diff options
Diffstat (limited to 'config/dansguardian')
19 files changed, 933 insertions, 167 deletions
diff --git a/config/dansguardian/dansguardian.conf.template b/config/dansguardian/dansguardian.conf.template index 993ea72e..ab30527a 100755 --- a/config/dansguardian/dansguardian.conf.template +++ b/config/dansguardian/dansguardian.conf.template @@ -157,7 +157,8 @@ proxyport = {$proxyport} # # Individual filter groups can override this setting in their own configuration. # -accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' +#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' +{$accessdeniedaddress} # Non standard delimiter (only used with accessdeniedaddress) # To help preserve the full banned URL, including parameters, the variables @@ -680,7 +681,7 @@ softrestart = {$softrestart} #SSL certificate checking path #Path to CA certificates used to validate the certificates of https sites. -#sslcertificatepath = '/etc/ssl/certs/' +sslcertificatepath = '/usr/local/share/certs/' #SSL man in the middle #CA certificate path @@ -703,11 +704,12 @@ softrestart = {$softrestart} #The location where generated certificates will be saved for future use. #(must be writable by the dg user) #generatedcertpath = '/home/stephen/dginstall/generatedcerts/' - +{$generatedcertpath} #Generated link path = '' #The location where symlinks to certificates will be created. #(must be writable by the dg user) #generatedlinkpath = '/home/stephen/dginstall/generatedlinks/' - +{$generatedlinkpath} + EOF; ?> diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index 3708e98c..c897f944 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -29,9 +29,18 @@ */ require_once("util.inc"); -require("globals.inc"); +require_once("globals.inc"); #require("guiconfig.inc"); +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version > 2.0) + define('DANSGUARDIAN_DIR', '/usr/pbi/dansguardian-' . php_uname("m")); +else + define('DANSGUARDIAN_DIR', '/usr/local'); + + $uname=posix_uname(); +if ($uname['machine']=='amd64') + ini_set('memory_limit', '250M'); function dg_text_area_decode($text){ return preg_replace('/\r\n/', "\n",base64_decode($text)); @@ -46,20 +55,55 @@ function dg_get_real_interface_address($iface) { return array($ip, long2ip(hexdec($netmask))); } -function sync_package_dansguardian() { +function check_ca_hashes(){ global $config,$g; - - #check if its booting - if ($g['booting']){ - if (is_array($config['installedpackages']['dansguardian'])) - if (!$config['installedpackages']['dansguardian']['config'][0]['enable']) - return; - if (file_exists("/var/run/dansguardian.pid")){ - exec("/bin/ps -p `cat /var/run/dansguardian.pid` 2>&1",$return); - if (preg_match("/dansguardian/",$return[1])) - return; + + #check certificates + $cert_count=0; + if (is_dir('/usr/local/share/certs')) + if ($handle = opendir('/usr/local/share/certs')) { + while (false !== ($file = readdir($handle))) + if (preg_match ("/\d+.0/",$file)) + $cert_count++; + } + closedir($handle); + if ($cert_count < 10){ + conf_mount_rw(); + #create ca-root hashes from ca-root-nss package + log_error("Creating root certificate bundle hashes from the Mozilla Project"); + $cas=file('/usr/local/share/certs/ca-root-nss.crt'); + $cert=0; + foreach ($cas as $ca){ + if (preg_match("/--BEGIN CERTIFICATE--/",$ca)) + $cert=1; + if ($cert == 1) + $crt.=$ca; + if (preg_match("/-END CERTIFICATE-/",$ca)){ + file_put_contents("/tmp/cert.pem",$crt, LOCK_EX); + $cert_hash=array(); + exec("/usr/bin/openssl x509 -hash -noout -in /tmp/cert.pem",$cert_hash); + file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",$crt,LOCK_EX); + $crt=""; + $cert=0; + } + } } +} + +function sync_package_dansguardian($via_rpc=false) { + global $config,$g; + + # detect boot process + if (is_array($_POST)){ + if (preg_match("/\w+/",$_POST['__csrf_magic'])) + unset($boot_process); + else + $boot_process="on"; } + + if (is_process_running('dansguardian') && isset($boot_process) && $via_rpc==false) + return; + #assign xml arrays if (!is_array($config['installedpackages']['dansguardian'])) $config['installedpackages']['dansguardian']['config'][0]=array('interface'=>'lo0', @@ -94,14 +138,22 @@ function sync_package_dansguardian() { $filterport=($dansguardian['filterports']?$dansguardian['filterports']:"8080"); $softrestart=(preg_match('/softrestart/',$dansguardian['daemon_options'])?"yes":"no"); $nodaemon=(preg_match('/nodaemon/',$dansguardian['daemon_options'])?"yes":"off"); - if (preg_match("/\d+\/\d+/",$dansguardian['children'])) - list($minchildren,$maxchildren) = split ("/", $dansguardian['children'], 2); - else - list($minchildren,$maxchildren) = split ("/", "8/120", 2); - if (preg_match("/\d+\/\d+/",$dansguardian['sparechildren'])) - list($minsparechildren,$maxsparechildren) = split ("/", $dansguardian['sparechildren'], 2); - else - list($minsparechildren,$maxsparechildren) = split ("/", "8/64", 2); + if (preg_match("/(\d+)\/(\d+)/",$dansguardian['children'],$matches)){ + $minchildren=$matches[1]; + $maxchildren=$matches[2]; + } + else{ + $minchildren=8; + $maxchildren=120; + } + if (preg_match("/(\d+)\/(\d+)/",$dansguardian['sparechildren'],$matches)){ + $minsparechildren=$matches[1]; + $maxsparechildren=$matches[2]; + } + else{ + $minsparechildren=8; + $maxsparechildren=64; + } $maxagechildren=($dansguardian['maxagechildren']?$dansguardian['maxagechildren']:"500"); $maxips=($dansguardian['maxips']?$dansguardian['maxips']:"0"); $preforkchildren=($dansguardian['preforkchildren']?$dansguardian['preforkchildren']:"10"); @@ -132,7 +184,13 @@ function sync_package_dansguardian() { $recheckreplacedurls=(preg_match('/icapscan/',$dansguardian_config['misc_options'])?"on":"off"); $usexforwardedfor=(preg_match('/usexforwardedfor/',$dansguardian_config['misc_options'])?"on":"off"); $authplugin=(preg_match('/usr/',$dansguardian_config['auth_plugin'])?"authplugin = '".$dansguardian_config['auth_plugin']."'":""); - + /*if ($dansguardian_config['auth_plugin']!=""){ + $auth_plugins=explode(",",$dansguardian_config['auth_plugin']); + $authplugin=""; + foreach ($auth_plugins as $auth_selected) + $authplugin.="authplugin = '".$auth_selected."'\n"; + } + */ #limits $maxuploadsize=($dansguardian_limits['maxuploadsize']?$dansguardian_limits['maxuploadsize']:"-1"); $maxcontentfiltersize=($dansguardian_limits['maxcontentfiltersize']?$dansguardian_limits['maxcontentfiltersize']:"256"); @@ -143,6 +201,16 @@ function sync_package_dansguardian() { #report and log $reportlevel=($dansguardian_log['report_level']?$dansguardian_log['report_level']:"3"); + if ($reportlevel == 1 || $reportlevel== 2){ + if (preg_match("@(\w+://[a-zA-Z0-9.:/\-]+)@",$dansguardian_log['reportingcgi'],$cgimatches)){ + $accessdeniedaddress="accessdeniedaddress = '".$cgimatches[1]."'"; + } + else{ + log_error("dansguardian - " . $dansguardian_log['reportingcgi'] . " is not a valid access denied cgi url"); + file_notice("dansguardian - " . $dansguardian_log['reportingcgi'] . " is not a valid access denied cgi url",""); + } + } + $accessdenied=($dansguardian_log['reportingcgi']?$dansguardian_log['report_level']:"3"); $reportlanguage=($dansguardian_log['report_language']?$dansguardian_log['report_language']:"ukenglish"); $showweightedfound=(preg_match('/showweightedfound/',$dansguardian_log['report_options'])?"on":"off"); $usecustombannedflash=(preg_match('/usecustombannedflash/',$dansguardian_log['report_options'])?"on":"off"); @@ -198,10 +266,10 @@ function sync_package_dansguardian() { "/lists/contentscanners/exceptionvirusmimetypelist", "/lists/contentscanners/exceptionvirussitelist", "/lists/contentscanners/exceptionvirusurllist", + "/lists/exceptioniplist", "/lists/pics"); - - $dansguardian_dir="/usr/local/etc/dansguardian"; + $dansguardian_dir= DANSGUARDIAN_DIR . "/etc/dansguardian"; foreach ($files as $file) if (! file_exists($dansguardian_dir.$file.'.sample')){ $new_file=""; @@ -214,6 +282,36 @@ function sync_package_dansguardian() { $load_samples=0; + #ssl men-in-the-middle feature + $dirs=array("/var/log/dansguardian/stats","/etc/ssl/demoCA","/etc/ssl/demoCA/private","/etc/ssl/demoCA/crl","/etc/ssl/demoCA/certs",$dansguardian_dir."/ssl/generatedcerts",$dansguardian_dir."/ssl/generatedlinks"); + foreach ($dirs as $dir) + if (!is_dir($dir)) + mkdir ($dir,0755,true); + $ca_cert = lookup_ca($dansguardian_config["dca"]); + if ($ca_cert != false) { + if(base64_decode($ca_cert['prv'])) { + file_put_contents("/etc/ssl/demoCA/private/cakey.pem",base64_decode($ca_cert['prv'])); + $ca_pk = "caprivatekeypath = '/etc/ssl/demoCA/private/cakey.pem'"; + } + if(base64_decode($ca_cert['crt'])) { + $cert_hash=array(); + file_put_contents("/etc/ssl/demoCA/cacert.pem",base64_decode($ca_cert['crt'])); + exec("/usr/bin/openssl x509 -hash -noout -in /etc/ssl/demoCA/cacert.pem",$cert_hash); + file_put_contents("/usr/local/share/certs/".