diff options
| -rw-r--r-- | config/nmap/nmap.inc | 22 | ||||
| -rw-r--r-- | config/nmap/nmap.priv.inc | 37 | ||||
| -rw-r--r-- | config/nmap/nmap.xml | 42 | ||||
| -rw-r--r-- | config/nrpe2/nrpe2.inc | 98 | ||||
| -rw-r--r-- | config/nrpe2/nrpe2.priv.inc | 37 | ||||
| -rw-r--r-- | config/nrpe2/nrpe2.xml | 50 | ||||
| -rw-r--r-- | config/phpservice/phpservice.inc | 40 | ||||
| -rw-r--r-- | config/phpservice/phpservice.priv.inc | 38 | ||||
| -rw-r--r-- | config/phpservice/phpservice.xml | 20 | ||||
| -rw-r--r-- | pkg_config.10.xml | 7 | ||||
| -rw-r--r-- | pkg_config.8.xml | 13 | ||||
| -rw-r--r-- | pkg_config.8.xml.amd64 | 13 |
12 files changed, 301 insertions, 116 deletions
diff --git a/config/nmap/nmap.inc b/config/nmap/nmap.inc index cbf1b15a..45a87d64 100644 --- a/config/nmap/nmap.inc +++ b/config/nmap/nmap.inc @@ -27,10 +27,12 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once("pkg-utils.inc"); +require_once("util.inc"); function nmap_install() { $destination_file = "/usr/local/share/nmap/nmap-mac-prefixes"; - $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); switch ($pfs_version) { case "2.1": $source_file = "/usr/pbi/nmap-" . php_uname("m") . "/share/nmap/nmap-mac-prefixes"; @@ -48,17 +50,23 @@ function nmap_install() { } } +function nmap_deinstall() { + $destination_file = "/usr/local/share/nmap/nmap-mac-prefixes"; + if (is_link($destination_file)) { + @unlink($destination_file); + } +} + function nmap_custom_php_validation_command($post, &$input_errors) { - global $_POST, $savemsg, $config; - if (empty($_POST['hostname'])) { + if (empty($post['hostname'])) { $input_errors[] = gettext("You must enter an IP address to scan."); - } elseif (!(is_ipaddr($_POST['hostname']) || is_subnet($_POST['hostname']) || is_hostname($_POST['hostname']))) { + } elseif (!(is_ipaddr($post['hostname']) || is_subnet($post['hostname']) || is_hostname($post['hostname']))) { $input_errors[] = gettext("You must enter a valid IP address to scan."); } - if(!empty($_POST['interface'])) { + if(!empty($post['interface'])) { $interfaces = get_configured_interface_with_descr(); - if (!array_key_exists($_POST['interface'], $interfaces)) { + if (!array_key_exists($post['interface'], $interfaces)) { $input_errors[] = gettext("Invalid interface."); } } @@ -122,7 +130,7 @@ function nmap_get_interfaces() { if (is_array($config['openvpn']["openvpn-{$mode}"])) { foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) { if (!isset($setting['disable'])) { - $tmp["name"] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); + $tmp["name"] = gettext("OpenVPN") . " " . $mode . ": " . htmlspecialchars($setting['description']); $tmp["value"] = 'ovpn' . substr($mode, 0, 1) . $setting['vpnid']; $nmap_ifs[] = $tmp; } diff --git a/config/nmap/nmap.priv.inc b/config/nmap/nmap.priv.inc new file mode 100644 index 00000000..131d6d99 --- /dev/null +++ b/config/nmap/nmap.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + nmap.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-nmap'] = array(); +$priv_list['page-diagnostics-nmap']['name'] = "WebCfg - Diagnostics: nmap package"; +$priv_list['page-diagnostics-nmap']['descr'] = "Allow access to nmap package GUI"; +$priv_list['page-diagnostics-nmap']['match'] = array(); +$priv_list['page-diagnostics-nmap']['match'][] = "pkg_edit.php?xml=nmap.xml*"; + +?> diff --git a/config/nmap/nmap.xml b/config/nmap/nmap.xml index 446ba461..665b40e9 100644 --- a/config/nmap/nmap.xml +++ b/config/nmap/nmap.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>nmap</name> - <version>1.4</version> + <version>1.4.1</version> <title>Diagnostics: NMap</title> <savetext>Scan</savetext> <preoutput>yes</preoutput> @@ -50,7 +50,6 @@ <include_file>/usr/local/pkg/nmap.inc</include_file> <menu> <name>NMap</name> - <tooltiptext>NMap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is runing on a port), and TCP/IP fingerprinting (remote host OS or device identification). It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and command line modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.