diff options
59 files changed, 1325 insertions, 299 deletions
diff --git a/config/apache_mod_security/apache_mod_security.xml b/config/apache_mod_security/apache_mod_security.xml index ada5a29c..b2162803 100644 --- a/config/apache_mod_security/apache_mod_security.xml +++ b/config/apache_mod_security/apache_mod_security.xml @@ -221,6 +221,7 @@ <name>apache_mod_security</name> <rcfile>/usr/local/etc/rc.d/apache_mod_security.sh</rcfile> <executable>httpd</executable> + <description>HTTP Daemon with mod_security</description> </service> <custom_php_resync_config_command> apache_mod_security_resync(); diff --git a/config/avahi/avahi.xml b/config/avahi/avahi.xml index 46f1293b..ef4fd961 100644 --- a/config/avahi/avahi.xml +++ b/config/avahi/avahi.xml @@ -47,6 +47,7 @@ <name>avahi</name> <rcfile>avahi-daemon.sh</rcfile> <executable>avahi-daemon</executable> + <description>Avahi zeroconf/mDNS daemon</description> </service> <fields> <field> diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc index 829cdf59..1220e033 100644 --- a/config/bandwidthd/bandwidthd.inc +++ b/config/bandwidthd/bandwidthd.inc @@ -66,39 +66,60 @@ function bandwidthd_install_config() { /* user defined values */ $bandwidthd_config = $config['installedpackages']['bandwidthd']['config'][0]; $meta_refresh = $bandwidthd_config['meta_refresh']; - if($meta_refresh) + if ($meta_refresh) $meta_refresh = "meta_refresh $meta_refresh\n"; $graph = $bandwidthd_config['drawgraphs']; - if($graph) + if ($graph) $graph = "graph true\n"; else $graph = "graph false\n"; $filter_text = $bandwidthd_config['filter']; - if($filter_text) + if ($filter_text) $filter_text = "filter $filter_text\n"; $recover_cdf = $bandwidthd_config['recovercdf']; - if($recover_cdf) + if ($recover_cdf) $recover_cdf = "recover_cdf true\n"; $output_cdf = $bandwidthd_config['outputcdf']; - if($output_cdf) + if ($output_cdf) $output_cdf_string = "output_cdf true\n"; else $output_cdf_string = ""; + + $output_postgresql = $bandwidthd_config['outputpostgresql']; + $postgresql_host = $bandwidthd_config['postgresqlhost']; + $postgresql_database = $bandwidthd_config['postgresqldatabase']; + $postgresql_username = $bandwidthd_config['postgresqlusername']; + $postgresql_password = $bandwidthd_config['postgresqlpassword']; + $postgresql_string = ""; + if ($output_postgresql) { + if ($postgresql_host && $postgresql_username && $postgresql_database && $postgresql_password) + $postgresql_string = "pgsql_connect_string \"user = $postgresql_username dbname = $postgresql_database password = $postgresql_password host = $postgresql_host\"\n"; + else + log_error("You have to specify the postgreSQL Host, Database, Username and Password. Exiting."); + } + + $sensor_id = $bandwidthd_config['sensorid']; + + if ($sensor_id) + $sensor_id_string = "sensor_id \"$sensor_id\""; + else + $sensor_id_string = ""; + $promiscuous = $bandwidthd_config['promiscuous']; - if($promiscuous) + if ($promiscuous) $promiscuous = "promiscuous true\n"; else $promiscuous = "promiscuous false\n"; $graph_cutoff = $bandwidthd_config['graphcutoff']; - if($graph_cutoff) + if ($graph_cutoff) $graph_cutoff = "graph_cutoff $graph_cutoff\n"; $skip_intervals = $bandwidthd_config['skipintervals']; - if($skip_intervals) + if ($skip_intervals) $skip_intervals = "skip_intervals $skip_intervals\n"; - if($bandwidthd_config['active_interface']){ + if ($bandwidthd_config['active_interface']){ $ifdescrs = array($bandwidthd_config['active_interface']); } else { log_error("You should specify an interface for bandwidthd to listen on. Exiting."); @@ -112,25 +133,34 @@ function bandwidthd_install_config() { //for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { //$ifdescrs['opt' . $j] = "opt" . $j; //} - if(is_array($ifdescrs)) { - foreach($ifdescrs as $int) { + if (is_array($ifdescrs)) { + foreach ($ifdescrs as $int) { /* calculate interface subnet information */ $ifcfg = $config['interfaces'][$int]; $subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']); $subnetmask = gen_subnet_mask($ifcfg['subnet']); - if($subnet == "pppoe") { + $subnet_with_mask = ""; + if ($subnet == "pppoe") { $subnet = find_interface_ip("ng0"); - if($subnet) - $subnets .= "subnet {$subnet}/32\n"; + if ($subnet) { + $subnet_with_mask = $subnet . "/32"; + } } else { - if($subnet) - $subnets .= "subnet {$subnet}/{$ifcfg['subnet']}\n"; + if ($subnet) { + $subnet_with_mask = $subnet . "/" . $ifcfg['subnet']; + } + } + if (!empty($subnet_with_mask)) { + /* Only add the subnet if the user has not specified it in the custom subnets. */ + /* This avoids generating an unnecessary syntax error message from the config. */ + if (!in_array($subnet_with_mask, $subnets_custom)) + $subnets .= "subnet {$subnet_with_mask}\n"; } } } - if(is_array($subnets_custom)) { - foreach($subnets_custom as $sub) { + if (is_array($subnets_custom)) { + foreach ($subnets_custom as $sub) { if (!empty($sub) && is_subnet($sub)) $subnets .= "subnet {$sub}\n"; } @@ -138,8 +168,8 @@ function bandwidthd_install_config() { /* initialize to "" */ $dev = ""; - if(is_array($ifdescrs)) { - foreach($ifdescrs as $ifdescr) { + if (is_array($ifdescrs)) { + foreach ($ifdescrs as $ifdescr) { $descr = convert_friendly_interface_to_real_interface_name($ifdescr); $dev .= "dev \"$descr\"\n"; } @@ -176,7 +206,7 @@ $dev # intervals to skip before doing a graphing run $skip_intervals -# Graph cutoff is how many k must be transfered by an +# Graph cutoff is how many k must be transferred by an # ip before we bother to graph it $graph_cutoff @@ -190,11 +220,19 @@ $output_cdf_string #Read back the cdf file on startup $recover_cdf +# Standard postgres connect string, just like php, see postgres docs for +# details +$postgresql_string + +# Arbitrary sensor name, I recommend the sensors fully qualified domain +# name +$sensor_id_string + #Libpcap format filter string used to control what bandwidthd sees #Please always include "ip" in the string to avoid strange problems $filter_text -#Draw Graphs - This default to true to graph the traffic bandwidthd is recording +#Draw Graphs - This defaults to true to graph the traffic bandwidthd is recording #Usually set this to false if you only want cdf output or #you are using the database output option. Bandwidthd will use very little #ram and cpu if this is set to false. @@ -206,7 +244,7 @@ $meta_refresh EOF; $fd = fopen("{$bandwidthd_config_dir}/bandwidthd.conf","w"); - if(!$fd) { + if (!$fd) { log_error("could not open {$bandwidthd_config_dir}/bandwidthd.conf for writing"); exit; } @@ -314,7 +352,7 @@ EOD; if (!file_exists($bandwidthd_index_file)) { exec("echo \"Please start bandwidthd to populate this directory.\" > " . $bandwidthd_index_file); } - + if (($bandwidthd_enable) && ($output_cdf)) { // Use cron job to rotate logs every day at 00:01 install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", true, "1", "0"); diff --git a/config/bandwidthd/bandwidthd.xml b/config/bandwidthd/bandwidthd.xml index f306546a..672b5367 100644 --- a/config/bandwidthd/bandwidthd.xml +++ b/config/bandwidthd/bandwidthd.xml @@ -2,8 +2,8 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> + <![CDATA[ /* $Id$ */ /* ========================================================================== */ /* @@ -40,13 +40,13 @@ POSSIBILITY OF SUCH DAMAGE. */ /* ========================================================================== */ - ]]> + ]]> </copyright> <description>Describe your package here</description> <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>bandwidthd</name> - <version>2.0.1.4</version> + <version>2.0.1_5 pkg v.0.2</version> <title>Bandwidthd</title> <aftersaveredirect>/pkg_edit.php?xml=bandwidthd.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/bandwidthd.inc</include_file> @@ -60,6 +60,7 @@ <name>bandwidthd</name> <rcfile>bandwidthd.sh</rcfile> <executable>bandwidthd</executable> + <description>BandwidthD bandwidth monitoring daemon</description> </service> <tabs> <tab> @@ -69,7 +70,7 @@ </tab> <tab> <text>Access BandwidthD</text> - <url>/bandwidthd" target="_blank</url> + <url>/bandwidthd/index.html" target="_blank</url> </tab> </tabs> <configpath>installedpackages->package->bandwidthd</configpath> @@ -84,7 +85,7 @@ <fieldname>enable</fieldname> <type>checkbox</type> <description></description> - </field> + </field> <field> <fielddescr>Interface</fielddescr> <fieldname>active_interface</fieldname> @@ -92,7 +93,7 @@ <type>interfaces_selection</type> <required/> <default_value>lan</default_value> - </field> + </field> <field> <fielddescr>Subnet</fielddescr> <fieldname>subnets_custom</fieldname> @@ -131,6 +132,43 @@ <type>checkbox</type> </field> <field> + <fielddescr>output PostgreSQL</fielddescr> + <fieldname>outputpostgresql</fieldname> + <description>Log data to a PostgreSQL database.<br> + Get the postgreSQL schema and PHP files to display the results from: <a target="_new" href="https://github.com/individual-it/bandwidthd-pSQL-frontend">https://github.com/individual-it/bandwidthd-pSQL-frontend</a></description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Database host</fielddescr> + <fieldname>postgresqlhost</fieldname> + <description>Hostname of the postgreSQL database server.</description> + <type>input</type> + </field> + <field> + <fielddescr>Database name</fielddescr> + <fieldname>postgresqldatabase</fieldname> + <description>Database on the postgreSQL database server.</description> + <type>input</type> + </field> + <field> + <fielddescr>Database Username</fielddescr> + <fieldname>postgresqlusername</fieldname> + <description>Username of the postgreSQL database server.</description> + <type>input</type> + </field> + <field> + <fielddescr>Database Password</fielddescr> + <fieldname>postgresqlpassword</fieldname> + <description>Password of the postgreSQL database server.</description> + <type>password</type> + </field> + <field> + <fielddescr>sensor_id</fielddescr> + <fieldname>sensorid</fieldname> + <description>Arbitrary sensor name, I recommend the sensors fully qualified domain name.</description> + <type>input</type> + </field> + <field> <fielddescr>Filter</fielddescr> <fieldname>filter</fieldname> <description>Libpcap format filter string used to control what bandwidthd sees. Please always include "ip" in the string to avoid strange problems.</description> diff --git a/config/blinkled/blinkled.xml b/config/blinkled/blinkled.xml index b23c4dfc..d1141dbd 100644 --- a/config/blinkled/blinkled.xml +++ b/config/blinkled/blinkled.xml @@ -20,6 +20,7 @@ <name>blinkled</name> <rcfile>blinkled.sh</rcfile> <executable>blinkled</executable> + <description>Blinks LEDs to indicate network activity</description> </service> <fields> <field> diff --git a/config/blinkled8/blinkled.inc b/config/blinkled8/blinkled.inc index d50cc022..f466da94 100644 --- a/config/blinkled8/blinkled.inc +++ b/config/blinkled8/blinkled.inc @@ -1,10 +1,36 @@ <?php require_once("functions.inc"); +function blinkled_rcfile() { + global $config; + $blinkled_config = $config['installedpackages']['blinkled']['config'][0]; + $stop = <<<EOD +if [ `/bin/pgrep blinkled | /usr/bin/wc -l` != 0 ]; then + /usr/bin/killall -9 blinkled + while [ `/bin/pgrep blinkled | /usr/bin/wc -l` != 0 ]; do + sleep 1 + done + fi +EOD; + + $start = "{$stop}\n"; + if (($blinkled_config['enable_led2']) && ($blinkled_config['iface_led2'])) + $start .