Subversion Repositories ALCASAR

Rev

Rev 3231 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 3231 Rev 3238
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 3231 2024-11-10 23:12:08Z rexy $
2
#  $Id: alcasar.sh 3238 2024-12-02 22:38:59Z rexy $
3
 
3
 
4
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
4
# ALCASAR is a Free and open source NAC (Network Access Controler) created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
5
# ALCASAR is based on a stripped Mageia (LSB) with the following open source softwares Coovachilli, freeradius, mariaDB, apache, php, netfilter, e2guardian, ntpd, openssl, unbound, gammu, Ulog, fail2ban, vnstat, wkhtml2pdf, ipt_NETFLOW, NFsen and NFdump
6
# contact : info@alcasar.net
6
# contact : info@alcasar.net
7
 
7
 
Line 60... Line 60...
60
DB_RADIUS="radius"						# database name used by FreeRadius server
60
DB_RADIUS="radius"						# database name used by FreeRadius server
61
DB_USER="radius"						# user name allows to request the users database
61
DB_USER="radius"						# user name allows to request the users database
62
DB_GAMMU="gammu"						# database name used by Gammu-smsd
62
DB_GAMMU="gammu"						# database name used by Gammu-smsd
63
# ******* Network parameters - paramètres réseau *******
63
# ******* Network parameters - paramètres réseau *******
64
HOSTNAME="alcasar"						# default hostname
64
HOSTNAME="alcasar"						# default hostname
65
DOMAIN="localdomain"					# default local domain
65
DOMAIN="lan"							# default local domain
66
EXTIF=''								# EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)
66
EXTIF=''								# EXTIF is connected to the ISP broadband modem/router (In France : Box-FAI)
67
INTIF=''								# INTIF is connected to the consultation network
67
INTIF=''								# INTIF is connected to the consultation network
68
MTU="1500"
68
MTU="1500"
69
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24"	# Default ALCASAR IP address
69
DEFAULT_PRIVATE_IP_MASK="192.168.182.1/24"	# Default ALCASAR IP address
70
# ****** Paths - chemin des commandes *******
70
# ****** Paths - chemin des commandes *******
Line 1398... Line 1398...
1398
	[ -e $DIR_E2G/e2guardian.conf.default ] || cp $DIR_E2G/e2guardian.conf $DIR_E2G/e2guardian.conf.default
1398
	[ -e $DIR_E2G/e2guardian.conf.default ] || cp $DIR_E2G/e2guardian.conf $DIR_E2G/e2guardian.conf.default
1399
# French deny HTML page
1399
# French deny HTML page
1400
	$SED "s?^language =.*?language = 'french'?g" $DIR_E2G/e2guardian.conf
1400
	$SED "s?^language =.*?language = 'french'?g" $DIR_E2G/e2guardian.conf
1401
# Listen & loop prevention on loopback
1401
# Listen & loop prevention on loopback
1402
	$SED "s?^#checkip = 127.0.0.1.*?checkip = 127.0.0.1?g" $DIR_E2G/e2guardian.conf
1402
	$SED "s?^#checkip = 127.0.0.1.*?checkip = 127.0.0.1?g" $DIR_E2G/e2guardian.conf
1403
# 2 filtergroups (8080 & 8090)
1403
# 2 filtergroups (8080 & 8081)
1404
	$SED "s?^#filtergroups =.*?filtergroups = 2?g" $DIR_E2G/e2guardian.conf
1404
	$SED "s?^#filtergroups =.*?filtergroups = 2?g" $DIR_E2G/e2guardian.conf
1405
# Listen on LAN only
1405
# Listen on LAN only
1406
	$SED "s?^#filterip =.*?filterip = $PRIVATE_IP?g" $DIR_E2G/e2guardian.conf
1406
	$SED "s?^#filterip =.*?filterip = $PRIVATE_IP?g" $DIR_E2G/e2guardian.conf
1407
# Listen on 8080 (group1 : BL users on HTTP)
1407
# Listen on 8080 (group1 : BL users on HTTP)
1408
	$SED "s?^#filterports = 8080.*?filterports = 8080?g" $DIR_E2G/e2guardian.conf
1408
	$SED "s?^#filterports = 8080:8081.*?filterports = 8080:8081?g" $DIR_E2G/e2guardian.conf
1409
# Listen on 8081 (group2 : previously AV users --> to be redefine)
1409
# Listen on 8081 (group2 : previously AV users --> to be redefine)
1410
#	$SED "/^filterip = $PRIVATE_IP/a filterip = $PRIVATE_IP" $DIR_E2G/e2guardian.conf
1410
#	$SED "/^filterip = $PRIVATE_IP/a filterip = $PRIVATE_IP" $DIR_E2G/e2guardian.conf
1411
	$SED "s?^#filterports = 8081.*?filterports = 8081?g" $DIR_E2G/e2guardian.conf
1411
	$SED "s?^#filterports = 8081.*?filterports = 8081?g" $DIR_E2G/e2guardian.conf
1412
# for now we don't listen transparently on 8443 (HTTPS) (only in future version)
1412
# for now we don't listen transparently on 8443 (HTTPS) (only in future version)
1413
	$SED "s?^transparenthttpsport =.*?#transparenthttpsport = 8443?g" $DIR_E2G/e2guardian.conf
1413
	$SED "s?^transparenthttpsport =.*?#transparenthttpsport = 8443?g" $DIR_E2G/e2guardian.conf
Line 1474... Line 1474...
1474
	# 'Safesearch' regex actualisation
1474
	# 'Safesearch' regex actualisation
1475
	$SED "s?images?search?g" $DIR_E2G_GROUP1/urlregexplist
1475
	$SED "s?images?search?g" $DIR_E2G_GROUP1/urlregexplist
1476
	# change the google safesearch ("safe=strict" instead of "safe=vss")
1476
	# change the google safesearch ("safe=strict" instead of "safe=vss")
1477
	$SED "s?safe=vss?safe=strict?g" $DIR_E2G_GROUP1/urlregexplist
1477
	$SED "s?safe=vss?safe=strict?g" $DIR_E2G_GROUP1/urlregexplist
1478
 
