| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 3252 2025-02-21 18:40:30Z rexy $
|
2 |
# $Id: alcasar.sh 3257 2025-02-25 23:41:27Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
4 |
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
|
| 5 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
|
5 |
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
|
| 6 |
# contact : info@alcasar.net
|
6 |
# contact : info@alcasar.net
|
| 7 |
|
7 |
|
| Line 1482... |
Line 1482... |
| 1482 |
# Creation of files for rehabilited domains
|
1482 |
# Creation of files for rehabilited domains
|
| 1483 |
> $DIR_E2G_GROUP1/exceptionsitelist
|
1483 |
> $DIR_E2G_GROUP1/exceptionsitelist
|
| 1484 |
# Creation of files for rehabilited IP
|
1484 |
# Creation of files for rehabilited IP
|
| 1485 |
[ -e $DIR_E2G_GROUP1/exceptionsiteiplist.default ] || mv $DIR_E2G_GROUP1/exceptionsiteiplist $DIR_E2G_GROUP1/exceptionsiteiplist.default
|
1485 |
[ -e $DIR_E2G_GROUP1/exceptionsiteiplist.default ] || mv $DIR_E2G_GROUP1/exceptionsiteiplist $DIR_E2G_GROUP1/exceptionsiteiplist.default
|
| 1486 |
> $DIR_E2G_GROUP1/exceptionsiteiplist
|
1486 |
> $DIR_E2G_GROUP1/exceptionsiteiplist
|
| 1487 |
# Add Bing to the safesearch url regext list (parental control)
|
- |
|
| 1488 |
cat <<EOF >> $DIR_E2G_GROUP1/urlregexplist
|
- |
|
| 1489 |
# Bing - add 'adlt=strict'
|
- |
|
| 1490 |
#"(^http://[0-9a-z]+\.bing\.[a-z]+[-/%.0-9a-z]*\?)(.*)"->"\1\2&adlt=strict"
|
- |
|
| 1491 |
EOF
|
- |
|
| 1492 |
# 'Safesearch' regex actualisation
|
- |
|
| 1493 |
$SED "s?images?search?g" $DIR_E2G_GROUP1/urlregexplist
|
- |
|
| 1494 |
# change the google safesearch ("safe=strict" instead of "safe=vss")
|
- |
|
| 1495 |
$SED "s?safe=vss?safe=strict?g" $DIR_E2G_GROUP1/urlregexplist
|
- |
|
| 1496 |
chown -R e2guardian:root $DIR_E2G_GROUP1
|
- |
|
| 1497 |
chmod -R 660 $DIR_E2G_GROUP1
|
- |
|
| 1498 |
###### ALCASAR filtering for group2 (previously av_users) ####
|
- |
|
| 1499 |
# Create & adapt group2 conf file (av + av_wl)
|
1487 |
# Create & adapt group2 conf file (av + av_wl)
|
| 1500 |
cp $DIR_E2G/e2guardianf1.conf.default $DIR_E2G/e2guardianf2.conf
|
1488 |
cp $DIR_E2G/e2guardianf1.conf.default $DIR_E2G/e2guardianf2.conf
|
| 1501 |
$SED "s?^#reportinglevel =.*?reportinglevel = 3?g" $DIR_E2G/e2guardianf2.conf
|
1489 |
$SED "s?^#reportinglevel =.*?reportinglevel = 3?g" $DIR_E2G/e2guardianf2.conf
|
| 1502 |
$SED "s?^#groupname =.*?groupname = 'antimalware + whitelested users'?g" $DIR_E2G/e2guardianf2.conf
|
1490 |
$SED "s?^#groupname =.*?groupname = 'antimalware + whitelested users'?g" $DIR_E2G/e2guardianf2.conf
|
| 1503 |
|
- |
|
| 1504 |
# create log folder
|
1491 |
# create log folder
|
| 1505 |
mkdir -p /var/log/e2guardian
|
1492 |
mkdir -p /var/log/e2guardian
|
| 1506 |
chown -R e2guardian /etc/e2guardian /var/log/e2guardian
|
1493 |
chown -R e2guardian /etc/e2guardian /var/log/e2guardian
|
| 1507 |
} # End of e2guardian()
|
1494 |
} # End of e2guardian()
|
| 1508 |
|
1495 |
|
| Line 1784... |
Line 1771... |
| 1784 |
do-ip6: no
|
1771 |
do-ip6: no
|
| 1785 |
include: /etc/unbound/conf.d/common/local-forward/*
|
1772 |
include: /etc/unbound/conf.d/common/local-forward/*
|
| 1786 |
include: /etc/unbound/conf.d/common/local-dns/*
|
1773 |
include: /etc/unbound/conf.d/common/local-dns/*
|
| 1787 |
include: /etc/unbound/conf.d/blackhole/*
|
1774 |
include: /etc/unbound/conf.d/blackhole/*
|
| 1788 |
EOF
|
1775 |
EOF
|
| - |
|
1776 |
|
| - |
|
1777 |
# Add the safesearch conf file to blacklist & whitelist
|
| - |
|
1778 |
cp $DIR_CONF/safe-searching /etc/unbound/conf.d/blacklist/
|
| - |
|
1779 |
cp $DIR_CONF/safe-searching /etc/unbound/conf.d/whitelist/
|
| - |
|
1780 |
|
| - |
|
1781 |
# Adapt systemd unit for the 4 instances of unbound
|
| 1789 |
cp /lib/systemd/system/unbound.service /etc/systemd/system/unbound.service
|
1782 |
cp /lib/systemd/system/unbound.service /etc/systemd/system/unbound.service
|
| 1790 |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound.conf?g" /etc/systemd/system/unbound.service
|
1783 |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/unbound -d -c /etc/unbound/unbound.conf?g" /etc/systemd/system/unbound.service
|
| 1791 |
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /etc/systemd/system/unbound.service
|
1784 |
$SED "s?^After=.*?After=syslog.target network-online.target chilli.service?g" /etc/systemd/system/unbound.service
|
| 1792 |
$SED "/^PIDFile=/d" /etc/systemd/system/unbound.service
|
1785 |
$SED "/^PIDFile=/d" /etc/systemd/system/unbound.service
|
| 1793 |
for list in blacklist blackhole whitelist
|
1786 |
for list in blacklist blackhole whitelist
|