aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/apcupsd/apcupsd.xml2
-rwxr-xr-xconfig/apcupsd/apcupsd_mail.php2
-rw-r--r--config/lightsquid/lightsquid.inc3
-rw-r--r--config/lightsquid/lightsquid.xml2
-rw-r--r--config/pfblockerng/pfblockerng.inc109
-rw-r--r--config/pfblockerng/pfblockerng.php16
-rw-r--r--config/pfblockerng/pfblockerng.sh72
-rw-r--r--config/pfblockerng/pfblockerng.xml1
-rw-r--r--config/pfblockerng/pfblockerng_alerts.php436
-rw-r--r--config/snort/snort_alerts.widget.php8
-rw-r--r--config/vhosts/vhosts.inc4
-rw-r--r--config/zabbix-lts/zabbix-agent-lts.xml179
-rw-r--r--config/zabbix-lts/zabbix-lts.inc360
-rw-r--r--config/zabbix-lts/zabbix-proxy-lts.xml150
-rw-r--r--pkg_config.10.xml61
-rw-r--r--pkg_config.8.xml4
-rw-r--r--pkg_config.8.xml.amd644
17 files changed, 1249 insertions, 164 deletions
diff --git a/config/apcupsd/apcupsd.xml b/config/apcupsd/apcupsd.xml
index 8a42f352..0b2a96e0 100644
--- a/config/apcupsd/apcupsd.xml
+++ b/config/apcupsd/apcupsd.xml
@@ -40,7 +40,7 @@
<name>Apcupsd</name>
<title>Services: Apcupsd (General)</title>
<category>Monitoring</category>
- <version>0.3.2</version>
+ <version>0.3.3</version>
<include_file>/usr/local/pkg/apcupsd.inc</include_file>
<addedit_string>Apcupsd has been created/modified.</addedit_string>
<delete_string>Apcupsd has been deleted.</delete_string>
diff --git a/config/apcupsd/apcupsd_mail.php b/config/apcupsd/apcupsd_mail.php
index d5b97f92..3b13309c 100755
--- a/config/apcupsd/apcupsd_mail.php
+++ b/config/apcupsd/apcupsd_mail.php
@@ -29,7 +29,7 @@
require_once("pkg-utils.inc");
require_once("globals.inc");
-require_once("phpmailer/class.phpmailer.php");
+require_once("phpmailer/PHPMailerAutoload.php");
global $config, $g;
diff --git a/config/lightsquid/lightsquid.inc b/config/lightsquid/lightsquid.inc
index 399e0572..054713a1 100644
--- a/config/lightsquid/lightsquid.inc
+++ b/config/lightsquid/lightsquid.inc
@@ -175,6 +175,9 @@ function lightsquid_resync() {
if (!file_exists("/usr/bin/perl"))
mwexec("ln -s /usr/local/bin/perl /usr/bin/perl");
+ // Fixup library path so GD can find its libraries for graphs.
+ mwexec("/sbin/ldconfig -m " . LIGHTSQUID_BASE . "/lib/");
+
// create lightsquid report catalog
if (!file_exists(LS_REPORTPATH)) {
update_log("lightsquid_install: Create report dir " . LS_REPORTPATH);
diff --git a/config/lightsquid/lightsquid.xml b/config/lightsquid/lightsquid.xml
index 0f6baf37..63eaabe4 100644
--- a/config/lightsquid/lightsquid.xml
+++ b/config/lightsquid/lightsquid.xml
@@ -46,7 +46,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>lightsquid</name>
- <version>1.8.2 pkg v.2.34</version>
+ <version>1.8.2 pkg v.2.35</version>
<title>Services: Proxy Reports (LightSquid, SQStat) -> Settings</title>
<category>Status</category>
<include_file>/usr/local/pkg/lightsquid.inc</include_file>
diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc
index a1ee6abc..6ee9592a 100644
--- a/config/pfblockerng/pfblockerng.inc
+++ b/config/pfblockerng/pfblockerng.inc
@@ -78,6 +78,7 @@ function pfb_global() {
$pfb['log'] = "{$pfb['logdir']}/pfblockerng.log";
$pfb['supptxt'] = "{$pfb['dbdir']}/pfbsuppression.txt";
$pfb['script'] = 'sh /usr/local/pkg/pfblockerng/pfblockerng.sh';
+ $pfb['aliasarchive'] = "/usr/pbi/pfblockerng-" . php_uname("m") . "/etc/aliastables.tar.bz2";
# General Variables
$pfb['config'] = $config['installedpackages']['pfblockerng']['config'][0];
@@ -334,6 +335,58 @@ function ip_range_to_subnet_array_temp2($ip1, $ip2) {
}
+// Archive Aliastables for NanoBSD and RAMDisk Installations
+function pfb_aliastables($mode) {
+ global $g,$config,$pfb;
+ $earlyshellcmd = "/usr/local/pkg/pfblockerng/pfblockerng.sh aliastables";
+ $msg = "";
+
+ // Only Execute function if Platform is NanoBSD or Ramdisks are used.
+ if (($g['platform'] != "pfSense") || isset($config['system']['use_mfs_tmpvar'])) {
+ conf_mount_rw();
+ if ($mode == "update") {
+ // Archive Aliastable Folder
+ exec ("cd {$pfb['aliasdir']}; ls -A pfB_*.txt && /usr/bin/tar -jcvf {$pfb['aliasarchive']} pfB_*.txt >/dev/null 2>&1");
+ $msg = "\n\nArchiving Aliastable Folder\n";
+ }
+ elseif ($mode == "conf") {
+ // Check conf file for earlyshellcmd
+ if (is_array($config['system']['earlyshellcmd'])) {
+ $a_earlyshellcmd = &$config['system']['earlyshellcmd'];
+ if (!preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) {
+ $a_earlyshellcmd[] = "{$earlyshellcmd}";
+ $msg = "\n** Adding earlyshellcmd **\n";
+ }
+ }
+ else {
+ $config['system']['earlyshellcmd'] = "{$earlyshellcmd}";
+ $msg = "\n** Adding earlyshellcmd **\n";
+ }
+ }
+ conf_mount_ro();
+ }
+ else {
+ if (file_exists("{$pfb['aliasarchive']}")) {
+ // Remove Aliastables archive if found.
+ conf_mount_rw();
+ @unlink_if_exists("{$pfb['aliasarchive']}");
+ conf_mount_ro();
+ }
+ // Remove earlyshellcmd if found.
+ if (is_array($config['system']['earlyshellcmd'])) {
+ $a_earlyshellcmd = &$config['system']['earlyshellcmd'];
+ if (preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) {
+ $a_earlyshellcmd = preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd, PREG_GREP_INVERT);
+ $msg = "\n** Removing earlyshellcmd **\n";
+ }
+ }
+ }
+
+ if ($msg != "")
+ pfb_logger("{$msg}","1");
+}
+
+
# Main pfBlockerNG Function
function sync_package_pfblockerng($cron = "") {
@@ -365,14 +418,8 @@ function sync_package_pfblockerng($cron = "") {
}
}
- # TBC if Required ! (Fetch Timeout in 2.2)
-
- #apply fetch timeout to pfsense-utils.inc
- $pfsense_utils = file_get_contents('/etc/inc/pfsense-utils.inc');
- $new_pfsense_utils = preg_replace("/\/usr\/bin\/fetch -q/","/usr/bin/fetch -T 5 -q",$pfsense_utils);
- if ($new_pfsense_utils != $pfsense_utils) {
- @file_put_contents('/etc/inc/pfsense-utils.inc',$new_pfsense_utils, LOCK_EX);
- }
+ // Call function for NanoBSD/Ramdisk processes.
+ pfb_aliastables("conf");
# Collect pfSense Max Table Size Entry
$pfb['table_limit'] = ($config['system']['maximumtableentries'] != "" ? $config['system']['maximumtableentries'] : "2000000");
@@ -1173,7 +1220,7 @@ function sync_package_pfblockerng($cron = "") {
$pattern8 = '[A-Fa-f0-9]{1,4}:[A-Fa-f0-9]{1,4}:[A-Fa-f0-9]{1,4}::\/[0-9]{2}';
$pattern9 = '[A-Fa-f0-9]{1,4}:([A-Fa-f0-9]{1,4}::)\/[0-9]{2}';
$pattern10 = '[A-Fa-f0-9]{1,4}::\/[0-9]{2}';
- $pfb['ipv6'] = "/^($pattern1)$|^($pattern2)$|^($pattern3)$|^($pattern4)$|^($pattern5)$|^($pattern6)$|^($pattern7)$|^($pattern8)$|^($pattern9)$|^($pattern10)$/";
+ $pfb['ipv6'] = "/($pattern1)|($pattern2)|($pattern3)|($pattern4)|($pattern5)|($pattern6)|($pattern7)|($pattern8)|($pattern9)|($pattern10)/";
$pfb['supp_update'] = FALSE;
$list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6");
@@ -2191,6 +2238,7 @@ function sync_package_pfblockerng($cron = "") {
unset ($other_rules,$fother_rules,$permit_rules,$fpermit_rules,$match_rules,$fmatch_rules);
}
+
#################################
# Closing Processes #
#################################
@@ -2223,6 +2271,9 @@ function sync_package_pfblockerng($cron = "") {
#load filter file which will create the pfctl tables
filter_configure();
+
+ // Call function for NanoBSD/Ramdisk processes.
+ pfb_aliastables("update");
} else {
# Don't Execute on User 'Save'
if (!$pfb['save']) {
@@ -2253,8 +2304,11 @@ function sync_package_pfblockerng($cron = "") {
$log = implode($result_pfctl);
pfb_logger("{$log}","1");
}
+
+ // Call function for NanoBSD/Ramdisk processes.
+ pfb_aliastables("update");
} else {
- $log = "\n No Changes to Aliases, Skipping pfctl Update \n";
+ $log = "\nNo Changes to Aliases, Skipping pfctl Update \n";
pfb_logger("{$log}","1");
}
}
@@ -2282,7 +2336,7 @@ function sync_package_pfblockerng($cron = "") {
#########################################
- # Define/Apply CRON Jobs #
+ # Define/Apply CRON Jobs #
#########################################
# Clear any existing pfBlockerNG Cron Jobs
@@ -2291,13 +2345,13 @@ function sync_package_pfblockerng($cron = "") {
# Replace Cron job with any User Changes to $pfb_min
if ($pfb['enable'] == "on") {
# Define pfBlockerNG CRON Job
- $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1";
+ $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1";
# $pfb['min'] ( User Defined Variable. Variable defined at start of Script )
- $pfb_hour = "*";
- $pfb_mday = "*";
- $pfb_month = "*";
- $pfb_wday = "*";
- $pfb_who = "root";
+ $pfb_hour = "*";
+ $pfb_mday = "*";
+ $pfb_month = "*";
+ $pfb_wday = "*";
+ $pfb_who = "root";
install_cron_job($pfb_cmd, true, $pfb['min'], $pfb_hour, $pfb_mday, $pfb_month, $pfb_wday, $pfb_who);
}
@@ -2311,12 +2365,12 @@ function sync_package_pfblockerng($cron = "") {
# MaxMind GeoIP Cron Hour is randomized between 0-23 Hour to minimize effect on MaxMind Website
- $pfb_gmin = "0";
- $pfb_ghour = rand(0,23);
- $pfb_gmday = "1,2,3,4,5,6,7";
- $pfb_gmonth = "*";
- $pfb_gwday = "2";
- $pfb_gwho = "root";
+ $pfb_gmin = "0";
+ $pfb_ghour = rand(0,23);
+ $pfb_gmday = "1,2,3,4,5,6,7";
+ $pfb_gmonth = "*";
+ $pfb_gwday = "2";
+ $pfb_gwho = "root";
install_cron_job($pfb_gcmd, true, $pfb_gmin, $pfb_ghour, $pfb_gmday, $pfb_gmonth, $pfb_gwday, $pfb_gwho);
}
@@ -2413,6 +2467,15 @@ function pfblockerng_php_deinstall_command() {
rmdir_recursive("{$pfb['dbdir']}");
rmdir_recursive("{$pfb['logdir']}");
+ // Remove Aliastables archive and earlyshellcmd if found.