= "\t" . blinkled_launch(convert_friendly_interface_to_real_interface_name($blinkled_config['iface_led2']), 2, true) . "\n"; + if (($blinkled_config['enable_led3']) && ($blinkled_config['iface_led3'])) + $start .= "\t" . blinkled_launch(convert_friendly_interface_to_real_interface_name($blinkled_config['iface_led3']), 3, true) . "\n"; + + conf_mount_rw(); + write_rcfile(array( + 'file' => 'blinkled.sh', + 'start' => $start, + 'stop' => $stop) + ); + conf_mount_ro(); +} + function blinkled_running () { return ((int)exec('pgrep blinkled | wc -l') > 0); } - function sync_package_blinkled() { global $config; $blinkled_config = $config['installedpackages']['blinkled']['config'][0]; @@ -16,10 +42,15 @@ function sync_package_blinkled() { if(!blinkled_running()) { blinkled_start(); } + blinkled_rcfile(); } -function blinkled_launch($int, $led) { - mwexec("/usr/local/bin/blinkled -i " . escapeshellarg($int) . " -l /dev/led/led" . escapeshellarg($led)); +function blinkled_launch($int, $led, $return = false) { + $cmd = "/usr/local/bin/blinkled -i " . escapeshellarg($int) . " -l " . escapeshellarg("/dev/led/led{$led}"); + if ($return) + return $cmd; + else + mwexec($cmd); } function blinkled_start() { diff --git a/config/blinkled8/blinkled.xml b/config/blinkled8/blinkled.xml index 310d3810..5fb5ff7c 100644 --- a/config/blinkled8/blinkled.xml +++ b/config/blinkled8/blinkled.xml @@ -2,7 +2,7 @@ <packagegui> <title>Interfaces: Assign LEDs</title> <name>blinkled</name> - <version>20090710</version> + <version>0.4</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/blinkled.inc</include_file> <menu> @@ -25,6 +25,7 @@ <name>blinkled</name> <rcfile>blinkled.sh</rcfile> <executable>blinkled</executable> + <description>Blinks LEDs to indicate network activity</description> </service> <fields> <field> diff --git a/config/cron/cron.xml b/config/cron/cron.xml index 4110090f..71e524b3 100644 --- a/config/cron/cron.xml +++ b/config/cron/cron.xml @@ -55,7 +55,7 @@ <name>cron</name> <rcfile>cron.sh</rcfile> <executable>cron</executable> - <description>The cron utility is used to manage commands on a schedule.</description> + <description>Scheduled commands daemon</description> </service> <tabs> <tab> diff --git a/config/darkstat/darkstat.xml b/config/darkstat/darkstat.xml index c90b33cd..3263012b 100644 --- a/config/darkstat/darkstat.xml +++ b/config/darkstat/darkstat.xml @@ -58,6 +58,7 @@ <name>darkstat</name> <rcfile>darkstat.sh</rcfile> <executable>darkstat</executable> + <description>Darkstat bandwidth monitoring daemon</description> </service> <tabs> <tab> diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index bf48dd06..0f7010d6 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -3290,7 +3290,7 @@ ldap { # Certificate Verification requirements. Can be: # "never" (don't even bother trying) - # "allow" (try, but don't fail if the cerificate + # "allow" (try, but don't fail if the certificate # can't be verified) # "demand" (fail if the certificate doesn't verify.) # @@ -3449,7 +3449,7 @@ ldap ldap2{ # Certificate Verification requirements. Can be: # "never" (don't even bother trying) - # "allow" (try, but don't fail if the cerificate + # "allow" (try, but don't fail if the certificate # can't be verified) # "demand" (fail if the certificate doesn't verify.) # diff --git a/config/freeradius2/freeradiusmodulesldap.xml b/config/freeradius2/freeradiusmodulesldap.xml index c7b5e79d..aec71697 100644 --- a/config/freeradius2/freeradiusmodulesldap.xml +++ b/config/freeradius2/freeradiusmodulesldap.xml @@ -377,7 +377,7 @@ <description><![CDATA[Choose how the certs should be checked:<br><br> <b>never: </b>don't even bother trying<br> - <b>allow: </b>try but don't fail if the cerificate can't be verified<br> + <b>allow: </b>try but don't fail if the certificate can't be verified<br> <b>demand: </b>fail if the certificate doesn't verify]]></description> <type>select</type> <default_value>never</default_value> diff --git a/config/git/git.xml b/config/git/git.xml new file mode 100644 index 00000000..6c5254ae --- /dev/null +++ b/config/git/git.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + part of pfSense (http://www.pfSense.com) + Copyright (C) 2013 + All rights reserved. +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>git</description> + <requirements>None</requirements> + <faq></faq> + <name>git</name> + <version>0.0</version> + <title>git</title> +</packagegui>
\ No newline at end of file diff --git a/config/gwled/gwled.xml b/config/gwled/gwled.xml index f1d065a2..35df41ee 100644 --- a/config/gwled/gwled.xml +++ b/config/gwled/gwled.xml @@ -25,6 +25,7 @@ <name>gwled</name> <rcfile>gwled.sh</rcfile> <executable>gwled</executable> + <description>Gateway LED Indicator Daemon</description> </service> <fields> <field> diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index f8434327..5eee1024 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -742,7 +742,7 @@ function haproxy_writeconf($configfile) { $poolname .= "_" . $bconfig['svrport']; // Write this out once, and must be before any backend config text - if ($default_backend = "" || $bconfig['secondary'] != 'yes') { + if ($default_backend == "" || $bconfig['secondary'] != 'yes') { $default_backend = $poolname; } diff --git a/config/haproxy/haproxy.inc b/config/haproxy/haproxy.inc index 332cc8f7..aa8d5a3e 100644 --- a/config/haproxy/haproxy.inc +++ b/config/haproxy/haproxy.inc @@ -534,7 +534,7 @@ function haproxy_writeconf() { fwrite ($fd, "\tmaxconn\t\t\t" . $bind['max_connections'] . "\n"); if($bind['client_timeout']) - fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n"); + fwrite ($fd, "\ttimeout client\t\t" . $bind['client_timeout'] . "\n"); // Combine the rest of the listener configs @@ -637,6 +637,11 @@ function haproxy_is_running() { return $running; } +function haproxy_check_config() { + exec("/usr/local/sbin/haproxy -c -f /var/etc/haproxy.cfg 2>&1", $output); + return implode("\n", $output); +} + function haproxy_check_run($reload) { global $config, $g; diff --git a/config/haproxy/haproxy.xml b/config/haproxy/haproxy.xml index 0c897dc7..227d1b27 100644 --- a/config/haproxy/haproxy.xml +++ b/config/haproxy/haproxy.xml @@ -42,7 +42,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>haproxy</name> - <version>1.0</version> + <version>1.2.4</version> <title>HAProxy</title> <aftersaveredirect>/pkg_edit.php?xml=haproxy_pools.php</aftersaveredirect> <include_file>/usr/local/pkg/haproxy.inc</include_file> diff --git a/config/haproxy/haproxy_global.php b/config/haproxy/haproxy_global.php index c09b202f..aa046544 100755 --- a/config/haproxy/haproxy_global.php +++ b/config/haproxy/haproxy_global.php @@ -89,6 +89,12 @@ if ($_POST) { touch($d_haproxyconfdirty_path); write_config(); } + + if ($_POST['Submit'] == "Save and Check Config") { + $check_output = haproxy_check_config(); + if (empty($check_output)) + $check_output = "No output."; + } } } @@ -159,6 +165,14 @@ function enable_change(enable_change) { <td> <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php if ($_POST['Submit'] == "Save and Check Config"): ?> + <tr><td colspan="2" valign="top" class="vncell"> +Configuration check output: +<pre> +<?= $check_output; ?> +</pre> + </td></tr> + <?php endif; ?> <tr> <td colspan="2" valign="top" class="listtopic">General settings</td> </tr> @@ -386,6 +400,7 @@ function enable_change(enable_change) { <td width="22%" valign="top"> </td> <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)"> + <input name="Submit" type="submit" class="formbtn" value="Save and Check Config" onClick="enable_change(true)"> </td> </td> </tr> diff --git a/config/havp/havp.inc b/config/havp/havp.inc index 36c053c9..29a109ba 100644 --- a/config/havp/havp.inc +++ b/config/havp/havp.inc @@ -79,7 +79,7 @@ define('HVDEF_PID_FILE', '/var/run/havp.pid'); define('HVDEF_WORK_DIR', '/usr/local/etc/havp'); $pfSversion = str_replace("\s", "", file_get_contents("/etc/version")); -if(preg_match("/^2.0/",$pfSversion)) +if(preg_match("/^2./",$pfSversion)) define('HVDEF_LOG_DIR', '/var/log/havp'); else define('HVDEF_LOG_DIR', '/var/log'); @@ -413,6 +413,10 @@ function havp_check_system() havp_set_file_access(HVDEF_TEMPLATES, HVDEF_USER, ''); havp_set_file_access(HVDEF_TEMPLATES_EX, HVDEF_USER, ''); + # havp log dir + if (!file_exists(HVDEF_LOG_DIR)) + mwexec("mkdir -p " . HVDEF_LOG_DIR); + havp_set_file_access(HVDEF_LOG_DIR, HVDEF_USER, ''); # log files exists ? if (!file_exists(HVDEF_HAVP_ACCESSLOG)) file_put_contents(HVDEF_HAVP_ACCESSLOG, ''); if (!file_exists(HVDEF_HAVP_ERRORLOG)) file_put_contents(HVDEF_HAVP_ERRORLOG, ''); @@ -427,12 +431,16 @@ function havp_check_system() if (!file_exists(HVDEF_FRESHCLAM_CONF)) file_put_contents(HVDEF_FRESHCLAM_CONF, ''); havp_set_file_access(HVDEF_FRESHCLAM_CONF, HVDEF_AVUSER, '0664'); + # clam log dir + if (!file_exists(HVDEF_AVLOG_DIR)) + mwexec("mkdir -p " . HVDEF_AVLOG_DIR); + havp_set_file_access(HVDEF_AVLOG_DIR, HVDEF_USER, ''); # log files exists ? if (!file_exists(HVDEF_CLAM_LOG)) file_put_contents(HVDEF_CLAM_LOG, ''); if (!file_exists(HVDEF_FRESHCLAM_LOG)) file_put_contents(HVDEF_FRESHCLAM_LOG, ''); # log dir permissions - if (!file_exists(HVDEF_AVLOG_DIR)) - mwexec("mkdir -p " . HVDEF_AVLOG_DIR); + # if (!file_exists(HVDEF_AVLOG_DIR)) + # mwexec("mkdir -p " . HVDEF_AVLOG_DIR); havp_set_file_access(HVDEF_AVLOG_DIR, HVDEF_USER, '0777'); # =-= ClamAV =-= diff --git a/config/iftop/iftop.xml b/config/iftop/iftop.xml new file mode 100644 index 00000000..64afbc79 --- /dev/null +++ b/config/iftop/iftop.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + part of pfSense (http://www.pfSense.com) + Copyright (C) 2013 + All rights reserved. +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>iftop</description> + <requirements>None</requirements> + <faq></faq> + <name>iftop</name> + <version>0.0</version> + <title>iftop</title> +</packagegui>
\ No newline at end of file diff --git a/config/iperf.xml b/config/iperf.xml index e5de8b85..2fe49699 100644 --- a/config/iperf.xml +++ b/config/iperf.xml @@ -59,6 +59,7 @@ <service> <name>iperf</name> <executable>iperf</executable> + <description>iperf network performance testing daemon/client</description> </service> <tabs> <tab> diff --git a/config/ipmitool/ipmitool.xml b/config/ipmitool/ipmitool.xml new file mode 100644 index 00000000..a42baa36 --- /dev/null +++ b/config/ipmitool/ipmitool.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + part of pfSense (http://www.pfSense.com) + Copyright (C) 2013 + All rights reserved. +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>ipmitool</description> + <requirements>None</requirements> + <faq></faq> + <name>ipmitool</name> + <version>0.0</version> + <title>ipmitool</title> +</packagegui>
