diff options
Diffstat (limited to 'config')
49 files changed, 1441 insertions, 697 deletions
diff --git a/config/cron/cron.inc b/config/cron/cron.inc index 645575d9..87591e08 100644 --- a/config/cron/cron.inc +++ b/config/cron/cron.inc @@ -27,22 +27,30 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once("pfsense-utils.inc"); require_once("services.inc"); +require_once("util.inc"); function cron_sync_package() { configure_cron(); // Previous package versions were "helpfully" killing cron on uninstall. // Also, need to make sure cron is running, otherwise the package is useless. - // TODO: Something like this needs to be eventually done in configure_cron() in services.inc. - if (!is_process_running("cron")) { - exec("cd /tmp && /usr/sbin/cron -s 2>/dev/null"); + // configure_cron() function in services.inc already does this check on pfSense >=2.2.5 + $pfs_version = str_replace(".", "", substr(trim(file_get_contents("/etc/version")), 0, 5)); + if ($pfs_version < 225) { + if (!is_process_running("cron")) { + exec("cd /tmp && /usr/sbin/cron -s 2>/dev/null"); + } } } function cron_install_command() { // Clean up possible lingering garbage after previous package versions unlink_if_exists("/usr/local/etc/rc.d/cron.sh"); - cron_sync_package(); +} + +function cron_deinstall_command() { + rmdir_recursive("/usr/local/www/packages/cron"); } ?> diff --git a/config/cron/cron.xml b/config/cron/cron.xml index f777faff..181a4506 100644 --- a/config/cron/cron.xml +++ b/config/cron/cron.xml @@ -41,19 +41,16 @@ /* ====================================================================================== */ ]]> </copyright> - <description>Cron</description> - <name>Cron Settings</name> - <version>0.3.1</version> - <title>Settings</title> + <name>cronsettings</name> + <version>0.3.3</version> + <title>Cron Settings</title> <include_file>/usr/local/pkg/cron.inc</include_file> <menu> <name>Cron</name> - <tooltiptext>Cron settings.</tooltiptext> <section>Services</section> <configfile>cron.xml</configfile> <url>/packages/cron/cron.php</url> </menu> - <configpath>installedpackages->package->$packagename->configuration->cron</configpath> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/cron/cron.xml</item> @@ -87,4 +84,7 @@ <custom_php_install_command> cron_install_command(); </custom_php_install_command> + <custom_php_deinstall_command> + cron_deinstall_command(); + </custom_php_deinstall_command> </packagegui> diff --git a/config/dansguardian/dansguardian.xml b/config/dansguardian/dansguardian.xml index 2f87259b..a5717d2f 100644 --- a/config/dansguardian/dansguardian.xml +++ b/config/dansguardian/dansguardian.xml @@ -1,72 +1,68 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - dansguardian.xml - part of the dansguardian for pfSense - Copyright (C) 2012-2013 Marcello Coutinho - - All rights reserved. - */ -/* ========================================================================== */ + dansguardian.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>dansguardian</name> - <version>1.0</version> + <version>0.1.13</version> <title>Services: Dansguardian</title> <include_file>/usr/local/pkg/dansguardian.inc</include_file> <menu> <name>Dansguardian</name> - <tooltiptext>Configure dansguardian</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=dansguardian.xml</url> </menu> <service> <name>dansguardian</name> - <rcfile>dansguardian</rcfile> + <rcfile>dansguardian.sh</rcfile> <executable>dansguardian</executable> - <description><![CDATA[Award winning Open Source web content filter]]></description> + <description>Web Content Filter</description> </service> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian.inc</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian.php</item> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_ldap.php</item> @@ -76,122 +72,98 @@ <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_ldap.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_limits.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_ips_header.template</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_users_header.template</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_users_footer.template</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_about.php</item> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_config.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_sync.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardianfx.conf.template</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_url_acl.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_site_acl.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_search_acl.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_pics_acl.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_phrase_acl.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_log.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_header_acl.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_groups.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_file_acl.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_content_acl.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_blacklist.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_antivirus_acl.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian.conf.template</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/icapscan.conf.template</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/dansguardian/dansguardian_rc.template</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <tabs> <tab> @@ -253,13 +225,21 @@ <fielddescr>Enable dansguardian</fielddescr> <fieldname>enable</fieldname> <type>checkbox</type> - <description><![CDATA[<a target=_new href='http://dansguardian.org/?page=copyright2'>I agree with dansguardian Terms and Conditions.</a>]]></description> + <description> + <![CDATA[ + <a target=_new href='http://dansguardian.org/?page=copyright2'>I agree with dansguardian Terms and Conditions.</a> + ]]> + </description> </field> <field> <fielddescr>Listen Interface(s)</fielddescr> <fieldname>interface</fieldname> - <description><![CDATA[Default: <strong>LAN/loopback</strong><br>Select interface(s) that you want to dansguardian listen on.<br> - <strong>Note: Do NOT select more then one interface if you plan to use more then one authentication plugin.</strong>]]></description> + <description> + <![CDATA[ + Default: <strong>LAN/loopback</strong><br/>Select interface(s) that you want to dansguardian listen on.<br/> + <strong>Note: Do NOT select more then one interface if you plan to use more then one authentication plugin.</strong> + ]]> + </description> <type>interfaces_selection</type> <required/> <multiple/> @@ -269,66 +249,90 @@ <fieldname>filterports</fieldname> <type>input</type> <size>10</size> - <description><![CDATA[Default: <strong>8080</strong><br>The port(s) that DansGuardian listens to.]]></description> + <description> + <![CDATA[ + Default: <strong>8080</strong><br>The port(s) that DansGuardian listens to. + ]]> + </description> </field> <field> <fielddescr>Daemon Options</fielddescr> <fieldname>daemon_options</fieldname> <description><![CDATA[Daemon Options. Default values are in ( )]]></description> - <type>select</type> - <options> + <type>select</type> + <options> <option><name>nodaemon (off)</name><value>nodaemon</value></option> <option><name>softrestart (on)</name><value>softrestart</value></option> - </options> - <multiple/> - <size>3</size> + </options> + <multiple/> + <size>3</size> </field> <field> <fielddescr>Min/Max Children</fielddescr> <fieldname>children</fieldname> <type>input</type> <size>10</size> - <description><![CDATA[Default: <strong>8/120</strong><br> - Sets the minimun and maximum number of processes to spawn to handle the incoming connections.<br> - Max value usually 250 depending on OS.<br> - On large sites you might want to try 32/180.]]></description> + <description> + <![CDATA[ + Default: <strong>8/120</strong><br> + Sets the minimun and maximum number of processes to spawn to handle the incoming connections.<br/> + Max value usually 250 depending on OS.