aboutsummaryrefslogtreecommitdiffstats
path: root/config/ntopng
diff options
context:
space:
mode:
Diffstat (limited to 'config/ntopng')
-rw-r--r--config/ntopng/ntopng.inc374
-rw-r--r--config/ntopng/ntopng.xml286
2 files changed, 439 insertions, 221 deletions
diff --git a/config/ntopng/ntopng.inc b/config/ntopng/ntopng.inc
new file mode 100644
index 00000000..27b484c1
--- /dev/null
+++ b/config/ntopng/ntopng.inc
@@ -0,0 +1,374 @@
+<?php
+/*
+ ntopng.inc
+ part of pfSense (https://www.pfSense.org/)
+ Copyright (C) 2015 ESF, LLC
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+require_once("pkg-utils.inc");
+
+function ntopng_php_install_command() {
+ global $config, $pf_version, $scripts_path, $fonts_path;
+ $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+
+ /* Various hacks around PBI stupidity */
+ if ($pf_version == "2.2") {
+ $fonts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/lib/X11/fonts";
+ $scripts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/share/ntopng/scripts";
+ } else if ($pf_version == "2.1") {
+ $fonts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/lib/X11/fonts";
+ $scripts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/share/ntopng/scripts";
+ } else {
+ $fonts_path = "/usr/local/lib/X11/fonts";
+ }
+ if ($pf_version == "2.1" || $pf_version == "2.2") {
+ $ntopng_share_path = "/usr/local/share/ntopng";
+ $scripts_link_path = $ntopng_share_path . "/scripts";
+ safe_mkdir("$ntopng_share_path", 0755);
+ if (!file_exists($scripts_link_path)) {
+ symlink($scripts_path, $scripts_link_path);
+ }
+ }
+ /* Fix broken GUI fonts */
+ mwexec("/bin/cp -Rp {$fonts_path}/webfonts/ {$fonts_path}/TTF/");
+
+ /* Create dirs for Redis DB, data and graphs */
+ ntopng_create_datadir();
+}
+
+function ntopng_php_deinstall_command() {
+ global $config, $pf_version;
+ $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+ /* Remove the PBI-related hacks */
+ if ($pf_version == "2.1" || $pf_version == "2.2") {
+ if (is_dir("/usr/local/share/ntopng/")) {
+ mwexec("rm -rf /usr/local/share/ntopng/");
+ }
+ }
+ /* Wipe data and settings if the user does not wish to keep them */
+ $ntopng_config = $config['installedpackages']['ntopng']['config'][0];
+ if ($ntopng_config['keepdata'] != "on") {
+ if (is_dir("/var/db/ntopng/")) {
+ mwexec("rm -rf /var/db/ntopng/");
+ }
+ if (is_array($config['installedpackages']['ntopng'])) {
+ unset($config['installedpackages']['ntopng']);
+ write_config("[ntopng] Removed package settings on uninstall.");
+ }
+ log_error(gettext("[ntopng] Removed package data and settings since 'Keep Data/Settings' is disabled."));
+ }
+}
+
+function ntopng_sync_package() {
+ /* These are done via ntopng_validate_input(), just return */
+ if ($_POST['Submit'] == "Update GeoIP Data") {
+ return;
+ }
+ if ($_POST['Delete'] == "Delete (Historical) Data") {
+ return;
+ }
+
+ global $g, $config, $pf_version;
+ $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+
+ $ifaces = "";
+ $ntopng_config =& $config['installedpackages']['ntopng']['config'][0];
+ foreach ($ntopng_config['interface_array'] as $iface) {
+ $if = convert_friendly_interface_to_real_interface_name($iface);
+ if ($if) {
+ $ifaces .= " -i " . escapeshellarg("{$if}");
+ }
+ }
+
+ /* DNS Mode */
+ if (is_numeric($ntopng_config['dns_mode']) && ($ntopng_config['dns_mode'] >= 0) && ($ntopng_config['dns_mode'] <= 3)) {
+ $dns_mode = "--dns-mode " . escapeshellarg($ntopng_config['dns_mode']);
+ }
+
+ /* Local Networks */
+ switch ($ntopng_config['local_networks']) {
+ case "selected":
+ $nets = array();
+ foreach ($ntopng_config['interface_array'] as $iface) {
+ if (is_ipaddr(get_interface_ip($iface))) {