</tooltiptext> <section>Diagnostics</section> <configfile>nmap.xml</configfile> </menu> @@ -58,6 +57,10 @@ <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/nmap/nmap.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/nmap/nmap.priv.inc</item> + </additional_files_needed> <fields> <field> <fielddescr>IP or Hostname</fielddescr> @@ -68,7 +71,7 @@ <field> <fielddescr>Interface</fielddescr> <fieldname>interface</fieldname> - <description>Enter the source interface here.</description> + <description>Select the source interface here.</description> <type>select_source</type> <source><![CDATA[nmap_get_interfaces()]]></source> <source_name>name</source_name> @@ -86,28 +89,44 @@ <option><name>UDP</name><value>udp</value></option> <option><name>ARP (directly connected networks only!)</name><value>arp</value></option> </options> - <typehint>Scan method</typehint> + <typehint>Select scan method.</typehint> </field> <field> <fielddescr>-P0</fielddescr> <fieldname>noping</fieldname> - <description>This allows the scanning of networks that don't allow ICMP echo requests (or responses) through their firewall. microsoft.com is an example of such a network, and thus you should always use -P0 or -PT80 when port scanning microsoft.com. Note the "ping" in this context may involve more than the traditional ICMP echo request packet. Nmap supports many such probes, including arbitrary combinations of TCP, UDP, and ICMP probes. By default, Nmap sends an ICMP echo request and a TCP ACK packet to port 80.</description> + <description> + <![CDATA[ + Do not try to ping hosts at all before scanning them. This allows the scanning of networks that don't allow ICMP echo requests (or responses) through their firewall.<br/> + microsoft.com is an example of such a network, and thus you should always use -P0 or -PT80 when port scanning microsoft.com.<br/> + Note the "ping" in this context may involve more than the traditional ICMP echo request packet. Nmap supports many such probes, including arbitrary combinations of TCP, UDP, and ICMP probes.<br/> + By default, Nmap sends an ICMP echo request and a TCP ACK packet to port 80. + ]]> + </description> <type>checkbox</type> - <typehint>Do not try to ping hosts at all before scanning them.</typehint> </field> <field> <fielddescr>-sV</fielddescr> <fieldname>servicever</fieldname> - <description>After TCP and/or UDP ports are discovered using one of the other scan methods, version detection communicates with those ports to try and determine more about what is actually running. A file called nmap-service-probes is used to determine the best probes for detecting various services and the match strings to expect. Nmap tries to determine the service protocol (e.g. ftp, ssh, telnet, http), the application name (e.g. ISC Bind, Apache httpd, Solaris telnetd), the version number, and sometimes miscellaneous details like whether an X server is open to connections or the SSH protocol version).</description> + <description> + <![CDATA[ + Try to identify service versions. After TCP and/or UDP ports are discovered using one of the other scan methods, version detection communicates with those ports to try and determine more about what is actually running.<br/> + A file called nmap-service-probes is used to determine the best probes for detecting various services and the match strings to expect.<br/> + Nmap tries to determine the service protocol (e.g. ftp, ssh, telnet, http), the application name (e.g. ISC Bind, Apache httpd, Solaris telnetd), the version number, and sometimes miscellaneous details like whether an X server is open to connections or the SSH protocol version). + ]]> + </description> <type>checkbox</type> - <typehint>Try to identify service versions.</typehint> </field> <field> <fielddescr>-O</fielddescr> <fieldname>osdetect</fieldname> - <description>This option activates remote host identification via TCP/IP fingerprinting. In other words, it uses a bunch of techniques to detect subtleties in the underlying operating system network stack of the computers you are scanning. It uses this information to create a "fingerprint" which it compares with its database of known OS fingerprints (the nmap-os-fingerprints file) to decide what type of system you are scanning.