aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorMarcello Coutinho <marcellocoutinho@gmail.com>2013-01-29 23:34:41 -0200
committermarcelloc <marcellocoutinho@gmail.com>2013-01-29 23:34:41 -0200
commit29082e26be672d86277bf211a3187d6b6e6e355c (patch)
treed5666c2fddcf6f42e5cc0b22c8be7b77085c36e4 /config
parent5d3183341f3289c5a7d70a1f584e5e6b5364736b (diff)
downloadpfsense-packages-29082e26be672d86277bf211a3187d6b6e6e355c.tar.gz
pfsense-packages-29082e26be672d86277bf211a3187d6b6e6e355c.tar.bz2
pfsense-packages-29082e26be672d86277bf211a3187d6b6e6e355c.zip
dansguardian - add more dir and pfsense version checks
Diffstat (limited to 'config')
-rwxr-xr-xconfig/dansguardian/dansguardian.inc28
-rwxr-xr-xconfig/dansguardian/dansguardian_groups.xml3
-rw-r--r--config/dansguardian/dansguardianfx.conf.template2
3 files changed, 23 insertions, 10 deletions
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc
index ae2b3264..5f06b75a 100755
--- a/config/dansguardian/dansguardian.inc
+++ b/config/dansguardian/dansguardian.inc
@@ -301,14 +301,14 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
exec("/usr/bin/openssl x509 -hash -noout -in /etc/ssl/demoCA/cacert.pem",$cert_hash);
file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",base64_decode($ca_cert['crt']));
$ca_pem = "cacertificatepath = '/etc/ssl/demoCA/cacert.pem'";
- $generatedcertpath= "generatedcertpath = '/etc/ssl/demoCA/certs/'";
+ $generatedcertpath= "generatedcertpath = '".$dansguardian_dir."/ssl/generatedcerts'";
#generatedcertpath = ".$dansguardian_dir . "/ssl/generatedcerts";
$generatedlinkpath= "generatedlinkpath = '".$dansguardian_dir . "/ssl/generatedlinks'";
}
$svr_cert = lookup_cert($dansguardian_config["dcert"]);
if ($svr_cert != false) {
if(base64_decode($svr_cert['prv'])) {
- file_put_contents("/etc/ssl/demoCA/private/serverkey.pem",base64_decode($svr_cert['prv']));
+ file_put_contents("/etc/ssl/demoCA/private/serverkey.pem",base64_decode($svr_cert['prv']).base64_decode($svr_cert['crt']));
$cert_key = "certprivatekeypath = '/etc/ssl/demoCA/private/serverkey.pem' ";
}
}
@@ -721,7 +721,7 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
'mode'=> "1",
'report_level'=>"global");
- $groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcertcheck","sslmitm");
+ $groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan");
#loop on array
$count=1;
$user_xml="";
@@ -737,7 +737,6 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
$dansguardian_groups['embeddedurlweight']=($dansguardian_groups['embeddedurlweight']?$dansguardian_groups['embeddedurlweight']:"0");
$dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0");
$dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0");
- $dansguardian_groups['mitmkey']=($dansguardian_groups['mitmkey']?$dansguardian_groups['mitmkey']:"dgs3dD3da");
switch ($dansguardian_groups['reportinglevel']){
case "1":
case "2":
@@ -761,8 +760,18 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) {
$groupaccessdeniedaddress="";
}
- foreach ($groups as $group)
+ foreach ($groups as $group){
$dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off");
+ }
+ if (preg_match("/sslmitm/",$dansguardian_groups['group_options'])){
+ $dansguardian_groups['mitmkey']="mitmkey = '".substr(md5(rand(100000000,999999999)),1,9)."'";
+ $dansguardian_groups["sslmitm"]="on";
+ $dansguardian_groups["sslcertcheck"]="on";
+ }
+ else{
+ $dansguardian_groups["sslmitm"]="off";