+ $nets[] = gen_subnet(get_interface_ip($iface), get_interface_subnet($iface)) . '/' . get_interface_subnet($iface);
+ }
+ }
+ if (!empty($nets)) {
+ $local_networks = "--local-networks " . escapeshellarg(implode(",", $nets));
+ }
+ break;
+ case "lanonly":
+ if (is_ipaddr(get_interface_ip('lan'))) {
+ $local_networks = "--local-networks " . escapeshellarg(gen_subnet(get_interface_ip('lan'), get_interface_subnet('lan')) . '/' . get_interface_subnet('lan'));
+ }
+ break;
+ case "rfc1918":
+ default:
+ $local_networks = "--local-networks '192.168.0.0/16,172.16.0.0/12,10.0.0.0/8'";
+ break;
+ }
+
+ /* Historical Data Storage, Dump expired flows */
+ if ($ntopng_config['dump_flows'] == "on") {
+ $dump_flows = "-F";
+ }
+
+ /* Disable alerts */
+ if ($ntopng_config['disable_alerts'] == "on") {
+ $disable_alerts = "-H";
+ }
+
+ /* Create rc script */
+ if ($pf_version == "2.2") {
+ $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/bin";
+ } elseif ($pf_version == "2.1") {
+ $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/bin";
+ } else {
+ $redis_path = "/usr/local/bin";
+ }
+
+ $start = "";
+ $stop = "";
+ if ($pf_version == "2.1" || $pf_version == "2.2") {
+ $start .= "ldconfig -m /usr/pbi/ntopng-" . php_uname("m") . "/lib\n";
+ }
+ $start .= "\t{$redis_path}/redis-server --dir /var/db/ntopng/ --dbfilename ntopng.rdb &\n";
+ // TODO:
+ // Add support for --data-dir /somewhere, --httpdocs-dir /somewhereelse,
+ // --dump-timeline (on/off) --http-port, --https-port
+
+ $start .= "\t/usr/local/bin/ntopng -d /var/db/ntopng -G /var/run/ntopng.pid -s -e {$disable_alerts} {$dump_flows} {$ifaces} {$dns_mode} {$aggregations} {$local_networks} &\n";
+ $stop .= "/usr/bin/killall ntopng redis-cli redis-server\n";
+ write_rcfile(array("file" => "ntopng.sh", "start" => $start, "stop" => $stop));
+
+ /* Set up admin password */
+ ntopng_set_redis_password();
+
+ /* Restart services if enabled and not booting */
+ if ((function_exists("platform_booting")) && (!platform_booting())) {
+ ntopng_services_stop();
+ if ($ntopng_config['enable'] == "on") {
+ start_service("ntopng");
+ sleep(20);
+ }
+ } elseif (!($g['booting'])) {
+ ntopng_services_stop();
+ if ($ntopng_config['enable'] == "on") {
+ start_service("ntopng");
+ sleep(20);
+ }
+ }
+}
+
+function ntopng_services_stop() {
+ if ((is_process_running("redis-server")) || (is_process_running("ntopng"))) {
+ stop_service("ntopng");
+ }
+ for ($i = 0; $i <= 10; $i++) {
+ if ((!is_process_running("redis-server")) && (!is_process_running("ntopng"))) {
+ break;
+ }
+ sleep(2);
+ }
+}
+
+function ntopng_redis_started() {
+ global $redis_path, $pf_version, $redis_started;
+ $redis_started = false;
+ $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+ if ($pf_version == "2.2") {
+ $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/bin";
+ } elseif ($pf_version == "2.1") {
+ $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/bin";
+ } else {
+ $redis_path = "/usr/local/bin";
+ }
+ if (!is_process_running("redis-server")) {
+ if ($pf_version == "2.1" || $pf_version == "2.2") {
+ mwexec("/sbin/ldconfig -m /usr/pbi/ntopng-" . php_uname("m") . "/lib");
+ }
+ mwexec_bg("{$redis_path}/redis-server --dir /var/db/ntopng/ --dbfilename ntopng.rdb");
+ for ($i = 0; $i <= 10; $i++) {
+ if (is_process_running("redis-server")) {
+ $redis_started = true;
+ break;
+ }
+ sleep(1);
+ }
+ } else {
+ $redis_started = true;
+ }
+ return $redis_started;
+}
+
+function ntopng_set_redis_password() {
+ global $config, $ntopng_config, $redis_path;
+ $ntopng_config = $config['installedpackages']['ntopng']['config'][0];
+ $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+ if ($pf_version == "2.2") {
