diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/apcupsd/apcupsd.xml | 2 | ||||
-rwxr-xr-x | config/apcupsd/apcupsd_mail.php | 2 | ||||
-rw-r--r-- | config/freeradius2/freeradiussettings.xml | 8 | ||||
-rw-r--r-- | config/ftpproxy/ftpproxy.inc | 147 | ||||
-rw-r--r-- | config/ftpproxy/ftpproxy.xml | 116 | ||||
-rw-r--r-- | config/lightsquid/lightsquid.inc | 3 | ||||
-rw-r--r-- | config/lightsquid/lightsquid.xml | 2 | ||||
-rw-r--r-- | config/ntopng/ntopng.xml | 19 | ||||
-rw-r--r-- | config/pfblockerng/pfblockerng.inc | 109 | ||||
-rw-r--r-- | config/pfblockerng/pfblockerng.php | 16 | ||||
-rw-r--r-- | config/pfblockerng/pfblockerng.sh | 72 | ||||
-rw-r--r-- | config/pfblockerng/pfblockerng.xml | 1 | ||||
-rw-r--r-- | config/pfblockerng/pfblockerng_alerts.php | 436 | ||||
-rw-r--r-- | config/quagga_ospfd/quagga_ospfd.inc | 64 | ||||
-rw-r--r-- | config/quagga_ospfd/quagga_ospfd.xml | 7 | ||||
-rw-r--r-- | config/siproxd/siproxd.inc | 12 | ||||
-rw-r--r-- | config/snort/snort_alerts.widget.php | 8 | ||||
-rw-r--r-- | config/vhosts/vhosts.inc | 4 | ||||
-rw-r--r-- | config/zabbix-lts/zabbix-agent-lts.xml | 179 | ||||
-rw-r--r-- | config/zabbix-lts/zabbix-lts.inc | 360 | ||||
-rw-r--r-- | config/zabbix-lts/zabbix-proxy-lts.xml | 150 |
21 files changed, 1550 insertions, 167 deletions
diff --git a/config/apcupsd/apcupsd.xml b/config/apcupsd/apcupsd.xml index 8a42f352..0b2a96e0 100644 --- a/config/apcupsd/apcupsd.xml +++ b/config/apcupsd/apcupsd.xml @@ -40,7 +40,7 @@ <name>Apcupsd</name> <title>Services: Apcupsd (General)</title> <category>Monitoring</category> - <version>0.3.2</version> + <version>0.3.3</version> <include_file>/usr/local/pkg/apcupsd.inc</include_file> <addedit_string>Apcupsd has been created/modified.</addedit_string> <delete_string>Apcupsd has been deleted.</delete_string> diff --git a/config/apcupsd/apcupsd_mail.php b/config/apcupsd/apcupsd_mail.php index d5b97f92..3b13309c 100755 --- a/config/apcupsd/apcupsd_mail.php +++ b/config/apcupsd/apcupsd_mail.php @@ -29,7 +29,7 @@ require_once("pkg-utils.inc"); require_once("globals.inc"); -require_once("phpmailer/class.phpmailer.php"); +require_once("phpmailer/PHPMailerAutoload.php"); global $config, $g; diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml index 78c65372..8982d93e 100644 --- a/config/freeradius2/freeradiussettings.xml +++ b/config/freeradius2/freeradiussettings.xml @@ -183,9 +183,9 @@ </options> </field> <field> - <fielddescr>Log Bad Authentication Attempts</fielddescr> + <fielddescr>Log Password on Authentication Failure</fielddescr> <fieldname>varsettingsauthbadpass</fieldname> - <description><![CDATA[If an authentication fails then it will log the username and <b>wrong</b> password visible in syslog. Logging must be enabled. (Default: no)]]></description> + <description><![CDATA[Log the <b>password</b> of failed authentication attempts to syslog. Not recommended for security reasons. Logging must be enabled. (Default: no)]]></description> <type>select</type> <default_value>no</default_value> <options> @@ -204,9 +204,9 @@ <size>80</size> </field> <field> - <fielddescr>Log good authentication attempts?</fielddescr> + <fielddescr>Log Password on Authentication Success</fielddescr> <fieldname>varsettingsauthgoodpass</fieldname> - <description><![CDATA[If an authentication succeeds then it will log the username and <b>correct</b> password visible in syslog. Logging must be enabled. (Default: no)]]></description> + <description><![CDATA[Log the <b>password</b> of successful authentication attempts to syslog. Not recommended for security reasons. Logging must be enabled. (Default: no)]]></description> <type>select</type> <default_value>no</default_value> <options> diff --git a/config/ftpproxy/ftpproxy.inc b/config/ftpproxy/ftpproxy.inc new file mode 100644 index 00000000..7fc54775 --- /dev/null +++ b/config/ftpproxy/ftpproxy.inc @@ -0,0 +1,147 @@ +<?php +function sync_package_ftpproxy() { + conf_mount_rw(); + config_lock(); + global $config; + $cf = $config['installedpackages']['ftpclientproxy']['config'][0]; + + /* Proxy is not enabled, kill the daemon and issue a filter reload. */ + if ($cf["proxy_enable"] != "on") { + mwexec("/usr/bin/killall -9 ftp-proxy"); + filter_configure(); + return; + } + $interface_list = explode(",", $cf['localints']); + /* Bail if there is nothing to do */ + if (empty($interface_list)) { + log_error("FTP Proxy cannot sync: No interfaces selected."); + return; + } + + $start = "/usr/bin/killall -9 ftp-proxy\n"; + $start .= "\t/usr/sbin/ftp-proxy "; + + if ($cf["anononly"] == "on") { + $start .= " -A "; + } + if (is_ipaddr($cf["sourceaddr"])) { + $start .= " -a " . escapeshellarg($cf["sourceaddr"]); + } + if (is_port($cf["bindport"])) { + $start .= " -p " . escapeshellarg($cf["bindport"]); + } + if (is_numeric($cf["maxessions"]) && ($cf["maxessions"] >= 1) && ($cf["maxessions"] <= 500)) { + $start .= " -m " . escapeshellarg($cf["maxessions"]); + } + if (!empty($cf["tsq"])) { + $start .= " -q " . escapeshellarg($cf["tsq"]); + } + if ($cf["src20"] == "on") { + $start .= " -r "; + } + if (is_numeric($cf["idletimeout"]) && ($cf["idletimeout"] > 0) && ($cf["idletimeout"] <= 86400)) { + $start .= " -t " . escapeshellarg($cf["idletimeout"]); + } + if ($cf["log"] == "on") { + $start .= " -v "; + } + $start .= "\n"; + + write_rcfile(array( + "file" => "ftp-proxy.sh", + "start" => $start, + "stop" => "/usr/bin/killall -9 ftp-proxy" + ) + ); + restart_service("ftp-proxy"); + conf_mount_ro(); + config_unlock(); + filter_configure(); +} + +function validate_form_ftpproxy($post, &$input_errors) { + if (empty($post["localints"])) { + $input_errors[] = 'One or more Local Interfaces must be selected'; + } + if (!empty($post["sourceaddr"]) && !is_ipaddr($post["sourceaddr"])) { + $input_errors[] = 'You must specify a valid ip address in the \'Source Address\' field'; + } + if (!empty($post["bindport"]) && !is_port($post["bindport"])) { + $input_errors[] = 'You must specify a valid port number in the \'Bind Port\' field'; + } + if (!empty($post["maxessions"]) && (!is_numeric($post["maxessions"]) || ($post["maxessions"] < 1) || ($post["maxessions"] > 500))) { + $input_errors[] = 'You must specify a valid number in the \'Max Sessions\' field (Between 1 and 500)'; + } + if (!empty($post["idletimeout"]) && (is_numeric($post["idletimeout"]) || ($post["idletimeout"] <= 0) || ($post["idletimeout"] > 86400))) { + $input_errors[] = 'You must specify a valid number in the \'Idle Timeout\' field (Between 1 and 86400)'; + } + if (!empty($post["bypasssrc"]) && !(is_alias($post["bypasssrc"]) || is_subnetv4($post["bypasssrc"]) || is_ipaddr($post["bypasssrc"]))) { + $input_errors[] = 'You must specify a valid IP address or alias for Proxy Bypass: Source'; + } + if (!empty($post["bypassdst"]) && !(is_alias($post["bypassdst"]) || is_subnetv4($post["bypassdst"]) || is_ipaddr($post["bypassdst"]))) { + $input_errors[] = 'You must specify a valid IP address or alias for Proxy Bypass: Destination'; + } +} + +function ftpproxy_get_port() { + global $config; + $cf = $config['installedpackages']['ftpclientproxy']['config'][0]; + if (!empty($cf["bindport"]) && is_port($cf["bindport"])) { + return $cf["bindport"]; + } else { + return 8021; + } +} + +function ftpproxy_generate_rules($type) { + global $config; + $cf = $config['installedpackages']['ftpclientproxy']['config'][0]; + $interface_list = explode(",", $cf['localints']); + + /* Proxy is not enabled, therefore, no rules/anchors. */ + if ($cf["proxy_enable"] != "on") { + return; + } + + /* Bail if there is nothing to do */ + if (empty($interface_list)) { + log_error("FTP Proxy cannot sync: No interfaces selected."); + return; + } + + $rules = ""; + switch ($type) { + case "nat": + $rules .= "nat-anchor \"ftp-proxy/*\"\n"; + $rules .= "rdr-anchor \"ftp-proxy/*\"\n"; + + foreach ($interface_list as $interface_friendly) { + if (empty($interface_friendly)) { + continue; + } + $interface = get_real_interface($interface_friendly); + if (empty($interface)) { + continue; + } + if (is_subnetv4($cf["bypasssrc"]) || is_ipaddr($cf["bypasssrc"])) { + $rules .= "no rdr on {$interface} inet proto tcp from {$cf['bypasssrc']} to any port 21\n"; + } elseif (is_alias($cf["bypasssrc"])) { + $rules .= "no rdr on {$interface} inet proto tcp from \${$cf['bypasssrc']} to any port 21\n"; + } + if (is_subnetv4($cf["bypassdst"]) || is_ipaddr($cf["bypassdst"])) { + $rules .= "no rdr on {$interface} inet proto tcp from any to {$cf['bypassdst']} port 21\n"; + } elseif (is_alias($cf["bypassdst"])) { + $rules .= "no rdr on {$interface} inet proto tcp from any to \${$cf['bypassdst']} port 21\n"; + } + $rules .= "rdr pass on {$interface} inet proto tcp from any to any port 21 -> 127.0.0.1 port " . ftpproxy_get_port() . "\n"; + } + break; + case "filter": + $rules .= "anchor \"ftp-proxy/*\"\n"; + // $rules = "pass out proto tcp from any to any port 21\n"; + break; + + } + return $rules; +} +?>
\ No newline at end of file diff --git a/config/ftpproxy/ftpproxy.xml b/config/ftpproxy/ftpproxy.xml new file mode 100644 index 00000000..5bd123dc --- /dev/null +++ b/config/ftpproxy/ftpproxy.xml @@ -0,0 +1,116 @@ +<packagegui> + <name>FTP Client Proxy</name> + <version>0.2</version> + <title>FTP Client Proxy</title> + <aftersaveredirect>pkg_edit.php?xml=ftpproxy.xml</aftersaveredirect> + <include_file>/usr/local/pkg/ftpproxy.inc</include_file> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>077</chmod> + <item>https://packages.pfsense.org/packages/config/ftpproxy/ftpproxy.inc</item> + </additional_files_needed> + <menu> + <name>FTP Client Proxy</name> + <tooltiptext>Modify FTP Client Proxy settings.</tooltiptext> + <section>Services</section> + <configfile>ftpproxy.xml</configfile> + <url>/pkg_edit.php?xml=ftpproxy.xml</url> + </menu> + <service> + <name>ftp-proxy</name> + <rcfile>ftp-proxy.sh</rcfile> + <executable>ftp-proxy</executable> + <description>Client FTP Proxy Daemon</description> + </service> + <fields> + <field> + <name>General Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Proxy Enabled</fielddescr> + <fieldname>proxy_enable</fieldname> + <description>Enable the FTP Proxy.</description> + <type>checkbox</type> + <default_value>off</default_value> + </field> + <field> + <fielddescr>Local Interface</fielddescr> + <fieldname>localints</fieldname> + <type>interfaces_selection</type> + <description>Select the local (LAN type) interfaces which contain FTP clients.</description> + <required/> + <multiple/> + </field> + <field> + <fielddescr>Anonymous Only</fielddescr> + <fieldname>anononly</fieldname> + <description>Only permit anonymous FTP connections using the "ftp" or "anonymous" users.</description> + <type>checkbox</type> + <default_value>off</default_value> + </field> + <field> + <fielddescr>Source Address</fielddescr> + <fieldname>sourceaddr</fieldname> + <description>Enter a VIP to be the source of outgoing control traffic. Leave blank to use the default WAN IP address.</description> + <type>input</type> + </field> + <field> + <fielddescr>Proxy Bypass: Source</fielddescr> + <fieldname>bypasssrc</fieldname> + <description>Enter an IP address or alias for source client host(s) which should bypass the proxy.