$cert_hash[0].".0",base64_decode($ca_cert['crt'])); + $ca_pem = "cacertificatepath = '/etc/ssl/demoCA/cacert.pem'"; + $generatedcertpath= "generatedcertpath = '/etc/ssl/demoCA/certs/'"; + #generatedcertpath = ".$dansguardian_dir . "/ssl/generatedcerts"; + $generatedlinkpath= "generatedlinkpath = '".$dansguardian_dir . "/ssl/generatedlinks'"; + } + $svr_cert = lookup_cert($dansguardian_config["dcert"]); + if ($svr_cert != false) { + if(base64_decode($svr_cert['prv'])) { + file_put_contents("/etc/ssl/demoCA/private/serverkey.pem",base64_decode($svr_cert['prv'])); + $cert_key = "certprivatekeypath = '/etc/ssl/demoCA/private/serverkey.pem' "; + } + } + } + #contentscanners preg_replace patterns $match[0]="/(conf)/"; $match[1]="/(\/usr.local)/"; @@ -235,12 +333,12 @@ function sync_package_dansguardian() { #phrase ACL #create a default setup if not exists if (!is_array($config['installedpackages']['dansguardianphraseacl']['config'])){ - $banned_file=file("/usr/local/etc/dansguardian/lists/bannedphraselist"); + $banned_file=file(DANSGUARDIAN_DIR . "/etc/dansguardian/lists/bannedphraselist"); foreach($banned_file as $file_line) if (preg_match ("/^.Include<(\S+)>/",$file_line,$matches)) $banned_includes .= $matches[1].","; - $weighted_file=file("/usr/local/etc/dansguardian/lists/weightedphraselist"); + $weighted_file=file(DANSGUARDIAN_DIR . "/etc/dansguardian/lists/weightedphraselist"); foreach($weighted_file as $file_line) if (preg_match ("/^.Include<(\S+)>/",$file_line,$matches)) $weighted_includes .= $matches[1].","; @@ -331,7 +429,7 @@ function sync_package_dansguardian() { file_put_contents($dansguardian_dir."/lists/logsitelist.".$dansguardian_site['name'],($dansguardian_site['urlsite_enabled']?dg_text_area_decode($config['installedpackages']['dansguardiansiteacl']['config'][$count]['log_sitelist']):""),LOCK_EX); $count++; } - + #URL ACL #create a default setup if not exists if (!is_array($config['installedpackages']['dansguardianurlacl']['config'])) @@ -579,7 +677,7 @@ function sync_package_dansguardian() { if($dansguardian_antivirus['extension_list'] == "" && file_exists ($dansguardian_dir.'/lists/contentscanners/exceptionvirusextensionlist.sample')){ $config['installedpackages']['dansguardianantivirusacl']['config'][0]['extension_list']=base64_encode(file_get_contents($dansguardian_dir.'/lists/contentscanners/exceptionvirusextensionlist.sample')); $load_samples++; - } + } file_put_contents($dansguardian_dir."/lists/contentscanners/exceptionvirusextensionlist",($dansguardian_antivirus['extension_enabled']?dg_text_area_decode($config['installedpackages']['dansguardianantivirusacl']['config'][0]['extension_list']):""),LOCK_EX); #log report @@ -589,7 +687,17 @@ function sync_package_dansguardian() { $config['installedpackages']['dansguardianlog']['config'][0]['report_file']=base64_encode($report_file); $dansguardian_log['report_file']=base64_encode($report_file); $load_samples++; - } + } + + #exception ip list + #create a default setup if not exists + if (!is_array($config['installedpackages']['dansguardianips']['config'])) + $config['installedpackages']['dansguardianips']['config'][0]=array("exceptioniplist" => ""); + if($config['installedpackages']['dansguardianips']['config'][0]['exceptioniplist'] == "" && file_exists ($dansguardian_dir.'/lists/exceptioniplist.sample')){ + $config['installedpackages']['dansguardianips']['config'][0]['exceptioniplist']=base64_encode(file_get_contents($dansguardian_dir.'/lists/exceptioniplist.sample')); + $load_samples++; + } + file_put_contents($dansguardian_dir."/lists/exceptioniplist",dg_text_area_decode($config['installedpackages']['dansguardianips']['config'][0]['exceptioniplist']),LOCK_EX); if($load_samples > 0) write_config(); @@ -608,7 +716,8 @@ function sync_package_dansguardian() { 'urlacl'=> "Default", 'group_options' => "scancleancache,infectionbypasserrorsonly", 'reportinglevel'=>'3', - 'mode'=> "1"); + 'mode'=> "1", + 'report_level'=>"global"); $groups=array("scancleancache","hexdecodecontent","blockdownloads","enablepics","deepurlanalysis","infectionbypasserrorsonly","disablecontentscan","sslcertcheck","sslmitm"); #loop on array @@ -626,8 +735,88 @@ function sync_package_dansguardian() { $dansguardian_groups['embeddedurlweight']=($dansguardian_groups['embeddedurlweight']?$dansguardian_groups['embeddedurlweight']:"0"); $dansguardian_groups['bypass']=($dansguardian_groups['bypass']?$dansguardian_groups['bypass']:"0"); $dansguardian_groups['infectionbypass']=($dansguardian_groups['infectionbypass']?$dansguardian_groups['infectionbypass']:"0"); + $dansguardian_groups['mitmkey']=($dansguardian_groups['mitmkey']?$dansguardian_groups['mitmkey']:"dgs3dD3da"); + switch ($dansguardian_groups['reportinglevel']){ + case "1": + case "2": + $groupreportinglevel="reportinglevel = ".$dansguardian_groups['reportinglevel']; + if (preg_match("@(\w+://[a-zA-Z0-9.:/\-]+)@",$dansguardian_groups['reportingcgi'],$cgimatches)){ + $groupaccessdeniedaddress="accessdeniedaddress = '".$cgimatches[1]."'"; + } + else{ + log_error('Dansguardian - Group '.$dansguardian_groups['name']. ' does not has a valid access denied cgi url.'); + file_notice('Dansguardian - Group '.$dansguardian_groups['name']. ' does not has a valid access denied cgi url.',""); + } + break; + case "-1": + case "0": + case "3": + $groupreportinglevel="reportinglevel = ".$dansguardian_groups['reportinglevel']; + $groupaccessdeniedaddress=""; + break; + default: + $groupreportinglevel=""; + $groupaccessdeniedaddress=""; + } + foreach ($groups as $group) $dansguardian_groups[$group]=(preg_match("/$group/",$dansguardian_groups['group_options'])?"on":"off"); + #create group list files + $lists=array("phraseacl" => array("bannedphrase","weightedphrase","exceptionphrase"), + "siteacl" => array("bannedsite","greysite","exceptionsite","exceptionfilesite","logsite"), + "urlacl" => array("bannedurl","greyurl","exceptionurl","exceptionregexpurl","bannedregexpurl","urlregexp","exceptionfileurl","logurl","logregexpurl"), + "contentacl" => array("contentregexp"), + "extensionacl"=> array("exceptionextension","exceptionmimetype","bannedextension","bannedmimetype"), + "headeracl" => array("headerregexp","bannedregexpheader"), + "searchacl" => array("searchengineregexp","bannedsearchterm","weightedsearchterm","exceptionsearchterm") + ); + foreach ($lists as $list_key => $list_array){ + foreach ($list_array as $list_value){ + #read all access lists applied tho this group option + foreach (explode(",",$dansguardian_groups[$list_key]) as $dacl){ + if (! is_array(${$list_value})) + ${$list_value}=array(); + $file_temp=file_get_contents(DANSGUARDIAN_DIR . "/etc/dansguardian/lists/{$list_value}list.{$dacl}")."\n"; + ${$list_value}=array_merge(explode("\n",$file_temp),${$list_value}); + } + #add a package warning + array_unshift(${$list_value},"#Do not edit this file.","#It's created by dansguardian package and overwrited every config save."); + #save group file and unset array + file_put_contents(DANSGUARDIAN_DIR . "/etc/dansguardian/lists/{$list_value}list.g_{$dansguardian_groups['name']}",implode("\n",array_unique(${$list_value}))."\n",LOCK_EX); + unset(${$list_value}); + } + } + /* + bannedphraselist = '/usr/local/etc/dansguardian/lists/bannedphraselist.{$dansguardian_groups['phraseacl']}' + weightedphraselist = '/usr/local/etc/dansguardian/lists/weightedphraselist.{$dansguardian_groups['phraseacl']}' + exceptionphraselist = '/usr/local/etc/dansguardian/lists/exceptionphraselist.{$dansguardian_groups['phraseacl']}' + bannedsitelist = '/usr/local/etc/dansguardian/lists/bannedsitelist.{$dansguardian_groups['siteacl']}' + greysitelist = '/usr/local/etc/dansguardian/lists/greysitelist.{$dansguardian_groups['siteacl']}' + exceptionsitelist = '/usr/local/etc/dansguardian/lists/exceptionsitelist.{$dansguardian_groups['siteacl']}' + bannedurllist = '/usr/local/etc/dansguardian/lists/bannedurllist.{$dansguardian_groups['urlacl']}' + greyurllist = '/usr/local/etc/dansguardian/lists/greyurllist.{$dansguardian_groups['urlacl']}' + exceptionurllist = '/usr/local/etc/dansguardian/lists/exceptionurllist.{$dansguardian_groups['urlacl']}' + exceptionregexpurllist = '/usr/local/etc/dansguardian/lists/exceptionregexpurllist.{$dansguardian_groups['urlacl']}' + bannedregexpurllist = '/usr/local/etc/dansguardian/lists/bannedregexpurllist.{$dansguardian_groups['urlacl']}' + contentregexplist = '/usr/local/etc/dansguardian/lists/contentregexplist.{$dansguardian_groups['contentacl']}' + urlregexplist = '/usr/local/etc/dansguardian/lists/urlregexplist.{$dansguardian_groups['urlacl']}' + exceptionextensionlist = '/usr/local/etc/dansguardian/lists/exceptionextensionlist.{$dansguardian_groups['extensionacl']}' + exceptionmimetypelist = '/usr/local/etc/dansguardian/lists/exceptionmimetypelist.