aboutsummaryrefslogtreecommitdiffstats
path: root/config/dansguardian
diff options
context:
space:
mode:
authormarcelloc <marcellocoutinho@gmail.com>2012-02-15 02:04:50 -0200
committermarcelloc <marcellocoutinho@gmail.com>2012-02-15 02:04:50 -0200
commit7c48df32d96480318c75273fb292a2ed8822f508 (patch)
tree8fc229ad2e0798808f9a5a90422343d0f195836a /config/dansguardian
parent1eedb7b88b530e602866051c952bc2ccbd46a2b3 (diff)
downloadpfsense-packages-7c48df32d96480318c75273fb292a2ed8822f508.tar.gz
pfsense-packages-7c48df32d96480318c75273fb292a2ed8822f508.tar.bz2
pfsense-packages-7c48df32d96480318c75273fb292a2ed8822f508.zip
dansguardian - include ssl filtering code on inc file
thanks again ermal to help on package compilation
Diffstat (limited to 'config/dansguardian')
-rwxr-xr-xconfig/dansguardian/dansguardian.conf.template7
-rwxr-xr-xconfig/dansguardian/dansguardian.inc27
-rw-r--r--config/dansguardian/dansguardianfx.conf.template1
3 files changed, 32 insertions, 3 deletions
diff --git a/config/dansguardian/dansguardian.conf.template b/config/dansguardian/dansguardian.conf.template
index 993ea72e..5bee053e 100755
--- a/config/dansguardian/dansguardian.conf.template
+++ b/config/dansguardian/dansguardian.conf.template
@@ -680,7 +680,7 @@ softrestart = {$softrestart}
#SSL certificate checking path
#Path to CA certificates used to validate the certificates of https sites.
-#sslcertificatepath = '/etc/ssl/certs/'
+sslcertificatepath = '/etc/ssl/certs/'
#SSL man in the middle
#CA certificate path
@@ -703,11 +703,12 @@ softrestart = {$softrestart}
#The location where generated certificates will be saved for future use.
#(must be writable by the dg user)
#generatedcertpath = '/home/stephen/dginstall/generatedcerts/'
-
+{$generatedcertpath}
#Generated link path = ''
#The location where symlinks to certificates will be created.
#(must be writable by the dg user)
#generatedlinkpath = '/home/stephen/dginstall/generatedlinks/'
-
+{$generatedlinkpath}
+
EOF;
?>
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
index 3708e98c..6c6d6e93 100755
--- a/config/dansguardian/dansguardian.inc
+++ b/config/dansguardian/dansguardian.inc
@@ -214,6 +214,32 @@ function sync_package_dansguardian() {
$load_samples=0;
+ #ssl men-in-the-middle feature
+ $dirs=array($dansguardian_dir."/ssl",$dansguardian_dir."/ssl/generatedcerts",$dansguardian_dir."/ssl/generatedlinks");
+ foreach ($dirs as $dir)
+ if (!is_dir($dir))
+ mkdir ($dir,0700,true);
+ $ca_cert = lookup_ca($dansguardian_config["ca"][0]);
+ if ($ca_cert != false) {
+ if(base64_decode($ca_cert['prv'])) {
+ file_put_contents($dansguardian_dir. "/ssl/ssl_ca_key.pem",base64_decode($ca_cert['prv']));
+ $ca_pk = "caprivatekeypath = ".$dansguardian_dir . "/ssl/ssl_ca_key.pem";
+ }
+ if(base64_decode($ca_cert['crt'])) {
+ file_put_contents($dansguardian_dir . "/ssl/ssl_ca_cert.pem",base64_decode($ca_cert['crt']));
+ $ca_pem = "cacertificatepath = ".$dansguardian_dir . "/ssl/ssl_ca_cert.pem";
+ $generatedcertpath= "generatedcertpath = ".$dansguardian_dir . "/ssl/generatedcerts";
+ $generatedlinkpath= "generatedlinkpath = ".$dansguardian_dir . "/ssl/generatedlinks";
+ }
+ $svr_cert = lookup_cert($dansguardian_config["cert"][0]);
+ if ($svr_cert != false) {
+ if(base64_decode($svr_cert['prv'])) {
+ file_put_contents($dansguardian_dir . "/ssl/ssl_server_key.pem",base64_decode($svr_cert['prv'])."\n".base64_decode($svr_cert['crt']));
+ $cert_key = "certprivatekeypath = ".$dansguardian_dir . '/ssl/ssl_server_key.pem';
+ }
+ }
+ }
+
#contentscanners preg_replace patterns
$match[0]="/(conf)/";
$match[1]="/(\/usr.local)/";
@@ -626,6 +652,7 @@ function sync_package_dansguardian() {
$dansguardian_groups['embeddedurlweight']=($dansguardian_groups['embeddedurlweight']?$dansguardian_groups['embeddedurlweight']:"0");
$dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0");
$dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0");
+ $dansguardian_groups['mitmkey']=($dansguardian_groups['mitmkey']?$dansguardian_groups['mitmkey']:"dgs3dD3da");
foreach ($groups as $group)
$dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off");
include("/usr/local/pkg/dansguardianfx.conf.template");
diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template
index cb811e21..d420871f 100644
--- a/config/dansguardian/dansguardianfx.conf.template
+++ b/config/dansguardian/dansguardianfx.conf.template
@@ -376,6 +376,7 @@ sslcertcheck = {$dansguardian_groups['sslcertcheck']}
# Forge ssl certificates for all sites, decrypt the data then re encrypt it
# using a different private key. Used to filter ssl sites
sslmitm = {$dansguardian_groups['sslmitm']}
+mitmkey = '{$dansguardian_groups['mitmkey']}'
EOF;