+ $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/bin";
+ } elseif ($pf_version == "2.1") {
+ $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/bin";
+ } else {
+ $redis_path = "/usr/local/bin";
+ }
+
+ if (!empty($ntopng_config['redis_password'])) {
+ $password = md5($ntopng_config['redis_password']);
+ if (ntopng_redis_started()) {
+ mwexec("{$redis_path}/redis-cli SET user.admin.password " . escapeshellarg($password));
+ mwexec("{$redis_path}/redis-cli save");
+ } else {
+ log_error(gettext("[ntopng] Cannot set admin password - redis-server is not running."));
+ }
+ }
+}
+
+function ntopng_create_datadir() {
+ safe_mkdir("/var/db/ntopng/rrd/graphics", 0755);
+ mwexec("/bin/chmod -R 755 /var/db/ntopng");
+ mwexec("/usr/sbin/chown -R nobody:nobody /var/db/ntopng");
+}
+
+function ntopng_update_geoip() {
+ global $config;
+ $fetchcmd = "/usr/bin/fetch";
+ $geolite_city = "https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz";
+ $geolite_city_v6 = "https://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz";
+ $geoip_asnum = "https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz";
+ $geoip_asnum_v6 = "https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNumv6.dat.gz";
+ $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+ if ($pf_version == "2.1" || $pf_version == "2.2") {
+ $output_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/share/ntopng";
+ } else {
+ $output_dir = "/usr/local/share/ntopng";
+ }
+
+ mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geolite_city}");
+ mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geolite_city_v6}");
+ mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geoip_asnum}");
+ mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geoip_asnum_v6}");
+
+ ntopng_fixup_geoip();
+
+ /* Do not (re)start services on package (re)install, only on manual GeoIP updates via the GUI */
+ if ($_POST['Submit'] == "Update GeoIP Data") {
+ $ntopng_config = $config['installedpackages']['ntopng']['config'][0];
+ ntopng_services_stop();
+ if ($ntopng_config['enable'] == "on") {
+ start_service("ntopng");
+ }
+ }
+}
+
+function ntopng_fixup_geoip() {
+ $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+ if ($pf_version == "2.1" || $pf_version == "2.2") {
+ $target_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/local/share/ntopng/httpdocs/geoip";
+ $source_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/share/ntopng";
+ } else {
+ $target_dir = "/usr/local/share/ntopng/httpdocs/geoip";
+ $source_dir = "/usr/local/share/ntopng";
+ }
+
+ safe_mkdir($target_dir, 0755);
+
+ foreach(glob("{$source_dir}/Geo*.dat*") as $geofile) {
+ /* Decompress if needed. */
+ if (substr($geofile, -3, 3) == ".gz") {
+ // keep -f here, otherwise the files will not get updated
+ mwexec("/usr/bin/gzip -d -f " . escapeshellarg($geofile));
+ }
+ }
+
+ /* Use a separate glob since the filenames could have changed since the last run */
+ foreach(glob("{$source_dir}/Geo*.dat*") as $geofile) {
+ $target_file = $target_dir . '/' . basename($geofile);
+ if (!file_exists($target_file)) {
+ symlink($geofile, $target_file);
+ }
+ }
+}
+
+function ntopng_flush_historical_data() {
+ global $config, $ntopng_config, $redis_path;
+ $ntopng_config = $config['installedpackages']['ntopng']['config'][0];
+ $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+ if ($pf_version == "2.2") {
+ $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/bin";
+ } elseif ($pf_version == "2.1") {
+ $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/bin";
+ } else {
+ $redis_path = "/usr/local/bin";
+ }
+
+ if (ntopng_redis_started()) {