{$dansguardian_groups['extensionacl']}' + bannedextensionlist = '/usr/local/etc/dansguardian/lists/bannedextensionlist.{$dansguardian_groups['extensionacl']}' + bannedmimetypelist = '/usr/local/etc/dansguardian/lists/bannedmimetypelist.{$dansguardian_groups['extensionacl']}' + exceptionfilesitelist = '/usr/local/etc/dansguardian/lists/exceptionfilesitelist.{$dansguardian_groups['siteacl']}' + exceptionfileurllist = '/usr/local/etc/dansguardian/lists/exceptionfileurllist.{$dansguardian_groups['urlacl']}' + logsitelist = '/usr/local/etc/dansguardian/lists/logsitelist.{$dansguardian_groups['siteacl']}' + logurllist = '/usr/local/etc/dansguardian/lists/logurllist.{$dansguardian_groups['urlacl']}' + logregexpurllist = '/usr/local/etc/dansguardian/lists/logregexpurllist.{$dansguardian_groups['urlacl']}' + headerregexplist = '/usr/local/etc/dansguardian/lists/headerregexplist.{$dansguardian_groups['headeracl']}' + bannedregexpheaderlist = '/usr/local/etc/dansguardian/lists/bannedregexpheaderlist.{$dansguardian_groups['headeracl']}' + searchengineregexplist = '/usr/local/etc/dansguardian/lists/searchengineregexplist.{$dansguardian_groups['searchacl']}' + bannedsearchtermlist = '/usr/local/etc/dansguardian/lists/bannedsearchtermlist.{$dansguardian_groups['searchacl']}' + weightedsearchtermlist = '/usr/local/etc/dansguardian/lists/weightedsearchtermlist.{$dansguardian_groups['searchacl']}' + exceptionsearchtermlist = '/usr/local/etc/dansguardian/lists/exceptionsearchtermlist.{$dansguardian_groups['searchacl']}' + */ + $dg_dir=DANSGUARDIAN_DIR; include("/usr/local/pkg/dansguardianfx.conf.template"); file_put_contents($dansguardian_dir."/dansguardianf".$count.".conf", $dgf, LOCK_EX); @@ -700,7 +889,7 @@ EOF; <fielddescr>Users</fielddescr> <fieldname>info_checkbox</fieldname> <type>checkbox</type> - <description><![CDATA[Dansguardian users are required only when you have more then one group.<br>All unauthenticated users or unlisted uses will match first filter group.]]></description> + <description><![CDATA[Dansguardian users are required only when you have more then one group.<br>All unauthenticated users or unlisted users will match first filter group.]]></description> </field> EOF; } @@ -769,10 +958,11 @@ EOF; $cron_found=0; if (is_array($config['cron']['item'])) foreach($config['cron']['item'] as $cron) - if (!preg_match("/usr.local.(bin.freshclam|www.dansguardian.php)/",$cron["command"])){ + if (preg_match("/usr.local.(bin.freshclam|www.dansguardian)/",$cron["command"])) $cron_found++; + else $new_cron['item'][]=$cron; - } + $cron_cmd="/usr/local/bin/freshclam"; if($dansguardian_config['cron'] && preg_match("/clamd/",$dansguardian_config['content_scanners'])) switch ($dansguardian_config['cron']){ @@ -848,7 +1038,32 @@ EOF; break; } - + $cron_cmd="/usr/local/bin/php /usr/local/www/dansguardian_ldap.php"; + if (is_array($config['installedpackages']['dansguardiangroups']['config'])) + foreach ($config['installedpackages']['dansguardiangroups']['config'] as $dansguardian_groups){ + if(preg_match('/(\d+)m/',$dansguardian_groups['freq'],$matches)){ + $new_cron['item'][]=array( "minute" => "*/".$matches[1], + "hour" => "*", + "mday" => "*", + "month" => "*", + "wday" => "*", + "who" => "root", + "command"=> $cron_cmd." ".$dansguardian_groups['name']); + $config['cron']=$new_cron; + $cron_found++; + } + if(preg_match('/(\d+)h/',$dansguardian_groups['freq'],$matches)){ + $new_cron['item'][]=array( "minute" => "0", + "hour" => "*/".$matches[1], + "mday" => "*", + "month" => "*", + "wday" => "*", + "who" => "root", + "command"=> $cron_cmd." ".$dansguardian_groups['name']); + $config['cron']=$new_cron; + $cron_found++; + } + } #write files conf_mount_rw(); @@ -857,6 +1072,7 @@ EOF; #update cron if ($cron_found > 0){ $config['cron']=$new_cron; + write_config(); configure_cron(); } @@ -890,7 +1106,7 @@ EOF; $replace[0]='YES'; #clamdscan.conf dansguardian file - $cconf="/usr/local/etc/dansguardian/contentscanners/clamdscan.conf"; + $cconf=DANSGUARDIAN_DIR . "/etc/dansguardian/contentscanners/clamdscan.conf"; $cconf_file=file_get_contents($cconf); if (preg_match('/#clamdudsfile/',$cconf_file)){ $cconf_file=preg_replace('/#clamdudsfile/','clamdudsfile',$cconf_file); @@ -906,8 +1122,9 @@ EOF; $script_file=file($script); foreach ($script_file as $script_line){ if(preg_match("/command=/",$script_line)){ - $new_clamav_startup.= "/bin/mkdir /var/run/clamav\n"; - $new_clamav_startup.= "chown ".$matches[1]." /var/run/clamav\n"; + $new_clamav_startup.= 'if [ ! -d /var/run/clamav ];then /bin/mkdir /var/run/clamav;fi'."\n"; + $new_clamav_startup.= "chown -R ".$matches[1]." /var/run/clamav\n"; + $new_clamav_startup.= "chown -R ".$matches[1]." /var/log/clamav\n"; $new_clamav_startup.=$script_line; } elseif(!preg_match("/(mkdir|chown|sleep|mailscanner)/",$script_line)) { @@ -916,50 +1133,70 @@ EOF; } file_put_contents($script, $new_clamav_startup, LOCK_EX); chmod ($script,0755); - if (file_exists('/var/run/dansguardian.pid')) + if (file_exists('/var/run/dansguardian.pid') && is_process_running('clamd')){ + log_error('Stopping clamav-clamd'); mwexec("$script stop"); + } unlink_if_exists("/tmp/.dguardianipc"); unlink_if_exists("/tmp/.dguardianurlipc"); - mwexec_bg("$script start"); + if (! is_process_running('clamd')){ + log_error('Starting clamav-clamd'); + mwexec_bg("$script start"); + } } } - - $script='/usr/local/etc/rc.d/dansguardian'; - if($config['installedpackages']['dansguardian']['config'][0]['enable']){ - $script_file=file_get_contents($script); - if (preg_match('/NO/',$script_file)){ - $script_file=preg_replace("/NO/","YES",$script_file); - file_put_contents($script, $script_file, LOCK_EX); - } + #check certificate hashed + + $script='/usr/local/etc/rc.d/dansguardian.sh'; + unlink_if_exists('/usr/local/etc/rc.d/dansguardian'); + if($config['installedpackages']['dansguardian']['config'][0]['enable']=="on"){ + copy('/usr/local/pkg/dansguardian_rc.template',$script); chmod ($script,0755); - mwexec("$script stop"); - mwexec_bg("$script start"); + if (is_process_running('dansguardian')){ + log_error('Reloading Dansguardian'); + exec("/usr/local/sbin/dansguardian -r"); + } + else{ + log_error('Starting Dansguardian'); + mwexec("$script start"); + } } else{ - mwexec("$script stop"); - chmod ($script,0444); + if (is_process_running('dansguardian')){ + log_error('Dansguardian is disabled, stopping process...'); + mwexec("$script stop"); + } + if (file_exists($script)) + chmod ($script,444); } - if (!file_exists('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8')) - file_put_contents('/usr/local/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8',"",LOCK_EX); - - conf_mount_ro(); - $synconchanges = $config['installedpackages']['dansguardiansync']['config'][0]['synconchanges']; - if(!$synconchanges && !$syncondbchanges) - return; - log_error("[dansguardian] dansguardian_xmlrpc_sync.php is starting."); - foreach ($config['installedpackages']['dansguardiansync']['config'] as $rs ){ - foreach($rs['row'] as $sh){ - $sync_to_ip = $sh['ipaddress']; - $password = $sh['password']; - $sync_type = $sh['sync_type']; - if($password && $sync_to_ip) - dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type); - } - } - log_error("[dansguardian] dansguardian_xmlrpc_sync.php is ending."); + if (!file_exists(DANSGUARDIAN_DIR . '/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8')) + file_put_contents(DANSGUARDIAN_DIR . '/etc/dansguardian/lists/phraselists/pornography/weighted_russian_utf8',"",LOCK_EX); + + #check ca certs hashes + check_ca_hashes(); + #mount read only + conf_mount_ro(); + + #avoid sync during boot process + if (!isset($boot_process)){ + $synconchanges = $config['installedpackages']['dansguardiansync']['config'][0]['synconchanges']; + if(!$synconchanges && !