</description> + <description> + <![CDATA[ + Turn on OS detection. This option activates remote host identification via TCP/IP fingerprinting.<br/> + In other words, it uses a bunch of techniques to detect subtleties in the underlying operating system network stack of the computers you are scanning.<br/> + It uses this information to create a "fingerprint" which it compares with its database of known OS fingerprints (the nmap-os-fingerprints file) to decide what type of system you are scanning. + ]]> + </description> <type>checkbox</type> - <typehint>Turn on OS detection.</typehint> </field> </fields> <custom_add_php_command> @@ -119,4 +138,7 @@ <custom_php_install_command> nmap_install(); </custom_php_install_command> + <custom_php_deinstall_command> + nmap_deinstall(); + </custom_php_deinstall_command> </packagegui> diff --git a/config/nrpe2/nrpe2.inc b/config/nrpe2/nrpe2.inc index 08aeb5c4..5a23a585 100644 --- a/config/nrpe2/nrpe2.inc +++ b/config/nrpe2/nrpe2.inc @@ -28,7 +28,9 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -require_once('filter.inc'); +require_once("filter.inc"); +require_once("pkg-utils.inc"); +require_once("util.inc"); global $pfs_version; $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); @@ -50,20 +52,9 @@ define('NRPE_RCFILE', '/usr/local/etc/rc.d/nrpe2.sh'); function nrpe2_custom_php_install_command() { - global $g, $config; - $NRPE_BASE = NRPE_BASE; - $NRPE_CONFIG_DIR = NRPE_CONFIG_DIR; - - $ip = $config['interfaces']['lan']['ipaddr']; - - if (!is_array($config['installedpackages']['nrpe2'])) { - $config['installedpackages']['nrpe2']['config'][0]['enabled'] = "on"; - $config['installedpackages']['nrpe2']['config'][0]['server_address'] = $ip; - $config['installedpackages']['nrpe2']['config'][0]['server_port'] = 5666; - $config['installedpackages']['nrpe2']['config'][0]['allowed_hosts'] = "127.0.0.1"; - $config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe'] = "on"; - } + global $config; + /* Create default commands configuration */ if (!is_array($config['installedpackages']['nrpe2']['config'][0]['row'])) { $config['installedpackages']['nrpe2']['config'][0]['row'] = array( 0 => array( @@ -107,8 +98,19 @@ function nrpe2_custom_php_install_command() { ) ); } + + /* Remove the rc script installed with the package */ unlink_if_exists(NRPE_CONFIG_DIR . '/rc.d/nrpe2'); - $nrpe2_binary = NRPE_BINARY; + +} + +function nrpe2_custom_php_deinstall_command() { + unlink_if_exists(NRPE_RCFILE); +} + +function nrpe2_write_rc_file() { + $NRPE_CONFIG_DIR = NRPE_CONFIG_DIR; + $NRPE2_BINARY = NRPE_BINARY; $fd = fopen(NRPE_RCFILE, 'w'); $rc_file = <<<EOD #!/bin/sh @@ -135,7 +137,7 @@ nrpe2_enable=\${nrpe2_enable-"YES"} name="nrpe2" rcvar="\${name}_enable" -command="{$nrpe2_binary}" +command="{$NRPE2_BINARY}" command_args="-d" extra_commands="reload" @@ -160,31 +162,34 @@ EOD; } +function nrpe2_resync_package() { + conf_mount_rw(); + nrpe2_custom_php_write_config(); + nrpe2_custom_php_service(); + conf_mount_ro(); +} + function nrpe2_custom_php_write_config() { - global $g, $config; + global $config; $nagios_check_path = NRPE_BASE . "/libexec/nagios"; - conf_mount_rw(); $cmds = array(); foreach ($config['installedpackages']['nrpe2']['config'][0]['row'] as $cmd) { $sudo_bin = "/usr/local/bin/sudo"; $sudo = (isset($cmd['sudo']) && is_executable($sudo_bin)) ? "{$sudo_bin} " : ""; $wcmd = !empty($cmd['warning']) ? "-w {$cmd['warning']}" : ""; $ccmd = !empty($cmd['critical']) ? "-c {$cmd['critical']}" : ""; - if (is_executable("{$nagios_check_path}/{$cmd['command']}")) + if (is_executable("{$nagios_check_path}/{$cmd['command']}")) { $cmds[] = "command[{$cmd['name']}]={$sudo}{$nagios_check_path}/{$cmd['command']} {$wcmd} {$ccmd} {$cmd['extra']}\n"; + } } $commands = implode($cmds); - $server_port = $config['installedpackages']['nrpe2']['config'][0]['server_port']; - $allowed_hosts = $config['installedpackages']['nrpe2']['config'][0]['allowed_hosts']; - $dont_blame_nrpe = $config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe']; - if ($config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe'] == "on") { - $dont_blame_nrpe = 1; - } else { - $dont_blame_nrpe = 0; - } + $server_port = $config['installedpackages']['nrpe2']['config'][0]['server_port'] ?: '5666'; + $allowed_hosts = $config['installedpackages']['nrpe2']['config'][0]['allowed_hosts'] ?: '127.0.0.1'; + $dont_blame_nrpe = $config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe'] == "on" ? '1' : '0'; + /* Create configuration file */ $fd = fopen(NRPE_CONFIG_DIR . '/nrpe.cfg', 'w'); $nrpe_cfg = <<<EOD log_facility=daemon @@ -199,22 +204,29 @@ command_timeout=60 connection_timeout=300 {$commands} EOD; - if (defined($config['installedpackages']['nrpe2']['config'][0]['server_address'])) { - $server_address = $config['installedpackages']['nrpe2']['config'][0]['server_address']; - $nrpe_cfg .= "server_address={$server_address}"; + if ($config['installedpackages']['nrpe2']['config'][0]['server_address'] != "") { + $nrpe_cfg .= "server_address={$config['installedpackages']['nrpe2']['config'][0]['server_address']}"; } fwrite($fd, $nrpe_cfg); fclose($fd); - conf_mount_ro(); + } function nrpe2_custom_php_service() { global $config; if ($config['installedpackages']['nrpe2']['config'][0]['enabled'] == "on") { - restart_service("nrpe2"); + nrpe2_write_rc_file(); + if (is_service_running("nrpe2")) { + restart_service("nrpe2"); + } else { + start_service("nrpe2"); + } } else { - stop_service("nrpe2"); + if (is_service_running("nrpe2")) { + stop_service("nrpe2"); + } + unlink_if_exists(NRPE_RCFILE); } } @@ -222,8 +234,26 @@ function nrpe2_get_commands() { $nagios_check_path = NRPE_BASE . "/libexec/nagios"; $commands = glob("{$nagios_check_path}/check_*"); $cmdarr = array(); - foreach ($commands as $cmd) + foreach ($commands as $cmd) { $cmdarr[]["command"] = basename($cmd); + } return $cmdarr; } + +function nrpe2_custom_php_validation_command($post, &$input_errors) { + if (!is_port($post['server_port'])) { + $input_errors[] = gettext("'Port Number' must be a valid port."); + } + if ($post['server_address'] != "") { + if (!is_ipaddr($post['server_address'])) { + $input_errors[] = gettext("'Bind IP Address' must be a valid IP address."); + } + } + foreach (explode(",", $post['allowed_hosts']) as $host) { + if (!empty($host) && !is_ipaddr($host)) { + $input_errors[] = gettext("'Nagios Server(s)' entry '{$host}' is not a valid IP address."); + } + } +} + ?> diff --git a/config/nrpe2/nrpe2.priv.inc b/config/nrpe2/nrpe2.priv.inc new file mode 100644 index 00000000..3014806a --- /dev/null +++ b/config/nrpe2/nrpe2.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + nrpe2.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-nrpe2'] = array(); +$priv_list['page-services-nrpe2']['name'] = "WebCfg - Services: nrpe2 package"; +$priv_list['page-services-nrpe2']['descr'] = "Allow access to nrpe2 package GUI"; +$priv_list['page-services-nrpe2']['match'] = array(); +$priv_list['page-services-nrpe2']['match'][] = "pkg_edit.php?xml=nrpe2.xml*"; + +?> diff --git a/config/nrpe2/nrpe2.xml b/config/nrpe2/nrpe2.xml index f70835c3..dcd6a5a9 100644 --- a/config/nrpe2/nrpe2.xml +++ b/config/nrpe2/nrpe2.xml @@ -42,10 +42,9 @@ /* ====================================================================================== */ ]]> </copyright> - <description>Nagios NRPEv2</description> <name>nrpe2</name> - <version>2.2.1</version> - <title>NRPEv2</title> + <version>2.2.2</version> + <title>Services: NRPEv2</title> <aftersaveredirect>/pkg_edit.php?xml=nrpe2.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/nrpe2.inc</include_file> <menu> @@ -58,35 +57,39 @@ <name>nrpe2</name> <rcfile>nrpe2.sh</rcfile> <executable>nrpe2</executable> - <description>Nagios NRPE Daemon</description> + <description>Nagios NRPEv2 Daemon</description> </service> <configpath>installedpackages->package->nrpe2</configpath> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.priv.inc</item> + </additional_files_needed> <fields> <field> <type>listtopic</type> - <name>NRPE Options</name> - <fieldname>temp</fieldname> + <name>Service Options</name> </field> <field> - <fielddescr>Enabled</fielddescr> + <fielddescr>Enable NRPE</fielddescr> <fieldname>enabled</fieldname> <description>Check this to enable NRPE daemon.