diff options
24 files changed, 562 insertions, 234 deletions
diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index ae2b3264..3077eddb 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -301,14 +301,14 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) { exec("/usr/bin/openssl x509 -hash -noout -in /etc/ssl/demoCA/cacert.pem",$cert_hash); file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",base64_decode($ca_cert['crt'])); $ca_pem = "cacertificatepath = '/etc/ssl/demoCA/cacert.pem'"; - $generatedcertpath= "generatedcertpath = '/etc/ssl/demoCA/certs/'"; + $generatedcertpath= "generatedcertpath = '".$dansguardian_dir."/ssl/generatedcerts'"; #generatedcertpath = ".$dansguardian_dir . "/ssl/generatedcerts"; $generatedlinkpath= "generatedlinkpath = '".$dansguardian_dir . "/ssl/generatedlinks'"; } $svr_cert = lookup_cert($dansguardian_config["dcert"]); if ($svr_cert != false) { if(base64_decode($svr_cert['prv'])) { - file_put_contents("/etc/ssl/demoCA/private/serverkey.pem",base64_decode($svr_cert['prv'])); + file_put_contents("/etc/ssl/demoCA/private/serverkey.pem",base64_decode($svr_cert['prv']).base64_decode($svr_cert['crt'])); $cert_key = "certprivatekeypath = '/etc/ssl/demoCA/private/serverkey.pem' "; } } @@ -721,7 +721,7 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) { 'mode'=> "1", 'report_level'=>"global"); - $groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcertcheck","sslmitm"); + $groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcheckcert","sslmitm"); #loop on array $count=1; $user_xml=""; @@ -737,7 +737,7 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) { $dansguardian_groups['embeddedurlweight']=($dansguardian_groups['embeddedurlweight']?$dansguardian_groups['embeddedurlweight']:"0"); $dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0"); $dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0"); - $dansguardian_groups['mitmkey']=($dansguardian_groups['mitmkey']?$dansguardian_groups['mitmkey']:"dgs3dD3da"); + $dansguardian_groups['maxuploadsize']=($dansguardian_groups['maxuploadsize']?$dansguardian_groups['maxuploadsize']:$maxuploadsize); switch ($dansguardian_groups['reportinglevel']){ case "1": case "2": @@ -761,8 +761,10 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) { $groupaccessdeniedaddress=""; } - foreach ($groups as $group) + foreach ($groups as $group){ $dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off"); + } + #create group list files $lists=array("phraseacl" => array("bannedphrase","weightedphrase","exceptionphrase"), "siteacl" => array("bannedsite","greysite","exceptionsite","exceptionfilesite","logsite"), @@ -939,6 +941,7 @@ EOF; $cconf= DANSGUARDIAN_DIR. "/etc/clamd.conf"; $cconf_file=file_get_contents($cconf); if (preg_match("/User (\w+)/",$cconf_file,$matches)){ + mwexec("/usr/sbin/pw user show {$matches[1]} || /usr/sbin/pw user add -n {$matches[1]} -s /usr/sbin/nologin"); $daemonuser = $matches[1]; $daemongroup = 'nobody'; } @@ -1103,8 +1106,8 @@ EOF; if (!(file_exists('/var/db/clamav/main.cvd')||file_exists('/var/db/clamav/main.cld'))){ file_notice("Dansguardian - No antivirus database found for clamav, running freshclam in background.",""); - log_error('No antivirus database found for clamav, running freshclam in background.'); - mwexec_bg(DANSGUARDIAN_DIR.'/bin/freshclam'); + log_error('No antivirus database found for clamav, running freshclam in background. Content-scanner may not work until freshclam finishes.'); + mwexec_bg(DANSGUARDIAN_DIR.'/bin/freshclam && /usr/local/etc/rc.d/clamav-clamd'); } $match=array(); @@ -1130,12 +1133,16 @@ EOF; foreach ($script_file as $script_line){ if(preg_match("/command=/",$script_line)){ $new_clamav_startup.= 'if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi'."\n"; + $new_clamav_startup.= 'if [ ! -d /var/db/clamav ];then /bin/mkdir /var/db/clamav;fi'."\n"; + $new_clamav_startup.= 'if [ ! -d /var/log/clamav ];then /bin/mkdir -p /var/log/clamav;fi'."\n"; $new_clamav_startup.= "chown -R ".$matches[1]." /var/run/clamav\n"; + $new_clamav_startup.= "chown -R ".$matches[1]." /var/db/clamav\n"; $new_clamav_startup.= "chown -R ".$matches[1]." /var/log/clamav\n"; $new_clamav_startup.=$script_line; } elseif(!preg_match("/(mkdir|chown|sleep|mailscanner)/",$script_line)) { $new_clamav_startup.=preg_replace("/NO/","YES",$script_line); + $new_clamav_startup.=preg_replace("@/usr/local@",DANSGUARDIAN_DIR,$script_line); } } file_put_contents($script, $new_clamav_startup, LOCK_EX); diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml index 031ae88b..fc9ff8a8 100755 --- a/config/dansguardian/dansguardian_groups.xml +++ b/config/dansguardian/dansguardian_groups.xml @@ -150,11 +150,11 @@ <option><name>Enable Deep URL Analysis (off)</name><value>deepurlanalysis</value></option> <option><name>Infection/Scan Error Bypass on Scan Errors Only (on)</name><value>infectionbypasserrorsonly</value></option> <option><name>Disable content scanning (off)</name><value>disablecontentscan</value></option> - <option><name>Check servers ssl certificates (off)</name><value>sslcertcheck</value></option> + <option><name>Check Server SSLCertificates (off)</name><value>sslcheckcert</value></option> <option><name>Filter ssl sites forging SSL Certificates (off)</name><value>sslmitm</value></option> </options> <multiple/> - <size>10</size> + <size>9</size> </field> <field> <fielddescr>Pics</fielddescr> @@ -298,7 +298,7 @@ </options> </field> <field> - <fielddescr>Naughtiness limite</fielddescr> + <fielddescr>Naughtiness limit</fielddescr> <fieldname>naughtynesslimit</fieldname> <description><![CDATA[This the limit over which the page will be blocked. Each weighted phrase is given a value either positive or negative and the values added up.<br> Phrases to do with good subjects will have negative values, and bad subjects will have positive values.<br> @@ -318,6 +318,17 @@ <size>10</size> </field> <field> + <fielddescr>Max upload size</fielddescr> + <fieldname>maxuploadsize</fieldname> + <type>input</type> + <size>10</size> + <description><![CDATA[POST protection (web upload and forms) does not block forms without any file upload, i.e. this is just for blocking or limiting uploads measured in kilobytes after MIME encoding and header bump<br> + use 0 for a complete block<br> + use higher (e.g. 512 = 512Kbytes) for limiting<br> + use -1 for no blocking(default)<br> + Leave empty to use global Max upload size limit value.]]></description> + </field> + <field> <fielddescr>Category display threshold</fielddescr> <fieldname>categorydisplaythreshold</fieldname> <description><![CDATA[This option only applies to pages blocked by weighted phrase filtering.<br> diff --git a/config/dansguardian/dansguardian_ldap.php b/config/dansguardian/dansguardian_ldap.php index d44f3de4..beb57ee0 100644 --- a/config/dansguardian/dansguardian_ldap.php +++ b/config/dansguardian/dansguardian_ldap.php @@ -129,7 +129,11 @@ if (is_array($config['installedpackages']['dansguardiangroups']['config'])) } } } - if (!empty($members)){ + if (empty($members)){ + $config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] = NULL; + $apply_config++; + } + else{ $import_users = explode("\n", $members); asort($import_users); $members=base64_encode(implode("\n", $import_users)); diff --git a/config/dansguardian/dansguardian_limits.xml b/config/dansguardian/dansguardian_limits.xml index c8011357..2c147f1b 100644 --- a/config/dansguardian/dansguardian_limits.xml +++ b/config/dansguardian/dansguardian_limits.xml @@ -107,7 +107,7 @@ <fieldname>maxuploadsize</fieldname> <type>input</type> <size>10</size> - <description><![CDATA[POST protection (web upload and forms) does not block forms without any file upload, i.e. this is just for blocking or limiting uploads measured in kibibytes after MIME encoding and header bumph<br> + <description><![CDATA[POST protection (web upload and forms) does not block forms without any file upload, i.e. this is just for blocking or limiting uploads measured in kilobytes after MIME encoding and header bump<br> use 0 for a complete block<br> use higher (e.g. 512 = 512Kbytes) for limiting<br> use -1 for no blocking(default)]]></description> diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template index f5296622..96b2b1b9 100644 --- a/config/dansguardian/dansguardianfx.conf.template +++ b/config/dansguardian/dansguardianfx.conf.template @@ -198,6 +198,7 @@ categorydisplaythreshold = {$dansguardian_groups['categorydisplaythreshold']} # WARNING: This option is highly CPU intensive! embeddedurlweight = {$dansguardian_groups['embeddedurlweight']} +maxuploadsize = {$dansguardian_groups['maxuploadsize']} # Enable PICS rating support # # Defaults to disabled @@ -370,13 +371,13 @@ deepurlanalysis = {$dansguardian_groups['deepurlanalysis']} #SSL certificate checking # Check that ssl certificates for servers on https connections are valid # and signed by a ca in the configured path -sslcertcheck = {$dansguardian_groups['sslcertcheck']} +sslcheckcert = {$dansguardian_groups['sslcheckcert']} #SSL man in the middle # Forge ssl certificates for all sites, decrypt the data then re encrypt it # using a different private key. Used to filter ssl sites sslmitm = {$dansguardian_groups['sslmitm']} -#mitmkey = '{$dansguardian_groups['mitmkey']}' +{$dansguardian_groups['mitmkey']} EOF; diff --git a/config/iperf.xml b/config/iperf.xml index 3de57441..e5de8b85 100644 --- a/config/iperf.xml +++ b/config/iperf.xml @@ -132,7 +132,7 @@ <type>input</type> </field> <field> - <fielddescr>Socket buffer bize</fielddescr> + <fielddescr>Socket buffer size</fielddescr> <fieldname>window</fieldname> <description>Enter the desired socket buffer size, if needed.</description> <type>input</type> diff --git a/config/iperfserver.xml b/config/iperfserver.xml index 99d8ba34..493c41c8 100644 --- a/config/iperfserver.xml +++ b/config/iperfserver.xml @@ -119,7 +119,7 @@ <type>input</type> </field> <field> - <fielddescr>Socket buffer bize</fielddescr> + <fielddescr>Socket buffer size</fielddescr> <fieldname>window</fieldname> <description>Enter the desired socket buffer size, if needed.