$syncondbchanges) + return; + log_error("[dansguardian] dansguardian_xmlrpc_sync.php is starting."); + foreach ($config['installedpackages']['dansguardiansync']['config'] as $rs ){ + foreach($rs['row'] as $sh){ + $sync_to_ip = $sh['ipaddress']; + $password = $sh['password']; + $sync_type = $sh['sync_type']; + if($password && $sync_to_ip) + dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type); + } + } + log_error("[dansguardian] dansguardian_xmlrpc_sync.php is ending."); + } } function dansguardian_validate_input($post, &$input_errors) { @@ -970,20 +1207,30 @@ function dansguardian_validate_input($post, &$input_errors) { $input_errors[] = "{$value} cannot be used as name."; else if ($key == "name" && preg_match("/\W/",$value)) $input_errors[] = "{$value} cannot be used as name. Use only a-z 0-9 characters"; - + else if (empty($value)) + continue; + else if($key == "freq" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0)) + $input_errors[] = "A valid number with a time reference is required for the field 'Update Frequency'"; } } function dansguardian_php_install_command() { - sync_package_dansguardian(); + sync_package_dansguardian(); } function dansguardian_php_deinstall_command() { - mwexec("/usr/local/etc/rc.d/dansguardian stop"); - sleep(1); - conf_mount_rw(); - chmod ("/usr/local/etc/rc.d/dansguardian",0444); - conf_mount_ro(); + global $config,$g; + if(is_process_running('dansguardian')){ + log_error("stopping dansguardian.."); + mwexec("/usr/local/etc/rc.d/dansguardian.sh stop"); + sleep(1); + } + + if (file_exists("/usr/local/etc/rc.d/dansguardian.sh")){ + conf_mount_rw(); + chmod ("/usr/local/etc/rc.d/dansguardian.sh",0444); + conf_mount_ro(); + } } function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { @@ -1018,6 +1265,8 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { $xml['dansguardian'] = $config['installedpackages']['dansguardian']; $xml['dansguardianantivirusacl'] = $config['installedpackages']['dansguardianantivirusacl']; $xml['dansguardianconfig'] = $config['installedpackages']['dansguardianconfig']; + $xml['dansguardianblacklist'] = $config['installedpackages']['dansguardianblacklist']; + $xml['dansguardianldap'] = $config['installedpackages']['dansguardianldap']; $xml['dansguardiancontentacl'] = $config['installedpackages']['dansguardiancontentacl']; $xml['dansguardianfileacl'] = $config['installedpackages']['dansguardianfileacl']; $xml['dansguardiangroups'] = $config['installedpackages']['dansguardiangroups']; @@ -1048,15 +1297,15 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { $cli->setCredentials('admin', $password); if($g['debug']) $cli->setDebug(1); - /* send our XMLRPC message and timeout after 250 seconds */ - $resp = $cli->send($msg, "250"); + /* send our XMLRPC message and timeout after 30 seconds */ + $resp = $cli->send($msg, "30"); if(!$resp) { $error = "A communications error occurred while attempting dansguardian XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "dansguardian Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, "30"); $error = "An error code was received while attempting dansguardian XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "dansguardian Settings Sync", ""); @@ -1067,7 +1316,7 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { /* tell dansguardian to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/dansguardian.inc');\n"; - $execcmd .= "sync_package_dansguardian();"; + $execcmd .= "sync_package_dansguardian(true);"; /* assemble xmlrpc payload */ $params = array( @@ -1079,14 +1328,14 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip, $password,$sync_type) { $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials('admin', $password); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, "30"); if(!$resp) { $error = "A communications error occurred while attempting dansguardian XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "dansguardian Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, "30"); $error = "An error code was received while attempting dansguardian XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "dansguardian Settings Sync", ""); diff --git a/config/dansguardian/dansguardian.php b/config/dansguardian/dansguardian.php index 520cdc5c..675db6c7 100644 --- a/config/dansguardian/dansguardian.php +++ b/config/dansguardian/dansguardian.php @@ -39,28 +39,34 @@ require_once("/etc/inc/pkg-utils.inc"); require_once("/etc/inc/globals.inc"); require_once("/usr/local/pkg/dansguardian.inc"); -function fetch_blacklist(){ +function fetch_blacklist() { global $config,$g; $url=$config['installedpackages']['dansguardianblacklist']['config'][0]['url']; - if (is_url($url)){ + if (is_url($url)) { conf_mount_rw(); print "file download start.."; unlink_if_exists("/usr/local/etc/dansguardian/lists/blacklist.tgz"); - exec("/usr/bin/fetch -o /usr/local/etc/dansguardian/lists/blacklist.tgz ".escapeshellarg($url)); - chdir ("/usr/local/etc/dansguardian/lists"); - if (is_dir ("blacklists.old")) - exec ('rm -rf /usr/local/etc/dansguardian/lists/blacklists.old'); - rename("blacklists","blacklists.old"); - exec('/usr/bin/tar -xvzf /usr/local/etc/dansguardian/lists/blacklist.tgz 2>&1',$output,$return); - if (preg_match("/x\W+(\w+)/",$output[0],$matches)){ - if ($matches[1] != "blacklists") - rename("./".$matches[1],"blacklists"); - read_lists(); + exec("/usr/bin/fetch -o /usr/local/etc/dansguardian/lists/blacklist.tgz ".escapeshellarg($url),$output,$return); + if ($return == 0) { + chdir ("/usr/local/etc/dansguardian/lists"); + if (is_dir ("blacklists.old")) + exec ('rm -rf /usr/local/etc/dansguardian/lists/blacklists.old'); + rename("blacklists","blacklists.old"); + exec('/usr/bin/tar -xvzf /usr/local/etc/dansguardian/lists/blacklist.tgz 2>&1',$output,$return); + if (preg_match("/x\W+(\w+)/",$output[0],$matches)) { + if ($matches[1] != "blacklists") + rename("./".$matches[1],"blacklists"); + read_lists(); } - else - file_notice("Dansguardian - Could not determine Blacklist extract dir. Categories not updated",""); - } - else{ + else { + file_notice("Dansguardian - Could not determine Blacklist extract dir. Categories not updated",""); + } + } + else { + file_notice("Dansguardian - Could not fetch blacklists from url",""); + } + } + else { file_notice("Dansguardian - Blacklist url is invalid.",""); } } @@ -84,17 +90,33 @@ function read_lists(){ #read dir content and find lists $lists= scandir("$dir/$group/"); foreach ($lists as $list) - if (!preg_match ("/^\./",$list) && is_dir("$dir/$group/$list/")){ + if (!preg_match ("/^\./",$list) && is_dir("$dir/$group/$list/")) { $category= scandir("$dir/$group/$list/"); foreach ($category as $file) - if (!preg_match ("/^\./",$file)){ - #assign list to array - $type=split("_",$file); - if (preg_match("/(\w+)/",$type[0],$matches)); - $xml_type=$matches[1]; - if ($config['installedpackages']['dansguardianblacklist']['config'][0]["liston"]=="both" && $group=="blacklists") - $config['installedpackages']['dansguardianwhitelists'.$xml_type]['config'][]=array("descr"=> "$list $file","list" => $list,"file" => "$dir/$group/$list/$file"); - $config['installedpackages']['dansguardian'.$group.$xml_type]['config'][]=array("descr"=> "$list $file","list" => $list,"file" => "$dir/$group/$list/$file"); + if (!preg_match ("/^\./",$file)) { + if (is_dir("$dir/$group/$list/$file")) { + $subdir=$file; + $subcategory= scandir("$dir/$group/$list/$subdir/"); + foreach ($subcategory as $file) + if (!preg_match ("/^\./",$file)){ + #assign list to array + $type=split("_",$file); + if (preg_match("/(\w+)/",$type[0],$matches)); + $xml_type=$matches[1]; + if ($config['installedpackages']['dansguardianblacklist']['config'][0]["liston"]=="both" && $group=="blacklists") + $config['installedpackages']['dansguardianwhitelists'.$xml_type]['config'][]=array("descr"=> "{$list}_{$subdir} {$file}","list" => "{$list}_{$subdir}","file" => "$dir/$group/$list/$subdir/$file"); + $config['installedpackages']['dansguardian'.$group.$xml_type]['config'][]=array("descr"=> "{$list}_{$subdir} {$file}","list" => "{$list}_{$subdir}","file" => "$dir/$group/$list/$subdir/$file"); + } + } + else { + #assign list to array + $type=split("_",$file); + if (preg_match("/(\w+)/",$type[0],$matches)); + $xml_type=$matches[1]; + if ($config['installedpackages']['dansguardianblacklist']['config'][0]["liston"]=="both" && $group=="blacklists") + $config['installedpackages']['dansguardianwhitelists'.$xml_type]['config'][]=array("descr"=> "$list $file","list" => $list,"file" => "$dir/$group/$list/$file"); + $config['installedpackages']['dansguardian'.$group.$xml_type]['config'][]=array("descr"=> "$list $file","list" => $list,"file" => "$dir/$group/$list/$file"); + } } } } diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml index 41f2a447..334c99e7 100644 --- a/config/dansguardian/dansguardian.xml +++ b/config/dansguardian/dansguardian.xml @@ -69,6 +69,16 @@ <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_ldap.php</item> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_ldap.xml</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_limits.xml</item> <prefix>/usr/local/pkg/</prefix> <chmod>0755</chmod> @@ -174,6 +184,11 @@ <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> + <item>http://www.pfsense.org/packages/config/dansguardian/dansguardian_rc.template</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <additional_files_needed> <item>http://www.pfsense.org/packages/config/dansguardian/blockedflash.swf</item> <prefix>/usr/local/share/dansguardian/</prefix> <chmod>0755</chmod> @@ -201,6 +216,10 @@ <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> </tab> <tab> + <text>LDAP</text> + <url>/pkg.php?xml=dansguardian_ldap.xml</url> + </tab> + <tab> <text>Groups</text> <url>/pkg.php?xml=dansguardian_groups.xml</url> </tab> diff --git a/config/dansguardian/dansguardian_about.php b/config/dansguardian/dansguardian_about.php index f9c9e260..07b5768e 100755 --- a/config/dansguardian/dansguardian_about.php +++ b/config/dansguardian/dansguardian_about.php @@ -1,6 +1,6 @@ <?php /* - mailscanner_about.php + dansguardian_about.php part of pfSense (http://www.pfsense.com/) Copyright (C) 2011 Marcello Coutinho <marcellocoutinho@gmail.com> All rights reserved. @@ -27,7 +27,7 @@ POSSIBILITY OF SUCH DAMAGE. */ -require("guiconfig.inc"); +require_once("guiconfig.inc"); $pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); if(strstr($pfSversion, "1.2")) @@ -57,6 +57,7 @@ include("head.inc"); $tab_array[] = array(gettext("Limits"), false, "/pkg_edit.php?xml=dansguardian_limits.xml&id=0"); $tab_array[] = array(gettext("Blacklist"), false, "/pkg_edit.php?xml=dansguardian_blacklist.xml&id=0"); $tab_array[] = array(gettext("Access Lists"), false, "/pkg_edit.php?xml=dansguardian_antivirus.xml&id=0"); + $tab_array[] = array(gettext("LDAP"), false, "/pkg.php?xml=dansguardian_ldap.xml&id=0"); $tab_array[] = array(gettext("Groups"), false, "/pkg.php?xml=dansguardian_groups.xml&id=0"); $tab_array[] = array(gettext("Users"), false, "/pkg.php?xml=dansguardian_users.xml&id=0"); $tab_array[] = array(gettext("IPs"), false, "/pkg.php?xml=dansguardian_ips.xml&id=0"); @@ -95,9 +96,9 @@ include("head.inc"); <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='http://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Donatios ");?></td> - <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br> - If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br><br>");?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Donations ");?></td> + <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='http://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to the pfSense project</a>.<br><br> + If you want your donation to go to this package developer, make a note on the donation forwarding it to me.<br><br>");?></td> </tr> </table> diff --git a/config/dansguardian/dansguardian_blacklist.xml b/config/dansguardian/dansguardian_blacklist.xml index a8895342..d95558e6 100644 --- a/config/dansguardian/dansguardian_blacklist.xml +++ b/config/dansguardian/dansguardian_blacklist.xml @@ -69,6 +69,10 @@ <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> </tab> <tab> + <text>LDAP</text> + <url>/pkg.php?xml=dansguardian_ldap.xml</url> + </tab> + <tab> <text>Groups</text> <url>/pkg.php?xml=dansguardian_groups.xml</url> </tab> diff --git a/config/dansguardian/dansguardian_config.xml b/config/dansguardian/dansguardian_config.xml index 11a34434..0c14a7bb 100644 --- a/config/dansguardian/dansguardian_config.xml +++ b/config/dansguardian/dansguardian_config.xml @@ -69,6 +69,10 @@ <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> </tab> <tab> + <text>LDAP</text> + <url>/pkg.php?xml=dansguardian_ldap.xml</url> + </tab> + <tab> <text>Groups</text> <url>/pkg.php?xml=dansguardian_groups.xml</url> </tab> @@ -99,10 +103,10 @@ <type>listtopic</type> </field> <field> - <fielddescr>Auth Plugin</fielddescr> + <fielddescr>Auth Plugins</fielddescr> <fieldname>auth_plugin</fieldname> <description><![CDATA[This option handle the extraction of client usernames from various sources, such as Proxy-Authorisation headers and ident servers, - enabling requests to be handled according to the settings of the user's filter group.]]></description> + enabling requests to be handled according to the settings of the user's filter group]]></description> <type>select</type> <options> <option><name>Proxy-Basic</name><value>/usr/local/etc/dansguardian/authplugins/proxy-basic.conf</value></option> @@ -110,7 +114,7 @@ <option><name>Proxy-Ntlm</name><value>/usr/local/etc/dansguardian/authplugins/proxy-ntlm.conf</value></option> <option><name>Ident</name><value>/usr/local/etc/dansguardian/authplugins/ident.conf</value></option> <option><name>Ip Address</name><value>/usr/local/etc/dansguardian/authplugins/ip.conf</value></option> - <option><name>none</name><value></value></option> + <option><name>none</name><value>none</value></option> </options> </field> <field> @@ -198,7 +202,7 @@ </field> <field> <fielddescr>CA</fielddescr> - <fieldname>ca</fieldname> + <fieldname>dca</fieldname> <description><![CDATA[Select Certificate Authority to use when SSL filtering is enabled on Group options<br> To create a CA on pfsense, go to <strong>system -> Cert Manager<strong>]]></description> <type>select_source</type> @@ -208,7 +212,7 @@ </field> <field> <fielddescr>Cert</fielddescr> - <fieldname>cert</fieldname> + <fieldname>dcert</fieldname> <description><![CDATA[Select Certificate pair to use when SSL filtering is enabled on Group options<br> To create a Certificate on pfsense, go to <strong>system -> Cert Manager<strong>]]></description> <type>select_source</type> diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml index 4849126d..9498ef4c 100755 --- a/config/dansguardian/dansguardian_groups.xml +++ b/config/dansguardian/dansguardian_groups.xml @@ -67,6 +67,10 @@ <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> </tab> <tab> + <text>LDAP</text> + <url>/pkg.php?xml=dansguardian_ldap.xml</url> + </tab> + <tab> <text>Groups</text> <url>/pkg.php?xml=dansguardian_groups.xml</url> <active/> @@ -101,7 +105,10 @@ <fielddescr>Group mode</fielddescr> <fieldname>mode</fieldname> </columnitem> - + <columnitem> + <fielddescr>Reporting level</fielddescr> + <fieldname>reportinglevel</fieldname> + </columnitem> <columnitem> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> @@ -148,7 +155,6 @@ <multiple/> <size>10</size> </field> - <field> <fielddescr>Pics</fielddescr> <fieldname>picsacl</fieldname> @@ -157,6 +163,8 @@ <source><![CDATA[$config['installedpackages']['dansguardianpicsacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> + <multiple/> + <size>5</size> </field> <field> <fielddescr>Phrase</fielddescr> @@ -166,60 +174,74 @@ <source><![CDATA[$config['installedpackages']['dansguardianphraseacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> + <multiple/> + <size>5</size> </field> <field> <fielddescr>Site</fielddescr> <fieldname>siteacl</fieldname> - <description><![CDATA[Select Site Access List to apply on this group.]]></description> + <description><![CDATA[Select Site Access Lists to apply on this group.]]></description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['dansguardiansiteacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> + <multiple/> + <size>5</size> </field> <field> <fielddescr>URL</fielddescr> <fieldname>urlacl</fieldname> - <description><![CDATA[Select URL Access List to apply on this group.]]></description> + <description><![CDATA[Select URL Access Lists to apply on this group.]]></description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['dansguardianurlacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> + <multiple/> + <size>5</size> </field> <field> <fielddescr>Extension</fielddescr> <fieldname>extensionacl</fieldname> - <description><![CDATA[Select Extension Access List to apply on this group.]]></description> + <description><![CDATA[Select Extension Access Lists to apply on this group.]]></description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['dansguardianfileacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> + <multiple/> + <size>5</size> </field> <field> <fielddescr>Header</fielddescr> <fieldname>headeracl</fieldname> - <description><![CDATA[Select Header Access List to apply on this group.]]></description> + <description><![CDATA[Select Header Access Lists to apply on this group.]]></description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['dansguardianheaderacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> + <multiple/> + <size>5</size> </field> <field> <fielddescr>Content</fielddescr> <fieldname>contentacl</fieldname> - <description><![CDATA[Select Content Access List to apply on this group.]]></description> + <description><![CDATA[Select Content Access Lists to apply on this group.]]></description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['dansguardiancontentacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> + <multiple/> + <size>5</size> </field> <field> <fielddescr>Search</fielddescr> <fieldname>searchacl</fieldname> - <description><![CDATA[Select Search Access list to apply on this group.]]></description> + <description><![CDATA[Select Search Access lists to apply on this group.]]></description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['dansguardiansearchacl']['config']]]></source> <source_name>name</source_name> <source_value>name</source_value> + <multiple/> + <size>5</size> </field> <field> <name>Values</name> @@ -244,7 +266,8 @@ If defined, this overrides the global setting in dansguardian.conf for members of this filter group.]]