diff options
| -rw-r--r-- | config/apcupsd/apcupsd.xml | 2 | ||||
| -rwxr-xr-x | config/apcupsd/apcupsd_mail.php | 2 | ||||
| -rw-r--r-- | config/lightsquid/lightsquid.inc | 3 | ||||
| -rw-r--r-- | config/lightsquid/lightsquid.xml | 2 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.inc | 109 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.php | 16 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.sh | 72 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng.xml | 1 | ||||
| -rw-r--r-- | config/pfblockerng/pfblockerng_alerts.php | 436 | ||||
| -rw-r--r-- | config/snort/snort_alerts.widget.php | 8 | ||||
| -rw-r--r-- | config/vhosts/vhosts.inc | 4 | ||||
| -rw-r--r-- | config/zabbix-lts/zabbix-agent-lts.xml | 179 | ||||
| -rw-r--r-- | config/zabbix-lts/zabbix-lts.inc | 360 | ||||
| -rw-r--r-- | config/zabbix-lts/zabbix-proxy-lts.xml | 150 | ||||
| -rw-r--r-- | pkg_config.10.xml | 61 | ||||
| -rw-r--r-- | pkg_config.8.xml | 4 | ||||
| -rw-r--r-- | pkg_config.8.xml.amd64 | 4 |
17 files changed, 1249 insertions, 164 deletions
diff --git a/config/apcupsd/apcupsd.xml b/config/apcupsd/apcupsd.xml index 8a42f352..0b2a96e0 100644 --- a/config/apcupsd/apcupsd.xml +++ b/config/apcupsd/apcupsd.xml @@ -40,7 +40,7 @@ <name>Apcupsd</name> <title>Services: Apcupsd (General)</title> <category>Monitoring</category> - <version>0.3.2</version> + <version>0.3.3</version> <include_file>/usr/local/pkg/apcupsd.inc</include_file> <addedit_string>Apcupsd has been created/modified.</addedit_string> <delete_string>Apcupsd has been deleted.</delete_string> diff --git a/config/apcupsd/apcupsd_mail.php b/config/apcupsd/apcupsd_mail.php index d5b97f92..3b13309c 100755 --- a/config/apcupsd/apcupsd_mail.php +++ b/config/apcupsd/apcupsd_mail.php @@ -29,7 +29,7 @@ require_once("pkg-utils.inc"); require_once("globals.inc"); -require_once("phpmailer/class.phpmailer.php"); +require_once("phpmailer/PHPMailerAutoload.php"); global $config, $g; diff --git a/config/lightsquid/lightsquid.inc b/config/lightsquid/lightsquid.inc index 399e0572..054713a1 100644 --- a/config/lightsquid/lightsquid.inc +++ b/config/lightsquid/lightsquid.inc @@ -175,6 +175,9 @@ function lightsquid_resync() { if (!file_exists("/usr/bin/perl")) mwexec("ln -s /usr/local/bin/perl /usr/bin/perl"); + // Fixup library path so GD can find its libraries for graphs. + mwexec("/sbin/ldconfig -m " . LIGHTSQUID_BASE . "/lib/"); + // create lightsquid report catalog if (!file_exists(LS_REPORTPATH)) { update_log("lightsquid_install: Create report dir " . LS_REPORTPATH); diff --git a/config/lightsquid/lightsquid.xml b/config/lightsquid/lightsquid.xml index 0f6baf37..63eaabe4 100644 --- a/config/lightsquid/lightsquid.xml +++ b/config/lightsquid/lightsquid.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>lightsquid</name> - <version>1.8.2 pkg v.2.34</version> + <version>1.8.2 pkg v.2.35</version> <title>Services: Proxy Reports (LightSquid, SQStat) -> Settings</title> <category>Status</category> <include_file>/usr/local/pkg/lightsquid.inc</include_file> diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc index a1ee6abc..6ee9592a 100644 --- a/config/pfblockerng/pfblockerng.inc +++ b/config/pfblockerng/pfblockerng.inc @@ -78,6 +78,7 @@ function pfb_global() { $pfb['log'] = "{$pfb['logdir']}/pfblockerng.log"; $pfb['supptxt'] = "{$pfb['dbdir']}/pfbsuppression.txt"; $pfb['script'] = 'sh /usr/local/pkg/pfblockerng/pfblockerng.sh'; + $pfb['aliasarchive'] = "/usr/pbi/pfblockerng-" . php_uname("m") . "/etc/aliastables.tar.bz2"; # General Variables $pfb['config'] = $config['installedpackages']['pfblockerng']['config'][0]; @@ -334,6 +335,58 @@ function ip_range_to_subnet_array_temp2($ip1, $ip2) { } +// Archive Aliastables for NanoBSD and RAMDisk Installations +function pfb_aliastables($mode) { + global $g,$config,$pfb; + $earlyshellcmd = "/usr/local/pkg/pfblockerng/pfblockerng.sh aliastables"; + $msg = ""; + + // Only Execute function if Platform is NanoBSD or Ramdisks are used. + if (($g['platform'] != "pfSense") || isset($config['system']['use_mfs_tmpvar'])) { + conf_mount_rw(); + if ($mode == "update") { + // Archive Aliastable Folder + exec ("cd {$pfb['aliasdir']}; ls -A pfB_*.txt && /usr/bin/tar -jcvf {$pfb['aliasarchive']} pfB_*.txt >/dev/null 2>&1"); + $msg = "\n\nArchiving Aliastable Folder\n"; + } + elseif ($mode == "conf") { + // Check conf file for earlyshellcmd + if (is_array($config['system']['earlyshellcmd'])) { + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (!preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) { + $a_earlyshellcmd[] = "{$earlyshellcmd}"; + $msg = "\n** Adding earlyshellcmd **\n"; + } + } + else { + $config['system']['earlyshellcmd'] = "{$earlyshellcmd}"; + $msg = "\n** Adding earlyshellcmd **\n"; + } + } + conf_mount_ro(); + } + else { + if (file_exists("{$pfb['aliasarchive']}")) { + // Remove Aliastables archive if found. + conf_mount_rw(); + @unlink_if_exists("{$pfb['aliasarchive']}"); + conf_mount_ro(); + } + // Remove earlyshellcmd if found. + if (is_array($config['system']['earlyshellcmd'])) { + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) { + $a_earlyshellcmd = preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd, PREG_GREP_INVERT); + $msg = "\n** Removing earlyshellcmd **\n"; + } + } + } + + if ($msg != "") + pfb_logger("{$msg}","1"); +} + + # Main pfBlockerNG Function function sync_package_pfblockerng($cron = "") { @@ -365,14 +418,8 @@ function sync_package_pfblockerng($cron = "") { } } - # TBC if Required ! (Fetch Timeout in 2.2) - - #apply fetch timeout to pfsense-utils.inc - $pfsense_utils = file_get_contents('/etc/inc/pfsense-utils.inc'); - $new_pfsense_utils = preg_replace("/\/usr\/bin\/fetch -q/","/usr/bin/fetch -T 5 -q",$pfsense_utils); - if ($new_pfsense_utils != $pfsense_utils) { - @file_put_contents('/etc/inc/pfsense-utils.inc',$new_pfsense_utils, LOCK_EX); - } + // Call function for NanoBSD/Ramdisk processes. + pfb_aliastables("conf"); # Collect pfSense Max Table Size Entry $pfb['table_limit'] = ($config['system']['maximumtableentries'] != "" ? $config['system']['maximumtableentries'] : "2000000"); @@ -1173,7 +1220,7 @@ function sync_package_pfblockerng($cron = "") { $pattern8 = '[A-Fa-f0-9]{1,4}:[A-Fa-f0-9]{1,4}:[A-Fa-f0-9]{1,4}::\/[0-9]{2}'; $pattern9 = '[A-Fa-f0-9]{1,4}:([A-Fa-f0-9]{1,4}::)\/[0-9]{2}'; $pattern10 = '[A-Fa-f0-9]{1,4}::\/[0-9]{2}'; - $pfb['ipv6'] = "/^($pattern1)$|^($pattern2)$|^($pattern3)$|^($pattern4)$|^($pattern5)$|^($pattern6)$|^($pattern7)$|^($pattern8)$|^($pattern9)$|^($pattern10)$/"; + $pfb['ipv6'] = "/($pattern1)|($pattern2)|($pattern3)|($pattern4)|($pattern5)|($pattern6)|($pattern7)|($pattern8)|($pattern9)|($pattern10)/"; $pfb['supp_update'] = FALSE; $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); @@ -2191,6 +2238,7 @@ function sync_package_pfblockerng($cron = "") { unset ($other_rules,$fother_rules,$permit_rules,$fpermit_rules,$match_rules,$fmatch_rules); } + ################################# # Closing Processes # ################################# @@ -2223,6 +2271,9 @@ function sync_package_pfblockerng($cron = "") { #load filter file which will create the pfctl tables filter_configure(); + + // Call function for NanoBSD/Ramdisk processes. + pfb_aliastables("update"); } else { # Don't Execute on User 'Save' if (!$pfb['save']) { @@ -2253,8 +2304,11 @@ function sync_package_pfblockerng($cron = "") { $log = implode($result_pfctl); pfb_logger("{$log}","1"); } + + // Call function for NanoBSD/Ramdisk processes. + pfb_aliastables("update"); } else { - $log = "\n No Changes to Aliases, Skipping pfctl Update \n"; + $log = "\nNo Changes to Aliases, Skipping pfctl Update \n"; pfb_logger("{$log}","1"); } } @@ -2282,7 +2336,7 @@ function sync_package_pfblockerng($cron = "") { ######################################### - # Define/Apply CRON Jobs # + # Define/Apply CRON Jobs # ######################################### # Clear any existing pfBlockerNG Cron Jobs @@ -2291,13 +2345,13 @@ function sync_package_pfblockerng($cron = "") { # Replace Cron job with any User Changes to $pfb_min if ($pfb['enable'] == "on") { # Define pfBlockerNG CRON Job - $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1"; + $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1"; # $pfb['min'] ( User Defined Variable. Variable defined at start of Script ) - $pfb_hour = "*"; - $pfb_mday = "*"; - $pfb_month = "*"; - $pfb_wday = "*"; - $pfb_who = "root"; + $pfb_hour = "*"; + $pfb_mday = "*"; + $pfb_month = "*"; + $pfb_wday = "*"; + $pfb_who = "root"; install_cron_job($pfb_cmd, true, $pfb['min'], $pfb_hour, $pfb_mday, $pfb_month, $pfb_wday, $pfb_who); } @@ -2311,12 +2365,12 @@ function sync_package_pfblockerng($cron = "") { # MaxMind GeoIP Cron Hour is randomized between 0-23 Hour to minimize effect on MaxMind Website - $pfb_gmin = "0"; - $pfb_ghour = rand(0,23); - $pfb_gmday = "1,2,3,4,5,6,7"; - $pfb_gmonth = "*"; - $pfb_gwday = "2"; - $pfb_gwho = "root"; + $pfb_gmin = "0"; + $pfb_ghour = rand(0,23); + $pfb_gmday = "1,2,3,4,5,6,7"; + $pfb_gmonth = "*"; + $pfb_gwday = "2"; + $pfb_gwho = "root"; install_cron_job($pfb_gcmd, true, $pfb_gmin, $pfb_ghour, $pfb_gmday, $pfb_gmonth, $pfb_gwday, $pfb_gwho); } @@ -2413,6 +2467,15 @@ function pfblockerng_php_deinstall_command() { rmdir_recursive("{$pfb['dbdir']}"); rmdir_recursive("{$pfb['logdir']}"); + // Remove Aliastables archive and earlyshellcmd if found. + @unlink_if_exists("{$pfb['aliasarchive']}"); + if (is_array($config['system']['earlyshellcmd'])) { + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) { + $a_earlyshellcmd = preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd, PREG_GREP_INVERT); + } + } + # Remove Settings from Config if (is_array($config['installedpackages']['pfblockerng'])) unset($config['installedpackages']['pfblockerng']); diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php index 0ca3aa7d..1dec1520 100644 --- a/config/pfblockerng/pfblockerng.php +++ b/config/pfblockerng/pfblockerng.php @@ -251,7 +251,7 @@ if ($argv[1] == 'gc') { } if ($argv[1] == 'cron') { - $hour = date('H'); + $hour = date('G'); $dow = date('N'); $pfb['update_cron'] = FALSE; @@ -270,7 +270,7 @@ if ($argv[1] == 'cron') { $sch2 = strval($shour); for ($i=0; $i<11; $i++) { $shour += 2; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch2 .