diff options
| author | marcelloc <marcellocoutinho@gmail.com> | 2012-01-27 14:24:51 -0200 |
|---|---|---|
| committer | marcelloc <marcellocoutinho@gmail.com> | 2012-01-27 14:24:51 -0200 |
| commit | cf08e91af27301092ea4ef4bd96762fcd82db58c (patch) | |
| tree | c93f620a3779c6d9f47800e6a8e606de9ca05730 /config/dansguardian/dansguardian.inc | |
| parent | df225741292cdf7067938de8bc2f018fc14f76a1 (diff) | |
| download | pfsense-packages-cf08e91af27301092ea4ef4bd96762fcd82db58c.tar.gz pfsense-packages-cf08e91af27301092ea4ef4bd96762fcd82db58c.tar.bz2 pfsense-packages-cf08e91af27301092ea4ef4bd96762fcd82db58c.zip | |
Dansguardian - First release
Diffstat (limited to 'config/dansguardian/dansguardian.inc')
| -rwxr-xr-x | config/dansguardian/dansguardian.inc | 1615 |
1 files changed, 632 insertions, 983 deletions
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index bbee18a3..343c38b9 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -37,6 +37,15 @@ function dg_text_area_decode($text){ return preg_replace('/\r\n/', "\n",base64_decode($text)); } +function dg_get_real_interface_address($iface) { + global $config; + $iface = convert_friendly_interface_to_real_interface_name($iface); + $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6")); + $postfix_enabled=$config['installedpackages']['postfix']['config'][0]['enable_postfix']; + list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line); + return array($ip, long2ip(hexdec($netmask))); +} + function sync_package_dansguardian() { global $config; @@ -49,53 +58,58 @@ function sync_package_dansguardian() { $dansguardian_limits=$config['installedpackages']['dansguardianlimits']['config'][0]; if (is_array($config['installedpackages']['dansguardianlog'])) $dansguardian_log=$config['installedpackages']['dansguardianlog']['config'][0]; - + if (is_array($config['installedpackages']['dansguardianusers'])) + $dansguardian_users=$config['installedpackages']['dansguardianusers']['config'][0]; + if (is_array($config['installedpackages']['dansguardianblacklist']['config'])) + $dansguardian_blacklist=$config['installedpackages']['dansguardianblacklist']['config'][0]; + #daemon options $dansguardian_enabled=$dansguardian['enable_dg']; - $filterports=($dansguardian['filterports']?$dansguardian['filterports']:"8080"); + $filterport=($dansguardian['filterports']?$dansguardian['filterports']:"8080"); $softrestart=(preg_match('/softrestart/',$dansguardian['daemon_options'])?"yes":"no"); - $nodaemon=(preg_match('/nodaemon/',$dansguardian['daemon_options'])?"yes":"no"); - if ($dansguardian['children']) - list($min_children,$max_children) = split ("/", $dansguardian['children'], 2); + $nodaemon=(preg_match('/nodaemon/',$dansguardian['daemon_options'])?"yes":"off"); + if (preg_match("/\d+\/\d+/",$dansguardian['children'])) + list($minchildren,$maxchildren) = split ("/", $dansguardian['children'], 2); else - list($min_children,$max_children) = split ("/", "8/120", 2); - if ($dansguardian['sparechildren']) - list($min_spare_children,$max_spare_children) = split ("/", $dansguardian['sparechildren'], 2); + list($minchildren,$maxchildren) = split ("/", "8/120", 2); + if (preg_match("/\d+\/\d+/",$dansguardian['sparechildren'])) + list($minsparechildren,$maxsparechildren) = split ("/", $dansguardian['sparechildren'], 2); else - list($min_spare_children,$max_spare_children) = split ("/", "8/64", 2); + list($minsparechildren,$maxsparechildren) = split ("/", "8/64", 2); $maxagechildren=($dansguardian['maxagechildren']?$dansguardian['maxagechildren']:"500"); $maxips=($dansguardian['maxips']?$dansguardian['maxips']:"0"); - + $preforkchildren=($dansguardian['preforkchildren']?$dansguardian['preforkchildren']:"10"); #general options $urlcachenumber=($dansguardian_config['urlcachenumber']?$dansguardian_config['urlcachenumber']:"1000"); $urlcacheage=($dansguardian_config['urlcacheage']?$dansguardian_config['urlcacheage']:"900"); - $scancleancache=(preg_match('/scancleancache/',$dansguardian_config['scan_options'])?"yes":"no"); - $hexdecodecontent=(preg_match('/hexdecodecontent/',$dansguardian_config['scan_options'])?"yes":"no"); - $forcequicksearch=(preg_match('/forcequicksearch/',$dansguardian_config['scan_options'])?"yes":"no"); - $reverseaddresslookups=(preg_match('/reverseaddresslookups/',$dansguardian_config['scan_options'])?"yes":"no"); - $reverseclientiplookups=(preg_match('/reverseclientiplookups/',$dansguardian_config['scan_options'])?"yes":"no"); - $logclienthostnames=(preg_match('/logclienthostnames/',$dansguardian_config['scan_options'])?"yes":"no"); - $createlistcachefiles=(preg_match('/createlistcachefiles/',$dansguardian_config['scan_options'])?"yes":"no"); - $prefercachedlists=(preg_match('/prefercachedlists/',$dansguardian_config['scan_options'])?"yes":"no"); - $deletedownloadedtempfiles=(preg_match('/deletedownloadedtempfiles/',$dansguardian_config['scan_options'])?"yes":"no"); + $scancleancache=(preg_match('/scancleancache/',$dansguardian_config['scan_options'])?"on":"off"); + $hexdecodecontent=(preg_match('/hexdecodecontent/',$dansguardian_config['scan_options'])?"on":"off"); + $forcequicksearch=(preg_match('/forcequicksearch/',$dansguardian_config['scan_options'])?"on":"off"); + $reverseaddresslookups=(preg_match('/reverseaddresslookups/',$dansguardian_config['scan_options'])?"on":"off"); + $reverseclientiplookups=(preg_match('/reverseclientiplookups/',$dansguardian_config['scan_options'])?"on":"off"); + $logclienthostnames=(preg_match('/logclienthostnames/',$dansguardian_config['scan_options'])?"on":"off"); + $createlistcachefiles=(preg_match('/createlistcachefiles/',$dansguardian_config['scan_options'])?"on":"off"); + $prefercachedlists=(preg_match('/prefercachedlists/',$dansguardian_config['scan_options'])?"on":"off"); + $deletedownloadedtempfiles=(preg_match('/deletedownloadedtempfiles/',$dansguardian_config['scan_options'])?"on":"off"); $weightedphrasemode=($dansguardian_config['weightedphrasemode']?$dansguardian_config['weightedphrasemode']:"2"); $phrasefiltermode=($dansguardian_config['phrasefiltermode']?$dansguardian_config['phrasefiltermode']:"2"); $preservecase=($dansguardian_config['preservecase']?$dansguardian_config['preservecase']:"0"); - $clamdscan=(preg_match('/clamdscan/',$dansguardian_config['content_scanners'])?"yes":"no"); - $icapscan=(preg_match('/icapscan/',$dansguardian_config['content_scanners'])?"yes":"no"); + $clamdscan=(preg_match('/clamdscan/',$dansguardian_config['content_scanners'])?"on":"off"); + $icapscan=(preg_match('/icapscan/',$dansguardian_config['content_scanners'])?"on":"off"); $contentscannertimeout=($dansguardian_config['contentscannertimeout']?$dansguardian_config['contentscannertimeout']:"60"); $contentscanexceptions=($dansguardian_config['contentscanexceptions']?"on":"off"); - $recheckreplacedurls=(preg_match('/recheckreplacedurls/',$dansguardian_config['misc_options'])?"yes":"no"); - $forwardedfor=(preg_match('/forwardedfor/',$dansguardian_config['misc_options'])?"yes":"no"); - $recheckreplacedurls=(preg_match('/icapscan/',$dansguardian_config['misc_options'])?"yes":"no"); - $usexforwardedfor=(preg_match('/usexforwardedfor/',$dansguardian_config['misc_options'])?"yes":"no"); + $recheckreplacedurls=(preg_match('/recheckreplacedurls/',$dansguardian_config['misc_options'])?"on":"off"); + $forwardedfor=(preg_match('/forwardedfor/',$dansguardian_config['misc_options'])?"on":"off"); + $recheckreplacedurls=(preg_match('/icapscan/',$dansguardian_config['misc_options'])?"on":"off"); + $usexforwardedfor=(preg_match('/usexforwardedfor/',$dansguardian_config['misc_options'])?"on":"off"); + $authplugin=(preg_match('/usr/',$dansguardian_config['auth_plugin'])?"authplugin = '".$dansguardian_config['auth_plugin']."'":""); #limits $maxuploadsize=($dansguardian_limits['maxuploadsize']?$dansguardian_limits['maxuploadsize']:"-1"); $maxcontentfiltersize=($dansguardian_limits['maxcontentfiltersize']?$dansguardian_limits['maxcontentfiltersize']:"256"); - $maxcontentramcachescansize=($dansguardian_limits['maxcontentramcachescansize']?$dansguardian_limits['maxcontentramcachescansize']:"2000"); - $maxcontentfilecachescansize=($dansguardian_limits['maxcontentfilecachescansize']?$dansguardian_limits['maxcontentfilecachescansize']:"1000"); + $maxcontentramcachescansize=($dansguardian_limits['maxcontentramcachescansize']?$dansguardian_limits['maxcontentramcachescansize']:"1000"); + $maxcontentfilecachescansize=($dansguardian_limits['maxcontentfilecachescansize']?$dansguardian_limits['maxcontentfilecachescansize']:"2000"); $initialtrickledelay=($dansguardian_limits['initialtrickledelay']?$dansguardian_limits['initialtrickledelay']:"20"); $trickledelay=($dansguardian_limits['trickledelay']?$dansguardian_limits['trickledelay']:"20"); @@ -117,993 +131,625 @@ function sync_package_dansguardian() { $logexceptionhits=($dansguardian_log['logexceptionhits']?$dansguardian_log['logexceptionhits']:"2"); $logfileformat=($dansguardian_log['logfileformat']?$dansguardian_log['logfileformat']:"1"); - /* -Language Strings = %report-dir%/languages.conf -*/ #check files - $load_samples=0; + #create sample files + $files = array( "/dansguardianf1.conf", + "/lists/filtergroupslist", + "/lists/bannedphraselist", + "/lists/exceptionphraselist", + "/lists/weightedphraselist", + "/lists/exceptionsitelist", + "/lists/bannedsitelist", + "/lists/greysitelist", + "/lists/logsitelist", + "/lists/bannedregexpurllist", + "/lists/bannedurllist", + "/lists/exceptionregexpurllist", + "/lists/exceptionurllist", + "/lists/greyurllist", + "/lists/logregexpurllist", + "/lists/logurllist", + "/lists/urlregexplist", + "/lists/exceptionfilesitelist", + "/lists/exceptionfileurllist", + "/lists/searchengineregexplist", + "/lists/bannedsearchtermlist", + "/lists/weightedsearchtermlist", + "/lists/exceptionsearchtermlist", + "/lists/contentregexplist", + "/lists/exceptionextensionlist", + "/lists/bannedextensionlist", + "/lists/exceptionmimetypelist", + "/lists/bannedmimetypelist", + "/lists/headerregexplist", + "/lists/bannedregexpheaderlist", + "/lists/contentscanners/exceptionvirusextensionlist", + "/lists/contentscanners/exceptionvirusmimetypelist", + "/lists/contentscanners/exceptionvirussitelist", + "/lists/contentscanners/exceptionvirusurllist", + "/lists/pics"); + + $dansguardian_dir="/usr/local/etc/dansguardian"; + foreach ($files as $file) + if (! file_exists($dansguardian_dir.$file.'.sample')){ + $new_file=""; + $install_file=file($dansguardian_dir.