+ @unlink_if_exists("{$pfb['aliasarchive']}");
+ if (is_array($config['system']['earlyshellcmd'])) {
+ $a_earlyshellcmd = &$config['system']['earlyshellcmd'];
+ if (preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) {
+ $a_earlyshellcmd = preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd, PREG_GREP_INVERT);
+ }
+ }
+
# Remove Settings from Config
if (is_array($config['installedpackages']['pfblockerng']))
unset($config['installedpackages']['pfblockerng']);
diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php
index 0ca3aa7d..1dec1520 100644
--- a/config/pfblockerng/pfblockerng.php
+++ b/config/pfblockerng/pfblockerng.php
@@ -251,7 +251,7 @@ if ($argv[1] == 'gc') {
}
if ($argv[1] == 'cron') {
- $hour = date('H');
+ $hour = date('G');
$dow = date('N');
$pfb['update_cron'] = FALSE;
@@ -270,7 +270,7 @@ if ($argv[1] == 'cron') {
$sch2 = strval($shour);
for ($i=0; $i<11; $i++) {
$shour += 2;
- if ($shour > 24)
+ if ($shour >= 24)
$shour -= 24;
$sch2 .= "," . strval($shour);
}
@@ -280,7 +280,7 @@ if ($argv[1] == 'cron') {
$sch3 = strval($shour);
for ($i=0; $i<7; $i++) {
$shour += 3;
- if ($shour > 24)
+ if ($shour >= 24)
$shour -= 24;
$sch3 .= "," . strval($shour);
}
@@ -290,7 +290,7 @@ if ($argv[1] == 'cron') {
$sch4 = strval($shour);
for ($i=0; $i<5; $i++) {
$shour += 4;
- if ($shour > 24)
+ if ($shour >= 24)
$shour -= 24;
$sch4 .= "," . strval($shour);
}
@@ -300,7 +300,7 @@ if ($argv[1] == 'cron') {
$sch6 = strval($shour);
for ($i=0; $i<3; $i++) {
$shour += 6;
- if ($shour > 24)
+ if ($shour >= 24)
$shour -= 24;
$sch6 .= "," . strval($shour);
}
@@ -310,7 +310,7 @@ if ($argv[1] == 'cron') {
$sch8 = strval($shour);
for ($i=0; $i<2; $i++) {
$shour += 8;
- if ($shour > 24)
+ if ($shour >= 24)
$shour -= 24;
$sch8 .= "," . strval($shour);
}
@@ -319,7 +319,7 @@ if ($argv[1] == 'cron') {
$shour = intval(substr($pfb['hour'], 0, 2));
$sch12 = strval($shour) . ",";
$shour += 12;
- if ($shour > 24)
+ if ($shour >= 24)
$shour -= 24;
$sch12 .= strval($shour);
@@ -1480,4 +1480,4 @@ EOF;
// Unset Arrays
unset ($roptions4, $et_options, $xmlrep);
}
-?> \ No newline at end of file
+?>
diff --git a/config/pfblockerng/pfblockerng.sh b/config/pfblockerng/pfblockerng.sh
index cc11be6b..fd0a2f4a 100644
--- a/config/pfblockerng/pfblockerng.sh
+++ b/config/pfblockerng/pfblockerng.sh
@@ -35,6 +35,7 @@ etblock=$(echo $8 | sed 's/,/, /g')
etmatch=$(echo $9 | sed 's/,/, /g')
# File Locations
+aliasarchive="/usr/pbi/pfblockerng-$mtype/etc/aliastables.tar.bz2"
pathgeoipdat=/usr/pbi/pfblockerng-$mtype/share/GeoIP/GeoIP.dat
pfbsuppression=/var/db/pfblockerng/pfbsuppression.txt
masterfile=/var/db/pfblockerng/masterfile
@@ -46,6 +47,7 @@ errorlog=/var/log/pfblockerng/error.log
etdir=/var/db/pfblockerng/ET
tmpxlsx=/tmp/xlsx/
+pfbdbdir=/var/db/pfblockerng/
pfbdeny=/var/db/pfblockerng/deny/
pfborig=/var/db/pfblockerng/original/
pfbmatch=/var/db/pfblockerng/match/
@@ -65,6 +67,17 @@ syncfile=/tmp/pfbsyncfile
matchfile=/tmp/pfbmatchfile
tempmatchfile=/tmp/pfbtempmatchfile
+PLATFORM=`cat /etc/platform`
+USE_MFS_TMPVAR=`/usr/bin/grep -c use_mfs_tmpvar /cf/conf/config.xml`
+DISK_NAME=`/bin/df /var/db/rrd | /usr/bin/tail -1 | /usr/bin/awk '{print $1;}'`
+DISK_TYPE=`/usr/bin/basename ${DISK_NAME} | /usr/bin/cut -c1-2`
+
+if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then
+ /usr/local/bin/php /etc/rc.conf_mount_rw >/dev/null 2>&1
+ if [ ! -d $pfbdbdir ]; then mkdir $pfbdbdir; fi
+ if [ ! -d $pfsense_alias_dir ]; then mkdir $pfsense_alias_dir; fi
+fi
+
if [ ! -f $masterfile ]; then touch $masterfile; fi
if [ ! -f $mastercat ]; then touch $mastercat; fi
if [ ! -f $tempfile ]; then touch $tempfile; fi
@@ -79,6 +92,16 @@ if [ ! -d $pfbmatch ]; then mkdir $pfbmatch; fi
if [ ! -d $etdir ]; then mkdir $etdir; fi
if [ ! -d $tmpxlsx ]; then mkdir $tmpxlsx; fi
+
+# Exit Function to set mount RO if required before Exiting
+exitnow() {
+ if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then
+ /usr/local/bin/php /etc/rc.conf_mount_ro >/dev/null 2>&1
+ fi
+ exit
+}
+
+
##########
# Process to condense an IP range if a "Max" amount of IP addresses are found in a /24 range per Alias Group.
process24() {
@@ -86,7 +109,7 @@ process24() {
if [ ! -x $pathgeoip ]; then
echo "Process24 - Application [ GeoIP ] Not found. Can't proceed."
echo "Process24 - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
# Download MaxMind GeoIP.dat Binary on first Install.
@@ -98,7 +121,7 @@ fi
if [ ! -f $pathgeoipdat ]; then
echo "Process24 - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed."
echo "Process24 - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
count=$(grep -c ^ $pfbdeny$alias".txt")
@@ -192,6 +215,7 @@ echo "-------------------------------------------------------"
cocount=$(grep -cv "^1\.1\.1\.1" $pfbdeny$alias".txt")
echo "Post /24 Count [ $cocount ]"; echo
fi
+exitnow
}
@@ -247,6 +271,7 @@ printf "%-10s %-10s %-10s %-30s\n" "Original" "Masterfile" "Outfile" "Sanity Che
echo "----------------------------------------------------------"
printf "%-10s %-10s %-10s %-30s\n" "$countg" "$countm" "$counto" " [ $sanity ]"
echo "----------------------------------------------------------"
+exitnow
}
@@ -257,7 +282,7 @@ suppress() {
if [ ! -x $pathgrepcidr ]; then
echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]"
echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" >> errorlog
- exit
+ exitnow
fi
if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then
@@ -270,7 +295,7 @@ if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then
echo; echo "===[ Suppression Stats ]========================================"; echo
printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile"
echo "----------------------------------------------------------------"
- exit
+ exitnow
fi
for i in $cc; do
@@ -342,7 +367,7 @@ else
echo "===[ Suppression Stats ]========================================"; echo
printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile"
echo "----------------------------------------------------------------"
- exit
+ exitnow
fi
for i in $cc; do
alias=$(echo "${i%|*}")
@@ -372,6 +397,7 @@ else
fi
done
fi
+exitnow
}
@@ -382,7 +408,7 @@ duplicate() {
if [ ! -x $pathgrepcidr ]; then
echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]"
echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" >> errorlog
- exit
+ exitnow
fi
dupcheck=yes
@@ -415,6 +441,7 @@ printf "%-10s %-10s %-10s %-30s\n" "Original" "Masterfile" "Outfile" " [ Post Du
echo "----------------------------------------------------------"
printf "%-10s %-10s %-10s %-30s\n" "$countg" "$countm" "$counto" " [ $sanity ]"
echo "----------------------------------------------------------"
+exitnow
}
@@ -425,7 +452,7 @@ deduplication() {
if [ ! -x $pathgeoip ]; then
echo "d-duplication - Application [ GeoIP ] Not found. Can't proceed."
echo "d-duplication - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
# Download MaxMind GeoIP.dat on first Install.
@@ -438,7 +465,7 @@ fi
if [ ! -f $pathgeoipdat ]; then
echo "d-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed."
echo "d-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
> $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; > $matchfile; > $tempmatchfile; count=0; dcount=0; mcount=0; mmcount=0
@@ -541,6 +568,7 @@ echo " [ Post d-Deduplication count ] [ $count ]"; echo
# Write "1.1.1.1" to empty Final Blocklist Files
emptyfiles=$(find $pfbdeny -size 0)
for i in $emptyfiles; do echo "1.1.1.1" > $i; done
+exitnow
}
@@ -551,7 +579,7 @@ pdeduplication(){
if [ ! -x $pathgeoip ]; then
echo "p-duplication - Application [ GeoIP ] Not found. Can't proceed."
echo "p-duplication - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
# Download MaxMind GeoIP.dat on first Install.
@@ -563,7 +591,7 @@ fi
if [ ! -f $pathgeoipdat ]; then
echo "p-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed."
echo "p-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
> $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; count=0; dcount=0
@@ -616,6 +644,7 @@ echo; echo " [ Post p-Deduplication count ] [ $count ]"
# Write "1.1.1.1" to empty Final Blocklist Files
emptyfiles=$(find $pfbdeny -size 0)
for i in $emptyfiles; do echo "1.1.1.1" > $i; done
+exitnow
}
@@ -626,7 +655,7 @@ processet() {
if [ ! -x $pathgunzip ]; then
echo "Application [ Gunzip ] Not found, Can't proceed."
echo "Application [ Gunzip ] Not found, Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
if [ -s $pfborig$alias".gz" ]; then
@@ -714,6 +743,7 @@ if [ -s $pfborig$alias".gz" ]; then
else
echo; echo "No ET .GZ File Found!"
fi
+exitnow
}
# Process to extract IP addresses from XLSX Files
@@ -722,7 +752,7 @@ processxlsx() {
if [ ! -x $pathtar ]; then
echo "Application [ TAR ] Not found, Can't proceed."