></description> <type>select</type> <options> - <option><name>Use HTML template file (accessdeniedaddress ignored) - recommended</name><value>3</value></option> + <option><name>Use General log option selected on Report and log - recommended</name><value>global</value></option> + <option><name>Use HTML template file (accessdeniedaddress ignored)</name><value>3</value></option> <option><name>Report fully</name><value>2</value></option> <option><name>Report why but not what denied phrase</name><value>1</value></option> <option><name>Just say 'Access Denied'</name><value>0</value></option> @@ -252,6 +275,15 @@ </options> </field> <field> + <fielddescr>Access Denied cgi</fielddescr> + <fieldname>reportingcgi</fieldname> + <description><![CDATA[While using Report Level (report fully) or (Report why but not what denied phrase), specify here the url link to your access denied cgi script + ex:http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl]]></description> + <type>input</type> + <size>70</size> + </field> + + <field> <fielddescr>Weighted phrase mode</fielddescr> <fieldname>weightedphrasemode</fieldname> <description><![CDATA[IMPORTANT: Note that setting this to "0" turns off all features which extract phrases from page content, @@ -318,6 +350,15 @@ <type>input</type> <size>10</size> </field> + <field> + <fielddescr>Temporary Denied Page Bypass Secret Key</fielddescr> + <fieldname>bypasskey</fieldname> + <description><![CDATA[If not empty, rather than generating a random key you can specify one. It must be more than 8 chars.<br> + Ex1:Mary had a little lamb.<br> + Ex2:76b42abc1cd0fdcaf6e943dcbc93b826]]></description> + <type>input</type> + <size>70</size> + </field> <field> <fielddescr>Infection/Scan Error Bypass</fielddescr> <fieldname>infectionbypass</fieldname> @@ -328,6 +369,32 @@ <type>input</type> <size>10</size> </field> + <field> + <name>LDAP</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>LDAP</fielddescr> + <fieldname>ldap</fieldname> + <description><![CDATA[Select Active directory servers to extract users from<br> + The group must has the same name in dansguardian and on active directory<br> + <strong>This is not aplicable for default group</strong>]]></description> + <type>select_source</type> + <size>05</size> + <multiple/> + <source><![CDATA[$config['installedpackages']['dansguardianldap']['config']]]></source> + <source_name>dc</source_name> + <source_value>dc</source_value> + </field> + <field> + <fielddescr>Update frequency</fielddescr> + <fieldname>freq</fieldname> + <description><![CDATA[How often extract users from active directory and verify changes<br> + Valid options are minutes(m), hours(h)<br> + Sample: To update every two minute, use 2m]]></description> + <type>input</type> + <size>05</size> + </field> </fields> <custom_php_install_command> dansguardian_php_install_command(); diff --git a/config/dansguardian/dansguardian_ips_header.xml b/config/dansguardian/dansguardian_ips_header.xml index 2029fabf..c15e31da 100644 --- a/config/dansguardian/dansguardian_ips_header.xml +++ b/config/dansguardian/dansguardian_ips_header.xml @@ -67,6 +67,10 @@ <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> </tab> <tab> + <text>LDAP</text> + <url>/pkg.php?xml=dansguardian_ldap.xml</url> + </tab> + <tab> <text>Groups</text> <url>/pkg.php?xml=dansguardian_groups.xml</url> </tab> @@ -93,4 +97,18 @@ </tab> </tabs> <fields> -
\ No newline at end of file + <field> + <name>Exception IP list</name> + <type>listtopic</type> + </field> + <field> + <fieldname>exceptioniplist</fieldname> + <fielddescr>Exception Ip List</fielddescr> + <description><![CDATA[Include ip addresses and or ipadresses/netmask of computers from which web access should not be filtered.<br> + Leave empty to load dansguardian defaults.]]></description> + <type>textarea</type> + <cols>80</cols> + <rows>12</rows> + <encoding>base64</encoding> + </field> +
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_ldap.php b/config/dansguardian/dansguardian_ldap.php new file mode 100644 index 00000000..c02289ac --- /dev/null +++ b/config/dansguardian/dansguardian_ldap.php @@ -0,0 +1,149 @@ +#!/usr/local/bin/php -f +<?php + +// based on http://samjlevy.com/2011/02/using-php-and-ldap-to-list-of-members-of-an-active-directory-group/ +// pfsense integration by marcelloc and ccesario +/* $Id$ */ +/* ========================================================================== */ +/* + dansguardian_ldap.php + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + +require_once("/etc/inc/util.inc"); +require_once("/etc/inc/functions.inc"); +require_once("/etc/inc/pkg-utils.inc"); +require_once("/etc/inc/globals.inc"); + +function explode_dn($dn, $with_attributes=0) +{ + $result = ldap_explode_dn($dn, $with_attributes); + if (is_array($result)) + foreach($result as $key => $value) { + $result[$key] = $value; + } + return $result; +} + +function get_ldap_members($group,$user,$password) { + global $ldap_host; + global $ldap_dn; + $LDAPFieldsToFind = array("member"); + $ldap = ldap_connect($ldap_host) or die("Could not connect to LDAP"); + + // OPTIONS TO AD + ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3); + ldap_set_option($ldap, LDAP_OPT_REFERRALS,0); + + ldap_bind($ldap, $user, $password) or die("Could not bind to LDAP"); + + $results = ldap_search($ldap,$ldap_dn,"cn=" . $group,$LDAPFieldsToFind); + + $member_list = ldap_get_entries($ldap, $results); + $group_member_details = array(); + if (is_array($member_list[0])) + foreach($member_list[0] as $list) + if (is_array($list)) + foreach($list as $member) { + $member_dn = explode_dn($member); + $member_cn = str_replace("CN=","",$member_dn[0]); + $member_search = ldap_search($ldap, $ldap_dn, "(CN=" . $member_cn . ")"); + $member_details = ldap_get_entries($ldap, $member_search); + $group_member_details[] = array($member_details[0]['samaccountname'][0], + $member_details[0]['displayname'][0]); + } + ldap_close($ldap); + array_shift($group_member_details); + return $group_member_details; + ldap_unbind($ldap); +} + +// Read Pfsense config +global $config,$g; + +#mount filesystem writable +conf_mount_rw(); + +$id=0; +$apply_config=0; +if (is_array($config['installedpackages']['dansguardiangroups']['config'])) + foreach($config['installedpackages']['dansguardiangroups']['config'] as $group) { + #ignore default group + if ($id > 0) + if ($argv[1] == "" || $argv[1] == $group['name']){ + $members=""; + $ldap_servers= explode (',',$group['ldap']); + echo "Group : " . $group['name']."\n"; + if (is_array($config['installedpackages']['dansguardianldap']['config'])) + foreach ($config['installedpackages']['dansguardianldap']['config'] as $server){ + if (in_array($server['dc'],$ldap_servers)){ + $ldap_dn = $server['dn']; + $ldap_host=$server['dc']; + $mask=(empty($server['mask'])?"USER":$server['mask']); + $result = get_ldap_members($group['name'],$server['username'].','.$server['dn'],$server['password']); + foreach($result as $key => $value) { + if (preg_match ("/\w+/",$value[0])){ + #var_dump($value); + $name= preg_replace('/[^(\x20-\x7F)]*/','', $value[1]); + $pattern[0]="/USER/"; + $pattern[1]="/,/"; + $pattern[2]="/NAME/"; + $replace[0]=$value[0]; + $replace[1]="\n"; + $replace[2]="$name"; + $members .= preg_replace($pattern,$replace,$mask)."\n"; + } + } + } + } + if (!empty($members)){ + $import_users = explode("\n", $members); + asort($import_users); + $members=base64_encode(implode("\n", $import_users)); + if($config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] != $members){ + $config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] = $members; + $apply_config++; + } + } + } + $id++; + } +if ($apply_config > 0){ + print "user list from LDAP is different from current group, applying new configuration..."; + write_config(); + include("/usr/local/pkg/dansguardian.inc"); + sync_package_dansguardian(); + print "done\n"; +} + +#mount filesystem read-only +conf_mount_ro(); + +?>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_ldap.xml b/config/dansguardian/dansguardian_ldap.xml new file mode 100755 index 00000000..3411f483 --- /dev/null +++ b/config/dansguardian/dansguardian_ldap.xml @@ -0,0 +1,171 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + dansguardian_ldap.