diff options
author | marcelloc <marcellocoutinho@gmail.com> | 2012-02-15 02:04:50 -0200 |
---|---|---|
committer | marcelloc <marcellocoutinho@gmail.com> | 2012-02-15 02:04:50 -0200 |
commit | 7c48df32d96480318c75273fb292a2ed8822f508 (patch) | |
tree | 8fc229ad2e0798808f9a5a90422343d0f195836a /config/dansguardian | |
parent | 1eedb7b88b530e602866051c952bc2ccbd46a2b3 (diff) | |
download | pfsense-packages-7c48df32d96480318c75273fb292a2ed8822f508.tar.gz pfsense-packages-7c48df32d96480318c75273fb292a2ed8822f508.tar.bz2 pfsense-packages-7c48df32d96480318c75273fb292a2ed8822f508.zip |
dansguardian - include ssl filtering code on inc file
thanks again ermal to help on package compilation
Diffstat (limited to 'config/dansguardian')
-rwxr-xr-x | config/dansguardian/dansguardian.conf.template | 7 | ||||
-rwxr-xr-x | config/dansguardian/dansguardian.inc | 27 | ||||
-rw-r--r-- | config/dansguardian/dansguardianfx.conf.template | 1 |
3 files changed, 32 insertions, 3 deletions
diff --git a/config/dansguardian/dansguardian.conf.template b/config/dansguardian/dansguardian.conf.template index 993ea72e..5bee053e 100755 --- a/config/dansguardian/dansguardian.conf.template +++ b/config/dansguardian/dansguardian.conf.template @@ -680,7 +680,7 @@ softrestart = {$softrestart} #SSL certificate checking path #Path to CA certificates used to validate the certificates of https sites. -#sslcertificatepath = '/etc/ssl/certs/' +sslcertificatepath = '/etc/ssl/certs/' #SSL man in the middle #CA certificate path @@ -703,11 +703,12 @@ softrestart = {$softrestart} #The location where generated certificates will be saved for future use. #(must be writable by the dg user) #generatedcertpath = '/home/stephen/dginstall/generatedcerts/' - +{$generatedcertpath} #Generated link path = '' #The location where symlinks to certificates will be created. #(must be writable by the dg user) #generatedlinkpath = '/home/stephen/dginstall/generatedlinks/' - +{$generatedlinkpath} + EOF; ?> diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index 3708e98c..6c6d6e93 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -214,6 +214,32 @@ function sync_package_dansguardian() { $load_samples=0; + #ssl men-in-the-middle feature + $dirs=array($dansguardian_dir."/ssl",$dansguardian_dir."/ssl/generatedcerts",$dansguardian_dir."/ssl/generatedlinks"); + foreach ($dirs as $dir) + if (!is_dir($dir)) + mkdir ($dir,0700,true); + $ca_cert = lookup_ca($dansguardian_config["ca"][0]); + if ($ca_cert != false) { + if(base64_decode($ca_cert['prv'])) { + file_put_contents($dansguardian_dir. "/ssl/ssl_ca_key.pem",base64_decode($ca_cert['prv'])); + $ca_pk = "caprivatekeypath = ".$dansguardian_dir . "/ssl/ssl_ca_key.pem"; + } + if(base64_decode($ca_cert['crt'])) { + file_put_contents($dansguardian_dir . "/ssl/ssl_ca_cert.pem",base64_decode($ca_cert['crt'])); + $ca_pem = "cacertificatepath = ".$dansguardian_dir . "/ssl/ssl_ca_cert.pem"; + $generatedcertpath= "generatedcertpath = ".$dansguardian_dir . "/ssl/generatedcerts"; + $generatedlinkpath= "generatedlinkpath = ".$dansguardian_dir . "/ssl/generatedlinks"; + } + $svr_cert = lookup_cert($dansguardian_config["cert"][0]); + if ($svr_cert != false) { + if(base64_decode($svr_cert['prv'])) { + file_put_contents($dansguardian_dir . "/ssl/ssl_server_key.pem",base64_decode($svr_cert['prv'])."\n".base64_decode($svr_cert['crt'])); + $cert_key = "certprivatekeypath = ".$dansguardian_dir . '/ssl/ssl_server_key.pem'; + } + } + } + #contentscanners preg_replace patterns $match[0]="/(conf)/"; $match[1]="/(\/usr.local)/"; @@ -626,6 +652,7 @@ function sync_package_dansguardian() { $dansguardian_groups['embeddedurlweight']=($dansguardian_groups['embeddedurlweight']?$dansguardian_groups['embeddedurlweight']:"0"); $dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0"); $dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0"); + $dansguardian_groups['mitmkey']=($dansguardian_groups['mitmkey']?$dansguardian_groups['mitmkey']:"dgs3dD3da"); foreach ($groups as $group) $dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off"); include("/usr/local/pkg/dansguardianfx.conf.template"); diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template index cb811e21..d420871f 100644 --- a/config/dansguardian/dansguardianfx.conf.template +++ b/config/dansguardian/dansguardianfx.conf.template @@ -376,6 +376,7 @@ sslcertcheck = {$dansguardian_groups['sslcertcheck']} # Forge ssl certificates for all sites, decrypt the data then re encrypt it # using a different private key. Used to filter ssl sites sslmitm = {$dansguardian_groups['sslmitm']} +mitmkey = '{$dansguardian_groups['mitmkey']}' EOF; |