# create log folder`
1486	`mkdir -p /var/log/e2guardian`	1486	`mkdir -p /var/log/e2guardian`
1487	`chown -R e2guardian /etc/e2guardian /var/log/e2guardian`	1487	`chown -R e2guardian /etc/e2guardian /var/log/e2guardian`
1488	`} # End of e2guardian()`	1488	`} # End of e2guardian()`
Line 1764...		Line 1764...
1764	`range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;`	1764	`range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;`
1765	`default-lease-time 21600;`	1765	`default-lease-time 21600;`
1766	`max-lease-time 43200;`	1766	`max-lease-time 43200;`
1767	`}`	1767	`}`
1768	`EOF`	1768	`EOF`
-		1769	`chown -R dhcpd:dhcpd /var/lib/dhcpd`
1769	`} # End of dhcpd()`	1770	`} # End of dhcpd()`
1770		1771
1771	`##########################################################`	1772	`##########################################################`
1772	`## "BL" ##`	1773	`## "BL" ##`
1773	`## - copy & adapt Toulouse BL to ALCASAR architecture ##`	1774	`## - copy & adapt Toulouse BL to ALCASAR architecture ##`
Line 2227...		Line 2228...
2227	`echo "SSH_WAN=0" >> $CONF_FILE`	2228	`echo "SSH_WAN=0" >> $CONF_FILE`
2228	`echo "SSH_ADMIN_FROM=0.0.0.0/0.0.0.0" >> $CONF_FILE`	2229	`echo "SSH_ADMIN_FROM=0.0.0.0/0.0.0.0" >> $CONF_FILE`
2229	`echo "INTERLAN=off" >> $CONF_FILE`	2230	`echo "INTERLAN=off" >> $CONF_FILE`
2230	`echo "LDAP=off" >> $CONF_FILE`	2231	`echo "LDAP=off" >> $CONF_FILE`
2231	`echo "LDAP_SERVER=127.0.0.1" >> $CONF_FILE`	2232	`echo "LDAP_SERVER=127.0.0.1" >> $CONF_FILE`
2232	`echo "LDAP_BASE=cn=Users;dc=serverad;dc=localdomain" >> $CONF_FILE`	2233	`echo "LDAP_BASE=cn=Users;dc=serverad;dc=lan" >> $CONF_FILE`
2233	`echo "LDAP_UID=sAMAccountName" >> $CONF_FILE`	2234	`echo "LDAP_UID=sAMAccountName" >> $CONF_FILE`
2234	`echo "LDAP_FILTER=" >> $CONF_FILE`	2235	`echo "LDAP_FILTER=" >> $CONF_FILE`
2235	`echo "LDAP_USER=alcasar" >> $CONF_FILE`	2236	`echo "LDAP_USER=alcasar" >> $CONF_FILE`
2236	`echo "LDAP_PASSWORD=" >> $CONF_FILE`	2237	`echo "LDAP_PASSWORD=" >> $CONF_FILE`
2237	`echo "LDAP_SSL=on" >> $CONF_FILE`	2238	`echo "LDAP_SSL=on" >> $CONF_FILE`