+ $dansguardian_groups["sslcertcheck"]="off";
+ }
#create group list files
$lists=array("phraseacl" => array("bannedphrase","weightedphrase","exceptionphrase"),
"siteacl" => array("bannedsite","greysite","exceptionsite","exceptionfilesite","logsite"),
@@ -939,6 +948,7 @@ EOF;
$cconf= DANSGUARDIAN_DIR. "/etc/clamd.conf";
$cconf_file=file_get_contents($cconf);
if (preg_match("/User (\w+)/",$cconf_file,$matches)){
+ mwexec("/usr/sbin/pw user show {$matches[1]} || /usr/sbin/pw user add -n {$matches[1]} -s /usr/sbin/nologin");
$daemonuser = $matches[1];
$daemongroup = 'nobody';
}
@@ -1103,8 +1113,8 @@ EOF;
if (!(file_exists('/var/db/clamav/main.cvd')||file_exists('/var/db/clamav/main.cld'))){
file_notice("Dansguardian - No antivirus database found for clamav, running freshclam in background.","");
- log_error('No antivirus database found for clamav, running freshclam in background.');
- mwexec_bg(DANSGUARDIAN_DIR.'/bin/freshclam');
+ log_error('No antivirus database found for clamav, running freshclam in background. Content-scanner may not work until freshclam finishes.');
+ mwexec_bg(DANSGUARDIAN_DIR.'/bin/freshclam && /usr/local/etc/rc.d/clamav-clamd');
}
$match=array();
@@ -1130,12 +1140,16 @@ EOF;
foreach ($script_file as $script_line){
if(preg_match("/command=/",$script_line)){
$new_clamav_startup.= 'if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi'."\n";
+ $new_clamav_startup.= 'if [ ! -d /var/db/clamav ];then /bin/mkdir /var/db/clamav;fi'."\n";
+ $new_clamav_startup.= 'if [ ! -d /var/log/clamav ];then /bin/mkdir -p /var/log/clamav;fi'."\n";
$new_clamav_startup.= "chown -R ".$matches[1]." /var/run/clamav\n";
+ $new_clamav_startup.= "chown -R ".$matches[1]." /var/db/clamav\n";
$new_clamav_startup.= "chown -R ".$matches[1]." /var/log/clamav\n";
$new_clamav_startup.=$script_line;
}
elseif(!preg_match("/(mkdir|chown|sleep|mailscanner)/",$script_line)) {
$new_clamav_startup.=preg_replace("/NO/","YES",$script_line);
+ $new_clamav_startup.=preg_replace("@/usr/local@",DANSGUARDIAN_DIR,$script_line);
}
}
file_put_contents($script, $new_clamav_startup, LOCK_EX);
diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml
index 031ae88b..188b6d86 100755
--- a/config/dansguardian/dansguardian_groups.xml
+++ b/config/dansguardian/dansguardian_groups.xml
@@ -150,11 +150,10 @@
<option><name>Enable Deep URL Analysis (off)</name><value>deepurlanalysis</value></option>
<option><name>Infection/Scan Error Bypass on Scan Errors Only (on)</name><value>infectionbypasserrorsonly</value></option>
<option><name>Disable content scanning (off)</name><value>disablecontentscan</value></option>
- <option><name>Check servers ssl certificates (off)</name><value>sslcertcheck</value></option>
<option><name>Filter ssl sites forging SSL Certificates (off)</name><value>sslmitm</value></option>
</options>
<multiple/>
- <size>10</size>
+ <size>9</size>
</field>
<field>
<fielddescr>Pics</fielddescr>
diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template
index f5296622..719c0c48 100644
--- a/config/dansguardian/dansguardianfx.conf.template
+++ b/config/dansguardian/dansguardianfx.conf.template
@@ -376,7 +376,7 @@ sslcertcheck = {$dansguardian_groups['sslcertcheck']}
# Forge ssl certificates for all sites, decrypt the data then re encrypt it
# using a different private key. Used to filter ssl sites
sslmitm = {$dansguardian_groups['sslmitm']}
-#mitmkey = '{$dansguardian_groups['mitmkey']}'
+{$dansguardian_groups['mitmkey']}
EOF;