= "," . strval($shour); } @@ -280,7 +280,7 @@ if ($argv[1] == 'cron') { $sch3 = strval($shour); for ($i=0; $i<7; $i++) { $shour += 3; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch3 .= "," . strval($shour); } @@ -290,7 +290,7 @@ if ($argv[1] == 'cron') { $sch4 = strval($shour); for ($i=0; $i<5; $i++) { $shour += 4; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch4 .= "," . strval($shour); } @@ -300,7 +300,7 @@ if ($argv[1] == 'cron') { $sch6 = strval($shour); for ($i=0; $i<3; $i++) { $shour += 6; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch6 .= "," . strval($shour); } @@ -310,7 +310,7 @@ if ($argv[1] == 'cron') { $sch8 = strval($shour); for ($i=0; $i<2; $i++) { $shour += 8; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch8 .= "," . strval($shour); } @@ -319,7 +319,7 @@ if ($argv[1] == 'cron') { $shour = intval(substr($pfb['hour'], 0, 2)); $sch12 = strval($shour) . ","; $shour += 12; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch12 .= strval($shour); @@ -1480,4 +1480,4 @@ EOF; // Unset Arrays unset ($roptions4, $et_options, $xmlrep); } -?>
\ No newline at end of file +?> diff --git a/config/pfblockerng/pfblockerng.sh b/config/pfblockerng/pfblockerng.sh index cc11be6b..fd0a2f4a 100644 --- a/config/pfblockerng/pfblockerng.sh +++ b/config/pfblockerng/pfblockerng.sh @@ -35,6 +35,7 @@ etblock=$(echo $8 | sed 's/,/, /g') etmatch=$(echo $9 | sed 's/,/, /g') # File Locations +aliasarchive="/usr/pbi/pfblockerng-$mtype/etc/aliastables.tar.bz2" pathgeoipdat=/usr/pbi/pfblockerng-$mtype/share/GeoIP/GeoIP.dat pfbsuppression=/var/db/pfblockerng/pfbsuppression.txt masterfile=/var/db/pfblockerng/masterfile @@ -46,6 +47,7 @@ errorlog=/var/log/pfblockerng/error.log etdir=/var/db/pfblockerng/ET tmpxlsx=/tmp/xlsx/ +pfbdbdir=/var/db/pfblockerng/ pfbdeny=/var/db/pfblockerng/deny/ pfborig=/var/db/pfblockerng/original/ pfbmatch=/var/db/pfblockerng/match/ @@ -65,6 +67,17 @@ syncfile=/tmp/pfbsyncfile matchfile=/tmp/pfbmatchfile tempmatchfile=/tmp/pfbtempmatchfile +PLATFORM=`cat /etc/platform` +USE_MFS_TMPVAR=`/usr/bin/grep -c use_mfs_tmpvar /cf/conf/config.xml` +DISK_NAME=`/bin/df /var/db/rrd | /usr/bin/tail -1 | /usr/bin/awk '{print $1;}'` +DISK_TYPE=`/usr/bin/basename ${DISK_NAME} | /usr/bin/cut -c1-2` + +if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then + /usr/local/bin/php /etc/rc.conf_mount_rw >/dev/null 2>&1 + if [ ! -d $pfbdbdir ]; then mkdir $pfbdbdir; fi + if [ ! -d $pfsense_alias_dir ]; then mkdir $pfsense_alias_dir; fi +fi + if [ ! -f $masterfile ]; then touch $masterfile; fi if [ ! -f $mastercat ]; then touch $mastercat; fi if [ ! -f $tempfile ]; then touch $tempfile; fi @@ -79,6 +92,16 @@ if [ ! -d $pfbmatch ]; then mkdir $pfbmatch; fi if [ ! -d $etdir ]; then mkdir $etdir; fi if [ ! -d $tmpxlsx ]; then mkdir $tmpxlsx; fi + +# Exit Function to set mount RO if required before Exiting +exitnow() { + if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then + /usr/local/bin/php /etc/rc.conf_mount_ro >/dev/null 2>&1 + fi + exit +} + + ########## # Process to condense an IP range if a "Max" amount of IP addresses are found in a /24 range per Alias Group. process24() { @@ -86,7 +109,7 @@ process24() { if [ ! -x $pathgeoip ]; then echo "Process24 - Application [ GeoIP ] Not found. Can't proceed." echo "Process24 - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi # Download MaxMind GeoIP.dat Binary on first Install. @@ -98,7 +121,7 @@ fi if [ ! -f $pathgeoipdat ]; then echo "Process24 - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." echo "Process24 - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi count=$(grep -c ^ $pfbdeny$alias".txt") @@ -192,6 +215,7 @@ echo "-------------------------------------------------------" cocount=$(grep -cv "^1\.1\.1\.1" $pfbdeny$alias".txt") echo "Post /24 Count [ $cocount ]"; echo fi +exitnow } @@ -247,6 +271,7 @@ printf "%-10s %-10s %-10s %-30s\n" "Original" "Masterfile" "Outfile" "Sanity Che echo "----------------------------------------------------------" printf "%-10s %-10s %-10s %-30s\n" "$countg" "$countm" "$counto" " [ $sanity ]" echo "----------------------------------------------------------" +exitnow } @@ -257,7 +282,7 @@ suppress() { if [ ! -x $pathgrepcidr ]; then echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" >> errorlog - exit + exitnow fi if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then @@ -270,7 +295,7 @@ if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then echo; echo "===[ Suppression Stats ]========================================"; echo printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile" echo "----------------------------------------------------------------" - exit + exitnow fi for i in $cc; do @@ -342,7 +367,7 @@ else echo "===[ Suppression Stats ]========================================"; echo printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile" echo "----------------------------------------------------------------" - exit + exitnow fi for i in $cc; do alias=$(echo "${i%|*}") @@ -372,6 +397,7 @@ else fi done fi +exitnow } @@ -382,7 +408,7 @@ duplicate() { if [ ! -x $pathgrepcidr ]; then echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" >> errorlog - exit + exitnow fi dupcheck=yes @@ -415,6 +441,7 @@ printf "%-10s %-10s %-10s %-30s\n" "Original" "Masterfile" "Outfile" " [ Post Du echo "----------------------------------------------------------" printf "%-10s %-10s %-10s %-30s\n" "$countg" "$countm" "$counto" " [ $sanity ]" echo "----------------------------------------------------------" +exitnow } @@ -425,7 +452,7 @@ deduplication() { if [ ! -x $pathgeoip ]; then echo "d-duplication - Application [ GeoIP ] Not found. Can't proceed." echo "d-duplication - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi # Download MaxMind GeoIP.dat on first Install. @@ -438,7 +465,7 @@ fi if [ ! -f $pathgeoipdat ]; then echo "d-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." echo "d-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi > $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; > $matchfile; > $tempmatchfile; count=0; dcount=0; mcount=0; mmcount=0 @@ -541,6 +568,7 @@ echo " [ Post d-Deduplication count ] [ $count ]"; echo # Write "1.1.1.1" to empty Final Blocklist Files emptyfiles=$(find $pfbdeny -size 0) for i in $emptyfiles; do echo "1.1.1.1" > $i; done +exitnow } @@ -551,7 +579,7 @@ pdeduplication(){ if [ ! -x $pathgeoip ]; then echo "p-duplication - Application [ GeoIP ] Not found. Can't proceed." echo "p-duplication - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi # Download MaxMind GeoIP.dat on first Install. @@ -563,7 +591,7 @@ fi if [ ! -f $pathgeoipdat ]; then echo "p-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." echo "p-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi > $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; count=0; dcount=0 @@ -616,6 +644,7 @@ echo; echo " [ Post p-Deduplication count ] [ $count ]" # Write "1.1.1.1" to empty Final Blocklist Files emptyfiles=$(find $pfbdeny -size 0) for i in $emptyfiles; do echo "1.1.1.1" > $i; done +exitnow } @@ -626,7 +655,7 @@ processet() { if [ ! -x $pathgunzip ]; then echo "Application [ Gunzip ] Not found, Can't proceed." echo "Application [ Gunzip ] Not found, Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi if [ -s $pfborig$alias".gz" ]; then @@ -714,6 +743,7 @@ if [ -s $pfborig$alias".gz" ]; then else echo; echo "No ET .GZ File Found!" fi +exitnow } # Process to extract IP addresses from XLSX Files @@ -722,7 +752,7 @@ processxlsx() { if [ ! -x $pathtar ]; then echo "Application [ TAR ] Not found, Can't proceed." echo "Application [ TAR ] Not found, Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi if [ -s $pfborig$alias".zip" ]; then @@ -738,6 +768,7 @@ else echo "XLSX Download File Missing" echo " [ $alias ] XLSX Download File Missing [ $now ]" >> $errorlog fi +exitnow } closingprocess() { @@ -856,6 +887,7 @@ echo; echo "pfSense Table Stats"; echo "-------------------" $pathpfctl -s memory | grep "table-entries" pfctlcount=$($pathpfctl -vvsTables | awk '/Addresses/ {s+=$2}; END {print s}') echo "Table Usage Count " $pfctlcount +exitnow } remove() { @@ -883,6 +915,15 @@ emptychk=$(find $masterfile -size 0) if [ ! "$emptychk" == "" ]; then rm -r $masterfile; rm -r $mastercat fi +exitnow +} + +# Process to restore aliasables from archive on reboot ( NanoBSD and Ramdisk Installations only ) +aliastables() { + if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then + [ -f $aliasarchive ] && cd $pfsense_alias_dir && /usr/bin/tar -jxvf $aliasarchive + fi + exitnow } @@ -920,8 +961,11 @@ case $1 in remove) remove ;; + aliastables) + aliastables + ;; *) - exit + exitnow ;; esac -exit
\ No newline at end of file +exitnow