\ No newline at end of file diff --git a/config/lcdproc-dev/lcdproc.inc b/config/lcdproc-dev/lcdproc.inc index 1436c07d..8b3ce28f 100644 --- a/config/lcdproc-dev/lcdproc.inc +++ b/config/lcdproc-dev/lcdproc.inc @@ -81,6 +81,7 @@ case "lpt1": case "ugen0.2": case "ugen1.2": + case "ugen1.3"; case "ugen2.2": continue; break; @@ -177,6 +178,9 @@ case "ugen1.2": $realport = "/dev/ugen1.2"; break; + case "ugen1.3": + $realport = "/dev/ugen1.3"; + break; case "ugen2.2": $realport = "/dev/ugen2.2"; break; @@ -303,9 +307,11 @@ case "hd44780": $config_text .= "[{$lcdproc_config['driver']}]\n"; $config_text .= "driverpath=/usr/local/lib/lcdproc/\n"; - $config_text .= "ConnectionType=lcd2usb\n"; + $config_text .= "ConnectionType={$lcdproc_config['connection_type']}\n"; + $config_text .= "Device={$realport}\n"; + $config_text .= "Port=0x378\n"; $config_text .= "Speed=0\n"; - $config_text .= "Keypad=no\n"; + $config_text .= "Keypad=yes\n"; $config_text .= set_lcd_value("contrast", 1000, 850); $config_text .= set_lcd_value("brightness", 1000, 800); $config_text .= set_lcd_value("offbrightness", 1000, 0); @@ -315,6 +321,16 @@ $config_text .= "DelayMult=1\n"; $config_text .= "DelayBus=true\n"; $config_text .= "Size={$lcdproc_config['size']}\n"; + if ($lcdproc_config[connection_type] == "winamp") + { + $config_text .= "KeyDirect_1=Enter\n"; + $config_text .= "KeyDirect_2=Up\n"; + $config_text .= "KeyDirect_3=Down\n"; + $config_text .= "KeyDirect_4=Escape\n"; + } + else + { + } break; case "icp_a106": $config_text .= "[{$lcdproc_config['driver']}]\n"; @@ -531,4 +547,4 @@ EOD; } return $returnvalue; } -?>
\ No newline at end of file +?> diff --git a/config/lcdproc-dev/lcdproc.xml b/config/lcdproc-dev/lcdproc.xml index 3db83ccd..e2476467 100644 --- a/config/lcdproc-dev/lcdproc.xml +++ b/config/lcdproc-dev/lcdproc.xml @@ -1,8 +1,8 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> - <title>Services: LCDproc 0.5.5 pkg v. 0.9.4</title> + <title>Services: LCDproc 0.5.6 pkg v. 0.9.7</title> <name>lcdproc</name> - <version>0.5.5 pkg v. 0.9.4</version> + <version>0.5.6 pkg v. 0.9.7</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/lcdproc.inc</include_file> <tabs> @@ -100,9 +100,12 @@ <value>ugen1.2</value> <name>USB Com port 2 alternate (/dev/ugen1.2)</name> </option> + <value>ugen1.3</value> + <name>USB Com port 3 alternate (/dev/ugen1.3)</name> + </option> <option> <value>ugen2.2</value> - <name>USB Com port 3 alternate (/dev/ugen2.2)</name> + <name>USB Com port 4 alternate (/dev/ugen2.2)</name> </option> </options> <default_value>ucom1</default_value> @@ -302,6 +305,87 @@ <default_value>pyramid</default_value> </field> <field> + <fieldname>connection_type</fieldname> + <fielddescr>Connection Type</fielddescr> + <description>Set connection type for the HD44780 driver</description> + <type>select</type> + <options> + <option> + <value>4bit</value> + <name>4bit wiring to parallel port</name> + </option> + <option> + <value>8bit</value> + <name>8bit wiring to parallel port(lcdtime)</name> + </option> + <option> + <value>winamp</value> + <name>8bit wiring winamp style to parallel port</name> + </option> + <option> + <value>serialLpt</value> + <name>Serial LPT wiring</name> + </option> + <option> + <value>picanlcd</value> + <name>PIC-an-LCD serial device</name> + </option> + <option> + <value>lcdserializer</value> + <name>LCD serializer</name> + </option> + <option> + <value>los-panel</value> + <name>LCD on serial panel device</name> + </option> + <option> + <value>vdr-lcd</value> + <name>VDR LCD serial device</name> + </option> + <option> + <value>vdr-wakeup</value> + <name>VDR-Wakeup module</name> + </option> + <option> + <value>pertelian</value> + <name>Pertelian X2040 LCD</name> + </option> + <option> + <value>bwctusb</value> + <name>BWCT USB device</name> + </option> + <option> + <value>lcd2usb</value> + <name>Till Harbaum's LCD2USB</name> + </option> + <option> + <value>usbtiny</value> + <name>Dick Streefland's USBtiny</name> + </option> + <option> + <value>lis2</value> + <name>LIS2 from VLSystem</name> + </option> + <option> + <value>mplay</value> + <name>MPlay Blast from VLSystem</name> + </option> + <option> + <value>ftdi</value> + <name>LCD connected to FTDI 2232D USB chip</name> + </option> + <option> + <value>usblcd</value> + <name>USBLCD adapter from Adams IT Services</name> + </option> + <option> + <value>i2c</value> + <name>LCD driven by PCF8574/PCA9554 connected via i2c</name> + </option> + </options> + <default_value>lcd2usb</default_value> + </field> + <field> <fieldname>refresh_frequency</fieldname> <fielddescr>Refresh frequency</fielddescr> <description>Set the refresh frequency of the information on the LCD Panel</description> diff --git a/config/nrpe2/nrpe2.inc b/config/nrpe2/nrpe2.inc index cd3fa013..25964b16 100644 --- a/config/nrpe2/nrpe2.inc +++ b/config/nrpe2/nrpe2.inc @@ -159,8 +159,12 @@ function nrpe2_custom_php_write_config() { conf_mount_rw(); $cmds = array(); foreach ($config['installedpackages']['nrpe2']['config'][0]['row'] as $cmd) { + $sudo_bin = "/usr/local/bin/sudo"; + $sudo = (isset($cmd['sudo']) && is_executable($sudo_bin)) ? "{$sudo_bin} " : ""; + $wcmd = !empty($cmd['warning']) ? "-w {$cmd['warning']}" : ""; + $ccmd = !empty($cmd['critical']) ? "-c {$cmd['critical']}" : ""; if (is_executable("{$nagios_check_path}/{$cmd['command']}")) - $cmds[] = "command[{$cmd['name']}]={$nagios_check_path}/{$cmd['command']} -w {$cmd['warning']} -c {$cmd['critical']} {$cmd['extra']}\n"; + $cmds[] = "command[{$cmd['name']}]={$sudo}{$nagios_check_path}/{$cmd['command']} {$wcmd} {$ccmd} {$cmd['extra']}\n"; } $commands = implode($cmds); diff --git a/config/nrpe2/nrpe2.xml b/config/nrpe2/nrpe2.xml index e013b47c..5b84b97f 100644 --- a/config/nrpe2/nrpe2.xml +++ b/config/nrpe2/nrpe2.xml @@ -3,7 +3,7 @@ <description>Nagios NRPEv2</description> <requirements>Describe your package requirements here</requirements> <name>nrpe2</name> - <version>2.11</version> + <version>2.2</version> <title>NRPEv2</title> <aftersaveredirect>/pkg_edit.php?xml=nrpe2.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/nrpe2.inc</include_file> diff --git a/config/ntop/ntop.xml b/config/ntop/ntop.xml index 3b50c847..b635ef1f 100644 --- a/config/ntop/ntop.xml +++ b/config/ntop/ntop.xml @@ -64,6 +64,7 @@ <name>ntop</name> <rcfile>ntop.sh</rcfile> <executable>ntop</executable> + <description>NTOP bandwidth monitoring/graphing</description> </service> <tabs> <tab> diff --git a/config/ntop2/ntop.xml b/config/ntop2/ntop.xml index 898df4d7..4db9e9c8 100644 --- a/config/ntop2/ntop.xml +++ b/config/ntop2/ntop.xml @@ -60,6 +60,7 @@ <name>ntop</name> <rcfile>ntop.sh</rcfile> <executable>ntop</executable> + <description>NTOP bandwidth monitoring/graphing</description> </service> <tabs> <tab> diff --git a/config/nut/nut.xml b/config/nut/nut.xml index 75a5c246..4a9c3d46 100644 --- a/config/nut/nut.xml +++ b/config/nut/nut.xml @@ -61,6 +61,7 @@ <name>nut</name> <rcfile>nut.sh</rcfile> <executable>upsmon</executable> + <description>UPS monitoring daemon</description> </service> <tabs> <tab> @@ -599,6 +600,10 @@ <name>pw</name> <value>pw</value> </option> + <option> + <name>cyberpower</name> + <value>cyberpower</value> + </option> </options> </field> <field> diff --git a/config/openbgpd/openbgpd.xml b/config/openbgpd/openbgpd.xml index 58107d48..73bda244 100644 --- a/config/openbgpd/openbgpd.xml +++ b/config/openbgpd/openbgpd.xml @@ -49,6 +49,7 @@ <name>bgpd</name> <rcfile>bgpd.sh</rcfile> <executable>bgpd</executable> + <description>OpenBSD BGP Daemon</description> </service> <additional_files_needed> <prefix>/usr/local/www/</prefix> diff --git a/config/openospfd/openospfd.xml b/config/openospfd/openospfd.xml index 278a91a0..ab948e7a 100644 --- a/config/openospfd/openospfd.xml +++ b/config/openospfd/openospfd.xml @@ -45,6 +45,7 @@ <name>OpenOSPFd</name> <rcfile>ospfd.sh</rcfile> <executable>ospfd</executable> + <description>OpenBSD OSPF Daemon</description> </service> <fields> <field> diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index ac006d20..1d1609ed 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -156,7 +156,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { } elseif (($settings['mode'] == "server_tls") || (($settings['mode'] == "server_tls_user") && ($settings['authmode'] != "Local Database"))) { $cert = $config['cert'][$crtid]; if (!$cert) - $input_errors[] = "Could not find client certifficate."; + $input_errors[] = "Could not find client certificate."; } else $nokeys = true; @@ -316,11 +316,16 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quotese if ($openvpnmanager) { + if (!empty($settings['client_mgmt_port'])) { + $client_mgmt_port = $settings['client_mgmt_port']; + } else { + $client_mgmt_port = 166; + } $conf .= $nl; $conf .= "# dont terminate service process on wrong password, ask again{$nl}"; $conf .= "auth-retry interact{$nl}"; $conf .= "# open management channel{$nl}"; - $conf .= "management 127.0.0.1 166{$nl}"; + $conf .= "management 127.0.0.1 {$client_mgmt_port}{$nl}"; $conf .= "# wait for management to explicitly start connection{$nl}"; $conf .= "management-hold{$nl}"; $conf .= "# query management channel for user/pass{$nl}"; diff --git a/config/quagga_ospfd/quagga_ospfd.xml b/config/quagga_ospfd/quagga_ospfd.xml index a03f9e3c..61bf3e94 100644 --- a/config/quagga_ospfd/quagga_ospfd.xml +++ b/config/quagga_ospfd/quagga_ospfd.xml @@ -50,11 +50,13 @@ <name>Quagga OSPFd</name> <rcfile>quagga.sh</rcfile> <executable>ospfd</executable> + <description>OSPF routing daemon</description> </service> <service> <name>Quagga Zebra</name> <rcfile>quagga.sh</rcfile> <executable>zebra</executable> + <description>Quagga core/abstraction daemon</description> </service> <fields> <field> diff --git a/config/servicewatchdog/services_servicewatchdog.php b/config/servicewatchdog/services_servicewatchdog.php new file mode 100644 index 00000000..920fd1bb --- /dev/null +++ b/config/servicewatchdog/services_servicewatchdog.php @@ -0,0 +1,211 @@ +<?php +/* + services_servicewatchdog.php + Copyright (C) 2013 Jim Pingle + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_MODULE: system +*/ + +##|+PRIV +##|*IDENT=page-services-servicewatchdog +##|*NAME=Services: Service Watchdog +##|*DESCR=Allow access to the 'Services: Service Watchdog' page. +##|*MATCH=services_servicewatchdog.php* +##|-PRIV + +require("guiconfig.inc"); +require_once("functions.inc"); +require_once("service-utils.inc"); +require_once("servicewatchdog.inc"); + +if (!is_array($config['installedpackages']['servicewatchdog']['item'])) + $config['installedpackages']['servicewatchdog']['item'] = array(); + +$a_pwservices = &$config['installedpackages']['servicewatchdog']['item']; + +/* if a custom message has been passed along, lets process it */ +if ($_GET['savemsg']) + $savemsg = $_GET['savemsg']; + +if ($_GET['act'] == "del") { + if ($a_pwservices[$_GET['id']]) { + unset($a_pwservices[$_GET['id']]); + servicewatchdog_cron_job(); + write_config(); + header("Location: services_servicewatchdog.php"); + exit; + } +} + +if (isset($_POST['del_x'])) { + /* delete selected services */ + if (is_array($_POST['pwservices']) && count($_POST['pwservices'])) { + foreach ($_POST['pwservices'] as $servicei) { + unset($a_pwservices[$servicei]); + } + servicewatchdog_cron_job(); + write_config(); + header("Location: services_servicewatchdog.php"); + exit; + } +} else { + /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */ + unset($movebtn); + foreach ($_POST as $pn => $pd) { + if (preg_match("/move_(\d+)_x/", $pn, $matches)) { + $movebtn = $matches[1]; + break; + } + } + /* move selected services before this service */ + if (isset($movebtn) && is_array($_POST['pwservices']) && count($_POST['pwservices'])) { + $a_pwservices_new = array(); + + /* copy all services < $movebtn and not selected */ + for ($i = 0; $i < $movebtn; $i++) { + if (!in_array($i, $_POST['pwservices'])) + $a_pwservices_new[] = $a_pwservices[$i]; + } + + /* copy all selected services */ + for ($i = 0; $i < count($a_pwservices); $i++) { + if ($i == $movebtn) + continue; + if (in_array($i, $_POST['pwservices'])) + $a_pwservices_new[] = $a_pwservices[$i]; + } + + /* copy $movebtn service */ + if ($movebtn < count($a_pwservices)) + $a_pwservices_new[] = $a_pwservices[$movebtn]; + + /* copy all services > $movebtn and not selected */ + for ($i = $movebtn+1; $i < count($a_pwservices); $i++) { + if (!in_array($i, $_POST['pwservices'])) + $a_pwservices_new[] = $a_pwservices[$i]; + } + $a_pwservices = $a_pwservices_new; + servicewatchdog_cron_job(); + write_config(); + header("Location: services_servicewatchdog.php"); + return; + } +} + +$closehead = false; +$pgtitle = array(gettext("Services"),gettext("Service Watchdog")); +include("head.inc"); + +?