Revisión 12
Añadido por Antonio J. Abasolo Sierra hace casi 15 años
| limitar-https/trunk/deny_https_update | ||
|---|---|---|
|
#!/bin/sh
|
||
|
#----------------------------------------------------------------------------------------
|
||
|
# Antonio J. Abasolo Sierra (Mayo-2010)
|
||
|
#----------------------------------------------------------------------------------------
|
||
|
# Descarga el fichero general de https a denegar por todos los IES
|
||
|
#----------------------------------------------------------------------------------------
|
||
|
|
||
|
RUTA=http://desarrollo.educarex.es/linex/projects/servidoressecundaria/repository/entry/limitar-https/trunk
|
||
|
FICHERO=deny_https.all
|
||
|
|
||
|
wget -O /etc/network/$FICHERO $RUTA/$FICHERO?format=raw
|
||
|
/etc/init.d/deny_https restart
|
||
|
|
||
|
|
||
| limitar-https/trunk/limitar_https.class | ||
|---|---|---|
|
exec { "configurar-https":
|
||
|
command => "/usr/sbin/update-rc.d deny_https start 31 2 3 4 5 . stop 01 0 1 6 . ; /etc/init.d/deny_https start",
|
||
|
require => File["/etc/init.d/deny_https"],
|
||
|
unless => "/bin/ls /etc/rc2.d/S99deny_https",
|
||
|
unless => "/bin/ls /etc/rc2.d/S31deny_https",
|
||
|
refreshonly => true,
|
||
|
}
|
||
|
|
||
|
file { "/usr/sbin/deny_https_update":
|
||
|
owner=>root, group=>root, mode=>755,
|
||
|
source=>"puppet:///puppet.educarex.es/files/deny_https_update",
|
||
|
}
|
||
|
|
||
|
cron { "Actualizar-deny_https.all":
|
||
|
command => "/usr/sbin/deny_https_update",
|
||
|
user => root,
|
||
|
hour => '08',
|
||
|
minute => '15';
|
||
|
}
|
||
|
|
||
|
}
|
||
| limitar-https/trunk/deny_https | ||
|---|---|---|
|
#
|
||
|
# Depende del fichero de configuración "/etc/network/deny_https.conf",
|
||
|
# el cual se genera a partir del fichero "/etc/network/deny_https.all"
|
||
|
# obtenido a diario del repositorio general, mas el fichero "/etc/network/deny_https.ies",
|
||
|
# obtenido del repositorio general, mas el fichero "/etc/network/deny_https.ies",
|
||
|
# el cual será modificado por cada IES según sus necesidades.
|
||
|
# Dichos ficheros podrán tener dos tipos de líneas (no importa el orden):
|
||
|
# - web's de destino que queremos bloquear vía https
|
||
| ... | ... | |
|
# Variables
|
||
|
IPTABLES=/sbin/iptables
|
||
|
DENY_HTTPS=/etc/network/deny_https.conf
|
||
|
DENY_HTTPS_ALL=/etc/network/deny_https.all
|
||
|
DENY_HTTPS_IES=/etc/network/deny_https.ies
|
||
|
RUTA=http://desarrollo.educarex.es/linex/projects/servidoressecundaria/repository/entry/limitar-https/trunk
|
||
|
RED=`ifconfig | grep Bcast | cut -f2 -d: | awk '{print }' | cut -f1 -d.`
|
||
|
#----------------------------------------------------------------------------------------
|
||
|
|
||
|
# Descarga el fichero general de https a denegar por todos los IES
|
||
|
wget -O /etc/network/$DENY_HTTPS_ALL $RUTA/$DENY_HTTPS_ALL?format=raw
|
||
|
|
||
|
# Unimos y filtramos los ficheros de configuración
|
||
|
cat deny_https.all deny_https.ies | egrep -v '#|^$' | awk '{print $1}' | sort | uniq > $DENY_HTTPS
|
||
|
#----------------------------------------------------------------------------------------
|
||
|
cat $DENY_HTTPS_ALL $DENY_HTTPS_IES | egrep -v '#|^$' | awk '{print $1}' | sort | uniq > $DENY_HTTPS
|
||
|
|
||
|
# Bail out if no iptables binary or no configuration
|
||
|
[ -x ${IPTABLES} -a "$DENY_HTTPS" ] || exit 0
|
||
Exportar a: Unified diff
actualización