$file); + foreach ($install_file as $line) + if (! preg_match("/Include/",$line)) + $new_file.= $line; + file_put_contents($dansguardian_dir.$file.'.sample',$new_file,LOCK_EX); + } + + $load_samples=0; - if($attachments['filename_rules'] == ""){ - $config['installedpackages']['msattachments']['config'][0]['filename_rules']=base64_encode(file_get_contents($dansguardian_dir.'/archives.filename.rules.conf.sample')); - $load_samples++; - } - if($attachments['filetype_rules'] == ""){ - $config['installedpackages']['msattachments']['config'][0]['filetype_rules']=base64_encode(file_get_contents($dansguardian_dir.'/archives.filetype.rules.conf.sample')); - $load_samples++; - } - if($content['phishing_safe'] == ""){ - $config['installedpackages']['mscontent']['config'][0]['phishing_safe']=base64_encode(file_get_contents($dansguardian_dir.'/phishing.safe.sites.conf.sample')); - $load_samples++; + #contentscanners preg_replace patterns + $match[0]="/(conf)/"; + $match[1]="/(\/usr.local)/"; + $match[2]="/,/"; + $replace[0]="$1'"; + $replace[1]="contentscanner = '$1"; + $replace[2]="\n"; + + $contentscanners=preg_replace($match,$replace,$dansguardian_config['content_scanners']); + + #includes preg_replace patterns + $match[0]="/(.)$/"; + $match[1]="/\/usr.local/"; + $match[2]="/,/"; + $replace[0]="$1>\n"; + $replace[1]="\n.Include</usr/local"; + $replace[2]=">"; + + #phrase ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianphraseacl']['config'])){ + $banned_file=file("/usr/local/etc/dansguardian/lists/bannedphraselist"); + foreach($banned_file as $file_line) + if (preg_match ("/^.Include<(\S+)>/",$file_line,$matches)) + $banned_includes .= $matches[1].","; + + $weighted_file=file("/usr/local/etc/dansguardian/lists/weightedphraselist"); + foreach($weighted_file as $file_line) + if (preg_match ("/^.Include<(\S+)>/",$file_line,$matches)) + $weighted_includes .= $matches[1].","; + $config['installedpackages']['dansguardianphraseacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default Phrase access list setup', + 'banned_enabled'=> "on", + 'weighted_enabled'=> "on", + 'exception_enabled'=> "on", + 'banned_includes' => substr($banned_includes,0,-1), + 'weighted_includes' => substr($weighted_includes,0,-1)); } - if($content['phishing_bad'] == ""){ - $config['installedpackages']['mscontent']['config'][0]['phishing_bad']=base64_encode(file_get_contents($dansguardian_dir.'/phishing.bad.sites.conf.sample')); - $load_samples++; + #loop on array + $count=0; + if (is_array($config['installedpackages']['dansguardianphraseacl']['config'])) + foreach($config['installedpackages']['dansguardianphraseacl']['config'] as $dansguardian_phrase){ + #bannedphraselist + if($dansguardian_phrase['banned_phraselist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedphraselist.sample')){ + $config['installedpackages']['dansguardianphraseacl']['config'][$count]['banned_phraselist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedphraselist.sample')); + $load_samples++; + } + $includes=preg_replace($match,$replace,$dansguardian_phrase['banned_includes']); + file_put_contents($dansguardian_dir."/lists/bannedphraselist.".$dansguardian_phrase['name'],($dansguardian_phrase['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianphraseacl']['config'][$count]['banned_phraselist']).$includes:""),LOCK_EX); + + #weightedphraselist + if($dansguardian_phrase['weighted_phraselist'] == "" && file_exists ($dansguardian_dir.'/lists/weightedphraselist.sample')){ + $config['installedpackages']['dansguardianphraseacl']['config'][$count]['weighted_phraselist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/weightedphraselist.sample')); + $load_samples++; + } + $includes=preg_replace($match,$replace,$dansguardian_phrase['weighted_includes']); + file_put_contents($dansguardian_dir."/lists/weightedphraselist.".$dansguardian_phrase['name'],($dansguardian_phrase['weighted_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianphraseacl']['config'][$count]['weighted_phraselist']).$includes:""),LOCK_EX); + + #exceptionphraselist + if($dansguardian_phrase['exception_phraselist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionphraselist.sample')){ + $config['installedpackages']['dansguardianphraseacl']['config'][$count]['exception_phraselist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionphraselist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionphraselist.".$dansguardian_phrase['name'],($dansguardian_phrase['exception_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianphraseacl']['config'][$count]['exception_phraselist']):""),LOCK_EX); + $count++; + } + + #site ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardiansiteacl']['config'])) + $config['installedpackages']['dansguardiansiteacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default Site access list setup', + 'exceptionsite_enabled'=> "on", + 'bannedsite_enabled'=> "on", + 'greysite_enabled'=> "on", + 'urlsite_enabled'=> "on"); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardiansiteacl']['config'] as $dansguardian_site){ + #exceptionsitelist + if($dansguardian_site['exception_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionsitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['exception_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionsitelist.sample')); + $load_samples++; + } + $includes=preg_replace($match,$replace,$dansguardian_site['exception_includes']); + file_put_contents($dansguardian_dir."/lists/exceptionsitelist.".$dansguardian_site['name'],($dansguardian_site['exceptionsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['exception_sitelist']).$includes:""),LOCK_EX); + + #exceptionfilesitelist + if($dansguardian_site['exceptionfile_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionfilesitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['exceptionfile_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionfilesitelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionfilesitelist.".$dansguardian_site['name'],($dansguardian_site['exceptionsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['exceptionfile_sitelist']):""),LOCK_EX); + + #bannedsitelist + if($dansguardian_site['banned_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedsitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['banned_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedsitelist.sample')); + $load_samples++; + } + $includes=preg_replace($match,$replace,$dansguardian_site['banned_includes']); + file_put_contents($dansguardian_dir."/lists/bannedsitelist.".$dansguardian_site['name'],($dansguardian_site['bannedsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['banned_sitelist']).$includes:""),LOCK_EX); + + #greysitelist + if($dansguardian_site['grey_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/greysitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['grey_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/greysitelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/greysitelist.".$dansguardian_site['name'],($dansguardian_site['greysite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['grey_sitelist']):""),LOCK_EX); + + #logsitelist + if($dansguardian_site['log_sitelist'] == "" && file_exists ($dansguardian_dir.'/lists/logsitelist.sample')){ + $config['installedpackages']['dansguardiansiteacl']['config'][$count]['log_sitelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/logsitelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/logsitelist.".$dansguardian_site['name'],($dansguardian_site['urlsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['log_sitelist']):""),LOCK_EX); + $count++; } - if($content['country_domains'] == ""){ - $config['installedpackages']['mscontent']['config'][0]['country_domains']=base64_encode(file_get_contents($dansguardian_dir.'/country.domains.conf.sample')); - $load_samples++; - } - if($antispam['sa_pref_file'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['sa_pref_file']=base64_encode(file_get_contents($dansguardian_dir.'/spam.assassin.prefs.conf.sample')); - $load_samples++; - } - if($antispam['rbl_file'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['rbl_file']=base64_encode(file_get_contents($dansguardian_dir.'/spam.lists.conf.sample')); - $load_samples++; - } - if($antispam['mcp_pref_file'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['mcp_pref_file']=base64_encode(file_get_contents($dansguardian_dir.'/mcp/mcp.spam.assassin.prefs.conf.sample')); - copy($dansguardian_dir.'/mcp/10_example.cf.sample',$dansguardian_dir.'/mcp/10_example.cf'); - copy($dansguardian_dir.'/mcp/v320.pre.sample',$dansguardian_dir.'/mcp/v320.pre'); - $load_samples++; - } - if($antispam['bounce'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['bounce']=base64_encode(file_get_contents($dansguardian_dir.'/rules/bounce.rules.sample')); - $load_samples++; - } - if($antispam['spam_whitelist'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['spam_whitelist']=base64_encode(file_get_contents($dansguardian_dir.'/rules/spam.whitelist.rules.sample')); - $load_samples++; - } - if($antispam['max_message_size'] == ""){ - $config['installedpackages']['msantispam']['config'][0]['max_message_size']=base64_encode(file_get_contents($dansguardian_dir.'/rules/max.message.size.rules.sample')); - $load_samples++; - } - - $report_dir="/usr/local/share/dansguardian/reports/".strtolower($report['language']); - #CHECK REPORT FILES - $report_files= array('deletedbadcontent' => 'deleted.content.message.txt', - 'deletedbadfilename' => 'deleted.filename.message.txt', - 'deletedvirus' =>'deleted.virus.message.txt', - 'deletedsize' => 'deleted.size.message.txt', - 'storedbadcontent' => 'stored.content.message.txt', - 'storedbadfilename' => 'stored.filename.message.txt', - 'storedvirus' => 'stored.virus.message.txt', - 'storedsize' => 'stored.size.message.txt', - 'disinfected' => 'disinfected.report.txt', - 'sendercontent' => 'sender.content.report.txt', - 'sendererror' => 'sender.error.report.txt', - 'senderbadfilename' => 'sender.filename.report.txt', - 'sendervirus' => 'sender.virus.report.txt', - 'sendersize' => 'sender.size.report.txt', - 'senderrbl' => 'sender.spam.rbl.report.txt', - 'sendersa' => 'sender.spam.sa.report.txt', - 'sendermcp' => 'sender.mcp.report.txt', - 'senderspam'=>'sender.spam.report.txt', - 'recipientmcp'=>'recipient.mcp.report.txt', - 'recipientspam'=>'recipient.spam.report.txt', - 'rejection' =>'rejection.report.txt'); - foreach ($report_files as $key_r => $file_r){ - if ($report[$key_r] == ""){ - #$input_errors[]= $key; - $config['installedpackages']['msreport']['config'][0][$key_r]=base64_encode(file_get_contents($report_dir.'