> +<script type="text/javascript" src="/javascript/domTT/domLib.js"></script> +<script type="text/javascript" src="/javascript/domTT/domTT.js"></script> +<script type="text/javascript" src="/javascript/domTT/behaviour.js"></script> +<script type="text/javascript" src="/javascript/domTT/fadomatic.js"></script> + +<link type="text/css" rel="stylesheet" href="/javascript/chosen/chosen.css" /> +</head> +<body link="#000000" vlink="#000000" alink="#000000"> +<?php include("fbegin.inc"); ?> +<form action="services_servicewatchdog.php" method="post" name="iform"> +<script type="text/javascript" language="javascript" src="/javascript/row_toggle.js"></script> +<?php if ($savemsg) print_info_box($savemsg); ?> +<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="services to monitor"> +<tr><td><div id="mainarea"> +<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area"> +<tr><td colspan="8" align="center"> +<?php echo gettext("This page allows you to select services to be monitored so that they may be automatically restarted if they crash or are stopped."); ?> +<br/><br/> +</td></tr> +<tr id="frheader"> +<td width="5%" class="list"> </td> +<td width="30%" class="listhdrr"><?=gettext("Service Name");?></td> +<td width="60%" class="listhdrr"><?=gettext("Description");?></td> +<td width="5%" class="list"> +<table border="0" cellspacing="0" cellpadding="1" summary="buttons"> + <tr><td width="17"> + <?php if (count($a_pwservices) == 0): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected services");?>" border="0" alt="delete" /> + <?php else: ?> + <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected services"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected services?");?>')" /> + <?php endif; ?> + </td> + <td><a href="services_servicewatchdog_add.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add new service"); ?>" alt="add" /></a></td> + </tr> +</table> +</td> +</tr> + +<?php +$nservices = $i = 0; +foreach ($a_pwservices as $thisservice): +?> + <tr valign="top" id="fr<?=$nservices;?>"> + <td class="listt"><input type="checkbox" id="frc<?=$nservices;?>" name="pwservices[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nservices;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /></td> + <td class="listlr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> + <?=$thisservice['name'];?> + </td> + <td class="listr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> + <?=$thisservice['description'];?> + </td> + <td valign="middle" class="list" nowrap> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td><input onmouseover="fr_insline(<?=$nservices;?>, true)" onmouseout="fr_insline(<?=$nservices;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="<?=gettext("move selected services before this service");?>" height="17" type="image" width="17" border="0" /></td> + <td align="center" valign="middle"><a href="services_servicewatchdog.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this service?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete service");?>" alt="delete" /></a></td> + </tr> + </table> + </td></tr> +<?php $i++; $nservices++; endforeach; ?> + <tr> + <td class="list" colspan="3"></td> + <td class="list" valign="middle" nowrap> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td><?php if ($nservices == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected services to end"); ?>" border="0" alt="move" /><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="<?=gettext("move selected services to end");?>" border="0" alt="move" /><?php endif; ?></td> + </tr> + <tr> + <td width="17"> + <?php if (count($a_pwservices) == 0): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected services");?>" border="0" alt="delete" /> + <?php else: ?> + <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected services"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected services?");?>')" /> + <?php endif; ?> + </td> + <td><a href="services_servicewatchdog_add.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add new service"); ?>" alt="add" /></a></td> + </tr> + </table> + </td> + </tr> + <tr><td></td><td colspan="3"> + <?php echo gettext("Click to select a service and use the arrows to re-order them in the list. Higher services are checked first."); ?> + </td><td></td></tr> + </table> +</div></td></tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/servicewatchdog/services_servicewatchdog_add.php b/config/servicewatchdog/services_servicewatchdog_add.php new file mode 100644 index 00000000..11e5e284 --- /dev/null +++ b/config/servicewatchdog/services_servicewatchdog_add.php @@ -0,0 +1,117 @@ +<?php +/* + services_servicewatchdog_add.php + Copyright (C) 2013 Jim Pingle + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_MODULE: system +*/ + +##|+PRIV +##|*IDENT=page-services-servicewatchdog-add +##|*NAME=Services: Add Service Watchdog Services +##|*DESCR=Allow access to the 'Add Service Watchdog Services' page. +##|*MATCH=services_servicewatchdog.php-add* +##|-PRIV + +require("guiconfig.inc"); +require_once("service-utils.inc"); +require_once("servicewatchdog.inc"); + +if (!is_array($config['installedpackages']['servicewatchdog']['item'])) { + $config['installedpackages']['servicewatchdog']['item'] = array(); +} +$a_pwservices = &$config['installedpackages']['servicewatchdog']['item']; +// Pre-load "cron" into this array to blacklist it from being offered as a choice. +$a_pwservice_names = array("cron"); +foreach ($a_pwservices as $svc) { + $a_pwservice_names[] = $svc['name']; +} +$system_services = get_services(); + +unset($input_errors); + +if ($_POST) { + if (!is_numeric($_POST['svcid'])) + + + if (!isset($system_services[$_POST['svcid']])) { + $input_errors[] = gettext("The supplied service appears to be invalid."); + } + + if (!$input_errors) { + $a_pwservices[] = $system_services[$_POST['svcid']]; + servicewatchdog_cron_job(); + write_config(); + + header("Location: services_servicewatchdog.php"); + return; + } +} + +$closehead = false; +$pgtitle = array(gettext("Services"),gettext("servicewatchdog"), gettext("Add")); +include("head.inc"); + +?> +<link type="text/css" rel="stylesheet" href="/pfCenter/javascript/chosen/chosen.css" /> +<script src="/pfCenter/javascript/chosen/chosen.proto.js" type="text/javascript"></script> +</head> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<form action="services_servicewatchdog_add.php" method="post" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="add monitored service"> +<tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Add Service Entry"); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Service to Add:"); ?></td> + <td width="78%" class="vtable"> + <select name="svcid" class="formselect" id="svcid"> +<?php $i=0; + foreach ($system_services as $svc): ?> + <?php if (!servicewatchdog_is_service_watched($svc)): ?> + <?php $svc['description'] = empty($svc['description']) ? get_pkg_descr($svc['name']) : $svc['description']; ?> + <option value="<?= $i ?>"><?=$svc['name'];?>: <?= strlen($svc['description']) > 50 ? substr($svc['description'], 0, 50) . "..." : $svc['description'];?></option> + <?php endif; + $i++; ?> +<?php endforeach; ?> + </select> + </td> +</tr> +<tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Add"); ?>" /> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> + </td> +</tr> +</table> +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/servicewatchdog/servicewatchdog.inc b/config/servicewatchdog/servicewatchdog.inc new file mode 100644 index 00000000..1bdb1ce9 --- /dev/null +++ b/config/servicewatchdog/servicewatchdog.inc @@ -0,0 +1,83 @@ +<?php +require_once("config.inc"); +require_once("services.inc"); +require_once("service-utils.inc"); +require_once("util.inc"); + +function servicewatchdog_service_matches($svc1, $svc2) { + /* If the arrays are equal, it must be the same service. */ + if ($svc1 == $svc2) + return true; + /* If the names are different, they must not be the same. */ + if ($svc1['name'] != $svc2['name']) + return false; + switch ($svc1['name']) { + case "openvpn": + if (($svc1['mode'] == $svc2['mode']) && ($svc1['vpnid'] == $svc2['vpnid'])) + return true; + else + return false; + break; + case "captiveportal": + if ($svc1['zone'] == $svc2['zone']) + return true; + else + return false; + break; + default: + /* Other services must be the same if the name matches. */ + return true; + } +} + +function servicewatchdog_is_service_watched($svc) { + global $config; + if (!is_array($config['installedpackages']['servicewatchdog']['item'])) { + $config['installedpackages']['servicewatchdog']['item'] = array(); + } + $a_pwservices = &$config['installedpackages']['servicewatchdog']['item']; + $blacklisted_services = array("cron"); + + if (empty($svc['name']) || in_array($svc['name'], $blacklisted_services)) + return true; + + foreach ($a_pwservices as $a_svc) { + if (servicewatchdog_service_matches($svc, $a_svc)) + return true; + } + return false; +} + +function servicewatchdog_cron_job() { + global $config; + if (!is_array($config['installedpackages']['servicewatchdog']['item'])) { + $config['installedpackages']['servicewatchdog']['item'] = array(); + } + $a_pwservices = &$config['installedpackages']['servicewatchdog']['item']; + + if (count($a_pwservices) > 0) { + // Add the cron job if it doesn't exist. + install_cron_job("/usr/local/pkg/servicewatchdog_cron.php", true, "*/1"); + } else { + // Remove the cron job + install_cron_job("/usr/local/pkg/servicewatchdog_cron.php", false, "*/1"); + } +} + +function servicewatchdog_check_services() { + global $config; + if (!is_array($config['installedpackages']['servicewatchdog']['item'])) { + $config['installedpackages']['servicewatchdog']['item'] = array(); + } + $a_pwservices = &$config['installedpackages']['servicewatchdog']['item']; + + foreach ($a_pwservices as $svc) { + if (!get_service_status($svc)) { + $descr = strlen($svc['description']) > 50 ? substr($svc['description'], 0, 50) . "..." : $svc['description']; + log_error("Service Watchdog detected service {$svc['name']} stopped. Restarting {$svc['name']} ({$descr})"); + service_control_start($svc['name'], $svc); + } + } +} + +?>