</description> <type>checkbox</type> + <default_value>on</default_value> </field> <field> <type>listtopic</type> <name>Configuration Options</name> - <fieldname>temp</fieldname> </field> <field> <fielddescr>Port Number</fielddescr> <fieldname>server_port</fieldname> <description>Port number we should wait for connections on. (Default: 5666)</description> <type>input</type> + <default_value>5666</default_value> <required/> </field> <field> @@ -107,12 +110,12 @@ <fieldname>dont_blame_nrpe</fieldname> <description>Check this to enable accept NRPE arguments. (Default: 0)</description> <type>checkbox</type> + <default_value>on</default_value> </field> <field> <type>listtopic</type> <name>Commands</name> - <fieldname>temp</fieldname> </field> <field> <fielddescr>Command Definitions that the Nagios server can call via the NRPE daemon.</fielddescr> @@ -158,34 +161,29 @@ <rowhelperfield> <fielddescr>Extra Options (Example: -s Z \$ARG1\$ \$ARG2\$)</fielddescr> <fieldname>extra</fieldname> - <description><![CDATA[<strong>Warning! Use at your own risk, incorrect settings here may prevent NRPE from starting!</strong>]]></description> + <description>Warning! Use at your own risk, incorrect settings here may prevent NRPE from starting!</description> <type>input</type> <size>25</size> </rowhelperfield> </rowhelper> </field> </fields> - <custom_delete_php_command> - nrpe2_custom_php_write_config(); - nrpe2_custom_php_service(); - </custom_delete_php_command> - <custom_add_php_command> - nrpe2_custom_php_write_config(); - nrpe2_custom_php_service(); - </custom_add_php_command> <custom_php_install_command> nrpe2_custom_php_install_command(); - nrpe2_custom_php_write_config(); - nrpe2_custom_php_service(); </custom_php_install_command> <custom_php_deinstall_command> - nrpe2_custom_php_write_config(); + nrpe2_custom_php_deinstall_command(); </custom_php_deinstall_command> + <custom_add_php_command> + nrpe2_resync_package(); + </custom_add_php_command> + <custom_delete_php_command> + nrpe2_resync_package(); + </custom_delete_php_command> <custom_php_resync_config_command> - nrpe2_custom_php_write_config(); - nrpe2_custom_php_service(); + nrpe2_resync_package(); </custom_php_resync_config_command> - <custom_php_command_before_form> - unset($_POST['temp']); - </custom_php_command_before_form> + <custom_php_validation_command> + nrpe2_custom_php_validation_command($_POST, $input_errors); + </custom_php_validation_command> </packagegui> diff --git a/config/phpservice/phpservice.inc b/config/phpservice/phpservice.inc index d04e021a..8ccd4f3c 100644 --- a/config/phpservice/phpservice.inc +++ b/config/phpservice/phpservice.inc @@ -27,12 +27,13 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once('pkg-utils.inc'); + function phpservice_sync_package() { global $config; - + conf_mount_rw(); + if ($config['installedpackages']['phpservice']['config'] != "") { - - conf_mount_rw(); $tmp = <<<EOF <?php @@ -47,10 +48,10 @@ fclose($fp); unset($filename); function send_to_syslog($syslogaddress, $syslogport, $syslogmsg) { - + $syslogaddress = "127.0.0.1"; $syslogport = 514; - + $fp = fsockopen("udp://".$syslogaddress, $syslogport, $errno, $errstr); if (!$fp) { return; @@ -75,8 +76,8 @@ EOF; $tmp_php = base64_decode($rowhelper['php']); if (strlen($tmp_php) > 0) { $tmp .= "// name: ".$rowhelper['name']." \n"; - $tmp .= "// description: ".$rowhelper['description']." \n\n"; - $tmp .= base64_decode($rowhelper['php']); + $tmp .= "// description: " . $rowhelper['description'] . " \n\n"; + $tmp .= preg_replace('/\r\n/', "\n", base64_decode($rowhelper['php'])); $tmp .