<br> + On large sites you might want to try 32/180. + ]]> + </description> </field> <field> <fielddescr>Min/Max Spare Children</fielddescr> <fieldname>sparechildren</fieldname> <type>input</type> <size>10</size> - <description><![CDATA[Default: <strong>4/32</strong><br> - Sets the minimum and maximun number of processes to be kept ready to handle connections.<br> - On large sites you might want to try 8/64.]]></description> + <description> + <![CDATA[ + Default: <strong>4/32</strong><br> + Sets the minimum and maximun number of processes to be kept ready to handle connections.<br/> + On large sites you might want to try 8/64. + ]]> + </description> </field> <field> <fielddescr>Prefork Children</fielddescr> <fieldname>preforkchildren</fieldname> <type>input</type> <size>10</size> - <description><![CDATA[sets the minimum number of processes to spawn when it runs out<br> - On large sites you might want to try 10]]></description> + <description> + <![CDATA[ + sets the minimum number of processes to spawn when it runs out<br/> + On large sites you might want to try 10 + ]]> + </description> </field> <field> <fielddescr>Max Age Children</fielddescr> <fieldname>maxagechildren</fieldname> <type>input</type> <size>10</size> - <description><![CDATA[Default: <strong>500</strong><br> - Sets the maximum age of a child process before it croaks it.<br> - This is the number of connections they handle before exiting.<br> - On large sites you might want to try 10000.]]></description> + <description> + <![CDATA[ + Default: <strong>500</strong><br> + Sets the maximum age of a child process before it croaks it.<br/> + This is the number of connections they handle before exiting.<br/> + On large sites you might want to try 10000. + ]]> + </description> </field> <field> <fielddescr>Max Ips</fielddescr> <fieldname>maxips</fieldname> <type>input</type> <size>10</size> - <description><![CDATA[Default: <strong>0</strong><br> - Sets the maximum number client IP addresses allowed to connect at once.<br> - Use this to set a hard limit on the number of users allowed to concurrently<br> - browse the web. Set to 0 for no limit, and to disable the IP cache process.]]></description> + <description> + <![CDATA[ + Default: <strong>0</strong><br> + Sets the maximum number client IP addresses allowed to connect at once.<br/> + Use this to set a hard limit on the number of users allowed to concurrently<br/> + browse the web. Set to 0 for no limit, and to disable the IP cache process. + ]]> + </description> </field> <field> <name>Parent proxy Settings</name> @@ -339,23 +343,31 @@ <fieldname>proxyip</fieldname> <type>input</type> <size>20</size> - <description><![CDATA[Default: <strong>127.0.0.1</strong><br> - Sets ip address for proxy server(usually squid).]]></description> + <description> + <![CDATA[ + Default: <strong>127.0.0.1</strong><br/> + Sets ip address for proxy server(usually squid). + ]]> + </description> </field> <field> <fielddescr>Proxy Port</fielddescr> <fieldname>proxyport</fieldname> <type>input</type> <size>10</size> - <description><![CDATA[Default: <strong>3128</strong><br> - Sets port number for proxy server.]]></description> + <description> + <![CDATA[ + Default: <strong>3128</strong><br> + Sets port number for proxy server. + ]]> + </description> </field> <field> <fielddescr>Proxy Time out</fielddescr> <fieldname>proxytimeout</fieldname> <description><![CDATA[This option handle max time to wait for proxy server.]]></description> - <type>select</type> - <options> + <type>select</type> + <options> <option><name>30 seconds (default)</name><value>30</value></option> <option><name>20 seconds</name><value>20</value></option> <option><name>40 seconds</name><value>40</value></option> @@ -365,7 +377,7 @@ <option><name>80 seconds</name><value>80</value></option> <option><name>90 seconds</name><value>90</value></option> <default_value>30</default_value> - </options> + </options> </field> </fields> <custom_php_install_command> @@ -378,7 +390,7 @@ </custom_php_deinstall_command> <custom_php_validation_command> dansguardian_validate_input($_POST, $input_errors); - </custom_php_validation_command> + </custom_php_validation_command> <custom_php_resync_config_command> sync_package_dansguardian(); </custom_php_resync_config_command> diff --git a/config/dansguardian/dansguardian_rc.template b/config/dansguardian/dansguardian_rc.template index 580fb835..1d63c7ec 100755 --- a/config/dansguardian/dansguardian_rc.template +++ b/config/dansguardian/dansguardian_rc.template @@ -14,11 +14,6 @@ # # dansguardian_enable="YES" # dansguardian_flags="<set as needed>" -sysctl kern.ipc.somaxconn=16384 -sysctl kern.maxfiles=131072 -sysctl kern.maxfilesperproc=104856 -sysctl kern.threads.max_threads_per_proc=4096 - dansguardian_enable=${dansguardian_enable:-"YES"} dansguardian_pidfile=${dansguardian_pidfile:-"/var/run/dansguardian.pid"} @@ -27,6 +22,22 @@ dansguardian_pidfile=${dansguardian_pidfile:-"/var/run/dansguardian.pid"} name="dansguardian" rcvar=dansguardian_enable command="/usr/local/sbin/${name}" +start_precmd="${name}_prestart" + +dansguardian_prestart() +{ + /sbin/sysctl kern.ipc.somaxconn=16384 + /sbin/sysctl kern.maxfiles=131072 + /sbin/sysctl kern.maxfilesperproc=104856 + /sbin/sysctl kern.threads.max_threads_per_proc=4096 + + for i in dguardianipc dguardianipipc dguardianurlipc; do + if [ -f "/tmp/.${i}" ]; then + /bin/rm -f "/tmp/.${i}" + fi + done + return 0 +} load_rc_config $name diff --git a/config/iperf/iperf.xml b/config/iperf/iperf.xml index b7e27871..49674a9f 100644 --- a/config/iperf/iperf.xml +++ b/config/iperf/iperf.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>iperf</name> - <version>2.0.5.3</version> + <version>2.0.5.4</version> <title>iperf: Client</title> <savetext>Run iperf client</savetext> <preoutput>yes</preoutput> @@ -56,6 +56,7 @@ <name>iperf</name> <executable>iperf</executable> <description>iperf Network Performance Testing Daemon/Client</description> + <stopcmd>mwexec("/usr/bin/killall iperf");</stopcmd> </service> <tabs> <tab> diff --git a/config/lightsquid/sqstat.class.php b/config/lightsquid/sqstat.class.php index 2f1dc9ba..a190557c 100644 --- a/config/lightsquid/sqstat.class.php +++ b/config/lightsquid/sqstat.class.php @@ -349,8 +349,9 @@ class squidstat { $is_time = time(); $curr_speed = 0; $avg_speed = 0; - if (isset($session_data[$con_id]) && $con_data == $session_data[$con_id]) { + if (isset($session_data[$con_id]) && !empty($session_data[$con_id])) { // if we have info about current connection, we do analyze its data current speed + $con_data = $session_data[$con_id]; $was_time = $con_data['time']; $was_size = $con_data['size']; if ($was_time && $was_size) { @@ -505,8 +506,9 @@ class squidstat { $con_id = $con['connection']; $is_time = time(); $curr_speed = $avg_speed = 0; - if (isset($session_data[$con_id]) && $con_data == $session_data[$con_id]) { + if (isset($session_data[$con_id]) && !empty($session_data[$con_id])) { // if we have info about current connection, we do analyze its data current speed + $con_data = $session_data[$con_id]; $was_time = $con_data['time']; $was_size = $con_data['size']; if ($was_time && $was_size) { diff --git a/config/nmap/nmap.inc b/config/nmap/nmap.inc index cbf1b15a..45a87d64 100644 --- a/config/nmap/nmap.inc +++ b/config/nmap/nmap.inc @@ -27,10 +27,12 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once("pkg-utils.inc"); +require_once("util.inc"); function nmap_install() { $destination_file = "/usr/local/share/nmap/nmap-mac-prefixes"; - $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); switch ($pfs_version) { case "2.1": $source_file = "/usr/pbi/nmap-" . php_uname("m") . "/share/nmap/nmap-mac-prefixes"; @@ -48,17 +50,23 @@ function nmap_install() { } } +function nmap_deinstall() { + $destination_file = "/usr/local/share/nmap/nmap-mac-prefixes"; + if (is_link($destination_file)) { + @unlink($destination_file); + } +} + function nmap_custom_php_validation_command($post, &$input_errors) { - global $_POST, $savemsg, $config; - if (empty($_POST['hostname'])) { + if (empty($post['hostname'])) { $input_errors[] = gettext("You must enter an IP address to scan."); - } elseif (!(is_ipaddr($_POST['hostname']) || is_subnet($_POST['hostname']) || is_hostname($_POST['hostname']))) { + } elseif (!