/'.$file_r.'.sample')); - file_put_contents($report_dir.'/'.$file_r,dg_text_area_decode($config['installedpackages']['msreport']['config'][0][$key_r]),LOCK_EX); + #URL ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianurlacl']['config'])) + $config['installedpackages']['dansguardianurlacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default Url access list setup', + 'bannedurl_enabled'=> "on", + 'exceptionurl_enabled'=> "on", + 'contenturl_enabled'=> "on", + 'greyurl_enabled'=> "on"); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardianurlacl']['config'] as $dansguardian_url){ + #bannedurllist + if($dansguardian_url['banned_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['banned_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedurllist.sample')); $load_samples++; - } - #print $key_r ."X $file_r X". base64_encode(file_get_contents($report_dir.'/'.$file_r.'.sample')) ."<br>"; + } + $includes=preg_replace($match,$replace,$dansguardian_url['banned_includes']); + file_put_contents($dansguardian_dir."/lists/bannedurllist.".$dansguardian_url['name'],($dansguardian_url['bannedurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['banned_urllist']).$includes:""),LOCK_EX); + + #bannedregexpurllist + if($dansguardian_url['bannedregexp_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedregexpurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['bannedregexp_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedregexpurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/bannedregexpurllist.".$dansguardian_url['name'],($dansguardian_url['bannedurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['bannedregexp_urllist']).$includes:""),LOCK_EX); + + #greyurllist + if($dansguardian_url['grey_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/greyurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['grey_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/greyurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/greyurllist.".$dansguardian_url['name'],($dansguardian_url['greyurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['grey_urllist']):""),LOCK_EX); + + #exceptionfileurllist + if($dansguardian_url['exception_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionfileurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['exception_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionfileurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionfileurllist.".$dansguardian_url['name'],($dansguardian_url['exceptionurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['exception_urllist']):""),LOCK_EX); - if ($alert['sig']){ - if($alert['sig_html'] == ""){ - $config['installedpackages']['msalerts']['config'][0]['sig_html']=base64_encode(file_get_contents($report_dir.'/inline.sig.html')); + #exceptionregexpurllist + if($dansguardian_url['exceptionregexp_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionregexpurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['exceptionregexp_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionregexpurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionregexpurllist.".$dansguardian_url['name'],($dansguardian_url['exceptionurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['exceptionregexp_urllist']):""),LOCK_EX); + + #exceptionurllist + if($dansguardian_url['exception_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['exception_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionurllist.".$dansguardian_url['name'],($dansguardian_url['exceptionurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['exception_urllist']):""),LOCK_EX); + + #urlregexplist + if($dansguardian_url['modify_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/urlregexplist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['modify_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/urlregexplist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/urlregexplist.".$dansguardian_url['name'],($dansguardian_url['contenturl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['modify_urllist']):""),LOCK_EX); + + #logurllist + if($dansguardian_url['log_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/logurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['log_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/logurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/logurllist.".$dansguardian_url['name'],($dansguardian_url['logurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['log_urllist']):""),LOCK_EX); + + #logregexpurllist + if($dansguardian_url['logregexp_urllist'] == "" && file_exists ($dansguardian_dir.'/lists/logregexpurllist.sample')){ + $config['installedpackages']['dansguardianurlacl']['config'][$count]['logregexp_urllist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/logregexpurllist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/logregexpurllist.".$dansguardian_url['name'],($dansguardian_url['logurl_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianurlacl']['config'][$count]['logregexp_urllist']):""),LOCK_EX); + $count++; + } + + #Pics ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianpicsacl']['config'])) + $config['installedpackages']['dansguardianpicsacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default file access list setup'); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardianpicsacl']['config'] as $dansguardian_pics){ + #pics + if($dansguardian_pics['pics'] == "" && file_exists ($dansguardian_dir.'/lists/pics.sample')){ + $config['installedpackages']['dansguardianpicsacl']['config'][$count]['pics']=base64_encode(file_get_contents($dansguardian_dir.'/lists/pics.sample')); $load_samples++; - } - if($alert['sig_txt'] == ""){ - $config['installedpackages']['msalerts']['config'][0]['sig_txt']=base64_encode(file_get_contents($report_dir.'/inline.sig.txt')); + } + file_put_contents($dansguardian_dir."/lists/pics.".$dansguardian_pics['name'],($dansguardian_pics['pics_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianpicsacl']['config'][$count]['pics']):""),LOCK_EX); + $count++; + } + + #Search ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardiansearchacl']['config'])) + $config['installedpackages']['dansguardiansearchacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default search engine list setup'); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardiansearchacl']['config'] as $dansguardian_search){ + #searchengineregexplist + if($dansguardian_search['searchengineregexplist'] == "" && file_exists ($dansguardian_dir.'/lists/searchengineregexplist.sample')){ + $config['installedpackages']['dansguardiansearchacl']['config'][$count]['searchengineregexplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/searchengineregexplist.sample')); $load_samples++; - } } + file_put_contents($dansguardian_dir."/lists/searchengineregexplist.".$dansguardian_search['name'],($dansguardian_search['regexp_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['searchengineregexplist']):""),LOCK_EX); - if ($alert['warning']){ - if($alert['warning_html'] == ""){ - $config['installedpackages']['msalerts']['config'][0]['warning_html']=base64_encode(file_get_contents($report_dir.'/inline.warning.html')); + #bannedsearchtermlist + if($dansguardian_search['banned_searchtermlist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedsearchtermlist.sample')){ + $config['installedpackages']['dansguardiansearchacl']['config'][$count]['banned_searchtermlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedsearchtermlist.sample')); $load_samples++; - } - if($alert['warning_txt'] == ""){ - $config['installedpackages']['msalerts']['config'][0]['warning_txt']=base64_encode(file_get_contents($report_dir.'/inline.warning.txt')); + } + file_put_contents($dansguardian_dir."/lists/bannedsearchtermlist.".$dansguardian_search['name'],($dansguardian_search['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['banned_searchtermlist']):""),LOCK_EX); + + #weightedsearchtermlist + if($dansguardian_search['weighted_searchtermlist'] == "" && file_exists ($dansguardian_dir.'/lists/weightedsearchtermlist.sample')){ + $config['installedpackages']['dansguardiansearchacl']['config'][$count]['weighted_searchtermlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/weightedsearchtermlist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/weightedsearchtermlist.".$dansguardian_search['name'],($dansguardian_search['weighted_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['weighted_searchtermlist']):""),LOCK_EX); + + #exceptionsearchtermlist + if($dansguardian_search['exception_searchtermlist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionsearchtermlist.sample')){ + $config['installedpackages']['dansguardiansearchacl']['config'][$count]['exception_searchtermlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionsearchtermlist.sample')); $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionsearchtermlist.".$dansguardian_search['name'],($dansguardian_search['exception_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansearchacl']['config'][$count]['exception_searchtermlist']):""),LOCK_EX); + $count++; + } + + #File ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianfileacl']['config'])) + $config['installedpackages']['dansguardianfileacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default file access list setup', + 'exception_enabled'=> "on", + 'banned_enabled'=> "on"); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardianfileacl']['config'] as $dansguardian_file){ + #exceptionextensionlist + if($dansguardian_file['exception_extensionlist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionextensionlist.sample')){ + $config['installedpackages']['dansguardianfileacl']['config'][$count]['exception_extensionlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionextensionlist.sample')); + $load_samples++; } + file_put_contents($dansguardian_dir."/lists/exceptionextensionlist.".$dansguardian_file['name'],($dansguardian_file['exception_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianfileacl']['config'][$count]['exception_extensionlist']):""),LOCK_EX); + + #exceptionmimetypelist + if($dansguardian_file['exception_mimetypelist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptionmimetypelist.sample')){ + $config['installedpackages']['dansguardianfileacl']['config'][$count]['exception_mimetypelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptionmimetypelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptionmimetypelist.".