</description> + <type>input</type> + </field> + <field> + <fielddescr>Proxy Bypass: Destination</fielddescr> + <fieldname>bypassdst</fieldname> + <description>Enter an IP address or alias for destination server host(s) which should bypass the proxy.</description> + <type>input</type> + </field> + <field> + <fielddescr>Bind Port (Default: 8021)</fielddescr> + <fieldname>bindport</fieldname> + <description>Port where the proxy will listen for redirected connections. Do not set this to 21.</description> + <type>input</type> + </field> + <field> + <fielddescr>Maximum Sessions (Default: 100)</fielddescr> + <fieldname>maxessions</fieldname> + <description>Maximum number of concurrent FTP sessions. When the proxy reaches this limit, new connections are denied. Must be between 1 and 500.</description> + <type>input</type> + </field> + <field> + <fielddescr>Traffic Shaping Queue</fielddescr> + <fieldname>tsq</fieldname> + <description>Create rules with the specified queue appended so that data connections can be queued.</description> + <type>input</type> + </field> + <field> + <fielddescr>Rewrite Source to Port 20</fielddescr> + <fieldname>src20</fieldname> + <description>Rewrite source port to 20 in active mode to suit ancient clients that insist on this behavior.</description> + <type>checkbox</type> + <default_value>off</default_value> + </field> + <field> + <fielddescr>Idle Timeout (Default: 86400)</fielddescr> + <fieldname>idletimeout</fieldname> + <description>(Seconds) Number of seconds that the control connection can be idle, before the proxy will disconnect. The maximum is 86400 seconds. Do not set this too low, because the control connection is usually idle when large data transfers are taking place.</description> + <type>input</type> + </field> + <field> + <fielddescr>Log Connections</fielddescr> + <fieldname>log</fieldname> + <description>Set the 'log' flag on pf rules committed by ftp-proxy.</description> + <type>checkbox</type> + <default_value>off</default_value> + </field> + + </fields> + <custom_php_resync_config_command> + sync_package_ftpproxy(); + </custom_php_resync_config_command> + <custom_php_validation_command> + validate_form_ftpproxy($_POST, $input_errors); + </custom_php_validation_command> +</packagegui> diff --git a/config/lightsquid/lightsquid.inc b/config/lightsquid/lightsquid.inc index 399e0572..054713a1 100644 --- a/config/lightsquid/lightsquid.inc +++ b/config/lightsquid/lightsquid.inc @@ -175,6 +175,9 @@ function lightsquid_resync() { if (!file_exists("/usr/bin/perl")) mwexec("ln -s /usr/local/bin/perl /usr/bin/perl"); + // Fixup library path so GD can find its libraries for graphs. + mwexec("/sbin/ldconfig -m " . LIGHTSQUID_BASE . "/lib/"); + // create lightsquid report catalog if (!file_exists(LS_REPORTPATH)) { update_log("lightsquid_install: Create report dir " . LS_REPORTPATH); diff --git a/config/lightsquid/lightsquid.xml b/config/lightsquid/lightsquid.xml index 0f6baf37..63eaabe4 100644 --- a/config/lightsquid/lightsquid.xml +++ b/config/lightsquid/lightsquid.xml @@ -46,7 +46,7 @@ <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>lightsquid</name> - <version>1.8.2 pkg v.2.34</version> + <version>1.8.2 pkg v.2.35</version> <title>Services: Proxy Reports (LightSquid, SQStat) -> Settings</title> <category>Status</category> <include_file>/usr/local/pkg/lightsquid.inc</include_file> diff --git a/config/ntopng/ntopng.xml b/config/ntopng/ntopng.xml index b656e483..f287768b 100644 --- a/config/ntopng/ntopng.xml +++ b/config/ntopng/ntopng.xml @@ -39,7 +39,7 @@ ]]> </copyright> <name>ntopng</name> - <version>1.1 v0.1</version> + <version>1.2 v0.4</version> <title>Diagnostics: ntopng Settings</title> <savetext>Change</savetext> <aftersaveredirect>pkg_edit.php?xml=ntopng.xml</aftersaveredirect> @@ -121,7 +121,13 @@ <field> <fielddescr>Historical Data Storage</fielddescr> <fieldname>dump_flows</fieldname> - <description>Turn historical data storages on</description> + <description>Enable historical data storage</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Disable Alerts</fielddescr> + <fieldname>disable_alerts</fieldname> + <description>Disables all alerts generated by ntopng, such as flooding notifications</description> <type>checkbox</type> </field> </fields> @@ -185,7 +191,12 @@ if ($ntopng_config['dump_flows'] >= on) { $dump_flows = "-F"; } - + + // Disable alerts + if ($ntopng_config['disable_alerts'] >= on) { + $disable_alerts = "-H"; + } + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version >= 2.2) { $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/bin"; @@ -199,7 +210,7 @@ // Add support for --data-dir /somewhere, --httpdocs-dir /somewhereelse, // --dump-timeline (on/off) --http-port, --https-port - $start .= "\t/usr/local/bin/ntopng -d /var/db/ntopng -G /var/run/ntopng.pid -s -e {$dump_flows} {$ifaces} {$dns_mode} {$aggregations} {$local_networks} &"; + $start .= "\t/usr/local/bin/ntopng -d /var/db/ntopng -G /var/run/ntopng.pid -s -e {$disable_alerts} {$dump_flows} {$ifaces} {$dns_mode} {$aggregations} {$local_networks} &"; write_rcfile(array( "file" => "ntopng.sh", "start" => $start, diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc index a1ee6abc..6ee9592a 100644 --- a/config/pfblockerng/pfblockerng.inc +++ b/config/pfblockerng/pfblockerng.inc @@ -78,6 +78,7 @@ function pfb_global() { $pfb['log'] = "{$pfb['logdir']}/pfblockerng.log"; $pfb['supptxt'] = "{$pfb['dbdir']}/pfbsuppression.txt"; $pfb['script'] = 'sh /usr/local/pkg/pfblockerng/pfblockerng.sh'; + $pfb['aliasarchive'] = "/usr/pbi/pfblockerng-" . php_uname("m") . "/etc/aliastables.tar.bz2"; # General Variables $pfb['config'] = $config['installedpackages']['pfblockerng']['config'][0]; @@ -334,6 +335,58 @@ function ip_range_to_subnet_array_temp2($ip1, $ip2) { } +// Archive Aliastables for NanoBSD and RAMDisk Installations +function pfb_aliastables($mode) { + global $g,$config,$pfb; + $earlyshellcmd = "/usr/local/pkg/pfblockerng/pfblockerng.sh aliastables"; + $msg = ""; + + // Only Execute function if Platform is NanoBSD or Ramdisks are used. + if (($g['platform'] != "pfSense") || isset($config['system']['use_mfs_tmpvar'])) { + conf_mount_rw(); + if ($mode == "update") { + // Archive Aliastable Folder + exec ("cd {$pfb['aliasdir']}; ls -A pfB_*.txt && /usr/bin/tar -jcvf {$pfb['aliasarchive']} pfB_*.txt >/dev/null 2>&1"); + $msg = "\n\nArchiving Aliastable Folder\n"; + } + elseif ($mode == "conf") { + // Check conf file for earlyshellcmd + if (is_array($config['system']['earlyshellcmd'])) { + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (!preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) { + $a_earlyshellcmd[] = "{$earlyshellcmd}"; + $msg = "\n** Adding earlyshellcmd **\n"; + } + } + else { + $config['system']['earlyshellcmd'] = "{$earlyshellcmd}"; + $msg = "\n** Adding earlyshellcmd **\n"; + } + } + conf_mount_ro(); + } + else { + if (file_exists("{$pfb['aliasarchive']}")) { + // Remove Aliastables archive if found. + conf_mount_rw(); + @unlink_if_exists("{$pfb['aliasarchive']}"); + conf_mount_ro(); + } + // Remove earlyshellcmd if found. + if (is_array($config['system']['earlyshellcmd'])) { + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) { + $a_earlyshellcmd = preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd, PREG_GREP_INVERT); + $msg = "\n** Removing earlyshellcmd **\n"; + } + } + } + + if ($msg != "") + pfb_logger("{$msg}","1"); +} + + # Main pfBlockerNG Function function sync_package_pfblockerng($cron = "") { @@ -365,14 +418,8 @@ function sync_package_pfblockerng($cron = "") { } } - # TBC if Required ! (Fetch Timeout in 2.2) - - #apply fetch timeout to pfsense-utils.inc - $pfsense_utils = file_get_contents('/etc/inc/pfsense-utils.inc'); - $new_pfsense_utils = preg_replace("/\/usr\/bin\/fetch -q/","/usr/bin/fetch -T 5 -q",$pfsense_utils); - if ($new_pfsense_utils != $pfsense_utils) { - @file_put_contents('/etc/inc/pfsense-utils.inc',$new_pfsense_utils, LOCK_EX); - } + // Call function for NanoBSD/Ramdisk processes. + pfb_aliastables("conf"); # Collect pfSense Max Table Size Entry $pfb['table_limit'] = ($config['system']['maximumtableentries'] != "" ? $config['system']['maximumtableentries'] : "2000000"); @@ -1173,7 +1220,7 @@ function sync_package_pfblockerng($cron = "") { $pattern8 = '[A-Fa-f0-9]{1,4}:[A-Fa-f0-9]{1,4}:[A-Fa-f0-9]{1,4}::\/[0-9]{2}'; $pattern9 = '[A-Fa-f0-9]{1,4}:([A-Fa-f0-9]{1,4}::)\/[0-9]{2}'; $pattern10 = '[A-Fa-f0-9]{1,4}::\/[0-9]{2}'; - $pfb['ipv6'] = "/^($pattern1)$|^($pattern2)$|^($pattern3)$|^($pattern4)$|^($pattern5)$|^($pattern6)$|^($pattern7)$|^($pattern8)$|^($pattern9)$|^($pattern10)$/"; + $pfb['ipv6'] = "/($pattern1)|($pattern2)|($pattern3)|($pattern4)|($pattern5)|($pattern6)|($pattern7)|($pattern8)|($pattern9)|($pattern10)/"; $pfb['supp_update'] = FALSE; $list_type = array ("pfblockernglistsv4" => "_v4", "pfblockernglistsv6" => "_v6"); @@ -2191,6 +2238,7 @@ function sync_package_pfblockerng($cron = "") { unset ($other_rules,$fother_rules,$permit_rules,$fpermit_rules,$match_rules,$fmatch_rules); } + ################################# # Closing Processes # ################################# @@ -2223,6 +2271,9 @@ function sync_package_pfblockerng($cron = "") { #load filter file which will create the pfctl tables filter_configure(); + + // Call function for NanoBSD/Ramdisk processes. + pfb_aliastables("update"); } else { # Don't Execute on User 'Save' if (!$pfb['save']) { @@ -2253,8 +2304,11 @@ function sync_package_pfblockerng($cron = "") { $log = implode($result_pfctl); pfb_logger("{$log}","1"); } + + // Call function for NanoBSD/Ramdisk processes. + pfb_aliastables("update"); } else { - $log = "\n No Changes to Aliases, Skipping pfctl Update \n"; + $log = "\nNo Changes to Aliases, Skipping pfctl Update \n"; pfb_logger("{$log}","1"); } } @@ -2282,7 +2336,7 @@ function sync_package_pfblockerng($cron = "") { ######################################### - # Define/Apply CRON Jobs # + # Define/Apply CRON Jobs # ######################################### # Clear any existing pfBlockerNG Cron Jobs @@ -2291,13 +2345,13 @@ function sync_package_pfblockerng($cron = "") { # Replace Cron job with any User Changes to $pfb_min if ($pfb['enable'] == "on") { # Define pfBlockerNG CRON Job - $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1"; + $pfb_cmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> {$pfb['log']} 2>&1"; # $pfb['min'] ( User Defined Variable. Variable defined at start of Script ) - $pfb_hour = "*"; - $pfb_mday = "*"; - $pfb_month = "*"; - $pfb_wday = "*"; - $pfb_who = "root"; + $pfb_hour = "*"; + $pfb_mday = "*"; + $pfb_month = "*"; + $pfb_wday = "*"; + $pfb_who = "root"; install_cron_job($pfb_cmd, true, $pfb['min'], $pfb_hour, $pfb_mday, $pfb_month, $pfb_wday, $pfb_who); } @@ -2311,12 +2365,12 @@ function sync_package_pfblockerng($cron = "") { # MaxMind GeoIP Cron Hour is randomized between 0-23 Hour to minimize effect on MaxMind Website - $pfb_gmin = "0"; - $pfb_ghour = rand(0,23); - $pfb_gmday = "1,2,3,4,5,6,7"; - $pfb_gmonth = "*"; - $pfb_gwday = "2"; - $pfb_gwho = "root"; + $pfb_gmin = "0"; + $pfb_ghour = rand(0,23); + $pfb_gmday = "1,2,3,4,5,6,7"; + $pfb_gmonth = "*"; + $pfb_gwday = "2"; + $pfb_gwho = "root"; install_cron_job($pfb_gcmd, true, $pfb_gmin, $pfb_ghour, $pfb_gmday, $pfb_gmonth, $pfb_gwday, $pfb_gwho); } @@ -2413,6 +2467,15 @@ function pfblockerng_php_deinstall_command() { rmdir_recursive("{$pfb['dbdir']}"); rmdir_recursive("{$pfb['logdir']}"); + // Remove Aliastables archive and earlyshellcmd if found. + @unlink_if_exists("{$pfb['aliasarchive']}"); + if (is_array($config['system']['earlyshellcmd'])) { + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd)) { + $a_earlyshellcmd = preg_grep("/pfblockerng.sh aliastables/", $a_earlyshellcmd, PREG_GREP_INVERT); + } + } + # Remove Settings from Config if (is_array($config['installedpackages']['pfblockerng'])) unset($config['installedpackages']['pfblockerng']); diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php index 0ca3aa7d..1dec1520 100644 --- a/config/pfblockerng/pfblockerng.php +++ b/config/pfblockerng/pfblockerng.php @@ -251,7 +251,7 @@ if ($argv[1] == 'gc') { } if ($argv[1] == 'cron') { - $hour = date('H'); + $hour = date('G'); $dow = date('N'); $pfb['update_cron'] = FALSE; @@ -270,7 +270,7 @@ if ($argv[1] == 'cron') { $sch2 = strval($shour); for ($i=0; $i<11; $i++) { $shour += 2; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch2 .