(is_ipaddr($post['hostname']) || is_subnet($post['hostname']) || is_hostname($post['hostname']))) { $input_errors[] = gettext("You must enter a valid IP address to scan."); } - if(!empty($_POST['interface'])) { + if(!empty($post['interface'])) { $interfaces = get_configured_interface_with_descr(); - if (!array_key_exists($_POST['interface'], $interfaces)) { + if (!array_key_exists($post['interface'], $interfaces)) { $input_errors[] = gettext("Invalid interface."); } } @@ -122,7 +130,7 @@ function nmap_get_interfaces() { if (is_array($config['openvpn']["openvpn-{$mode}"])) { foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) { if (!isset($setting['disable'])) { - $tmp["name"] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); + $tmp["name"] = gettext("OpenVPN") . " " . $mode . ": " . htmlspecialchars($setting['description']); $tmp["value"] = 'ovpn' . substr($mode, 0, 1) . $setting['vpnid']; $nmap_ifs[] = $tmp; } diff --git a/config/nmap/nmap.priv.inc b/config/nmap/nmap.priv.inc new file mode 100644 index 00000000..131d6d99 --- /dev/null +++ b/config/nmap/nmap.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + nmap.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-nmap'] = array(); +$priv_list['page-diagnostics-nmap']['name'] = "WebCfg - Diagnostics: nmap package"; +$priv_list['page-diagnostics-nmap']['descr'] = "Allow access to nmap package GUI"; +$priv_list['page-diagnostics-nmap']['match'] = array(); +$priv_list['page-diagnostics-nmap']['match'][] = "pkg_edit.php?xml=nmap.xml*"; + +?> diff --git a/config/nmap/nmap.xml b/config/nmap/nmap.xml index 446ba461..665b40e9 100644 --- a/config/nmap/nmap.xml +++ b/config/nmap/nmap.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>nmap</name> - <version>1.4</version> + <version>1.4.1</version> <title>Diagnostics: NMap</title> <savetext>Scan</savetext> <preoutput>yes</preoutput> @@ -50,7 +50,6 @@ <include_file>/usr/local/pkg/nmap.inc</include_file> <menu> <name>NMap</name> - <tooltiptext>NMap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is runing on a port), and TCP/IP fingerprinting (remote host OS or device identification). It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and command line modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.</tooltiptext> <section>Diagnostics</section> <configfile>nmap.xml</configfile> </menu> @@ -58,6 +57,10 @@ <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/nmap/nmap.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/nmap/nmap.priv.inc</item> + </additional_files_needed> <fields> <field> <fielddescr>IP or Hostname</fielddescr> @@ -68,7 +71,7 @@ <field> <fielddescr>Interface</fielddescr> <fieldname>interface</fieldname> - <description>Enter the source interface here.</description> + <description>Select the source interface here.</description> <type>select_source</type> <source><![CDATA[nmap_get_interfaces()]]></source> <source_name>name</source_name> @@ -86,28 +89,44 @@ <option><name>UDP</name><value>udp</value></option> <option><name>ARP (directly connected networks only!)</name><value>arp</value></option> </options> - <typehint>Scan method</typehint> + <typehint>Select scan method.</typehint> </field> <field> <fielddescr>-P0</fielddescr> <fieldname>noping</fieldname> - <description>This allows the scanning of networks that don't allow ICMP echo requests (or responses) through their firewall. microsoft.com is an example of such a network, and thus you should always use -P0 or -PT80 when port scanning microsoft.com. Note the "ping" in this context may involve more than the traditional ICMP echo request packet. Nmap supports many such probes, including arbitrary combinations of TCP, UDP, and ICMP probes. By default, Nmap sends an ICMP echo request and a TCP ACK packet to port 80.</description> + <description> + <![CDATA[ + Do not try to ping hosts at all before scanning them. This allows the scanning of networks that don't allow ICMP echo requests (or responses) through their firewall.<br/> + microsoft.com is an example of such a network, and thus you should always use -P0 or -PT80 when port scanning microsoft.com.<br/> + Note the "ping" in this context may involve more than the traditional ICMP echo request packet. Nmap supports many such probes, including arbitrary combinations of TCP, UDP, and ICMP probes.<br/> + By default, Nmap sends an ICMP echo request and a TCP ACK packet to port 80. + ]]> + </description> <type>checkbox</type> - <typehint>Do not try to ping hosts at all before scanning them.</typehint> </field> <field> <fielddescr>-sV</fielddescr> <fieldname>servicever</fieldname> - <description>After TCP and/or UDP ports are discovered using one of the other scan methods, version detection communicates with those ports to try and determine more about what is actually running. A file called nmap-service-probes is used to determine the best probes for detecting various services and the match strings to expect. Nmap tries to determine the service protocol (e.g. ftp, ssh, telnet, http), the application name (e.g. ISC Bind, Apache httpd, Solaris telnetd), the version number, and sometimes miscellaneous details like whether an X server is open to connections or the SSH protocol version).</description> + <description> + <![CDATA[ + Try to identify service versions. After TCP and/or UDP ports are discovered using one of the other scan methods, version detection communicates with those ports to try and determine more about what is actually running.<br/> + A file called nmap-service-probes is used to determine the best probes for detecting various services and the match strings to expect.<br/> + Nmap tries to determine the service protocol (e.g. ftp, ssh, telnet, http), the application name (e.g. ISC Bind, Apache httpd, Solaris telnetd), the version number, and sometimes miscellaneous details like whether an X server is open to connections or the SSH protocol version). + ]]> + </description> <type>checkbox</type> - <typehint>Try to identify service versions.</typehint> </field> <field> <fielddescr>-O</fielddescr> <fieldname>osdetect</fieldname> - <description>This option activates remote host identification via TCP/IP fingerprinting. In other words, it uses a bunch of techniques to detect subtleties in the underlying operating system network stack of the computers you are scanning. It uses this information to create a "fingerprint" which it compares with its database of known OS fingerprints (the nmap-os-fingerprints file) to decide what type of system you are scanning.</description> + <description> + <![CDATA[ + Turn on OS detection. This option activates remote host identification via TCP/IP fingerprinting.<br/> + In other words, it uses a bunch of techniques to detect subtleties in the underlying operating system network stack of the computers you are scanning.<br/> + It uses this information to create a "fingerprint" which it compares with its database of known OS fingerprints (the nmap-os-fingerprints file) to decide what type of system you are scanning. + ]]> + </description> <type>checkbox</type> - <typehint>Turn on OS detection.</typehint> </field> </fields> <custom_add_php_command> @@ -119,4 +138,7 @@ <custom_php_install_command> nmap_install(); </custom_php_install_command> + <custom_php_deinstall_command> + nmap_deinstall(); + </custom_php_deinstall_command> </packagegui> diff --git a/config/nrpe2/nrpe2.inc b/config/nrpe2/nrpe2.inc index 08aeb5c4..182664b8 100644 --- a/config/nrpe2/nrpe2.inc +++ b/config/nrpe2/nrpe2.inc @@ -28,7 +28,10 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -require_once('filter.inc'); +require_once("filter.inc"); +require_once("pfsense-utils.inc"); +require_once("pkg-utils.inc"); +require_once("util.inc"); global $pfs_version; $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); @@ -50,20 +53,9 @@ define('NRPE_RCFILE', '/usr/local/etc/rc.d/nrpe2.sh'); function nrpe2_custom_php_install_command() { - global $g, $config; - $NRPE_BASE = NRPE_BASE; - $NRPE_CONFIG_DIR = NRPE_CONFIG_DIR; - - $ip = $config['interfaces']['lan']['ipaddr']; - - if (!is_array($config['installedpackages']['nrpe2'])) { - $config['installedpackages']['nrpe2']['config'][0]['enabled'] = "on"; - $config['installedpackages']['nrpe2']['config'][0]['server_address'] = $ip; - $config['installedpackages']['nrpe2']['config'][0]['server_port'] = 5666; - $config['installedpackages']['nrpe2']['config'][0]['allowed_hosts'] = "127.0.0.1"; - $config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe'] = "on"; - } + global $config; + /* Create default commands configuration */ if (!is_array($config['installedpackages']['nrpe2']['config'][0]['row'])) { $config['installedpackages']['nrpe2']['config'][0]['row'] = array( 0 => array( @@ -107,8 +99,19 @@ function nrpe2_custom_php_install_command() { ) ); } + + /* Remove the rc script installed with the package */ unlink_if_exists(NRPE_CONFIG_DIR . '/rc.d/nrpe2'); - $nrpe2_binary = NRPE_BINARY; + +} + +function nrpe2_custom_php_deinstall_command() { + unlink_if_exists(NRPE_RCFILE); +} + +function nrpe2_write_rc_file() { + $NRPE_CONFIG_DIR = NRPE_CONFIG_DIR; + $NRPE2_BINARY = NRPE_BINARY; $fd = fopen(NRPE_RCFILE, 'w'); $rc_file = <<<EOD #!