$dansguardian_file['name'],($dansguardian_file['exception_enabled']?dg_text_area_decode($config['installedpackages']['exception_mimetypelist']):""),LOCK_EX); + + #bannedextensionlist + if($dansguardian_file['banned_extensionlist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedextensionlist.sample')){ + $config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_extensionlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedextensionlist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/bannedextensionlist.".$dansguardian_file['name'],($dansguardian_file['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_extensionlist']):""),LOCK_EX); + + #bannedmimetypelist + if($dansguardian_file['banned_mimetypelist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedmimetypelist.sample')){ + $config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_mimetypelist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedmimetypelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/bannedmimetypelist.".$dansguardian_file['name'],($dansguardian_file['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianfileacl']['config'][$count]['banned_mimetypelist']):""),LOCK_EX); + $count++; + } + + #header ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianheaderacl']['config'])) + $config['installedpackages']['dansguardianheaderacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default header access list setup'); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardianheaderacl']['config'] as $dansguardian_header){ + #headerregexplist + if($dansguardian_header['header_regexplist'] == "" && file_exists ($dansguardian_dir.'/lists/headerregexplist.sample')){ + $config['installedpackages']['dansguardianheaderacl']['config'][$count]['header_regexplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/headerregexplist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/headerregexplist.".$dansguardian_header['name'],($dansguardian_header['regexp_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianheaderacl']['config'][$count]['header_regexplist']):""),LOCK_EX); + + #bannedregexpheaderlist + if($dansguardian_header['banned_regexpheaderlist'] == "" && file_exists ($dansguardian_dir.'/lists/bannedregexpheaderlist.sample')){ + $config['installedpackages']['dansguardianheaderacl']['config'][$count]['banned_regexpheaderlist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/bannedregexpheaderlist.sample')); + $load_samples++; } + file_put_contents($dansguardian_dir."/lists/bannedregexpheaderlist.".$dansguardian_header['name'],($dansguardian_header['banned_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianheaderacl']['config'][$count]['banned_regexpheaderlist']):""),LOCK_EX); + $count++; + } + + #Content ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardiancontentacl']['config'])) + $config['installedpackages']['dansguardiancontentacl']['config'][0]=array('name'=>'Default', + 'description'=>'Default content setup'); + #loop on array + $count=0; + foreach($config['installedpackages']['dansguardiancontentacl']['config'] as $dansguardian_content){ + #content_regexplist + if($dansguardian_content['content_regexplist'] == "" && file_exists ($dansguardian_dir.'/lists/contentregexplist.sample')){ + $config['installedpackages']['dansguardiancontentacl']['config'][$count]['content_regexplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentregexplist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/contentregexplist.".$dansguardian_content['name'],($dansguardian_content['content_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiancontentacl']['config'][$count]['content_regexplist']):""),LOCK_EX); + $count++; + } + + #Antivirus ACL + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianantivirusacl']['config'])) + $config['installedpackages']['dansguardianantivirusacl']['config'][0]=array(); + + #exceptionvirusmimetypelist + if($dansguardian_antivirus['mime_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirusmimetypelist.sample')){ + $config['installedpackages']['dansguardianantivirusacl']['config'][0]['mime_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirusmimetypelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirusmimetypelist",($dansguardian_antivirus['mime_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['mime_list']):""),LOCK_EX); + #exceptionvirussitelist + if($dansguardian_antivirus['site_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirussitelist.sample')){ + $config['installedpackages']['dansguardianantivirusacl']['config'][0]['site_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirussitelist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirussitelist",($dansguardian_antivirus['site_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['site_list']):""),LOCK_EX); + + #exceptionvirusurllist + if($dansguardian_antivirus['url_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirusurllist.sample')){ + $config['installedpackages']['dansguardianantivirusacl']['config'][0]['url_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirusurllist.sample')); + $load_samples++; } - #exit; + file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirusurllist",($dansguardian_antivirus['url_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['url_list']):""),LOCK_EX); + + #exceptionvirusextensionlist + if($dansguardian_antivirus['extension_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirusextensionlist.sample')){ + $config['installedpackages']['dansguardianantivirusacl']['config'][0]['extension_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirusextensionlist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirusextensionlist",($dansguardian_antivirus['extension_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['extension_list']):""),LOCK_EX); + if($load_samples > 0) write_config(); + #Filtergroups + if (!is_array($config['installedpackages']['dansguardiangroups']['config'])) + $config['installedpackages']['dansguardiangroups']['config'][0]=array('name'=>'Default', + 'description'=>'Default dansguardian filtergroup', + 'picsacl'=> "Default", + 'phraseacl'=> "Default", + 'siteacl'=> "Default", + 'extensionacl'=> "Default", + 'headeracl'=> "Default", + 'contentacl'=> "Default", + 'searchacl'=> "Default", + 'urlacl'=> "Default", + 'group_options' => "scancleancache,infectionbypasserrorsonly", + 'reportinglevel'=>'3', + 'mode'=> "1"); + + $groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcertcheck","sslmitm"); + #loop on array + $count=1; + $user_xml=""; + $filtergroupslist=""; + foreach($config['installedpackages']['dansguardiangroups']['config'] as $dansguardian_groups){ + $dansguardian_group_name=strtolower($dansguardian_groups['name']); + $dgfg[$count]=$dansguardian_group_name; + $dansguardian_groups['blockdownloads']=($dansguardian_groups['blockdownloads']?$dansguardian_groups['blockdownloads']:"off"); + $dansguardian_groups['weightedphrasemode']=(preg_match("/\d/",$dansguardian_groups['weightedphrasemode'])?$dansguardian_groups['weightedphrasemode']:$dansguardian_config['weightedphrasemode']); + $dansguardian_groups['naughtynesslimit']=($dansguardian_groups['naughtynesslimit']?$dansguardian_groups['naughtynesslimit']:"50"); + $dansguardian_groups['searchtermlimit']=($dansguardian_groups['searchtermlimit']?$dansguardian_groups['searchtermlimit']:"30"); + $dansguardian_groups['categorydisplaythreshold']=($dansguardian_groups['categorydisplaythreshold']?$dansguardian_groups['categorydisplaythreshold']:"0"); + $dansguardian_groups['embeddedurlweight']=($dansguardian_groups['embeddedurlweight']?$dansguardian_groups['embeddedurlweight']:"0"); + $dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0"); + $dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0"); + foreach ($groups as $group) + $dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off"); + include("/usr/local/pkg/dansguardianfx.conf.template"); + file_put_contents($dansguardian_dir."/dansguardianf".$count.".conf", $dgf, LOCK_EX); -#create dansguardian.conf - $dg=<<<EOF -# DansGuardian config file for version 2.12.0.0 - -# **NOTE** as of version 2.7.5 most of the list files are now in dansguardianf1.conf - - -# Web Access Denied Reporting (does not affect logging) -# -# -1 = log, but do not block - Stealth mode -# 0 = just say 'Access Denied' -# 1 = report why but not what denied phrase -# 2 = report fully -# 3 = use HTML template file (accessdeniedaddress ignored) - recommended -# -reportinglevel = {$reportlevel} - -# Language dir where languages are stored for internationalisation. -# The HTML template within this dir is only used when reportinglevel -# is set to 3. When used, DansGuardian will display the HTML file instead of -# using the perl cgi script. This option is faster, cleaner -# and easier to customise the access denied page. -# The language file is used no matter what setting however. -# -languagedir = '/usr/local/share/dansguardian/languages' - -# language to use from languagedir. -language = '{$reportlanguage}' - -# Logging Settings -# -# 0 = none 1 = just denied 2 = all text based 3 = all requests -loglevel = {$loglevel} - -# Log Exception Hits -# Log if an exception (user, ip, URL, phrase) is matched and so -# the page gets let through. Can be useful for diagnosing -# why a site gets through the filter. -# 0 = never log exceptions -# 1 = log exceptions, but do not explicitly mark them as such -# 2 = always log & mark exceptions (default) -logexceptionhits = {$logexceptionhits} - -# Log File Format -# 1 = DansGuardian format (space delimited) -# 2 = CSV-style format -# 3 = Squid Log File Format -# 4 = Tab delimited -logfileformat = {$logfileformat} - -# truncate large items in log lines -# 0 = no truncating (default) -#maxlogitemlength = 0 - -# anonymize logs (blank out usernames & IPs) -anonymizelogs = {$anonymizelogs} - - -# Syslog logging -# -# Use syslog for access logging instead of logging to the file -# at the defined or built-in "loglocation" -#logsyslog = off - -# Log file location -# -# Defines the log directory and filename. -#loglocation = '/var/log/access.log' - - -# Statistics log file location -# -# Defines