= "," . strval($shour); } @@ -280,7 +280,7 @@ if ($argv[1] == 'cron') { $sch3 = strval($shour); for ($i=0; $i<7; $i++) { $shour += 3; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch3 .= "," . strval($shour); } @@ -290,7 +290,7 @@ if ($argv[1] == 'cron') { $sch4 = strval($shour); for ($i=0; $i<5; $i++) { $shour += 4; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch4 .= "," . strval($shour); } @@ -300,7 +300,7 @@ if ($argv[1] == 'cron') { $sch6 = strval($shour); for ($i=0; $i<3; $i++) { $shour += 6; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch6 .= "," . strval($shour); } @@ -310,7 +310,7 @@ if ($argv[1] == 'cron') { $sch8 = strval($shour); for ($i=0; $i<2; $i++) { $shour += 8; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch8 .= "," . strval($shour); } @@ -319,7 +319,7 @@ if ($argv[1] == 'cron') { $shour = intval(substr($pfb['hour'], 0, 2)); $sch12 = strval($shour) . ","; $shour += 12; - if ($shour > 24) + if ($shour >= 24) $shour -= 24; $sch12 .= strval($shour); @@ -1480,4 +1480,4 @@ EOF; // Unset Arrays unset ($roptions4, $et_options, $xmlrep); } -?>
\ No newline at end of file +?> diff --git a/config/pfblockerng/pfblockerng.sh b/config/pfblockerng/pfblockerng.sh index cc11be6b..fd0a2f4a 100644 --- a/config/pfblockerng/pfblockerng.sh +++ b/config/pfblockerng/pfblockerng.sh @@ -35,6 +35,7 @@ etblock=$(echo $8 | sed 's/,/, /g') etmatch=$(echo $9 | sed 's/,/, /g') # File Locations +aliasarchive="/usr/pbi/pfblockerng-$mtype/etc/aliastables.tar.bz2" pathgeoipdat=/usr/pbi/pfblockerng-$mtype/share/GeoIP/GeoIP.dat pfbsuppression=/var/db/pfblockerng/pfbsuppression.txt masterfile=/var/db/pfblockerng/masterfile @@ -46,6 +47,7 @@ errorlog=/var/log/pfblockerng/error.log etdir=/var/db/pfblockerng/ET tmpxlsx=/tmp/xlsx/ +pfbdbdir=/var/db/pfblockerng/ pfbdeny=/var/db/pfblockerng/deny/ pfborig=/var/db/pfblockerng/original/ pfbmatch=/var/db/pfblockerng/match/ @@ -65,6 +67,17 @@ syncfile=/tmp/pfbsyncfile matchfile=/tmp/pfbmatchfile tempmatchfile=/tmp/pfbtempmatchfile +PLATFORM=`cat /etc/platform` +USE_MFS_TMPVAR=`/usr/bin/grep -c use_mfs_tmpvar /cf/conf/config.xml` +DISK_NAME=`/bin/df /var/db/rrd | /usr/bin/tail -1 | /usr/bin/awk '{print $1;}'` +DISK_TYPE=`/usr/bin/basename ${DISK_NAME} | /usr/bin/cut -c1-2` + +if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then + /usr/local/bin/php /etc/rc.conf_mount_rw >/dev/null 2>&1 + if [ ! -d $pfbdbdir ]; then mkdir $pfbdbdir; fi + if [ ! -d $pfsense_alias_dir ]; then mkdir $pfsense_alias_dir; fi +fi + if [ ! -f $masterfile ]; then touch $masterfile; fi if [ ! -f $mastercat ]; then touch $mastercat; fi if [ ! -f $tempfile ]; then touch $tempfile; fi @@ -79,6 +92,16 @@ if [ ! -d $pfbmatch ]; then mkdir $pfbmatch; fi if [ ! -d $etdir ]; then mkdir $etdir; fi if [ ! -d $tmpxlsx ]; then mkdir $tmpxlsx; fi + +# Exit Function to set mount RO if required before Exiting +exitnow() { + if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then + /usr/local/bin/php /etc/rc.conf_mount_ro >/dev/null 2>&1 + fi + exit +} + + ########## # Process to condense an IP range if a "Max" amount of IP addresses are found in a /24 range per Alias Group. process24() { @@ -86,7 +109,7 @@ process24() { if [ ! -x $pathgeoip ]; then echo "Process24 - Application [ GeoIP ] Not found. Can't proceed." echo "Process24 - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi # Download MaxMind GeoIP.dat Binary on first Install. @@ -98,7 +121,7 @@ fi if [ ! -f $pathgeoipdat ]; then echo "Process24 - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." echo "Process24 - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi count=$(grep -c ^ $pfbdeny$alias".txt") @@ -192,6 +215,7 @@ echo "-------------------------------------------------------" cocount=$(grep -cv "^1\.1\.1\.1" $pfbdeny$alias".txt") echo "Post /24 Count [ $cocount ]"; echo fi +exitnow } @@ -247,6 +271,7 @@ printf "%-10s %-10s %-10s %-30s\n" "Original" "Masterfile" "Outfile" "Sanity Che echo "----------------------------------------------------------" printf "%-10s %-10s %-10s %-30s\n" "$countg" "$countm" "$counto" " [ $sanity ]" echo "----------------------------------------------------------" +exitnow } @@ -257,7 +282,7 @@ suppress() { if [ ! -x $pathgrepcidr ]; then echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" >> errorlog - exit + exitnow fi if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then @@ -270,7 +295,7 @@ if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then echo; echo "===[ Suppression Stats ]========================================"; echo printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile" echo "----------------------------------------------------------------" - exit + exitnow fi for i in $cc; do @@ -342,7 +367,7 @@ else echo "===[ Suppression Stats ]========================================"; echo printf "%-20s %-10s %-10s %-10s %-10s\n" "List" "Pre" "RFC1918" "Suppress" "Masterfile" echo "----------------------------------------------------------------" - exit + exitnow fi for i in $cc; do alias=$(echo "${i%|*}") @@ -372,6 +397,7 @@ else fi done fi +exitnow } @@ -382,7 +408,7 @@ duplicate() { if [ ! -x $pathgrepcidr ]; then echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" echo "Application [ Grepcidr ] Not found. Can't proceed. [ $now ]" >> errorlog - exit + exitnow fi dupcheck=yes @@ -415,6 +441,7 @@ printf "%-10s %-10s %-10s %-30s\n" "Original" "Masterfile" "Outfile" " [ Post Du echo "----------------------------------------------------------" printf "%-10s %-10s %-10s %-30s\n" "$countg" "$countm" "$counto" " [ $sanity ]" echo "----------------------------------------------------------" +exitnow } @@ -425,7 +452,7 @@ deduplication() { if [ ! -x $pathgeoip ]; then echo "d-duplication - Application [ GeoIP ] Not found. Can't proceed." echo "d-duplication - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi # Download MaxMind GeoIP.dat on first Install. @@ -438,7 +465,7 @@ fi if [ ! -f $pathgeoipdat ]; then echo "d-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." echo "d-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi > $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; > $matchfile; > $tempmatchfile; count=0; dcount=0; mcount=0; mmcount=0 @@ -541,6 +568,7 @@ echo " [ Post d-Deduplication count ] [ $count ]"; echo # Write "1.1.1.1" to empty Final Blocklist Files emptyfiles=$(find $pfbdeny -size 0) for i in $emptyfiles; do echo "1.1.1.1" > $i; done +exitnow } @@ -551,7 +579,7 @@ pdeduplication(){ if [ ! -x $pathgeoip ]; then echo "p-duplication - Application [ GeoIP ] Not found. Can't proceed." echo "p-duplication - Application [ GeoIP ] Not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi # Download MaxMind GeoIP.dat on first Install. @@ -563,7 +591,7 @@ fi if [ ! -f $pathgeoipdat ]; then echo "p-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed." echo "p-duplication - Database GeoIP [ GeoIP.Dat ] not found. Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi > $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; count=0; dcount=0 @@ -616,6 +644,7 @@ echo; echo " [ Post p-Deduplication count ] [ $count ]" # Write "1.1.1.1" to empty Final Blocklist Files emptyfiles=$(find $pfbdeny -size 0) for i in $emptyfiles; do echo "1.1.1.1" > $i; done +exitnow } @@ -626,7 +655,7 @@ processet() { if [ ! -x $pathgunzip ]; then echo "Application [ Gunzip ] Not found, Can't proceed." echo "Application [ Gunzip ] Not found, Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi if [ -s $pfborig$alias".gz" ]; then @@ -714,6 +743,7 @@ if [ -s $pfborig$alias".gz" ]; then else echo; echo "No ET .GZ File Found!" fi +exitnow } # Process to extract IP addresses from XLSX Files @@ -722,7 +752,7 @@ processxlsx() { if [ ! -x $pathtar ]; then echo "Application [ TAR ] Not found, Can't proceed." echo "Application [ TAR ] Not found, Can't proceed. [ $now ]" >> $errorlog - exit + exitnow fi if [ -s $pfborig$alias".zip" ]; then @@ -738,6 +768,7 @@ else echo "XLSX Download File Missing" echo " [ $alias ] XLSX Download File Missing [ $now ]" >> $errorlog fi +exitnow } closingprocess() { @@ -856,6 +887,7 @@ echo; echo "pfSense Table Stats"; echo "-------------------" $pathpfctl -s memory | grep "table-entries" pfctlcount=$($pathpfctl -vvsTables | awk '/Addresses/ {s+=$2}; END {print s}') echo "Table Usage Count " $pfctlcount +exitnow } remove() { @@ -883,6 +915,15 @@ emptychk=$(find $masterfile -size 0) if [ ! "$emptychk" == "" ]; then rm -r $masterfile; rm -r $mastercat fi +exitnow +} + +# Process to restore aliasables from archive on reboot ( NanoBSD and Ramdisk Installations only ) +aliastables() { + if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then + [ -f $aliasarchive ] && cd $pfsense_alias_dir && /usr/bin/tar -jxvf $aliasarchive + fi + exitnow } @@ -920,8 +961,11 @@ case $1 in remove) remove ;; + aliastables) + aliastables + ;; *) - exit + exitnow ;; esac -exit
\ No newline at end of file +exitnow
