| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
|
2 |
|
| 3 |
# $Id: alcasar-bl.sh 2569 2018-07-14 09:17:12Z lucas.echard $
|
3 |
# $Id: alcasar-bl.sh 2675 2018-12-14 09:56:50Z lucas.echard $
|
| 4 |
|
4 |
|
| 5 |
# alcasar-bl.sh
|
5 |
# alcasar-bl.sh
|
| 6 |
# by Franck BOUIJOUX and Richard REY
|
6 |
# by Franck BOUIJOUX and Richard REY
|
| 7 |
# This script is distributed under the Gnu General Public License (GPL)
|
7 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 8 |
|
8 |
|
| Line 18... |
Line 18... |
| 18 |
DIR_WL_tmp="/tmp/whitelists"
|
18 |
DIR_WL_tmp="/tmp/whitelists"
|
| 19 |
FILE_tmp="/tmp/filesfilter.txt"
|
19 |
FILE_tmp="/tmp/filesfilter.txt"
|
| 20 |
FILE_ip_tmp="/tmp/filesipfilter.txt"
|
20 |
FILE_ip_tmp="/tmp/filesipfilter.txt"
|
| 21 |
DIR_DG="/etc/e2guardian/lists"
|
21 |
DIR_DG="/etc/e2guardian/lists"
|
| 22 |
DIR_DG_BL="$DIR_DG/blacklists"
|
22 |
DIR_DG_BL="$DIR_DG/blacklists"
|
| - |
|
23 |
GLOBAL_USAGE="$DIR_CONF/alcasar-global-usage" # file containing the description of the lists
|
| 23 |
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories
|
24 |
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories" # list of names of the BL categories
|
| 24 |
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" # ' ' WL categories
|
25 |
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories" # ' ' WL categories
|
| 25 |
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" # ' ' BL enabled categories
|
26 |
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled" # ' ' BL enabled categories
|
| 26 |
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled" # ' ' WL enabled categories
|
27 |
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled" # ' ' WL enabled categories
|
| 27 |
DIR_SHARE="/usr/local/share"
|
28 |
DIR_SHARE="/usr/local/share"
|
| Line 134... |
Line 135... |
| 134 |
mkdir $DIR_tmp
|
135 |
mkdir $DIR_tmp
|
| 135 |
wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz
|
136 |
wget -P $DIR_tmp http://$BL_SERVER/blacklists/download/blacklists.tar.gz
|
| 136 |
md5sum $DIR_tmp/blacklists.tar.gz | cut -d" " -f1 > $DIR_tmp/md5sum
|
137 |
md5sum $DIR_tmp/blacklists.tar.gz | cut -d" " -f1 > $DIR_tmp/md5sum
|
| 137 |
chown -R apache:apache $DIR_tmp
|
138 |
chown -R apache:apache $DIR_tmp
|
| 138 |
fi
|
139 |
fi
|
| 139 |
;;
|
140 |
;;
|
| 140 |
# enable/disable categories (used only during the alcasar install process)
|
141 |
# enable/disable categories (used only during the alcasar install process)
|
| 141 |
-cat_choice | --cat_choice)
|
142 |
-cat_choice | --cat_choice)
|
| 142 |
cat_choice
|
143 |
cat_choice
|
| 143 |
;;
|
144 |
;;
|
| 144 |
# Adapt Toulouse University BL to ALCASAR architecture (dnsmasq + DG + iptables)
|
145 |
# Adapt Toulouse University BL to ALCASAR architecture (dnsmasq + DG + iptables)
|
| Line 154... |
Line 155... |
| 154 |
rm -rf $DIR_DG_BL $DIR_IP_BL
|
155 |
rm -rf $DIR_DG_BL $DIR_IP_BL
|
| 155 |
mkdir $DIR_DG_BL $DIR_IP_BL
|
156 |
mkdir $DIR_DG_BL $DIR_IP_BL
|
| 156 |
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
|
157 |
tar zxf $DIR_tmp/blacklists.tar.gz --directory=$DIR_DG/
|
| 157 |
chown -R e2guardian:apache $DIR_DG
|
158 |
chown -R e2guardian:apache $DIR_DG
|
| 158 |
chmod -R 770 $DIR_DG
|
159 |
chmod -R 770 $DIR_DG
|
| 159 |
# Add the two local categories (ossi-bl & ossi-wl) to the usage file
|
- |
|
| 160 |
# Add the custom categories (ossi-tor_nodes) to the usage file
|
- |
|
| 161 |
cat <<EOF >> $DIR_DG_BL/global_usage
|
- |
|
| 162 |
|
- |
|
| 163 |
NAME: ossi-bl
|
- |
|
| 164 |
DEFAULT_TYPE: black
|
- |
|
| 165 |
SOURCE: ALCASAR Team
|
- |
|
| 166 |
DESC FR: sites blacklistés ajoutés localement
|
- |
|
| 167 |
DESC EN: blacklisted sites add locally
|
- |
|
| 168 |
NAME FR: ossi-bl
|
- |
|
| 169 |
NAME EN: ossi-bl
|
- |
|
| 170 |
|
- |
|
| 171 |
NAME: ossi-wl
|
- |
|
| 172 |
DEFAULT_TYPE: white
|
- |
|
| 173 |
SOURCE: ALCASAR Team
|
- |
|
| 174 |
DESC FR: sites autorisés ajoutés localement
|
- |