+ /* Delete all the keys of all the existing Redis databases */
+ mwexec("{$redis_path}/redis-cli flushall");
+ log_error(gettext("[ntopng] Flushed Redis DB."));
+ /* Set admin password while redis-server is still running */
+ ntopng_set_redis_password();
+ log_error(gettext("[ntopng] Set admin password for Redis DB."));
+ /* Stop services and delete all graphs, data and dump flows */
+ ntopng_services_stop();
+ if (is_dir("/var/db/ntopng/")) {
+ mwexec("rm -rf /var/db/ntopng/");
+ log_error(gettext("[ntopng] Deleted ntopng historical traffic data and graphs."));
+ } else {
+ log_error(gettext("[ntopng] Nothing to delete; /var/db/ntopng/ directory not found."));
+ }
+ /* Re-create the required directory structure with proper permissions */
+ ntopng_create_datadir();
+ log_error(gettext("[ntopng] Re-created required data directory structure."));
+ /* Resync settings and restart services if enabled */
+ unset($_POST['Delete']);
+ ntopng_sync_package();
+ log_error(gettext("[ntopng] Resynced ntopng settings."));
+ } else {
+ $error = "Cannot delete historical data - redis-server is not running.";
+ log_error(gettext("[ntopng] {$error}"));
+ file_notice("ntopng", $error, "ntopng Delete Historical Data", "");
+ }
+}
+
+function ntopng_validate_input($post, &$input_errors) {
+ if (empty($post['redis_password']) || empty($post['redis_passwordagain'])) {
+ $input_errors[] = "You must provide (and confirm) ntopng's password.";
+ }
+ if ((strlen($post['redis_password']) < 5) || (strlen($post['redis_passwordagain']) < 5)) {
+ $input_errors[] = "Password must have at least 5 characters.";
+ }
+ if ($post['redis_password'] != $post['redis_passwordagain']) {
+ $input_errors[] = "The provided passwords did not match.";
+ }
+ if ($post['Submit'] == "Update GeoIP Data") {
+ ntopng_update_geoip();
+ }
+ if ($post['Delete'] == "Delete (Historical) Data") {
+ ntopng_flush_historical_data();
+ }
+}
+
+?>
diff --git a/config/ntopng/ntopng.xml b/config/ntopng/ntopng.xml
index 6c01515c..ee1a4d3e 100644
--- a/config/ntopng/ntopng.xml
+++ b/config/ntopng/ntopng.xml
@@ -9,7 +9,7 @@
/*
ntopng.xml
part of pfSense (https://www.pfSense.org/)
- Copyright (C) 2014 ESF, LLC
+ Copyright (C) 2014-2015 ESF, LLC
All rights reserved.
*/
/* ========================================================================== */
@@ -39,33 +39,36 @@
]]>
</copyright>
<name>ntopng</name>
- <version>0.7.2</version>
+ <version>0.8.0</version>
<title>Diagnostics: ntopng Settings</title>
- <savetext>Change</savetext>
+ <include_file>/usr/local/pkg/ntopng.inc</include_file>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <item>https://packages.pfsense.org/packages/config/ntopng/ntopng.inc</item>
+ </additional_files_needed>
<aftersaveredirect>pkg_edit.php?xml=ntopng.xml</aftersaveredirect>
<menu>
<name>ntopng Settings</name>
<tooltiptext>Set ntopng settings such as password and port.</tooltiptext>
<section>Diagnostics</section>
- <url>/pkg_edit.php?xml=ntopng.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=ntopng.xml</url>
</menu>
<menu>
<name>ntopng</name>
<tooltiptext>Access ntopng</tooltiptext>
<section>Diagnostics</section>
<url>http://$myurl:3000</url>
- <depends_on_service>ntopng</depends_on_service>
</menu>
<service>
<name>ntopng</name>
<rcfile>ntopng.sh</rcfile>
<executable>ntopng</executable>
- <description>ntopng bandwidth monitoring/graphing</description>
+ <description>ntopng Network Traffic Monitor</description>
</service>
<tabs>
<tab>
<text>ntopng Settings</text>
- <url>/pkg_edit.php?xml=ntopng.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=ntopng.xml</url>
<active/>
</tab>
<tab>
@@ -75,32 +78,57 @@
</tabs>