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml index 54c6c061..bdfecd96 100644 --- a/config/pfblockerng/pfblockerng.xml +++ b/config/pfblockerng/pfblockerng.xml @@ -234,6 +234,7 @@ <fieldname>pfb_keep</fieldname> <type>checkbox</type> <description>Keep Settings and Lists intact when pfBlockerNG is Disabled or After pfBlockerNG Re-Install/De-Install</description> + <default_value>on</default_value> </field> <field> <fielddescr>CRON MIN Start Time</fielddescr> diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php index f03f7040..dd968bfc 100644 --- a/config/pfblockerng/pfblockerng_alerts.php +++ b/config/pfblockerng/pfblockerng_alerts.php @@ -41,8 +41,12 @@ // Auto-Resolve Hostnames if (isset($_REQUEST['getpfhostname'])) { - $getpfhostname = htmlspecialchars($_REQUEST['getpfhostname']); - $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES); + $getpfhostname = trim(htmlspecialchars($_REQUEST['getpfhostname'])); + if (strlen($getpfhostname) >= 8) { + $hostname = htmlspecialchars(gethostbyaddr($getpfhostname), ENT_QUOTES); + } else { + $hostname = $getpfhostname; + } if ($hostname == $getpfhostname) { $hostname = 'unknown'; } @@ -52,9 +56,8 @@ if (isset($_REQUEST['getpfhostname'])) { require_once("util.inc"); require_once("guiconfig.inc"); -require_once("filter_log.inc"); require_once("/usr/local/pkg/pfblockerng/pfblockerng.inc"); - +global $rule_list; pfb_global(); // Application Paths @@ -66,6 +69,9 @@ $filter_logfile = "{$g['varlog_path']}/filter.log"; $pathgeoipdat = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIP.dat"; $pathgeoipdat6 = "/usr/pbi/pfblockerng-" . php_uname("m") . "/share/GeoIP/GeoIPv6.dat"; +// Define Alerts Log filter Rollup window variable. (Alert Filtering Code adapted from B.Meeks - Snort Package) +$pfb['filterlogentries'] = FALSE; + // Emerging Threats IQRisk Header Name Reference $pfb['et_header'] = TRUE; $et_header = $config['installedpackages']['pfblockerngreputation']['config'][0]['et_header']; @@ -88,11 +94,11 @@ $rule_list = array(); $results = array(); $data = exec ("/sbin/pfctl -vv -sr | grep 'pfB_'", $results); -if (empty($config['installedpackages']['pfblockerngglobal']['pfbdenycnt'])) +if (!isset($config['installedpackages']['pfblockerngglobal']['pfbdenycnt'])) $config['installedpackages']['pfblockerngglobal']['pfbdenycnt'] = '25'; -if (empty($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'])) +if (!isset($config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'])) $config['installedpackages']['pfblockerngglobal']['pfbpermitcnt'] = '5'; -if (empty($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'])) +if (!isset($config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'])) $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt'] = '5'; if (empty($config['installedpackages']['pfblockerngglobal']['alertrefresh'])) $config['installedpackages']['pfblockerngglobal']['alertrefresh'] = 'off'; @@ -124,6 +130,53 @@ if (is_array($config['installedpackages']['pfblockerngglobal'])) { $pfbmatchcnt = $config['installedpackages']['pfblockerngglobal']['pfbmatchcnt']; } + +function pfb_match_filter_field($flent, $fields) { + foreach ($fields as $key => $field) { + if ($field == null) + continue; + if ((strpos($field, '!') === 0)) { + $field = substr($field, 1); + $field_regex = str_replace('/', '\/', str_replace('\/', '/', $field)); + if (@preg_match("/{$field_regex}/i", $flent[$key])) + return false; + } + else { + $field_regex = str_replace('/', '\/', str_replace('\/', '/', $field)); + if (!@preg_match("/{$field_regex}/i", $flent[$key])) + return false; + } + } + return true; +} + + +if ($_POST['filterlogentries_submit']) { + // Set flag for filtering alert entries + $pfb['filterlogentries'] = TRUE; + + // Note the order of these fields must match the order decoded from the alerts log + $filterfieldsarray = array(); + $filterfieldsarray[0] = $_POST['filterlogentries_rule'] ? $_POST['filterlogentries_rule'] : null; + $filterfieldsarray[2] = $_POST['filterlogentries_int'] ? $_POST['filterlogentries_int'] : null; + $filterfieldsarray[6] = strtolower($_POST['filterlogentries_proto']) ? $_POST['filterlogentries_proto'] : null; + + // Remove any zero-length spaces added to the IP address that could creep in from a copy-paste operation + $filterfieldsarray[7] = $_POST['filterlogentries_srcip'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_srcip']) : null; + $filterfieldsarray[8] = $_POST['filterlogentries_dstip'] ? str_replace("\xE2\x80\x8B", "", $_POST['filterlogentries_dstip']) : null; + + $filterfieldsarray[9] = $_POST['filterlogentries_srcport'] ? $_POST['filterlogentries_srcport'] : null; + $filterfieldsarray[10] = $_POST['filterlogentries_dstport'] ? $_POST['filterlogentries_dstport'] : null; + $filterfieldsarray[99] = $_POST['filterlogentries_date'] ? $_POST['filterlogentries_date'] : null; +} + + +if ($_POST['filterlogentries_clear']) { + $pfb['filterlogentries'] = TRUE; + $filterfieldsarray = array(); +} + + // Collect pfBlockerNG Firewall Rules if (!empty($results)) { foreach ($results as $result) { @@ -293,6 +346,112 @@ function check_lan_dest($lan_ip,$lan_mask,$dest_ip,$dest_mask="32") { } +// Parse Filter log for pfBlockerNG Alerts +function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt) { + global $pfb, $rule_list, $filterfieldsarray; + $fields_array = array(); + $logarr = ""; + $denycnt = 0; + $permitcnt = 0; + $matchcnt = 0; + + if (file_exists($logfile)) { + exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/grep 'filterlog:' | /usr/bin/tail -r -n {$tail}", $logarr); + } + else return; + + if (!empty($logarr) && !empty($rule_list['id'])) { + foreach ($logarr as $logent) { + $pfbalert = array(); + $log_split = ""; + + if (!preg_match("/(.*)\s(.*)\sfilterlog:\s(.*)$/", $logent, $log_split)) + continue; + + list($all, $pfbalert[99], $host, $rule) = $log_split; + $rule_data = explode(",", $rule); + $pfbalert[0] = $rule_data[0]; // Rulenum + + // Skip Alert if Rule is not a pfBNG Alert + if (!in_array($pfbalert[0], $rule_list['id'])) + continue; + + $pfbalert[1] = $rule_data[4]; // Realint + $pfbalert[3] = $rule_data[6]; // Act + $pfbalert[4] = $rule_data[8]; // Version + + if ($pfbalert[4] == "4") { + $pfbalert[5] = $rule_data[15]; // Protocol ID + $pfbalert[6] = $rule_data[16]; // Protocol + $pfbalert[7] = $rule_data[18]; // SRC IP + $pfbalert[8] = $rule_data[19]; // DST IP + $pfbalert[9] = $rule_data[20]; // SRC Port + $pfbalert[10] = $rule_data[21]; // DST Port + $pfbalert[11] = $rule_data[23]; // TCP Flags + } else { + $pfbalert[5] = $rule_data[13]; // Protocol ID + $pfbalert[6] = $rule_data[12]; // Protocol + $pfbalert[7] = $rule_data[15]; // SRC IP + $pfbalert[8] = $rule_data[16]; // DST IP + $pfbalert[9] = $rule_data[17]; // SRC Port + $pfbalert[10] = $rule_data[18]; // DST Port + $pfbalert[11] = $rule_data[20]; // TCP Flags + } + + if ($pfbalert[5] == "6" || $pfbalert[5] == "17") { + // skip + } else { + $pfbalert[9] = ""; + $pfbalert[10] = ""; + $pfbalert[11] = ""; + } + + // Skip Repeated Alerts + if (($pfbalert[3] . $pfbalert[8] . $pfbalert[10]) == $previous_dstip || ($pfbalert[3] . $pfbalert[7] . $pfbalert[9]) == $previous_srcip) + continue; + + $pfbalert[2] = convert_real_interface_to_friendly_descr($rule_data[4]); // Friendly Interface Name + $pfbalert[6] = str_replace("TCP", "TCP-", strtoupper($pfbalert[6]), $pfbalert[6]) . $pfbalert[11]; // Protocol Flags + + // If Alerts Filtering is selected, process Filters as required. + if ($pfb['filterlogentries'] && !pfb_match_filter_field($pfbalert, $filterfieldsarray)) { + continue; + } + + if ($pfbalert[3] == "block") { + if ($denycnt < $pfbdenycnt) { + $fields_array['Deny'][] = $pfbalert; + $denycnt++; + } + } + elseif ($pfbalert[3] == "pass") { + if ($permitcnt < $pfbpermitcnt) { + $fields_array['Permit'][] = $pfbalert; + $permitcnt++; + } + } + elseif ($pfbalert[3] == "unkn(%u)" || $pfbalert[3] == "unkn(11)") { + if ($matchcnt < $pfbmatchcnt) { + $fields_array['Match'][] = $pfbalert; + $matchcnt++; + } + } + + // Exit function if Sufficinet Matches found. + if ($denycnt >= $pfbdenycnt && $permitcnt >= $pfbpermitcnt && $matchcnt >= $pfbmatchcnt) { + unset ($pfbalert, $logarr); + return $fields_array; + } + + // Collect Details for Repeated Alert Comparison + $previous_srcip = $pfbalert[3] . $pfbalert[7] . $pfbalert[9]; + $previous_dstip = $pfbalert[3] . $pfbalert[8] . $pfbalert[10]; + } + unset ($pfbalert, $logarr); + return $fields_array; + } +} + $pgtitle = gettext("pfBlockerNG: Alerts"); include_once("head.inc"); ?> @@ -341,7 +500,7 @@ if ($savemsg) { </tr> <tr> <td><div id="mainarea"> - <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="4"> <tr> <td colspan="3" class="vncell" align="left"><?php echo gettext("LINKS :"); ?> <a href='/firewall_aliases.php' target="_blank"><?php echo gettext("Firewall Alias"); ?></a> @@ -369,6 +528,70 @@ if ($savemsg) { <?php printf(gettext("Currently Suppressing %s$pfbsupp_cnt%s Hosts."), '<strong>', '</strong>');?> </td> </tr> + <tr> + <td colspan="3" class="listtopic"><?php echo gettext("Alert Log View Filter"); ?></td> + </tr> + <tr id="filter_enable_row" style="display:<?php if (!$pfb['filterlogentries']) {echo "table-row;";} else {echo "none;";} ?>"> + <td width="10%" class="vncell"><?php echo gettext('Filter Options'); ?></td> + <td width="90%" class="vtable"> + <input name="show_filter" id="show_filter" type="button" class="formbtns" value="<?=gettext("Show Filter");?>" onclick="enable_showFilter();" /> + <?=gettext("Click to display advanced filtering options dialog");?> + </td> + </tr> + <tr id="filter_options_row" style="display:<?php if (!$pfb['filterlogentries']) {echo "none;";} else {echo "table-row;";} ?>"> + <td colspan="2"> + <table width="100%" border="0" cellspacing="0" cellpadding="1" summary="action"> + <tr> + <td valign="top"> + <div align="center"><?=gettext("Date");?></div> + <div align="center"><input id="filterlogentries_date" name="filterlogentries_date" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[99] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Interface");?></div> + <div align="center"><input id="filterlogentries_int" name="filterlogentries_int" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[2] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Rule Number Only");?></div> + <div align="center"><input id="filterlogentries_rule" name="filterlogentries_rule" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[0] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Protocol");?></div> + <div align="center"><input id="filterlogentries_proto" name="filterlogentries_proto" class="formfld search" type="text" size="15" value="<?= $filterfieldsarray[6] ?>" /></div> + </td> + </tr> + <tr> + <td valign="top"> + <div align="center"><?=gettext("Source IP Address");?></div> + <div align="center"><input id="filterlogentries_srcip" name="filterlogentries_srcip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[7] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Source Port");?></div> + <div align="center"><input id="filterlogentries_srcport" name="filterlogentries_srcport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[9] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Destination IP Address");?></div> + <div align="center"><input id="filterlogentries_dstip" name="filterlogentries_dstip" class="formfld search" type="text" size="28" value="<?= $filterfieldsarray[8] ?>" /></div> + </td> + <td valign="top"> + <div align="center"><?=gettext("Destination Port");?></div> + <div align="center"><input id="filterlogentries_dstport" name="filterlogentries_dstport" class="formfld search" type="text" size="5" value="<?= $filterfieldsarray[10] ?>" /></div> + </td> + </tr> + <td colspan="5" style="vertical-align:bottom"> + <br /><?printf(gettext('Regex Style Matching Only! %1$s Regular Expression Help link%2$s.'), '<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">', '</a>');?> <?=gettext("Precede with exclamation (!) as first character to exclude match.) ");?> + <br /><?printf(gettext("Example: ( ^80$ - Match Port 80, ^80$|^8080$ - Match both port 80 & 8080 ) "));?