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml index 54c6c061..bdfecd96 100644 --- a/config/pfblockerng/pfblockerng.xml +++ b/config/pfblockerng/pfblockerng.xml @@ -234,6 +234,7 @@ <fieldname>pfb_keep</fieldname> <type>checkbox</type> <description>Keep Settings and Lists intact when pfBlockerNG is Disabled or After pfBlockerNG Re-Install/De-Install</description> + <default_value>on</default_value> </field> <field> <fielddescr>CRON MIN Start Time</fielddescr> diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php index f03f7040..dd968bfc 100644 --- a/config/pfblockerng/pfblockerng_alerts.php +++ b/config/pfblockerng/pfblockerng_alerts.php @@ -41,8 +41,12 @@ // Auto-Resolve Hostnames if (isset($_REQUEST['getpfhostname'])) { - $getpfhostname = htmlspecialchars($_REQUEST['getpfhostname']); - $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES); + $getpfhostname = trim(htmlspecialchars($_REQUEST['getpfhostname'])); + if (strlen($getpfhostname) >= 8) { + $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES); + } else { + $hostname = $getpfhostname; + } if ($hostname == $getpfhostname) { $hostname = 'unknown'; } @@ -52,9 +56,8 @@ if (isset($_REQUEST['getpfhostname'])) { require_once("util.inc"); require_once("guiconfig.inc"); -require_once("filter_log.inc"); require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); - +global $rule_list; pfb_global(); // Application Paths @@ -66,6 +69,9 @@ $filter_logfile = "{$g['varlog_path']}/filter.log"; $pathgeoipdat = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIP.dat"; $pathgeoipdat6 = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIPv6.dat"; +// Define Alerts Log filter Rollup window variable. (Alert Filtering Code adapted from B.Meeks - Snort Package) +$pfb['filterlogentries'] = FALSE; + // Emerging Threats IQRisk Header Name Reference $pfb['et_header'] = TRUE; $et_header = $config['installedpackages']['pfblockerngreputation']['config'][0]['et_header']; @@ -88,11 +94,11 @@ $rule_list = array(); $results = array(); $data = exec ("/sbin/pfctl -vv -sr | grep 'pfB_'", $results); -if (empty($config['installedpackages']['pfblockerngglobal']['pfbdenycnt'])) +if (!isset($config['installedpackages']['pfblockerngglobal']['pfbdenycnt'])) $config['installedpackages']['pfblockerngglobal']['pfbdenycnt'] = '25'; -if (empty($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'])) +if (!isset($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'])) $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'] = '5'; -if (empty($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'])) +if (!isset($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'])) $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'] = '5'; if (empty($config['installedpackages']['pfblockerngglobal']['alertrefresh'])) $config['installedpackages']['pfblockerngglobal']['alertrefresh'] = 'off'; @@ -124,6 +130,53 @@ if (is_array($config['installedpackages']['pfblockerngglobal'])) { $pfbmatchcnt = $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt']; } + +function pfb_match_filter_field($flent, $fields) { + foreach ($fields as $key => $field) { + if ($field == null) + continue; + if ((strpos($field, '!') === 0)) { + $field = substr($field, 1); + $field_regex = str_replace('/', '\/', str_replace('\/', '/', $field)); + if (@preg_match("/{$field_regex}/i", $flent[$key])) + return false; + } + else { + $field_regex = str_replace('/', '\/', str_replace('\/', '/', $field)); + if (!@preg_match("/{$field_regex}/i", $flent[$key])) + return false; + } + } + return true; +} + + +if ($_POST['filterlogentries_submit']) { + // Set flag for filtering alert entries + $pfb['filterlogentries'] = TRUE; + + // Note the order of these fields must match the order decoded from the alerts log + $filterfieldsarray = array(); + $filterfieldsarray[0] = $_POST['filterlogentries_rule'] ? $_POST['filterlogentries_rule'] : null; + $filterfieldsarray[2] = $_POST['filterlogentries_int'] ? $_POST['filterlogentries_int'] : null; + $filterfieldsarray[6] = strtolower($_POST['filterlogentries_proto']) ? $_POST['filterlogentries_proto'] : null; + + // Remove any zero-length spaces added to the IP address that could creep in from a copy-paste operation + $filterfieldsarray[7] = $_POST['filterlogentries_srcip'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_srcip']) : null; + $filterfieldsarray[8] = $_POST['filterlogentries_dstip'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_dstip']) : null; + + $filterfieldsarray[9] = $_POST['filterlogentries_srcport'] ? $_POST['filterlogentries_srcport'] : null; + $filterfieldsarray[10] = $_POST['filterlogentries_dstport'] ? $_POST['filterlogentries_dstport'] : null; + $filterfieldsarray[99] = $_POST['filterlogentries_date'] ? $_POST['filterlogentries_date'] : null; +} + + +if ($_POST['filterlogentries_clear']) { + $pfb['filterlogentries'] = TRUE; + $filterfieldsarray = array(); +} + + // Collect pfBlockerNG Firewall Rules if (!empty($results)) { foreach ($results as $result) { @@ -293,6 +346,112 @@ function check_lan_dest($lan_ip,$lan_mask,$dest_ip,$dest_mask="32") { } +// Parse Filter log for pfBlockerNG Alerts +function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt) { + global $pfb, $rule_list, $filterfieldsarray; + $fields_array = array(); + $logarr = ""; + $denycnt = 0; + $permitcnt = 0; + $matchcnt = 0; + + if (file_exists($logfile)) { + exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/grep 'filterlog:' | /usr/bin/tail -r -n {$tail}", $logarr); + } + else return; + + if (!empty($logarr) && !empty($rule_list['id'])) { + foreach ($logarr as $logent) { + $pfbalert = array(); + $log_split = ""; + + if (!preg_match("/(.*)\s(.*)\sfilterlog:\s(.*)$/", $logent, $log_split)) + continue; + + list($all, $pfbalert[99], $host, $rule) = $log_split; + $rule_data = explode(",", $rule); + $pfbalert[0] = $rule_data[0]; // Rulenum + + // Skip Alert if Rule is not a pfBNG Alert + if (!in_array($pfbalert[0], $rule_list['id'])) + continue; + + $pfbalert[1] = $rule_data[4]; // Realint + $pfbalert[3] = $rule_data[6]; // Act + $pfbalert[4] = $rule_data[8]; // Version + + if ($pfbalert[4] == "4") { + $pfbalert[5] = $rule_data[15]; // Protocol ID + $pfbalert[6] = $rule_data[16]; // Protocol + $pfbalert[7] = $rule_data[18]; // SRC IP + $pfbalert[8] = $rule_data[19]; // DST IP + $pfbalert[9] = $rule_data[20]; // SRC Port + $pfbalert[10] = $rule_data[21]; // DST Port + $pfbalert[11] = $rule_data[23]; // TCP Flags + } else { + $pfbalert[5] = $rule_data[13]; // Protocol ID + $pfbalert[6] = $rule_data[12]; // Protocol + $pfbalert[7] = $rule_data[15]; // SRC IP + $pfbalert[8] = $rule_data[16]; // DST IP + $pfbalert[9] = $rule_data[17]; // SRC Port + $pfbalert[10] = $rule_data[18]; // DST Port + $pfbalert[11] = $rule_data[20]; // TCP Flags + } + + if ($pfbalert[5] == "6" || $pfbalert[5] == "17") { + // skip + } else { + $pfbalert[9] = ""; + $pfbalert[10] = ""; + $pfbalert[11] = ""; + } + + // Skip Repeated Alerts + if (($pfbalert[3] . $pfbalert[8] . $pfbalert[10]) == $previous_dstip || ($pfbalert[3] . $pfbalert[7] . $pfbalert[9]) == $previous_srcip) + continue; + + $pfbalert[2] = convert_real_interface_to_friendly_descr($rule_data[4]); // Friendly Interface Name + $pfbalert[6] = str_replace("TCP", "TCP-", strtoupper($pfbalert[6]), $pfbalert[6]) . $pfbalert[11]; // Protocol Flags + + // If Alerts Filtering is selected, process Filters as required. + if ($pfb['filterlogentries'] && !pfb_match_filter_field($pfbalert, $filterfieldsarray)) { + continue; + } + + if ($pfbalert[3] == "block") { + if ($denycnt < $pfbdenycnt) { + $fields_array['Deny'][] = $pfbalert; + $denycnt++; + } + } + elseif ($pfbalert[3] == "pass") { + if ($permitcnt < $pfbpermitcnt) { + $fields_array['Permit'][] = $pfbalert; + $permitcnt++; + } + } + elseif ($pfbalert[3] == "unkn(%u)" || $pfbalert[3] == "unkn(11)") { + if ($matchcnt < $pfbmatchcnt) { + $fields_array['Match'][] = $pfbalert; + $matchcnt++; + } + } + + // Exit function if Sufficinet Matches found. + if ($denycnt >= $pfbdenycnt && $permitcnt >= $pfbpermitcnt && $matchcnt >= $pfbmatchcnt) { + unset ($pfbalert, $logarr); + return $fields_array; + } + + // Collect Details for Repeated Alert Comparison + $previous_srcip = $pfbalert[3] . $pfbalert[7] . $pfbalert[9]; + $previous_dstip = $pfbalert[3] . $pfbalert[8] . $pfbalert[10]; + } + unset ($pfbalert, $logarr); + return $fields_array; + } +} + $pgtitle = gettext("pfBlockerNG: Alerts"); include_once("head.inc"); ?> @@ -341,7 +500,7 @@ if ($savemsg) { </tr> <tr> <td><div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="4"> <tr> <td colspan="3" class="vncell" align="left"><?php echo gettext("LINKS :"); ?> <a href='/firewall_aliases.php' target="_blank"><?php echo gettext("Firewall Alias"); ?></a> @@ -369,6 +528,70 @@ if ($savemsg) { <?php printf(gettext("Currently Suppressing %s$pfbsupp_cnt%s Hosts."), '<strong>', '</strong>');?> </td> </tr> + <tr> + <td colspan="3" class="listtopic"><?php echo gettext("Alert Log View Filter"); ?></td> + </tr> + <tr id="filter_enable_row" style="display:<?php if (!$pfb['filterlogentries']) {echo "table-row;";} else {echo "none;";} ?>"> + <td width="10%" class="vncell"><?php echo gettext('Filter Options'); ?></td> + <td width="90%" class="vtable"> + <input name="show_filter" id="show_filter" type="button" class="formbtns" value="<?=gettext("Show Filter");?>" onclick="enable_showFilter();" /> + <?=gettext("Click to display advanced filtering options dialog");?> + </td> + </tr> + <tr id="filter_options_row" style="display:<?php if (!$pfb['filterlogentries']) {echo "none;";} else {echo "table-row;";} ?>"> + <td colspan="2"> + <table width="100%" border="0" cellspacing="0" cellpadding="1" summary="action"> + <tr> + <td valign="top"> + <div align="center"><?=gettext("Date");?