<fields>
<field>
+ <fielddescr>Enable ntopng</fielddescr>
+ <fieldname>enable</fieldname>
+ <description>Check this to enable ntopng.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Keep Data/Settings</fielddescr>
+ <fieldname>keepdata</fieldname>
+ <description>
+ <![CDATA[
+ Check this to keep ntopng settings, graphs and traffic data. (Default: on)<br />
+ <strong><span class="errmsg">Note:</span> If 'Keep Data/Settings' is disabled, all settings and data will be wiped on package uninstall/reinstall/upgrade!</strong>
+ ]]>
+ </description>
+ <type>checkbox</type>
+ <default_value>on</default_value>
+ </field>
+ <field>
<fielddescr>ntopng Admin Password</fielddescr>
- <fieldname>password</fieldname>
- <description>Enter the password for the ntopng GUI. Minimum 5 characters, defaults to admin.</description>
+ <fieldname>redis_password</fieldname>
+ <description>Enter the password for the ntopng GUI. Minimum 5 characters.</description>
<type>password</type>
+ <required>true</required>
+ <size>20</size>
</field>
<field>
<fielddescr>Confirm ntopng Admin Password</fielddescr>
- <fieldname>passwordagain</fieldname>
+ <fieldname>redis_passwordagain</fieldname>
<type>password</type>
+ <required>true</required>
+ <size>20</size>
</field>
<field>
<fielddescr>Interface</fielddescr>
<fieldname>interface_array</fieldname>
<type>interfaces_selection</type>
<size>3</size>
- <value>lan</value>
+ <default_value>lan</default_value>
<multiple>true</multiple>
+ <hideinterfaceregex>loopback</hideinterfaceregex>
</field>
<field>
<fielddescr>DNS Mode</fielddescr>
<fieldname>dns_mode</fieldname>
<description>
- Configures how name resolution is handled&lt;br/&gt;&lt;br/&gt;
- Additionally, GeoIP Data can provide location information about IP addresses.&lt;br/&gt;
- This product includes GeoLite data created by MaxMind, available from &lt;a href=&quot;http://www.maxmind.com&quot;&gt;http://www.maxmind.com&lt;/a&gt;.&lt;br/&gt;
- &lt;input type=&quot;submit&quot; name=&quot;Submit&quot; value=&quot;Update GeoIP Data&quot;&gt;
+ <![CDATA[
+ Configures how name resolution is handled.<br /><br />
+ Additionally, GeoIP Data can provide location information about IP addresses.<br />
+ This product includes GeoLite data created by MaxMind, available from <a href="http://www.maxmind.com">http://www.maxmind.com</a><br /><br />
+ <input type="submit" name="Submit" value="Update GeoIP Data" />
+ ]]>
</description>
<type>select</type>
<default_value>0</default_value>
@@ -114,7 +142,12 @@
<field>
<fielddescr>Local Networks</fielddescr>
<fieldname>local_networks</fieldname>
- <description>Configures how Local Networks are defined</description>
+ <description>
+ <![CDATA[
+ Configures how Local Networks are defined.<br />
+ (Default: Consider all RFC1918 networks local)
+ ]]>
+ </description>
<type>select</type>
<default_value>rfc1918</default_value>
<options>
@@ -126,226 +159,37 @@
<field>
<fielddescr>Historical Data Storage</fielddescr>
<fieldname>dump_flows</fieldname>
- <description>Enable historical data storage</description>
+ <description>
+ <![CDATA[
+ Enable historical data storage.<br />
+ <strong><span class="errmsg">WARNING:</span> This feature consumes HUGE amount of disk space.</strong>
+ Also, browsing the historical data is VERY slow.<br />
+ The historical interface is considered <a href="http://www.gossamer-threads.com/lists/ntop/misc/37506#37506">abandoned by upstream</a>,
+ pending more usable replacement.<br /><br />
+ <input type="submit" name="Delete" value="Delete (Historical) Data" />
+ <strong><span class="errmsg">WARNING:</span> This will delete all ntopng graphs, traffic data and historical dump flows!