><br /> + </tr> + <tr> + <td colspan="1" style="vertical-align:bottom"> + <div align="left"><input id="filterlogentries_submit" name="filterlogentries_submit" type="submit" class="formbtns" value="<?=gettext("Apply Filter");?>" title="<?=gettext("Apply filter"); ?>" /> + <input id="filterlogentries_clear" name="filterlogentries_clear" type="submit" class="formbtns" value="<?=gettext("Clear");?>" title="<?=gettext("Remove filter");?>" /> + <input id="filterlogentries_hide" name="filterlogentries_hide" type="button" class="formbtns" value="<?=gettext("Hide");?>" onclick="enable_hideFilter();" title="<?=gettext("Hide filter options");?>" /></div> + </td> + </tr> + </table> + </td> + </tr> + <!--Create Three Output Windows 'Deny', 'Permit' and 'Match'--> <?php foreach (array ("Deny" => $pfb['denydir'] . " " . $pfb['nativedir'], "Permit" => $pfb['permitdir'], "Match" => $pfb['matchdir']) as $type => $pfbfolder ): switch($type) { @@ -394,16 +617,9 @@ if ($savemsg) { <table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> <tr> <!--Print Table Info--> - <td colspan="2" class="listtopic"><?php printf(gettext(" {$type} - Last %s Alert Entries."), "{$pfbentries}"); ?> - <?php if ($pfb['pfsenseversion'] >= '2.2'): ?> - <?php if (!is_array($config['syslog']) || !array_key_exists("reverse", $config['syslog'])): ?> - <?php echo gettext("Firewall Logs must be in Reverse Order."); ?> - <?php endif; ?> - <?php else: ?> - <?php echo gettext("Firewall Rule changes can unsync these Alerts."); ?> - <?php if (!is_array($config['syslog']) || !array_key_exists("reverse", $config['syslog'])): ?> - <?php echo gettext("Firewall Logs must be in Reverse Order."); ?> - <?php endif; ?> + <td colspan="2" class="listtopic"><?php printf(gettext(" {$type} - Last %s Alert Entries."),"{$pfbentries}"); ?> + <?php if ($type == "Deny"): ?> + <?php echo gettext("Firewall Rule changes can unsync these Alerts."); ?> <?php endif; ?> </td> </tr> @@ -411,12 +627,12 @@ if ($savemsg) { <td width="100%" colspan="2"> <table id="pfbAlertsTable" style="table-layout: fixed;" width="100%" class="sortable" border="0" cellpadding="0" cellspacing="0"> <colgroup> - <col width="8%" align="center" axis="date"> + <col width="7%" align="center" axis="date"> <col width="6%" align="center" axis="string"> - <col width="16%" align="center" axis="string"> + <col width="15%" align="center" axis="string"> <col width="6%" align="center" axis="string"> - <col width="20%" align="center" axis="string"> - <col width="20%" align="center" axis="string"> + <col width="21%" align="center" axis="string"> + <col width="21%" align="center" axis="string"> <col width="3%" align="center" axis="string"> <col width="13%" align="center" axis="string"> </colgroup> @@ -450,9 +666,9 @@ if ($pfb['runonce']) { } else { $pfblines = (exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^") /2 ); } - $fields_array = conv_log_filter($filter_logfile, $pfblines, $pfblines); - $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top'); + $fields_array = conv_log_filter_lite($filter_logfile, $pfblines, $pfblines, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt); + $continents = array('pfB_Africa','pfB_Antartica','pfB_Asia','pfB_Europe','pfB_NAmerica','pfB_Oceania','pfB_SAmerica','pfB_Top'); $supp_ip_txt .= "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24"; $supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon."; @@ -473,7 +689,10 @@ if ($pfb['runonce']) { // Collect Virtual IP Aliases for Inbound/Outbound List Matching if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $list) { - $pfb_local[] = $list['subnet']; + if ($list['type'] == "single" && $list['subnet_bits'] == "32") + $pfb_local[] = $list['subnet']; + elseif ($list['type'] == "single" || $list['type'] == "network") + $pfb_local = array_merge (subnet_expand ("{$list['subnet']}/{$list['subnet_bits']}"), $pfb_local); } } // Collect NAT IP Addresses for Inbound/Outbound List Matching @@ -514,30 +733,31 @@ if ($pfb['runonce']) { $counter = 0; // Process Fields_array and generate Output -if (!empty($fields_array)) { - foreach ($fields_array as $fields) { +if (!empty($fields_array[$type]) && !empty($rule_list)) { + $key = 0; + foreach ($fields_array[$type] as $fields) { $rulenum = ""; $alert_ip = ""; $supp_ip = ""; $pfb_query = ""; - $rulenum = $fields['rulenum']; - if ($fields['act'] == $rtype && !empty($rule_list) && in_array($rulenum, $rule_list['id']) && $counter < $pfbentries) { - - // Skip Repeated Events - if (($fields['dstip'] . $fields['dstport']) == $previous_dstip || ($fields['srcip'] . $fields['srcport']) == $previous_srcip) { - continue; - } - - $proto = str_replace("TCP", "TCP-", $fields['proto']) . $fields['tcpflags']; + /* Fields_array Reference [0] = Rulenum [6] = Protocol + [1] = Real Interface [7] = SRC IP + [2] = Friendly Interface Name [8] = DST IP + [3] = Action [9] = SRC Port + [4] = Version [10] = DST Port + [5] = Protocol ID [11] = Flags + [99] = Timestamp */ + $rulenum = $fields[0]; + if ($counter < $pfbentries) { // Cleanup Port Output - if ($fields['proto'] == "ICMP") { - $srcport = $fields['srcport']; - $dstport = $fields['dstport']; + if ($fields[6] == "ICMP" || $fields[6] == "ICMPV6") { + $srcport = ""; + $dstport = ""; } else { - $srcport = " :" . $fields['srcport']; - $dstport = " :" . $fields['dstport']; + $srcport = ":" . $fields[9]; + $dstport = ":" . $fields[10]; } // Don't add Suppress Icon to Country Block Lines @@ -546,16 +766,10 @@ if (!empty($fields_array)) { } // Add DNS Resolve and Suppression Icons to External IPs only. GeoIP Code to External IPs only. - if (in_array($fields['dstip'], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields['dstip'],"32")) { + if (in_array($fields[8], $pfb_local) || check_lan_dest($lan_ip,$lan_mask,$fields[8],"32")) { // Destination is Gateway/NAT/VIP $rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")"; - $host = $fields['srcip']; - - if (is_ipaddrv4($host)) { - $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); - } else { - $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); - } + $host = $fields[7]; $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\" " . gettext("Resolve host via Rev. DNS lookup"); $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" "; @@ -563,30 +777,22 @@ if (!empty($fields_array)) { if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; - $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\""; + $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\""; $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>"; } if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { - $hostname = getpfbhostname('src', $fields['srcip'], $counter); + $hostname = getpfbhostname('src', $fields[7], $counter); } else { $hostname = ""; } - $src_icons = $alert_ip . " " . $supp_ip . " "; - $dst_icons = ""; - $scc = $country; - $dcc = ""; + $src_icons = $alert_ip . " " . $supp_ip . " "; + $dst_icons = ""; } else { // Outbound $rule = $rule_list[$rulenum]['name'] . "<br />(" . $rulenum .")"; - $host = $fields['dstip']; - - if (is_ipaddrv4($host)) { - $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); - } else { - $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); - } + $host = $fields[8]; $alert_ip .= "<a href='/pfblockerng/pfblockerng_diag_dns.php?host={$host}' title=\"" . gettext("Resolve host via Rev. DNS lookup"); $alert_ip .= "\"> <img src=\"/themes/{$g['theme']}/images/icons/icon_log.gif\" width=\"11\" height=\"11\" border=\"0\" "; @@ -594,20 +800,25 @@ if (!empty($fields_array)) { if ($pfb_query != "Country" && $rtype == "block" && $pfb['supp'] == "on") { $supp_ip .= "<input type='image' name='addsuppress[]' onclick=\"hostruleid('{$host}','{$rule_list[$rulenum]['name']}');\" "; - $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_plus.gif\" title=\""; + $supp_ip .= "src=\"../themes/{$g['theme']}/images/icons/icon_pass_add.gif\" title=\""; $supp_ip .= gettext($supp_ip_txt) . "\" border=\"0\" width='11' height='11'/>"; } if ($pfb_query != "Country" && $rtype == "block" && $hostlookup == "on") { - $hostname = getpfbhostname('dst', $fields['dstip'], $counter); + $hostname = getpfbhostname('dst', $fields[8], $counter); } else { $hostname = ""; } - $src_icons = ""; - $dst_icons = $alert_ip . " " . $supp_ip . " "; - $scc = ""; - $dcc = $country; + $src_icons = ""; + $dst_icons = $alert_ip . " " . $supp_ip . " "; + } + + // Determine Country Code of Host + if (is_ipaddrv4($host)) { + $country = substr(exec("$pathgeoip -f $pathgeoipdat $host"),23,2); + } else { + $country = substr(exec("$pathgeoip6 -f $pathgeoipdat6 $host"),26,2); } # IP Query Grep Exclusion @@ -615,21 +826,19 @@ if (!empty($fields_array)) { $pfb_ex2 = "grep -v 'pfB\_\|/32\|/24\|\_v6\.txt' | grep -m1 '/'"; // Find List which contains Blocked IP Host - if ($pfb_query == "Country") { - # Skip - } else { + if (is_ipaddrv4($host) && $pfb_query != "Country") { // Search for exact IP Match $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}"); + $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' | {$pfb_ex1}"); // Search for IP in /24 CIDR if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.0/24\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); + $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); } // Search for First Two IP Octets in CIDR Matches Only. Skip any pfB (Country Lists) or /32,/24 Addresses. if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); } // Search for First Two IP Octets in CIDR Matches Only (Subtract 1 from second Octet on each loop). // Skip (Country Lists) or /32,/24 Addresses. @@ -638,7 +847,7 @@ if (!empty($fields_array)) { $host2 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '$2', $host); for ($cnt = 1; $cnt <= 5; $cnt++) { $host3 = $host2 - $cnt . '\''; - $pfb_query = exec("grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1}{$host3} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); // Break out of loop if found. if (!empty($pfb_query)) $cnt = 6; @@ -647,26 +856,30 @@ if (!empty($fields_array)) { // Search for First Three Octets if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.$3\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); } // Search for First Two Octets if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'^$1\.$2\.\'', $host); - $pfb_query = exec("grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); + $pfb_query = exec("/usr/bin/grep -rH {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex2}"); } // Report Specific ET IQRisk Details if ($pfb['et_header'] && preg_match("/{$et_header}/", $pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1\.$2\.$3\.$4\'', $host); - $pfb_query = exec("grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' "); + $pfb_query = exec("/usr/bin/grep -Hm1 {$host1} {$pfb['etdir']}/* | sed -e 's/^.*[a-zA-Z]\///' -e 's/:.*//' -e 's/\..*/ /' -e 's/ET_/ET IPrep /' "); if (empty($pfb_query)) { $host1 = preg_replace("/(\d{1,3})\.(\d{1,3}).(\d{1,3}).(\d{1,3})/", '\'$1.$2.$3.0/24\'', $host); - $pfb_query = exec("grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); + $pfb_query = exec("/usr/bin/grep -rHm1 {$host1} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | {$pfb_ex1}"); } } - // Default to "No Match" if not found. - if (empty($pfb_query)) - $pfb_query = "No Match"; } + elseif (is_ipaddrv6($host) && $pfb_query != "Country") { + $pfb_query = exec("/usr/bin/grep -Hm1 {$host} {$pfbfolder} | sed -e 's/^.