/bin/sh @@ -135,7 +138,7 @@ nrpe2_enable=\${nrpe2_enable-"YES"} name="nrpe2" rcvar="\${name}_enable" -command="{$nrpe2_binary}" +command="{$NRPE2_BINARY}" command_args="-d" extra_commands="reload" @@ -160,31 +163,34 @@ EOD; } +function nrpe2_resync_package() { + conf_mount_rw(); + nrpe2_custom_php_write_config(); + nrpe2_custom_php_service(); + conf_mount_ro(); +} + function nrpe2_custom_php_write_config() { - global $g, $config; + global $config; $nagios_check_path = NRPE_BASE . "/libexec/nagios"; - conf_mount_rw(); $cmds = array(); foreach ($config['installedpackages']['nrpe2']['config'][0]['row'] as $cmd) { $sudo_bin = "/usr/local/bin/sudo"; $sudo = (isset($cmd['sudo']) && is_executable($sudo_bin)) ? "{$sudo_bin} " : ""; $wcmd = !empty($cmd['warning']) ? "-w {$cmd['warning']}" : ""; $ccmd = !empty($cmd['critical']) ? "-c {$cmd['critical']}" : ""; - if (is_executable("{$nagios_check_path}/{$cmd['command']}")) + if (is_executable("{$nagios_check_path}/{$cmd['command']}")) { $cmds[] = "command[{$cmd['name']}]={$sudo}{$nagios_check_path}/{$cmd['command']} {$wcmd} {$ccmd} {$cmd['extra']}\n"; + } } $commands = implode($cmds); - $server_port = $config['installedpackages']['nrpe2']['config'][0]['server_port']; - $allowed_hosts = $config['installedpackages']['nrpe2']['config'][0]['allowed_hosts']; - $dont_blame_nrpe = $config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe']; - if ($config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe'] == "on") { - $dont_blame_nrpe = 1; - } else { - $dont_blame_nrpe = 0; - } + $server_port = $config['installedpackages']['nrpe2']['config'][0]['server_port'] ?: '5666'; + $allowed_hosts = $config['installedpackages']['nrpe2']['config'][0]['allowed_hosts'] ?: '127.0.0.1'; + $dont_blame_nrpe = $config['installedpackages']['nrpe2']['config'][0]['dont_blame_nrpe'] == "on" ? '1' : '0'; + /* Create configuration file */ $fd = fopen(NRPE_CONFIG_DIR . '/nrpe.cfg', 'w'); $nrpe_cfg = <<<EOD log_facility=daemon @@ -199,22 +205,29 @@ command_timeout=60 connection_timeout=300 {$commands} EOD; - if (defined($config['installedpackages']['nrpe2']['config'][0]['server_address'])) { - $server_address = $config['installedpackages']['nrpe2']['config'][0]['server_address']; - $nrpe_cfg .= "server_address={$server_address}"; + if ($config['installedpackages']['nrpe2']['config'][0]['server_address'] != "") { + $nrpe_cfg .= "server_address={$config['installedpackages']['nrpe2']['config'][0]['server_address']}"; } fwrite($fd, $nrpe_cfg); fclose($fd); - conf_mount_ro(); + } function nrpe2_custom_php_service() { global $config; if ($config['installedpackages']['nrpe2']['config'][0]['enabled'] == "on") { - restart_service("nrpe2"); + nrpe2_write_rc_file(); + if (is_service_running("nrpe2")) { + restart_service("nrpe2"); + } else { + start_service("nrpe2"); + } } else { - stop_service("nrpe2"); + if (is_service_running("nrpe2")) { + stop_service("nrpe2"); + } + unlink_if_exists(NRPE_RCFILE); } } @@ -222,8 +235,26 @@ function nrpe2_get_commands() { $nagios_check_path = NRPE_BASE . "/libexec/nagios"; $commands = glob("{$nagios_check_path}/check_*"); $cmdarr = array(); - foreach ($commands as $cmd) + foreach ($commands as $cmd) { $cmdarr[]["command"] = basename($cmd); + } return $cmdarr; } + +function nrpe2_custom_php_validation_command($post, &$input_errors) { + if (!is_port($post['server_port'])) { + $input_errors[] = gettext("'Port Number' must be a valid port."); + } + if ($post['server_address'] != "") { + if (!is_ipaddr_configured($post['server_address']) && !preg_match("/(127.0.0.1|0.0.0.0)/", $post['server_address'])) { + $input_errors[] = gettext("'Bind IP Address' is not a valid, locally configured IP address."); + } + } + foreach (explode(",", $post['allowed_hosts']) as $host) { + if (!empty($host) && !is_ipaddr($host)) { + $input_errors[] = gettext("'Nagios Server(s)' entry '{$host}' is not a valid IP address."); + } + } +} + ?> diff --git a/config/nrpe2/nrpe2.priv.inc b/config/nrpe2/nrpe2.priv.inc new file mode 100644 index 00000000..3014806a --- /dev/null +++ b/config/nrpe2/nrpe2.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + nrpe2.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-nrpe2'] = array(); +$priv_list['page-services-nrpe2']['name'] = "WebCfg - Services: nrpe2 package"; +$priv_list['page-services-nrpe2']['descr'] = "Allow access to nrpe2 package GUI"; +$priv_list['page-services-nrpe2']['match'] = array(); +$priv_list['page-services-nrpe2']['match'][] = "pkg_edit.php?xml=nrpe2.xml*"; + +?> diff --git a/config/nrpe2/nrpe2.xml b/config/nrpe2/nrpe2.xml index f70835c3..dcd6a5a9 100644 --- a/config/nrpe2/nrpe2.xml +++ b/config/nrpe2/nrpe2.xml @@ -42,10 +42,9 @@ /* ====================================================================================== */ ]]> </copyright> - <description>Nagios NRPEv2</description> <name>nrpe2</name> - <version>2.2.1</version> - <title>NRPEv2</title> + <version>2.2.2</version> + <title>Services: NRPEv2</title> <aftersaveredirect>/pkg_edit.php?xml=nrpe2.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/nrpe2.inc</include_file> <menu> @@ -58,35 +57,39 @@ <name>nrpe2</name> <rcfile>nrpe2.sh</rcfile> <executable>nrpe2</executable> - <description>Nagios NRPE Daemon</description> + <description>Nagios NRPEv2 Daemon</description> </service> <configpath>installedpackages->package->nrpe2</configpath> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.priv.inc</item> + </additional_files_needed> <fields> <field> <type>listtopic</type> - <name>NRPE Options</name> - <fieldname>temp</fieldname> + <name>Service Options</name> </field> <field> - <fielddescr>Enabled</fielddescr> + <fielddescr>Enable NRPE</fielddescr> <fieldname>enabled</fieldname> <description>Check this to enable NRPE daemon.</description> <type>checkbox</type> + <default_value>on</default_value> </field> <field> <type>listtopic</type> <name>Configuration Options</name> - <fieldname>temp</fieldname> </field> <field> <fielddescr>Port Number</fielddescr> <fieldname>server_port</fieldname> <description>Port number we should wait for connections on. (Default: 5666)</description> <type>input</type> + <default_value>5666</default_value> <required/> </field> <field> @@ -107,12 +110,12 @@ <fieldname>dont_blame_nrpe</fieldname> <description>Check this to enable accept NRPE arguments. (Default: 0)</description> <type>checkbox</type> + <default_value>on</default_value> </field> <field> <type>listtopic</type> <name>Commands</name> - <fieldname>temp</fieldname> </field> <field> <fielddescr>Command Definitions that the Nagios server can call via the NRPE daemon.</fielddescr> @@ -158,34 +161,29 @@ <rowhelperfield> <fielddescr>Extra Options (Example: -s Z \$ARG1\$ \$ARG2\$)</fielddescr> <fieldname>extra</fieldname> - <description><![CDATA[<strong>Warning! Use at your own risk, incorrect settings here may prevent NRPE from starting!</strong>]]></description> + <description>Warning! Use at your own risk, incorrect settings here may prevent NRPE from starting!