the stat file directory and filename. -# Only used in conjunction with maxips > 0 -# Once every 3 minutes, the current number of IPs in the cache, and the most -# that have been in the cache since the daemon was started, are written to this -# file. IPs persist in the cache for 7 days. -#statlocation = '/var/log/stats' - - -# Network Settings -# -# the IP that DansGuardian listens on. If left blank DansGuardian will -# listen on all IPs. That would include all NICs, loopback, modem, etc. -# Normally you would have your firewall protecting this, but if you want -# you can limit it to a certain IP. To bind to multiple interfaces, -# specify each IP on an individual filterip line. -# You can have the same IP twice so long as it has a different port. -filterip = {$filterip} - -# the ports that DansGuardian listens to. Specify one line per filterip -# line. You can specify different authentication mechanisms per port but -# only if the mechanisms can co-exist (e.g. basic/proxy auth can't) -filterports = 8080 -#filterports = 8081 -{$filterports} - -# the ip of the proxy (default is the loopback - i.e. this server) -proxyip = 127.0.0.1 - -# the port DansGuardian connects to proxy on -proxyport = 3128 - -# Whether to retrieve the original destination IP in transparent proxy -# setups and check it against the domain pulled from the HTTP headers. -# -# Be aware that when visiting sites which use a certain type of round-robin -# DNS for load balancing, DG may mark requests as invalid unless DG gets -# exactly the same answers to its DNS requests as clients. The chances of -# this happening can be increased if all clients and servers on the same LAN -# make use of a local, caching DNS server instead of using upstream DNS -# directly. -# -# See http://www.kb.cert.org/vuls/id/435052 -# on (default) | off -#!! Not compiled !! originalip = on - -# accessdeniedaddress is the address of your web server to which the cgi -# dansguardian reporting script was copied. Only used in reporting levels 1 and 2. -# -# This webserver must be either: -# 1. Non-proxied. Either a machine on the local network, or listed as an exception -# in your browser's proxy configuration. -# 2. Added to the exceptionsitelist. Option 1 is preferable; this option is -# only for users using both transparent proxying and a non-local server -# to host this script. -# -# Individual filter groups can override this setting in their own configuration. -# -accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' - -# Non standard delimiter (only used with accessdeniedaddress) -# To help preserve the full banned URL, including parameters, the variables -# passed into the access denied CGI are separated using non-standard -# delimiters. This can be useful to ensure correct operation of the filter -# bypass modes. Parameters are split using "::" in place of "&", and "==" in -# place of "=". -# Default is enabled, but to go back to the standard mode, disable it. -nonstandarddelimiter = {$nonstandarddelimiter} - - - -# Banned image replacement -# Images that are banned due to domain/url/etc reasons including those -# in the adverts blacklists can be replaced by an image. This will, -# for example, hide images from advert sites and remove broken image -# icons from banned domains. -# on (default) | off -usecustombannedimage = {$usecustombannedimage} -custombannedimagefile = '/usr/local/share/dansguardian/transparent1x1.gif' - - -#Banned flash replacement -usecustombannedflash = {$usecustombannedflash} -custombannedflashfile = '/usr/local/share/dansguardian/blockedflash.swf' - - - -# Filter groups options -# filtergroups sets the number of filter groups. A filter group is a set of content -# filtering options you can apply to a group of users. The value must be 1 or more. -# DansGuardian will automatically look for dansguardianfN.conf where N is the filter -# group. To assign users to groups use the filtergroupslist option. All users default -# to filter group 1. You must have some sort of authentication to be able to map users -# to a group. The more filter groups the more copies of the lists will be in RAM so -# use as few as possible. -filtergroups = 1 -filtergroupslist = '/usr/local/etc/dansguardian/lists/filtergroupslist' - - - -# Authentication files location -bannediplist = '/usr/local/etc/dansguardian/lists/bannediplist' -exceptioniplist = '/usr/local/etc/dansguardian/lists/exceptioniplist' - -# Per-Room blocking definition directory -# A directory containing text files containing the room's name followed by IPs or ranges -# Think of it as bannediplist on crack -perroomblockingdirectory = '/usr/local/etc/dansguardian/lists/bannedrooms/' - -# Show weighted phrases found -# If enabled then the phrases found that made up the total which excedes -# the naughtyness limit will be logged and, if the reporting level is -# high enough, reported. on | off -showweightedfound = {$showweightedfound} - -# Weighted phrase mode -# There are 3 possible modes of operation: -# 0 = off = do not use the weighted phrase feature. -# 1 = on, normal = normal weighted phrase operation. -# 2 = on, singular = each weighted phrase found only counts once on a page. -# -# IMPORTANT: Note that setting this to "0" turns off all features which -# extract phrases from page content, including banned & exception -# phrases (not just weighted), search term filtering, and scanning for -# links to banned URLs. -# -weightedphrasemode = {$weightedphrasemode} - - - -# Positive (clean) result caching for URLs -# Caches good pages so they don't need to be scanned again. -# It also works with AV plugins. -# 0 = off (recommended for ISPs with users with disimilar browsing) -# 1000 = recommended for most users -# 5000 = suggested max upper limit -# If you're using an AV plugin then use at least 5000. -urlcachenumber = {$urlcachenumber} -# -# Age before they are stale and should be ignored in seconds -# 0 = never -# 900 = recommended = 15 mins -urlcacheage ={$urlcacheage} - - - -# Cache for content (AV) scan results as 'clean' -# By default, to save CPU, files scanned and found to be -# clean are inserted into the clean cache and NOT scanned -# again for a while. If you don't like this then choose -# to disable it. -# on = cache results; do not re-scan -# off = do not cache; always re-scan -# (on|off) default = on. -scancleancache = {$scancleancache} - - - -# Smart, Raw and Meta/Title phrase content filtering options -# Smart is where the multiple spaces and HTML are removed before phrase filtering -# Raw is where the raw HTML including meta tags are phrase filtered -# Meta/Title is where only meta and title tags are phrase filtered (v. quick) -# CPU usage can be effectively halved by using setting 0 or 1 compared to 2 -# 0 = raw only -# 1 = smart only -# 2 = both of the above (default) -# 3 = meta/title -phrasefiltermode = {$phrasefiltermode} - -# Lower casing options -# When a document is scanned the uppercase letters are converted to lower case -# in order to compare them with the phrases. However this can break Big5 and -# other 16-bit texts. If needed preserve the case. As of version 2.7.0 accented -# characters are supported. -# 0 = force lower case (default) -# 1 = do not change case -# 2 = scan first in lower case, then in original case -preservecase = {$preservecase} - -# Note: -# If phrasefiltermode and preserve case are both 2, this equates to 4 phrase -# filtering passes. If you have a large enough userbase for this to be a -# worry, and need to filter pages in exotic character encodings, it may be -# better to run two instances on separate servers: one with preservecase 1 -# (and possibly forcequicksearch 1) and non ASCII/UTF-8 phrase lists, and one -# with preservecase 0 and ASCII/UTF-8 lists. - - - -# Hex decoding options -# When a document is scanned it can optionally convert %XX to chars. -# If you find documents are getting past the phrase filtering due to encoding -# then enable. However this can break Big5 and other 16-bit texts. -# off = disabled (default) -# on = enabled -hexdecodecontent = {$hexdecodecontent} - - - -# Force Quick Search rather than DFA search algorithm -# The current DFA implementation is not totally 16-bit character compatible -# but is used by default as it handles large phrase lists much faster. -# If you wish to use a large number of 16-bit character phrases then -# enable this option. -# off (default) | on (Big5 compatible) -forcequicksearch = {$forcequicksearch} - - - -# Reverse lookups for banned site and URLs. -# If set to on, DansGuardian will look up the forward DNS for an IP URL -# address and search for both in the banned site and URL lists. This would -# prevent a user from simply entering the IP for a banned address. -# It will reduce searching speed somewhat so unless you have a local caching -# DNS server, leave it off and use the Blanket IP Block option in the -# bannedsitelist file instead. -reverseaddresslookups = {$reverseaddresslookups} - - - -# Reverse lookups for banned and exception IP lists. -# If set to on, DansGuardian will look up the forward DNS for the IP -# of the connecting computer. This means you can put in hostnames in -# the exceptioniplist and bannediplist. -# If a client computer is matched against an IP given in the lists, then the -# IP will be recorded in any log entries; if forward DNS is successful and a -# match occurs against a hostname, the hostname will be logged instead. -# It will reduce searching speed somewhat so unless you have a local DNS server, -# leave it off. -reverseclientiplookups = {$reverseclientiplookups} - - -# Perform reverse lookups on client IPs for successful requests. -# If set to on, DansGuardian will look up the forward DNS for the IP -# of the connecting computer, and log host names (where available) rather than -# IPs against requests. -# This is not dependent on reverseclientiplookups being enabled; however, if it -# is, enabling this option does not incur any additional forward DNS requests. -logclienthostnames = {$logclienthostnames} - - -# Build bannedsitelist and bannedurllist cache files. -# This will compare the date stamp of the list file with the date stamp of -# the cache file and will recreate as needed. -# If a .processed file exists for an item (e.g. domain/URL) list, then that -# will be used instead, if it is up to date (i.e. newer than the unprocessed -# list file). -# This can increase process start speed on slow