echo "Application [ TAR ] Not found, Can't proceed. [ $now ]" >> $errorlog
- exit
+ exitnow
fi
if [ -s $pfborig$alias".zip" ]; then
@@ -738,6 +768,7 @@ else
echo "XLSX Download File Missing"
echo " [ $alias ] XLSX Download File Missing [ $now ]" >> $errorlog
fi
+exitnow
}
closingprocess() {
@@ -856,6 +887,7 @@ echo; echo "pfSense Table Stats"; echo "-------------------"
$pathpfctl -s memory | grep "table-entries"
pfctlcount=$($pathpfctl -vvsTables | awk '/Addresses/ {s+=$2}; END {print s}')
echo "Table Usage Count " $pfctlcount
+exitnow
}
remove() {
@@ -883,6 +915,15 @@ emptychk=$(find $masterfile -size 0)
if [ ! "$emptychk" == "" ]; then
rm -r $masterfile; rm -r $mastercat
fi
+exitnow
+}
+
+# Process to restore aliasables from archive on reboot ( NanoBSD and Ramdisk Installations only )
+aliastables() {
+ if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then
+ [ -f $aliasarchive ] && cd $pfsense_alias_dir && /usr/bin/tar -jxvf $aliasarchive
+ fi
+ exitnow
}
@@ -920,8 +961,11 @@ case $1 in
remove)
remove
;;
+ aliastables)
+ aliastables
+ ;;
*)
- exit
+ exitnow
;;
esac
-exit \ No newline at end of file
+exitnow \ No newline at end of file
diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml
index 54c6c061..bdfecd96 100644
--- a/config/pfblockerng/pfblockerng.xml
+++ b/config/pfblockerng/pfblockerng.xml
@@ -234,6 +234,7 @@
<fieldname>pfb_keep</fieldname>
<type>checkbox</type>
<description>Keep Settings and Lists intact when pfBlockerNG is Disabled or After pfBlockerNG Re-Install/De-Install</description>
+ <default_value>on</default_value>
</field>
<field>
<fielddescr>CRON MIN Start Time</fielddescr>
diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php
index f03f7040..dd968bfc 100644
--- a/config/pfblockerng/pfblockerng_alerts.php
+++ b/config/pfblockerng/pfblockerng_alerts.php
@@ -41,8 +41,12 @@
// Auto-Resolve Hostnames
if (isset($_REQUEST['getpfhostname'])) {
- $getpfhostname = htmlspecialchars($_REQUEST['getpfhostname']);
- $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES);
+ $getpfhostname = trim(htmlspecialchars($_REQUEST['getpfhostname']));
+ if (strlen($getpfhostname) >= 8) {
+ $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES);
+ } else {
+ $hostname = $getpfhostname;
+ }
if ($hostname == $getpfhostname) {
$hostname = 'unknown';
}
@@ -52,9 +56,8 @@ if (isset($_REQUEST['getpfhostname'])) {
require_once("util.inc");
require_once("guiconfig.inc");
-require_once("filter_log.inc");
require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc");
-
+global $rule_list;
pfb_global();
// Application Paths
@@ -66,6 +69,9 @@ $filter_logfile = "{$g['varlog_path']}/filter.log";
$pathgeoipdat = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIP.dat";
$pathgeoipdat6 = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIPv6.dat";
+// Define Alerts Log filter Rollup window variable. (Alert Filtering Code adapted from B.Meeks - Snort Package)
+$pfb['filterlogentries'] = FALSE;
+
// Emerging Threats IQRisk Header Name Reference
$pfb['et_header'] = TRUE;
$et_header = $config['installedpackages']['pfblockerngreputation']['config'][0]['et_header'];
@@ -88,11 +94,11 @@ $rule_list = array();
$results = array();
$data = exec ("/sbin/pfctl -vv -sr | grep 'pfB_'", $results);
-if (empty($config['installedpackages']['pfblockerngglobal']['pfbdenycnt']))
+if (!isset($config['installedpackages']['pfblockerngglobal']['pfbdenycnt']))
$config['installedpackages']['pfblockerngglobal']['pfbdenycnt'] = '25';
-if (empty($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt']))
+if (!isset($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt']))
$config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'] = '5';
-if (empty($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt']))
+if (!isset($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt']))
$config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'] = '5';
if (empty($config['installedpackages']['pfblockerngglobal']['alertrefresh']))
$config['installedpackages']['pfblockerngglobal']['alertrefresh'] = 'off';
@@ -124,6 +130,53 @@ if (is_array($config['installedpackages']['pfblockerngglobal'])) {
$pfbmatchcnt = $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'];
}
+
+function pfb_match_filter_field($flent, $fields) {
+ foreach ($fields as $key => $field) {
+ if ($field == null)
+ continue;
+ if ((strpos($field, '!') === 0)) {
+ $field = substr($field, 1);
+ $field_regex = str_replace('/', '\/', str_replace('\/', '/', $field));
+ if (@preg_match("/{$field_regex}/i", $flent[$key]))
+ return false;
+ }
+ else {
+ $field_regex = str_replace('/', '\/', str_replace('\/', '/', $field));
+ if (!@preg_match("/{$field_regex}/i", $flent[$key]))
+ return false;
+ }
+ }
+ return true;
+}
+
+
+if ($_POST['filterlogentries_submit']) {
+ // Set flag for filtering alert entries
+ $pfb['filterlogentries'] = TRUE;
+
+ // Note the order of these fields must match the order decoded from the alerts log
+ $filterfieldsarray = array();
+ $filterfieldsarray[0] = $_POST['filterlogentries_rule'] ? $_POST['filterlogentries_rule'] : null;
+ $filterfieldsarray[2] = $_POST['filterlogentries_int'] ? $_POST['filterlogentries_int'] : null;
+ $filterfieldsarray[6] = strtolower($_POST['filterlogentries_proto']) ? $_POST['filterlogentries_proto'] : null;
+
+ // Remove any zero-length spaces added to the IP address that could creep in from a copy-paste operation
+ $filterfieldsarray[7] = $_POST['filterlogentries_srcip'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_srcip']) : null;
+ $filterfieldsarray[8] = $_POST['filterlogentries_dstip'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_dstip']) : null;
+
+ $filterfieldsarray[9] = $_POST['filterlogentries_srcport'] ? $_POST['filterlogentries_srcport'] : null;
+ $filterfieldsarray[10] = $_POST['filterlogentries_dstport'] ? $_POST['filterlogentries_dstport'] : null;
+ $filterfieldsarray[99] = $_POST['filterlogentries_date'] ? $_POST['filterlogentries_date'] : null;
+}
+
+
+if ($_POST['filterlogentries_clear']) {
+ $pfb['filterlogentries'] = TRUE;
+ $filterfieldsarray = array();
+}
+
+
// Collect pfBlockerNG Firewall Rules
if (!empty($results)) {
foreach ($results as $result) {
@@ -293,6 +346,112 @@ function check_lan_dest($lan_ip,$lan_mask,$dest_ip,$dest_mask="32") {
}
+// Parse Filter log for pfBlockerNG Alerts
+function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt) {
+ global $pfb, $rule_list, $filterfieldsarray;
+ $fields_array = array();
+ $logarr = "";
+ $denycnt = 0;
+ $permitcnt = 0;
+ $matchcnt = 0;
+
+ if (file_exists($logfile)) {
+ exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/grep 'filterlog:' | /usr/bin/tail -r -n {$tail}", $logarr);
+ }
+ else return;
+
+ if (!empty($logarr) && !empty($rule_list['id'])) {
+ foreach ($logarr as $logent) {
+ $pfbalert = array();
+ $log_split = "";
+
+ if (!preg_match("/(.*)\s(.*)\sfilterlog:\s(.*)$/", $logent, $log_split))
+ continue;
+
+ list($all, $pfbalert[99], $host, $rule) = $log_split;
+ $rule_data = explode(",", $rule);
+ $pfbalert[0] = $rule_data[0]; // Rulenum
+
+ // Skip Alert if Rule is not a pfBNG Alert
+ if (!in_array($pfbalert[0], $rule_list['id']))
+ continue;
+
+ $pfbalert[1] = $rule_data[4]; // Realint
+ $pfbalert[3] = $rule_data[6]; // Act
+ $pfbalert[4] = $rule_data[8]; // Version
+
+ if ($pfbalert[4] == "4") {
+ $pfbalert[5] = $rule_data[15]; // Protocol ID
+ $pfbalert[6] = $rule_data[16]; // Protocol
+ $pfbalert[7] = $rule_data[18]; // SRC IP
+ $pfbalert[8] = $rule_data[19]; // DST IP
+ $pfbalert[9] = $rule_data[20]; // SRC Port
+ $pfbalert[10] = $rule_data[21]; // DST Port
+ $pfbalert[11] = $rule_data[23]; // TCP Flags
+ } else {
+ $pfbalert[5] = $rule_data[13]; // Protocol ID
+ $pfbalert[6] = $rule_data[12]; // Protocol
+ $pfbalert[7] = $rule_data[15]; // SRC IP
+ $pfbalert[8] = $rule_data[16]; // DST IP
+ $pfbalert[9] = $rule_data[17]; // SRC Port
+ $pfbalert[10] = $rule_data[18]; // DST Port
+ $pfbalert[11] = $rule_data[20]; // TCP Flags
+ }
+
+ if ($pfbalert[5] == "6" || $pfbalert[5] == "17") {
+ // skip
+ } else {
+ $pfbalert[9] = "";
+ $pfbalert[10] = "";
+ $pfbalert[11] = "";
+ }
+
+ // Skip Repeated Alerts
+ if (($pfbalert[3] . $pfbalert[8] . $pfbalert[10]) == $previous_dstip || ($pfbalert[3] . $pfbalert[7] . $pfbalert[9]) == $previous_srcip)
+ continue;
+
+ $pfbalert[2] = convert_real_interface_to_friendly_descr($rule_data[4]); // Friendly Interface Name
+ $pfbalert[6] = str_replace("TCP", "TCP-", strtoupper($pfbalert[6]), $pfbalert[6]) . $pfbalert[11]; // Protocol Flags
+
+ // If Alerts Filtering is selected, process Filters as required.
+ if ($pfb['filterlogentries'] && !pfb_match_filter_field($pfbalert, $filterfieldsarray)) {
+ continue;
+ }
+
+ if ($pfbalert[3] == "block") {
+ if ($denycnt < $pfbdenycnt) {
+ $fields_array['Deny'][] = $pfbalert;
+ $denycnt++;
+ }
+ }
+ elseif ($pfbalert[3] == "pass") {
+ if ($permitcnt < $pfbpermitcnt) {
+ $fields_array['Permit'][] = $pfbalert;
+ $permitcnt++;
+ }
+ }
+ elseif ($pfbalert[3] == "unkn(%u)" || $pfbalert[3] == "unkn(11)") {
+ if ($matchcnt < $pfbmatchcnt) {
+ $fields_array['Match'][] = $pfbalert;
+ $matchcnt++;
+ }
+ }
+
+ // Exit function if Sufficinet Matches found.