</description> <type>input</type> <size>25</size> </rowhelperfield> </rowhelper> </field> </fields> - <custom_delete_php_command> - nrpe2_custom_php_write_config(); - nrpe2_custom_php_service(); - </custom_delete_php_command> - <custom_add_php_command> - nrpe2_custom_php_write_config(); - nrpe2_custom_php_service(); - </custom_add_php_command> <custom_php_install_command> nrpe2_custom_php_install_command(); - nrpe2_custom_php_write_config(); - nrpe2_custom_php_service(); </custom_php_install_command> <custom_php_deinstall_command> - nrpe2_custom_php_write_config(); + nrpe2_custom_php_deinstall_command(); </custom_php_deinstall_command> + <custom_add_php_command> + nrpe2_resync_package(); + </custom_add_php_command> + <custom_delete_php_command> + nrpe2_resync_package(); + </custom_delete_php_command> <custom_php_resync_config_command> - nrpe2_custom_php_write_config(); - nrpe2_custom_php_service(); + nrpe2_resync_package(); </custom_php_resync_config_command> - <custom_php_command_before_form> - unset($_POST['temp']); - </custom_php_command_before_form> + <custom_php_validation_command> + nrpe2_custom_php_validation_command($_POST, $input_errors); + </custom_php_validation_command> </packagegui> diff --git a/config/olsrd/olsrd.inc b/config/olsrd/olsrd.inc index 4e15f9cf..f65c1168 100644 --- a/config/olsrd/olsrd.inc +++ b/config/olsrd/olsrd.inc @@ -2,7 +2,7 @@ /* olsrd.inc part of pfSense (https://www.pfSense.org/) - Copyright (C) 2012 Ermal Luçi + Copyright (C) 2006 Scott Ullrich Copyright (C) 2015 ESF, LLC All rights reserved. @@ -28,27 +28,36 @@ POSSIBILITY OF SUCH DAMAGE. */ require_once("config.inc"); +require_once("service-utils.inc"); +require_once("util.inc"); + +$pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); +if ($pfs_version == "2.1" || $pfs_version == "2.2") { + define('OLSRD_LOCALBASE', '/usr/pbi/olsrd-' . php_uname("m") . '/local'); +} else { + define('OLSRD_LOCALBASE', '/usr/local'); +} function setup_wireless_olsr() { global $config, $g; - if ($g['platform'] == 'jail' || !$config['installedpackages']['olsrd'] || !$config['installedpackages']) { - return; - } - if (isset($config['system']['developerspew'])) { - $mt = microtime(); - echo "setup_wireless_olsr($interface) being called $mt\n"; - } conf_mount_rw(); - foreach ($config['installedpackages']['olsrd']['config'] as $olsrd) { - $olsr_enable = $olsrd['enable']; - if ($olsr_enable <> "on") { - if (is_process_running("olsrd")) { - mwexec("/usr/bin/killall olsrd", true); - } - return; + if (is_array($config['installedpackages']['olsrd'])) { + $olsrd_config = $config['installedpackages']['olsrd']['config'][0]; + } else { + $olsrd_config = array(); + } + + /* If disabled, stop service if needed, unlink the rc script and do nothing else */ + if ($olsrd_config['enable'] != "on") { + if (is_service_running("olsrd")) { + stop_service("olsrd"); } + unlink_if_exists("/usr/local/etc/rc.d/olsrd.sh"); + return; + } else { + /* parse package config and create configuration file */ $fd = fopen("{$g['varetc_path']}/olsr.conf", "w"); if ($olsrd['announcedynamicroute'] or $olsrd['enableannounce'] == "on") { @@ -64,7 +73,8 @@ function setup_wireless_olsr() { } else { $enableannounce = ""; } - + + $pluginpath = OLSRD_LOCALBASE . '/lib'; $olsr .= <<<EODA # # olsr.org OLSR daemon config file @@ -201,10 +211,10 @@ MprCoverage 3 EODA; - if ($olsrd['enablehttpinfo'] == "on") { - $olsr .= <<<EODB + if ($olsrd['enablehttpinfo'] == "on") { + $olsr .= <<<EODB -LoadPlugin "/usr/local/lib/olsrd_httpinfo.so.0.1" +LoadPlugin "{$pluginpath}/olsrd_httpinfo.so.0.1" { PlParam "port" "{$olsrd['port']}" PlParam "Net" "{$olsrd['allowedhttpinfohost']} {$olsrd['allowedhttpinfosubnet']}" @@ -212,29 +222,29 @@ LoadPlugin "/usr/local/lib/olsrd_httpinfo.so.0.1" EODB; - } + } - if ($olsrd['enabledsecure'] == "on") { - @file_put_contents("{$g['tmp_path']}/olsrkey.txt", $olsrd['securekey']); - $olsr .= <<<EODC + if ($olsrd['enabledsecure'] == "on") { + @file_put_contents("{$g['tmp_path']}/olsrkey.txt", $olsrd['securekey']); + $olsr .= <<<EODC -LoadPlugin "/usr/local/lib/olsrd_secure.so.0.5" +LoadPlugin "{$pluginpath}/olsrd_secure.so.0.6" { PlParam "Keyfile" "{$g['tmp_path']}/olsrkey.txt" } EODC; - } + } - if ($olsrd['enabledyngw'] == "on") { + if ($olsrd['enabledyngw'] == "on") { - /* unset default route, olsr auto negotiates */ - mwexec("/sbin/route delete default"); + /* unset default route, olsr auto negotiates */ + mwexec("/sbin/route delete default"); - $olsr .= <<<EODE + $olsr .= <<<EODE -LoadPlugin "/usr/local/lib/olsrd_dyn_gw.so.0.4" +LoadPlugin "{$pluginpath}/olsrd_dyn_gw.so.0.4" { # how often to look for a inet gw, in seconds # defaults to 5 secs, if commented out @@ -252,13 +262,13 @@ LoadPlugin "/usr/local/lib/olsrd_dyn_gw.so.0.4" EODE; - } + } - foreach ($config['installedpackages']['olsrd']['config'] as $conf) { - $interfaces = explode(',', $conf['iface_array']); - foreach ($interfaces as $interface) { - $realinterface = convert_friendly_interface_to_real_interface_name($interface); - $olsr .= <<<EODAD + foreach ($config['installedpackages']['olsrd']['config'] as $conf) { + $interfaces = explode(',', $conf['iface_array']); + foreach ($interfaces as $interface) { + $realinterface = convert_friendly_interface_to_real_interface_name($interface); + $olsr .= <<<EODAD Interface "{$realinterface}" { @@ -301,22 +311,78 @@ Interface "{$realinterface}" EODAD; + } + break; } - break; - } - fwrite($fd, $olsr); - fclose($fd); + fwrite($fd, $olsr); + fclose($fd); + -} - if (is_process_running("olsrd")) { - mwexec("/usr/bin/killall olsrd", true); + /* create rc script and (re)start service */ + $olsrd_start = "/usr/local/sbin/olsrd -f {$g['varetc_path']}/olsr.conf"; + $olsrd_stop = "/usr/bin/killall olsrd; sleep 3"; + write_rcfile(array( + "file" => "olsrd.sh", + "start" => $olsrd_start, + "stop" => $olsrd_stop + ) + ); + if (is_service_running("olsrd")) { + restart_service("olsrd"); + } else { + start_service("olsrd"); + } } - sleep(2); - mwexec_bg("/usr/local/sbin/olsrd -f {$g['varetc_path']}/olsr.conf"); conf_mount_ro(); } +function validate_form_olsrd($post, &$input_errors) { + /* + if ($post['iface_array'] == "") { + $input_errors[] = 'You must select at least one interface for OSLRD.'; + } + */ + if ($post['enablehttpinfo']) { + if (!$post['port'] || !$post['allowedhttpinfohost'] || !$post['allowedhttpinfosubnet']) { + $input_errors[] = "'HTTPInfo Port', 'Allowed Host(s) IP Address/Subnet' and 'Allowed Host(s) Netmask' must be filled in when HTTPInfo Plugin is enabled."; + } + if ($post['port'] && !is_port($post['port'])) { + $input_errors[] = "Invalid port entered for 'HTTPInfo Port'."; + } + if ($post['allowedhttpinfohost'] && !is_ipaddrv4($post['allowedhttpinfohost'])) { + $input_errors[] = "Invalid IPv4 address entered for 'Allowed Host(s) IP Address/Subnet'."; + } + if ($post['allowedhttpinfosubnet'] && !is_ipaddrv4($post['allowedhttpinfosubnet'])) { + $input_errors[] = "Invalid IPv4 address entered for 'Allowed Host(s) Netmask'."; + } + if ($post['allowedhttpinfohost'] && is_ipaddrv4($post['allowedhttpinfohost']) && $post['allowedhttpinfosubnet'] && is_ipaddrv4($post['allowedhttpinfosubnet'])) { + $cidr = 32 - log((ip2long($post['allowedhttpinfosubnet']) ^ ip2long('255.255.255.255')) + 1, 2); + $acl = "{$post['allowedhttpinfohost']}/{$cidr}"; + if (!is_subnetv4($acl)) { + $input_errors[] = "'{$post['allowedhttpinfohost']}/{$post['allowedhttpinfosubnet']}' is not a valid IPv4 subnet."; + } + } + } + if ($post['enabledyngw']) { + if (!$post['ping'] || !$post['polling']) { + $input_errors[] = "'Ping IP Address' and 'Poll Interval' must be filled in when 'Enable Dynamic Gateway' is checked."; + } + if ($post['ping'] && !is_ipaddrv4($post['ping'])) { + $input_errors[] = "Invalid IPv4 address entered for 'Ping IP Address'."; + } + if ($post['polling'] && (!is_numericint($post['polling']) || ($post['polling'] < 1))) { + $input_errors[] = "'Poll Interval' must be numeric integer greater than 0."; + } + } +} + +function php_deinstall_olsrd() { + global $g; + unlink_if_exists("{$g['varetc_path']}/olsr.conf"); + unlink_if_exists("{$g['tmp_path']}/olsrkey.txt"); +} + ?> diff --git a/config/olsrd/olsrd.priv.inc b/config/olsrd/olsrd.priv.inc new file mode 100644 index 00000000..159a2d36 --- /dev/null +++ b/config/olsrd/olsrd.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + olsrd.