*[a-zA-Z]\///' -e 's/\.txt:/ /' | grep -v 'pfB\_'"); + } + + // Default to "No Match" if not found. + if (empty($pfb_query)) + $pfb_query = "No Match"; # Split List Column into Two lines. unset ($pfb_match); @@ -681,9 +894,19 @@ if (!empty($fields_array)) { } } - $pfb_matchtitle = "Country Block Rules cannot be suppressed.\n\nTo allow a particular Country IP, either remove the particular Country or add the Host\nto a Permit Alias in the Firewall Tab.\n\nIf the IP is not listed beside the List, this means that the Block is a /32 entry.\nOnly /32 or /24 CIDR Hosts can be suppressed.\n\nIf (Duplication) Checking is not enabled. You may see /24 and /32 CIDR Blocks for a given blocked Host"; + // Add []'s to IPv6 Addresses and add a zero-width space as soft-break opportunity after each colon if we have an IPv6 address (from Snort) + if ($fields[4] == "6") { + $fields[97] = "[" . str_replace(":", ":​", $fields[7]) . "]"; + $fields[98] = "[" . str_replace(":", ":​", $fields[8]) . "]"; + } + else { + $fields[97] = $fields[7]; + $fields[98] = $fields[8]; + } // Truncate Long List Names + $pfb_matchtitle = "Country Block Rules cannot be suppressed.\n\nTo allow a particular Country IP, either remove the particular Country or add the Host\nto a Permit Alias in the Firewall Tab.\n\nIf the IP is not listed beside the List, this means that the Block is a /32 entry.\nOnly /32 or /24 CIDR Hosts can be suppressed.\n\nIf (Duplication) Checking is not enabled. You may see /24 and /32 CIDR Blocks for a given blocked Host"; + if (strlen($pfb_match[1]) >= 17) { $pfb_matchtitle = $pfb_match[1]; $pfb_match[1] = substr($pfb_match[1], 0, 16) . '...'; @@ -691,31 +914,28 @@ if (!empty($fields_array)) { // Print Alternating Line Shading if ($pfb['pfsenseversion'] > '2.0') { - $alertRowEvenClass = "listMReven"; - $alertRowOddClass = "listMRodd"; + $alertRowEvenClass = "listMReven"; + $alertRowOddClass = "listMRodd"; } else { - $alertRowEvenClass = "listr"; - $alertRowOddClass = "listr"; + $alertRowEvenClass = "listr"; + $alertRowOddClass = "listr"; } - // Collect Details for Repeated Alert Comparison - $previous_srcip = $fields['srcip'] . $fields['srcport']; - $previous_dstip = $fields['dstip'] . $fields['dstport']; - $countrycode = trim($scc . $dcc); - $alertRowClass = $counter % 2 ? $alertRowEvenClass : $alertRowOddClass; echo "<tr class='{$alertRowClass}'> - <td class='listMRr' align='center'>{$fields['time']}</td> - <td class='listMRr' align='center'>{$fields['interface']}</td> + <td class='listMRr' align='center'>{$fields[99]}</td> + <td class='listMRr' align='center'>{$fields[2]}</td> <td class='listMRr' align='center' title='The pfBlockerNG Rule that Blocked this Host.'>{$rule}</td> - <td class='listMRr' align='center'>{$proto}</td> - <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields['srcip']};' sorttable_customkey='{$fields['srcip']}'>{$src_icons}{$fields['srcip']}{$srcport}<br /><small>{$hostname['src']}</small></td> - <td nowrap='nowrap' class='listMRr' align='center' style='sorttable_customkey:{$fields['dstip']};' sorttable_customkey='{$fields['dstip']}'>{$dst_icons}{$fields['dstip']}{$dstport}<br /><small>{$hostname['dst']}</small></td> - <td class='listMRr' align='center'>{$countrycode}</td> + <td class='listMRr' align='center'>{$fields[6]}</td> + <td class='listMRr' align='center' style='sorttable_customkey:{$fields[7]};' sorttable_customkey='{$fields[7]}'>{$src_icons}{$fields[97]}{$srcport}<br /><small>{$hostname['src']}</small></td> + <td class='listMRr' align='center' style='sorttable_customkey:{$fields[8]};' sorttable_customkey='{$fields[8]}'>{$dst_icons}{$fields[98]}{$dstport}<br /><small>{$hostname['dst']}</small></td> + <td class='listMRr' align='center'>{$country}</td> <td class='listbg' align='center' title='{$pfb_matchtitle}' style=\"font-size: 10px word-wrap:break-word;\">{$pfb_match[1]}<br />{$pfb_match[2]}</td></tr>"; $counter++; if ($counter > 0 && $rtype == "block") { $mycounter = $counter; + } else { + $mycounter = 0; } } } @@ -725,6 +945,7 @@ if (!empty($fields_array)) { </table> </table> <?php endforeach; ?> <!--End - Create Three Output Windows 'Deny', 'Permit' and 'Match'--> +<?php unset ($fields_array); ?> </td></tr> </table> @@ -762,9 +983,22 @@ function findhostnames(counter) { ) } -var lines = <?php echo $mycounter; ?>; -for (alertcount = 0; alertcount < lines; alertcount++) { - setTimeout(findhostnames(alertcount), 30); +var alertlines = <?php echo $mycounter; ?>; +var autoresolve = "<?php echo $config['installedpackages']['pfblockerngglobal']['hostlookup']; ?>"; +if ( autoresolve == "on" ) { + for (alertcount = 0; alertcount < alertlines; alertcount++) { + setTimeout(findhostnames(alertcount), 30); + } +} + +function enable_showFilter() { + document.getElementById("filter_enable_row").style.display="none"; + document.getElementById("filter_options_row").style.display="table-row"; +} + +function enable_hideFilter() { + document.getElementById("filter_enable_row").style.display="table-row"; + document.getElementById("filter_options_row").style.display="none"; } //]]> diff --git a/config/quagga_ospfd/quagga_ospfd.inc b/config/quagga_ospfd/quagga_ospfd.inc index 17c13246..3b5c153d 100644 --- a/config/quagga_ospfd/quagga_ospfd.inc +++ b/config/quagga_ospfd/quagga_ospfd.inc @@ -266,8 +266,14 @@ function quagga_ospfd_install_conf() { $carp_ip_status_check = ""; if (is_ipaddr($ospfd_conf['carpstatusip'])) { - $carpcheckinterface = trim(find_carp_interface($ospfd_conf['carpstatusip'])); - $carp_ip_status_check = <<<EOF + + $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + switch ($pfs_version) { + case "2.0": + case "2.1": + /* Check for 2.1 and before */ + $carpcheckinterface = trim(find_carp_interface($ospfd_conf['carpstatusip'])); + $carp_ip_status_check = <<<EOF CARP_STATUS=`/sbin/ifconfig {$carpcheckinterface} | /usr/bin/grep carp: | /usr/bin/awk '{print \$2;}'` if [ \${CARP_STATUS} != "MASTER" ]; then @@ -275,6 +281,27 @@ if [ \${CARP_STATUS} != "MASTER" ]; then fi EOF; + break; + case "2.2": + default: + /* Check for 2.2 and later */ + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $vip) { + if (($vip['mode'] == "carp") && ($vip['subnet'] == $ospfd_conf['carpstatusip'])) { + $carpcheckinterface = escapeshellarg(get_real_interface($vip['interface'])); + $vhid = escapeshellarg($vip['vhid']); + $carp_ip_status_check = <<<EOF + +CARP_STATUS=`/sbin/ifconfig {$carpcheckinterface} | /usr/bin/grep 'carp:' | /usr/bin/grep 'vhid {$vhid}' | /usr/bin/awk '{print \$2;}'` +if [ \${CARP_STATUS} != "MASTER" ]; then + exit; +fi +EOF; + } + } + } + break; + } } @@ -395,4 +422,37 @@ function quagga_get_carp_status_by_ip($ipaddr) { return $status; } +function quagga_plugin_carp($pluginparams) { + global $config; + require_once("service-utils.inc"); + // Called when a CARP interface changes state + // $pluginparams['event'] either 'rc.carpmaster' or 'rc.carpbackup' + // $pluginparams['interface'] contains the affected interface + + /* If there is no OSPF config, then stop */ + if(is_array($config['installedpackages']['quaggaospfd']['config'])) { + $ospfd_conf = &$config['installedpackages']['quaggaospfd']['config'][0]; + } else { + return null; + } + /* If there is no properly configured CARP status check IP, then stop */ + if (!is_ipaddr($ospfd_conf['carpstatusip'])) { + return null; + } + list($vhid, $iface) = explode("@", trim($pluginparams['interface'])); + $friendly = convert_real_interface_to_friendly_interface_name($iface); + $carp_iface = "{$friendly}_vip${vhid}"; + + /* If this CARP transition is not from the IP address to check, then stop. */ + if (get_interface_ip($carp_iface) != $ospfd_conf['carpstatusip']) { + return null; + } + + /* Start or stop the service as needed based on the CARP transition. */ + if ($pluginparams['event'] == "rc.carpmaster") { + start_service("Quagga OSPFd"); + } elseif ($pluginparams['event'] == "rc.carpbackup") { + stop_service("Quagga OSPFd"); + } +} ?> diff --git a/config/quagga_ospfd/quagga_ospfd.xml b/config/quagga_ospfd/quagga_ospfd.xml index 8edfcc3f..5de2e3f8 100644 --- a/config/quagga_ospfd/quagga_ospfd.xml +++ b/config/quagga_ospfd/quagga_ospfd.xml @@ -1,6 +1,6 @@ <packagegui> <name>quagga_ospfd</name> - <version>0.6.1</version> + <version>0.6.4</version> <title>Services: Quagga OSPFd</title> <include_file>/usr/local/pkg/quagga_ospfd.inc</include_file> <aftersaveredirect>pkg_edit.php?xml=quagga_ospfd.xml&id=0</aftersaveredirect> @@ -67,6 +67,11 @@ <executable>zebra</executable> <description>Quagga core/abstraction daemon</description> </service> + <plugins> + <item> + <type>plugin_carp</type> + </item> + </plugins> <fields> <field> <fielddescr>Master Password</fielddescr> diff --git a/config/siproxd/siproxd.inc b/config/siproxd/siproxd.inc index d76f79d3..d9830fb2 100644 --- a/config/siproxd/siproxd.inc +++ b/config/siproxd/siproxd.inc @@ -32,7 +32,8 @@ if(!function_exists("filter_configure")) require_once("service-utils.inc"); // Check to find out on which system the package is running -if (substr(trim(file_get_contents("/etc/version")),0,3) == "2.0") { +$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); +if ($pfs_version == "2.0") { define('SIPROXD', '/usr/local'); } else { define('SIPROXD', '/usr/pbi/siproxd-' . php_uname("m")); @@ -108,7 +109,7 @@ function siproxd_generate_rules($type) { } function sync_package_siproxd() { - global $config; + global $config, $pfs_version; // put the constant to a variable $varSIPROXD = SIPROXD; @@ -250,9 +251,14 @@ function sync_package_siproxd() { fclose($fout); + if ($pfs_version == '2.2') + $bin_dir='bin'; + else + $bin_dir='sbin'; + write_rcfile(array( "file" => "siproxd.sh", - "start" => "$varSIPROXD/sbin/siproxd -c $varSIPROXD/etc/siproxd.conf &", + "start" => "$varSIPROXD/{$bin_dir}/siproxd -c $varSIPROXD/etc/siproxd.conf &", "stop" => "/usr/bin/killall -9 siproxd" ) ); diff --git a/config/snort/snort_alerts.widget.php b/config/snort/snort_alerts.widget.php index 552dab61..96c70562 100644 --- a/config/snort/snort_alerts.widget.php +++ b/config/snort/snort_alerts.widget.php @@ -46,7 +46,7 @@ $alertColClass = "listMRr"; /* check if Snort widget alert display lines value is set */ $snort_nentries = $config['widgets']['widget_snort_display_lines']; -if (!isset($snort_nentries) || $snort_nentries < 0) +if (!isset($snort_nentries) || $snort_nentries <= 0) $snort_nentries = 5; /* array sorting of the alerts */ @@ -95,7 +95,11 @@ if (isset($_GET['getNewAlerts'])) { // See if saving new display line count value if(isset($_POST['widget_snort_display_lines'])) { - $config['widgets']['widget_snort_display_lines'] = $_POST['widget_snort_display_lines']; + if($_POST['widget_snort_display_lines'] == "") { + unset($config['widgets']['widget_snort_display_lines']); + } else { + $config['widgets']['widget_snort_display_lines'] = max(intval($_POST['widget_snort_display_lines']), 1); + } write_config("Saved Snort Alerts Widget Displayed Lines Parameter via Dashboard"); header("Location: ../../index.php"); } diff --git a/config/vhosts/vhosts.inc b/config/vhosts/vhosts.inc index d0b14652..1958632e 100644 --- a/config/vhosts/vhosts.inc +++ b/config/vhosts/vhosts.inc @@ -659,7 +659,7 @@ function vhosts_sync_package_php() $tmp .