Merge pull request #134 from Nachtfalkeaw/master

disabled  proxy module (not often used) and disabled virtual-server "control-socket" which is experimental and misconfigured a security issue.

3 files changed, 12 insertions, 9 deletions

diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index 29ca98f8..76fb23d5 100755
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -29,6 +29,8 @@ function freeradius_install_command() {
 	
 	exec("chown -R root:wheel /usr/local/etc/raddb");
 	exec("chown -R root:wheel /usr/local/lib/freeradius-2.1.12");
+	// disable an experimental module of freeRADIUS which could be a security issue if not configured correctly!
+	exec("rm -f /usr/local/etc/raddb/sites-enabled/control-socket");
 	
 	closedir($handle);
 
@@ -146,14 +148,15 @@ log {
 }
 
 checkrad = \${sbindir}/checkrad
-security 	{
+security {
 	max_attributes = $varsettingsmaxattributes
 	reject_delay = $varsettingsrejectdelay
 	status_server = no  		### Needs additional config in raddb/sites-available/status
 }
 
-proxy_requests = yes
-\$INCLUDE  proxy.conf
+### disbale proxy module. In most environments we do not need to proxy requests to another RADIUS PROXY server
+#proxy_requests = yes
+#\$INCLUDE  proxy.conf
 \$INCLUDE  clients.conf
 thread pool {
 	start_servers = $varsettingsstartservers
@@ -259,7 +262,7 @@ EOD;
 	conf_mount_rw();
 	file_put_contents($filename, $conf);
 	chmod($filename, 0600);
-        conf_mount_ro();
+	conf_mount_ro();
 
 	restart_service('freeradius');
 }
@@ -296,11 +299,11 @@ client $varclientshortname {
 	shortname = $varclientshortname
 
 		### Optional: Used by checkrad.pl for simultaneous use checks. Default: other
-	nastype     = $varclientnastype
+	nastype = $varclientnastype
 
 		### Optional: will be used in future releases
-	#login       = !root
-	#password    = someadminpas
+	#login = !root
+	#password = someadminpas
 							
 		### Additional configuration needed. See: raddb/sites-available/originate-coa
 	#virtual_server = home1
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 495a4ef0..fefb92dd 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -760,7 +760,7 @@
 				Do not use together with freeradius package. Both are using the same XML files.]]></descr>
 		<pkginfolink>http://forum.pfsense.org/index.php/topic,43675.0.html</pkginfolink>
 		<category>System</category>
-		<version>2.1.12 pkg v1.1.0</version>
+		<version>2.1.12 pkg v1.1.1</version>
 		<status>BETA</status>
 		<required_version>2.0</required_version>
 		<maintainer>Nachtfalke</maintainer>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 2730cf82..a7ff638b 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -803,7 +803,7 @@
 				Do not use together with freeradius package. Both are using the same XML files.]]></descr>
 		<pkginfolink>http://forum.pfsense.org/index.php/topic,43675.0.html</pkginfolink>
 		<category>System</category>
-		<version>2.1.12 pkg v1.1.0</version>
+		<version>2.1.12 pkg v1.1.1</version>
 		<status>BETA</status>
 		<required_version>2.0</required_version>
 		<maintainer>Nachtfalke</maintainer>