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-olsrd'] = array(); +$priv_list['page-services-olsrd']['name'] = "WebCfg - Services: OLSRD package"; +$priv_list['page-services-olsrd']['descr'] = "Allow access to OLSRD package GUI"; +$priv_list['page-services-olsrd']['match'] = array(); +$priv_list['page-services-olsrd']['match'][] = "pkg_edit.php?xml=olsrd.xml*"; + +?> diff --git a/config/olsrd/olsrd.xml b/config/olsrd/olsrd.xml index 6623c31f..8023f818 100644 --- a/config/olsrd/olsrd.xml +++ b/config/olsrd/olsrd.xml @@ -9,7 +9,7 @@ /* olsrd.xml part of pfSense (https://www.pfSense.org/) - Copyright (C) 2012 Ermal Luçi + Copyright (C) 2006 Scott Ullrich Copyright (C) 2015 ESF, LLC All rights reserved. */ @@ -42,38 +42,59 @@ ]]> </copyright> <name>olsrd</name> - <version>1.0.3</version> - <title>OLSRD</title> + <version>1.0.4</version> + <title>Services: OLSRD Settings</title> <include_file>/usr/local/pkg/olsrd.inc</include_file> <menu> <name>OLSRD</name> <section>Services</section> <configfile>olsrd.xml</configfile> + <url>/pkg_edit.php?xml=olsrd.xml</url> </menu> <service> - <name>OLSRD</name> - <rcfile>/usr/local/sbin/olsrd -f /var/etc/olsr.conf</rcfile> + <name>olsrd</name> + <rcfile>olsrd.sh</rcfile> + <executable>olsrd</executable> + <description>Optimized Link State Routing Protocol Daemon</description> </service> - <tabs> - <tab> - <text>OLSRD Settings</text> - <url>/pkg_edit.php?xml=olsrd.xml&id=0</url> - <active/> - </tab> - </tabs> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/olsrd/olsrd.inc</item> </additional_files_needed> - <configpath>['installedpackages']['OLSRD']['config']</configpath> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/olsrd/olsrd.priv.inc</item> + </additional_files_needed> <fields> <field> + <name>Service Settings</name> + <type>listtopic</type> + </field> + <field> <fielddescr>Enable OLSR</fielddescr> <fieldname>enable</fieldname> <description>Enables the dynamic mesh linking daemon.</description> <type>checkbox</type> </field> <field> + <fielddescr>Enable Secure Mode</fielddescr> + <fieldname>enabledsecure</fieldname> + <description>Enables the secure mode.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Key</fielddescr> + <fieldname>securekey</fieldname> + <description>Paste the secure key information here.</description> + <type>textarea</type> + <rows>5</rows> + <cols>50</cols> + </field> + <field> + <name>General Settings</name> + <type>listtopic</type> + </field> + <field> <fielddescr>Link Quality Level</fielddescr> <fieldname>enablelqe</fieldname> <type>select</type> @@ -83,6 +104,7 @@ <option><value>0</value><name>0</name></option> <option><value>1</value><name>1</name></option> </options> + <default_value>2</default_value> </field> <field> <fielddescr>Interfaces</fielddescr> @@ -98,6 +120,7 @@ <fieldname>enablehttpinfo</fieldname> <description>Enables the OLSR stats web server.</description> <type>checkbox</type> + <enablefields>port,allowedhttpinfohost,allowedhttpinfosubnet</enablefields> </field> <field> <fielddescr>HTTPInfo Port</fielddescr> @@ -106,65 +129,67 @@ <type>input</type> </field> <field> - <fielddescr>Allowed host(s)</fielddescr> + <fielddescr>Allowed Host(s) IP Address/Subnet</fielddescr> <fieldname>allowedhttpinfohost</fieldname> - <description>Hosts that are allowed to access the HTTPInfo web service.</description> + <description>IP(s) that are allowed to access the HTTPInfo web service.</description> <type>input</type> </field> <field> - <fielddescr>Allowed host(s) subnet</fielddescr> + <fielddescr>Allowed Host(s) Netmask</fielddescr> <fieldname>allowedhttpinfosubnet</fieldname> - <description>Enter the subnet mask in form 255.255.255.0</description> + <description>Enter the subnet mask in long form (e.g. 255.255.255.0)</description> <type>input</type> </field> <field> - <fielddescr>Enable Dynamic Gateway</fielddescr> - <fieldname>enabledyngw</fieldname> - <description>Enables the OLSR Dynamic Gateways feature.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Announce self as Dynamic Gateway</fielddescr> + <fielddescr>Announce Self as Dynamic Gateway</fielddescr> <fieldname>enableannounce</fieldname> <description>Enables the OLSR Dynamic Gateways Announcing feature.</description> <type>checkbox</type> </field> <field> - <fielddescr>Announce Dynamic local route</fielddescr> + <fielddescr>Announce Dynamic Local Route</fielddescr> <fieldname>announcedynamicroute</fieldname> <description>Enter the IP/Netmask.</description> <type>textarea</type> <rows>3</rows> <cols>50</cols> </field> + <!-- Disabled since the required plugin is missing in the package --> + <!-- <field> - <fielddescr>Ping</fielddescr> - <fieldname>ping</fieldname> - <description>Pings this host to ensure connectivity.</description> - <type>input</type> + <name>Dynamic Gateway</name> + <type>listtopic</type> </field> <field> - <fielddescr>Poll</fielddescr> - <fieldname>polling</fieldname> - <description>How often to look for a inet gw, in seconds.</description> - <type>input</type> + <fielddescr>Enable Dynamic Gateway</fielddescr> + <fieldname>enabledyngw</fieldname> + <description>Enables the OLSR Dynamic Gateways feature.</description> + <type>checkbox</type> + <enablefields>ping,polling</enablefields> </field> <field> - <fielddescr>Enable Secure Mode</fielddescr> - <fieldname>enabledsecure</fieldname> - <description>Enables the secure mode.</description> - <type>checkbox</type> + <fielddescr>Ping IP Address</fielddescr> + <fieldname>ping</fieldname> + <description>Pings this IPv4 address to ensure connectivity.</description> + <type>input</type> + <default_value>5</default_value> </field> <field> - <fielddescr>Key</fielddescr> - <fieldname>securekey</fieldname> - <description>Paste the secure key information here.</description> - <type>textarea</type> - <rows>5</rows> - <cols>50</cols> + <fielddescr>Poll Interval</fielddescr> + <fieldname>polling</fieldname> + <description>How often to look for an inet GW (in seconds).</description> + <type>input</type> + <default_value>5</default_value> </field> + --> </fields> + <custom_php_deinstall_command> + php_deinstall_olsrd(); + </custom_php_deinstall_command> <custom_php_resync_config_command> setup_wireless_olsr($if); </custom_php_resync_config_command> + <custom_php_validation_command> + validate_form_olsrd($_POST, $input_errors); + </custom_php_validation_command> </packagegui> diff --git a/config/openbgpd/openbgpd.priv.inc b/config/openbgpd/openbgpd.priv.inc new file mode 100644 index 00000000..6a0cae94 --- /dev/null +++ b/config/openbgpd/openbgpd.priv.inc @@ -0,0 +1,47 @@ +<?php +/* + openbgpd.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-openbgpd'] = array(); +$priv_list['page-services-openbgpd']['name'] = "WebCfg - Services: OpenBGPD package"; +$priv_list['page-services-openbgpd']['descr'] = "Allow access to OpenBGPD package GUI"; + +$priv_list['page-services-openbgpd']['match'] = array(); +$priv_list['page-services-openbgpd']['match'][] = "pkg.php?xml=openbgpd.xml*"; +$priv_list['page-services-openbgpd']['match'][] = "pkg.php?xml=openbgpd_neighbors.xml*"; +$priv_list['page-services-openbgpd']['match'][] = "pkg.php?xml=openbgpd_groups.xml*"; + +$priv_list['page-services-openbgpd']['match'][] = "pkg_edit.php?xml=openbgpd.xml*"; +$priv_list['page-services-openbgpd']['match'][] = "pkg_edit.php?xml=openbgpd_neighbors.xml*"; +$priv_list['page-services-openbgpd']['match'][] = "pkg_edit.php?xml=openbgpd_groups.xml*"; + +$priv_list['page-services-openbgpd']['match'][] = "openbgpd_raw.php*"; +$priv_list['page-services-openbgpd']['match'][] = "openbgpd_status.php*"; + +?> diff --git a/config/openbgpd/openbgpd.xml b/config/openbgpd/openbgpd.xml index 6ed587d6..351182cc 100644 --- a/config/openbgpd/openbgpd.xml +++ b/config/openbgpd/openbgpd.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>OpenBGPD</name> - <version>0.9.3.7</version> + <version>0.9.3.9</version> <title>Services: OpenBGPD</title> <include_file>/usr/local/pkg/openbgpd.inc</include_file> <service> @@ -64,6 +64,10 @@ <item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd_groups.xml</item> </additional_files_needed> @@ -73,7 +77,6 @@ </additional_files_needed> <menu> <name>OpenBGPD</name> - <tooltiptext></tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=openbgpd.xml&id=0</url> </menu> diff --git a/config/pfflowd/pfflowd.priv.inc b/config/pfflowd/pfflowd.priv.inc new file mode 100644 index 00000000..67074f52 --- /dev/null +++ b/config/pfflowd/pfflowd.