</description> <type>input</type> diff --git a/config/lightsquid/lightsquid.inc b/config/lightsquid/lightsquid.inc index 5fd89470..4b31bc30 100644 --- a/config/lightsquid/lightsquid.inc +++ b/config/lightsquid/lightsquid.inc @@ -294,16 +294,15 @@ function lightsquid_resync() { $ifmgr = $ifmgr . $realif[0] . ";"; } - # ? delete ? - $config['installedpackages']['squidcache']['config'][0]['ext_cachemanager'] = $ifmgr; - # now right - $config['installedpackages']['squidnac']['config'][0]['ext_cachemanager'] = $ifmgr; - - write_config(); - if (function_exists('squid_resync')) { - squid_resync(); - } - else update_log("Function 'squid_resync' not found."); + /* Only save and resync if we're actually making any changes. */ + if (strpos($config['installedpackages']['squidnac']['config'][0]['ext_cachemanager'], $ifmgr) === FALSE) { + $config['installedpackages']['squidnac']['config'][0]['ext_cachemanager'] = $ifmgr; + write_config(); + if (function_exists('squid_resync')) + squid_resync(); + else + update_log("Function 'squid_resync' not found."); + } } } diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index 11659251..7eeebb0c 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8" ?> <packagegui> <name>OpenVPN Client Export</name> - <version>1.0.2</version> + <version>1.0.3</version> <title>OpenVPN Client Export</title> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> <backup_file></backup_file> diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php index 404cf4b8..fd134a9d 100755 --- a/config/openvpn-client-export/vpn_openvpn_export.php +++ b/config/openvpn-client-export/vpn_openvpn_export.php @@ -3,7 +3,7 @@ vpn_openvpn_export.php Copyright (C) 2008 Shrew Soft Inc. - Copyright (C) 2010 Ermal Lu�i + Copyright (C) 2010 Ermal Luçi All rights reserved. Redistribution and use in source and binary forms, with or without @@ -256,9 +256,9 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<script language="JavaScript"> - var viscosityAvailable = false; -<!-- +<script type="text/javascript"> +//<![CDATA[ +var viscosityAvailable = false; var servers = new Array(); <?php foreach ($ras_server as $sindex => $server): ?> @@ -367,32 +367,32 @@ function download_begin(act, i, j) { var dlurl; dlurl = "/vpn_openvpn_export.php?act=" + act; - dlurl += "&srvid=" + escape(servers[index][0]); + dlurl += "&srvid=" + escape(servers[index][0]); if (users[i]) { - dlurl += "&usrid=" + escape(users[i][0]); - dlurl += "&crtid=" + escape(users[i][1]); + dlurl += "&usrid=" + escape(users[i][0]); + dlurl += "&crtid=" + escape(users[i][1]); } if (certs[j]) { - dlurl += "&usrid="; - dlurl += "&crtid=" + escape(certs[j][0]); + dlurl += "&usrid="; + dlurl += "&crtid=" + escape(certs[j][0]); } - dlurl += "&useaddr=" + escape(useaddr); - dlurl += ""eservercn=" + escape(quoteservercn); - dlurl += "&openvpnmanager=" + escape(openvpnmanager); - dlurl += "&usetoken=" + escape(usetoken); + dlurl += "&useaddr=" + escape(useaddr); + dlurl += "&quoteservercn=" + escape(quoteservercn); + dlurl += "&openvpnmanager=" + escape(openvpnmanager); + dlurl += "&usetoken=" + escape(usetoken); if (usepass) - dlurl += "&password=" + escape(pass); + dlurl += "&password=" + escape(pass); if (useproxy) { - dlurl += "&proxy_addr=" + escape(proxyaddr); - dlurl += "&proxy_port=" + escape(proxyport); - dlurl += "&proxy_authtype=" + escape(proxyauth); + dlurl += "&proxy_addr=" + escape(proxyaddr); + dlurl += "&proxy_port=" + escape(proxyport); + dlurl += "&proxy_authtype=" + escape(proxyauth); if (useproxypass) { - dlurl += "&proxy_user=" + escape(proxyuser); - dlurl += "&proxy_password=" + escape(proxypass); + dlurl += "&proxy_user=" + escape(proxyuser); + dlurl += "&proxy_password=" + escape(proxypass); } } - dlurl += "&advancedoptions=" + escape(advancedoptions); + dlurl += "&advancedoptions=" + escape(advancedoptions); window.open(dlurl,"_self"); } @@ -416,28 +416,28 @@ function server_changed() { cell1.className = "listr"; cell1.innerHTML = users[i][3]; cell2.className = "listr"; - cell2.innerHTML = "- Standard Configurations:<br/>"; + cell2.innerHTML = "- Standard Configurations:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"confzip\"," + i + ", -1)'>Archive</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confzip\"," + i + ", -1)'>Archive<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"conf\"," + i + ", -1)'>Config Only</a>"; - cell2.innerHTML += "<br/>- Inline Configurations:<br/>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"conf\"," + i + ", -1)'>Config Only<\/a>"; + cell2.innerHTML += "<br\/>- Inline Configurations:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"confinlinedroid\"," + i + ", -1)'>Android</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confinlinedroid\"," + i + ", -1)'>Android<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"confinlineios\"," + i + ", -1)'>OpenVPN Connect (iOS/Android)</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confinlineios\"," + i + ", -1)'>OpenVPN Connect (iOS/Android)<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ", -1)'>Others</a>"; - cell2.innerHTML += "<br/>- Windows Installers:<br/>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ", -1)'>Others<\/a>"; + cell2.innerHTML += "<br\/>- Windows Installers:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ", -1)'>2.2</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ", -1)'>2.2<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\"," + i + ", -1)'>2.3-x86</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\"," + i + ", -1)'>2.3-x86<\/a>"; // cell2.innerHTML += " "; -// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ", -1)'>2.3-x64</a>"; - cell2.innerHTML += "<br/>- Mac OSX:<br/>"; +// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ", -1)'>2.3-x64<\/a>"; + cell2.innerHTML += "<br\/>- Mac OSX:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ", -1)'>Viscosity Bundle</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ", -1)'>Viscosity Bundle<\/a>"; } for (j=0; j < certs.length; j++) { var row = table.insertRow(table.rows.length); @@ -453,38 +453,38 @@ function server_changed() { cell1.className = "listr"; cell1.innerHTML = certs[j][1]; cell2.className = "listr"; - cell2.innerHTML = "- Standard Configurations:<br/>"; + cell2.innerHTML = "- Standard Configurations:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"confzip\", -1," + j + ")'>Archive</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confzip\", -1," + j + ")'>Archive<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"conf\", -1," + j + ")'>File Only</a>"; - cell2.innerHTML += "<br/>- Inline Configurations:<br/>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"conf\", -1," + j + ")'>File Only<\/a>"; + cell2.innerHTML += "<br\/>- Inline Configurations:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"confinlinedroid\", -1," + j + ")'>Android</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confinlinedroid\", -1," + j + ")'>Android<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"confinlineios\", -1," + j + ")'>OpenVPN Connect (iOS/Android)</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confinlineios\", -1," + j + ")'>OpenVPN Connect (iOS/Android)<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\", -1," + j + ")'>Others</a>"; - cell2.innerHTML += "<br/>- Windows Installers:<br/>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\", -1," + j + ")'>Others<\/a>"; + cell2.innerHTML += "<br\/>- Windows Installers:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst\", -1," + j + ")'>2.2</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst\", -1," + j + ")'>2.2<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\", -1," + j + ")'>2.3-x86</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\", -1," + j + ")'>2.3-x86<\/a>"; // cell2.innerHTML += " "; -// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\", -1," + j + ")'>2.3-x64</a>"; - cell2.innerHTML += "<br/>- Mac OSX:<br/>"; +// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\", -1," + j + ")'>2.3-x64<\/a>"; + cell2.innerHTML += "<br\/>- Mac OSX:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"visc\", -1," + j + ")'>Viscosity Bundle</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"visc\", -1," + j + ")'>Viscosity Bundle<\/a>"; if (servers[index][2] == "server_tls") { - cell2.innerHTML += "<br/>- Yealink SIP Handsets: <br/>"; + cell2.innerHTML += "<br\/>- Yealink SIP Handsets: <br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t28\", -1," + j + ")'>T28</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t28\", -1," + j + ")'>T28<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t38g\", -1," + j + ")'>T38G (1)</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t38g\", -1," + j + ")'>T38G (1)<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t38g2\", -1," + j + ")'>T38G (2)</a>"; - cell2.innerHTML += "<br/>"; - cell2.innerHTML += "- <a href='javascript:download_begin(\"conf_snom\", -1," + j + ")'>SNOM SIP Handset</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"conf_yealink_t38g2\", -1," + j + ")'>T38G (2)<\/a>"; + cell2.innerHTML += "<br\/>"; + cell2.innerHTML += "- <a href='javascript:download_begin(\"conf_snom\", -1," + j + ")'>SNOM SIP Handset<\/a>"; } } if (servers[index][2] == 'server_user') { @@ -497,28 +497,28 @@ function server_changed() { cell1.className = "listr"; cell1.innerHTML = "none"; cell2.className = "listr"; - cell2.innerHTML = "- Standard Configurations:<br/>"; + cell2.innerHTML = "- Standard Configurations:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"confzip\"," + i + ")'>Archive</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confzip\"," + i + ")'>Archive<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"conf\"," + i + ")'>File Only</a>"; - cell2.innerHTML += "<br/>- Inline Configurations:<br/>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"conf\"," + i + ")'>File Only<\/a>"; + cell2.innerHTML += "<br\/>- Inline Configurations:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"confinlinedroid\"," + i + ")'>Android</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confinlinedroid\"," + i + ")'>Android<\a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"confinlineios\"," + i + ")'>OpenVPN Connect (iOS/Android)</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confinlineios\"," + i + ")'>OpenVPN Connect (iOS/Android)<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ")'>Others</a>"; - cell2.innerHTML += "<br/>- Windows Installers:<br/>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"confinline\"," + i + ")'>Others<\/a>"; + cell2.innerHTML += "<br\/>- Windows Installers:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ")'>2.2</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst\"," + i + ")'>2.2<\/a>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\"," + i + ")'>2.3-x86</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x86\"," + i + ")'>2.3-x86<\/a>"; // cell2.innerHTML += " "; -// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ")'>2.3-x64</a>"; - cell2.innerHTML += "<br/>- Mac OSX:<br/>"; +// cell2.innerHTML += "<a href='javascript:download_begin(\"inst-2.3-x64\"," + i + ")'>2.3-x64<\/a>"; + cell2.innerHTML += "<br\/>- Mac OSX:<br\/>"; cell2.innerHTML += " "; - cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ")'>Viscosity Bundle</a>"; + cell2.innerHTML += "<a href='javascript:download_begin(\"visc\"," + i + ")'>Viscosity Bundle<\/a>"; } } @@ -548,7 +548,7 @@ function useproxy_changed(obj) { $(obj.id + '_opts').hide(); } } -//--> +//]]> </script> <?php if ($input_errors) @@ -556,7 +556,7 @@ function useproxy_changed(obj) { if ($savemsg) print_info_box($savemsg); ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="openvpn export"> <tr> <td> <?php @@ -574,11 +574,11 @@ function useproxy_changed(obj) { <tr> <td id="mainarea"> <div class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> <tr> <td width="22%" valign="top" class="vncellreq">Remote Access Server</td> <td width="78%" class="vtable"> - <select name="server" id="server" class="formselect" onChange="server_changed()"> + <select name="server" id="server" class="formselect" onchange="server_changed()"> <?php foreach($ras_server as & $server): ?> <option value="<?=$server['sindex'];?>"><?=$server['name'];?></option> <?php endforeach; ?> @@ -588,10 +588,10 @@ function useproxy_changed(obj) { <tr> <td width="22%" valign="top" class="vncell">Host Name Resolution</td> <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0"> + <table border="0" cellpadding="2" cellspacing="0" summary="name resolution"> <tr> <td> - <select name="useaddr" id="useaddr" class="formselect" onChange="useaddr_changed(this)"> + <select name="useaddr" id="useaddr" class="formselect" onchange="useaddr_changed(this)"> <option value="serveraddr" >Interface IP Address</option> <option value="serverhostname" >Installation hostname</option> <?php if (is_array($config['dyndnses']['dyndns'])): ?> @@ -602,7 +602,7 @@ function useproxy_changed(obj) { <option value="other">Other</option> </select> <br /> - <div style="display:none;" name="HostName" id="HostName"> + <div style="display:none;" id="HostName"> <input name="useaddr_hostname" id="useaddr_hostname" /> <span class="vexpl"> Enter the hostname or IP address the client will use to connect to this server. @@ -616,10 +616,10 @@ function useproxy_changed(obj) { <tr> <td width="22%" valign="top" class="vncell">Quote Server CN</td> <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0"> + <table border="0" cellpadding="2" cellspacing="0" summary="quote server cn"> <tr> <td> - <input name="quoteservercn" id="quoteservercn" type="checkbox" value="yes"> + <input name="quoteservercn" id="quoteservercn" type="checkbox" value="yes" /> </td> <td> <span class="vexpl"> @@ -633,10 +633,10 @@ function useproxy_changed(obj) { <tr> <td width="22%" valign="top" class="vncell">Certificate Export Options</td> <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0"> + <table border="0" cellpadding="2" cellspacing="0" summary="export options"> <tr> <td> - <input name="usetoken" id="usetoken" type="checkbox" value="yes"> + <input name="usetoken" id="usetoken" type="checkbox" value="yes" /> </td> <td> <span class="vexpl"> @@ -645,10 +645,10 @@ function useproxy_changed(obj) { </td> </tr> </table> - <table border="0" cellpadding="2" cellspacing="0"> + <table border="0" cellpadding="2" cellspacing="0" summary="checkbox for password"> <tr> <td> - <input name="usepass" id="usepass" type="checkbox" value="yes" onClick="usepass_changed()"> + <input name="usepass" id="usepass" type="checkbox" value="yes" onclick="usepass_changed()" /> </td> <td> <span class="vexpl"> @@ -657,7 +657,7 @@ function useproxy_changed(obj) { </td> </tr> </table> - <table border="0" cellpadding="2" cellspacing="0" id="usepass_opts" style="display:none"> + <table border="0" cellpadding="2" cellspacing="0" id="usepass_opts" style="display:none" summary="password"> <tr> <td align="right"> <span class="vexpl"> @@ -684,10 +684,10 @@ function useproxy_changed(obj) { <tr> <td width="22%" valign="top" class="vncell">Use HTTP Proxy</td> <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0"> + <table border="0" cellpadding="2" cellspacing="0" summary="http proxy"> <tr> <td> - <input name="useproxy" id="useproxy" type="checkbox" value="yes" onClick="useproxy_changed(this)"> + <input name="useproxy" id="useproxy" type="checkbox" value="yes" onclick="useproxy_changed(this)" /> </td> <td> @@ -697,9 +697,9 @@ function useproxy_changed(obj) { </td> </tr> </table> - <table border="0" cellpadding="2" cellspacing="0" id="useproxy_opts" style="display:none"> + <table border="0" cellpadding="2" cellspacing="0" id="useproxy_opts" style="display:none" summary="user options"> <tr> - <td align="right" width='25%'> + <td align="right" width="25%"> <span class="vexpl"> IP Address : </span> @@ -709,21 +709,21 @@ function useproxy_changed(obj) { </td> </tr> <tr> - <td align="right" width='25%'> + <td align="right" width="25%"> <span class="vexpl"> Port : </span> + </td> <td> <input name="proxyport" id="proxyport" class="formfld unknown" size="5" value="" /> </td> </tr> - <br /> <tr> <td width="25%"> - + <br /> </td> <td> - <select name="useproxypass" id="useproxypass" class="formselect" onChange="useproxy_changed(this)"> + <select name="useproxypass" id="useproxypass" class="formselect" onchange="useproxy_changed(this)"> <option value="none">none</option> <option value="basic">basic</option> <option value="ntlm">ntlm</option> @@ -732,7 +732,7 @@ function useproxy_changed(obj) { Choose HTTP proxy authentication if any. </span> <br /> - <table border="0" cellpadding="2" cellspacing="0" id="useproxypass_opts" style="display:none"> + <table border="0" cellpadding="2" cellspacing="0" id="useproxypass_opts" style="display:none" summary="name and password"> <tr> <td align="right" width="25%"> <span class="vexpl"> @@ -758,6 +758,7 @@ function useproxy_changed(obj) { <span class="vexpl"> Confirm : </span> + </td> <td> <input name="proxyconf" id="proxyconf" type="password" class="formfld pwd" size="20" value="" /> </td> @@ -771,10 +772,10 @@ function useproxy_changed(obj) { <tr> <td width="22%" valign="top" class="vncell">Management Interface<br/>OpenVPNManager</td> <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0"> + <table border="0" cellpadding="2" cellspacing="0" summary="openvpn manager"> <tr> <td> - <input name="openvpnmanager" id="openvpnmanager" type="checkbox" value="yes"> + <input name="openvpnmanager" id="openvpnmanager" type="checkbox" value="yes" /> </td> <td> <span class="vexpl"> @@ -793,7 +794,7 @@ function useproxy_changed(obj) { <tr> <td width="22%" valign="top" class="vncell">Additional configuration options</td> <td width="78%" class="vtable"> - <textarea rows="6" cols="78" name="advancedoptions" id="advancedoptions"></textarea><br/> + <textarea rows="6" cols="68" name="advancedoptions" id="advancedoptions"></textarea><br/> <?=gettext("Enter any additional options you would like to add to the OpenVPN client export configuration here, separated by a line break or semicolon"); ?><br/> <?=gettext("EXAMPLE: remote-random"); ?>; </td> @@ -802,14 +803,14 @@ function useproxy_changed(obj) { <td colspan="2" valign="top" class="listtopic">Client Install Packages</td> </tr> </table> - <table width="100%" id="users" width="100%" border="0" cellpadding="0" cellspacing="0"> + <table width="100%" id="users" border="0" cellpadding="0" cellspacing="0" summary="heading"> <tr> <td width="25%" class="listhdrr"><?=gettext("User");?></td> <td width="35%" class="listhdrr"><?=gettext("Certificate Name");?></td> <td width="40%" class="listhdrr"><?=gettext("Export");?></td> </tr> </table> - <table width="100%" width="100%" border="0" cellpadding="0" cellspacing="5"> + <table width="100%" border="0" cellpadding="0" cellspacing="5" summary="note"> <tr> <td align="right" valign="top" width="5%"><?= gettext("NOTE:") ?></td> <td><?= gettext("If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager.") ?></td> @@ -833,10 +834,12 @@ function useproxy_changed(obj) { </td> </tr> </table> -<script language="JavaScript"> -<!-- +<script type="text/javascript"> +//<![CDATA[ server_changed(); -//--> +//]]> </script> -</body> + <?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/openvpn-client-export/vpn_openvpn_export_shared.php b/config/openvpn-client-export/vpn_openvpn_export_shared.php index d2a555e7..e20a8383 100644 --- a/config/openvpn-client-export/vpn_openvpn_export_shared.php +++ b/config/openvpn-client-export/vpn_openvpn_export_shared.php @@ -151,9 +151,9 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<script language="JavaScript"> - var viscosityAvailable = false; -<!