= " \"PHP_FCGI_MAX_REQUESTS\" => \"500\",\n"; $tmp .= " \"PHP_FCGI_CHILDREN\" => \"1\"\n"; $tmp .= " ),\n"; - $tmp .= " \"bin-path\" => \"/usr/local/php5/php-cgi\"\n"; + $tmp .= " \"bin-path\" => \"/usr/local/bin/php\"\n"; $tmp .= " )\n"; $tmp .= " )\n"; $tmp .= ")\n"; @@ -681,11 +681,11 @@ function vhosts_sync_package_php() ); //add or update a service - $a_service = &$config['installedpackages']['service']; $ent['name'] = "vhosts-ssl-$x"; $ent['rcfile'] = "vhosts-".$ipaddress."-".$port."-ssl.sh"; $ent['executable'] = "vhosts-".$ipaddress."-".$port."-ssl"; $ent['description'] = "vHosts SSL, Host: $host, IP Address: ".$ipaddress.", port: ".$port." desc: ".$description; + $ent['custom_php_service_status_command'] = "\$vhost_output=''; exec('/bin/pgrep -anf '.".escapeshellarg($ent['executable']).", \$vhost_output, \$retval); \$rc=(intval(\$retval) == 0);"; $a_service = $config['installedpackages']['service']; $service_id = get_service_id ($a_service, 'name', "vhosts-ssl-$x"); if (is_int($service_id)) { diff --git a/config/zabbix-lts/zabbix-agent-lts.xml b/config/zabbix-lts/zabbix-agent-lts.xml new file mode 100644 index 00000000..b098eb62 --- /dev/null +++ b/config/zabbix-lts/zabbix-agent-lts.xml @@ -0,0 +1,179 @@ +<?xml version="1.0" encoding="utf-8"?> +<packagegui> +<copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + zabbix-agent-lts.xml + part of the Zabbix package for pfSense + Copyright (C) 2013 Danilo G. Baio + Copyright (C) 2013 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <name>zabbixagentlts</name> + <title>Services: Zabbix Agent LTS</title> + <category>Monitoring</category> + <version>0.8.3</version> + <include_file>/usr/local/pkg/zabbix-lts.inc</include_file> + <addedit_string>Zabbix Agent LTS has been created/modified.</addedit_string> + <delete_string>Zabbix Agent LTS has been deleted.</delete_string> + <restart_command>/usr/local/etc/rc.d/zabbix_agentd_lts.sh restart</restart_command> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/zabbix-lts/zabbix-lts.inc</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <menu> + <name>Zabbix Agent LTS</name> + <tooltiptext>Setup Zabbix Agent specific settings</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=zabbix-agent-lts.xml&id=0</url> + </menu> + <service> + <name>zabbix_agentd_lts</name> + <rcfile>zabbix_agentd_lts.sh</rcfile> + <executable>zabbix_agentd</executable> + <description>Zabbix Agent LTS host monitor daemon</description> + </service> + <tabs> + <tab> + <text>Agent</text> + <url>/pkg_edit.php?xml=zabbix-agent-lts.xml&id=0</url> + <active /> + </tab> + </tabs> + <fields> + <field> + <name>Zabbix Agent LTS Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>agentenabled</fieldname> + <description>Enable Zabbix Agent LTS service</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Server</fielddescr> + <fieldname>server</fieldname> + <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>Server Active</fielddescr> + <fieldname>serveractive</fieldname> + <description>List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>Hostname</fielddescr> + <fieldname>hostname</fieldname> + <description>Unique hostname. Required for active checks and must match hostname as configured on the Zabbix server (case sensitive).</description> + <type>input</type> + <size>60</size> + </field> + <field> + <fielddescr>Listen IP</fielddescr> + <fieldname>listenip</fieldname> + <default_value>0.0.0.0</default_value> + <type>input</type> + <size>60</size> + <description>Listen IP for connections from the server (default 0.0.0.0 for all interfaces)</description> + </field> + <field> + <fielddescr>Listen Port</fielddescr> + <fieldname>listenport</fieldname> + <default_value>10050</default_value> + <type>input</type> + <size>5</size> + <description>Listen port for connections from the server (default 10050)</description> + </field> + <field> + <fielddescr>Refresh Active Checks</fielddescr> + <fieldname>refreshactchecks</fieldname> + <default_value>120</default_value> + <type>input</type> + <size>5</size> + <description>The agent will refresh list of active checks once per 120 (default) seconds.</description> + </field> + <field> + <fielddescr>Timeout</fielddescr> + <fieldname>timeout</fieldname> + <default_value>3</default_value> + <type>input</type> + <size>5</size> + <description>Timeout (default 3). Do not spend more that Timeout seconds on getting requested value (1-30). The agent does not kill timeouted User Parameters processes!</description> + </field> + <field> + <fielddescr>Buffer Send</fielddescr> + <fieldname>buffersend</fieldname> + <default_value>5</default_value> + <type>input</type> + <size>5</size> + <description>Buffer Send (default 5). Do not keep data longer than N seconds in buffer (1-3600).</description> + </field> + <field> + <fielddescr>Buffer Size</fielddescr> + <fieldname>buffersize</fieldname> + <default_value>100</default_value> + <type>input</type> + <size>5</size> + <description>Buffer Size (default 100). Maximum number of values in a memory buffer (2-65535). The agent will send all collected data to Zabbix server or proxy if the buffer is full.</description> + </field> + <field> + <fielddescr>Start Agents</fielddescr> + <fieldname>startagents</fieldname> + <default_value>3</default_value> + <type>input</type> + <size>5</size> + <description>Start Agents (default 3). Number of pre-forked instances of zabbix_agentd that process passive checks (0-100).If set to 0, disables passive checks and the agent will not listen on any TCP port.</description> + </field> + <field> + <fielddescr>User Parameters</fielddescr> + <fieldname>userparams</fieldname> + <encoding>base64</encoding> + <type>textarea</type> + <rows>5</rows> + <cols>50</cols> + <description>User-defined parameter to monitor. There can be several user-defined parameters. Value has form, example: UserParameter=users,who|wc -l</description> + </field> + </fields> + <custom_php_install_command>sync_package_zabbix_lts();</custom_php_install_command> + <custom_php_command_before_form></custom_php_command_before_form> + <custom_php_after_head_command></custom_php_after_head_command> + <custom_php_after_form_command></custom_php_after_form_command> + <custom_php_validation_command>validate_input_zabbix_lts($_POST, $input_errors);</custom_php_validation_command> + <custom_add_php_command></custom_add_php_command> + <custom_php_resync_config_command>sync_package_zabbix_lts();</custom_php_resync_config_command> + <custom_php_deinstall_command>php_deinstall_zabbix_agent_lts();</custom_php_deinstall_command> +</packagegui> diff --git a/config/zabbix-lts/zabbix-lts.inc b/config/zabbix-lts/zabbix-lts.inc new file mode 100644 index 00000000..450b78a1 --- /dev/null +++ b/config/zabbix-lts/zabbix-lts.inc @@ -0,0 +1,360 @@ +<?php +/* $Id$ */ +/* ========================================================================== */ +/* + zabbix-lts.inc + part of the Zabbix package for pfSense + Copyright (C) 2013 Danilo G. Baio + Copyright (C) 2013 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ +require_once("util.inc"); +require_once("functions.inc"); +require_once("pkg-utils.inc"); +require_once("globals.inc"); + +function php_install_zabbix_lts(){ + sync_package_zabbix_lts(); +} + +function php_deinstall_zabbix_agent_lts(){ + global $config, $g; + + conf_mount_rw(); + + define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix22-agent-' . php_uname("m")); + + exec("/usr/bin/killall zabbix_agentd"); + unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/rc.d/zabbix_agentd_lts.sh"); + unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf"); + unlink_if_exists("/var/log/zabbix-lts/zabbix_agentd_lts.log"); + unlink_if_exists("/var/run/zabbix-lts/zabbix_agentd_lts.pid"); + + if (!is_array($config['installedpackages']['zabbixproxylts'])){ + if (is_dir("/var/log/zabbix-lts")) + exec("/bin/rm -r /var/log/zabbix-lts/"); + if (is_dir("/var/run/zabbix-lts")) + exec("/bin/rm -r /var/run/zabbix-lts/"); + } + + conf_mount_ro(); +} + +function php_deinstall_zabbix_proxy_lts(){ + global $config, $g; + + conf_mount_rw(); + + define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix22-proxy-' . php_uname("m")); + + exec("/usr/bin/killall zabbix_proxy"); + unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/rc.d/zabbix_proxy_lts.sh"); + unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy.conf"); + unlink_if_exists("/var/log/zabbix-lts/zabbix_proxy_lts.log"); + unlink_if_exists("/var/run/zabbix-lts/zabbix_proxy_lts.pid"); + + if (!is_array($config['installedpackages']['zabbixagentlts'])){ + if (is_dir("/var/log/zabbix-lts")) + exec("/bin/rm -r /var/log/zabbix-lts/"); + if (is_dir("/var/run/zabbix-lts")) + exec("/bin/rm -r /var/run/zabbix-lts/"); + } + + if (is_dir("/var/db/zabbix-lts")) + exec("/bin/rm -r /var/db/zabbix-lts/"); + + conf_mount_ro(); +} + +function validate_input_zabbix_lts($post, &$input_errors){ + + if (isset($post['proxyenabled'])){ + if (!is_numericint($post['serverport'])) { + $input_errors[]='Server Port is not numeric.'.$ServerPort; + } + + if (!is_numericint($post['configfrequency'])) { + $input_errors[]='Config Frequency is not numeric.'; + } + } + if (isset($post['agentenabled'])){ + if (!preg_match("/\w+/", $post['server'])) { + $input_errors[]='Server field is required.'; + } + + if (!preg_match("/\w+/", $post['hostname'])) { + $input_errors[]='Hostname field is required.'; + } + + if ($post['listenip'] != '') { + if (!is_ipaddr_configured($post['listenip']) && !preg_match("/(127.0.0.1|0.0.0.0)/",$post['listenip'])) { + $input_errors[]='Listen IP is not a configured IP address.'; + } + } + + if ($post['listenport'] != '') { + if (!preg_match("/^\d+$/", $post['listenport'])) { + $input_errors[]='Listen Port is not numeric.'; + } + } + + if ($post['refreshactchecks'] != '') { + if (!preg_match("/^\d+$/", $post['refreshactchecks'])) { + $input_errors[]='Refresh Active Checks is not numeric.'; + } elseif ( $post['refreshactchecks'] < 60 || $post['refreshactchecks'] > 3600 ) { + $input_errors[]='You must enter a valid value for \'Refresh Active Checks\''; + } + } + + if ($post['timeout'] != '') { + if (!is_numericint($post['timeout'])) { + $input_errors[]='Timeout is not numeric.'; + } elseif ( $post['timeout'] < 1 || $post['timeout'] > 30 ) { + $input_errors[]='You must enter a valid value for \'Timeout\''; + } + } + + if ($post['buffersend'] != '') { + if (!is_numericint($post['buffersend'])) { + $input_errors[]='Buffer Send is not numeric.'; + } elseif ( $post['buffersend'] < 1 || $post['buffersend'] > 3600 ) { + $input_errors[]='You must enter a valid value for \'Buffer Send\''; + } + } + + if ($post['buffersize'] != '') { + if (!is_numericint($post['buffersize'])) { + $input_errors[]='Bufer Size is not numeric.'; + } elseif ( $post['buffersize'] < 2 || $post['buffersize'] > 65535 ) { + $input_errors[]='You must enter a valid value for \'Buffer Size\''; + } + } + + if ($post['startagents'] != '') { + if (!is_numericint($post['startagents'])) { + $input_errors[]='Start Agents is not numeric.'; + } elseif ( $post['startagents'] < 0 || $post['startagents'] > 100 ) { + $input_errors[]='You must enter a valid value for \'Start Agents\''; + } + } + } +} + +function sync_package_zabbix_lts(){ + global $config, $g; + + conf_mount_rw(); + + define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix22-agent-' . php_uname("m")); + define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix22-proxy-' . php_uname("m")); + + #check zabbix proxy config + if (is_array($config['installedpackages']['zabbixproxylts'])){ + $zbproxy_config = $config['installedpackages']['zabbixproxylts']['config'][0]; + if ($zbproxy_config['proxyenabled']=="on"){ + $Mode=(is_numericint($zbproxy_config['proxymode'])?