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + pfflowd.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-pfflowd'] = array(); +$priv_list['page-services-pfflowd']['name'] = "WebCfg - Services: pfflowd package"; +$priv_list['page-services-pfflowd']['descr'] = "Allow access to pfflowd package GUI"; +$priv_list['page-services-pfflowd']['match'] = array(); +$priv_list['page-services-pfflowd']['match'][] = "pkg_edit.php?xml=pfflowd.xml*"; + +?> diff --git a/config/pfflowd/pfflowd.xml b/config/pfflowd/pfflowd.xml index 44294d69..25a68a2c 100644 --- a/config/pfflowd/pfflowd.xml +++ b/config/pfflowd/pfflowd.xml @@ -42,138 +42,130 @@ ]]> </copyright> <name>pfflowd</name> - <version>1.0.3</version> - <title>pfflowd: Settings</title> - <aftersaveredirect>pkg_edit.php?xml=pfflowd.xml&id=0</aftersaveredirect> + <version>1.0.4</version> + <title>Services: pfflowd Settings</title> + <aftersaveredirect>pkg_edit.php?xml=pfflowd.xml</aftersaveredirect> <menu> <name>pfflowd</name> <tooltiptext>Modify pfflowd settings.</tooltiptext> <section>Services</section> <configfile>pfflowd.xml</configfile> - <url>/pkg_edit.php?xml=pfflowd.xml&id=0</url> + <url>/pkg_edit.php?xml=pfflowd.xml</url> </menu> <service> <name>pfflowd</name> <rcfile>pfflowd.sh</rcfile> <executable>pfflowd</executable> + <description>Netflow Export Daemon</description> </service> <configpath>installedpackages->package->$packagename->configuration->settings</configpath> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/pfflowd/pfflowd.priv.inc</item> + </additional_files_needed> <fields> <field> - <fielddescr>Host</fielddescr> + <fielddescr>Enable pfflowd</fielddescr> + <fieldname>enabled</fieldname> + <description>Check this to enable pfflowd daemon.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Destination Host</fielddescr> <fieldname>host</fieldname> - <description>Specify the host that datagrams are to be sent to.</description> + <description>Specify the IP address of the host that datagrams are to be sent to.</description> <type>input</type> + <required/> </field> <field> - <fielddescr>Port</fielddescr> + <fielddescr>Destination Port</fielddescr> <fieldname>port</fieldname> <description>Enter the port that datagrams are to be sent to.</description> <type>input</type> + <required/> </field> <field> - <fielddescr>Source Hostname/IP</fielddescr> + <fielddescr>Source IP</fielddescr> <fieldname>sourcehost</fieldname> - <description>Specify the hostname or IP address that datagrams are to be sent from. The hostname/IP must be local to this system.</description> + <description> + <![CDATA[ + Specify the IP address that datagrams are to be sent from. <strong>The IP must be local to this system.</strong> + ]]> + </description> <type>input</type> </field> <field> - <fielddescr>pf rule direction restriction</fielddescr> + <fielddescr>pf Rule Direction Restriction</fielddescr> <fieldname>direction</fieldname> <description>Restrict creation of flow records to states matching a certain direction (in, out, or any).</description> <type>select</type> <options> - <option> - <name>Any</name> - <value>any</value> - </option> - <option> - <name>In</name> - <value>in</value> - </option> - <option> - <name>Out</name> - <value>out</value> - </option> + <option><name>Any</name><value>any</value></option> + <option><name>In</name><value>in</value></option> + <option><name>Out</name><value>out</value></option> </options> </field> <field> - <fielddescr>Netflow version</fielddescr> + <fielddescr>Netflow Version</fielddescr> <fieldname>version</fieldname> <description>Select which version of the NetFlow protocol to use.</description> <type>select</type> <options> - <option> - <name>9</name> - <value>9</value> - </option> - <option> - <name>5</name> - <value>5</value> - </option> - <option> - <name>1</name> - <value>1</value> - </option> + <option><name>9</name><value>9</value></option> + <option><name>5</name><value>5</value></option> + <option><name>1</name><value>1</value></option> </options> </field> </fields> <custom_php_global_functions> <![CDATA[ function sync_package_pfflowd() { - conf_mount_rw(); global $config; - foreach ($config['installedpackages']['pfflowd']['config'] as $cf) { - if ($cf['host'] != "") { - $start = "\n/sbin/ifconfig pfsync0 up\n"; - $start .= "/usr/local/sbin/pfflowd "; - $start .= " -n {$cf['host']}"; - if ($cf['port'] != "") { - $start .= ":{$cf['port']}"; - } - if (!empty($cf['sourcehost'])) { - $start .= " -s {$cf['sourcehost']} "; - } - if ($cf['direction'] != "") { - $start .= " -S {$cf['direction']}"; - } - if ($cf['version'] != "") { - $start .= " -v {$cf['version']}"; - } - write_rcfile(array( - "file" => "pfflowd.sh", - "start" => $start, - "stop" => "/usr/bin/killall pfflowd" - ) - ); + conf_mount_rw(); + if (is_array($config['installedpackages']['pfflowd']['config'])) { + $cf = $config['installedpackages']['pfflowd']['config'][0]; + } else { + $cf = array(); + } + if ($cf['enabled'] == "on") { + $start = "\n/sbin/ifconfig pfsync0 up\n"; + $start .= "/usr/local/sbin/pfflowd "; + $start .= " -n {$cf['host']}"; + $start .= ":{$cf['port']}"; + if (!empty($cf['sourcehost'])) { + $start .= " -s {$cf['sourcehost']} "; + } + if ($cf['direction'] != "") { + $start .= " -S {$cf['direction']}"; + } + if ($cf['version'] != "") { + $start .= " -v {$cf['version']}"; + } + write_rcfile(array("file" => "pfflowd.sh", "start" => $start, "stop" => "/usr/bin/killall pfflowd")); + if (is_service_running("pfflowd")) { restart_service("pfflowd"); - break; + } else { + start_service("pfflowd"); + } + } else { + if (is_service_running("pfflowd")) { + stop_service("pfflowd"); } + unlink_if_exists("/usr/local/etc/rc.d/pfflowd.sh"); } conf_mount_ro(); } function validate_form_pfflowd($post, &$input_errors) { - if (($post['host'] == "") || !is_ipaddr($post['host'])) { - $input_errors[] = 'You must specify a valid ip address in the \'Host\' field'; + if ($post['host'] != "" && !is_ipaddr($post['host'])) { + $input_errors[] = 'You must specify a valid IP address in the \'Destination Host\' field'; } - if (($post['port'] == "") || !is_port($post['port'])) { - $input_errors[] = 'You must specify a valid port number in the \'Port\' field'; + if ($post['port'] != "" && !is_port($post['port'])) { + $input_errors[] = 'You must specify a valid port number in the \'Destination Port\' field'; } - } - - function cleanup_config_pfflowd() { - global $a_pkg; - $pffconf = array(); - if (is_array($a_pkg)) { - foreach($a_pkg as $cf) { - if ($cf['host'] != "") { - $pffconf = $cf; - } - } + if ($post['sourcehost'] != "" && !is_ipaddr($post['sourcehost'])) { + $input_errors[] = 'You must specify a valid IP address in the \'Source IP\' field'; } - $a_pkg = array(); - $a_pkg[0] = $pffconf; } ]]> </custom_php_global_functions> @@ -183,7 +175,4 @@ <custom_php_validation_command> validate_form_pfflowd($_POST, $input_errors); </custom_php_validation_command> - <custom_php_command_before_form> - cleanup_config_pfflowd(); - </custom_php_command_before_form> </packagegui> diff --git a/config/phpservice/phpservice.inc b/config/phpservice/phpservice.inc index d04e021a..8ccd4f3c 100644 --- a/config/phpservice/phpservice.inc +++ b/config/phpservice/phpservice.inc @@ -27,12 +27,13 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once('pkg-utils.inc'); + function phpservice_sync_package() { global $config; - + conf_mount_rw(); + if ($config['installedpackages']['phpservice']['config'] != "") { - - conf_mount_rw(); $tmp = <<<EOF <?php @@ -47,10 +48,10 @@ fclose($fp); unset($filename); function send_to_syslog($syslogaddress, $syslogport, $syslogmsg) { - + $syslogaddress = "127.0.0.1"; $syslogport = 514; - + $fp = fsockopen("udp://".$syslogaddress, $syslogport, $errno, $errstr); if (!$fp) { return; @@ -75,8 +76,8 @@ EOF; $tmp_php = base64_decode($rowhelper['php']); if (strlen($tmp_php) > 0) { $tmp .= "// name: ".