-- +<script type="text/javascript"> +//<![CDATA[ +var viscosityAvailable = false; var servers = new Array(); <?php foreach ($ras_server as $sindex => $server): ?> @@ -215,15 +215,15 @@ function download_begin(act) { var dlurl; dlurl = "/vpn_openvpn_export_shared.php?act=" + act; - dlurl += "&srvid=" + servers[index][0]; - dlurl += "&useaddr=" + useaddr; + dlurl += "&srvid=" + servers[index][0]; + dlurl += "&useaddr=" + useaddr; if (useproxy) { - dlurl += "&proxy_addr=" + proxyaddr; - dlurl += "&proxy_port=" + proxyport; - dlurl += "&proxy_authtype=" + proxyauth; + dlurl += "&proxy_addr=" + proxyaddr; + dlurl += "&proxy_port=" + proxyport; + dlurl += "&proxy_authtype=" + proxyauth; if (useproxypass) { - dlurl += "&proxy_user=" + proxyuser; - dlurl += "&proxy_password=" + proxypass; + dlurl += "&proxy_user=" + proxyuser; + dlurl += "&proxy_password=" + proxypass; } } @@ -245,9 +245,9 @@ function server_changed() { cell0.className = "listlr"; cell0.innerHTML = "Other Shared Key OS Client"; cell1.className = "listr"; - cell1.innerHTML = "<a href='javascript:download_begin(\"skconf\")'>Configuration</a>"; - cell1.innerHTML += "<br/>"; - cell1.innerHTML += "<a href='javascript:download_begin(\"skzipconf\")'>Configuration archive</a>"; + cell1.innerHTML = "<a href='javascript:download_begin(\"skconf\")'>Configuration<\/a>"; + cell1.innerHTML += "<br\/>"; + cell1.innerHTML += "<a href='javascript:download_begin(\"skzipconf\")'>Configuration archive<\/a>"; } } @@ -269,7 +269,7 @@ function useproxy_changed(obj) { $(obj.id + '_opts').hide(); } } -//--> +//]]> </script> <?php if ($input_errors) @@ -277,7 +277,7 @@ function useproxy_changed(obj) { if ($savemsg) print_info_box($savemsg); ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="openvpn export shared"> <tr> <td> <?php @@ -295,11 +295,11 @@ function useproxy_changed(obj) { <tr> <td id="mainarea"> <div class="tabcont"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> <tr> <td width="22%" valign="top" class="vncellreq">Shared Key Server</td> <td width="78%" class="vtable"> - <select name="server" id="server" class="formselect" onChange="server_changed()"> + <select name="server" id="server" class="formselect" onchange="server_changed()"> <?php foreach($ras_server as & $server): ?> <option value="<?=$server['sindex'];?>"><?=$server['name'];?></option> <?php endforeach; ?> @@ -309,10 +309,10 @@ function useproxy_changed(obj) { <tr> <td width="22%" valign="top" class="vncell">Host Name Resolution</td> <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0"> + <table border="0" cellpadding="2" cellspacing="0" summary="host name resolution"> <tr> <td> - <select name="useaddr" id="useaddr" class="formselect" onChange="useaddr_changed(this)"> + <select name="useaddr" id="useaddr" class="formselect" onchange="useaddr_changed(this)"> <option value="serveraddr" >Interface IP Address</option> <option value="serverhostname" >Installation hostname</option> <?php if (is_array($config['dyndnses']['dyndns'])): ?> @@ -323,7 +323,7 @@ function useproxy_changed(obj) { <option value="other">Other</option> </select> <br /> - <div style="display:none;" name="HostName" id="HostName"> + <div style="display:none;" id="HostName"> <input name="useaddr_hostname" id="useaddr_hostname" /> <span class="vexpl"> Enter the hostname or IP address the client will use to connect to this server. @@ -337,10 +337,10 @@ function useproxy_changed(obj) { <tr> <td width="22%" valign="top" class="vncell">Use HTTP Proxy</td> <td width="78%" class="vtable"> - <table border="0" cellpadding="2" cellspacing="0"> + <table border="0" cellpadding="2" cellspacing="0" summary="http proxy"> <tr> <td> - <input name="useproxy" id="useproxy" type="checkbox" value="yes" onClick="useproxy_changed(this)"> + <input name="useproxy" id="useproxy" type="checkbox" value="yes" onclick="useproxy_changed(this)" /> </td> <td> @@ -350,9 +350,9 @@ function useproxy_changed(obj) { </td> </tr> </table> - <table border="0" cellpadding="2" cellspacing="0" id="useproxy_opts" style="display:none"> + <table border="0" cellpadding="2" cellspacing="0" id="useproxy_opts" style="display:none" summary="user options"> <tr> - <td align="right" width='25%'> + <td align="right" width="25%"> <span class="vexpl"> IP Address : </span> @@ -362,21 +362,21 @@ function useproxy_changed(obj) { </td> </tr> <tr> - <td align="right" width='25%'> + <td align="right" width="25%"> <span class="vexpl"> Port : </span> + </td> <td> <input name="proxyport" id="proxyport" class="formfld unknown" size="5" value="" /> </td> </tr> - <br /> <tr> <td width="25%"> - + <br /> </td> <td> - <select name="useproxypass" id="useproxypass" class="formselect" onChange="useproxy_changed(this)"> + <select name="useproxypass" id="useproxypass" class="formselect" onchange="useproxy_changed(this)"> <option value="none">none</option> <option value="basic">basic</option> <option value="ntlm">ntlm</option> @@ -385,7 +385,7 @@ function useproxy_changed(obj) { Choose HTTP proxy authentication if any. </span> <br /> - <table border="0" cellpadding="2" cellspacing="0" id="useproxypass_opts" style="display:none"> + <table border="0" cellpadding="2" cellspacing="0" id="useproxypass_opts" style="display:none" summary="name and password"> <tr> <td align="right" width="25%"> <span class="vexpl"> @@ -411,6 +411,7 @@ function useproxy_changed(obj) { <span class="vexpl"> Confirm : </span> + </td> <td> <input name="proxyconf" id="proxyconf" type="password" class="formfld pwd" size="20" value="" /> </td> @@ -428,26 +429,27 @@ function useproxy_changed(obj) { <td colspan="2" valign="top" class="listtopic">Client Configuration Packages</td> </tr> </table> - <table width="100%" id="clients" width="100%" border="0" cellpadding="0" cellspacing="0"> + <table width="100%" id="clients" border="0" cellpadding="0" cellspacing="0" summary="heading"> <tr> <td width="25%" class="listhdrr"><?=gettext("Client Type");?></td> <td width="50%" class="listhdrr"><?=gettext("Export");?></td> </tr> </table> - <table width="100%" width="100%" border="0" cellpadding="5" cellspacing="10"> + <table width="100%" border="0" cellpadding="5" cellspacing="10" summary="note"> <tr> <td align="right" valign="top" width="5%"><?= gettext("NOTE:") ?></td> - <td><?= gettext("NOTE: These are shared key configurations for use in site-to-site tunnels with other routers. Shared key tunnels are not normally used for remote access connections to end users.") ?></td> + <td><?= gettext("These are shared key configurations for use in site-to-site tunnels with other routers. Shared key tunnels are not normally used for remote access connections to end users.") ?></td> </tr> </table> </div> </td> </tr> </table> -<script language="JavaScript"> -<!-- +<script type="text/javascript"> +//<![CDATA[ server_changed(); -//--> +//]]> </script> -</body> <?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/snort/snort.inc b/config/snort/snort.inc index dede1f1d..884c50ec 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1197,9 +1197,11 @@ function snort_find_flowbit_required_rules(&$all_rules, &$unchecked_flowbits) { if ($rule2['disabled'] == 0) /* If not disabled, just return the rule text "as is" */ $required_flowbits_rules[$k1][$k2]['rule'] = ltrim($rule2['rule']); - else + else { /* If rule is disabled, remove leading '#' to enable it */ $required_flowbits_rules[$k1][$k2]['rule'] = ltrim(substr($rule2['rule'], strpos($rule2['rule'], "#") + 1)); + $required_flowbits_rules[$k1][$k2]['disabled'] = 0; + } } } } @@ -1335,8 +1337,10 @@ function snort_load_vrt_policy($policy) { $vrt_policy_rules[$k1][$k2] = $arulem2; /* Enable the policy rule if disabled */ - if ($arulem2['disabled'] == 1) + if ($arulem2['disabled'] == 1) { $vrt_policy_rules[$k1][$k2]['rule'] = ltrim(substr($arulem2['rule'], strpos($arulem2['rule'], "#") + 1)); + $vrt_policy_rules[$k1][$k2]['disabled'] = 0; + } } } } @@ -1441,8 +1445,10 @@ function snort_modify_sids(&$rule_map, $snortcfg) { if (!empty($enablesid)) { foreach ($rule_map as $k1 => $rulem) { foreach ($rulem as $k2 => $v) { - if (in_array($k2, $enablesid) && $v['disabled'] == 1) + if (in_array($k2, $enablesid) && $v['disabled'] == 1) { $rule_map[$k1][$k2]['rule'] = ltrim($v['rule'], " \t#"); + $rule_map[$k1][$k2]['disabled'] = 0; + } } } } @@ -1452,8 +1458,10 @@ function snort_modify_sids(&$rule_map, $snortcfg) { if (!empty($disablesid)) { foreach ($rule_map as $k1 => $rulem) { foreach ($rulem as $k2 => $v) { - if (in_array($k2, $disablesid) && $v['disabled'] == 0) + if (in_array($k2, $disablesid) && $v['disabled'] == 0) { $rule_map[$k1][$k2]['rule'] = "# " . $v['rule']; + $rule_map[$k1][$k2]['disabled'] = 1; + } } } } @@ -1765,6 +1773,10 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* Process any enablesid or disablesid modifications for the selected rules. */ snort_modify_sids($enabled_rules, $snortcfg); + /* Check for and disable any rules dependent upon disabled preprocessors. */ + log_error('Checking for and disabling any rules dependent upon disabled preprocessors for ' . snort_get_friendly_interface($snortcfg['interface']) . '...'); + snort_filter_preproc_rules($snortcfg, $enabled_rules); + /* Write the enforcing rules file to the Snort interface's "rules" directory. */ snort_write_enforcing_rules_file($enabled_rules, "{$snortcfgdir}/rules/{$snort_enforcing_rules_file}"); unset($enabled_rules); @@ -1794,6 +1806,69 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { snort_build_sid_msg_map("{$snortcfgdir}/rules/", "{$snortcfgdir}/sid-msg.map"); } +function snort_filter_preproc_rules($snortcfg, &$active_rules) { + + /**************************************************/ + /* This function checks the $active_rules array */ + /* for rule options dependent upon preprocessors. */ + /* Rules with rule options dependent upon any */ + /* non-enabled preprocessors are disabled to stop */ + /* start-up errors from unknown rule options. */ + /* */ + /* $snortcfg -> config parameters array for */ + /* the interface */ + /* $active_rules -> rules_map array of enabled */ + /* rules for the interface */ + /**************************************************/ + + global $config; + + if (empty($active_rules)) + return; + + /*************************************************** + * Construct an array of rule options with their * + * associated preprocessors. * + * * + * IMPORTANT -- Keep this part of the code current * + * with changes to preprocessor rule options in * + * Snort VRT rules. * + ***************************************************/ + $rule_opts_preprocs = array("ssl_version:" => "ssl_preproc","ssl_state:" => "ssl_preproc", + "dce_iface:" => "dce_rpc_2", "dce_opnum:" => "dce_rpc_2", + "dce_stub_data;" => "dce_rpc_2", "sd_pattern:" => "sensitive_data", + "sip_method:" => "sip_preproc", "sip_stat_code:" => "sip_preproc", + "sip_header;" => "sip_preproc", "sip_body;" => "sip_preproc", + "gtp_type:" => "gtp_preproc", "gtp_info:" => "gtp_preproc", + "gtp_version:" => "gtp_preproc", "modbus_func:" => "modbus_preproc", + "modbus_unit:" => "modbus_preproc", "modbus_data;" => "modbus_preproc", + "dnp3_func:" => "dnp3_preproc", "dnp3_obj:" => "dnp3_preproc", + "dnp3_ind:" => "dnp3_preproc", "dnp3_data;" => "dnp3_preproc"); + + /*************************************************** + * Iterate the enabled rules, and check for rule * + * options that depend on disabled preprocessors. * + * Disable any of these preprocessor-dependent * + * rules we find. Once we find at least one * + * reason to disable the rule, stop further checks * + * and go to the next rule. * + ***************************************************/ + foreach ($active_rules as $k1 => $rulem) { + foreach ($rulem as $k2 => $v) { + if ($v['disabled'] == 0) + continue; + foreach ($rule_opts_preprocs as $opt => $preproc) { + $pcre = "/\s*\b" . $opt . "/i"; + if (($snortcfg[$preproc] != 'on') && preg_match($pcre, $v['rule'])) { + $active_rules[$k1][$k2]['rule'] = "# " . $v['rule']; + $active_rules[$k1][$k2]['disabled'] = 1; + break; + } + } + } + } +} + function snort_generate_conf($snortcfg) { global $config, $g; @@ -1902,7 +1977,8 @@ function snort_generate_conf($snortcfg) { "DCERPC_NCACN_IP_TCP" => "139,445", "DCERPC_NCADG_IP_UDP" => "138,1024:", "DCERPC_NCACN_IP_LONG" => "135,139,445,593,1024:", "DCERPC_NCACN_UDP_LONG" => "135,1024:", "DCERPC_NCACN_UDP_SHORT" => "135,593,1024:", "DCERPC_NCACN_TCP" => "2103,2105,2107", - "DCERPC_BRIGHTSTORE" => "6503,6504", "DNP3_PORTS" => "20000", "MODBUS_PORTS" => "502" + "DCERPC_BRIGHTSTORE" => "6503,6504", "DNP3_PORTS" => "20000", "MODBUS_PORTS" => "502", + "GTP_PORTS" => "2123,2152,3386" ); $portvardef = ""; @@ -1927,6 +2003,10 @@ EOD; if ((!empty($snortcfg['server_flow_depth'])) || ($snortcfg['server_flow_depth'] == '0')) $def_server_flow_depth_type = $snortcfg['server_flow_depth']; + $http_server_profile = "all"; + if (!empty($snortcfg['http_server_profile'])) + $http_server_profile = $snortcfg['http_server_profile']; + $def_client_flow_depth_type = '300'; if ((!empty($snortcfg['client_flow_depth'])) || ($snortcfg['client_flow_depth'] == '0')) $def_client_flow_depth_type = $snortcfg['client_flow_depth']; @@ -1942,7 +2022,7 @@ EOD; # HTTP Inspect # preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535 -preprocessor http_inspect_server: server default profile all {$noalert_http_inspect}\ +preprocessor http_inspect_server: server default profile {$http_server_profile} {$noalert_http_inspect}\ ports { {$http_ports} } \ http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \ server_flow_depth {$def_server_flow_depth_type} \ @@ -2061,13 +2141,25 @@ PIPELINING CHUNKING DATA DSN RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB EOD; /* def sf_portscan */ + if (!empty($snortcfg['pscan_sense_level'])) + $sf_pscan_sense_level = $snortcfg['pscan_sense_level']; + else + $sf_pscan_sense_level = "medium"; + + if (!empty($snortcfg['pscan_ignore_scanners']) && is_alias($snortcfg['pscan_ignore_scanners'])) { + $sf_pscan_ignore_scanners = filter_expand_alias($snortcfg['pscan_ignore_scanners']); + $sf_pscan_ignore_scanners = preg_replace('/\s+/', ',', trim($sf_pscan_ignore_scanners)); + } + else + $sf_pscan_ignore_scanners = "\$HOME_NET"; + $sf_portscan = <<<EOD # sf Portscan # preprocessor sfportscan: scan_type { all } \ proto { all } \ memcap { 10000000 } \ - sense_level { medium } \ - ignore_scanners { \$HOME_NET } + sense_level { {$sf_pscan_sense_level} } \ + ignore_scanners { {$sf_pscan_ignore_scanners} } EOD; @@ -2134,6 +2226,14 @@ preprocessor modbus: \ EOD; + /* def gtp_preprocessor */ + $gtp_ports = str_replace(",", " ", $snort_ports['GTP_PORTS']); + $gtp_preproc = <<<EOD +# GTP preprocessor # +preprocessor gtp: ports { {$gtp_ports} } + +EOD; + $def_ssl_ports_ignore = str_replace(",", " ", $snort_ports['ssl_ports']); $ssl_preproc = <<<EOD # Ignore SSL and Encryption # @@ -2180,11 +2280,11 @@ EOD; $snort_preproc_libs = array( "dce_rpc_2" => "dce2_preproc", "dns_preprocessor" => "dns_preproc", "ftp_preprocessor" => "ftptelnet_preproc", "imap_preproc" => "imap_preproc", "pop_preproc" => "pop_preproc", "reputation_preproc" => "reputation_preproc", "sensitive_data" => "sdf_preproc", - "sip_preproc" => "sip_preproc", "smtp_preprocessor" => "smtp_preproc", "ssh_preproc" => "ssh_preproc", + "sip_preproc" => "sip_preproc", "gtp_preproc" => "gtp_preproc", "smtp_preprocessor" => "smtp_preproc", "ssh_preproc" => "ssh_preproc", "ssl_preproc" => "ssl_preproc", "dnp3_preproc" => "dnp3_preproc", "modbus_preproc" => "modbus_preproc" ); $snort_preproc = array ( - "perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", + "perform_stat", "http_inspect", "other_preprocs", "ftp_preprocessor", "smtp_preprocessor", "ssl_preproc", "sip_preproc", "gtp_preproc", "sf_portscan", "dce_rpc_2", "dns_preprocessor", "sensitive_data", "pop_preproc", "imap_preproc", "dnp3_preproc", "modbus_preproc" ); $snort_preprocessors = ""; @@ -2282,6 +2382,9 @@ config disable_tcpopt_alerts config disable_ipopt_alerts config disable_decode_drops +# Enable the GTP decoder # +config enable_gtp + # Configure PCRE match limitations config pcre_match_limit: 3500 config pcre_match_limit_recursion: 1500 diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php index 3a12b284..4085b325 100755 --- a/config/snort/snort_define_servers.php +++ b/config/snort/snort_define_servers.php @@ -75,7 +75,7 @@ $snort_ports = array( "sip_ports" => "5060,5061", "auth_ports" => "113", "finger_ports" => "79", "irc_ports" => "6665,6666,6667,6668,6669,7000", "smb_ports" => "139,445", "nntp_ports" => "119", "rlogin_ports" => "513", "rsh_ports" => "514", -"ssl_ports" => "443,465,563,636,989,990,992,993,994,995", +"ssl_ports" => "443,465,563,636,989,990,992,993,994,995", "GTP_PORTS" => "2123,2152,3386", "file_data_ports" => "\$HTTP_PORTS,110,143", "shellcode_ports" => "!80", "sun_rpc_ports" => "111,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779", "DCERPC_NCACN_IP_TCP" => "139,445", "DCERPC_NCADG_IP_UDP" => "138,1024:", diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index cec43bb7a..d0fabbf4 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -295,7 +295,9 @@ function enable_change(enable_change) { <td width="78%" class="vtable"> <select name="performance" class="formselect" id="performance"> <?php - $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', 'ac-banded' => 'AC-BANDED', 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS'); + $interfaces2 = array('ac-bnfa' => 'AC-BNFA', 'ac-split' => 'AC-SPLIT', 'lowmem' => 'LOWMEM', 'ac-std' => 'AC-STD', 'ac' => 'AC', + 'ac-nq' => 'AC-NQ', 'ac-bnfa-nq' => 'AC-BNFA-NQ', 'lowmem-nq' => 'LOWMEM-NQ', 'ac-banded' => 'AC-BANDED', + 'ac-sparsebands' => 'AC-SPARSEBANDS', 'acs' => 'ACS'); foreach ($interfaces2 as $iface2 => $ifacename2): ?> <option value="<?=$iface2;?>" <?php if ($iface2 == $pconfig['performance']) echo "selected"; ?>> @@ -303,10 +305,10 @@ function enable_change(enable_change) { <?php endforeach; ?> </select><br> <span class="vexpl"><?php echo gettext("LOWMEM and AC-BNFA are recommended for low end " . - "systems, AC: high memory, best performance, AC-STD: moderate " . - "memory,high performance, ACS: small memory, moderate performance, " . - "AC-BANDED: small memory,moderate performance, AC-SPARSEBANDS: small " . - "memory, high performance."); ?> + "systems, AC-SPLIT: low memory, high performance, short-hand for search-method ac split-any-any, AC: high memory, " . + "best performance, -NQ: the -nq option specifies that matches should not be queued and evaluated as they are found," . + " AC-STD: moderate memory, high performance, ACS: small memory, moderate performance, " . + "AC-BANDED: small memory,moderate performance, AC-SPARSEBANDS: small memory, high performance."); ?> </span><br/></td> </tr> <tr> diff --git a/config/snort/snort_interfaces_global.php b/config/snort/snort_interfaces_global.php index eb371119..9dde8aaf 100644 --- a/config/snort/snort_interfaces_global.php +++ b/config/snort/snort_interfaces_global.php @@ -75,11 +75,11 @@ if (!$input_errors) { $retval = 0; - write_config(); - /* create whitelist and homenet file then sync files */ sync_snort_package_config(); + write_config(); + /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index 916fd413..7d0348e9 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -56,6 +56,7 @@ if (isset($id) && $a_nat[$id]) { /* new options */ $pconfig['perform_stat'] = $a_nat[$id]['perform_stat']; $pconfig['server_flow_depth'] = $a_nat[$id]['server_flow_depth']; + $pconfig['http_server_profile'] = $a_nat[$id]['http_server_profile']; $pconfig['client_flow_depth'] = $a_nat[$id]['client_flow_depth']; $pconfig['max_queued_bytes'] = $a_nat[$id]['max_queued_bytes']; $pconfig['max_queued_segs'] = $a_nat[$id]['max_queued_segs']; @@ -75,20 +76,31 @@ if (isset($id) && $a_nat[$id]) { $pconfig['sip_preproc'] = $a_nat[$id]['sip_preproc']; $pconfig['dnp3_preproc'] = $a_nat[$id]['dnp3_preproc']; $pconfig['modbus_preproc'] = $a_nat[$id]['modbus_preproc']; + $pconfig['gtp_preproc'] = $a_nat[$id]['gtp_preproc']; } if ($_POST) { $natent = array(); $natent = $pconfig; + if ($_POST['pscan_ignore_scanners'] && !is_alias($_POST['pscan_ignore_scanners'])) + $input_errors[] = "Only aliases are allowed"; + /* if no errors write to conf */ if (!