computers. -# Fast computers do not need this option. -# on | off, default = on -createlistcachefiles = {$createlistcachefiles} - - -# Prefer cached list files -# If enabled, DansGuardian will always prefer to load ".processed" versions of -# list files, regardless of their time stamps relative to the original -# unprocessed lists. This is not generally useful unless you have a specific -# list update process which results in - for example - up-to-date, pre-sorted -# ".processed" list files with dummy unprocessed files. -# on | off, default = off -prefercachedlists = {$prefercachedlists} - - - -# POST protection (web upload and forms) -# does not block forms without any file upload, i.e. this is just for -# blocking or limiting uploads -# measured in kibibytes after MIME encoding and header bumph -# use 0 for a complete block -# use higher (e.g. 512 = 512Kbytes) for limiting -# use -1 for no blocking -#maxuploadsize = 512 -#maxuploadsize = 0 -maxuploadsize = {$maxuploadsize} - - - -# Max content filter size -# Sometimes web servers label binary files as text which can be very -# large which causes a huge drain on memory and cpu resources. -# To counter this, you can limit the size of the document to be -# filtered and get it to just pass it straight through. -# This setting also applies to content regular expression modification. -# The value must not be higher than maxcontentramcachescansize -# The size is in Kibibytes - eg 2048 = 2Mb -# use 0 to set it to maxcontentramcachescansize -maxcontentfiltersize = {$maxcontentfiltersize} - - - -# Max content ram cache scan size -# This is only used if you use a content scanner plugin such as AV -# This is the max size of file that DG will download and cache -# in RAM. After this limit is reached it will cache to disk -# This value must be less than or equal to maxcontentfilecachescansize. -# The size is in Kibibytes - eg 10240 = 10Mb -# use 0 to set it to maxcontentfilecachescansize -# This option may be ignored by the configured download manager. -maxcontentramcachescansize = {$maxcontentramcachescansize} - - - -# Max content file cache scan size -# This is only used if you use a content scanner plugin such as AV -# This is the max size file that DG will download -# so that it can be scanned or virus checked. -# This value must be greater or equal to maxcontentramcachescansize. -# The size is in Kibibytes - eg 10240 = 10Mb -maxcontentfilecachescansize = {$maxcontentfilecachescansize} - - - -# File cache dir -# Where DG will download files to be scanned if too large for the -# RAM cache. -filecachedir = '/tmp' - - - -# Delete file cache after user completes download -# When a file gets save to temp it stays there until it is deleted. -# You can choose to have the file deleted when the user makes a sucessful -# download. This will mean if they click on the link to download from -# the temp store a second time it will give a 404 error. -# You should configure something to delete old files in temp to stop it filling up. -# on|off (defaults to on) -deletedownloadedtempfiles = {$deletedownloadedtempfiles} - - - -# Initial Trickle delay -# This is the number of seconds a browser connection is left waiting -# before first being sent *something* to keep it alive. The -# *something* depends on the download manager chosen. -# Do not choose a value too low or normal web pages will be affected. -# A value between 20 and 110 would be sensible -# This may be ignored by the configured download manager. -initialtrickledelay = {$initialtrickledelay} - - - -# Trickle delay -# This is the number of seconds a browser connection is left waiting -# before being sent more *something* to keep it alive. The -# *something* depends on the download manager chosen. -# This may be ignored by the configured download manager. -trickledelay = {$trickledelay} - - - -# Download Managers -# These handle downloads of files to be filtered and scanned. -# They differ in the method they deal with large downloads. -# Files usually need to be downloaded 100% before they can be -# filtered and scanned before being sent on to the browser. -# Normally the browser can just wait, but with content scanning, -# for example to AV, the browser may timeout or the user may get -# confused so the download manager has to do some sort of -# 'keep alive'. -# -# There are various methods possible but not all are included. -# The author does not have the time to write them all so I have -# included a plugin systam. Also, not all methods work with all -# browsers and clients. Specifically some fancy methods don't -# work with software that downloads updates. To solve this, -# each plugin can support a regular expression for matching -# the client's user-agent string, and lists of the mime types -# and extensions it should manage. -# -# Note that these are the matching methods provided by the base plugin -# code, and individual plugins may override or add to them. -# See the individual plugin conf files for supported options. -# -# The plugins are matched in the order you specify and the last -# one is forced to match as the default, regardless of user agent -# and other matching mechanisms. -# -downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/fancy.conf' -##!! Not compiled !! downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/trickle.conf' -downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/default.conf' - - - -# Content Scanners (Also known as AV scanners) -# These are plugins that scan the content of all files your browser fetches -# for example to AV scan. The options are limitless. Eventually all of -# DansGuardian will be plugin based. You can have more than one content -# scanner. The plugins are run in the order you specify. -# This is one of the few places you can have multiple options of the same name. -# -# Some of the scanner(s) require 3rd party software and libraries eg clamav. -# See the individual plugin conf file for more options (if any). -# -#contentscanner = '/usr/local/etc/dansguardian/contentscanners/clamdscan.conf' -#!! Not compiled !! contentscanner = '/usr/local/etc/dansguardian/contentscanners/avastdscan.conf' -#!! Not compiled !! contentscanner = '/usr/local/etc/dansguardian/contentscanners/kavdscan.conf' -#contentscanner = '/usr/local/etc/dansguardian/contentscanners/icapscan.conf' -#!! Not compiled !! contentscanner = '/usr/local/etc/dansguardian/contentscanners/commandlinescan.conf' - - - -# Content scanner timeout -# Some of the content scanners support using a timeout value to stop -# processing (eg AV scanning) the file if it takes too long. -# If supported this will be used. -# The default of 60 seconds is probably reasonable. -contentscannertimeout = {$contentscannertimeout} - - - -# Content scan exceptions -# If 'on' exception sites, urls, users etc will be scanned -# This is probably not desirable behavour as exceptions are -# supposed to be trusted and will increase load. -# Correct use of grey lists are a better idea. -# (on|off) default = off -contentscanexceptions = {$contentscanexceptions} - - - -# Auth plugins -# These replace the usernameidmethod* options in previous versions. They -# handle the extraction of client usernames from various sources, such as -# Proxy-Authorisation headers and ident servers, enabling requests to be -# handled according to the settings of the user's filter group. -# Multiple plugins can be specified, and will be used per port in the order -# filterports are listed. -# -# If you do not use multiple filter groups, you need not specify this option. -# -#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-basic.conf' -#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-digest.conf' -#authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-ntlm.conf' -#authplugin = '/usr/local/etc/dansguardian/authplugins/ident.conf' -#authplugin = '/usr/local/etc/dansguardian/authplugins/ip.conf' - - - -# Re-check replaced URLs -# As a matter of course, URLs undergo regular expression search/replace (urlregexplist) -# *after* checking the exception site/URL/regexpURL lists, but *before* checking against -# the banned site/URL lists, allowing certain requests that would be matched against the -# latter in their original state to effectively be converted into grey requests. -# With this option enabled, the exception site/URL/regexpURL lists are also re-checked -# after replacement, making it possible for URL replacement to trigger exceptions based -# on them. -# Defaults to off. -recheckreplacedurls = {$recheckreplacedurls} - - - -# Misc settings - -# if on it adds an X-Forwarded-For: <clientip> to the HTTP request -# header. This may help solve some problem sites that need to know the -# source ip. on | off -forwardedfor = {$forwardedfor} - - -# if on it uses the X-Forwarded-For: <clientip> to determine the client -# IP. This is for when you have squid between the clients and DansGuardian. -# Warning - headers are easily spoofed. on | off -usexforwardedfor = {usexforwardedfor} - - -# if on it logs some debug info regarding fork()ing and accept()ing which -# can usually be ignored. These are logged by syslog. It is safe to leave -# it on or off -logconnectionhandlingerrors = {$logconnectionhandlingerrors} - - - -# Fork pool options - -# If on, this causes DG to write to the log file whenever child processes are -# created or destroyed (other than by crashes). This information can help in -# understanding and tuning the following parameters, but is not generally -# useful in production. -logchildprocesshandling = {$logchildprocesshandling} - -# sets the maximum number of processes to spawn to handle the incoming -# connections. Max value usually 250 depending on OS. -# On large sites you might want to try 180. -maxchildren = {$maxchildren} - - -# sets the minimum number of processes to spawn to handle the incoming connections. -# On large sites you might want to try 32. -minchildren = {$minchildren} - - -# sets the minimum number of processes to be kept ready to handle connections. -# On large sites you might want to try 8. -minsparechildren = {$minsparechildren} - - -# sets the minimum number of processes to spawn when it runs out -# On large sites you might want to try 10. -preforkchildren = {$preforkchildren} - - -# sets the maximum number of processes to have doing nothing. -# When this many are spare it will cull some of them. -# On large sites you might want to try 64. -maxsparechildren = {$maxsparechildren} - - -# sets the maximum age of a child process before it croaks it. -# This is the number of connections they handle before exiting. -# On large sites you might want to try 10000. -maxagechildren = {$maxagechildren} - - -# Sets the maximum number client IP addresses allowed to connect at once. -# Use this to set a hard limit on the number of users allowed to concurrently -# browse the web. Set to 0 for no limit, and to disable the IP cache process. -maxips = {$maxips} - - - -# Process options -# (Change these only if you really know what you are doing). -# These options allow you to run multiple instances of DansGuardian on a single machine. -# Remember to edit the log file path above also if that is your intention. - -# IPC filename -# -# Defines IPC server directory and filename used to communicate with the log process. -ipcfilename = '/tmp/.dguardianipc' - -# URL list IPC filename -# -# Defines URL list IPC server directory and filename used to communicate with the URL -# cache process. -urlipcfilename = '/tmp/.dguardianurlipc' - -# IP list IPC filename -# -# Defines IP list IPC server directory and filename, for communicating with the client -# IP cache process. -ipipcfilename = '/tmp/.dguardianipipc' - -# PID filename -# -# Defines process id directory and filename. -#pidfilename = '/var/run/dansguardian.pid' - -# Disable daemoning -# If enabled the process will not fork into the background. -# It is not usually advantageous to do this. -# on|off (defaults to off) -nodaemon = {$nodaemon} - -# Disable logging process -# on|off (defaults to off) -nologger = {$nologger} - -# Enable logging of "ADs" category blocks -# on|off (defaults to off) -logadblocks = {$logadblocks} - -# Enable logging of client User-Agent -# Some browsers will cause a *lot* of extra information on each line! -# on|off (defaults to off) -loguseragent = {$loguseragent} - -# Daemon runas user and group -# This is the user that DansGuardian runs as. Normally the user/group nobody. -# Uncomment to use. Defaults to the user set at compile time. -# Temp files created during virus scanning are given owner and group read -# permissions; to use content scanners based on external processes, such as -# clamdscan, the two processes must run with either the same group or user ID. -#daemonuser = 'nobody' -#daemongroup = 'nobody' - -# Soft restart -# When on this disables the forced killing off all processes in the process group. -# This is not to be confused with the -g run time option - they are not related. -# on|off (defaults to off) -softrestart = {softrestart} - -# Mail program -# Path (sendmail-compatible) email program, with options. -# Not used if usesmtp is disabled (filtergroup specific). -#!! Not compiled !!mailer = '/usr/sbin/sendmail -t' - -#SSL certificate checking path -#Path to CA certificates used to validate the certificates of https sites. -#sslcertificatepath = '/etc/ssl/certs/' - -#SSL man in the middle -#CA certificate path -#Path to the CA certificate to use as a signing certificate for -#generated certificates. -#cacertificatepath = '/home/stephen/dginstall/ca.pem' - -#CA private key path -#path to the private key that matches the public key in the CA certificate. -#caprivatekeypath = '/home/stephen/dginstall/ca.key' - -#Cert private key path -#The public / private key pair used by all generated certificates -#certprivatekeypath = '/home/stephen/dginstall/cert.key' - -#Generated cert path -#The location where generated certificates will be saved for future use. -#(must be writable by the dg user) -#generatedcertpath = '/home/stephen/dginstall/generatedcerts/' + if ($config['installedpackages']['dansguardianusers']['config'][0][$dansguardian_group_name]!=""){ + $import_users = explode("\n", base64_decode($config['installedpackages']['dansguardianusers']['config'][0][$dansguardian_group_name])); + asort($import_users); + $config['installedpackages']['dansguardianusers']['config'][0][$dansguardian_group_name]=base64_encode(implode("\n", $import_users)); + foreach ($import_users as $new_user){ + if (preg_match("/(\S+)\s+(\S+)/",$new_user,$matches)) + $filtergroupslist.=$matches[1]."=filter".$count." #".$matches[2]."\n"; + elseif (preg_match("/(\S+)/",$new_user,$matches)) + $filtergroupslist.=$matches[1]."=filter".$count."\n"; + } + } + $filtergroup_count=count($import_users); + #Default group catch all unauth groups as well non listed users + if($count > 1) + $user_xml .=<<<EOF + <field> + <name>{$dansguardian_groups['description']} ({$filtergroup_count})</name> + <type>listtopic</type> + </field> + <field> + <fieldname>{$dansguardian_group_name}</fieldname> + <fielddescr>{$dansguardian_groups['name']}</fielddescr> + <description><![CDATA[Include users for this group one per line<br>Hint:PFSENSE\marcelloc #Marcello Coutinho]]></description> + <type>textarea</type> + + <cols>80</cols><rows>12</rows> + <encoding>base64</encoding> + </field> +EOF; + + $count++; + } + #Create/update filtergroupslist + file_put_contents($dansguardian_dir."/lists/filtergroupslist",$filtergroupslist,LOCK_EX); + #Create/update userlist xml file + $user_xml_header=file_get_contents("/usr/local/pkg/dansguardian_users_header.xml"); + $user_xml_footer=file_get_contents("/usr/local/pkg/dansguardian_users_footer.xml"); + file_put_contents("/usr/local/pkg/dansguardian_users.xml",$user_xml_header.$user_xml.$user_xml_footer,LOCK_EX); + + #check blacklist download files + if ($dansguardian_blacklist['cron']=="now" && $dansguardian_blacklist['blacklist']){ + $config['installedpackages']['dansguardianblacklist']['config'][0]['cron']="never"; + log_error("Blacklist udpate process started"); + file_notice("Dansguardian - Blacklist udpate process started",""); + file_put_contents("/root/dansguardian_custom.script",base64_decode($dansguardian_blacklist['custom_script']),LOCK_EX); + if ($dansguardian_blacklist['enable_custom_script'] && $dansguardian_blacklist['custom_script'] != "") + mwexec_bg("/root/dansguardian_custom.script"); + else + mwexec_bg("/usr/local/bin/php /usr/local/www/dansguardian.php fetch_blacklist"); + mwexec_bg("/usr/local/bin/php /usr/local/www/dansguardian.php udpate_lists"); + } + + #get clamav user + $cconf="/usr/local/etc/clamd.conf"; + $cconf_file=file_get_contents($cconf); + if (preg_match("/User (\w+)/",$cconf_file,$matches)){ + $daemonuser = $matches[1]; + $daemongroup = 'nobody'; + } + else{ + $daemonuser = 'nobody'; + $daemongroup = 'nobody'; + } + $filtergroups=($count > 1?($count -1):1); + + $filterip=""; + $filterports=""; + foreach (explode(",", $dansguardian['interface']) as $i => $iface) { + $real_ifaces[] = dg_get_real_interface_address($iface); + if($real_ifaces[$i][0]) + $filterip .="filterip = ".$real_ifaces[$i][0]."\n"; + $filterports.="filterports = ".$filterport."\n"; + } + $filterip=($filterip==""?"filterip = ":$filterip); + $filterports=($filterports==""?"filterports = $filterport":$filterports); + include("/usr/local/pkg/dansguardian.conf.template"); -#Generated link path = '' -#The location where symlinks to certificates will be created. -#(must be writable by the dg user) -#generatedlinkpath = '/home/stephen/dginstall/generatedlinks/' -EOF; #write files conf_mount_rw(); - $mlang=strtolower($report['language']); - $mfiles[]="/usr/local/etc/dansguardian/virus.scanners.conf"; - $mfiles[]="/usr/local/share/dansguardian/reports/{$mlang}/inline.spam.warning.txt"; - $mfiles[]="/usr/local/share/dansguardian/reports/{$mlang}/languages.conf"; - - foreach ($mfiles as $mfile) - if (! file_exists ($mfile)) - copy($mfile.".sample",$mfile); - - write_config(); + #update file owner + mwexec("chown -R $daemonuser:$daemongroup /usr/loca/etc/dansguardian"); + mwexec("chown -R $daemonuser:$daemongroup /var/log/dansguardian"); - file_put_contents($dansguardian_dir."/dansguardian.conf", $mc, LOCK_EX); - file_put_contents($dansguardian_dir."/filename.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filename_rules']),LOCK_EX); - file_put_contents($dansguardian_dir."/filetype.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filetype_rules']),LOCK_EX); - file_put_contents($dansguardian_dir."/archives.filename.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filename_rules']),LOCK_EX); - file_put_contents($dansguardian_dir."/archives.filetype.rules.conf",dg_text_area_decode($config['installedpackages']['msattachments']['config'][0]['filetype_rules']),LOCK_EX); - file_put_contents($dansguardian_dir."/phishing.safe.sites.conf",dg_text_area_decode($config['installedpackages']['mscontent']['config'][0]['phishing_safe']),LOCK_EX); - file_put_contents($dansguardian_dir."/phishing.bad.sites.conf",dg_text_area_decode($config['installedpackages']['mscontent']['config'][0]['phishing_bad']),LOCK_EX); - file_put_contents($dansguardian_dir."/country.domains.conf",dg_text_area_decode($config['installedpackages']['mscontent']['config'][0]['country_domains']),LOCK_EX); - file_put_contents($dansguardian_dir.'/spam.assassin.prefs.conf',$sa_temp,LOCK_EX); - file_put_contents($dansguardian_dir.'/spam.lists.conf',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['rbl_file']),LOCK_EX); - file_put_contents($dansguardian_dir.'/mcp/mcp.spam.assassin.prefs.conf',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['mcp_pref_file']),LOCK_EX); - file_put_contents($dansguardian_dir.'/rules/bounce.rules',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['bounce']),LOCK_EX); - file_put_contents($dansguardian_dir.'/rules/max.message.size.rules',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['max_message_size']),LOCK_EX); - file_put_contents($dansguardian_dir.'/rules/spam.whitelist.rules',dg_text_area_decode($config['installedpackages']['msantispam']['config'][0]['spam_whitelist']),LOCK_EX); - - foreach ($report_files as $key_r => $file_r) - file_put_contents($report_dir.'/'.$file_r,dg_text_area_decode($config['installedpackages']['msreport']['config'][0][$key_r]),LOCK_EX); - - if ($alert['sig']){ - $sig_html=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['sig_html']); - $sig_txt=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['sig_txt']);} - else{ - $sig_html=""; - $sig_txt="";} - file_put_contents($report_dir.'/inline.sig.txt',$sig_txt,LOCK_EX); - file_put_contents($report_dir.'/inline.sig.html',$sig_html,LOCK_EX); - - if ($alert['warning']){ - $warning_html=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['warning_html']); - $warning_txt=dg_text_area_decode($config['installedpackages']['msalerts']['config'][0]['warning_txt']);} - else{ - $warning_html=""; - $warning_txt="";} - file_put_contents($report_dir.'