\ No newline at end of file diff --git a/config/servicewatchdog/servicewatchdog.xml b/config/servicewatchdog/servicewatchdog.xml new file mode 100644 index 00000000..5e1ce309 --- /dev/null +++ b/config/servicewatchdog/servicewatchdog.xml @@ -0,0 +1,72 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + servicewatchdog.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2013 Jim Pingle + All rights reserved. +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Service Watchdog</description> + <requirements>None</requirements> + <faq>Monitors for stopped services and restarts them.</faq> + <name>Service Watchdog</name> + <version>1.4</version> + <title>Services: Service Watchdog</title> + <include_file>/usr/local/pkg/servicewatchdog.inc</include_file> + <menu> + <name>Service Watchdog</name> + <tooltiptext></tooltiptext> + <section>Services</section> + <url>/services_servicewatchdog.php</url> + </menu> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>644</chmod> + <item>http://www.pfsense.com/packages/config/servicewatchdog/services_servicewatchdog.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>644</chmod> + <item>http://www.pfsense.com/packages/config/servicewatchdog/services_servicewatchdog_add.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>755</chmod> + <item>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog_cron.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>644</chmod> + <item>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog.inc</item> + </additional_files_needed> +</packagegui>
\ No newline at end of file diff --git a/config/servicewatchdog/servicewatchdog_cron.php b/config/servicewatchdog/servicewatchdog_cron.php new file mode 100644 index 00000000..004afd97 --- /dev/null +++ b/config/servicewatchdog/servicewatchdog_cron.php @@ -0,0 +1,13 @@ +#!/usr/local/bin/php -f +<?php +require_once("globals.inc"); +require_once("servicewatchdog.inc"); + +global $g; + +/* Do nothing at bootup. */ +if ($g['booting'] || file_exists("{$g['varrun_path']}/booting")) + return; + +servicewatchdog_check_services(); +?>
\ No newline at end of file diff --git a/config/siproxd.inc b/config/siproxd.inc index 13254a42..a34f5b34 100644 --- a/config/siproxd.inc +++ b/config/siproxd.inc @@ -70,8 +70,8 @@ function siproxd_generate_rules($type) { } /* proxy is turned off in package settings */ - if($siproxd_conf['rtpenable'] == "0") { - log_error("WARNING: siproxd RTP proxy has not been enabled. Not installing rules."); + if($siproxd_conf['sipenable'] == "0") { + log_error("WARNING: siproxd proxy has not been enabled. Not installing rules."); return "\n"; } @@ -95,7 +95,9 @@ function siproxd_generate_rules($type) { if($iface <> "") { $rules .= "# allow SIP signaling and RTP traffic\n"; $rules .= "pass in on {$iface} proto udp from any to any port = {$port}\n"; - $rules .= "pass in on {$iface} proto udp from any to any port {$rtplower}:{$rtpupper}\n"; + if($siproxd_conf['rtpenable'] == "1") { + $rules .= "pass in on {$iface} proto udp from any to any port {$rtplower}:{$rtpupper}\n"; + } } } break; @@ -125,7 +127,7 @@ function sync_package_siproxd() { fwrite($fout, "# package management system.\n\n"); /* proxy is turned off in package settings */ - if($siproxd_conf['rtpenable'] == "0") { + if($siproxd_conf['sipenable'] == "0") { fclose($fout); return; } diff --git a/config/siproxd.xml b/config/siproxd.xml index 1176a423..1e16a9ea 100644 --- a/config/siproxd.xml +++ b/config/siproxd.xml @@ -84,6 +84,12 @@ </additional_files_needed> <fields> <field> + <fielddescr>Enable siproxd</fielddescr> + <fieldname>sipenable</fieldname> + <description>Enable or disable siproxd</description> + <type>checkbox</type> + </field> + <field> <fielddescr>Inbound interface</fielddescr> <fieldname>if_inbound</fieldname> <description>Select the inbound interface.</description> @@ -335,4 +341,4 @@ <custom_php_validation_command> validate_form_siproxd($_POST, &$input_errors); </custom_php_validation_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/snort-dev/snort.xml b/config/snort-dev/snort.xml index 4f687c9c..8f64a5e3 100644 --- a/config/snort-dev/snort.xml +++ b/config/snort-dev/snort.xml @@ -59,8 +59,7 @@ <name>snort</name> <rcfile>snort.sh</rcfile> <executable>snort</executable> - <description>Snort is the most widely deployed IDS/IPS technology - worldwide.</description> + <description>Snort IDS/IPS Daemon</description> </service> <tabs> </tabs> diff --git a/config/snort/snort.xml b/config/snort/snort.xml index ed731f74..ed71abae 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -59,7 +59,7 @@ <name>snort</name> <rcfile>snort.sh</rcfile> <executable>snort</executable> - <description>Snort is the most widely deployed IDS/IPS technology worldwide.</description> + <description>Snort IDS/IPS Daemon</description> </service> <tabs> </tabs> diff --git a/config/spamd/spamd.xml b/config/spamd/spamd.xml index 83221d3d..76d39af9 100644 --- a/config/spamd/spamd.xml +++ b/config/spamd/spamd.xml @@ -56,6 +56,7 @@ <name>spamd</name> <rcfile>spamd.sh</rcfile> <executable>spamd</executable> + <description>SPAMD Greylisting Daemon</description> </service> <tabs> <tab> diff --git a/config/squid3/33/check_ip.php b/config/squid3/33/check_ip.php new file mode 100644 index 00000000..b8f64256 --- /dev/null +++ b/config/squid3/33/check_ip.php @@ -0,0 +1,85 @@ +#!/usr/local/bin/php -q +<?php +/* $Id$ */ +/* + check_ip.php + Copyright (C) 2013 Marcello Coutinho + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +// stdin loop +if (! defined(STDIN)) { + define("STDIN", fopen("php://stdin", "r")); +} +if (! defined(STDOUT)){ + define("STDOUT", fopen('php://stdout', 'w')); + } +while( !feof(STDIN)){ + $line = trim(fgets(STDIN)); + // %SRC + +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +unset($cp_db); +if ($pf_version > 2.0){ + $dir="/var/db"; + $files=scandir($dir); + foreach ($files as $file){ + if (preg_match("/captive.*db/",$file)){ + $dbhandle = sqlite_open("$dir/$file", 0666, $error); + if ($dbhandle){ + $query = "select * from captiveportal"; + $result = sqlite_query($dbhandle, $query); + if ($result){ + $row = sqlite_fetch_array($result, SQLITE_ASSOC); + $cp_db[]=implode(",",$row); + sqlite_close($dbhandle); + } + } + } + } + } +else{ + $filename="/var/db/captiveportal.db"; + if (file_exists($filename)) + $cp_db=file($filename); +} + + $usuario=""; + // 1376630450,2,172.16.3.65,00:50:56:9c:00:c7,admin,e1779ea20d0a11c7,,,, + if (is_array($cp_db)){ + foreach ($cp_db as $cpl){ + $fields=explode(",",$cpl); + if ($fields[2] != "" && $fields[2]==$line) + $usuario=$fields[4]; + } + } + if ($usuario !="") + $resposta="OK user={$usuario}"; + else + $resposta="ERR"; + fwrite (STDOUT, "{$resposta}\n"); + unset($cp_db); +} +?> + diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc index a65753a1..5ffa14c3 100644 --- a/config/sudo/sudo.inc +++ b/config/sudo/sudo.inc @@ -26,6 +26,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once("config.inc"); $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); switch ($pfs_version) { @@ -71,6 +72,7 @@ function sudo_install() { function sudo_write_config() { global $config; $sudoers = ""; + conf_mount_rw(); if (!is_array($config['installedpackages']['sudo']['config'][0]['row'])) { /* No config, wipe sudoers file and bail. */ unlink(SUDO_SUDOERS); @@ -104,6 +106,7 @@ function sudo_write_config() { log_error("Sudoers file invalid: {$result}"); unlink($tmpsudoers); } + conf_mount_ro(); } /* Get a list of users and groups in a format we can use to make proper sudoers entries. diff --git a/config/sudo/sudo.xml b/config/sudo/sudo.xml index 56163abf..defca988 100644 --- a/config/sudo/sudo.xml +++ b/config/sudo/sudo.xml @@ -3,7 +3,7 @@ <description>Sudo Command Control</description> <requirements>None</requirements> <name>sudo</name> - <version>0.1</version> + <version>0.2</version> <title>Sudo - Shell Command Privilege Delegation Utility</title> <include_file>/usr/local/pkg/sudo.inc</include_file> <menu> diff --git a/config/systempatches/system_patches_edit.php b/config/systempatches/system_patches_edit.php index 5b30c9c5..ffa2fe13 100644 --- a/config/systempatches/system_patches_edit.php +++ b/config/systempatches/system_patches_edit.php @@ -63,6 +63,10 @@ if (isset($id) && $a_patches[$id]) { $pconfig['ignorewhitespace'] = isset($a_patches[$id]['ignorewhitespace']); $pconfig['autoapply'] = isset($a_patches[$id]['autoapply']); $pconfig['uniqid'] = $a_patches[$id]['uniqid']; +} else { + $pconfig['pathstrip'] = 1; + $pconfig['basedir'] = "/"; + $pconfig['ignorewhitespace'] = true; } if (isset($_GET['dup'])) diff --git a/config/systempatches/systempatches.xml b/config/systempatches/systempatches.xml index f221588b..73974af0 100644 --- a/config/systempatches/systempatches.xml +++ b/config/systempatches/systempatches.xml @@ -40,7 +40,7 @@ <requirements>None</requirements> <faq>Applies patches supplied by the user to the firewall.</faq> <name>System Patches</name> - <version>0.10</version> + <version>1.0</version> <title>System: Patches</title> <include_file>/usr/local/pkg/patches.inc</include_file> <menu> diff --git a/config/tftp/tftp.xml b/config/tftp/tftp.xml index 720ac212..d6becc6d 100644 --- a/config/tftp/tftp.xml +++ b/config/tftp/tftp.xml @@ -55,7 +55,7 @@ <name>tftp</name> <rcfile>tftp.sh</rcfile> <executable>inetd</executable> - <description>Trivial File Transport Protocol is a very simple file transfer protocol. Often used with routers, voip phones and more.</description> + <description>TFTP daemon</description> </service> <tabs> <tab> diff --git a/config/tftp2/tftp.xml b/config/tftp2/tftp.xml index 6fc6a08d..64f81acf 100644 --- a/config/tftp2/tftp.xml +++ b/config/tftp2/tftp.xml @@ -54,7 +54,7 @@ <service> <name>tftp</name> <executable>inetd</executable> - <description>Trivial File Transport Protocol is a very simple file transfer protocol. Often used with routers, voip phones and more.</description> + <description>TFTP daemon</description> </service> <tabs> <tab> diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc index e53168eb..d013608c 100644 --- a/config/unbound/unbound.inc +++ b/config/unbound/unbound.inc @@ -1,6 +1,6 @@ <?php /* unbound.inc - (C)2010 Warren Baker (warren@decoy.co.za) + (C)2013 Warren Baker (warren@decoy.co.za) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -987,23 +987,25 @@ function unbound_add_domain_overrides($pvt=false) { $result = array(); foreach($sorted_domains as $domain) { $domain_key = current($domain); - if(!isset($result[$domain_key])) { + if (!isset($result[$domain_key])) $result[$domain_key] = array(); - } $result[$domain_key][] = $domain['ip']; } $domain_entries = ""; foreach($result as $domain=>$ips) { - if($pvt == true) { - $domain_entries .= "private-domain: \"$domain\"\n"; - $domain_entries .= "domain-insecure: \"$domain\"\n"; + if ($pvt == true) { + if (strpos($domain, "in-addr.arpa") !== false) + $domain_entries .= "local-zone: \"$domain\" transparent\n"; + else + $domain_entries .= "private-domain: \"$domain\"\n"; + if (isset($config['installedpackages']['unbound']['config'][0]['dnssec_status'])) + $domain_entries .= "domain-insecure: \"$domain\"\n"; } else { $domain_entries .= "stub-zone:\n"; $domain_entries .= "\tname: \"$domain\"\n"; - foreach($ips as $ip) { + foreach($ips as $ip) $domain_entries .= "\tstub-addr: $ip\n"; - } $domain_entries .= "\tstub-prime: no\n"; } } diff --git a/config/urlsnarf/urlsnarf.xml b/config/urlsnarf/urlsnarf.xml new file mode 100644 index 00000000..c65d1a14 --- /dev/null +++ b/config/urlsnarf/urlsnarf.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + part of pfSense (http://www.pfSense.com) + Copyright (C) 2013 + All rights reserved. +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>urlsnarf</description> + <requirements>None</requirements> + <faq></faq> + <name>urlsnarf</name> + <version>0.0</version> + <title>urlsnarf</title> +</packagegui>