+ if ($denycnt >= $pfbdenycnt && $permitcnt >= $pfbpermitcnt && $matchcnt >= $pfbmatchcnt) {
+ unset ($pfbalert, $logarr);
+ return $fields_array;
+ }
+
+ // Collect Details for Repeated Alert Comparison
+ $previous_srcip = $pfbalert[3] . $pfbalert[7] . $pfbalert[9];
+ $previous_dstip = $pfbalert[3] . $pfbalert[8] . $pfbalert[10];
+ }
+ unset ($pfbalert, $logarr);
+ return $fields_array;
+ }
+}
+
$pgtitle = gettext("pfBlockerNG: Alerts");
include_once("head.inc");
?>
@@ -341,7 +500,7 @@ if ($savemsg) {
</tr>
<tr>
<td><div id="mainarea">
- <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="4">
<tr>
<td colspan="3" class="vncell" align="left"><?php echo gettext("LINKS :"); ?>&nbsp;
<a href='/firewall_aliases.php' target="_blank"><?php echo gettext("Firewall Alias"); ?></a>&nbsp;
@@ -369,6 +528,70 @@ if ($savemsg) {
<?php printf(gettext("Currently Suppressing &nbsp; %s$pfbsupp_cnt%s &nbsp; Hosts."), '<strong>', '</strong>');?>
</td>
</tr>
+ <tr>
+ <td colspan="3" class="listtopic"><?php echo gettext("Alert Log View Filter"); ?></td>
+ </tr>
+ <tr id="filter_enable_row" style="display:<?php if (!$pfb['filterlogentries']) {echo "table-row;";} else {echo "none;";} ?>">
+ <td width="10%" class="vncell"><?php echo gettext('Filter Options'); ?></td>
+ <td width="90%" class="vtable">
+ <input name="show_filter" id="show_filter" type="button" class="formbtns" value="<?=gettext("Show Filter");?>" onclick="enable_showFilter();" />
+ &nbsp;&nbsp;<?=gettext("Click to display advanced filtering options dialog");?>
+ </td>
+ </tr>
+ <tr id="filter_options_row" style="display:<?php if (!$pfb['filterlogentries']) {echo "none;";} else {echo "table-row;";} ?>">
+ <td colspan="2">
+ <table width="100%" border="0" cellspacing="0" cellpadding="1" summary="action">
+ <tr>
+ <td valign="top">
+ <div align="center"><?=gettext("Date");?></div>
+ <div align="center"><input id="filterlogentries_date" name="filterlogentries_date" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[99] ?>" /></div>
+ </td>
+ <td valign="top">
+ <div align="center"><?=gettext("Interface");?></div>
+ <div align="center"><input id="filterlogentries_int" name="filterlogentries_int" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[2] ?>" /></div>
+ </td>
+ <td valign="top">
+ <div align="center"><?=gettext("Rule Number Only");?></div>
+ <div align="center"><input id="filterlogentries_rule" name="filterlogentries_rule" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[0] ?>" /></div>
+ </td>
+ <td valign="top">
+ <div align="center"><?=gettext("Protocol");?></div>
+ <div align="center"><input id="filterlogentries_proto" name="filterlogentries_proto" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[6] ?>" /></div>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top">
+ <div align="center"><?=gettext("Source IP Address");?></div>
+ <div align="center"><input id="filterlogentries_srcip" name="filterlogentries_srcip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[7] ?>" /></div>
+ </td>
+ <td valign="top">
+ <div align="center"><?=gettext("Source Port");?></div>
+ <div align="center"><input id="filterlogentries_srcport" name="filterlogentries_srcport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[9] ?>" /></div>
+ </td>
+ <td valign="top">
+ <div align="center"><?=gettext("Destination IP Address");?></div>
+ <div align="center"><input id="filterlogentries_dstip" name="filterlogentries_dstip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[8] ?>" /></div>
+ </td>
+ <td valign="top">
+ <div align="center"><?=gettext("Destination Port");?></div>
+ <div align="center"><input id="filterlogentries_dstport" name="filterlogentries_dstport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[10] ?>" /></div>
+ </td>
+ </tr>
+ <td colspan="5" style="vertical-align:bottom">
+ <br /><?printf(gettext('Regex Style Matching Only! %1$s Regular Expression Help link%2$s.'), '<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">', '</a>');?>&nbsp;&nbsp; <?=gettext("Precede with exclamation (!) as first character to exclude match.) ");?>
+ <br /><?printf(gettext("Example: ( ^80$ - Match Port 80, ^80$|^8080$ - Match both port 80 & 8080 ) "));?><br />
+ </tr>
+ <tr>
+ <td colspan="1" style="vertical-align:bottom">
+ <div align="left"><input id="filterlogentries_submit" name="filterlogentries_submit" type="submit" class="formbtns" value="<?=gettext("Apply Filter");?>" title="<?=gettext("Apply filter"); ?>" />
+ &nbsp;&nbsp;&nbsp;<input id="filterlogentries_clear" name="filterlogentries_clear" type="submit" class="formbtns" value="<?=gettext("Clear");?>" title="<?=gettext("Remove filter");?>" />
+ &nbsp;&nbsp;&nbsp;<input id="filterlogentries_hide" name="filterlogentries_hide" type="button" class="formbtns" value="<?=gettext("Hide");?>" onclick="enable_hideFilter();" title="<?=gettext("Hide filter options");?>" /></div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
<!--Create Three Output Windows 'Deny', 'Permit' and 'Match'-->
<?php foreach (array ("Deny" => $pfb['denydir'] . " " . $pfb['nativedir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ):
switch($type) {
@@ -394,16 +617,9 @@ if ($savemsg) {
<table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6">
<tr>
<!--Print Table Info-->
- <td colspan="2" class="listtopic"><?php printf(gettext("&nbsp;{$type}&nbsp;&nbsp; - &nbsp; Last %s Alert Entries."), "{$pfbentries}"); ?>
- <?php if ($pfb['pfsenseversion'] >= '2.2'): ?>
- <?php if (!is_array($config['syslog']) || !array_key_exists("reverse", $config['syslog'])): ?>
- &nbsp;&nbsp;<?php echo gettext("Firewall Logs must be in Reverse Order."); ?>
- <?php endif; ?>
- <?php else: ?>
- &nbsp;&nbsp;<?php echo gettext("Firewall Rule changes can unsync these Alerts."); ?>
- <?php if (!is_array($config['syslog']) || !array_key_exists("reverse", $config['syslog'])): ?>
- &nbsp;&nbsp;<?php echo gettext("Firewall Logs must be in Reverse Order."); ?>
- <?php endif; ?>
+ <td colspan="2" class="listtopic"><?php printf(gettext("&nbsp;{$type}&nbsp;&nbsp; - &nbsp; Last %s Alert Entries."),"{$pfbentries}"); ?>
+ <?php if ($type == "Deny"): ?>
+ &nbsp;&nbsp;&nbsp;&nbsp;<?php echo gettext("Firewall Rule changes can unsync these Alerts."); ?>
<?php endif; ?>
</td>
</tr>
@@ -411,12 +627,12 @@ if ($savemsg) {
<td width="100%" colspan="2">
<table id="pfbAlertsTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0">
<colgroup>
- <col width="8%" align="center" axis="date">
+ <col width="7%" align="center" axis="date">
<col width="6%" align="center" axis="string">
- <col width="16%" align="center" axis="string">
+ <col width="15%" align="center" axis="string">
<col width="6%" align="center" axis="string">
- <col width="20%" align="center" axis="string">
- <col width="20%" align="center" axis="string">
+ <col width="21%" align="center" axis="string">
+ <col width="21%" align="center" axis="string">
<col width="3%" align="center" axis="string">
<col width="13%" align="center" axis="string">
</colgroup>
@@ -450,9 +666,9 @@ if ($pfb['runonce']) {
} else {
$pfblines = (exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^") /2 );
}
- $fields_array = conv_log_filter($filter_logfile, $pfblines, $pfblines);
- $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top');
+ $fields_array = conv_log_filter_lite($filter_logfile, $pfblines, $pfblines, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt);
+ $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top');
$supp_ip_txt .= "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24";
$supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon.";
@@ -473,7 +689,10 @@ if ($pfb['runonce']) {
// Collect Virtual IP Aliases for Inbound/Outbound List Matching
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $list) {
- $pfb_local[] = $list['subnet'];
+ if ($list['type'] == "single" && $list['subnet_bits'] == "32")
+ $pfb_local[] = $list['subnet'];
+ elseif ($list['type'] == "single" || $list['type'] == "network")
+ $pfb_local = array_merge (subnet_expand ("{$list['subnet']}/{$list['subnet_bits']}"), $pfb_local);
}
}
// Collect NAT IP Addresses for Inbound/Outbound List Matching
@@ -514,30 +733,31 @@ if ($pfb['runonce']) {
$counter = 0;
// Process Fields_array and generate Output
-if (!empty($fields_array)) {
- foreach ($fields_array as $fields) {
+if (!empty($fields_array[$type]) && !empty($rule_list)) {
+ $key = 0;
+ foreach ($fields_array[$type] as $fields) {
$rulenum = "";
$alert_ip = "";
$supp_ip = "";
$pfb_query = "";
- $rulenum = $fields['rulenum'];
- if ($fields['act'] == $rtype && !empty($rule_list) && in_array($rulenum, $rule_list['id']) && $counter < $pfbentries) {
-
- // Skip Repeated Events
- if (($fields['dstip'] . $fields['dstport']) == $previous_dstip || ($fields['srcip'] . $fields['srcport']) == $previous_srcip) {
- continue;
- }
-
- $proto = str_replace("TCP", "TCP-", $fields['proto']) . $fields['tcpflags'];
+ /* Fields_array Reference [0] = Rulenum [6] = Protocol
+ [1] = Real Interface [7] = SRC IP
+ [2] = Friendly Interface Name [8] = DST IP
+ [3] = Action [9] = SRC Port
+ [4] = Version [10] = DST Port
+ [5] = Protocol ID [11] = Flags
+ [99] = Timestamp */
+ $rulenum = $fields[0];
+ if ($counter < $pfbentries) {
// Cleanup Port Output
- if ($fields['proto'] == "ICMP") {
- $srcport = $fields['srcport'];
- $dstport = $fields['dstport'];
+ if ($fields[6] == "ICMP" || $fields[6] == "ICMPV6") {
+ $srcport = "";
+ $dstport = "";
} else {
- $srcport = " :" . $fields['srcport'];
- $dstport = " :" . $fields['dstport'];
+ $srcport = ":" . $fields[9];
+ $dstport = ":" . $fields[10];
}
// Don't add Suppress Icon to Country Block Lines
@@ -546,16 +766,10 @@ if (!empty($fields_array)) {
}
// Add DNS Resolve and Suppression Icons to External IPs only. GeoIP Code to External IPs only.