></div> + <div align="center"><input id="filterlogentries_date" name="filterlogentries_date" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[99] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Interface");?></div> + <div align="center"><input id="filterlogentries_int" name="filterlogentries_int" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[2] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Rule Number Only");?></div> + <div align="center"><input id="filterlogentries_rule" name="filterlogentries_rule" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[0] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Protocol");?></div> + <div align="center"><input id="filterlogentries_proto" name="filterlogentries_proto" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[6] ?>" /></div> + </td> + </tr> + <tr> + <td valign="top"> + <div align="center"><?=gettext("Source IP Address");?></div> + <div align="center"><input id="filterlogentries_srcip" name="filterlogentries_srcip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[7] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Source Port");?></div> + <div align="center"><input id="filterlogentries_srcport" name="filterlogentries_srcport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[9] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Destination IP Address");?></div> + <div align="center"><input id="filterlogentries_dstip" name="filterlogentries_dstip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[8] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Destination Port");?></div> + <div align="center"><input id="filterlogentries_dstport" name="filterlogentries_dstport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[10] ?>" /></div> + </td> + </tr> + <td colspan="5" style="vertical-align:bottom"> + <br /><?printf(gettext('Regex Style Matching Only! %1$s Regular Expression Help link%2$s.'), '<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">', '</a>');?> <?=gettext("Precede with exclamation (!) as first character to exclude match.) ");?> + <br /><?printf(gettext("Example: ( ^80$ - Match Port 80, ^80$|^8080$ - Match both port 80 & 8080 ) "));?><br /> + </tr> + <tr> + <td colspan="1" style="vertical-align:bottom"> + <div align="left"><input id="filterlogentries_submit" name="filterlogentries_submit" type="submit" class="formbtns" value="<?=gettext("Apply Filter");?>" title="<?=gettext("Apply filter"); ?>" /> + <input id="filterlogentries_clear" name="filterlogentries_clear" type="submit" class="formbtns" value="<?=gettext("Clear");?>" title="<?=gettext("Remove filter");?>" /> + <input id="filterlogentries_hide" name="filterlogentries_hide" type="button" class="formbtns" value="<?=gettext("Hide");?>" onclick="enable_hideFilter();" title="<?=gettext("Hide filter options");?>" /></div> + </td> + </tr> + </table> + </td> + </tr> + <!--Create Three Output Windows 'Deny', 'Permit' and 'Match'--> <?php foreach (array ("Deny" => $pfb['denydir'] . " " . $pfb['nativedir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ): switch($type) { @@ -394,16 +617,9 @@ if ($savemsg) { <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> <tr> <!--Print Table Info--> - <td colspan="2" class="listtopic"><?php printf(gettext(" {$type} - Last %s Alert Entries."), "{$pfbentries}"); ?> - <?php if ($pfb['pfsenseversion'] >= '2.2'): ?> - <?php if (!is_array($config['syslog']) || !array_key_exists("reverse", $config['syslog'])): ?> - <?php echo gettext("Firewall Logs must be in Reverse Order."); ?> - <?php endif; ?> - <?php else: ?> - <?php echo gettext("Firewall Rule changes can unsync these Alerts."); ?> - <?php if (!is_array($config['syslog']) || !array_key_exists("reverse", $config['syslog'])): ?> - <?php echo gettext("Firewall Logs must be in Reverse Order."); ?> - <?php endif; ?> + <td colspan="2" class="listtopic"><?php printf(gettext(" {$type} - Last %s Alert Entries."),"{$pfbentries}"); ?> + <?php if ($type == "Deny"): ?> + <?php echo gettext("Firewall Rule changes can unsync these Alerts."); ?> <?php endif; ?> </td> </tr> @@ -411,12 +627,12 @@ if ($savemsg) { <td width="100%" colspan="2"> <table id="pfbAlertsTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0"> <colgroup> - <col width="8%" align="center" axis="date"> + <col width="7%" align="center" axis="date"> <col width="6%" align="center" axis="string"> - <col width="16%" align="center" axis="string"> + <col width="15%" align="center" axis="string"> <col width="6%" align="center" axis="string"> - <col width="20%" align="center" axis="string"> - <col width="20%" align="center" axis="string"> + <col width="21%" align="center" axis="string"> + <col width="21%" align="center" axis="string"> <col width="3%" align="center" axis="string"> <col width="13%" align="center" axis="string"> </colgroup> @@ -450,9 +666,9 @@ if ($pfb['runonce']) { } else { $pfblines = (exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^") /2 ); } - $fields_array = conv_log_filter($filter_logfile, $pfblines, $pfblines); - $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top'); + $fields_array = conv_log_filter_lite($filter_logfile, $pfblines, $pfblines, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt); + $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top'); $supp_ip_txt .= "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24"; $supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon."; @@ -473,7 +689,10 @@ if ($pfb['runonce']) { // Collect Virtual IP Aliases for Inbound/Outbound List Matching if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $list) { - $pfb_local[] = $list['subnet']; + if ($list['type'] == "single" && $list['subnet_bits'] == "32") + $pfb_local[] = $list['subnet']; + elseif ($list['type'] == "single" || $list['type'] == "network") + $pfb_local = array_merge (subnet_expand ("{$list['subnet']}/{$list['subnet_bits']}"), $pfb_local); } } // Collect NAT IP Addresses for Inbound/Outbound List Matching @@ -514,30 +733,31 @@ if ($pfb['runonce']) { $counter = 0; // Process Fields_array and generate Output -if (!empty($fields_array)) { - foreach ($fields_array as $fields) { +if (!empty($fields_array[$type]) && !empty($rule_list)) { + $key = 0; + foreach ($fields_array[$type] as $fields) { $rulenum = ""; $alert_ip = ""; $supp_ip = ""; $pfb_query = ""; - $rulenum = $fields['rulenum']; - if ($fields['act'] == $rtype && !empty($rule_list) && in_array($rulenum, $rule_list['id']) && $counter < $pfbentries) { - - // Skip Repeated Events - if (($fields['dstip'] . $fields['dstport']) == $previous_dstip || ($fields['srcip'] . $fields['srcport']) == $previous_srcip) { - continue; - } - - $proto = str_replace("TCP", "TCP-", $fields['proto']) . $fields['tcpflags']; + /* Fields_array Reference [0] = Rulenum [6] = Protocol + [1] = Real Interface [7] = SRC IP + [2] = Friendly Interface Name [8] = DST IP + [3] = Action [9] = SRC Port + [4] = Version [10] = DST Port + [5] = Protocol ID [11] = Flags + [99] = Timestamp */ + $rulenum = $fields[0]; + if ($counter < $pfbentries) { // Cleanup Port Output - if ($fields['proto'] == "ICMP") { - $srcport = $fields['srcport']; - $dstport = $fields['dstport']; + if ($fields[6] == "ICMP" || $fields[6] == "ICMPV6") { + $srcport = ""; + $dstport = ""; } else { - $srcport = " :" . $fields['srcport']; - $dstport = " :" . $fields['dstport']; + $srcport = ":" . $fields[9]; + $dstport = ":" . $fields[10]; } // Don't add Suppress Icon to Country Block Lines @@ -546,16 +766,10 @@ if (!empty($fields_array)) { } // Add DNS Resolve and Suppression Icons to External IPs only. GeoIP Code to External IPs only. - if (in_array($fields['dstip'], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields['dstip'],"32")) { + if (in_array($fields[8], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields[8],"32")) { // Destination is Gateway/NAT/VIP $rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")"; - $host = $fields['srcip']; - - if (is_ipaddrv4($host)) { - $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); - } else { - $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); - } + $host = $fields[7]; $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\" " . gettext("Resolve host via Rev. DNS lookup"); $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" "; @@ -563,30 +777,22 @@ if (!empty($fields_array)) { if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; - $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\""; + $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\""; $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>"; } if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { - $hostname = getpfbhostname('src', $fields['srcip'], $counter); + $hostname = getpfbhostname('src', $fields[7], $counter); } else { $hostname = ""; } - $src_icons = $alert_ip . " " . $supp_ip . " "; - $dst_icons = ""; - $scc = $country; - $dcc = ""; + $src_icons = $alert_ip . " " . $supp_ip . " "; + $dst_icons = ""; } else { // Outbound $rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")"; - $host = $fields['dstip']; - - if (is_ipaddrv4($host)) { - $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); - } else { - $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); - } + $host = $fields[8]; $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\"" . gettext("Resolve host via Rev. DNS lookup"); $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" "; @@ -594,20 +800,25 @@ if (!empty($fields_array)) { if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; - $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\""; + $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\""; $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>"; } if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { - $hostname = getpfbhostname('dst', $fields['dstip'], $counter); + $hostname = getpfbhostname('dst', $fields[8], $counter); } else { $hostname = ""; } - $src_icons = ""; - $dst_icons = $alert_ip . " " . $supp_ip . " "; - $scc = ""; - $dcc = $country; + $src_icons = ""; + $dst_icons = $alert_ip . " " . $supp_ip . " "; + } + + // Determine Country Code of Host + if (is_ipaddrv4($host)) { + $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); + } else { + $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); } # IP Query Grep Exclusion @@ -615,21 +826,19 @@ if (!empty($fields_array)) { $pfb_ex2 = "grep -v 'pfB\_\|/32\|/24\|\_v6\.txt' | grep -m1 '/'"; // Find List which contains Blocked IP Host - if ($pfb_query == "Country") { - # Skip - } else { + if (is_ipaddrv4($host) && $pfb_query != "Country") { // Search for exact IP Match $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}"); + $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}"); // Search for IP in /24 CIDR if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.0/24\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); + $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); } // Search for First Two IP Octets in CIDR Matches Only. Skip any pfB (Country Lists) or /32,/24 Addresses. if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); } // Search for First Two IP Octets in CIDR Matches Only (Subtract 1 from second Octet on each loop). // Skip (Country Lists) or /32,/24 Addresses. @@ -638,7 +847,7 @@ if (!empty($fields_array)) { $host2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$2', $host); for ($cnt = 1; $cnt <= 5; $cnt++) { $host3 = $host2 - $cnt . '\''; - $pfb_query = exec("grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); // Break out of loop if found. if (!empty($pfb_query)) $cnt = 6; @@ -647,26 +856,30 @@ if (!empty($fields_array)) { // Search for First Three Octets if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.$3\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); } // Search for First Two Octets if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); } // Report Specific ET IQRisk Details if ($pfb['et_header'] && preg_match("/{$et_header}/", $pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); - $pfb_query = exec("grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' "); + $pfb_query = exec("/usr/bin/grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' "); if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1.$2.$3.0/24\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); + $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); } } - // Default to "No Match" if not found. - if (empty($pfb_query)) - $pfb_query = "No Match"; } + elseif (is_ipaddrv6($host) && $pfb_query != "Country") { + $pfb_query = exec("/usr/bin/grep -Hm1 {$host} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | grep -v 'pfB\_'"); + } + + // Default to "No Match" if not found. + if (empty($pfb_query)) + $pfb_query = "No Match"; # Split List Column into Two lines. unset ($pfb_match); @@ -681,9 +894,19 @@ if (!empty($fields_array)) { } } - $pfb_matchtitle = "Country Block Rules cannot be suppressed.\n\nTo allow a particular Country IP, either remove the particular Country or add the Host\nto a Permit Alias in the Firewall Tab.\n\nIf the IP is not listed beside the List, this means that the Block is a /32 entry.\nOnly /32 or /24 CIDR Hosts can be suppressed.\n\nIf (Duplication) Checking is not enabled. You may see /24 and /32 CIDR Blocks for a given blocked Host"; + // Add []'s to IPv6 Addresses and add a zero-width space as soft-break opportunity after each colon if we have an IPv6 address (from Snort) + if ($fields[4] == "6") { + $fields[97] = "[" . str_replace(":", ":​", $fields[7]) . "]"; + $fields[98] = "[" . str_replace(":", ":​", $fields[8]) . "]"; + } + else { + $fields[97] = $fields[7]; + $fields[98] = $fields[8]; + } // Truncate Long List Names + $pfb_matchtitle = "Country Block Rules cannot be suppressed.\n\nTo allow a particular Country IP, either remove the particular Country or add the Host\nto a Permit Alias in the Firewall Tab.\n\nIf the IP is not listed beside the List, this means that the Block is a /32 entry.\nOnly /32 or /24 CIDR Hosts can be suppressed.\n\nIf (Duplication) Checking is not enabled. You may see /24 and /32 CIDR Blocks for a given blocked Host"; + if (strlen($pfb_match[1]) >= 17) { $pfb_matchtitle = $pfb_match[1]; $pfb_match[1] = substr($pfb_match[1], 0, 16) . '...'; @@ -691,31 +914,28 @@ if (!empty($fields_array)) { // Print Alternating Line Shading if ($pfb['pfsenseversion'] > '2.0') { - $alertRowEvenClass = "listMReven"; - $alertRowOddClass = "listMRodd"; + $alertRowEvenClass = "listMReven"; + $alertRowOddClass = "listMRodd"; } else { - $alertRowEvenClass = "listr"; - $alertRowOddClass = "listr"; + $alertRowEvenClass = "listr"; + $alertRowOddClass = "listr"; } - // Collect Details for Repeated Alert Comparison - $previous_srcip = $fields['srcip'] . $fields['srcport']; - $previous_dstip = $fields['dstip'] . $fields['dstport']; - $countrycode = trim($scc . $dcc); - $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; echo "<tr class='{$alertRowClass}'> - <td class='listMRr' align='center'>{$fields['time']}</td> - <td class='listMRr' align='center'>{$fields['interface']}</td> + <td class='listMRr' align='center'>{$fields[99]}</td> + <td class='listMRr' align='center'>{$fields[2]}</td> <td class='listMRr' align='center' title='The pfBlockerNG Rule that Blocked this Host.'>{$rule}</td> - <td class='listMRr' align='center'>{$proto}</td> - <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields['srcip']};' sorttable_customkey='{$fields['srcip']}'>{$src_icons}{$fields['srcip']}{$srcport}<br /><small>{$hostname['src']}</small></td> - <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields['dstip']};' sorttable_customkey='{$fields['dstip']}'>{$dst_icons}{$fields['dstip']}{$dstport}<br /><small>{$hostname['dst']}</small></td> - <td class='listMRr' align='center'>{$countrycode}</td> + <td class='listMRr' align='center'>{$fields[6]}</td> + <td class='listMRr' align='center' style='sorttable_customkey:{$fields[7]};' sorttable_customkey='{$fields[7]}'>{$src_icons}{$fields[97]}{$srcport}<br /><small>{$hostname['src']}</small></td> + <td class='listMRr' align='center' style='sorttable_customkey:{$fields[8]};' sorttable_customkey='{$fields[8]}'>{$dst_icons}{$fields[98]}{$dstport}<br /><small>{$hostname['dst']}</small></td> + <td class='listMRr' align='center'>{$country}</td> <td class='listbg' align='center' title='{$pfb_matchtitle}' style=\"font-size: 10px word-wrap:break-word;\">{$pfb_match[1]}<br />{$pfb_match[2]}</td></tr>"; $counter++; if ($counter > 0 && $rtype == "block") { $mycounter = $counter; + } else { + $mycounter = 0; } } } @@ -725,6 +945,7 @@ if (!empty($fields_array)) { </table> </table> <?php endforeach; ?> <!--End - Create Three Output Windows 'Deny', 'Permit' and 'Match'--> +<?php unset ($fields_array); ?> </td></tr> </table> @@ -762,9 +983,22 @@ function findhostnames(counter) { ) } -var lines = <?php echo $mycounter; ?>; -for (alertcount = 0; alertcount < lines; alertcount++) { - setTimeout(findhostnames(alertcount), 30); +var alertlines = <?php echo $mycounter; ?>; +var autoresolve = "<?php echo $config['installedpackages']['pfblockerngglobal']['hostlookup']; ?>"; +if ( autoresolve == "on" ) { + for (alertcount = 0; alertcount < alertlines; alertcount++) { + setTimeout(findhostnames(alertcount), 30); + } +} + +function enable_showFilter() { + document.getElementById("filter_enable_row").style.display="none"; + document.getElementById("filter_options_row").style.display="table-row"; +} + +function enable_hideFilter() { + document.getElementById("filter_enable_row").style.display="table-row"; + document.getElementById("filter_options_row").style.display="none"; } //]]> diff --git a/config/snort/snort_alerts.widget.php b/config/snort/snort_alerts.widget.php index 552dab61..96c70562 100644 --- a/config/snort/snort_alerts.widget.php +++ b/config/snort/snort_alerts.widget.php @@ -46,7 +46,7 @@ $alertColClass = "listMRr"; /* check if Snort widget alert display lines value is set */ $snort_nentries = $config['widgets']['widget_snort_display_lines']; -if (!isset($snort_nentries) || $snort_nentries < 0) +if (!isset($snort_nentries) || $snort_nentries <= 0) $snort_nentries = 5; /* array sorting of the alerts */ @@ -95,7 +95,11 @@ if (isset($_GET['getNewAlerts'])) { // See if saving new display line count value if(isset($_POST['widget_snort_display_lines'])) { - $config['widgets']['widget_snort_display_lines'] = $_POST['widget_snort_display_lines']; + if($_POST['widget_snort_display_lines'] == "") { + unset($config['widgets']['widget_snort_display_lines']); + } else { + $config['widgets']['widget_snort_display_lines'] = max(intval($_POST['widget_snort_display_lines']), 1); + } write_config("Saved Snort Alerts Widget Displayed Lines Parameter via Dashboard"); header("Location: ../../index.php"); } diff --git a/config/vhosts/vhosts.inc b/config/vhosts/vhosts.inc index d0b14652..1958632e 100644 --- a/config/vhosts/vhosts.inc +++ b/config/vhosts/vhosts.inc @@ -659,7 +659,7 @@ function vhosts_sync_package_php() $tmp .= " \"PHP_FCGI_MAX_REQUESTS\" => \"500\",\n"; $tmp .= " \"PHP_FCGI_CHILDREN\" => \"1\"\n"; $tmp .= " ),\n"; - $tmp .= " \"bin-path\" => \"/usr/local/php5/php-cgi\"\n"; + $tmp .= " \"bin-path\" => \"/usr/local/bin/php\"\n"; $tmp .= " )\n"; $tmp .= " )\n"; $tmp .