1478
 
-
 
1479
###### ALCASAR filtering for group2 (previously av_users) ####
1479
# Create & adapt group2 conf file (av + av_wl)
1480
# Create & adapt group2 conf file (av + av_wl)
1480
	cp $DIR_E2G/e2guardianf1.conf.default $DIR_E2G/e2guardianf2.conf
1481
	cp $DIR_E2G/e2guardianf1.conf.default $DIR_E2G/e2guardianf2.conf
1481
	$SED "s?^#reportinglevel =.*?reportinglevel = 3?g" $DIR_E2G/e2guardianf2.conf
1482
	$SED "s?^#reportinglevel =.*?reportinglevel = 3?g" $DIR_E2G/e2guardianf2.conf
1482
	$SED "s?^#groupname =.*?groupname = 'antimalware + whitelested users'?g" $DIR_E2G/e2guardianf2.conf
1483
	$SED "s?^#groupname =.*?groupname = 'antimalware + whitelested users'?g" $DIR_E2G/e2guardianf2.conf
1483
	$SED "s?^urllist = 'name=banned,messageno=501,path=__LISTDIR__/bannedurllist'?urllist = 'name=banned,messageno=501,path=__LISTDIR__/bannedurllist.default'?g" $DIR_E2G/e2guardianf2.conf # no banned urls
-
 
1484
 
1484
 
1485
# create log folder
1485
# create log folder
1486
	mkdir -p /var/log/e2guardian
1486
	mkdir -p /var/log/e2guardian
1487
	chown -R e2guardian /etc/e2guardian /var/log/e2guardian
1487
	chown -R e2guardian /etc/e2guardian /var/log/e2guardian
1488
} # End of e2guardian()
1488
} # End of e2guardian()
Line 1764... Line 1764...
1764
	range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;
1764
	range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;
1765
	default-lease-time 21600;
1765
	default-lease-time 21600;
1766
	max-lease-time 43200;
1766
	max-lease-time 43200;
1767
}
1767
}
1768
EOF
1768
EOF
-
 
1769
chown -R dhcpd:dhcpd /var/lib/dhcpd
1769
} # End of dhcpd()
1770
} # End of dhcpd()
1770
 
1771
 
1771
##########################################################
1772
##########################################################
1772
##                         "BL"                         ##
1773
##                         "BL"                         ##
1773
## - copy & adapt Toulouse BL to ALCASAR architecture   ##
1774
## - copy & adapt Toulouse BL to ALCASAR architecture   ##
Line 2227... Line 2228...
2227
	echo "SSH_WAN=0" >> $CONF_FILE
2228
	echo "SSH_WAN=0" >> $CONF_FILE
2228
	echo "SSH_ADMIN_FROM=0.0.0.0/0.0.0.0" >> $CONF_FILE
2229
	echo "SSH_ADMIN_FROM=0.0.0.0/0.0.0.0" >> $CONF_FILE
2229
	echo "INTERLAN=off" >> $CONF_FILE
2230
	echo "INTERLAN=off" >> $CONF_FILE
2230
	echo "LDAP=off" >> $CONF_FILE
2231
	echo "LDAP=off" >> $CONF_FILE
2231
	echo "LDAP_SERVER=127.0.0.1" >> $CONF_FILE
2232
	echo "LDAP_SERVER=127.0.0.1" >> $CONF_FILE
2232
	echo "LDAP_BASE=cn=Users;dc=serverad;dc=localdomain" >> $CONF_FILE
2233
	echo "LDAP_BASE=cn=Users;dc=serverad;dc=lan" >> $CONF_FILE
2233
	echo "LDAP_UID=sAMAccountName" >> $CONF_FILE
2234
	echo "LDAP_UID=sAMAccountName" >> $CONF_FILE
2234
	echo "LDAP_FILTER=" >> $CONF_FILE
2235
	echo "LDAP_FILTER=" >> $CONF_FILE
2235
	echo "LDAP_USER=alcasar" >> $CONF_FILE
2236
	echo "LDAP_USER=alcasar" >> $CONF_FILE
2236
	echo "LDAP_PASSWORD=" >> $CONF_FILE
2237
	echo "LDAP_PASSWORD=" >> $CONF_FILE
2237
	echo "LDAP_SSL=on" >> $CONF_FILE
2238
	echo "LDAP_SSL=on" >> $CONF_FILE