+ ]]>
+ </description>
<type>checkbox</type>
</field>
<field>
<fielddescr>Disable Alerts</fielddescr>
<fieldname>disable_alerts</fieldname>
- <description>Disables all alerts generated by ntopng, such as flooding notifications</description>
+ <description>Disables all alerts generated by ntopng, such as flooding notifications.</description>
<type>checkbox</type>
</field>
</fields>
- <custom_php_global_functions>
- <![CDATA[
- function sync_package_ntopng() {
- if ($_POST['Submit'] == "Update GeoIP Data") {
- return;
- }
- conf_mount_rw();
- global $config;
- global $input_errors;
- global $pf_version, $scripts_path, $fonts_path;
- $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
- if ($_POST) {
- $config['installedpackages']['ntopng']['config'] = array();
- $config['installedpackages']['ntopng']['config'][0] = $_POST;
- }
- $ntopng_config =& $config['installedpackages']['ntopng']['config'][0];
- $if_final = "";
- $ifaces_final = "";
- safe_mkdir("/var/db/ntopng/rrd/graphics", 0755, true);
- system("/bin/chmod -R 755 /var/db/ntopng");
- system("/usr/sbin/chown -R nobody:nobody /var/db/ntopng");
-
- if ($pf_version == "2.2") {
- $fonts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/lib/X11/fonts";
- $scripts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/share/ntopng/scripts";
- } else if ($pf_version == "2.1") {
- $fonts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/lib/X11/fonts";
- $scripts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/share/ntopng/scripts";
- } else {
- $fonts_path = "/usr/local/lib/X11/fonts";
- }
- if ($pf_version == "2.1" || $pf_version == "2.2") {
- $ntopng_share_path = "/usr/local/share/ntopng";
- $scripts_link_path = $ntopng_share_path . "/scripts";
- safe_mkdir("$ntopng_share_path", 0755, true);
- if (!file_exists($scripts_link_path)) {
- symlink($scripts_path, $scripts_link_path);
- }
- }
- system("/bin/cp -Rp {$fonts_path}/webfonts/ {$fonts_path}/TTF/");
-
- $first = 0;
- foreach($ntopng_config['interface_array'] as $iface) {
- $if = convert_friendly_interface_to_real_interface_name($iface);
- if ($if) {
- $ifaces .= " -i " . escapeshellarg("{$if}");
- }
- }
-
- // DNS Mode
- if (is_numeric($ntopng_config['dns_mode']) && ($ntopng_config['dns_mode'] >= 0) && ($ntopng_config['dns_mode'] <= 3)) {
- $dns_mode = "--dns-mode " . escapeshellarg($ntopng_config['dns_mode']);
- }
-
- // Local Networks >
- switch ($ntopng_config['local_networks']) {
- case "selected":
- $nets = array();
- foreach ($ntopng_config['interface_array'] as $iface) {
- if (is_ipaddr(get_interface_ip($iface))) {
- $nets[] = gen_subnet(get_interface_ip($iface),get_interface_subnet($iface)) . '/' . get_interface_subnet($iface);
- }
- }
- if (!empty($nets))
- $local_networks = "--local-networks " . escapeshellarg(implode(",", $nets));
- break;
- case "lanonly":
- if (is_ipaddr(get_interface_ip('lan'))) {
- $local_networks = "--local-networks " . escapeshellarg(gen_subnet(get_interface_ip('lan'),get_interface_subnet('lan')) . '/' . get_interface_subnet('lan'));
- }
- break;
- case "rfc1918":
- default:
- $local_networks = "--local-networks '192.168.0.0/16,172.16.0.0/12,10.0.0.0/8'";
- break;
- }
-
- // Historical Data Storage, Dump expired flows
- if ($ntopng_config['dump_flows'] >= on) {
- $dump_flows = "-F";
- }
-
- // Disable alerts
- if ($ntopng_config['disable_alerts'] >= on) {
- $disable_alerts = "-H";
- }
-
- if ($pf_version == "2.2") {
- $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/bin";
- } else if ($pf_version == "2.1") {
- $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/bin";
- } else {
- $redis_path = "/usr/local/bin";
- }
-
- $start = "";
- if ($pf_version == "2.1" || $pf_version == "2.2") {
- $start .= "ldconfig -m /usr/pbi/ntopng-" . php_uname("m") . "/lib\n";
- }
- $start .= "\t{$redis_path}/redis-server --dir /var/db/ntopng/ --dbfilename ntopng.rdb &\n";
- // TODO:
- // Add support for --data-dir /somewhere, --httpdocs-dir /somewhereelse,
- // --dump-timeline (on/off) --http-port, --https-port
-
- $start .= "\t/usr/local/bin/ntopng -d /var/db/ntopng -G /var/run/ntopng.pid -s -e {$disable_alerts} {$dump_flows} {$ifaces} {$dns_mode} {$aggregations} {$local_networks} &";
- write_rcfile(array(
- "file" => "ntopng.sh",
- "start" => $start,
- "stop" => "/usr/bin/killall ntopng redis-cli redis-server"
- )
- );
- if (is_service_running("ntopng")) {
- stop_service("ntopng");
- // Wait for ntopng to shut down cleanly.