= ")\n"; @@ -681,11 +681,11 @@ function vhosts_sync_package_php() ); //add or update a service - $a_service = &$config['installedpackages']['service']; $ent['name'] = "vhosts-ssl-$x"; $ent['rcfile'] = "vhosts-".$ipaddress."-".$port."-ssl.sh"; $ent['executable'] = "vhosts-".$ipaddress."-".$port."-ssl"; $ent['description'] = "vHosts SSL, Host: $host, IP Address: ".$ipaddress.", port: ".$port." desc: ".$description; + $ent['custom_php_service_status_command'] = "\$vhost_output=''; exec('/bin/pgrep -anf '.".escapeshellarg($ent['executable']).", \$vhost_output, \$retval); \$rc=(intval(\$retval) == 0);"; $a_service = $config['installedpackages']['service']; $service_id = get_service_id ($a_service, 'name', "vhosts-ssl-$x"); if (is_int($service_id)) { diff --git a/config/zabbix-lts/zabbix-agent-lts.xml b/config/zabbix-lts/zabbix-agent-lts.xml new file mode 100644 index 00000000..b098eb62 --- /dev/null +++ b/config/zabbix-lts/zabbix-agent-lts.xml @@ -0,0 +1,179 @@ +<?xml version="1.0" encoding="utf-8"?> +<packagegui> +<copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + zabbix-agent-lts.xml + part of the Zabbix package for pfSense + Copyright (C) 2013 Danilo G. Baio + Copyright (C) 2013 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <name>zabbixagentlts</name> + <title>Services: Zabbix Agent LTS</title> + <category>Monitoring</category> + <version>0.8.3</version> + <include_file>/usr/local/pkg/zabbix-lts.inc</include_file> + <addedit_string>Zabbix Agent LTS has been created/modified.</addedit_string> + <delete_string>Zabbix Agent LTS has been deleted.</delete_string> + <restart_command>/usr/local/etc/rc.d/zabbix_agentd_lts.sh restart</restart_command> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/zabbix-lts/zabbix-lts.inc</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <menu> + <name>Zabbix Agent LTS</name> + <tooltiptext>Setup Zabbix Agent specific settings</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=zabbix-agent-lts.xml&id=0</url> + </menu> + <service> + <name>zabbix_agentd_lts</name> + <rcfile>zabbix_agentd_lts.sh</rcfile> + <executable>zabbix_agentd</executable> + <description>Zabbix Agent LTS host monitor daemon</description> + </service> + <tabs> + <tab> + <text>Agent</text> + <url>/pkg_edit.php?xml=zabbix-agent-lts.xml&id=0</url> + <active /> + </tab> + </tabs> + <fields> + <field> + <name>Zabbix Agent LTS Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>agentenabled</fieldname> + <description>Enable Zabbix Agent LTS service</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Server</fielddescr> + <fieldname>server</fieldname> + <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>Server Active</fielddescr> + <fieldname>serveractive</fieldname> + <description>List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>Hostname</fielddescr> + <fieldname>hostname</fieldname> + <description>Unique hostname. Required for active checks and must match hostname as configured on the Zabbix server (case sensitive).</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>Listen IP</fielddescr> + <fieldname>listenip</fieldname> + <default_value>0.0.0.0</default_value> + <type>input</type> + <size>60</size> + <description>Listen IP for connections from the server (default 0.0.0.0 for all interfaces)</description> + </field> + <field> + <fielddescr>Listen Port</fielddescr> + <fieldname>listenport</fieldname> + <default_value>10050</default_value> + <type>input</type> + <size>5</size> + <description>Listen port for connections from the server (default 10050)</description> + </field> + <field> + <fielddescr>Refresh Active Checks</fielddescr> + <fieldname>refreshactchecks</fieldname> + <default_value>120</default_value> + <type>input</type> + <size>5</size> + <description>The agent will refresh list of active checks once per 120 (default) seconds.</description> + </field> + <field> + <fielddescr>Timeout</fielddescr> + <fieldname>timeout</fieldname> + <default_value>3</default_value> + <type>input</type> + <size>5</size> + <description>Timeout (default 3). Do not spend more that Timeout seconds on getting requested value (1-30). The agent does not kill timeouted User Parameters processes!</description> + </field> + <field> + <fielddescr>Buffer Send</fielddescr> + <fieldname>buffersend</fieldname> + <default_value>5</default_value> + <type>input</type> + <size>5</size> + <description>Buffer Send (default 5). Do not keep data longer than N seconds in buffer (1-3600).</description> + </field> + <field> + <fielddescr>Buffer Size</fielddescr> + <fieldname>buffersize</fieldname> + <default_value>100</default_value> + <type>input</type> + <size>5</size> + <description>Buffer Size (default 100). Maximum number of values in a memory buffer (2-65535). The agent will send all collected data to Zabbix server or proxy if the buffer is full.</description> + </field> + <field> + <fielddescr>Start Agents</fielddescr> + <fieldname>startagents</fieldname> + <default_value>3</default_value> + <type>input</type> + <size>5</size> + <description>Start Agents (default 3). Number of pre-forked instances of zabbix_agentd that process passive checks (0-100).If set to 0, disables passive checks and the agent will not listen on any TCP port.</description> + </field> + <field> + <fielddescr>User Parameters</fielddescr> + <fieldname>userparams</fieldname> + <encoding>base64</encoding> + <type>textarea</type> + <rows>5</rows> + <cols>50</cols> + <description>User-defined parameter to monitor. There can be several user-defined parameters. Value has form, example: UserParameter=users,who|wc -l</description> + </field> + </fields> + <custom_php_install_command>sync_package_zabbix_lts();</custom_php_install_command> + <custom_php_command_before_form></custom_php_command_before_form> + <custom_php_after_head_command></custom_php_after_head_command> + <custom_php_after_form_command></custom_php_after_form_command> + <custom_php_validation_command>validate_input_zabbix_lts($_POST, $input_errors);</custom_php_validation_command> + <custom_add_php_command></custom_add_php_command> + <custom_php_resync_config_command>sync_package_zabbix_lts();</custom_php_resync_config_command> + <custom_php_deinstall_command>php_deinstall_zabbix_agent_lts();</custom_php_deinstall_command> +</packagegui> diff --git a/config/zabbix-lts/zabbix-lts.inc b/config/zabbix-lts/zabbix-lts.inc new file mode 100644 index 00000000..450b78a1 --- /dev/null +++ b/config/zabbix-lts/zabbix-lts.inc @@ -0,0 +1,360 @@ +<?php +/* $Id$ */ +/* ========================================================================== */ +/* + zabbix-lts.inc + part of the Zabbix package for pfSense + Copyright (C) 2013 Danilo G. Baio + Copyright (C) 2013 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ +require_once("util.inc"); +require_once("functions.inc"); +require_once("pkg-utils.inc"); +require_once("globals.inc"); + +function php_install_zabbix_lts(){ + sync_package_zabbix_lts(); +} + +function php_deinstall_zabbix_agent_lts(){ + global $config, $g; + + conf_mount_rw(); + + define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix22-agent-' . php_uname("m")); + + exec("/usr/bin/killall zabbix_agentd"); + unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/rc.d/zabbix_agentd_lts.sh"); + unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf"); + unlink_if_exists("/var/log/zabbix-lts/zabbix_agentd_lts.log"); + unlink_if_exists("/var/run/zabbix-lts/zabbix_agentd_lts.pid"); + + if (!is_array($config['installedpackages']['zabbixproxylts'])){ + if (is_dir("/var/log/zabbix-lts")) + exec("/bin/rm -r /var/log/zabbix-lts/"); + if (is_dir("/var/run/zabbix-lts")) + exec("/bin/rm -r /var/run/zabbix-lts/"); + } + + conf_mount_ro(); +} + +function php_deinstall_zabbix_proxy_lts(){ + global $config, $g; + + conf_mount_rw(); + + define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix22-proxy-' . php_uname("m")); + + exec("/usr/bin/killall zabbix_proxy"); + unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/rc.d/zabbix_proxy_lts.sh"); + unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy.conf"); + unlink_if_exists("/var/log/zabbix-lts/zabbix_proxy_lts.log"); + unlink_if_exists("/var/run/zabbix-lts/zabbix_proxy_lts.pid"); + + if (!is_array($config['installedpackages']['zabbixagentlts'])){ + if (is_dir("/var/log/zabbix-lts")) + exec("/bin/rm -r /var/log/zabbix-lts/"); + if (is_dir("/var/run/zabbix-lts")) + exec("/bin/rm -r /var/run/zabbix-lts/"); + } + + if (is_dir("/var/db/zabbix-lts")) + exec("/bin/rm -r /var/db/zabbix-lts/"); + + conf_mount_ro(); +} + +function validate_input_zabbix_lts($post, &$input_errors){ + + if (isset($post['proxyenabled'])){ + if (!is_numericint($post['serverport'])) { + $input_errors[]='Server Port is not numeric.'.