- if (in_array($fields['dstip'], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields['dstip'],"32")) {
+ if (in_array($fields[8], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields[8],"32")) {
// Destination is Gateway/NAT/VIP
$rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")";
- $host = $fields['srcip'];
-
- if (is_ipaddrv4($host)) {
- $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2);
- } else {
- $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2);
- }
+ $host = $fields[7];
$alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\" " . gettext("Resolve host via Rev. DNS lookup");
$alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" ";
@@ -563,30 +777,22 @@ if (!empty($fields_array)) {
if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") {
$supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" ";
- $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\"";
+ $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\"";
$supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>";
}
if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") {
- $hostname = getpfbhostname('src', $fields['srcip'], $counter);
+ $hostname = getpfbhostname('src', $fields[7], $counter);
} else {
$hostname = "";
}
- $src_icons = $alert_ip . "&nbsp;" . $supp_ip . "&nbsp;";
- $dst_icons = "";
- $scc = $country;
- $dcc = "";
+ $src_icons = $alert_ip . "&nbsp;" . $supp_ip . "&nbsp;";
+ $dst_icons = "";
} else {
// Outbound
$rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")";
- $host = $fields['dstip'];
-
- if (is_ipaddrv4($host)) {
- $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2);
- } else {
- $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2);
- }
+ $host = $fields[8];
$alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\"" . gettext("Resolve host via Rev. DNS lookup");
$alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" ";
@@ -594,20 +800,25 @@ if (!empty($fields_array)) {
if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") {
$supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" ";
- $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\"";
+ $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\"";
$supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>";
}
if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") {
- $hostname = getpfbhostname('dst', $fields['dstip'], $counter);
+ $hostname = getpfbhostname('dst', $fields[8], $counter);
} else {
$hostname = "";
}
- $src_icons = "";
- $dst_icons = $alert_ip . "&nbsp;" . $supp_ip . "&nbsp;";
- $scc = "";
- $dcc = $country;
+ $src_icons = "";
+ $dst_icons = $alert_ip . "&nbsp;" . $supp_ip . "&nbsp;";
+ }
+
+ // Determine Country Code of Host
+ if (is_ipaddrv4($host)) {
+ $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2);
+ } else {
+ $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2);
}
# IP Query Grep Exclusion
@@ -615,21 +826,19 @@ if (!empty($fields_array)) {
$pfb_ex2 = "grep -v 'pfB\_\|/32\|/24\|\_v6\.txt' | grep -m1 '/'";
// Find List which contains Blocked IP Host
- if ($pfb_query == "Country") {
- # Skip
- } else {
+ if (is_ipaddrv4($host) && $pfb_query != "Country") {
// Search for exact IP Match
$host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host);
- $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}");
+ $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}");
// Search for IP in /24 CIDR
if (empty($pfb_query)) {
$host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.0/24\'', $host);
- $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}");
+ $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}");
}
// Search for First Two IP Octets in CIDR Matches Only. Skip any pfB (Country Lists) or /32,/24 Addresses.
if (empty($pfb_query)) {
$host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host);
- $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
+ $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
}
// Search for First Two IP Octets in CIDR Matches Only (Subtract 1 from second Octet on each loop).
// Skip (Country Lists) or /32,/24 Addresses.
@@ -638,7 +847,7 @@ if (!empty($fields_array)) {
$host2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$2', $host);
for ($cnt = 1; $cnt <= 5; $cnt++) {
$host3 = $host2 - $cnt . '\'';
- $pfb_query = exec("grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
+ $pfb_query = exec("/usr/bin/grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
// Break out of loop if found.
if (!empty($pfb_query))
$cnt = 6;
@@ -647,26 +856,30 @@ if (!empty($fields_array)) {
// Search for First Three Octets
if (empty($pfb_query)) {
$host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.$3\.\'', $host);
- $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
+ $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
}
// Search for First Two Octets
if (empty($pfb_query)) {
$host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host);
- $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
+ $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}");
}
// Report Specific ET IQRisk Details
if ($pfb['et_header'] && preg_match("/{$et_header}/", $pfb_query)) {
$host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host);
- $pfb_query = exec("grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' ");
+ $pfb_query = exec("/usr/bin/grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' ");
if (empty($pfb_query)) {
$host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1.$2.$3.0/24\'', $host);
- $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}");
+ $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}");
}
}
- // Default to "No Match" if not found.
- if (empty($pfb_query))
- $pfb_query = "No Match";
}
+ elseif (is_ipaddrv6($host) && $pfb_query != "Country") {
+ $pfb_query = exec("/usr/bin/grep -Hm1 {$host} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | grep -v 'pfB\_'");
+ }
+
+ // Default to "No Match" if not found.
+ if (empty($pfb_query))
+ $pfb_query = "No Match";
# Split List Column into Two lines.
unset ($pfb_match);
@@ -681,9 +894,19 @@ if (!empty($fields_array)) {
}
}
- $pfb_matchtitle = "Country Block Rules cannot be suppressed.\n\nTo allow a particular Country IP, either remove the particular Country or add the Host\nto a Permit Alias in the Firewall Tab.\n\nIf the IP is not listed beside the List, this means that the Block is a /32 entry.\nOnly /32 or /24 CIDR Hosts can be suppressed.\n\nIf (Duplication) Checking is not enabled. You may see /24 and /32 CIDR Blocks for a given blocked Host";
+ // Add []'s to IPv6 Addresses and add a zero-width space as soft-break opportunity after each colon if we have an IPv6 address (from Snort)
+ if ($fields[4] == "6") {
+ $fields[97] = "[" . str_replace(":", ":&#8203;", $fields[7]) . "]";
+ $fields[98] = "[" . str_replace(":", ":&#8203;", $fields[8]) . "]";
+ }
+ else {
+ $fields[97] = $fields[7];
+ $fields[98] = $fields[8];
+ }
// Truncate Long List Names
+ $pfb_matchtitle = "Country Block Rules cannot be suppressed.\n\nTo allow a particular Country IP, either remove the particular Country or add the Host\nto a Permit Alias in the Firewall Tab.\n\nIf the IP is not listed beside the List, this means that the Block is a /32 entry.\nOnly /32 or /24 CIDR Hosts can be suppressed.\n\nIf (Duplication) Checking is not enabled. You may see /24 and /32 CIDR Blocks for a given blocked Host";
+
if (strlen($pfb_match[1]) >= 17) {
$pfb_matchtitle = $pfb_match[1];
$pfb_match[1] = substr($pfb_match[1], 0, 16) . '...';
@@ -691,31 +914,28 @@ if (!empty($fields_array)) {
// Print Alternating Line Shading
if ($pfb['pfsenseversion'] > '2.0') {
- $alertRowEvenClass = "listMReven";
- $alertRowOddClass = "listMRodd";
+ $alertRowEvenClass = "listMReven";
+ $alertRowOddClass = "listMRodd";
} else {
- $alertRowEvenClass = "listr";
- $alertRowOddClass = "listr";
+ $alertRowEvenClass = "listr";
+ $alertRowOddClass = "listr";
}
- // Collect Details for Repeated Alert Comparison
- $previous_srcip = $fields['srcip'] . $fields['srcport'];
- $previous_dstip = $fields['dstip'] . $fields['dstport'];
- $countrycode = trim($scc . $dcc);
-
$alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass;
echo "<tr class='{$alertRowClass}'>
- <td class='listMRr' align='center'>{$fields['time']}</td>
- <td class='listMRr' align='center'>{$fields['interface']}</td>
+ <td class='listMRr' align='center'>{$fields[99]}</td>
+ <td class='listMRr' align='center'>{$fields[2]}</td>
<td class='listMRr' align='center' title='The pfBlockerNG Rule that Blocked this Host.'>{$rule}</td>
- <td class='listMRr' align='center'>{$proto}</td>
- <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields['srcip']};' sorttable_customkey='{$fields['srcip']}'>{$src_icons}{$fields['srcip']}{$srcport}<br /><small>{$hostname['src']}</small></td>
- <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields['dstip']};' sorttable_customkey='{$fields['dstip']}'>{$dst_icons}{$fields['dstip']}{$dstport}<br /><small>{$hostname['dst']}</small></td>
- <td class='listMRr' align='center'>{$countrycode}</td>
+ <td class='listMRr' align='center'>{$fields[6]}</td>
+ <td class='listMRr' align='center' style='sorttable_customkey:{$fields[7]};' sorttable_customkey='{$fields[7]}'>{$src_icons}{$fields[97]}{$srcport}<br /><small>{$hostname['src']}</small></td>
+ <td class='listMRr' align='center' style='sorttable_customkey:{$fields[8]};' sorttable_customkey='{$fields[8]}'>{$dst_icons}{$fields[98]}{$dstport}<br /><small>{$hostname['dst']}</small></td>
+ <td class='listMRr' align='center'>{$country}</td>
<td class='listbg' align='center' title='{$pfb_matchtitle}' style=\"font-size: 10px word-wrap:break-word;\">{$pfb_match[1]}<br />{$pfb_match[2]}</td></tr>";
$counter++;
if ($counter > 0 && $rtype == "block") {
$mycounter = $counter;
+ } else {
+ $mycounter = 0;
}
}
}
@@ -725,6 +945,7 @@ if (!empty($fields_array)) {
</table>
</table>
<?php endforeach; ?> <!--End - Create Three Output Windows 'Deny', 'Permit' and 'Match'-->
+<?php unset ($fields_array); ?>
</td></tr>
</table>
@@ -762,9 +983,22 @@ function findhostnames(counter) {
)
}
-var lines = <?php echo $mycounter; ?>;
-for (alertcount = 0; alertcount < lines; alertcount++) {
- setTimeout(findhostnames(alertcount), 30);
+var alertlines = <?php echo $mycounter; ?>;
+var autoresolve = "<?php echo $config['installedpackages']['pfblockerngglobal']['hostlookup']; ?>";
+if ( autoresolve == "on" ) {
+ for (alertcount = 0; alertcount < alertlines; alertcount++) {
+ setTimeout(findhostnames(alertcount), 30);