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2012 Marcello Coutinho + + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>dansguardianldap</name> + <version>1.0</version> + <title>Services: Dansguardian</title> + <include_file>/usr/local/pkg/dansguardian.inc</include_file> + <tabs> + <tab> + <text>Daemon</text> + <url>/pkg_edit.php?xml=dansguardian.xml&id=0</url> + </tab> + <tab> + <text>General</text> + <url>/pkg_edit.php?xml=dansguardian_config.xml&id=0</url> + </tab> + <tab> + <text>Limits</text> + <url>/pkg_edit.php?xml=dansguardian_limits.xml&id=0</url> + </tab> + <tab> + <text>Blacklist</text> + <url>/pkg_edit.php?xml=dansguardian_blacklist.xml&id=0</url> + </tab> + <tab> + <text>Access Lists</text> + <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> + </tab> + <tab> + <text>LDAP</text> + <url>/pkg.php?xml=dansguardian_ldap.xml</url> + <active/> + </tab> + <tab> + <text>Groups</text> + <url>/pkg.php?xml=dansguardian_groups.xml</url> + </tab> + <tab> + <text>Users</text> + <url>/pkg_edit.php?xml=dansguardian_users.xml</url> + </tab> + <tab> + <text>IPs</text> + <url>/pkg_edit.php?xml=dansguardian_ips.xml</url> + </tab> + <tab> + <text>Report and log</text> + <url>/pkg_edit.php?xml=dansguardian_log.xml&id=0</url> + </tab> + <tab> + <text>XMLRPC Sync</text> + <url>/pkg_edit.php?xml=dansguardian_sync.xml&id=0</url> + </tab> + <tab> + <text>Help</text> + <url>/dansguardian_about.php</url> + </tab> +</tabs> +<adddeleteeditpagefields> + <columnitem> + <fielddescr>hostname</fielddescr> + <fieldname>dc</fieldname> + </columnitem> + <columnitem> + <fielddescr>domain</fielddescr> + <fieldname>dn</fieldname> + </columnitem> + + <columnitem> + <fielddescr>username</fielddescr> + <fieldname>username</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <name>Ldap configuration</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Hostname</fielddescr> + <description><![CDATA[LDAP hostname example:<strong>dc1.mysite.com</strong>]]></description> + <fieldname>dc</fieldname> + <type>input</type> + <size>25</size> + </field> + <field> + <fielddescr>Domain</fielddescr> + <description><![CDATA[LDAP Domain example:<strong> dc=mysite,dc=com</strong>]]></description> + <fieldname>dn</fieldname> + <type>input</type> + <size>25</size> + </field> + <field> + <fielddescr>Username</fielddescr> + <description><![CDATA[Username Example:<strong>cn=antispam,cn=Users</strong>]]></description> + <fieldname>username</fieldname> + <type>input</type> + <size>25</size> + </field> + <field> + <fielddescr>Password</fielddescr> + <description><![CDATA[User password]]></description> + <fieldname>password</fieldname> + <type>password</type> + <size>10</size> + </field> + <field> + <fielddescr>mask</fielddescr> + <description><![CDATA[Default: USER<br>Apply prefix or sufix any info to username extracted.<br> + use "," if you need more than one mask for each user<br> + <strong>domain\USER #NAME,USER@MYDOMAIN.COM</strong><br> + NAME shows user name<br> + USER shows user login<br>]]></description> + <fieldname>mask</fieldname> + <type>input</type> + <size>50</size> + </field> + </fields> + <custom_php_install_command> + dansguardian_php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + dansguardian_php_deinstall_command(); + </custom_php_deinstall_command> + <custom_php_validation_command> + dansguardian_validate_input($_POST, &$input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_dansguardian(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/dansguardian/dansguardian_limits.xml b/config/dansguardian/dansguardian_limits.xml index eef24d52..4974bc7d 100644 --- a/config/dansguardian/dansguardian_limits.xml +++ b/config/dansguardian/dansguardian_limits.xml @@ -69,6 +69,10 @@ <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> </tab> <tab> + <text>LDAP</text> + <url>/pkg.php?xml=dansguardian_ldap.xml</url> + </tab> + <tab> <text>Groups</text> <url>/pkg.php?xml=dansguardian_groups.xml</url> </tab> diff --git a/config/dansguardian/dansguardian_log.xml b/config/dansguardian/dansguardian_log.xml index 3a0f241e..a9b9d0e9 100644 --- a/config/dansguardian/dansguardian_log.xml +++ b/config/dansguardian/dansguardian_log.xml @@ -68,6 +68,10 @@ <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> </tab> <tab> + <text>LDAP</text> + <url>/pkg.php?xml=dansguardian_ldap.xml</url> + </tab> + <tab> <text>Groups</text> <url>/pkg.php?xml=dansguardian_groups.xml</url> </tab> @@ -110,6 +114,14 @@ <option><name>Just say 'Access Denied'</name><value>0</value></option> <option><name>Log but do not block - Stealth mode</name><value>-1</value></option> </options> + </field> + <field> + <fielddescr>Access Denied cgi</fielddescr> + <fieldname>reportingcgi</fieldname> + <description><![CDATA[While using Report Level (report fully) or (Report why but not what denied phrase), specify here the url link to your access denied cgi script + ex:http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl]]></description> + <type>input</type> + <size>70</size> </field> <field> <fielddescr>Report Language</fielddescr> diff --git a/config/dansguardian/dansguardian_rc.template b/config/dansguardian/dansguardian_rc.template new file mode 100755 index 00000000..580fb835 --- /dev/null +++ b/config/dansguardian/dansguardian_rc.template @@ -0,0 +1,35 @@ +#!/bin/sh +# $FreeBSD: ports/www/dansguardian-devel/files/dansguardian.in,v 1.6 2012/01/14 08:57:12 dougb Exp $ + +# PROVIDE: dansguardian +# REQUIRE: NETWORKING SERVERS squid +# KEYWORD: shutdown + +# Define these dansguardian_* variables in one of these files: +# /etc/rc.conf +# /etc/rc.conf.local +# /etc/rc.conf.d/dansguardian +# +# DO YEST CHANGE THESE DEFAULT VALUES HERE +# +# dansguardian_enable="YES" +# dansguardian_flags="<set as needed>" +sysctl kern.ipc.somaxconn=16384 +sysctl kern.maxfiles=131072 +sysctl kern.maxfilesperproc=104856 +sysctl kern.threads.max_threads_per_proc=4096 + +dansguardian_enable=${dansguardian_enable:-"YES"} +dansguardian_pidfile=${dansguardian_pidfile:-"/var/run/dansguardian.pid"} + +. /etc/rc.subr + +name="dansguardian" +rcvar=dansguardian_enable +command="/usr/local/sbin/${name}" + +load_rc_config $name + +pidfile="${dansguardian_pidfile}" + +run_rc_command "$1" diff --git a/config/dansguardian/dansguardian_site_acl.xml b/config/dansguardian/dansguardian_site_acl.xml index 163c94c9..fcddfea6 100755 --- a/config/dansguardian/dansguardian_site_acl.xml +++ b/config/dansguardian/dansguardian_site_acl.xml @@ -161,7 +161,7 @@ </field> <field> <fielddescr>Enable</fielddescr> - <fieldname>greysite_enable</fieldname> + <fieldname>greysite_enabled</fieldname> <type>checkbox</type> <description></description> </field> diff --git a/config/dansguardian/dansguardian_sync.xml b/config/dansguardian/dansguardian_sync.xml index c041f398..f91eae6a 100755 --- a/config/dansguardian/dansguardian_sync.xml +++ b/config/dansguardian/dansguardian_sync.xml @@ -67,6 +67,10 @@ <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> </tab> <tab> + <text>LDAP</text> + <url>/pkg.php?xml=dansguardian_ldap.xml</url> + </tab> + <tab> <text>Groups</text> <url>/pkg.php?xml=dansguardian_groups.xml</url> </tab> diff --git a/config/dansguardian/dansguardian_url_acl.xml b/config/dansguardian/dansguardian_url_acl.xml index 28497e57..556e0bab 100755 --- a/config/dansguardian/dansguardian_url_acl.xml +++ b/config/dansguardian/dansguardian_url_acl.xml @@ -77,7 +77,7 @@ </tab> <tab> <text>Content</text> - <url>/pkg.php?xml=dansguardian_file_acl.xml</url> + <url>/pkg.php?xml=dansguardian_content_acl.xml</url> </tab> <tab> <text>Header</text> diff --git a/config/dansguardian/dansguardian_users_header.xml b/config/dansguardian/dansguardian_users_header.xml index 70edb5fe..1f15a610 100644 --- a/config/dansguardian/dansguardian_users_header.xml +++ b/config/dansguardian/dansguardian_users_header.xml @@ -67,6 +67,10 @@ <url>/pkg_edit.php?xml=dansguardian_antivirus_acl.xml&id=0</url> </tab> <tab> + <text>LDAP</text> + <url>/pkg.php?xml=dansguardian_ldap.xml</url> + </tab> + <tab> <text>Groups</text> <url>/pkg.php?xml=dansguardian_groups.xml</url> </tab> diff --git a/config/dansguardian/dansguardianfx.conf.template b/config/dansguardian/dansguardianfx.conf.template index cb811e21..cfc9645e 100644 --- a/config/dansguardian/dansguardianfx.conf.template +++ b/config/dansguardian/dansguardianfx.conf.template @@ -56,20 +56,20 @@ groupmode = {$dansguardian_groups['mode']} groupname = '{$dansguardian_groups['name']}' # Content filtering files location -bannedphraselist = '/usr/local/etc/dansguardian/lists/weightedphraselist.{$dansguardian_groups['phraseacl']}' -weightedphraselist = '/usr/local/etc/dansguardian/lists/weightedphraselist.{$dansguardian_groups['phraseacl']}' -exceptionphraselist = '/usr/local/etc/dansguardian/lists/exceptionphraselist.{$dansguardian_groups['phraseacl']}' -bannedsitelist = '/usr/local/etc/dansguardian/lists/bannedsitelist.{$dansguardian_groups['siteacl']}' -greysitelist = '/usr/local/etc/dansguardian/lists/greysitelist.{$dansguardian_groups['siteacl']}' -exceptionsitelist = '/usr/local/etc/dansguardian/lists/exceptionsitelist.{$dansguardian_groups['siteacl']}' -bannedurllist = '/usr/local/etc/dansguardian/lists/bannedurllist.{$dansguardian_groups['urlacl']}' -greyurllist = '/usr/local/etc/dansguardian/lists/greyurllist.{$dansguardian_groups['urlacl']}' -exceptionurllist = '/usr/local/etc/dansguardian/lists/exceptionurllist.{$dansguardian_groups['urlacl']}' -exceptionregexpurllist = '/usr/local/etc/dansguardian/lists/exceptionregexpurllist.{$dansguardian_groups['urlacl']}' -bannedregexpurllist = '/usr/local/etc/dansguardian/lists/bannedregexpurllist.