\ No newline at end of file diff --git a/config/varnish3/varnish.inc b/config/varnish3/varnish.inc index 3449c68b..4adf0575 100644 --- a/config/varnish3/varnish.inc +++ b/config/varnish3/varnish.inc @@ -119,95 +119,90 @@ function varnish_start() { /* Build the URL mappings logic VCL config txt */ function varnish_get_url_mappings_txt() { global $g, $config, $urlmappings,$backends_in_use; - $catch_all= "unset"; + $catch_all = "unset"; $isfirst = true; - if($config['installedpackages']['varnishlbdirectors']['config'] != "") { + if ($config['installedpackages']['varnishlbdirectors']['config'] != "") { foreach($config['installedpackages']['varnishlbdirectors']['config'] as $url) { - #check options - $directo_grace_time=""; + // check options + $directo_grace_time = ""; if ($url['customapping']) - $directo_grace_time.=text_area_decode($url['customapping'])."\n\t\t"; - if($url['grace']) - $directo_grace_time.=($url['grace']=="0s"?"return(pass);":"set req.grace=".$url['grace'].";"); - $fieldtype = ($url['fieldtype']?$url['fieldtype']:"=="); - $director_prefix=($url['directorurl'] && $url['directorurl2']?"^http://":""); - #check url - if ( $url['directorurl'] || $url['directorurl2'] || $catch_all == "unset" ){ - if ( $url['directorurl']== "" && $url['directorurl2']== "" ){ - #director with no host or url, so director for catch all traffic not specified in config - $lasturlmappings = "\telse\t{\n\t\tset req.backend = ".$url['directorname'].";\n\t\t}\n"; + $directo_grace_time .= text_area_decode($url['customapping'])."\n\t\t"; + if ($url['grace']) + $directo_grace_time .= ($url['grace'] == "0s" ? "return(pass);" : "set req.grace={$url['grace']};"); + $fieldtype = ($url['fieldtype'] ? $url['fieldtype'] : "=="); + $director_prefix = ($url['directorurl'] && $url['directorurl2'] ? "^http://" : ""); + // check url + if ($url['directorurl'] || $url['directorurl2'] || $catch_all == "unset") { + if ($url['directorurl'] == "" && $url['directorurl2'] == "") { + // director with no host or url, so director for catch all traffic not specified in config + $lasturlmappings = "\telse\t{\n\t\tset req.backend = {$url['directorname']};\n\t\t}\n"; $catch_all = "set"; $isfirst = false; - } - else{ - if(!$isfirst) - $urlmappings .= "\telse "; - if(!$url['directorurl']) { - $urlmappings .= "if (req.url $fieldtype ".'"^'.$url['directorurl2'].'") {'."\n"; - } - else if (!$url['directorurl2']) { - $urlmappings .= "if (req.http.host $fieldtype ".'"'.$url['directorurl'].'") {'."\n"; - } - else { + } else { + if (!$isfirst) + $urlmappings .= "\telse "; + if (!$url['directorurl']) + $urlmappings .= "if (req.url $fieldtype ".'"^'.$url['directorurl2'].'") {'."\n"; + else if (!$url['directorurl2']) + $urlmappings .= "if (req.http.host $fieldtype ".'"'.$url['directorurl'].'") {'."\n"; + else $urlmappings .= "if (req.http.host $fieldtype ".'"'.$url['directorurl'].'"'." && req.url $fieldtype ".'"^'.$url['directorurl2'].'") {'."\n"; - } - $urlbackend = "\t\t\tset req.backend = ".$url['directorname'].";"; - #check rewrite options - if($url['rewritehost']) { - $urlmappings .= "\t\t\tset req.http.host = regsub(req.http.host, ".'"'.$url['directorurl'].'",'.'"'.$url['rewritehost'].'")'.";\n"; - } - if ($url['rewriteurl']) { - $urlmappings .= "\t\t\tset req.url = regsub(req.url, ".'"'.$url['directorurl2'].'",'.'"^'.$url['rewriteurl'].'")'.";\n"; - } - #check failover - if ($url['failover'] && $url['failover'] != $url['directorname']){ - $tabs=($url['grace']?"\n\t\t\t":""); - $urlfailover = "\t\t\tset req.backend = ".$url['failover'].";"; - $urlmappings .= "\t\tif (req.restarts == 0) {\n".$urlbackend.$tabs.$directo_grace_time.$tabs."}"; - $urlmappings .= "\n\t\telse\t{\n".$urlfailover.$tabs.$directo_grace_time.$tabs."}\n\t\t}\n"; - $isfirst = false; + $urlbackend = "\t\t\tset req.backend = ".$url['directorname'].";"; + // check rewrite options + if ($url['rewritehost']) + $urlmappings .= "\t\t\tset req.http.host = regsub(req.http.host, ".'"'.$url['directorurl'].'",'.'"'.$url['rewritehost'].'")'.";\n"; + if ($url['rewriteurl']) + $urlmappings .= "\t\t\tset req.url = regsub(req.url, ".'"'.$url['directorurl2'].'",'.'"^'.$url['rewriteurl'].'")'.";\n"; + // check failover + if ($url['failover'] && $url['failover'] != $url['directorname']) { + $tabs = ($url['grace'] ? "\n\t\t\t" : ""); + $urlfailover = "\t\t\tset req.backend = ".$url['failover'].";"; + $urlmappings .= "\t\tif (req.restarts == 0) {\n".$urlbackend.$tabs.$directo_grace_time.$tabs."}"; + $urlmappings .= "\n\t\telse\t{\n".$urlfailover.$tabs.$directo_grace_time.$tabs."}\n\t\t}\n"; + $isfirst = false; + } else { + $tabs = ($url['grace'] ? "\n\t\t" : ""); + $urlmappings .= $urlbackend.$tabs.$directo_grace_time."\n\t\t}\n"; + $isfirst = false; } - else{ - $tabs=($url['grace']?"\n\t\t":""); - $urlmappings .= $urlbackend.$tabs.$directo_grace_time."\n\t\t}\n"; - $isfirst = false; - } } } } } - if($config['installedpackages']['varnishbackends']['config']) + if ($config['installedpackages']['varnishbackends']['config']) { foreach($config['installedpackages']['varnishbackends']['config'] as $urlmapping) { - if($urlmapping['row']) + if (isset($urlmapping['row'])) { foreach($urlmapping['row'] as $url) { - $directo_grace_time=""; - if($url['grace']) - $directo_grace_time=($url['grace']=="0s"?"\n\t\t return(pass);":"\n\t\tset req.grace=".$url['grace'].";"); - $req=($url['maptype']?$url['maptype']:"http.host"); - $fieldtype=($url['fieldtype']?$url['fieldtype']:"=="); - if ($url['urlmapping'] != "" || $catch_all == 'unset'){ - if($url['urlmapping'] == ""){ + $directo_grace_time = ""; + if ($url['grace']) + $directo_grace_time = ($url['grace'] == "0s" ? "\n\t\t return(pass);" : "\n\t\tset req.grace={$url['grace']};"); + $req = ($url['maptype'] ? $url['maptype'] : "http.host"); + $fieldtype = ($url['fieldtype'] ? $url['fieldtype'] : "=="); + if ($url['urlmapping'] != "" || $catch_all == "unset") { + if ($url['urlmapping'] == "") { $catch_all = "set"; - $lasturlmappings = "\telse\t{\n\t\tset req.backend = ".$urlmapping['backendname']."BACKEND;\n\t\t}\n"; - } - else{ - if(!$isfirst) - $urlmappings .= "\telse "; + $lasturlmappings .= "set req.backend = {$urlmapping['backendname']}BACKEND;\n"; + } else { + if (!$isfirst) + $urlmappings .= "\telse "; $urlmappings .= <<<EOAU if (req.{$req} {$fieldtype} "{$url['urlmapping']}") { set req.backend = {$urlmapping['backendname']}BACKEND;{$directo_grace_time} } - + EOAU; - } - $backends_in_use[$urlmapping['backendname']].=($url['directorurl'] == ""?"catch_all ":"url_map "); $isfirst = false; - } + } + $backends_in_use[$urlmapping['backendname']] .= ($url['directorurl'] == "" ? "catch_all " : "url_map "); + } + } + } } + if ($urlmappings != "") + $lasturlmappings = "\telse {\n\t\t$lasturlmappings\t}\n"; + return $urlmappings.$lasturlmappings; } - - return $urlmappings.$lasturlmappings; } function create_varnish_rcd_file() { @@ -284,56 +279,53 @@ EOF; function get_backend_config_txt() { global $config, $g, $backends_in_use; - $backends=""; - if($config['installedpackages']['varnishbackends']['config'] != "") { + $backends = ""; + if ($config['installedpackages']['varnishbackends']['config'] != "") { foreach($config['installedpackages']['varnishbackends']['config'] as $backend) { - if($backend['connect_timeout']) + if ($backend['connect_timeout']) $connect_timeout = $backend['connect_timeout'] . "s"; else $connect_timeout = "25s"; - if($backend['port']) + if ($backend['port']) $connect_port = $backend['port']; else $connect_port = "80"; - if($backend['first_byte_timeout']) + if ($backend['first_byte_timeout']) $first_byte_timeout = $backend['first_byte_timeout'] . "s"; else $first_byte_timeout = "300s"; - if($backend['probe_url']) + if ($backend['probe_url']) if (preg_match("@^(http)://([a-zA-Z0-9.-]*)/(.*)$@",$backend['probe_url'],$matches)){ - $probe_url=".request =\n"; - $probe_url.="\t\t\t".'"GET /'.$matches[3].' HTTP/1.1"'."\n"; + $probe_url = ".request =\n"; + $probe_url .= "\t\t\t".'"GET /'.$matches[3].' HTTP/1.1"'."\n"; $probe_url.="\t\t\t".'"Accept: text/*"'."\n"; $probe_url.="\t\t\t".'"User-Agent: Varnish"'."\n"; - $probe_url.="\t\t\t".'"Host: '.$matches[2].'"'."\n"; - $probe_url.="\t\t\t".'"Connection: Close";'; - } - else{ - $probe_url = '.url = "'.$backend['probe_url'].'";'; - } - else - $probe_url ='.url = "/";'; - if($backend['probe_interval']) + $probe_url .= "\t\t\t".'"Host: '.$matches[2].'"'."\n"; + $probe_url .= "\t\t\t".'"Connection: Close";'; + } else + $probe_url = '.url = "'.$backend['probe_url'].'";'; + else + $probe_url = '.url = "/";'; + if ($backend['probe_interval']) $probe_interval = $backend['probe_interval'] . "s"; - else + else $probe_interval = "1s"; - if($backend['probe_timeout']) + if ($backend['probe_timeout']) $probe_timeout = $backend['probe_timeout'] . "s"; - else + else $probe_timeout = "1s"; - if($backend['probe_window']) + if ($backend['probe_window']) $probe_window = $backend['probe_window']; - else + else $probe_window = "5"; - if($backend['probe_threshold']) + if ($backend['probe_threshold']) $probe_threshold = $backend['probe_threshold']; - else + else $probe_threshold = "5"; - - if ($backend['probe_disable']) { + if ($backend['probe_disable']) $probe = ""; - } else { + else { $probe = <<<EOFPROBE .probe = { {$probe_url} @@ -345,10 +337,10 @@ function get_backend_config_txt() { EOFPROBE; } - if (isset($probe_threshold)){ - #last parameter set ,so write conf if backend is in use - if ($backends_in_use[$backend['backendname']] != ""){ - $backends .= <<<EOFA + if (isset($probe_threshold)) { + // last parameter set ,so write conf if backend is in use + if ($backends_in_use[$backend['backendname']] != "") { + $backends .