+ }
+}
+
+function enable_showFilter() {
+ document.getElementById("filter_enable_row").style.display="none";
+ document.getElementById("filter_options_row").style.display="table-row";
+}
+
+function enable_hideFilter() {
+ document.getElementById("filter_enable_row").style.display="table-row";
+ document.getElementById("filter_options_row").style.display="none";
}
//]]>
diff --git a/config/snort/snort_alerts.widget.php b/config/snort/snort_alerts.widget.php
index 552dab61..96c70562 100644
--- a/config/snort/snort_alerts.widget.php
+++ b/config/snort/snort_alerts.widget.php
@@ -46,7 +46,7 @@ $alertColClass = "listMRr";
/* check if Snort widget alert display lines value is set */
$snort_nentries = $config['widgets']['widget_snort_display_lines'];
-if (!isset($snort_nentries) || $snort_nentries < 0)
+if (!isset($snort_nentries) || $snort_nentries <= 0)
$snort_nentries = 5;
/* array sorting of the alerts */
@@ -95,7 +95,11 @@ if (isset($_GET['getNewAlerts'])) {
// See if saving new display line count value
if(isset($_POST['widget_snort_display_lines'])) {
- $config['widgets']['widget_snort_display_lines'] = $_POST['widget_snort_display_lines'];
+ if($_POST['widget_snort_display_lines'] == "") {
+ unset($config['widgets']['widget_snort_display_lines']);
+ } else {
+ $config['widgets']['widget_snort_display_lines'] = max(intval($_POST['widget_snort_display_lines']), 1);
+ }
write_config("Saved Snort Alerts Widget Displayed Lines Parameter via Dashboard");
header("Location: ../../index.php");
}
diff --git a/config/vhosts/vhosts.inc b/config/vhosts/vhosts.inc
index d0b14652..1958632e 100644
--- a/config/vhosts/vhosts.inc
+++ b/config/vhosts/vhosts.inc
@@ -659,7 +659,7 @@ function vhosts_sync_package_php()
$tmp .= " \"PHP_FCGI_MAX_REQUESTS\" => \"500\",\n";
$tmp .= " \"PHP_FCGI_CHILDREN\" => \"1\"\n";
$tmp .= " ),\n";
- $tmp .= " \"bin-path\" => \"/usr/local/php5/php-cgi\"\n";
+ $tmp .= " \"bin-path\" => \"/usr/local/bin/php\"\n";
$tmp .= " )\n";
$tmp .= " )\n";
$tmp .= ")\n";
@@ -681,11 +681,11 @@ function vhosts_sync_package_php()
);
//add or update a service
- $a_service = &$config['installedpackages']['service'];
$ent['name'] = "vhosts-ssl-$x";
$ent['rcfile'] = "vhosts-".$ipaddress."-".$port."-ssl.sh";
$ent['executable'] = "vhosts-".$ipaddress."-".$port."-ssl";
$ent['description'] = "vHosts SSL, Host: $host, IP Address: ".$ipaddress.", port: ".$port." desc: ".$description;
+ $ent['custom_php_service_status_command'] = "\$vhost_output=''; exec('/bin/pgrep -anf '.".escapeshellarg($ent['executable']).", \$vhost_output, \$retval); \$rc=(intval(\$retval) == 0);";
$a_service = $config['installedpackages']['service'];
$service_id = get_service_id ($a_service, 'name', "vhosts-ssl-$x");
if (is_int($service_id)) {
diff --git a/config/zabbix-lts/zabbix-agent-lts.xml b/config/zabbix-lts/zabbix-agent-lts.xml
new file mode 100644
index 00000000..b098eb62
--- /dev/null
+++ b/config/zabbix-lts/zabbix-agent-lts.xml
@@ -0,0 +1,179 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packagegui>
+<copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ zabbix-agent-lts.xml
+ part of the Zabbix package for pfSense
+ Copyright (C) 2013 Danilo G. Baio
+ Copyright (C) 2013 Marcello Coutinho
+
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <name>zabbixagentlts</name>
+ <title>Services: Zabbix Agent LTS</title>
+ <category>Monitoring</category>
+ <version>0.8.3</version>
+ <include_file>/usr/local/pkg/zabbix-lts.inc</include_file>
+ <addedit_string>Zabbix Agent LTS has been created/modified.</addedit_string>
+ <delete_string>Zabbix Agent LTS has been deleted.</delete_string>
+ <restart_command>/usr/local/etc/rc.d/zabbix_agentd_lts.sh restart</restart_command>
+ <additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/zabbix-lts/zabbix-lts.inc</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <menu>
+ <name>Zabbix Agent LTS</name>
+ <tooltiptext>Setup Zabbix Agent specific settings</tooltiptext>
+ <section>Services</section>
+ <url>/pkg_edit.php?xml=zabbix-agent-lts.xml&amp;id=0</url>
+ </menu>
+ <service>
+ <name>zabbix_agentd_lts</name>
+ <rcfile>zabbix_agentd_lts.sh</rcfile>
+ <executable>zabbix_agentd</executable>
+ <description>Zabbix Agent LTS host monitor daemon</description>
+ </service>
+ <tabs>
+ <tab>
+ <text>Agent</text>
+ <url>/pkg_edit.php?xml=zabbix-agent-lts.xml&amp;id=0</url>
+ <active />
+ </tab>
+ </tabs>
+ <fields>
+ <field>
+ <name>Zabbix Agent LTS Settings</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Enable</fielddescr>
+ <fieldname>agentenabled</fieldname>
+ <description>Enable Zabbix Agent LTS service</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Server</fielddescr>
+ <fieldname>server</fieldname>
+ <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>Server Active</fielddescr>
+ <fieldname>serveractive</fieldname>
+ <description>List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>Hostname</fielddescr>
+ <fieldname>hostname</fieldname>
+ <description>Unique hostname. Required for active checks and must match hostname as configured on the Zabbix server (case sensitive).</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
+ <fielddescr>Listen IP</fielddescr>
+ <fieldname>listenip</fieldname>
+ <default_value>0.0.0.0</default_value>
+ <type>input</type>
+ <size>60</size>
+ <description>Listen IP for connections from the server (default 0.0.0.0 for all interfaces)</description>
+ </field>
+ <field>
+ <fielddescr>Listen Port</fielddescr>
+ <fieldname>listenport</fieldname>
+ <default_value>10050</default_value>
+ <type>input</type>
+ <size>5</size>
+ <description>Listen port for connections from the server (default 10050)</description>
+ </field>
+ <field>
+ <fielddescr>Refresh Active Checks</fielddescr>
+ <fieldname>refreshactchecks</fieldname>
+ <default_value>120</default_value>
+ <type>input</type>
+ <size>5</size>
+ <description>The agent will refresh list of active checks once per 120 (default) seconds.</description>
+ </field>
+ <field>
+ <fielddescr>Timeout</fielddescr>
+ <fieldname>timeout</fieldname>
+ <default_value>3</default_value>
+ <type>input</type>
+ <size>5</size>
+ <description>Timeout (default 3). Do not spend more that Timeout seconds on getting requested value (1-30). The agent does not kill timeouted User Parameters processes!</description>
+ </field>
+ <field>
+ <fielddescr>Buffer Send</fielddescr>
+ <fieldname>buffersend</fieldname>
+ <default_value>5</default_value>
+ <type>input</type>
+ <size>5</size>
+ <description>Buffer Send (default 5). Do not keep data longer than N seconds in buffer (1-3600).</description>
+ </field>
+ <field>
+ <fielddescr>Buffer Size</fielddescr>
+ <fieldname>buffersize</fieldname>
+ <default_value>100</default_value>
+ <type>input</type>
+ <size>5</size>
+ <description>Buffer Size (default 100). Maximum number of values in a memory buffer (2-65535). The agent will send all collected data to Zabbix server or proxy if the buffer is full.</description>
+ </field>
+ <field>
+ <fielddescr>Start Agents</fielddescr>
+ <fieldname>startagents</fieldname>
+ <default_value>3</default_value>
+ <type>input</type>
+ <size>5</size>
+ <description>Start Agents (default 3). Number of pre-forked instances of zabbix_agentd that process passive checks (0-100).If set to 0, disables passive checks and the agent will not listen on any TCP port.</description>
+ </field>
+ <field>
+ <fielddescr>User Parameters</fielddescr>
+ <fieldname>userparams</fieldname>
+ <encoding>base64</encoding>
+ <type>textarea</type>
+ <rows>5</rows>
+ <cols>50</cols>
+ <description>User-defined parameter to monitor. There can be several user-defined parameters. Value has form, example: UserParameter=users,who|wc -l</description>
+ </field>
+ </fields>
+ <custom_php_install_command>sync_package_zabbix_lts();</custom_php_install_command>
+ <custom_php_command_before_form></custom_php_command_before_form>
+ <custom_php_after_head_command></custom_php_after_head_command>
+ <custom_php_after_form_command></custom_php_after_form_command>
+ <custom_php_validation_command>validate_input_zabbix_lts($_POST, $input_errors);</custom_php_validation_command>
+ <custom_add_php_command></custom_add_php_command>
+ <custom_php_resync_config_command>sync_package_zabbix_lts();</custom_php_resync_config_command>
+ <custom_php_deinstall_command>php_deinstall_zabbix_agent_lts();</custom_php_deinstall_command>
+</packagegui>
diff --git a/config/zabbix-lts/zabbix-lts.inc b/config/zabbix-lts/zabbix-lts.inc
new file mode 100644
index 00000000..450b78a1
--- /dev/null
+++ b/config/zabbix-lts/zabbix-lts.inc
@@ -0,0 +1,360 @@
+<?php
+/* $Id$ */
+/* ========================================================================== */
+/*
+ zabbix-lts.inc
+ part of the Zabbix package for pfSense
+ Copyright (C) 2013 Danilo G. Baio
+ Copyright (C) 2013 Marcello Coutinho
+
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+require_once("util.inc");
+require_once("functions.inc");
+require_once("pkg-utils.inc");
+require_once("globals.inc");
+
+function php_install_zabbix_lts(){
+ sync_package_zabbix_lts();
+}
+
+function php_deinstall_zabbix_agent_lts(){
+ global $config, $g;
+
+ conf_mount_rw();
+
+ define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix22-agent-' . php_uname("m"));
+
+ exec("/usr/bin/killall zabbix_agentd");
+ unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/rc.d/zabbix_agentd_lts.sh");
+ unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf");
+ unlink_if_exists("/var/log/zabbix-lts/zabbix_agentd_lts.log");
+ unlink_if_exists("/var/run/zabbix-lts/zabbix_agentd_lts.pid");
+
+ if (!is_array($config['installedpackages']['zabbixproxylts'])){
+ if (is_dir("/var/log/zabbix-lts"))
+ exec("/bin/rm -r /var/log/zabbix-lts/");
+ if (is_dir("/var/run/zabbix-lts"))
+ exec("/bin/rm -r /var/run/zabbix-lts/");
+ }
+
+ conf_mount_ro();
+}
+
+function php_deinstall_zabbix_proxy_lts(){
+ global $config, $g;
+
+ conf_mount_rw();
+
+ define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix22-proxy-' . php_uname("m"));
+
+ exec("/usr/bin/killall zabbix_proxy");
+ unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/rc.d/zabbix_proxy_lts.sh");
+ unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy.conf");
+ unlink_if_exists("/var/log/zabbix-lts/zabbix_proxy_lts.log");
+ unlink_if_exists("/var/run/zabbix-lts/zabbix_proxy_lts.pid");
+
+ if (!is_array($config['installedpackages']['zabbixagentlts'])){
+ if (is_dir("/var/log/zabbix-lts"))
+ exec("/bin/rm -r /var/log/zabbix-lts/");