/inline.warning.txt',$warning_txt,LOCK_EX); - file_put_contents($report_dir.'/inline.warning.html',$warning_html,LOCK_EX); + #create config files + file_put_contents($dansguardian_dir."/dansguardian.conf", $dg, LOCK_EX); #check virus_scanner options $libexec_dir="/usr/local/libexec/dansguardian/"; - if ($virus_scanning == "yes"){ - if ($antivirus['virus_scanner'] =="none"){ - unlink_if_exists($libexec_dir.'clamav-autoupdate'); - unlink_if_exists($libexec_dir.'clamav-wrapper'); - } - else{ - if (file_exists('/var/run/clamav/')) - chown('/var/run/clamav/', 'dansguardian'); - if (file_exists('/var/log/clamav/')) - chown('/var/log/clamav/', 'dansguardian'); - if (file_exists('/var/db/clamav/')) - chown('/var/db/clamav/', 'dansguardian'); - if (file_exists('/var/db/clamav/bytecode.cld')) - chown('/var/db/clamav/bytecode.cld', 'dansguardian'); - if (file_exists('/var/db/clamav/daily.cld')) - chown('/var/db/clamav/daily.cld', 'dansguardian'); - if (file_exists('/var/db/clamav/main.cvd')) - chown('/var/db/clamav/main.cvd', 'dansguardian'); - if (file_exists('/var/db/clamav/mirrors.dat')) - chown('/var/db/clamav/mirrors.dat', 'dansguardian'); - if (file_exists('/var/log/clamav/clamd.log')) - chown('/var/log/clamav/clamd.log', 'dansguardian'); - if (file_exists('/var/log/clamav/freshclam.log')) - chown('/var/log/clamav/freshclam.log', 'dansguardian'); + if (preg_match("/clamd/",$dansguardian_config['content_scanners'])){ - copy($libexec_dir.'clamav-autoupdate.sample',$libexec_dir.'clamav-autoupdate'); - chmod ($libexec_dir.'clamav-autoupdate',0755); - copy($libexec_dir.'clamav-wrapper.sample',$libexec_dir.'clamav-wrapper'); - chmod ($libexec_dir.'clamav-autoupdate',0755); - if (!file_exists('/var/db/clamav/main.cvd')){ - log_error('No clamav database found, running freshclam in background.'); - mwexec_bg('/usr/local/bin/freshclam'); - } - #clamav-wrapper file - $cconf=$libexec_dir."clamav-wrapper"; - $cconf_file=file_get_contents($cconf); - if (preg_match('/"clamav"/',$cconf_file)){ - $cconf_file=preg_replace('/"clamav"/','"dansguardian"',$cconf_file); - file_put_contents($cconf, $cconf_file, LOCK_EX); - } + if (!file_exists('/var/db/clamav/main.cvd')){ + log_error('No clamav database found for dansguardian, running freshclam in background.'); + mwexec_bg('/usr/local/bin/freshclam'); + } - #freshclam conf file - $cconf="/usr/local/etc/freshclam.conf"; + $match=array(); + $match[0]='/NO/'; + $replace=array(); + $replace[0]='YES'; + + #clamdscan.conf dansguardian file + $cconf="/usr/local/etc/dansguardian/contentscanners/clamdscan.conf"; $cconf_file=file_get_contents($cconf); - if (preg_match('/DatabaseOwner clamav/',$cconf_file)){ - $cconf_file=preg_replace("/DatabaseOwner clamav/","DatabaseOwner dansguardian",$cconf_file); - file_put_contents($cconf, $cconf_file, LOCK_EX); + if (!preg_match('/clamav/',$cconf_file)){ + file_put_contents($cconf, $cconf_file."\nclamdudsfile = '/var/run/clamav/clamd.sock'", LOCK_EX); } - + #clamd conf file $cconf="/usr/local/etc/clamd.conf"; $cconf_file=file_get_contents($cconf); - if (preg_match('/User clamav/',$cconf_file)){ - $cconf_file=preg_replace("/User clamav/","User dansguardian",$cconf_file); - file_put_contents($cconf, $cconf_file, LOCK_EX); - } - #clamd script file - $script='/usr/local/etc/rc.d/clamav-clamd'; - $script_file=file($script); - foreach ($script_file as $script_line){ - if(preg_match("/command=/",$script_line)){ - $new_clamav_startup.= "/bin/mkdir /var/run/clamav\n"; - $new_clamav_startup.= "chown dansguardian /var/run/clamav\n"; - $new_clamav_startup.=$script_line; + if (preg_match("/User (\w+)/",$cconf_file,$matches)){ + #clamd script file + $script='/usr/local/etc/rc.d/clamav-clamd'; + $script_file=file($script); + foreach ($script_file as $script_line){ + if(preg_match("/command=/",$script_line)){ + $new_clamav_startup.= "/bin/mkdir /var/run/clamav\n"; + $new_clamav_startup.= "chown ".$matches[1]." /var/run/clamav\n"; + $new_clamav_startup.=$script_line; + } + elseif(!preg_match("/(mkdir|chown|sleep|mailscanner)/",$script_line)) { + $new_clamav_startup.=preg_replace("/NO/","YES",$script_line); + } } - elseif(!preg_match("/(mkdir|chown|sleep|dansguardian)/",$script_line)) { - $new_clamav_startup.=preg_replace("/NO/","YES",$script_line); - } - } - file_put_contents($script, $new_clamav_startup, LOCK_EX); - chmod ($script,0755); - mwexec("$script stop"); - mwexec_bg("$script start"); - } - } - else{ - unlink_if_exists($libexec_dir.'clamav-autoupdate'); - unlink_if_exists($libexec_dir.'clamav-wrapper'); - } - - #check dcc startup script - $script='/usr/local/etc/rc.d/dccifd'; - $script_file=file_get_contents($script); - if (preg_match('/NO/',$script_file)){ - $script_file=preg_replace("/NO/","YES",$script_file); - file_put_contents($script, $script_file, LOCK_EX); + file_put_contents($script, $new_clamav_startup, LOCK_EX); chmod ($script,0755); - } - #check dcc config file - $script='/usr/local/dcc/dcc_conf'; - $script_file=file_get_contents($script); - if (preg_match('/DCCIFD_ENABLE=off/',$script_file)){ - $script_file=preg_replace("/DCCIFD_ENABLE=off/","DCCIFD_ENABLE=on",$script_file); - file_put_contents($script, $script_file, LOCK_EX); - } - mwexec("$script stop"); - mwexec_bg("$script start"); - - $script='/usr/local/etc/rc.d/dansguardian'; + mwexec("$script stop"); + unlink_if_exists("/tmp/.dguardianipc"); + unlink_if_exists("/tmp/.dguardianurlipc"); + mwexec_bg("$script start"); + } + } - #fix MIME::ToolUtils deprecated function and usecure dependency calls in /usr/local/sbin/dansguardian - $cconf="/usr/local/sbin/dansguardian"; - $cconf_file=file_get_contents($cconf); - $pattern2[0]='/perl\W+I/'; - $pattern2[1]='/\smy .current = config MIME::ToolUtils/'; - $replacement2[0]='perl -U -I'; - $replacement2[1]=' #my $current = config MIME::ToolUtils'; - if (preg_match('/perl\W+I/',$cconf_file)){ - $cconf_file=preg_replace($pattern2,$replacement2,$cconf_file); - file_put_contents($cconf, $cconf_file, LOCK_EX); - #force old process stop - mwexec("$script stop"); - } - - $script_file=file_get_contents($script); - if (preg_match('/NO/',$script_file)){ - $script_file=preg_replace("/NO/","YES",$script_file); - file_put_contents($script, $script_file, LOCK_EX); - chmod ($script,0755); - } + $dirs=array('/usr/local/etc/dansguardian/lists/bannedrooms/', + '/var/log/dansguardian'); + foreach ($dirs as $dir) + if (!is_dir($dir)) + mkdir ($dir,0755,true); + + $script='/usr/local/etc/rc.d/dansguardian'; if($config['installedpackages']['dansguardian']['config'][0]['enable']){ - log_error("Reload dansguardian"); + $script_file=file_get_contents($script); + if (preg_match('/NO/',$script_file)){ + $script_file=preg_replace("/NO/","YES",$script_file); + file_put_contents($script, $script_file, LOCK_EX); + } chmod ($script,0755); - mwexec("$script stop"); - sleep(2); - mwexec_bg("$script start"); + mwexec("$script stop"); + mwexec_bg("$script start"); } else{ - log_error("Stopping dansguardian if running"); mwexec("$script stop"); - chmod ($script,0444); + chmod ($script,0444); } + + if (!file_exists('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8')) + file_put_contents('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8',"",LOCK_EX); + conf_mount_ro(); $synconchanges = $config['installedpackages']['dansguardiansync']['config'][0]['synconchanges']; if(!$synconchanges && !$syncondbchanges) @@ -1124,17 +770,10 @@ EOF; function dansguardian_validate_input($post, &$input_errors) { foreach ($post as $key => $value) { - if (empty($value)) - continue; - if (substr($key, 0, 6) == "domain" && is_numeric(substr($key, 6))) { - if (!is_domain($value)) - $input_errors[] = "{$value} is not a valid domain name."; - } else if (substr($key, 0, 12) == "mailserverip" && is_numeric(substr($key, 12))) { - if (empty($post['domain' . substr($key, 12)])) - $input_errors[] = "Domain for {$value} cannot be blank."; - if (!is_ipaddr($value) && !is_hostname($value)) - $input_errors[] = "{$value} is not a valid IP address or host name."; - } + if ($key == "name" && $value == "") + $input_errors[] = "{$key} could not be empty."; + else if ($key == "name" && $value=="sample") + $input_errors[] = "{$value} cannot be used as name."; } } @@ -1146,7 +785,7 @@ function dansguardian_php_deinstall_command() { mwexec("/usr/local/etc/rc.d/dansguardian.sh stop"); sleep(1); conf_mount_rw(); - unlink_if_exists("/usr/local/etc/rc.d/dansguardian.sh"); + unlink_if_exists("/usr/local/etc/rc.d/dansguardian"); conf_mount_ro(); } @@ -1180,12 +819,22 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { if ($sync_xml){ log_error("Include dansguardian config"); $xml['dansguardian'] = $config['installedpackages']['dansguardian']; - $xml['msreport'] = $config['installedpackages']['msreport']; - $xml['mscontent'] = $config['installedpackages']['mscontent']; - $xml['msantivirus'] = $config['installedpackages']['msantivirus']; - $xml['msantispam'] = $config['installedpackages']['msantispam']; - $xml['msalerts'] = $config['installedpackages']['msalerts']; - } + $xml['dansguardianantivirusacl'] = $config['installedpackages']['dansguardianantivirusacl']; + $xml['dansguardianconfig'] = $config['installedpackages']['dansguardianconfig']; + $xml['dansguardiancontentacl'] = $config['installedpackages']['dansguardiancontentacl']; + $xml['dansguardianfileacl'] = $config['installedpackages']['dansguardianfileacl']; + $xml['dansguardiangroups'] = $config['installedpackages']['dansguardiangroups']; + $xml['dansguardianheaderacl'] = $config['installedpackages']['dansguardianheaderacl']; + $xml['dansguardianlimits'] = $config['installedpackages']['dansguardianlimits']; + $xml['dansguardianlog'] = $config['installedpackages']['dansguardianlog']; + $xml['dansguardianphraseacl'] = $config['installedpackages']['dansguardianphraseacl']; + $xml['dansguardianpicsacl'] = $config['installedpackages']['dansguardianpicsacl']; + $xml['dansguardiansearchacl'] = $config['installedpackages']['dansguardiansearchacl']; + $xml['dansguardiansiteacl'] = $config['installedpackages']['dansguardiansiteacl']; + $xml['dansguardianurlacl'] = $config['installedpackages']['dansguardianurlacl']; + $xml['dansguardianusers'] = $config['installedpackages']['dansguardianusers']; + + } if (count($xml) > 0){ /* assemble xmlrpc payload */ $params = array( |