$ServerPort; + } + + if (!is_numericint($post['configfrequency'])) { + $input_errors[]='Config Frequency is not numeric.'; + } + } + if (isset($post['agentenabled'])){ + if (!preg_match("/\w+/", $post['server'])) { + $input_errors[]='Server field is required.'; + } + + if (!preg_match("/\w+/", $post['hostname'])) { + $input_errors[]='Hostname field is required.'; + } + + if ($post['listenip'] != '') { + if (!is_ipaddr_configured($post['listenip']) && !preg_match("/(127.0.0.1|0.0.0.0)/",$post['listenip'])) { + $input_errors[]='Listen IP is not a configured IP address.'; + } + } + + if ($post['listenport'] != '') { + if (!preg_match("/^\d+$/", $post['listenport'])) { + $input_errors[]='Listen Port is not numeric.'; + } + } + + if ($post['refreshactchecks'] != '') { + if (!preg_match("/^\d+$/", $post['refreshactchecks'])) { + $input_errors[]='Refresh Active Checks is not numeric.'; + } elseif ( $post['refreshactchecks'] < 60 || $post['refreshactchecks'] > 3600 ) { + $input_errors[]='You must enter a valid value for \'Refresh Active Checks\''; + } + } + + if ($post['timeout'] != '') { + if (!is_numericint($post['timeout'])) { + $input_errors[]='Timeout is not numeric.'; + } elseif ( $post['timeout'] < 1 || $post['timeout'] > 30 ) { + $input_errors[]='You must enter a valid value for \'Timeout\''; + } + } + + if ($post['buffersend'] != '') { + if (!is_numericint($post['buffersend'])) { + $input_errors[]='Buffer Send is not numeric.'; + } elseif ( $post['buffersend'] < 1 || $post['buffersend'] > 3600 ) { + $input_errors[]='You must enter a valid value for \'Buffer Send\''; + } + } + + if ($post['buffersize'] != '') { + if (!is_numericint($post['buffersize'])) { + $input_errors[]='Bufer Size is not numeric.'; + } elseif ( $post['buffersize'] < 2 || $post['buffersize'] > 65535 ) { + $input_errors[]='You must enter a valid value for \'Buffer Size\''; + } + } + + if ($post['startagents'] != '') { + if (!is_numericint($post['startagents'])) { + $input_errors[]='Start Agents is not numeric.'; + } elseif ( $post['startagents'] < 0 || $post['startagents'] > 100 ) { + $input_errors[]='You must enter a valid value for \'Start Agents\''; + } + } + } +} + +function sync_package_zabbix_lts(){ + global $config, $g; + + conf_mount_rw(); + + define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix22-agent-' . php_uname("m")); + define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix22-proxy-' . php_uname("m")); + + #check zabbix proxy config + if (is_array($config['installedpackages']['zabbixproxylts'])){ + $zbproxy_config = $config['installedpackages']['zabbixproxylts']['config'][0]; + if ($zbproxy_config['proxyenabled']=="on"){ + $Mode=(is_numericint($zbproxy_config['proxymode'])?$zbproxy_config['proxymode'] : 0); + $AdvancedParams=base64_decode($zbproxy_config['advancedparams']); + + $zbproxy_conf_file = <<< EOF +Server={$zbproxy_config['server']} +ServerPort={$zbproxy_config['serverport']} +Hostname={$zbproxy_config['hostname']} +PidFile=/var/run/zabbix-lts/zabbix_proxy_lts.pid +DBName=/var/db/zabbix-lts/proxy.db +LogFile=/var/log/zabbix-lts/zabbix_proxy_lts.log +ConfigFrequency={$zbproxy_config['configfrequency']} +FpingLocation=/usr/local/sbin/fping +#there's currently no fping6 (IPv6) dependency in the package, but if there was, the binary would likely also be in /usr/local/sbin +Fping6Location=/usr/local/sbin/fping6 +ProxyMode={$Mode} +{$AdvancedParams} + +EOF; + file_put_contents(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => ""))); + } + } + /* check zabbix agent settings*/ + if (is_array($config['installedpackages']['zabbixagentlts'])){ + $zbagent_config = $config['installedpackages']['zabbixagentlts']['config'][0]; + if ($zbagent_config['agentenabled']=="on"){ + $RefreshActChecks=(preg_match("/(\d+)/",$zbagent_config['refreshactchecks'],$matches)? $matches[1] : "120"); + $BufferSend=(preg_match("/(\d+)/",$zbagent_config['buffersend'],$matches)? $matches[1] : "5" ); + $BufferSize=(preg_match("/(\d+)/",$zbagent_config['buffersize'],$matches)? $matches[1] : "100"); + $StartAgents=(preg_match("/(\d+)/",$zbagent_config['startagents'],$matches)? $matches[1] :"3" ); + $UserParams=base64_decode($zbagent_config['userparams']); + $ListenIp=($zbagent_config['listenip'] != ''? $zbagent_config['listenip'] : "0.0.0.0"); + $ListenPort=($zbagent_config['listenport'] != ''? $zbagent_config['listenport'] : "10050"); + $TimeOut=($zbagent_config['timeout'] != ''? $zbagent_config['timeout'] : "3"); + + $zbagent_conf_file = <<< EOF +Server={$zbagent_config['server']} +ServerActive={$zbagent_config['serveractive']} +Hostname={$zbagent_config['hostname']} +ListenIP={$ListenIp} +ListenPort={$ListenPort} +RefreshActiveChecks={$RefreshActChecks} +DebugLevel=3 +PidFile=/var/run/zabbix-lts/zabbix_agentd_lts.pid +LogFile=/var/log/zabbix-lts/zabbix_agentd_lts.log +LogFileSize=1 +Timeout={$TimeOut} +BufferSend={$BufferSend} +BufferSize={$BufferSize} +StartAgents={$StartAgents} +{$UserParams} + +EOF; + file_put_contents(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf", strtr($zbagent_conf_file, array("\r" => ""))); + } + } + $want_sysctls = array( + 'kern.ipc.shmall' => '2097152', + 'kern.ipc.shmmax' => '2147483648', + 'kern.ipc.semmsl' => '250' + ); + $sysctls = array(); + #check sysctl file values + $sc_file=""; + if (file_exists("/etc/sysctl.conf")) { + $sc = file("/etc/sysctl.conf"); + foreach ($sc as $line) { + list($sysk, $sysv) = explode("=", $line, 2); + if (preg_match("/\w/",$line) && !array_key_exists($sysk, $want_sysctls)) + $sc_file.=$line; + } + } + foreach ($want_sysctls as $ws=> $wv) { + $sc_file .= "{$ws}={$wv}\n"; + exec("/sbin/sysctl {$ws}={$wv}"); + } + file_put_contents("/etc/sysctl.conf", $sc_file); + + #check bootloader values + $lt_file=""; + $want_tunables = array( + 'kern.ipc.semopm' => '100', + 'kern.ipc.semmni' => '128', + 'kern.ipc.semmns' => '32000', + 'kern.ipc.shmmni' => '4096' + ); + $tunables = array(); + if (file_exists("/boot/loader.conf")) { + $lt = file("/boot/loader.conf"); + foreach ($lt as $line) { + list($tunable, $val) = explode("=", $line, 2); + if (preg_match("/\w/",$line) && !array_key_exists($tunable, $want_tunables)) + $lt_file.=$line; + } + } + foreach ($want_tunables as $wt => $wv) { + $lt_file.= "{$wt}={$wv}\n"; + } + file_put_contents("/boot/loader.conf", $lt_file); + + /*check startup script files*/ + /* create a few directories and ensure the sample files are in place */ + if (!is_dir(ZABBIX_PROXY_BASE . "/etc/zabbix22")) + exec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/zabbix22"); + + $dir_checks = <<< EOF +if [ ! -d /var/log/zabbix-lts ] + then + /bin/mkdir -p /var/log/zabbix-lts + /usr/sbin/chmod 755 /var/log/zabbix-lts + fi +/usr/sbin/chown -R zabbix:zabbix /var/log/zabbix-lts + +if [ ! -d /var/run/zabbix-lts ] + then + /bin/mkdir -p /var/run/zabbix-lts + /usr/sbin/chmod 755 /var/run/zabbix-lts + fi +/usr/sbin/chown -R zabbix:zabbix /var/run/zabbix-lts + +if [ ! -d /var/db/zabbix-lts ] + then + /bin/mkdir -p /var/db/zabbix-lts + /usr/sbin/chmod 755 /var/db/zabbix-lts + fi +/usr/sbin/chown -R zabbix:zabbix /var/db/zabbix-lts + +EOF; + + $zproxy_rcfile="/usr/local/etc/rc.d/zabbix_proxy_lts.sh"; + if (is_array($zbproxy_config) && $zbproxy_config['proxyenabled']=="on"){ + $zproxy_start= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Proxy LTS\"...\n"; + /* start zabbix proxy */ + $zproxy_start .= ZABBIX_PROXY_BASE . "/sbin/zabbix_proxy\n"; + + $zproxy_stop = "echo \"Stopping Zabbix Proxy LTS\"\n"; + $zproxy_stop .= "/usr/bin/killall zabbix_proxy\n"; + $zproxy_stop .= "/bin/sleep 5\n"; + + /* write out rc.d start/stop file */ + write_rcfile(array( + "file" => "zabbix_proxy_lts.sh", + "start" => $zproxy_start, + "stop" => $zproxy_stop + ) + ); + mwexec("{$zproxy_rcfile} restart"); + }else{ + if (file_exists($zproxy_rcfile)){ + mwexec("{$zproxy_rcfile} stop"); + unlink($zproxy_rcfile); + } + } + + $zagent_rcfile="/usr/local/etc/rc.d/zabbix_agentd_lts.sh"; + if (is_array($zbagent_config) && $zbagent_config['agentenabled']=="on"){ + $zagent_start .= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Agent LTS...\"\n"; + $zagent_start .= ZABBIX_AGENT_BASE . "/sbin/zabbix_agentd\n"; + + $zagent_stop = "echo \"Stopping Zabbix Agent LTS...\"\n"; + $zagent_stop .= "/usr/bin/killall zabbix_agentd\n"; + $zagent_stop .= "/bin/sleep 5\n"; + + /* write out rc.d start/stop file */ + write_rcfile(array( + "file" => "zabbix_agentd_lts.sh", + "start" => "$zagent_start", + "stop" => "$zagent_stop" + ) + ); + mwexec("{$zagent_rcfile} restart"); + }else{ + if (file_exists($zagent_rcfile)){ + mwexec("{$zagent_rcfile} stop"); + unlink($zagent_rcfile); + } + } + + conf_mount_ro(); +} + +?> diff --git a/config/zabbix-lts/zabbix-proxy-lts.xml b/config/zabbix-lts/zabbix-proxy-lts.xml new file mode 100644 index 00000000..de9f1e1c --- /dev/null +++ b/config/zabbix-lts/zabbix-proxy-lts.xml @@ -0,0 +1,150 @@ +<?xml version="1.0" encoding="utf-8"?> +<packagegui> +<copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + zabbix-proxy-lts.xml + part of the Zabbix package for pfSense + Copyright (C) 2013 Danilo G. Baio + Copyright (C) 2013 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <name>zabbixproxylts</name> + <title>Services: Zabbix Proxy LTS</title> + <category>Monitoring</category> + <version>0.8.3</version> + <include_file>/usr/local/pkg/zabbix-lts.inc</include_file> + <addedit_string>Zabbix Proxy has been created/modified.</addedit_string> + <delete_string>Zabbix Proxy has been deleted.