= <<<EOFA backend {$backend['backendname']}BACKEND { # used in {$backends_in_use[$backend['backendname']]} @@ -361,10 +353,8 @@ backend {$backend['backendname']}BACKEND { EOFA; - } - else { - $backends .= "\n".'# backend '.$backend['backendname']." not in use.\n"; - } + } else + $backends .= "\n# backend {$backend['backendname']} not in use.\n"; } } } @@ -404,19 +394,19 @@ EOFA; function sync_package_varnish() { global $config, $g; - if(is_array($config['installedpackages']['varnishcustomvcl']['config'])) { + if (is_array($config['installedpackages']['varnishcustomvcl']['config'])) { foreach($config['installedpackages']['varnishcustomvcl']['config'] as $vcl) { - if($vcl['vcl_recv_early']) + if ($vcl['vcl_recv_early']) $vcl_recv_early = text_area_decode($vcl['vcl_recv_early']); - if($vcl['vcl_recv_late']) + if ($vcl['vcl_recv_late']) $vcl_recv_late = text_area_decode($vcl['vcl_recv_late']); - if($vcl['vcl_fetch_early']) + if ($vcl['vcl_fetch_early']) $vcl_fetch_early = text_area_decode($vcl['vcl_fetch_early']); - if($vcl['vcl_fetch_late']) + if ($vcl['vcl_fetch_late']) $vcl_fetch_late = text_area_decode($vcl['vcl_fetch_late']); - if($vcl['vcl_pipe_early']) + if ($vcl['vcl_pipe_early']) $vcl_pipe_early = text_area_decode($vcl['vcl_pipe_early']); - if($vcl['vcl_pipe_late']) + if ($vcl['vcl_pipe_late']) $vcl_pipe_late = text_area_decode($vcl['vcl_pipe_late']); } } @@ -425,120 +415,109 @@ function sync_package_varnish() { #$plataform=posix_uname(); if (is_array($config['installedpackages']['varnishsettings']['config'])) foreach($config['installedpackages']['varnishsettings']['config'] as $vcl) { - if($vcl['streaming']){ + if ($vcl['streaming']) $vcl_fetch_stream="set beresp.do_stream = true;\n"; - } - if($vcl['fixgzip']){ + if ($vcl['fixgzip']) { $vcl_recv_set_basic.="\t#Fix gzip compression\n"; $vcl_recv_set_basic.="\t".'if (req.http.Accept-Encoding) {'."\n"; $vcl_recv_set_basic.="\t".'if (req.url ~ "\.(gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|gz|tgz|bz2|tbz|mp3|ogg)$") {'."\n\t\tunset req.http.Accept-Encoding;\n\t\t}\n"; $vcl_recv_set_basic.="\t".'else if (req.http.Accept-Encoding ~ "gzip") {'."\n\t\tset req.http.Accept-Encoding = ".'"gzip"'.";\n\t\t}\n"; $vcl_recv_set_basic.="\t".'else if (req.http.Accept-Encoding ~ "deflate") {'."\n\t\tset req.http.Accept-Encoding = ".'"deflate"'.";\n\t\t}\n"; $vcl_recv_set_basic.="\telse\t{\n\t\tunset req.http.Accept-Encoding;\n\t\t}\n\t}\n"; + } + $vcl_recv_set_basic.="\t#set client balance identity\n"; + switch ($vcl['clientbalance']){ + case 'url': + $vcl_recv_set_basic.="\t".'set client.identity = req.url;'."\n\n"; + break; + case 'ip': + $vcl_recv_set_basic.="\t".'set client.identity = client.ip;'."\n\n"; + break; + case 'agent': + $vcl_recv_set_basic.="\t".'set client.identity = req.http.user-agent;'."\n\n"; + break; } - #if($vcl['clientbalance'] && $plataform['machine'] == 'amd64'){ - $vcl_recv_set_basic.="\t#set client balance identity\n"; - switch ($vcl['clientbalance']){ - case 'url': - $vcl_recv_set_basic.="\t".'set client.identity = req.url;'."\n\n"; - break; - case 'ip': - $vcl_recv_set_basic.="\t".'set client.identity = client.ip;'."\n\n"; - break; - case 'agent': - $vcl_recv_set_basic.="\t".'set client.identity = req.http.user-agent;'."\n\n"; - break; - } - #} - if($vcl['grace'] ){ + if ($vcl['grace']) $vcl_grace_time="set beresp.grace = ".$vcl['grace'].";\n\t\t"; - } - if($vcl['saint'] ){ + if ($vcl['saint']) $vcl_saint_mode="set beresp.saintmode = ".$vcl['saint'].";\n\t\t"; - } - if($vcl['xforward']){ + if ($vcl['xforward']) { $vcl_recv_set_basic.="\t#set X-forward\n"; - switch ($vcl['xforward']){ + switch ($vcl['xforward']) { case 'set': - $vcl_recv_set_basic.="\t".'set req.http.X-Forwarded-For = client.ip;'."\n\n"; + $vcl_recv_set_basic .= "\tset req.http.X-Forwarded-For = client.ip;\n\n"; break; case 'append': - $vcl_recv_set_basic.="\t".'set req.http.X-Forwarded-For = req.http.X-Forwarded-For "," client.ip;'."\n\n"; + $vcl_recv_set_basic .= "\tset req.http.X-Forwarded-For = req.http.X-Forwarded-For + \",\" + client.ip;\n\n"; break; case 'create': - $vcl_recv_set_basic.="\t".'set req.http.X-Forwarded-Varnish = client.ip;'."\n\n"; + $vcl_recv_set_basic .= "\tset req.http.X-Forwarded-Varnish = client.ip;\n\n"; break; case 'unset': - $vcl_recv_set_basic.="\t".'unset req.http.X-Forwarded-For;'."\n\n"; + $vcl_recv_set_basic .= "\tunset req.http.X-Forwarded-For;\n\n"; break; - } - } - if($vcl['postcache']){ - $vcl_recv_action_basic.="\t#Disable post cache\n"; - $vcl_recv_action_basic.="\t".'if (req.request == "POST") {'."\n\t\treturn(pass);\n\t\t}\n"; } - - $vcl_fetch_session ="#Disable cache when backend is starting a session\n"; - $vcl_fetch_session.="\t".'if (beresp.http.Set-Cookie && beresp.http.Set-Cookie ~ "(PHPSESSID|phpsessid)") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; - $vcl_fetch_session.="\t".'if (beresp.http.Set-Cookie && beresp.http.Set-Cookie ~ "(JSESSION|jsession)") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; + } + if ($vcl['postcache']) { + $vcl_recv_action_basic .= "\t#Disable post cache\n"; + $vcl_recv_action_basic .= "\t".'if (req.request == "POST") {'."\n\t\treturn(pass);\n\t\t}\n"; + } + + $vcl_fetch_session = "#Disable cache when backend is starting a session\n"; + $vcl_fetch_session .= "\t".'if (beresp.http.Set-Cookie && beresp.http.Set-Cookie ~ "(PHPSESSID|phpsessid)") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; + $vcl_fetch_session .= "\t".'if (beresp.http.Set-Cookie && beresp.http.Set-Cookie ~ "(JSESSION|jsession)") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; - if($vcl['sessioncache']== "never"){ - $vcl_recv_session ="\t#Disable session cache\n"; - $vcl_recv_session.="\t".'if (req.http.Cookie && req.http.Cookie ~ "(PHPSESSID|phpsessid)") {'."\n\t\treturn(pass);\n\t\t}\n"; - $vcl_recv_session.="\t".'if (req.http.Cookie && req.http.Cookie ~ "(JSESSION|jsession)") {'."\n\t\treturn(pass);\n\t\t}\n"; - $vcl_recv_session.="\t".'if (req.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache") {'."\n\t\treturn(pass);\n\t\t}\n"; - $vcl_fetch_session.="\t".'if (beresp.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; - $vcl_recv_static_prefix=($vcl['staticache']=="no"?"":"\n\t\tunset req.http.cookie;"); - } - else - { + if ($vcl['sessioncache'] == "never") { + $vcl_recv_session = "\t#Disable session cache\n"; + $vcl_recv_session .= "\t".'if (req.http.Cookie && req.http.Cookie ~ "(PHPSESSID|phpsessid)") {'."\n\t\treturn(pass);\n\t\t}\n"; + $vcl_recv_session .= "\t".'if (req.http.Cookie && req.http.Cookie ~ "(JSESSION|jsession)") {'."\n\t\treturn(pass);\n\t\t}\n"; + $vcl_recv_session .= "\t".'if (req.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache") {'."\n\t\treturn(pass);\n\t\t}\n"; + $vcl_fetch_session .= "\t".'if (beresp.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache") {'."\n\t\treturn(hit_for_pass);\n\t\t}\n"; + $vcl_recv_static_prefix = ($vcl['staticache'] == "no" ? "" : "\n\t\tunset req.http.cookie;"); + } else { $vcl_hash = "#Enable Per user session cache.\n"; - $vcl_hash.= "sub vcl_hash {\n\thash_data(req.http.cookie);\n}\n"; - } - #set static content var - $vcl_recv_static_sufix=($vcl['staticache']=='no'?"pass":"lookup"); - $vcl_recv_static ="\t#Enable static cache\n"; - $vcl_recv_static.="\t".'if (req.request=="GET" && req.url ~ "\.(css|js|txt|zip|pdf|rtf|flv|swf|html|htm)$") {'.$vcl_recv_static_prefix."\n\t\treturn($vcl_recv_static_sufix);\n\t\t}\n"; - $vcl_recv_static.="\t".'if (req.request=="GET" && req.url ~ "\.(gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|mp3|ogg)$") {'.$vcl_recv_static_prefix."\n\t\treturn($vcl_recv_static_sufix);\n\t\t}\n"; - $vcl_fetch_static ="#Enable static cache\n"; - $vcl_fetch_static.='if (req.url ~ "\.(css|js|txt|zip|pdf|rtf|flv|swf|html|htm)$") {'."\n\tunset beresp.http.set-cookie;\n\t}\n"; - $vcl_fetch_static.='if (req.url ~ "\.(gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|mp3|ogg)$") {'."\n\tunset beresp.http.set-cookie;\n\t}\n"; + $vcl_hash .= "sub vcl_hash {\n\thash_data(req.http.cookie);\n}\n"; + } + // set static content var + $vcl_recv_static_sufix = ($vcl['staticache'] == 'no' ? "pass" : "lookup"); + $vcl_recv_static = "\t#Enable static cache\n"; + $vcl_recv_static .= "\t".'if (req.request=="GET" && req.url ~ "\.(css|js|txt|zip|pdf|rtf|flv|swf|html|htm)$") {'.$vcl_recv_static_prefix."\n\t\treturn($vcl_recv_static_sufix);\n\t\t}\n"; + $vcl_recv_static .= "\t".'if (req.request=="GET" && req.url ~ "\.(gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|mp3|ogg)$") {'.$vcl_recv_static_prefix."\n\t\treturn($vcl_recv_static_sufix);\n\t\t}\n"; + $vcl_fetch_static = "#Enable static cache\n"; + $vcl_fetch_static .= 'if (req.url ~ "\.(css|js|txt|zip|pdf|rtf|flv|swf|html|htm)$") {'."\n\tunset beresp.http.set-cookie;\n\t}\n"; + $vcl_fetch_static .= 'if (req.url ~ "\.(gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|mp3|ogg)$") {'."\n\tunset beresp.http.set-cookie;\n\t}\n"; - switch ($vcl['staticache']){ + switch ($vcl['staticache']) { case "all": - # cache all static content, unseting cookie when present - $vcl_recv_action_basic.=($vcl['sessioncache']=="never"?$vcl_recv_static.$vcl_recv_session:$vcl_recv_static); - $vcl_fetch_action=($vcl['sessioncache']=="never"?$vcl_fetch_static.$vcl_fetch_session:$vcl_fetch_static); + // cache all static content, unseting cookie when present + $vcl_recv_action_basic .= ($vcl['sessioncache'] == "never" ? $vcl_recv_static.$vcl_recv_session : $vcl_recv_static); + $vcl_fetch_action = ($vcl['sessioncache'] == "never" ? $vcl_fetch_static.$vcl_fetch_session : $vcl_fetch_static); break; case "yes": - # cache only object without cookie set - $vcl_recv_action_basic.=($vcl['sessioncache']=="never"?$vcl_recv_session.$vcl_recv_static:$vcl_recv_static); - $vcl_fetch_action=$vcl_fetch_session; + // cache only object without cookie set + $vcl_recv_action_basic .= ($vcl['sessioncache'] == "never" ? $vcl_recv_session.$vcl_recv_static : $vcl_recv_static); + $vcl_fetch_action = $vcl_fetch_session; break; default: - # no static cache at all - $vcl_recv_action_basic.=$vcl_recv_static.$vcl_recv_session; - $vcl_fetch_action=$vcl_fetch_session; + // no static cache at all + $vcl_recv_action_basic .= $vcl_recv_static.$vcl_recv_session; + $vcl_fetch_action = $vcl_fetch_session; } - if($vcl['rfc2616']){ - $vcl_recv_action_basic.="\t#Be rfc2616 compliant\n"; - $vcl_recv_action_basic.="\t".'if (req.request ~ "^(GET|HEAD|PUT|POST|TRACE|OPTIONS|DELETE)$") {'."\n\t\treturn(lookup);\n\t\t}\n\telse\t{\n\t\treturn(pipe);\n\t\t}\n"; - #$vcl_recv_action_basic.="\t".'if (req.request != "GET" && req.request != "HEAD" && req.request != "PUT" && reqa.request != "POST" &&'."\n"; - #$vcl_recv_action_basic.="\t".' req.request != "TRACE" && req.request != "OPTIONS" && req.request != "DELETE") {return(pipe);}'."\n\n"; - } - else { - $vcl_recv_action_basic.="\t".'if (req.request != "GET" && req.request != "HEAD") {return(pipe);}'."\n"; - } - if($vcl['restarts']){ - $vcl_restarts=$vcl['restarts']; - } - if($vcl['htmlerror']){ - $errorvcl=text_area_decode($vcl['htmlerror']); - } + if ($vcl['rfc2616']) { + $vcl_recv_action_basic .