$input_errors) { /* post new options */ if ($_POST['server_flow_depth'] != "") { $natent['server_flow_depth'] = $_POST['server_flow_depth']; }else{ $natent['server_flow_depth'] = ""; } + if ($_POST['http_server_profile'] != "") { $natent['http_server_profile'] = $_POST['http_server_profile']; }else{ $natent['http_server_profile'] = "all"; } if ($_POST['client_flow_depth'] != "") { $natent['client_flow_depth'] = $_POST['client_flow_depth']; }else{ $natent['client_flow_depth'] = ""; } if ($_POST['max_queued_bytes'] != "") { $natent['max_queued_bytes'] = $_POST['max_queued_bytes']; }else{ $natent['max_queued_bytes'] = ""; } if ($_POST['max_queued_segs'] != "") { $natent['max_queued_segs'] = $_POST['max_queued_segs']; }else{ $natent['max_queued_segs'] = ""; } if ($_POST['stream5_mem_cap'] != "") { $natent['stream5_mem_cap'] = $_POST['stream5_mem_cap']; }else{ $natent['stream5_mem_cap'] = ""; } + if ($_POST['pscan_sense_level'] != "") { $natent['pscan_sense_level'] = $_POST['pscan_sense_level']; }else{ $natent['pscan_sense_level'] = "medium"; } + + if ($_POST['pscan_ignore_scanners']) + $natent['pscan_ignore_scanners'] = $_POST['pscan_ignore_scanners']; + else + unset($natent['pscan_ignore_scanners']); $natent['perform_stat'] = $_POST['perform_stat'] ? 'on' : 'off'; $natent['http_inspect'] = $_POST['http_inspect'] ? 'on' : 'off'; @@ -107,6 +119,7 @@ if ($_POST) { $natent['modbus_preproc'] = $_POST['modbus_preproc'] ? 'on' : 'off'; $natent['sip_preproc'] = $_POST['sip_preproc'] ? 'on' : 'off'; $natent['modbus_preproc'] = $_POST['modbus_preproc'] ? 'on' : 'off'; + $natent['gtp_preproc'] = $_POST['gtp_preproc'] ? 'on' : 'off'; if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; @@ -155,6 +168,10 @@ include_once("head.inc"); ?> +<script type="text/javascript" src="/javascript/autosuggest.js"> +</script> +<script type="text/javascript" src="/javascript/suggestions.js"> +</script> <form action="snort_preprocessors.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> @@ -174,10 +191,10 @@ include_once("head.inc"); <tr><td class="tabcont"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td width="22%" valign="top"> </td> - <td width="78%"><span class="vexpl"><span class="red"><strong<?php echo gettext("Note:"); ?>> - </strong></span><br> - <?php echo gettext("Rules may be dependent on preprocessors!"); ?><br> + <td colspan="2" align="center" valign="middle"> + <span class="red"><strong><?php echo gettext("NOTE"); ?></strong></span><br> + <?php echo gettext("Rules may be dependent on preprocessors! Disabling preprocessors may result in "); ?> + <?php echo gettext("dependent rules being automatically disabled."); ?><br> <?php echo gettext("Defaults will be used when there is no user input."); ?><br></td> </tr> <tr> @@ -208,7 +225,7 @@ include_once("head.inc"); <tr> <td><input name="server_flow_depth" type="text" class="formfld" id="flow_depth" size="6" - value="<?=htmlspecialchars($pconfig['server_flow_depth']);?>"> <?php echo gettext("<strong>-1</strong> " . + value="<?=htmlspecialchars($pconfig['server_flow_depth']);?>"> <?php echo gettext("<strong>-1</strong> " . "to <strong>65535</strong> (<strong>-1</strong> disables HTTP " . "inspect, <strong>0</strong> enables all HTTP inspect)"); ?></td> </tr> @@ -220,6 +237,23 @@ include_once("head.inc"); </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("HTTP server profile"); ?> </td> + <td width="78%" class="vtable"> + <select name="http_server_profile" class="formselect" id="http_server_profile"> + <?php + $profile = array('All', 'Apache', 'IIS', 'IIS_4.0', 'IIS_5.0'); + foreach ($profile as $val): ?> + <option value="<?=strtolower($val);?>" + <?php if (strtolower($val) == $pconfig['http_server_profile']) echo "selected"; ?>> + <?=gettext($val);?></option> + <?php endforeach; ?> + </select> <?php echo gettext("Choose the profile type of the protected web server."); ?><br> + <?php echo gettext(" The default is <strong>All</strong>. "); ?> + <?php echo gettext("IIS_4.0 and IIS_5.0 are identical to IIS except they alert on the "); ?> + <?php echo gettext("double decoding vulnerability present in those two versions."); ?><br> + </td> + </tr> + <tr> <td valign="top" class="vncell"><?php echo gettext("HTTP client flow depth"); ?></td> <td class="vtable"> <table cellpadding="0" cellspacing="0"> @@ -298,6 +332,46 @@ include_once("head.inc"); "in RAM. Default value is <strong>8388608</strong> (8 MB)"); ?><br> </td> </tr> + + <tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Portscan Settings"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br> + <?php echo gettext("Portscan Detection"); ?></td> + <td width="78%" class="vtable"><input name="sf_portscan" + type="checkbox" value="on" + <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + <?php echo gettext("Detects various types of portscans and portsweeps."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Sensitivity"); ?> </td> + <td width="78%" class="vtable"> + <select name="pscan_sense_level" class="formselect" id="pscan_sense_level"> + <?php + $levels = array('low', 'medium', 'high'); + foreach ($levels as $val): ?> + <option value="<?=$val;?>" + <?php if ($val == $pconfig['pscan_sense_level']) echo "selected"; ?>> + <?=gettext(ucfirst($val));?></option> + <?php endforeach; ?> + </select><br> + <?php echo gettext("LOW: alerts generated on error packets from the target host; "); ?> + <?php echo gettext("this setting should see few false positives. "); ?><br> + <?php echo gettext("MEDIUM: tracks connection counts, so will generate filtered alerts; may "); ?> + <?php echo gettext("false positive on active hosts."); ?><br> + <?php echo gettext("HIGH: tracks hosts using a time window; will catch some slow scans, but is "); ?> + <?php echo gettext("very sensitive to active hosts."); ?><br/> + </td> + </tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Ignore Scanners"); ?> </td> + <td width="78%" class="vtable"> + <input name="pscan_ignore_scanners" type="text" size="40" autocomplete="off" class="formfldalias" id="pscan_ignore_scanners" + value="<?=$pconfig['pscan_ignore_scanners'];?>"> <br><?php echo gettext("Ignores the specified entity as a source of scan alerts. Entity must be a defined alias.");?><br> + <?php echo gettext("Default value: \$HOME_NET."); ?><?php echo gettext(" Leave " . + "blank for default value."); ?> + </td> <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Preprocessor Settings"); ?></td> </tr> @@ -348,15 +422,6 @@ include_once("head.inc"); </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br> - <?php echo gettext("Portscan Detection"); ?></td> - <td width="78%" class="vtable"><input name="sf_portscan" - type="checkbox" value="on" - <?php if ($pconfig['sf_portscan']=="on") echo "checked"; ?> - onClick="enable_change(false)"><br> - <?php echo gettext("Detects various types of portscans and portsweeps."); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br> <?php echo gettext("DCE/RPC2 Detection"); ?></td> <td width="78%" class="vtable"><input name="dce_rpc_2" type="checkbox" value="on" @@ -375,6 +440,15 @@ include_once("head.inc"); </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br> + <?php echo gettext("GTP Detection"); ?></td> + <td width="78%" class="vtable"><input name="gtp_preproc" + type="checkbox" value="on" + <?php if ($pconfig['gtp_preproc']=="on") echo "checked"; ?> + onClick="enable_change(false)"><br> + <?php echo gettext("The GTP preprocessor decodes GPRS Tunneling Protocol traffic and detects intrusion attempts."); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable"); ?> <br> <?php echo gettext("DNS Detection"); ?></td> <td width="78%" class="vtable"><input name="dns_preprocessor" type="checkbox" value="on" @@ -438,6 +512,40 @@ include_once("head.inc"); </table> </td></tr></table> </form> +<script type="text/javascript"> +<?php + $isfirst = 0; + $aliases = ""; + $addrisfirst = 0; + $portisfirst = 0; + $aliasesaddr = ""; + $aliasesports = ""; + if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias'])) + foreach($config['aliases']['alias'] as $alias_name) { + if ($alias_name['type'] == "host" || $alias_name['type'] == "network") { + if($addrisfirst == 1) $aliasesaddr .= ","; + $aliasesaddr .= "'" . $alias_name['name'] . "'"; + $addrisfirst = 1; + } else if ($alias_name['type'] == "port") { + if($portisfirst == 1) $aliasesports .= ","; + $aliasesports .= "'" . $alias_name['name'] . "'"; + $portisfirst = 1; + } + } +?> + + var addressarray=new Array(<?php echo $aliasesaddr; ?>); + var portsarray=new Array(<?php echo $aliasesports; ?>); + +function createAutoSuggest() { +<?php + echo "objAlias = new AutoSuggestControl(document.getElementById('pscan_ignore_scanners'), new StateSuggestions(addressarray));\n"; +?> +} + +setTimeout("createAutoSuggest();", 500); + +</script> <?php include("fend.inc"); ?> </body> </html> diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php index 83e1ea8b..7457632d 100755 --- a/config/snort/snort_rules.php +++ b/config/snort/snort_rules.php @@ -362,7 +362,7 @@ function popup(url) <tr> <td width="3%" class="list"> </td> <td colspan="7" class="listhdr" > </td> - <td width="3%" align="center" valign="middle" class="list"><a href="javascript: void(0)" + <td width="3%" align="center" valign="middle" class="listt"><a href="javascript: void(0)" onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>')"> <img src="../themes/<?= $g['theme']; ?>/images/icons/icon_service_restart.gif" <?php echo "onmouseover='this.src=\"../themes/{$g['theme']}/images/icons/icon_services_restart_mo.gif\"' @@ -371,7 +371,7 @@ function popup(url) </tr> <tr id="frheader"> <td width="3%" class="list"> </td> - <td width="9%" class="listhdr"><?php echo gettext("SID"); ?