$zbproxy_config['proxymode'] : 0); + $AdvancedParams=base64_decode($zbproxy_config['advancedparams']); + + $zbproxy_conf_file = <<< EOF +Server={$zbproxy_config['server']} +ServerPort={$zbproxy_config['serverport']} +Hostname={$zbproxy_config['hostname']} +PidFile=/var/run/zabbix-lts/zabbix_proxy_lts.pid +DBName=/var/db/zabbix-lts/proxy.db +LogFile=/var/log/zabbix-lts/zabbix_proxy_lts.log +ConfigFrequency={$zbproxy_config['configfrequency']} +FpingLocation=/usr/local/sbin/fping +#there's currently no fping6 (IPv6) dependency in the package, but if there was, the binary would likely also be in /usr/local/sbin +Fping6Location=/usr/local/sbin/fping6 +ProxyMode={$Mode} +{$AdvancedParams} + +EOF; + file_put_contents(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => ""))); + } + } + /* check zabbix agent settings*/ + if (is_array($config['installedpackages']['zabbixagentlts'])){ + $zbagent_config = $config['installedpackages']['zabbixagentlts']['config'][0]; + if ($zbagent_config['agentenabled']=="on"){ + $RefreshActChecks=(preg_match("/(\d+)/",$zbagent_config['refreshactchecks'],$matches)? $matches[1] : "120"); + $BufferSend=(preg_match("/(\d+)/",$zbagent_config['buffersend'],$matches)? $matches[1] : "5" ); + $BufferSize=(preg_match("/(\d+)/",$zbagent_config['buffersize'],$matches)? $matches[1] : "100"); + $StartAgents=(preg_match("/(\d+)/",$zbagent_config['startagents'],$matches)? $matches[1] :"3" ); + $UserParams=base64_decode($zbagent_config['userparams']); + $ListenIp=($zbagent_config['listenip'] != ''? $zbagent_config['listenip'] : "0.0.0.0"); + $ListenPort=($zbagent_config['listenport'] != ''? $zbagent_config['listenport'] : "10050"); + $TimeOut=($zbagent_config['timeout'] != ''? $zbagent_config['timeout'] : "3"); + + $zbagent_conf_file = <<< EOF +Server={$zbagent_config['server']} +ServerActive={$zbagent_config['serveractive']} +Hostname={$zbagent_config['hostname']} +ListenIP={$ListenIp} +ListenPort={$ListenPort} +RefreshActiveChecks={$RefreshActChecks} +DebugLevel=3 +PidFile=/var/run/zabbix-lts/zabbix_agentd_lts.pid +LogFile=/var/log/zabbix-lts/zabbix_agentd_lts.log +LogFileSize=1 +Timeout={$TimeOut} +BufferSend={$BufferSend} +BufferSize={$BufferSize} +StartAgents={$StartAgents} +{$UserParams} + +EOF; + file_put_contents(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf", strtr($zbagent_conf_file, array("\r" => ""))); + } + } + $want_sysctls = array( + 'kern.ipc.shmall' => '2097152', + 'kern.ipc.shmmax' => '2147483648', + 'kern.ipc.semmsl' => '250' + ); + $sysctls = array(); + #check sysctl file values + $sc_file=""; + if (file_exists("/etc/sysctl.conf")) { + $sc = file("/etc/sysctl.conf"); + foreach ($sc as $line) { + list($sysk, $sysv) = explode("=", $line, 2); + if (preg_match("/\w/",$line) && !array_key_exists($sysk, $want_sysctls)) + $sc_file.=$line; + } + } + foreach ($want_sysctls as $ws=> $wv) { + $sc_file .= "{$ws}={$wv}\n"; + exec("/sbin/sysctl {$ws}={$wv}"); + } + file_put_contents("/etc/sysctl.conf", $sc_file); + + #check bootloader values + $lt_file=""; + $want_tunables = array( + 'kern.ipc.semopm' => '100', + 'kern.ipc.semmni' => '128', + 'kern.ipc.semmns' => '32000', + 'kern.ipc.shmmni' => '4096' + ); + $tunables = array(); + if (file_exists("/boot/loader.conf")) { + $lt = file("/boot/loader.conf"); + foreach ($lt as $line) { + list($tunable, $val) = explode("=", $line, 2); + if (preg_match("/\w/",$line) && !array_key_exists($tunable, $want_tunables)) + $lt_file.=$line; + } + } + foreach ($want_tunables as $wt => $wv) { + $lt_file.= "{$wt}={$wv}\n"; + } + file_put_contents("/boot/loader.conf", $lt_file); + + /*check startup script files*/ + /* create a few directories and ensure the sample files are in place */ + if (!is_dir(ZABBIX_PROXY_BASE . "/etc/zabbix22")) + exec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/zabbix22"); + + $dir_checks = <<< EOF +if [ ! -d /var/log/zabbix-lts ] + then + /bin/mkdir -p /var/log/zabbix-lts + /usr/sbin/chmod 755 /var/log/zabbix-lts + fi +/usr/sbin/chown -R zabbix:zabbix /var/log/zabbix-lts + +if [ ! -d /var/run/zabbix-lts ] + then + /bin/mkdir -p /var/run/zabbix-lts + /usr/sbin/chmod 755 /var/run/zabbix-lts + fi +/usr/sbin/chown -R zabbix:zabbix /var/run/zabbix-lts + +if [ ! -d /var/db/zabbix-lts ] + then + /bin/mkdir -p /var/db/zabbix-lts + /usr/sbin/chmod 755 /var/db/zabbix-lts + fi +/usr/sbin/chown -R zabbix:zabbix /var/db/zabbix-lts + +EOF; + + $zproxy_rcfile="/usr/local/etc/rc.d/zabbix_proxy_lts.sh"; + if (is_array($zbproxy_config) && $zbproxy_config['proxyenabled']=="on"){ + $zproxy_start= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Proxy LTS\"...\n"; + /* start zabbix proxy */ + $zproxy_start .= ZABBIX_PROXY_BASE . "/sbin/zabbix_proxy\n"; + + $zproxy_stop = "echo \"Stopping Zabbix Proxy LTS\"\n"; + $zproxy_stop .= "/usr/bin/killall zabbix_proxy\n"; + $zproxy_stop .= "/bin/sleep 5\n"; + + /* write out rc.d start/stop file */ + write_rcfile(array( + "file" => "zabbix_proxy_lts.sh", + "start" => $zproxy_start, + "stop" => $zproxy_stop + ) + ); + mwexec("{$zproxy_rcfile} restart"); + }else{ + if (file_exists($zproxy_rcfile)){ + mwexec("{$zproxy_rcfile} stop"); + unlink($zproxy_rcfile); + } + } + + $zagent_rcfile="/usr/local/etc/rc.d/zabbix_agentd_lts.sh"; + if (is_array($zbagent_config) && $zbagent_config['agentenabled']=="on"){ + $zagent_start .= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Agent LTS...\"\n"; + $zagent_start .= ZABBIX_AGENT_BASE . "/sbin/zabbix_agentd\n"; + + $zagent_stop = "echo \"Stopping Zabbix Agent LTS...\"\n"; + $zagent_stop .= "/usr/bin/killall zabbix_agentd\n"; + $zagent_stop .= "/bin/sleep 5\n"; + + /* write out rc.d start/stop file */ + write_rcfile(array( + "file" => "zabbix_agentd_lts.sh", + "start" => "$zagent_start", + "stop" => "$zagent_stop" + ) + ); + mwexec("{$zagent_rcfile} restart"); + }else{ + if (file_exists($zagent_rcfile)){ + mwexec("{$zagent_rcfile} stop"); + unlink($zagent_rcfile); + } + } + + conf_mount_ro(); +} + +?> diff --git a/config/zabbix-lts/zabbix-proxy-lts.xml b/config/zabbix-lts/zabbix-proxy-lts.xml new file mode 100644 index 00000000..de9f1e1c --- /dev/null +++ b/config/zabbix-lts/zabbix-proxy-lts.xml @@ -0,0 +1,150 @@ +<?xml version="1.0" encoding="utf-8"?> +<packagegui> +<copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + zabbix-proxy-lts.xml + part of the Zabbix package for pfSense + Copyright (C) 2013 Danilo G. Baio + Copyright (C) 2013 Marcello Coutinho + + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <name>zabbixproxylts</name> + <title>Services: Zabbix Proxy LTS</title> + <category>Monitoring</category> + <version>0.8.3</version> + <include_file>/usr/local/pkg/zabbix-lts.inc</include_file> + <addedit_string>Zabbix Proxy has been created/modified.</addedit_string> + <delete_string>Zabbix Proxy has been deleted.</delete_string> + <restart_command>/usr/local/etc/rc.d/zabbix_proxy_lts.sh restart</restart_command> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/zabbix-lts/zabbix-lts.inc</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + </additional_files_needed> + <menu> + <name>Zabbix Proxy LTS</name> + <tooltiptext>Setup Zabbix Proxy LTS specific settings</tooltiptext> + <section>Services</section> + <url>/pkg_edit.php?xml=zabbix-proxy-lts.xml&id=0</url> + </menu> + <service> + <name>zabbix_proxy_lts</name> + <rcfile>zabbix_proxy_lts.sh</rcfile> + <executable>zabbix_proxy</executable> + <description>Zabbix Proxy LTS collection daemon</description> + </service> + <tabs> + <tab> + <text>Proxy</text> + <url>/pkg_edit.php?xml=zabbix-proxy-lts.xml&id=0</url> + <active /> + </tab> + </tabs> + <fields> + <field> + <name>Zabbix Proxy LTS Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>proxyenabled</fieldname> + <description>Enable Zabbix Proxy LTS service</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Server</fielddescr> + <fieldname>server</fieldname> + <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description> + <default_value>127.0.0.1</default_value> + <type>input</type> + <size>60</size> + <required>true</required> + </field> + <field> + <fielddescr>Server Port</fielddescr> + <fieldname>serverport</fieldname> + <description>Port of Zabbix trapper on Zabbix server. default value 10051</description> + <default_value>10051</default_value> + <type>input</type> + <size>6</size> + <required>true</required> + </field> + <field> + <fielddescr>Hostname</fielddescr> + <fieldname>hostname</fieldname> + <description>Unique, case-sensitive proxy name. Make sure the proxy name is known to the server</description> + <default_value>localhost</default_value> + <type>input</type> + <size>50</size> + <required>true</required> + </field> + <field> + <fielddescr>Proxy Mode</fielddescr> + <fieldname>proxymode</fieldname> + <description>Select Zabbix proxy mode (Active is default)</description> + <type>select</type> + <default_value>0</default_value> + <options> + <option><name>Active</name><value>0</value></option> + <option><name>Passive</name><value>1</value></option> + </options> + <required>true</required> + </field> + <field> + <fielddescr>Config Frequency</fielddescr> + <fieldname>configfrequency</fieldname> + <description>How often the proxy retrieves configuration data from the Zabbix server in seconds. Ignored if the proxy runs in passive mode.</description> + <default_value>3600</default_value> + <type>input</type> + <size>10</size> + <required>true</required> + </field> + <field> + <fielddescr>Advanced Parameters</fielddescr> + <fieldname>advancedparams</fieldname> + <encoding>base64</encoding> + <type>textarea</type> + <rows>5</rows> + <cols>50</cols> + <description>Advanced parameters. There are some rarely used parameters that sometimes need to be defined. Value has form, example: StartDiscoverers=10</description> + </field> + </fields> + <custom_php_install_command>sync_package_zabbix_lts();</custom_php_install_command> + <custom_php_command_before_form></custom_php_command_before_form> + <custom_php_after_head_command></custom_php_after_head_command> + <custom_php_after_form_command></custom_php_after_form_command> + <custom_php_validation_command>validate_input_zabbix_lts($_POST, $input_errors);</custom_php_validation_command> + <custom_add_php_command></custom_add_php_command> + <custom_php_resync_config_command>sync_package_zabbix_lts();</custom_php_resync_config_command> + <custom_php_deinstall_command>php_deinstall_zabbix_proxy_lts();</custom_php_deinstall_command> +</packagegui> |