= "\t#Be rfc2616 compliant\n"; + $vcl_recv_action_basic .= "\t".'if (req.request ~ "^(GET|HEAD|PUT|POST|TRACE|OPTIONS|DELETE)$") {'."\n\t\treturn(lookup);\n\t\t}\n\telse\t{\n\t\treturn(pipe);\n\t\t}\n"; + //$vcl_recv_action_basic.="\t".'if (req.request != "GET" && req.request != "HEAD" && req.request != "PUT" && reqa.request != "POST" &&'."\n"; + //$vcl_recv_action_basic.="\t".' req.request != "TRACE" && req.request != "OPTIONS" && req.request != "DELETE") {return(pipe);}'."\n\n"; + } else + $vcl_recv_action_basic .= "\tif (req.request != \"GET\" && req.request != \"HEAD\") {return(pipe);}\n"; + if ($vcl['restarts']) + $vcl_restarts = $vcl['restarts']; + if ($vcl['htmlerror']) + $errorvcl = text_area_decode($vcl['htmlerror']); } - if(!$errorvcl) + if (!$errorvcl) $errorvcl = <<<EOF <html> <head> @@ -557,7 +536,7 @@ EOF; /* Grab configuration txt blocks */ /* Please keep this sequence to determine witch backends are in use */ -$backends_in_use=array(); +$backends_in_use = array(); $lb_config= get_lb_directors_config_txt(); $urlmappings = varnish_get_url_mappings_txt(); $backends = get_backend_config_txt() . $lb_config ; diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml index b415bd12..a6ea7f88 100644 --- a/config/widget-snort/widget-snort.xml +++ b/config/widget-snort/widget-snort.xml @@ -49,12 +49,6 @@ <version>0.3.4</version> <title>Widget - Snort</title> <include_file>/usr/local/www/widgets/include/widget-snort.inc</include_file> - <menu> - </menu> - <service> - </service> - <tabs> - </tabs> <additional_files_needed> <prefix>/usr/local/www/widgets/javascript/</prefix> <chmod>0644</chmod> @@ -70,14 +64,6 @@ <chmod>0644</chmod> <item>http://www.pfsense.com/packages/config/widget-snort/widget-snort.inc</item> </additional_files_needed> - <fields> - </fields> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_resync_config_command> - </custom_php_resync_config_command> - <custom_php_install_command> - </custom_php_install_command> <custom_php_deinstall_command> widget_snort_uninstall(); </custom_php_deinstall_command> diff --git a/config/zabbix-agent/zabbix-agent.xml b/config/zabbix-agent/zabbix-agent.xml index 5a862496..885a54e3 100644 --- a/config/zabbix-agent/zabbix-agent.xml +++ b/config/zabbix-agent/zabbix-agent.xml @@ -17,7 +17,7 @@ <name>zabbix_agentd</name> <rcfile>zabbix_agentd.sh</rcfile> <executable>zabbix_agentd</executable> - <description>Zabbix Agent runs on a host being monitored. The agent provides host's performance and availability information for Zabbix Server.</description> + <description>Zabbix Agent host monitor daemon</description> </service> <tabs> <tab> @@ -111,7 +111,7 @@ <rows>5</rows> <cols>50</cols> <required>false</required> - <description>User-defined parameter to monitor. There can be several user-defined parameters. Value has form, example: UserParameter=users,who|wc -l</description> + <description>User-defined parameter to monitor. There can be several user-defined parameters. Value has form, example: UserParameter=users,who|wc -l <br><a href="https://www.zabbix.com/documentation/1.8/manual/tutorials/extending_agent" target="_new">See zabbix documentation for more information<a></description> </field> </fields> <custom_php_install_command> @@ -260,4 +260,4 @@ exec("/bin/rm -r /var/run/zabbix/"); ]]> </custom_php_deinstall_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/zabbix-proxy/zabbix-proxy.xml b/config/zabbix-proxy/zabbix-proxy.xml index ff4011b0..19930b49 100644 --- a/config/zabbix-proxy/zabbix-proxy.xml +++ b/config/zabbix-proxy/zabbix-proxy.xml @@ -17,6 +17,7 @@ <name>zabbix-proxy</name> <rcfile>zabbix-proxy.sh</rcfile> <executable>zabbix_proxy</executable> + <description>Zabbix proxy collection daemon</description> </service> <tabs> <tab> diff --git a/config/zabbix2/zabbix2-agent.xml b/config/zabbix2/zabbix2-agent.xml index 41ba26fb..55273a81 100644 --- a/config/zabbix2/zabbix2-agent.xml +++ b/config/zabbix2/zabbix2-agent.xml @@ -61,7 +61,7 @@ <name>zabbix_agentd</name> <rcfile>zabbix2_agentd.sh</rcfile> <executable>zabbix_agentd</executable> - <description>Zabbix Agent runs on a host being monitored. The agent provides host's performance and availability information for Zabbix Server.</description> + <description>Zabbix Agent host monitor daemon</description> </service> <tabs> <tab> diff --git a/config/zabbix2/zabbix2-proxy.xml b/config/zabbix2/zabbix2-proxy.xml index 4441df99..fcabedd9 100644 --- a/config/zabbix2/zabbix2-proxy.xml +++ b/config/zabbix2/zabbix2-proxy.xml @@ -61,7 +61,7 @@ <name>zabbix-proxy</name> <rcfile>zabbix2_proxy.sh</rcfile> <executable>zabbix_proxy</executable> - <description>Zabbix proxy is a process which collects performance and availability data from one or more monitored devices and sends the information to a Zabbix server</description> + <description>Zabbix proxy collection daemon</description> </service> <tabs> <tab> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 4b01b9e5..b36ce3f5 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -137,7 +137,7 @@ Supports acl's for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.4.24 pkg v 1.2.2</version> + <version>1.4.24 pkg v 1.2.4</version> <status>Release</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/haproxy/haproxy.xml</config_file> @@ -1116,7 +1116,7 @@ <website>http://bandwidthd.sourceforge.net/</website> <descr>BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.</descr> <category>System</category> - <version>2.0.1_5</version> + <version>2.0.1_5 pkg v.0.2</version> <status>BETA</status> <required_version>1.2.1</required_version> <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> @@ -1307,7 +1307,7 @@ <descr>LCD display driver - Development version</descr> <website>http://www.lcdproc.org/</website> <category>Utility</category> - <version>lcdproc-0.5.6 pkg v. 0.9.5</version> + <version>lcdproc-0.5.6 pkg v. 0.9.7</version> <status>BETA</status> <required_version>2.0</required_version> <maintainer>michele@nt2.it</maintainer> @@ -1490,7 +1490,7 @@ <name>blinkled</name> <descr>Allows you to use LEDs for network activity on supported platforms (ALIX, WRAP, Soekris, etc)</descr> <category>System</category> - <version>0.3</version> + <version>0.4</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> @@ -1648,7 +1648,7 @@ </build_pbi> <build_options>nrpe2_SET=SSL;nrpe2_UNSET=ARGS</build_options> <config_file>http://www.pfsense.com/packages/config/nrpe2/nrpe2.xml</config_file> - <version>2.12_3 v2.1</version> + <version>2.12_3 v2.2</version> <status>Beta</status> <required_version>1.2</required_version> <maintainer>erik@erikkristensen.com</maintainer> @@ -1745,7 +1745,7 @@ <name>System Patches</name> <descr>A package to apply and maintain custom system patches.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>0.10</version> + <version>1.0</version> <category>System</category> <status>RELEASE</status> <config_file>http://www.pfsense.com/packages/config/systempatches/systempatches.xml</config_file> @@ -1936,7 +1936,7 @@ <pkginfolink>http://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr> <category>Security</category> - <version>0.1</version> + <version>0.2</version> <status>Beta</status> <required_version>2.0.2</required_version> <config_file>http://www.pfsense.com/packages/config/sudo/sudo.xml</config_file> @@ -1950,5 +1950,17 @@ <depends_on_package>sudo-1.8.6.p8.tbz</depends_on_package> <depends_on_package_pbi>sudo-1.8.6p8-i386.pbi</depends_on_package_pbi> </package> + <package> + <name>Service Watchdog</name> + <descr>Monitors for stopped services and restarts them.</descr> + <maintainer>jimp@pfsense.org</maintainer> + <version>1.4</version> + <category>Services</category> + <status>BETA</status> + <config_file>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog.xml</config_file> + <pkginfolink></pkginfolink> + <required_version>2.1</required_version> + <configurationfile>servicewatchdog.xml</configurationfile> + </package> </packages> </pfsensepkgs> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 2d6a2f57..7ebda857 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -124,7 +124,7 @@ Supports acl's for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.4.24 pkg v 1.2.2</version> + <version>1.4.24 pkg v 1.2.4</version> <status>Release</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/haproxy/haproxy.xml</config_file> @@ -1103,7 +1103,7 @@ <website>http://bandwidthd.sourceforge.net/</website> <descr>BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.</descr> <category>System</category> - <version>2.0.1_5</version> + <version>2.0.1_5 pkg v.0.2</version> <status>BETA</status> <required_version>1.2.1</required_version> <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> @@ -1294,7 +1294,7 @@ <descr>LCD display driver - Development version</descr> <website>http://www.lcdproc.org/</website> <category>Utility</category> - <version>lcdproc-0.5.6 pkg v. 0.9.5</version> + <version>lcdproc-0.5.6 pkg v. 0.9.7</version> <status>BETA</status> <required_version>2.0</required_version> <maintainer>michele@nt2.it</maintainer> @@ -1477,7 +1477,7 @@ <name>blinkled</name> <descr>Allows you to use LEDs for network activity on supported platforms (ALIX, WRAP, Soekris, etc)</descr> <category>System</category> - <version>0.3</version> + <version>0.4</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> @@ -1635,7 +1635,7 @@ </build_pbi> <build_options>nrpe2_SET=SSL;nrpe2_UNSET=ARGS</build_options> <config_file>http://www.pfsense.com/packages/config/nrpe2/nrpe2.xml</config_file> - <version>2.12_3 v2.1</version> + <version>2.12_3 v2.2</version> <status>Beta</status> <required_version>1.2</required_version> <maintainer>erik@erikkristensen.com</maintainer> @@ -1732,7 +1732,7 @@ <name>System Patches</name> <descr>A package to apply and maintain custom system patches.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>0.10</version> + <version>1.0</version> <category>System</category> <status>RELEASE</status> <config_file>http://www.pfsense.com/packages/config/systempatches/systempatches.xml</config_file> @@ -1923,7 +1923,7 @@ <pkginfolink>http://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr> <category>Security</category> - <version>0.1</version> + <version>0.2</version> <status>Beta</status> <required_version>2.0.2</required_version> <config_file>http://www.pfsense.com/packages/config/sudo/sudo.xml</config_file> @@ -1937,5 +1937,17 @@ <depends_on_package>sudo-1.8.6.p8.tbz</depends_on_package> <depends_on_package_pbi>sudo-1.8.6p8-amd64.pbi</depends_on_package_pbi> </package> + <package> + <name>Service Watchdog</name> + <descr>Monitors for stopped services and restarts them.</descr> + <maintainer>jimp@pfsense.org</maintainer> + <version>1.4</version> + <category>Services</category> + <status>BETA</status> + <config_file>http://www.pfsense.com/packages/config/servicewatchdog/servicewatchdog.xml</config_file> + <pkginfolink></pkginfolink> + <required_version>2.1</required_version> + <configurationfile>servicewatchdog.xml</configurationfile> + </package> </packages> </pfsensepkgs> |