+ if (is_dir("/var/run/zabbix-lts"))
+ exec("/bin/rm -r /var/run/zabbix-lts/");
+ }
+
+ if (is_dir("/var/db/zabbix-lts"))
+ exec("/bin/rm -r /var/db/zabbix-lts/");
+
+ conf_mount_ro();
+}
+
+function validate_input_zabbix_lts($post, &$input_errors){
+
+ if (isset($post['proxyenabled'])){
+ if (!is_numericint($post['serverport'])) {
+ $input_errors[]='Server Port is not numeric.'.$ServerPort;
+ }
+
+ if (!is_numericint($post['configfrequency'])) {
+ $input_errors[]='Config Frequency is not numeric.';
+ }
+ }
+ if (isset($post['agentenabled'])){
+ if (!preg_match("/\w+/", $post['server'])) {
+ $input_errors[]='Server field is required.';
+ }
+
+ if (!preg_match("/\w+/", $post['hostname'])) {
+ $input_errors[]='Hostname field is required.';
+ }
+
+ if ($post['listenip'] != '') {
+ if (!is_ipaddr_configured($post['listenip']) && !preg_match("/(127.0.0.1|0.0.0.0)/",$post['listenip'])) {
+ $input_errors[]='Listen IP is not a configured IP address.';
+ }
+ }
+
+ if ($post['listenport'] != '') {
+ if (!preg_match("/^\d+$/", $post['listenport'])) {
+ $input_errors[]='Listen Port is not numeric.';
+ }
+ }
+
+ if ($post['refreshactchecks'] != '') {
+ if (!preg_match("/^\d+$/", $post['refreshactchecks'])) {
+ $input_errors[]='Refresh Active Checks is not numeric.';
+ } elseif ( $post['refreshactchecks'] < 60 || $post['refreshactchecks'] > 3600 ) {
+ $input_errors[]='You must enter a valid value for \'Refresh Active Checks\'';
+ }
+ }
+
+ if ($post['timeout'] != '') {
+ if (!is_numericint($post['timeout'])) {
+ $input_errors[]='Timeout is not numeric.';
+ } elseif ( $post['timeout'] < 1 || $post['timeout'] > 30 ) {
+ $input_errors[]='You must enter a valid value for \'Timeout\'';
+ }
+ }
+
+ if ($post['buffersend'] != '') {
+ if (!is_numericint($post['buffersend'])) {
+ $input_errors[]='Buffer Send is not numeric.';
+ } elseif ( $post['buffersend'] < 1 || $post['buffersend'] > 3600 ) {
+ $input_errors[]='You must enter a valid value for \'Buffer Send\'';
+ }
+ }
+
+ if ($post['buffersize'] != '') {
+ if (!is_numericint($post['buffersize'])) {
+ $input_errors[]='Bufer Size is not numeric.';
+ } elseif ( $post['buffersize'] < 2 || $post['buffersize'] > 65535 ) {
+ $input_errors[]='You must enter a valid value for \'Buffer Size\'';
+ }
+ }
+
+ if ($post['startagents'] != '') {
+ if (!is_numericint($post['startagents'])) {
+ $input_errors[]='Start Agents is not numeric.';
+ } elseif ( $post['startagents'] < 0 || $post['startagents'] > 100 ) {
+ $input_errors[]='You must enter a valid value for \'Start Agents\'';
+ }
+ }
+ }
+}
+
+function sync_package_zabbix_lts(){
+ global $config, $g;
+
+ conf_mount_rw();
+
+ define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix22-agent-' . php_uname("m"));
+ define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix22-proxy-' . php_uname("m"));
+
+ #check zabbix proxy config
+ if (is_array($config['installedpackages']['zabbixproxylts'])){
+ $zbproxy_config = $config['installedpackages']['zabbixproxylts']['config'][0];
+ if ($zbproxy_config['proxyenabled']=="on"){
+ $Mode=(is_numericint($zbproxy_config['proxymode'])?$zbproxy_config['proxymode'] : 0);
+ $AdvancedParams=base64_decode($zbproxy_config['advancedparams']);
+
+ $zbproxy_conf_file = <<< EOF
+Server={$zbproxy_config['server']}
+ServerPort={$zbproxy_config['serverport']}
+Hostname={$zbproxy_config['hostname']}
+PidFile=/var/run/zabbix-lts/zabbix_proxy_lts.pid
+DBName=/var/db/zabbix-lts/proxy.db
+LogFile=/var/log/zabbix-lts/zabbix_proxy_lts.log
+ConfigFrequency={$zbproxy_config['configfrequency']}
+FpingLocation=/usr/local/sbin/fping
+#there's currently no fping6 (IPv6) dependency in the package, but if there was, the binary would likely also be in /usr/local/sbin
+Fping6Location=/usr/local/sbin/fping6
+ProxyMode={$Mode}
+{$AdvancedParams}
+
+EOF;
+ file_put_contents(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => "")));
+ }
+ }
+ /* check zabbix agent settings*/
+ if (is_array($config['installedpackages']['zabbixagentlts'])){
+ $zbagent_config = $config['installedpackages']['zabbixagentlts']['config'][0];
+ if ($zbagent_config['agentenabled']=="on"){
+ $RefreshActChecks=(preg_match("/(\d+)/",$zbagent_config['refreshactchecks'],$matches)? $matches[1] : "120");
+ $BufferSend=(preg_match("/(\d+)/",$zbagent_config['buffersend'],$matches)? $matches[1] : "5" );
+ $BufferSize=(preg_match("/(\d+)/",$zbagent_config['buffersize'],$matches)? $matches[1] : "100");
+ $StartAgents=(preg_match("/(\d+)/",$zbagent_config['startagents'],$matches)? $matches[1] :"3" );
+ $UserParams=base64_decode($zbagent_config['userparams']);
+ $ListenIp=($zbagent_config['listenip'] != ''? $zbagent_config['listenip'] : "0.0.0.0");
+ $ListenPort=($zbagent_config['listenport'] != ''? $zbagent_config['listenport'] : "10050");
+ $TimeOut=($zbagent_config['timeout'] != ''? $zbagent_config['timeout'] : "3");
+
+ $zbagent_conf_file = <<< EOF
+Server={$zbagent_config['server']}
+ServerActive={$zbagent_config['serveractive']}
+Hostname={$zbagent_config['hostname']}
+ListenIP={$ListenIp}
+ListenPort={$ListenPort}
+RefreshActiveChecks={$RefreshActChecks}
+DebugLevel=3
+PidFile=/var/run/zabbix-lts/zabbix_agentd_lts.pid
+LogFile=/var/log/zabbix-lts/zabbix_agentd_lts.log
+LogFileSize=1
+Timeout={$TimeOut}
+BufferSend={$BufferSend}
+BufferSize={$BufferSize}
+StartAgents={$StartAgents}
+{$UserParams}
+
+EOF;
+ file_put_contents(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf", strtr($zbagent_conf_file, array("\r" => "")));
+ }
+ }
+ $want_sysctls = array(
+ 'kern.ipc.shmall' => '2097152',
+ 'kern.ipc.shmmax' => '2147483648',
+ 'kern.ipc.semmsl' => '250'
+ );
+ $sysctls = array();
+ #check sysctl file values
+ $sc_file="";
+ if (file_exists("/etc/sysctl.conf")) {
+ $sc = file("/etc/sysctl.conf");
+ foreach ($sc as $line) {
+ list($sysk, $sysv) = explode("=", $line, 2);
+ if (preg_match("/\w/",$line) && !array_key_exists($sysk, $want_sysctls))
+ $sc_file.=$line;
+ }
+ }
+ foreach ($want_sysctls as $ws=> $wv) {
+ $sc_file .= "{$ws}={$wv}\n";
+ exec("/sbin/sysctl {$ws}={$wv}");
+ }
+ file_put_contents("/etc/sysctl.conf", $sc_file);
+
+ #check bootloader values
+ $lt_file="";
+ $want_tunables = array(
+ 'kern.ipc.semopm' => '100',
+ 'kern.ipc.semmni' => '128',
+ 'kern.ipc.semmns' => '32000',
+ 'kern.ipc.shmmni' => '4096'
+ );
+ $tunables = array();
+ if (file_exists("/boot/loader.conf")) {
+ $lt = file("/boot/loader.conf");
+ foreach ($lt as $line) {
+ list($tunable, $val) = explode("=", $line, 2);
+ if (preg_match("/\w/",$line) && !array_key_exists($tunable, $want_tunables))
+ $lt_file.=$line;
+ }
+ }
+ foreach ($want_tunables as $wt => $wv) {
+ $lt_file.= "{$wt}={$wv}\n";
+ }
+ file_put_contents("/boot/loader.conf", $lt_file);
+
+ /*check startup script files*/
+ /* create a few directories and ensure the sample files are in place */
+ if (!is_dir(ZABBIX_PROXY_BASE . "/etc/zabbix22"))
+ exec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/zabbix22");
+
+ $dir_checks = <<< EOF
+if [ ! -d /var/log/zabbix-lts ]
+ then
+ /bin/mkdir -p /var/log/zabbix-lts
+ /usr/sbin/chmod 755 /var/log/zabbix-lts
+ fi
+/usr/sbin/chown -R zabbix:zabbix /var/log/zabbix-lts
+
+if [ ! -d /var/run/zabbix-lts ]
+ then
+ /bin/mkdir -p /var/run/zabbix-lts
+ /usr/sbin/chmod 755 /var/run/zabbix-lts
+ fi
+/usr/sbin/chown -R zabbix:zabbix /var/run/zabbix-lts
+
+if [ ! -d /var/db/zabbix-lts ]
+ then
+ /bin/mkdir -p /var/db/zabbix-lts
+ /usr/sbin/chmod 755 /var/db/zabbix-lts
+ fi
+/usr/sbin/chown -R zabbix:zabbix /var/db/zabbix-lts
+
+EOF;
+
+ $zproxy_rcfile="/usr/local/etc/rc.d/zabbix_proxy_lts.sh";
+ if (is_array($zbproxy_config) && $zbproxy_config['proxyenabled']=="on"){
+ $zproxy_start= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Proxy LTS\"...\n";
+ /* start zabbix proxy */
+ $zproxy_start .= ZABBIX_PROXY_BASE . "/sbin/zabbix_proxy\n";
+
+ $zproxy_stop = "echo \"Stopping Zabbix Proxy LTS\"\n";
+ $zproxy_stop .= "/usr/bin/killall zabbix_proxy\n";
+ $zproxy_stop .= "/bin/sleep 5\n";
+
+ /* write out rc.d start/stop file */
+ write_rcfile(array(
+ "file" => "zabbix_proxy_lts.sh",
+ "start" => $zproxy_start,
+ "stop" => $zproxy_stop
+ )
+ );
+ mwexec("{$zproxy_rcfile} restart");
+ }else{
+ if (file_exists($zproxy_rcfile)){
+ mwexec("{$zproxy_rcfile} stop");
+ unlink($zproxy_rcfile);
+ }
+ }
+
+ $zagent_rcfile="/usr/local/etc/rc.d/zabbix_agentd_lts.sh";
+ if (is_array($zbagent_config) && $zbagent_config['agentenabled']=="on"){
+ $zagent_start .= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Agent LTS...\"\n";
+ $zagent_start .= ZABBIX_AGENT_BASE . "/sbin/zabbix_agentd\n";
+
+ $zagent_stop = "echo \"Stopping Zabbix Agent LTS...\"\n";
+ $zagent_stop .= "/usr/bin/killall zabbix_agentd\n";
+ $zagent_stop .= "/bin/sleep 5\n";
+
+ /* write out rc.d start/stop file */
+ write_rcfile(array(
+ "file" => "zabbix_agentd_lts.sh",
+ "start" => "$zagent_start",
+ "stop" => "$zagent_stop"
+ )
+ );
+ mwexec("{$zagent_rcfile} restart");
+ }else{
+ if (file_exists($zagent_rcfile)){
+ mwexec("{$zagent_rcfile} stop");
+ unlink($zagent_rcfile);
+ }
+ }
+
+ conf_mount_ro();
+}
+
+?>
diff --git a/config/zabbix-lts/zabbix-proxy-lts.xml b/config/zabbix-lts/zabbix-proxy-lts.xml
new file mode 100644
index 00000000..de9f1e1c
--- /dev/null
+++ b/config/zabbix-lts/zabbix-proxy-lts.xml
@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packagegui>
+<copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ zabbix-proxy-lts.xml
+ part of the Zabbix package for pfSense
+ Copyright (C) 2013 Danilo G. Baio
+ Copyright (C) 2013 Marcello Coutinho
+
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <name>zabbixproxylts</name>
+ <title>Services: Zabbix Proxy LTS</title>
+ <category>Monitoring</category>
+ <version>0.8.3</version>
+ <include_file>/usr/local/pkg/zabbix-lts.inc</include_file>
+ <addedit_string>Zabbix Proxy has been created/modified.</addedit_string>
+ <delete_string>Zabbix Proxy has been deleted.</delete_string>
+ <restart_command>/usr/local/etc/rc.d/zabbix_proxy_lts.sh restart</restart_command>
+ <additional_files_needed>
+ <item>https://packages.pfsense.org/packages/config/zabbix-lts/zabbix-lts.inc</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <menu>
+ <name>Zabbix Proxy LTS</name>
+ <tooltiptext>Setup Zabbix Proxy LTS specific settings</tooltiptext>
+ <section>Services</section>
+ <url>/pkg_edit.php?xml=zabbix-proxy-lts.xml&amp;id=0</url>
+ </menu>
+ <service>
+ <name>zabbix_proxy_lts</name>
+ <rcfile>zabbix_proxy_lts.sh</rcfile>
+ <executable>zabbix_proxy</executable>
+ <description>Zabbix Proxy LTS collection daemon</description>