|
| 175 |
DESC EN: whitelisted sites add locally
|
- |
|
| 176 |
NAME FR: ossi-wl
|
- |
|
| 177 |
NAME EN: ossi-wl
|
- |
|
| 178 |
|
- |
|
| 179 |
NAME: ossi-bl-tor_nodes
|
- |
|
| 180 |
DEFAULT_TYPE: black
|
- |
|
| 181 |
SOURCE: ALCASAR Team
|
- |
|
| 182 |
DESC FR: Adresses IP des noeuds (routeurs) d'entrée du réseau TOR
|
- |
|
| 183 |
DESC EN: IP addresses of input TOR nodes (routers)
|
- |
|
| 184 |
NAME FR: Noeuds TOR
|
- |
|
| 185 |
NAME EN: TOR nodes
|
- |
|
| 186 |
EOF
|
- |
|
| 187 |
# Retrieve custom files (ossi)
|
160 |
# Retrieve custom files (ossi)
|
| 188 |
for x in $(ls -1 $DIR_tmp | grep "^ossi-*")
|
161 |
for x in $(ls -1 $DIR_tmp | grep "^ossi-*")
|
| 189 |
do
|
162 |
do
|
| 190 |
mv $DIR_tmp/$x $DIR_DG_BL
|
163 |
mv $DIR_tmp/$x $DIR_DG_BL
|
| 191 |
done
|
164 |
done
|
| 192 |
fi
|
165 |
fi
|
| 193 |
rm -f $BL_CATEGORIES $WL_CATEGORIES
|
166 |
rm -f $BL_CATEGORIES $WL_CATEGORIES
|
| 194 |
rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
|
167 |
rm -rf $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
|
| 195 |
rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED
|
168 |
rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED
|
| 196 |
touch $BL_CATEGORIES $WL_CATEGORIES
|
169 |
touch $BL_CATEGORIES $WL_CATEGORIES
|
| 197 |
mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
|
170 |
mkdir $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
|
| 198 |
mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED
|
171 |
mkdir $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED
|
| 199 |
find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist
|
172 |
find $DIR_DG_BL/ -type f -name domains > $FILE_tmp # retrieve directory name where a domain file exist
|
| 200 |
$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix
|
173 |
$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix
|
| 201 |
for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files
|
174 |
for dir_categorie in `cat $FILE_tmp` # create the blacklist and the whitelist files
|
| 202 |
do
|
175 |
do
|
| 203 |
categorie=`echo $dir_categorie|cut -d "/" -f6`
|
176 |
categorie=`echo $dir_categorie|cut -d "/" -f6`
|
| 204 |
categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie$ $DIR_DG_BL/global_usage | grep ^DEFAULT_TYPE | cut -d":" -f2 | tr -d " \t"`
|
177 |
categorie_type=`grep -A1 ^NAME:[$' '$'\t']*$categorie\$ $GLOBAL_USAGE | grep ^DEFAULT_TYPE | cut -d":" -f2 | tr -d " \t"`
|
| 205 |
if [ "$categorie_type" == "white" ]
|
178 |
if [ "$categorie_type" == "white" ]
|
| 206 |
then
|
179 |
then
|
| 207 |
echo "$dir_categorie" >> $WL_CATEGORIES
|
180 |
echo "$dir_categorie" >> $WL_CATEGORIES
|
| 208 |
else
|
181 |
else
|
| 209 |
echo "$dir_categorie" >> $BL_CATEGORIES
|
182 |
echo "$dir_categorie" >> $BL_CATEGORIES
|
| Line 316... |
Line 289... |
| 316 |
echo "server=/$i/#" >> $DIR_DNS_BL/authorized-ossi-bl.conf
|
289 |
echo "server=/$i/#" >> $DIR_DNS_BL/authorized-ossi-bl.conf
|
| 317 |
done
|
290 |
done
|
| 318 |
ln -s $DIR_DNS_BL/authorized-ossi-bl.conf $DIR_DNS_BL_ENABLED/authorized-ossi-bl
|
291 |
ln -s $DIR_DNS_BL/authorized-ossi-bl.conf $DIR_DNS_BL_ENABLED/authorized-ossi-bl
|
| 319 |
fi
|
292 |
fi
|
| 320 |
# adapt OSSI BL & WL custom files
|
293 |
# adapt OSSI BL & WL custom files
|
| 321 |
for dir in $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENBALED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
|
294 |
for dir in $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
|
| 322 |
do
|
295 |
do
|
| 323 |
rm -f $dir/ossi*
|
296 |
rm -f $dir/ossi*
|
| 324 |
done
|
297 |
done
|
| 325 |
find $DIR_DG_BL/ -type f -name domains | grep ossi- > $FILE_tmp # retrieve ossi directories name where a domain file exist
|
298 |
find $DIR_DG_BL/ -type f -name domains | grep ossi- > $FILE_tmp # retrieve ossi directories name where a domain file exist
|
| 326 |
$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix
|
299 |
$SED "s?\/domains??g" $FILE_tmp # remove "/domains" suffix
|