- sleep(20);
- }
- ntopng_fixup_geoip();
- start_service("ntopng");
- sleep(2);
-
- if (empty($ntopng_config['password']))
- $ntopng_config['password'] = "admin";
- $password = md5($ntopng_config['password']);
- mwexec_bg("{$redis_path}/redis-cli SET user.admin.password " . escapeshellarg($password));
- mwexec_bg("{$redis_path}/redis-cli save");
- conf_mount_ro();
- }
- function ntopng_update_geoip() {
- $fetchcmd = "/usr/bin/fetch";
- $geolite_city = "https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz";
- $geolite_city_v6 = "https://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz";
- $geoip_asnum = "https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz";
- $geoip_asnum_v6 = "https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNumv6.dat.gz";
- $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
- if ($pf_version == "2.1" || $pf_version == "2.2") {
- $output_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/share/ntopng";
- } else {
- $output_dir = "/usr/local/share/ntopng";
- }
-
- mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geolite_city}");
- mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geolite_city_v6}");
- mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geoip_asnum}");
- mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geoip_asnum_v6}");
-
- ntopng_fixup_geoip();
- restart_service("ntopng");
- }
- function ntopng_fixup_geoip() {
- $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
- if ($pf_version == "2.1" || $pf_version == "2.2") {
- $target_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/local/share/ntopng/httpdocs/geoip";
- $source_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/share/ntopng";
- } else {
- $target_dir = "/usr/local/share/ntopng/httpdocs/geoip";
- $source_dir = "/usr/local/share/ntopng";
- }
-
- safe_mkdir($target_dir, 0755);
-
- foreach(glob("{$source_dir}/Geo*.dat*") as $geofile) {
- /* Decompress if needed. */
- if (substr($geofile, -3, 3) == ".gz") {
- // keep -f here, otherwise the files will not get updated
- mwexec("/usr/bin/gzip -d -f " . escapeshellarg($geofile));
- }
- }
-
- /* Use a separate glob since the filenames could have changed since the last run */
- foreach(glob("{$source_dir}/Geo*.dat*") as $geofile) {
- $target_file = $target_dir . '/' . basename($geofile);
- if (!file_exists($target_file)) {
- symlink($geofile, $target_file);
- }
- }
- }
- ]]>
- </custom_php_global_functions>
- <custom_add_php_command>
- sync_package_ntopng();
- </custom_add_php_command>
<custom_php_resync_config_command>
- sync_package_ntopng();
+ ntopng_sync_package();
</custom_php_resync_config_command>
<custom_php_install_command>
- <![CDATA[
+ ntopng_php_install_command();
ntopng_update_geoip();
- sync_package_ntopng();
- ]]>
</custom_php_install_command>
<custom_php_deinstall_command>
- exec("rm /usr/local/etc/rc.d/ntopng*");
- $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
- if ($pf_version == "2.1" || $pf_version == "2.2") {
- if (is_dir("/usr/local/share/ntopng/")) {
- exec("rm -rf /usr/local/share/ntopng/");
- }
- }
+ ntopng_php_deinstall_command();
</custom_php_deinstall_command>
<custom_php_validation_command>
- <![CDATA[
- if ($_POST) {
- if (empty($_POST['password']) || empty($_POST['passwordagain']))
- $input_errors[] = "You must provide (and confirm) ntopng's password.";
- if ($_POST['password'] != $_POST['passwordagain'])
- $input_errors[] = "The provided passwords did not match.";
- if ($_POST['Submit'] == "Update GeoIP Data") {
- ntopng_update_geoip();
- }
- }
- ]]>
+ ntopng_validate_input($_POST, $input_errors);
</custom_php_validation_command>
</packagegui>