= "\n"; } } @@ -96,21 +97,36 @@ EOF; unset($tmp); fclose($fout); - restart_service("phpservice"); - conf_mount_ro(); + phpservice_write_rcfile(); + if (is_service_running("phpservice")) { + restart_service("phpservice"); + } else { + start_service("phpservice"); + } } else { stop_service("phpservice"); + unlink_if_exists("/usr/local/etc/rc.d/phpservice.sh"); } + conf_mount_ro(); } -function phpservice_install_command() { +function phpservice_write_rcfile() { write_rcfile(array( "file" => "phpservice.sh", - "start" => "/usr/local/bin/php /usr/local/pkg/phpservice.php >> /var/log/phpservice.log &", + "start" => "/usr/local/bin/php -f /usr/local/pkg/phpservice.php >> /var/log/phpservice.log &", "stop" => "/bin/rm -f /tmp/phpmonitor.pid; sleep 3" ) ); - phpservice_sync_package(); +} + +function phpservice_custom_php_service_status_command() { + exec("/bin/pgrep -fq phpservice", $output, $retval); + return $retval; +} + +function phpservice_deinstall_command() { + rmdir_recursive("/usr/local/www/packages/phpservice"); + unlink_if_exists("/usr/local/pkg/phpservice.php"); } ?> diff --git a/config/phpservice/phpservice.priv.inc b/config/phpservice/phpservice.priv.inc new file mode 100644 index 00000000..ec10c77e --- /dev/null +++ b/config/phpservice/phpservice.priv.inc @@ -0,0 +1,38 @@ +<?php +/* + phpservice.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-phpservice'] = array(); +$priv_list['page-services-phpservice']['name'] = "WebCfg - Services: PHPService package"; +$priv_list['page-services-phpservice']['descr'] = "Allow access to PHPService package GUI"; +$priv_list['page-services-phpservice']['match'] = array(); +$priv_list['page-services-phpservice']['match'][] = "packages/phpservice/phpservice_php.php*"; +$priv_list['page-services-phpservice']['match'][] = "packages/phpservice/phpservice_php_edit.php*"; + +?> diff --git a/config/phpservice/phpservice.xml b/config/phpservice/phpservice.xml index 6bada596..f55dfe23 100644 --- a/config/phpservice/phpservice.xml +++ b/config/phpservice/phpservice.xml @@ -41,14 +41,12 @@ /* ====================================================================================== */ ]]> </copyright> - <description>PHP Service</description> - <name>PHP Service Settings</name> - <version>0.5.0</version> - <title>Settings</title> + <name>phpservice</name> + <version>0.5.2</version> + <title>PHPService</title> <include_file>/usr/local/pkg/phpservice.inc</include_file> <menu> <name>PHPService</name> - <tooltiptext>PHP Service settings.</tooltiptext> <section>Services</section> <configfile>phpservice.xml</configfile> <url>/packages/phpservice/phpservice_php.php</url> @@ -59,7 +57,7 @@ <executable>phpservice</executable> <description>PHP script as a service</description> <custom_php_service_status_command> - exec("/bin/pgrep -fq phpservice"); + phpservice_custom_php_service_status_command(); </custom_php_service_status_command> </service> <configpath>installedpackages->package->$packagename->configuration->phpservice</configpath> @@ -68,6 +66,10 @@ <item>https://packages.pfsense.org/packages/config/phpservice/phpservice.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/phpservice/phpservice.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/packages/phpservice/</prefix> <item>https://packages.pfsense.org/packages/config/phpservice/phpservice_php.php</item> </additional_files_needed> @@ -78,7 +80,7 @@ <custom_php_resync_config_command> phpservice_sync_package(); </custom_php_resync_config_command> - <custom_php_install_command> - phpservice_install_command(); - </custom_php_install_command> + <custom_php_deinstall_command> + phpservice_deinstall_command(); + </custom_php_deinstall_command> </packagegui> diff --git a/pkg_config.10.xml b/pkg_config.10.xml index a43b55cc..5904697b 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -347,10 +347,9 @@ <category>Services</category> <pkginfolink>https://doc.pfsense.org/index.php/PHPService</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/phpservice/phpservice.xml</config_file> - <version>0.5.1</version> + <version>0.5.2</version> <status>BETA</status> <required_version>2.2</required_version> - <maintainer>markjcrane@gmail.com</maintainer> <configurationfile>phpservice.xml</configurationfile> <maximum_version>2.2.999</maximum_version> </package> @@ -810,7 +809,7 @@ <category>Security</category> <depends_on_package_pbi>nmap-6.47-##ARCH##.pbi</depends_on_package_pbi> <config_file>https://packages.pfsense.org/packages/config/nmap/nmap.xml</config_file> - <version>1.4</version> + <version>1.4.1</version> <status>RELEASE</status> <pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink> <required_version>2.2</required_version> @@ -1354,7 +1353,7 @@ </build_pbi> <build_options>nrpe_SET_FORCE=SSL;nrpe_UNSET_FORCE=ARGS</build_options> <config_file>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.xml</config_file> - <version>2.2.5</version> + <version>2.2.6</version> <status>BETA</status> <required_version>2.2.1</required_version> <maintainer>erik@erikkristensen.com</maintainer> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 105334e6..520fb3b0 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -409,10 +409,9 @@ <pkginfolink>https://doc.pfsense.org/index.php/PHPService</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/phpservice/phpservice.xml</config_file> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <version>0.4.2</version> + <version>0.5.2</version> <status>Beta</status> - <required_version>1.2.1</required_version> - <maintainer>markjcrane@gmail.com</maintainer> + <required_version>2.1</required_version> <configurationfile>phpservice.xml</configurationfile> </package> <package> @@ -849,10 +848,10 @@ <depends_on_package>nmap-6.25_1.tbz</depends_on_package> <depends_on_package_pbi>nmap-6.40_2-i386.pbi</depends_on_package_pbi> <config_file>https://packages.pfsense.org/packages/config/nmap/nmap.xml</config_file> - <version>nmap-6.40_2 pkg v1.3</version> + <version>6.40_2 pkg v1.4.1</version> <status>Stable</status> <pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink> - <required_version>2.0</required_version> + <required_version>2.1</required_version> <configurationfile>nmap.xml</configurationfile> <build_port_path>/usr/ports/security/nmap</build_port_path> <depends_on_package>libpcap-1.2.1.tbz</depends_on_package> @@ -1456,9 +1455,9 @@ </build_pbi> <build_options>nrpe_SET=SSL;nrpe_UNSET_FORCE=ARGS</build_options> <config_file>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.xml</config_file> - <version>2.12_4 v2.2_4</version> + <version>2.13_2 pkg v2.2.6</version> <status>Beta</status> - <required_version>1.2</required_version> + <required_version>2.1</required_version> <maintainer>erik@erikkristensen.com</maintainer> <configurationfile>nrpe2.xml</configurationfile> </package> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 1a9ba54a..a452835b 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -396,10 +396,9 @@ <pkginfolink>https://doc.pfsense.org/index.php/PHPService</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/phpservice/phpservice.xml</config_file> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <version>0.4.2</version> + <version>0.5.2</version> <status>Beta</status> - <required_version>1.2.1</required_version> - <maintainer>markjcrane@gmail.com</maintainer> + <required_version>2.1</required_version> <configurationfile>phpservice.xml</configurationfile> </package> <package> @@ -836,10 +835,10 @@ <depends_on_package>nmap-6.25_1.tbz</depends_on_package> <depends_on_package_pbi>nmap-6.40_2-amd64.pbi</depends_on_package_pbi> <config_file>https://packages.pfsense.org/packages/config/nmap/nmap.xml</config_file> - <version>nmap-6.40_2 pkg v1.3</version> + <version>6.40_2 pkg v1.4.1</version> <status>Stable</status> <pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink> - <required_version>2.0</required_version> + <required_version>2.1</required_version> <configurationfile>nmap.xml</configurationfile> <build_port_path>/usr/ports/security/nmap</build_port_path> <depends_on_package>libpcap-1.2.1.tbz</depends_on_package> @@ -1443,9 +1442,9 @@ </build_pbi> <build_options>nrpe_SET=SSL;nrpe_UNSET_FORCE=ARGS</build_options> <config_file>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.xml</config_file> - <version>2.12_4 v2.2_4</version> + <version>2.13_2 pkg v2.2.6</version> <status>Beta</status> - <required_version>1.2</required_version> + <required_version>2.1</required_version> <maintainer>erik@erikkristensen.com</maintainer> <configurationfile>nrpe2.xml</configurationfile> </package> |