></td> + <td width="9%" class="listhdrr"><?php echo gettext("SID"); ?></td> <td width="2%" class="listhdrr"><?php echo gettext("Proto"); ?></td> <td width="14%" class="listhdrr"><?php echo gettext("Source"); ?></td> <td width="12%" class="listhdrr"><?php echo gettext("Port"); ?></td> @@ -446,7 +446,7 @@ function popup(url) $textss $message $textse </td>"; ?> - <td width="3%" align="center" valign="middle" nowrap class="list"> + <td width="3%" align="center" valign="middle" nowrap class="listt"> <a href="javascript: void(0)" onclick="popup('snort_rules_edit.php?id=<?=$id;?>&openruleset=<?=$currentruleset;?>&ids=<?=$sid;?>&gid=<?=$gid;?>')"><img src="../themes/<?= $g['theme']; ?>/images/icons/icon_right.gif" diff --git a/config/squid-reverse/squid_ng.inc b/config/squid-reverse/squid_ng.inc index b0604b02..0e1e0515 100644 --- a/config/squid-reverse/squid_ng.inc +++ b/config/squid-reverse/squid_ng.inc @@ -47,7 +47,7 @@ function global_write_squid_config() $active_interface = $config['installedpackages']['squid']['config'][0]['active_interface']; $transparent_proxy = $config['installedpackages']['squid']['config'][0]['transparent_proxy']; $log_enabled = $config['installedpackages']['squid']['config'][0]['log_enabled']; - $urlfier_enable = $config['installedpackages']['squid']['config'][0]['urlfilter_enable']; + $urlfilter_enable = $config['installedpackages']['squid']['config'][0]['urlfilter_enable']; $accesslog_disabled = $config['installedpackages']['squid']['config'][0]['accesslog_disabled']; $log_query_terms = $config['installedpackages']['squid']['config'][0]['log_query_terms']; $log_user_agents = $config['installedpackages']['squid']['config'][0]['log_user_agents']; @@ -560,7 +560,7 @@ function global_write_squid_config() $config_array[] = 'acl pf_banned_ip src "/usr/local/etc/squid/advanced/acls/src_banned_ip.acl"' . "\n"; } - unset($banned_ip_addr); + unset($banned_ip_array); unset($banned_ip_addr); unset($ind_banned_ip); diff --git a/config/squid/squid.inc b/config/squid/squid.inc index 960bad67..bd0c8634 100644 --- a/config/squid/squid.inc +++ b/config/squid/squid.inc @@ -219,10 +219,6 @@ function squid_install_command() { exec("chmod a+rx " . SQUID_LOCALBASE . "/libexec/squid/dnsserver"); if(file_exists("/usr/local/pkg/swapstate_check.php")) exec("/bin/chmod a+x /usr/local/pkg/swapstate_check.php"); - write_rcfile(array( - "file" => "sqp_monitor.sh", - "start" => "/usr/local/pkg/sqpmon.sh &", - "stop" => "ps awux | grep \"sqpmon\" | grep -v \"grep\" | grep -v \"php\" | awk '{ print $2 }' | xargs kill")); foreach (array( SQUID_CONFBASE, SQUID_ACLDIR, @@ -862,11 +858,13 @@ http_access allow manager localhost EOD; if(!empty($settings['ext_cachemanager'])) { - $extmgr = explode(";", ($settings['ext_cachemanager'])); + $extmgr = array_unique(explode(";", rtrim($settings['ext_cachemanager'], ';'))); $count = 1; $conf .= "\n# Allow external cache managers\n"; // $conf .= "acl ext_manager src ".$settings['ext_cachemanager']."\n"; foreach ($extmgr as $mgr) { + if (empty($mgr)) + continue; $conf .= "acl ext_manager_".$count." src "; $conf .= $mgr." "; $conf .= "\n"; @@ -1477,6 +1475,10 @@ if [ -z "`ps auxw | grep "[s]quid -D"|awk '{print $2}'`" ];then EOD; conf_mount_rw(); write_rcfile($rc); + write_rcfile(array( + "file" => "sqp_monitor.sh", + "start" => "/usr/local/pkg/sqpmon.sh &", + "stop" => "ps awux | grep \"sqpmon\" | grep -v \"grep\" | grep -v \"php\" | awk '{ print $2 }' | xargs kill")); conf_mount_ro(); } ?> diff --git a/config/squid/squid_ng.inc b/config/squid/squid_ng.inc index 03f6d48c..cfd2fe66 100644 --- a/config/squid/squid_ng.inc +++ b/config/squid/squid_ng.inc @@ -47,7 +47,7 @@ function global_write_squid_config() $active_interface = $config['installedpackages']['squid']['config'][0]['active_interface']; $transparent_proxy = $config['installedpackages']['squid']['config'][0]['transparent_proxy']; $log_enabled = $config['installedpackages']['squid']['config'][0]['log_enabled']; - $urlfier_enable = $config['installedpackages']['squid']['config'][0]['urlfilter_enable']; + $urlfilter_enable = $config['installedpackages']['squid']['config'][0]['urlfilter_enable']; $accesslog_disabled = $config['installedpackages']['squid']['config'][0]['accesslog_disabled']; $log_query_terms = $config['installedpackages']['squid']['config'][0]['log_query_terms']; $log_user_agents = $config['installedpackages']['squid']['config'][0]['log_user_agents']; @@ -560,7 +560,7 @@ function global_write_squid_config() $config_array[] = 'acl pf_banned_ip src "/usr/local/etc/squid/advanced/acls/src_banned_ip.acl"' . "\n"; } - unset($banned_ip_addr); + unset($banned_ip_array); unset($banned_ip_addr); unset($ind_banned_ip); diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc index 0100fba4..81f9cd96 100644 --- a/config/squidGuard/squidguard_configurator.inc +++ b/config/squidGuard/squidguard_configurator.inc @@ -443,8 +443,11 @@ function squid_reconfigure($remove_only = '') # update config if (is_array($conf)) $conf = implode(";", $conf); - $config['installedpackages']['squid']['config'][0]['custom_options'] = $conf; - write_config('Update redirector options to squid config.'); + /* Only update squid options if we have something to do, otherwise this can interfere with squid's default options in a new install. */ + if (!empty($conf)) { + $config['installedpackages']['squid']['config'][0]['custom_options'] = $conf; + write_config('Update redirector options to squid config.'); + } # resync squid package, if installed if (function_exists('squid_resync')) { diff --git a/config/zabbix2-agent/zabbix2-agent.xml b/config/zabbix2-agent/zabbix2-agent.xml index 3c86763c..cadc9ed8 100644 --- a/config/zabbix2-agent/zabbix2-agent.xml +++ b/config/zabbix2-agent/zabbix2-agent.xml @@ -3,7 +3,7 @@ <name>zabbixagent</name> <title>Services: Zabbix-2 Agent</title> <category>Monitoring</category> - <version>0.5</version> + <version>0.6</version> <addedit_string>Zabbix Agent has been created/modified.</addedit_string> <delete_string>Zabbix Agent has been deleted.</delete_string> <restart_command>/usr/local/etc/rc.d/zabbix2_agentd.sh restart</restart_command> @@ -77,7 +77,6 @@ <value>120</value> <type>input</type> <size>60</size> - <required>false</required> <description>The agent will refresh list of active checks once per 120 (default) seconds.</description> </field> <field> @@ -90,6 +89,30 @@ <description>Timeout (default 3). Do not spend more that Timeout seconds on getting requested value (1-255). The agent does not kill timeouted User Parameters processes!</description> </field> <field> + <fielddescr>Buffer Send</fielddescr> + <fieldname>buffersend</fieldname> + <value>5</value> + <type>input</type> + <size>60</size> + <description>Buffer Send (default 5). Do not keep data longer than N seconds in buffer (1-3600).</description> + </field> + <field> + <fielddescr>Buffer Size</fielddescr> + <fieldname>buffersize</fieldname> + <value>100</value> + <type>input</type> + <size>60</size> + <description>Buffer Size (default 100). Maximum number of values in a memory buffer (2-65535). The agent will send all collected data to Zabbix server or proxy if the buffer is full.</description> + </field> + <field> + <fielddescr>Start Agents</fielddescr> + <fieldname>startagents</fieldname> + <value>3</value> + <type>input</type> + <size>60</size> + <description>Start Agents (default 3). Number of pre-forked instances of zabbix_agentd that process passive checks (0-100).If set to 0, disables passive checks and the agent will not listen on any TCP port.</description> + </field> + <field> <fielddescr>User Parameters</fielddescr> <fieldname>userparams</fieldname> <encoding>base64</encoding> @@ -127,24 +150,22 @@ exec("/bin/rm -f " . ZABBIX_AGENT_BASE . "/etc/rc.d/zabbix2_agentd"); + /* rc_file options */ $start = "/bin/mkdir -p /var/log/zabbix2\n"; $start .= "/usr/sbin/chown -R zabbix:zabbix /var/log/zabbix2\n"; - $start .= "/bin/mkdir -p /var/run/zabbix2\n"; $start .= "/usr/sbin/chown -R zabbix:zabbix /var/run/zabbix2\n"; - - $start .= "echo \"Starting Zabbix Agent\"...\n"; - - /* start zabbix agent */ + $start .= "echo \"Starting Zabbix Agent...\"\n"; $start .= ZABBIX_AGENT_BASE . "/sbin/zabbix_agentd\n"; - $stop = "echo \"Stopping Zabbix Agent\"\n"; + $stop = "echo \"Stopping Zabbix Agent...\"\n"; $stop .= "/usr/bin/killall zabbix_agentd\n"; + $stop .