+ </service>
+ <tabs>
+ <tab>
+ <text>Proxy</text>
+ <url>/pkg_edit.php?xml=zabbix-proxy-lts.xml&amp;id=0</url>
+ <active />
+ </tab>
+ </tabs>
+ <fields>
+ <field>
+ <name>Zabbix Proxy LTS Settings</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Enable</fielddescr>
+ <fieldname>proxyenabled</fieldname>
+ <description>Enable Zabbix Proxy LTS service</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Server</fielddescr>
+ <fieldname>server</fieldname>
+ <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description>
+ <default_value>127.0.0.1</default_value>
+ <type>input</type>
+ <size>60</size>
+ <required>true</required>
+ </field>
+ <field>
+ <fielddescr>Server Port</fielddescr>
+ <fieldname>serverport</fieldname>
+ <description>Port of Zabbix trapper on Zabbix server. default value 10051</description>
+ <default_value>10051</default_value>
+ <type>input</type>
+ <size>6</size>
+ <required>true</required>
+ </field>
+ <field>
+ <fielddescr>Hostname</fielddescr>
+ <fieldname>hostname</fieldname>
+ <description>Unique, case-sensitive proxy name. Make sure the proxy name is known to the server</description>
+ <default_value>localhost</default_value>
+ <type>input</type>
+ <size>50</size>
+ <required>true</required>
+ </field>
+ <field>
+ <fielddescr>Proxy Mode</fielddescr>
+ <fieldname>proxymode</fieldname>
+ <description>Select Zabbix proxy mode (Active is default)</description>
+ <type>select</type>
+ <default_value>0</default_value>
+ <options>
+ <option><name>Active</name><value>0</value></option>
+ <option><name>Passive</name><value>1</value></option>
+ </options>
+ <required>true</required>
+ </field>
+ <field>
+ <fielddescr>Config Frequency</fielddescr>
+ <fieldname>configfrequency</fieldname>
+ <description>How often the proxy retrieves configuration data from the Zabbix server in seconds. Ignored if the proxy runs in passive mode.</description>
+ <default_value>3600</default_value>
+ <type>input</type>
+ <size>10</size>
+ <required>true</required>
+ </field>
+ <field>
+ <fielddescr>Advanced Parameters</fielddescr>
+ <fieldname>advancedparams</fieldname>
+ <encoding>base64</encoding>
+ <type>textarea</type>
+ <rows>5</rows>
+ <cols>50</cols>
+ <description>Advanced parameters. There are some rarely used parameters that sometimes need to be defined. Value has form, example: StartDiscoverers=10</description>
+ </field>
+ </fields>
+ <custom_php_install_command>sync_package_zabbix_lts();</custom_php_install_command>
+ <custom_php_command_before_form></custom_php_command_before_form>
+ <custom_php_after_head_command></custom_php_after_head_command>
+ <custom_php_after_form_command></custom_php_after_form_command>
+ <custom_php_validation_command>validate_input_zabbix_lts($_POST, $input_errors);</custom_php_validation_command>
+ <custom_add_php_command></custom_add_php_command>
+ <custom_php_resync_config_command>sync_package_zabbix_lts();</custom_php_resync_config_command>
+ <custom_php_deinstall_command>php_deinstall_zabbix_proxy_lts();</custom_php_deinstall_command>
+</packagegui>
diff --git a/pkg_config.10.xml b/pkg_config.10.xml
index 29fa878b..90ece8ee 100644
--- a/pkg_config.10.xml
+++ b/pkg_config.10.xml
@@ -117,7 +117,7 @@
<category>Firewall</category>
<pkginfolink>https://forum.pfsense.org/index.php?topic=86212.0</pkginfolink>
<config_file>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.xml</config_file>
- <version>1.04</version>
+ <version>1.05</version>
<status>Beta</status>
<required_version>2.2</required_version>
<maintainer>BBCan177@gmail.com</maintainer>
@@ -490,7 +490,7 @@
<descr>High performance web proxy report (LightSquid). Proxy realtime stat (SQStat). Requires squid HTTP proxy.</descr>
<website>http://lightsquid.sf.net/</website>
<category>Network Report</category>
- <version>1.8.2 pkg v.2.34</version>
+ <version>1.8.2 pkg v.2.35</version>
<maintainer>dv_serg@mail.ru</maintainer>
<depends_on_package_pbi>lightsquid-1.8_2-##ARCH##.pbi</depends_on_package_pbi>
<build_pbi>
@@ -1303,11 +1303,54 @@
<configurationfile>syslog-ng.xml</configurationfile>
</package>
<package>
+ <name>Zabbix Agent LTS</name>
+ <descr>LTS (Long Term Support) release of Zabbix Monitoring agent. Zabbix LTS releases are supported for
+ Zabbix customers during five (5) years i.e. 3 years of Full Support (general, critical and security issues)
+ and 2 additional years of Limited Support (critical and security issues only). Zabbix LTS version release
+ will result in change of the first version number. More info in http://www.zabbix.com/life_cycle_and_release_policy.php </descr>
+ <category>Services</category>
+ <config_file>https://packages.pfsense.org/packages/config/zabbix-lts/zabbix-agent-lts.xml</config_file>
+ <version>zabbix-agent-lts-2.2.7 pkg v0.8.3</version>
+ <status>BETA</status>
+ <required_version>2.2</required_version>
+ <configurationfile>zabbix-agent-lts.xml</configurationfile>
+ <maintainer>dbaio@bsd.com.br</maintainer>
+ <build_pbi>
+ <custom_name>zabbix22-agent</custom_name>
+ <port>net-mgmt/zabbix22-agent</port>
+ </build_pbi>
+ <depends_on_package_pbi>zabbix22-agent-2.2.7-##ARCH##.pbi</depends_on_package_pbi>
+ </package>
+ <package>
+ <name>Zabbix Proxy LTS</name>
+ <descr>LTS (Long Term Support) release of Zabbix agent proxy. Zabbix LTS releases are supported for
+ Zabbix customers during five (5) years i.e. 3 years of Full Support (general, critical and security issues)
+ and 2 additional years of Limited Support (critical and security issues only). Zabbix LTS version release
+ will result in change of the first version number. More info in http://www.zabbix.com/life_cycle_and_release_policy.php </descr>
+ <category>Services</category>
+ <config_file>https://packages.pfsense.org/packages/config/zabbix-lts/zabbix-proxy-lts.xml</config_file>
+ <version>zabbix-proxy-lts-2.2.7 pkg v0.8.3</version>
+ <status>BETA</status>
+ <required_version>2.2</required_version>
+ <configurationfile>zabbix-proxy-lts.xml</configurationfile>
+ <maintainer>dbaio@bsd.com.br</maintainer>
+ <build_pbi>
+ <custom_name>zabbix22-proxy</custom_name>
+ <port>net-mgmt/zabbix22-proxy</port>
+ </build_pbi>
+ <build_options>OPTIONS_SET+= SQLITE IPV6;OPTIONS_UNSET+= MYSQL JABBER GSSAPI</build_options>
+ <depends_on_package_pbi>zabbix22-proxy-2.2.7-##ARCH##.pbi</depends_on_package_pbi>
+ </package>
+ <package>
<name>Zabbix-2 Agent</name>
- <descr>Monitoring agent.</descr>
+ <descr>Standard release of Zabbix Monitoring agent. Standard Zabbix releases are supported for
+ Zabbix customers during six (6) months of Full Support (general, critical and security issues) until
+ the next Zabbix stable release, plus one (1) additional month of Limited Support (critical and security
+ issues only). Zabbix Standard version release will result in change of the second version number.
+ More info in http://www.zabbix.com/life_cycle_and_release_policy.php </descr>
<category>Services</category>
<config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-agent.xml</config_file>
- <version>zabbix2-agent-2.4.3 pkg v0.8.3</version>
+ <version>zabbix24-agent-2.4.3 pkg v0.8.3</version>
<status>BETA</status>
<required_version>2.2</required_version>
<configurationfile>zabbix2-agent.xml</configurationfile>
@@ -1320,10 +1363,14 @@
</package>
<package>
<name>Zabbix-2 Proxy</name>
- <descr>Monitoring agent proxy.</descr>
+ <descr>Standard release of Zabbix agent proxy. Standard Zabbix releases are supported for
+ Zabbix customers during six (6) months of Full Support (general, critical and security issues) until
+ the next Zabbix stable release, plus one (1) additional month of Limited Support (critical and security
+ issues only). Zabbix Standard version release will result in change of the second version number.
+ More info in http://www.zabbix.com/life_cycle_and_release_policy.php </descr>
<category>Services</category>
<config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-proxy.xml</config_file>
- <version>zabbix2-proxy-2.4.3 pkg v0.8.3</version>
+ <version>zabbix24-proxy-2.4.3 pkg v0.8.3</version>
<status>BETA</status>
<required_version>2.2</required_version>
<configurationfile>zabbix2-proxy.xml</configurationfile>
@@ -1384,7 +1431,7 @@
<descr>Set of programs for controlling APC UPS.</descr>
<category>Services</category>
<config_file>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file>
- <version>apcupsd-3.14.12_1 pkg v0.3.2</version>
+ <version>apcupsd-3.14.12_1 pkg v0.3.3</version>
<status>BETA</status>
<required_version>2.2</required_version>
<configurationfile>apcupsd.xml</configurationfile>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 78df6eae..c0fab064 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -641,7 +641,7 @@
<descr>High performance web proxy report (LightSquid). Proxy realtime stat (SQStat). Requires squid HTTP proxy.</descr>
<website>http://lightsquid.sf.net/</website>
<category>Network Report</category>
- <version>1.8.2 pkg v.2.33</version>
+ <version>1.8.2 pkg v.2.35</version>
<maintainer>dv_serg@mail.ru</maintainer>
<depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
<depends_on_package>lightsquid-1.8_2.tbz</depends_on_package>
@@ -1859,7 +1859,7 @@
<descr>Set of programs for controlling APC UPS.</descr>
<category>Services</category>
<config_file>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file>
- <version>apcupsd-3.14.10_1 pkg v0.3.2</version>
+ <version>apcupsd-3.14.10_1 pkg v0.3.3</version>
<status>BETA</status>
<required_version>2.0</required_version>
<configurationfile>apcupsd.xml</configurationfile>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index ee0c60ee..8a9235c7 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -628,7 +628,7 @@
<descr>High performance web proxy report (LightSquid). Proxy realtime stat (SQStat). Requires squid HTTP proxy.</descr>
<website>http://lightsquid.sf.net/</website>
<category>Network Report</category>
- <version>1.8.2 pkg v.2.33</version>
+ <version>1.8.2 pkg v.2.35</version>
<maintainer>dv_serg@mail.ru</maintainer>
<depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
<depends_on_package>lightsquid-1.8_2.tbz</depends_on_package>
@@ -1846,7 +1846,7 @@
<descr>Set of programs for controlling APC UPS.</descr>
<category>Services</category>
<config_file>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file>
- <version>apcupsd-3.14.10_1 pkg v0.3.2</version>
+ <version>apcupsd-3.14.10_1 pkg v0.3.3</version>
<status>BETA</status>
<required_version>2.0</required_version>
<configurationfile>apcupsd.xml</configurationfile>