</delete_string> + <restart_command>/usr/local/etc/rc.d/zabbix_proxy_lts.sh restart</restart_command> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/zabbix-lts/zabbix-lts.inc</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <menu> + <name>Zabbix Proxy LTS</name> + <tooltiptext>Setup Zabbix Proxy LTS specific settings</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=zabbix-proxy-lts.xml&id=0</url> + </menu> + <service> + <name>zabbix_proxy_lts</name> + <rcfile>zabbix_proxy_lts.sh</rcfile> + <executable>zabbix_proxy</executable> + <description>Zabbix Proxy LTS collection daemon</description> + </service> + <tabs> + <tab> + <text>Proxy</text> + <url>/pkg_edit.php?xml=zabbix-proxy-lts.xml&id=0</url> + <active /> + </tab> + </tabs> + <fields> + <field> + <name>Zabbix Proxy LTS Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>proxyenabled</fieldname> + <description>Enable Zabbix Proxy LTS service</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Server</fielddescr> + <fieldname>server</fieldname> + <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description> + <default_value>127.0.0.1</default_value> + <type>input</type> + <size>60</size> + <required>true</required> + </field> + <field> + <fielddescr>Server Port</fielddescr> + <fieldname>serverport</fieldname> + <description>Port of Zabbix trapper on Zabbix server. default value 10051</description> + <default_value>10051</default_value> + <type>input</type> + <size>6</size> + <required>true</required> + </field> + <field> + <fielddescr>Hostname</fielddescr> + <fieldname>hostname</fieldname> + <description>Unique, case-sensitive proxy name. Make sure the proxy name is known to the server</description> + <default_value>localhost</default_value> + <type>input</type> + <size>50</size> + <required>true</required> + </field> + <field> + <fielddescr>Proxy Mode</fielddescr> + <fieldname>proxymode</fieldname> + <description>Select Zabbix proxy mode (Active is default)</description> + <type>select</type> + <default_value>0</default_value> + <options> + <option><name>Active</name><value>0</value></option> + <option><name>Passive</name><value>1</value></option> + </options> + <required>true</required> + </field> + <field> + <fielddescr>Config Frequency</fielddescr> + <fieldname>configfrequency</fieldname> + <description>How often the proxy retrieves configuration data from the Zabbix server in seconds. Ignored if the proxy runs in passive mode.</description> + <default_value>3600</default_value> + <type>input</type> + <size>10</size> + <required>true</required> + </field> + <field> + <fielddescr>Advanced Parameters</fielddescr> + <fieldname>advancedparams</fieldname> + <encoding>base64</encoding> + <type>textarea</type> + <rows>5</rows> + <cols>50</cols> + <description>Advanced parameters. There are some rarely used parameters that sometimes need to be defined. Value has form, example: StartDiscoverers=10</description> + </field> + </fields> + <custom_php_install_command>sync_package_zabbix_lts();</custom_php_install_command> + <custom_php_command_before_form></custom_php_command_before_form> + <custom_php_after_head_command></custom_php_after_head_command> + <custom_php_after_form_command></custom_php_after_form_command> + <custom_php_validation_command>validate_input_zabbix_lts($_POST, $input_errors);</custom_php_validation_command> + <custom_add_php_command></custom_add_php_command> + <custom_php_resync_config_command>sync_package_zabbix_lts();</custom_php_resync_config_command> + <custom_php_deinstall_command>php_deinstall_zabbix_proxy_lts();</custom_php_deinstall_command> +</packagegui> diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 29fa878b..90ece8ee 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -117,7 +117,7 @@ <category>Firewall</category> <pkginfolink>https://forum.pfsense.org/index.php?topic=86212.0</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.xml</config_file> - <version>1.04</version> + <version>1.05</version> <status>Beta</status> <required_version>2.2</required_version> <maintainer>BBCan177@gmail.com</maintainer> @@ -490,7 +490,7 @@ <descr>High performance web proxy report (LightSquid). Proxy realtime stat (SQStat). Requires squid HTTP proxy.</descr> <website>http://lightsquid.sf.net/</website> <category>Network Report</category> - <version>1.8.2 pkg v.2.34</version> + <version>1.8.2 pkg v.2.35</version> <maintainer>dv_serg@mail.ru</maintainer> <depends_on_package_pbi>lightsquid-1.8_2-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> @@ -1303,11 +1303,54 @@ <configurationfile>syslog-ng.xml</configurationfile> </package> <package> + <name>Zabbix Agent LTS</name> + <descr>LTS (Long Term Support) release of Zabbix Monitoring agent. Zabbix LTS releases are supported for + Zabbix customers during five (5) years i.e. 3 years of Full Support (general, critical and security issues) + and 2 additional years of Limited Support (critical and security issues only). Zabbix LTS version release + will result in change of the first version number. More info in http://www.zabbix.com/life_cycle_and_release_policy.php </descr> + <category>Services</category> + <config_file>https://packages.pfsense.org/packages/config/zabbix-lts/zabbix-agent-lts.xml</config_file> + <version>zabbix-agent-lts-2.2.7 pkg v0.8.3</version> + <status>BETA</status> + <required_version>2.2</required_version> + <configurationfile>zabbix-agent-lts.xml</configurationfile> + <maintainer>dbaio@bsd.com.br</maintainer> + <build_pbi> + <custom_name>zabbix22-agent</custom_name> + <port>net-mgmt/zabbix22-agent</port> + </build_pbi> + <depends_on_package_pbi>zabbix22-agent-2.2.7-##ARCH##.pbi</depends_on_package_pbi> + </package> + <package> + <name>Zabbix Proxy LTS</name> + <descr>LTS (Long Term Support) release of Zabbix agent proxy. Zabbix LTS releases are supported for + Zabbix customers during five (5) years i.e. 3 years of Full Support (general, critical and security issues) + and 2 additional years of Limited Support (critical and security issues only). Zabbix LTS version release + will result in change of the first version number. More info in http://www.zabbix.com/life_cycle_and_release_policy.php </descr> + <category>Services</category> + <config_file>https://packages.pfsense.org/packages/config/zabbix-lts/zabbix-proxy-lts.xml</config_file> + <version>zabbix-proxy-lts-2.2.7 pkg v0.8.3</version> + <status>BETA</status> + <required_version>2.2</required_version> + <configurationfile>zabbix-proxy-lts.xml</configurationfile> + <maintainer>dbaio@bsd.com.br</maintainer> + <build_pbi> + <custom_name>zabbix22-proxy</custom_name> + <port>net-mgmt/zabbix22-proxy</port> + </build_pbi> + <build_options>OPTIONS_SET+= SQLITE IPV6;OPTIONS_UNSET+= MYSQL JABBER GSSAPI</build_options> + <depends_on_package_pbi>zabbix22-proxy-2.2.7-##ARCH##.pbi</depends_on_package_pbi> + </package> + <package> <name>Zabbix-2 Agent</name> - <descr>Monitoring agent.</descr> + <descr>Standard release of Zabbix Monitoring agent. Standard Zabbix releases are supported for + Zabbix customers during six (6) months of Full Support (general, critical and security issues) until + the next Zabbix stable release, plus one (1) additional month of Limited Support (critical and security + issues only). Zabbix Standard version release will result in change of the second version number. + More info in http://www.zabbix.com/life_cycle_and_release_policy.php </descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-agent.xml</config_file> - <version>zabbix2-agent-2.4.3 pkg v0.8.3</version> + <version>zabbix24-agent-2.4.3 pkg v0.8.3</version> <status>BETA</status> <required_version>2.2</required_version> <configurationfile>zabbix2-agent.xml</configurationfile> @@ -1320,10 +1363,14 @@ </package> <package> <name>Zabbix-2 Proxy</name> - <descr>Monitoring agent proxy.</descr> + <descr>Standard release of Zabbix agent proxy. Standard Zabbix releases are supported for + Zabbix customers during six (6) months of Full Support (general, critical and security issues) until + the next Zabbix stable release, plus one (1) additional month of Limited Support (critical and security + issues only). Zabbix Standard version release will result in change of the second version number. + More info in http://www.zabbix.com/life_cycle_and_release_policy.php </descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-proxy.xml</config_file> - <version>zabbix2-proxy-2.4.3 pkg v0.8.3</version> + <version>zabbix24-proxy-2.4.3 pkg v0.8.3</version> <status>BETA</status> <required_version>2.2</required_version> <configurationfile>zabbix2-proxy.xml</configurationfile> @@ -1384,7 +1431,7 @@ <descr>Set of programs for controlling APC UPS.</descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file> - <version>apcupsd-3.14.12_1 pkg v0.3.2</version> + <version>apcupsd-3.14.12_1 pkg v0.3.3</version> <status>BETA</status> <required_version>2.2</required_version> <configurationfile>apcupsd.xml</configurationfile> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 78df6eae..c0fab064 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -641,7 +641,7 @@ <descr>High performance web proxy report (LightSquid). Proxy realtime stat (SQStat). Requires squid HTTP proxy.</descr> <website>http://lightsquid.sf.net/</website> <category>Network Report</category> - <version>1.8.2 pkg v.2.33</version> + <version>1.8.2 pkg v.2.35</version> <maintainer>dv_serg@mail.ru</maintainer> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>lightsquid-1.8_2.tbz</depends_on_package> @@ -1859,7 +1859,7 @@ <descr>Set of programs for controlling APC UPS.</descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file> - <version>apcupsd-3.14.10_1 pkg v0.3.2</version> + <version>apcupsd-3.14.10_1 pkg v0.3.3</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>apcupsd.xml</configurationfile> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index ee0c60ee..8a9235c7 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -628,7 +628,7 @@ <descr>High performance web proxy report (LightSquid). Proxy realtime stat (SQStat). Requires squid HTTP proxy.</descr> <website>http://lightsquid.sf.net/</website> <category>Network Report</category> - <version>1.8.2 pkg v.2.33</version> + <version>1.8.2 pkg v.2.35</version> <maintainer>dv_serg@mail.ru</maintainer> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>lightsquid-1.8_2.tbz</depends_on_package> @@ -1846,7 +1846,7 @@ <descr>Set of programs for controlling APC UPS.</descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file> - <version>apcupsd-3.14.10_1 pkg v0.3.2</version> + <version>apcupsd-3.14.10_1 pkg v0.3.3</version> <status>BETA</status> <required_version>2.0</required_version> <configurationfile>apcupsd.xml</configurationfile> |