= "/bin/sleep 5\n"; + /* write out rc.d start/stop file */ write_rcfile(array( "file" => "zabbix2_agentd.sh", - "start" => "{$start}", - "restart" => "$stop\n" . "sleep 5\n" . "{$start}", + "start" => "$start", "stop" => "$stop" ) ); @@ -179,14 +200,48 @@ } $RefreshActiveChecks=$_POST['refreshactchecks']; - if (!preg_match("/^\d+$/", $RefreshActiveChecks)) { - $input_errors[]='Refresh Active Checks is not numeric.'; + if ($RefreshActiveChecks != '') { + if (!preg_match("/^\d+$/", $RefreshActiveChecks)) { + $input_errors[]='Refresh Active Checks is not numeric.'; + } elseif ( $RefreshActiveChecks < 60 || $RefreshActiveChecks > 3600 ) { + $input_errors[]='You must enter a valid value for \'Refresh Active Checks\''; + } } $Timeout=$_POST['timeout']; if (!preg_match("/^\d+$/", $Timeout)) { $input_errors[]='Timeout is not numeric.'; + } elseif ( $Timeout < 1 || $Timeout > 255 ) { + $input_errors[]='You must enter a valid value for \'Timeout\''; + } + + $BufferSend=$_POST['buffersend']; + if ($BufferSend != '') { + if (!preg_match("/^\d+$/", $BufferSend)) { + $input_errors[]='Buffer Send is not numeric.'; + } elseif ( $BufferSend < 1 || $BufferSend > 3600 ) { + $input_errors[]='You must enter a valid value for \'Buffer Send\''; + } } + + $BufferSize=$_POST['buffersize']; + if ($BufferSize != '') { + if (!preg_match("/^\d+$/", $BufferSize)) { + $input_errors[]='Bufer Size is not numeric.'; + } elseif ( $BufferSize < 2 || $BufferSize > 65535 ) { + $input_errors[]='You must enter a valid value for \'Buffer Size\''; + } + } + + $StartAgents=$_POST['startagents']; + if ($StartAgents != '') { + if (!preg_match("/^\d+$/", $StartAgents)) { + $input_errors[]='Start Agents is not numeric.'; + } elseif ( $StartAgents < 0 || $StartAgents > 100 ) { + $input_errors[]='You must enter a valid value for \'Start Agents\''; + } + } + ]]> </custom_php_validation_command> <custom_add_php_command></custom_add_php_command> @@ -201,8 +256,11 @@ $Hostname=$config['installedpackages']['zabbixagent']['config'][0]['hostname']; $ListenIP=$config['installedpackages']['zabbixagent']['config'][0]['listenip']; $ListenPort=$config['installedpackages']['zabbixagent']['config'][0]['listenport']; - $RefreshActChecks=$config['installedpackages']['zabbixagent']['config'][0]['refreshactchecks']; + $RefreshActChecks=($config['installedpackages']['zabbixagent']['config'][0]['refreshactchecks'] ? $config['installedpackages']['zabbixagent']['config'][0]['refreshactchecks'] : 120); $Timeout=$config['installedpackages']['zabbixagent']['config'][0]['timeout']; + $BufferSend=($config['installedpackages']['zabbixagent']['config'][0]['buffersend'] ? $config['installedpackages']['zabbixagent']['config'][0]['buffersend'] : 5); + $BufferSize=($config['installedpackages']['zabbixagent']['config'][0]['buffersize'] ? $config['installedpackages']['zabbixagent']['config'][0]['buffersize'] : 100); + $StartAgents=($config['installedpackages']['zabbixagent']['config'][0]['startagents'] != '' ? $config['installedpackages']['zabbixagent']['config'][0]['startagents'] : 3); $UserParams=base64_decode($config['installedpackages']['zabbixagent']['config'][0]['userparams']); $conf = "Server=$Server\n"; @@ -210,16 +268,39 @@ $conf .= "Hostname=$Hostname\n"; $conf .= "ListenIP=$ListenIP\n"; $conf .= "ListenPort=$ListenPort\n"; - $conf .= "StartAgents=5\n"; $conf .= "RefreshActiveChecks=$RefreshActChecks\n"; $conf .= "DebugLevel=3\n"; $conf .= "PidFile=/var/run/zabbix2/zabbix2_agentd.pid\n"; $conf .= "LogFile=/var/log/zabbix2/zabbix2_agentd.log\n"; $conf .= "LogFileSize=1\n"; $conf .= "Timeout=$Timeout\n"; + $conf .= "BufferSend=$BufferSend\n"; + $conf .= "BufferSize=$BufferSize\n"; + $conf .= "StartAgents=$StartAgents\n"; $conf .= "$UserParams\n"; file_put_contents(ZABBIX_AGENT_BASE . "/etc/zabbix2/zabbix_agentd.conf", $conf); + + /* rc_file options */ + $start = "/bin/mkdir -p /var/log/zabbix2\n"; + $start .= "/usr/sbin/chown -R zabbix:zabbix /var/log/zabbix2\n"; + $start .= "/bin/mkdir -p /var/run/zabbix2\n"; + $start .= "/usr/sbin/chown -R zabbix:zabbix /var/run/zabbix2\n"; + $start .= "echo \"Starting Zabbix Agent...\"\n"; + $start .= ZABBIX_AGENT_BASE . "/sbin/zabbix_agentd\n"; + + $stop = "echo \"Stopping Zabbix Agent...\"\n"; + $stop .= "/usr/bin/killall zabbix_agentd\n"; + $stop .= "/bin/sleep 5\n"; + + /* write out rc.d start/stop file */ + write_rcfile(array( + "file" => "zabbix2_agentd.sh", + "start" => "$start", + "stop" => "$stop" + ) + ); + conf_mount_ro(); ]]> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 1d78c5d5..41136e1e 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -602,7 +602,7 @@ <depends_on_package>dansguardian-2.12.0.3.tbz</depends_on_package> <depends_on_package>ca_root_nss-3.14.1.tbz</depends_on_package> <depends_on_package_pbi>dansguardian-2.12.0.3-i386.pbi</depends_on_package_pbi> - <version>2.12.0.3 pkg v.0.1.7</version> + <version>2.12.0.3 pkg v.0.1.7_1</version> <status>beta</status> <required_version>2.0</required_version> <configurationfile>dansguardian.xml</configurationfile> @@ -652,7 +652,7 @@ </package> <package> <name>OpenBGPD</name> - <descr>OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol.</descr> + <descr>OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol. -- WARNING! Installs files to the same place as Quagga OSPF. Installing both will result in a broken state, remove this package before installing Quagga OSPF.</descr> <category>NET</category> <config_file>http://www.pfsense.com/packages/config/openbgpd/openbgpd.xml</config_file> <build_port_path>/usr/ports/net/openbgpd</build_port_path> @@ -700,9 +700,10 @@ <depends_on_package_pbi>lightsquid-1.8_2-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/www/lightsquid</build_port_path> <build_pbi> + <ports_before>lang/perl5.14 graphics/gd graphics/p5-GD</ports_before> <port>www/lightsquid</port> </build_pbi> - <build_options>WITHOUT_DEBUGGING=true;WITHOUT_GDBM=true;WITHOUT_PERL_MALLOC=true;WITH_PERL_64BITINT=true;WITHOUT_THREADS=true;WITHOUT_MULTIPLICITY=true;WITHOUT_SUIDPERL=true;WITHOUT_SITECUSTOMIZE=true;WITH_USE_PERL=true</build_options> + <build_options>WITHOUT_DEBUGGING=true;WITHOUT_GDBM=true;WITHOUT_PERL_MALLOC=true;WITH_PERL_64BITINT=true;WITHOUT_THREADS=true;WITHOUT_MULTIPLICITY=true;WITHOUT_SUIDPERL=true;WITHOUT_SITECUSTOMIZE=true;WITH_USE_PERL=true;WITH_GDSUPPORT=true</build_options> <status>RC1</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/lightsquid/lightsquid.xml</config_file> @@ -1212,7 +1213,7 @@ <descr>High performance web proxy cache.</descr> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>2.7.9 pkg v.4.3.2</version> + <version>2.7.9 pkg v.4.3.3</version> <status>Stable</status> <required_version>2</required_version> <maintainer>fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1392,7 +1393,7 @@ <depends_on_package_pbi>zip-3.0-i386.pbi p7zip-9.20.1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>1.0.2</version> + <version>1.0.3</version> <status>RELEASE</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> @@ -1663,7 +1664,7 @@ </package> <package> <name>Quagga OSPF</name> - <descr>OSPF routing protocol using Quagga -- WARNING! Installs files to the same place as OpenOSPFD. Installing both will break things.</descr> + <descr>OSPF routing protocol using Quagga -- WARNING! Installs files to the same place as OpenOSPFD and OpenBGPD. Installing both will break things.</descr> <maintainer>jimp@pfsense.org</maintainer> <version>0.99.20.1 v0.5</version> <category>Routing</category> @@ -1794,7 +1795,7 @@ <descr>Monitoring agent.</descr> <category>Services</category> <config_file>http://www.pfsense.org/packages/config/zabbix2-agent/zabbix2-agent.xml</config_file> - <version>zabbix2-agent-2.0.4 pkg v0.5</version> + <version>zabbix2-agent-2.0.4 pkg v0.6</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>zabbix2-agent.xml</configurationfile> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 2a4c4593..d53cbbc1 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -589,7 +589,7 @@ <depends_on_package>dansguardian-2.12.0.3.tbz</depends_on_package> <depends_on_package>ca_root_nss-3.14.1.tbz</depends_on_package> <depends_on_package_pbi>dansguardian-2.12.0.3-amd64.pbi</depends_on_package_pbi> - <version>2.12.0.3 pkg v.0.1.7</version> + <version>2.12.0.3 pkg v.0.1.7_1</version> <status>beta</status> <required_version>2.0</required_version> <configurationfile>dansguardian.xml</configurationfile> @@ -639,7 +639,7 @@ </package> <package> <name>OpenBGPD</name> - <descr>OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol.</descr> + <descr>OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol. -- WARNING! Installs files to the same place as Quagga OSPF. Installing both will result in a broken state, remove this package before installing Quagga OSPF.</descr> <category>NET</category> <config_file>http://www.pfsense.com/packages/config/openbgpd/openbgpd.xml</config_file> <build_port_path>/usr/ports/net/openbgpd</build_port_path> @@ -687,9 +687,10 @@ <depends_on_package_pbi>lightsquid-1.8_2-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/www/lightsquid</build_port_path> <build_pbi> + <ports_before>lang/perl5.14 graphics/gd graphics/p5-GD</ports_before> <port>www/lightsquid</port> </build_pbi> - <build_options>WITHOUT_DEBUGGING=true;WITHOUT_GDBM=true;WITHOUT_PERL_MALLOC=true;WITH_PERL_64BITINT=true;WITHOUT_THREADS=true;WITHOUT_MULTIPLICITY=true;WITHOUT_SUIDPERL=true;WITHOUT_SITECUSTOMIZE=true;WITH_USE_PERL=true</build_options> + <build_options>WITHOUT_DEBUGGING=true;WITHOUT_GDBM=true;WITHOUT_PERL_MALLOC=true;WITH_PERL_64BITINT=true;WITHOUT_THREADS=true;WITHOUT_MULTIPLICITY=true;WITHOUT_SUIDPERL=true;WITHOUT_SITECUSTOMIZE=true;WITH_USE_PERL=true;WITH_GDSUPPORT=true</build_options> <status>Beta</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/lightsquid/lightsquid.xml</config_file> @@ -1199,7 +1200,7 @@ <descr>High performance web proxy cache.</descr> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>2.7.9 pkg v.4.3.2</version> + <version>2.7.9 pkg v.4.3.3</version> <status>Stable</status> <required_version>2</required_version> <maintainer>fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1379,7 +1380,7 @@ <depends_on_package_pbi>p7zip-9.20.1-amd64.pbi zip-3.0-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/archivers/p7zip</build_port_path> <build_port_path>/usr/ports/archivers/zip</build_port_path> - <version>1.0.2</version> + <version>1.0.3</version> <status>RELEASE</status> <required_version>2.0</required_version> <config_file>http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> @@ -1650,7 +1651,7 @@ </package> <package> <name>Quagga OSPF</name> - <descr>OSPF routing protocol using Quagga -- WARNING! Installs files to the same place as OpenOSPFD. Installing both will break things.</descr> + <descr>OSPF routing protocol using Quagga -- WARNING! Installs files to the same place as OpenOSPFD and OpenBGPD. Installing both will break things.</descr> <maintainer>jimp@pfsense.org</maintainer> <version>0.99.20.1 v0.5</version> <category>Routing</category> @@ -1781,7 +1782,7 @@ <descr>Monitoring agent.</descr> <category>Services</category> <config_file>http://www.pfsense.org/packages/config/zabbix2-agent/zabbix2-agent.xml</config_file> - <version>zabbix2-agent-2.0.4 pkg v0.5</version> + <version>zabbix2-agent-2.0.4 pkg v0.6</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>zabbix2-agent.xml</configurationfile> |