{$dansguardian_groups['urlacl']}' -picsfile = '/usr/local/etc/dansguardian/lists/{$dansguardian_groups['picsacl']}' -contentregexplist = '/usr/local/etc/dansguardian/lists/contentregexplist.{$dansguardian_groups['contentacl']}' -urlregexplist = '/usr/local/etc/dansguardian/lists/urlregexplist.{$dansguardian_groups['urlacl']}' +bannedphraselist = '{$dg_dir}/etc/dansguardian/lists/bannedphraselist.g_{$dansguardian_groups['name']}' +weightedphraselist = '{$dg_dir}/etc/dansguardian/lists/weightedphraselist.g_{$dansguardian_groups['name']}' +exceptionphraselist = '{$dg_dir}/etc/dansguardian/lists/exceptionphraselist.g_{$dansguardian_groups['name']}' +bannedsitelist = '{$dg_dir}/etc/dansguardian/lists/bannedsitelist.g_{$dansguardian_groups['name']}' +greysitelist = '{$dg_dir}/etc/dansguardian/lists/greysitelist.g_{$dansguardian_groups['name']}' +exceptionsitelist = '{$dg_dir}/etc/dansguardian/lists/exceptionsitelist.g_{$dansguardian_groups['name']}' +bannedurllist = '{$dg_dir}/etc/dansguardian/lists/bannedurllist.g_{$dansguardian_groups['name']}' +greyurllist = '{$dg_dir}/etc/dansguardian/lists/greyurllist.g_{$dansguardian_groups['name']}' +exceptionurllist = '{$dg_dir}/etc/dansguardian/lists/exceptionurllist.g_{$dansguardian_groups['name']}' +exceptionregexpurllist = '{$dg_dir}/etc/dansguardian/lists/exceptionregexpurllist.g_{$dansguardian_groups['name']}' +bannedregexpurllist = '{$dg_dir}/etc/dansguardian/lists/bannedregexpurllist.g_{$dansguardian_groups['name']}' +picsfile = '{$dg_dir}/etc/dansguardian/lists/g_{$dansguardian_groups['name']}' +contentregexplist = '{$dg_dir}/etc/dansguardian/lists/contentregexplist.g_{$dansguardian_groups['name']}' +urlregexplist = '{$dg_dir}/etc/dansguardian/lists/urlregexplist.g_{$dansguardian_groups['name']}' # Filetype filtering # @@ -83,28 +83,28 @@ urlregexplist = '/usr/local/etc/dansguardian/lists/urlregexplist.{$dansguardian_ # (on | off) # blockdownloads = {$dansguardian_groups['blockdownloads']} -exceptionextensionlist = '/usr/local/etc/dansguardian/lists/exceptionextensionlist.{$dansguardian_groups['extensionacl']}' -exceptionmimetypelist = '/usr/local/etc/dansguardian/lists/exceptionmimetypelist.{$dansguardian_groups['extensionacl']}' +exceptionextensionlist = '{$dg_dir}/etc/dansguardian/lists/exceptionextensionlist.g_{$dansguardian_groups['name']}' +exceptionmimetypelist = '{$dg_dir}/etc/dansguardian/lists/exceptionmimetypelist.g_{$dansguardian_groups['name']}' # # Use the following lists to block specific kinds of file downloads. # The two exception lists above can be used to override these. # -bannedextensionlist = '/usr/local/etc/dansguardian/lists/bannedextensionlist.{$dansguardian_groups['extensionacl']}' -bannedmimetypelist = '/usr/local/etc/dansguardian/lists/bannedmimetypelist.{$dansguardian_groups['extensionacl']}' +bannedextensionlist = '{$dg_dir}/etc/dansguardian/lists/bannedextensionlist.g_{$dansguardian_groups['name']}' +bannedmimetypelist = '{$dg_dir}/etc/dansguardian/lists/bannedmimetypelist.g_{$dansguardian_groups['name']}' # # In either file filtering mode, the following list can be used to override # MIME type & extension blocks for particular domains & URLs (trusted download sites). # -exceptionfilesitelist = '/usr/local/etc/dansguardian/lists/exceptionfilesitelist.{$dansguardian_groups['siteacl']}' -exceptionfileurllist = '/usr/local/etc/dansguardian/lists/exceptionfileurllist.{$dansguardian_groups['urlacl']}' +exceptionfilesitelist = '{$dg_dir}/etc/dansguardian/lists/exceptionfilesitelist.g_{$dansguardian_groups['name']}' +exceptionfileurllist = '{$dg_dir}/etc/dansguardian/lists/exceptionfileurllist.g_{$dansguardian_groups['name']}' # Categorise without blocking: # Supply categorised lists here and the category string shall be logged against # matching requests, but matching these lists does not perform any filtering # action. -logsitelist = '/usr/local/etc/dansguardian/lists/logsitelist.{$dansguardian_groups['siteacl']}' -logurllist = '/usr/local/etc/dansguardian/lists/logurllist.{$dansguardian_groups['urlacl']}' -logregexpurllist = '/usr/local/etc/dansguardian/lists/logregexpurllist.{$dansguardian_groups['urlacl']}' +logsitelist = '{$dg_dir}/etc/dansguardian/lists/logsitelist.g_{$dansguardian_groups['name']}' +logurllist = '{$dg_dir}/etc/dansguardian/lists/logurllist.g_{$dansguardian_groups['name']}' +logregexpurllist = '{$dg_dir}/etc/dansguardian/lists/logregexpurllist.g_{$dansguardian_groups['name']}' # Outgoing HTTP header rules: # Optional lists for blocking based on, and modification of, outgoing HTTP @@ -115,8 +115,8 @@ logregexpurllist = '/usr/local/etc/dansguardian/lists/logregexpurllist.{$dansgua # Headers are matched/replaced on a line-by-line basis, not as a contiguous # block. # Use for example, to remove cookies or prevent certain user-agents. -headerregexplist = '/usr/local/etc/dansguardian/lists/headerregexplist.{$dansguardian_groups['headeracl']}' -bannedregexpheaderlist = '/usr/local/etc/dansguardian/lists/bannedregexpheaderlist.{$dansguardian_groups['headeracl']}' +headerregexplist = '{$dg_dir}/etc/dansguardian/lists/headerregexplist.g_{$dansguardian_groups['name']}' +bannedregexpheaderlist = '{$dg_dir}/etc/dansguardian/lists/bannedregexpheaderlist.g_{$dansguardian_groups['name']}' # Weighted phrase mode # Optional; overrides the weightedphrasemode option in dansguardian.conf @@ -143,7 +143,7 @@ naughtynesslimit = {$dansguardian_groups['naughtynesslimit']} # List of regular expressions for matching search engine URLs. It is assumed # that the search terms themselves will be contained within the first submatch # of each expression. -searchengineregexplist = '/usr/local/etc/dansguardian/lists/searchengineregexplist.{$dansguardian_groups['searchacl']}' +searchengineregexplist = '{$dg_dir}/etc/dansguardian/lists/searchengineregexplist.g_{$dansguardian_groups['name']}' # # Search term limit # The limit over which requests will be blocked for containing search terms @@ -165,9 +165,9 @@ searchtermlimit = {$dansguardian_groups['searchtermlimit']} # of text. # Please note that all or none of the below should be uncommented, not a # mixture. -bannedsearchtermlist = '/usr/local/etc/dansguardian/lists/bannedsearchtermlist.{$dansguardian_groups['searchacl']}' -weightedsearchtermlist = '/usr/local/etc/dansguardian/lists/weightedsearchtermlist.{$dansguardian_groups['searchacl']}' -exceptionsearchtermlist = '/usr/local/etc/dansguardian/lists/exceptionsearchtermlist.{$dansguardian_groups['searchacl']}' +bannedsearchtermlist = '{$dg_dir}/etc/dansguardian/lists/bannedsearchtermlist.g_{$dansguardian_groups['name']}' +weightedsearchtermlist = '{$dg_dir}/etc/dansguardian/lists/weightedsearchtermlist.g_{$dansguardian_groups['name']}' +exceptionsearchtermlist = '{$dg_dir}/etc/dansguardian/lists/exceptionsearchtermlist.g_{$dansguardian_groups['name']}' # Category display threshold # This option only applies to pages blocked by weighted phrase filtering. @@ -268,8 +268,8 @@ deepurlanalysis = {$dansguardian_groups['deepurlanalysis']} # # If defined, this overrides the global setting in dansguardian.conf for # members of this filter group. -# -#reportinglevel = {$dansguardian_groups['reportinglevel']} +# reportinglevel = 3 +{$groupreportinglevel} # accessdeniedaddress is the address of your web server to which the cgi # dansguardian reporting script was copied. Only used in reporting levels @@ -284,8 +284,8 @@ deepurlanalysis = {$dansguardian_groups['deepurlanalysis']} # # If defined, this overrides the global setting in dansguardian.conf for # members of this filter group. -# -#accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' +# accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl' +{$groupaccessdeniedaddress} # HTML Template override # If defined, this specifies a custom HTML template file for members of this @@ -293,12 +293,12 @@ deepurlanalysis = {$dansguardian_groups['deepurlanalysis']} # only used in reporting level 3. # # The default template file path is <languagedir>/<language>/template.html -# e.g. /usr/local/share/dansguardian/languages/ukenglish/template.html when using 'ukenglish' +# e.g. {$dg_dir}/share/dansguardian/languages/ukenglish/template.html when using 'ukenglish' # language. # # This option generates a file path of the form: # <languagedir>/<language>/<htmltemplate> -# e.g. /usr/local/share/dansguardian/languages/ukenglish/custom.html +# e.g. {$dg_dir}/share/dansguardian/languages/ukenglish/custom.html # #htmltemplate = 'custom.html' @@ -376,6 +376,7 @@ sslcertcheck = {$dansguardian_groups['sslcertcheck']} # Forge ssl certificates for all sites, decrypt the data then re encrypt it # using a different private key. Used to filter ssl sites sslmitm = {$dansguardian_groups['sslmitm']} +#mitmkey = '{$dansguardian_groups['mitmkey']}' EOF; |