$rowhelper['name']." \n"; - $tmp .= "// description: ".$rowhelper['description']." \n\n"; - $tmp .= base64_decode($rowhelper['php']); + $tmp .= "// description: " . $rowhelper['description'] . " \n\n"; + $tmp .= preg_replace('/\r\n/', "\n", base64_decode($rowhelper['php'])); $tmp .= "\n"; } } @@ -96,21 +97,36 @@ EOF; unset($tmp); fclose($fout); - restart_service("phpservice"); - conf_mount_ro(); + phpservice_write_rcfile(); + if (is_service_running("phpservice")) { + restart_service("phpservice"); + } else { + start_service("phpservice"); + } } else { stop_service("phpservice"); + unlink_if_exists("/usr/local/etc/rc.d/phpservice.sh"); } + conf_mount_ro(); } -function phpservice_install_command() { +function phpservice_write_rcfile() { write_rcfile(array( "file" => "phpservice.sh", - "start" => "/usr/local/bin/php /usr/local/pkg/phpservice.php >> /var/log/phpservice.log &", + "start" => "/usr/local/bin/php -f /usr/local/pkg/phpservice.php >> /var/log/phpservice.log &", "stop" => "/bin/rm -f /tmp/phpmonitor.pid; sleep 3" ) ); - phpservice_sync_package(); +} + +function phpservice_custom_php_service_status_command() { + exec("/bin/pgrep -fq phpservice", $output, $retval); + return $retval; +} + +function phpservice_deinstall_command() { + rmdir_recursive("/usr/local/www/packages/phpservice"); + unlink_if_exists("/usr/local/pkg/phpservice.php"); } ?> diff --git a/config/phpservice/phpservice.priv.inc b/config/phpservice/phpservice.priv.inc new file mode 100644 index 00000000..ec10c77e --- /dev/null +++ b/config/phpservice/phpservice.priv.inc @@ -0,0 +1,38 @@ +<?php +/* + phpservice.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-phpservice'] = array(); +$priv_list['page-services-phpservice']['name'] = "WebCfg - Services: PHPService package"; +$priv_list['page-services-phpservice']['descr'] = "Allow access to PHPService package GUI"; +$priv_list['page-services-phpservice']['match'] = array(); +$priv_list['page-services-phpservice']['match'][] = "packages/phpservice/phpservice_php.php*"; +$priv_list['page-services-phpservice']['match'][] = "packages/phpservice/phpservice_php_edit.php*"; + +?> diff --git a/config/phpservice/phpservice.xml b/config/phpservice/phpservice.xml index 6bada596..f55dfe23 100644 --- a/config/phpservice/phpservice.xml +++ b/config/phpservice/phpservice.xml @@ -41,14 +41,12 @@ /* ====================================================================================== */ ]]> </copyright> - <description>PHP Service</description> - <name>PHP Service Settings</name> - <version>0.5.0</version> - <title>Settings</title> + <name>phpservice</name> + <version>0.5.2</version> + <title>PHPService</title> <include_file>/usr/local/pkg/phpservice.inc</include_file> <menu> <name>PHPService</name> - <tooltiptext>PHP Service settings.</tooltiptext> <section>Services</section> <configfile>phpservice.xml</configfile> <url>/packages/phpservice/phpservice_php.php</url> @@ -59,7 +57,7 @@ <executable>phpservice</executable> <description>PHP script as a service</description> <custom_php_service_status_command> - exec("/bin/pgrep -fq phpservice"); + phpservice_custom_php_service_status_command(); </custom_php_service_status_command> </service> <configpath>installedpackages->package->$packagename->configuration->phpservice</configpath> @@ -68,6 +66,10 @@ <item>https://packages.pfsense.org/packages/config/phpservice/phpservice.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/phpservice/phpservice.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/packages/phpservice/</prefix> <item>https://packages.pfsense.org/packages/config/phpservice/phpservice_php.php</item> </additional_files_needed> @@ -78,7 +80,7 @@ <custom_php_resync_config_command> phpservice_sync_package(); </custom_php_resync_config_command> - <custom_php_install_command> - phpservice_install_command(); - </custom_php_install_command> + <custom_php_deinstall_command> + phpservice_deinstall_command(); + </custom_php_deinstall_command> </packagegui> diff --git a/config/siproxd/siproxd.inc b/config/siproxd/siproxd.inc index 50b6e558..9eae2567 100644 --- a/config/siproxd/siproxd.inc +++ b/config/siproxd/siproxd.inc @@ -31,6 +31,7 @@ if (!function_exists("filter_configure")) { require_once("filter.inc"); } +require_once("pfsense-utils.inc"); require_once("service-utils.inc"); // Check to find out on which pfSense version the package is running @@ -42,6 +43,18 @@ if ($pfs_version == "2.1" || $pfs_version == "2.2") { define('SIPROXD', '/usr/local'); } +function install_package_siproxd() { + siproxd_create_chroot(); + /* remove rc script distributed with the package */ + unlink_if_exists(SIPROXD . '/etc/rc.d/siproxd'); +} + +function deinstall_package_siproxd() { + rmdir_recursive("/var/siproxd"); + unlink_if_exists(SIPROXD . '/etc/siproxd.conf'); + unlink_if_exists(SIPROXD . '/etc/siproxd_passwd.cfg'); +} + function sync_package_siproxd_users() { global $g, $config; conf_mount_rw(); @@ -64,23 +77,28 @@ function sync_package_siproxd_users() { function siproxd_generate_rules($type) { global $config; - $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; + if (is_array($config['installedpackages']['siproxdsettings'])) { + $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; + } else { + $siproxd_conf = array(); + } + if (!is_service_running('siproxd')) { - log_error("Siproxd is installed but not started. Not installing redirect rules."); + log_error("[siproxd] Package is installed but not started. Not installing firewall rules."); return; } /* proxy is turned off in package settings */ - if ($siproxd_conf['sipenable'] == "0") { - log_error("WARNING: siproxd proxy has not been enabled. Not installing rules."); + if ($siproxd_conf['sipenable'] != "on") { + log_error("[siproxd] WARNING: siproxd proxy has not been enabled. Not installing firewall rules."); return "\n"; } $ifaces = explode(",", $siproxd_conf['if_inbound']); $ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ifaces); - $rtplower = ($siproxd_conf['rtplower'] ? $siproxd_conf['rtplower'] : 7070); - $rtpupper = ($siproxd_conf['rtpupper'] ? $siproxd_conf['rtpupper'] : 7079); - $port = ($siproxd_conf['port'] ? $siproxd_conf['port'] : 5060); + $rtplower = $siproxd_conf['rtplower'] ?: '7070'; + $rtpupper = $siproxd_conf['rtpupper'] ?: '7079'; + $port = $siproxd_conf['port'] ?: '5060'; switch($type) { case 'nat': @@ -108,18 +126,24 @@ function siproxd_generate_rules($type) { return $rules; } -function sync_package_siproxd() { - global $config, $pfs_version; - - conf_mount_rw(); - +function siproxd_create_chroot() { $siproxd_chroot = "/var/siproxd/"; safe_mkdir($siproxd_chroot); @chown($siproxd_chroot, "nobody"); @chgrp($siproxd_chroot, "nobody"); - unlink_if_exists(SIPROXD . '/etc/rc.d/siproxd'); +} + +function sync_package_siproxd() { + global $config, $pfs_version; + + conf_mount_rw(); + siproxd_create_chroot(); - $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; + if (is_array($config['installedpackages']['siproxdsettings'])) { + $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; + } else { + $siproxd_conf = array(); + } $siproxd_conffile = SIPROXD . '/etc/siproxd.conf'; $siproxd_pwfile = SIPROXD . '/etc/siproxd_passwd.cfg'; @@ -136,9 +160,14 @@ function sync_package_siproxd() { fwrite($fout, "# This file was automatically generated by the pfSense\n"); fwrite($fout, "# package management system.\n\n"); - /* proxy is turned off in package settings */ - if ($siproxd_conf['sipenable'] == "0") { + /* if proxy is turned off in package settings, stop service, remove rc script and do nothing else */ + if ($siproxd_conf['sipenable'] != "on") { fclose($fout); + if (is_service_running('siproxd')) { + stop_service("siproxd"); + sleep(3); + } + unlink_if_exists(SIPROXD . '/etc/rc.d/siproxd.sh'); return; } @@ -147,11 +176,7 @@ function sync_package_siproxd() { } if ($siproxd_conf['if_outbound'] != "") { - if (intval($config['version']) < 6 && $config['interfaces'][$siproxd_conf['if_outbound']]['ipaddr'] == "pppoe") { - fwrite($fout, "if_outbound = ng0\n"); - } else { - fwrite($fout, "if_outbound = " . convert_friendly_interface_to_real_interface_name($siproxd_conf['if_outbound']) . "\n"); - } + fwrite($fout, "if_outbound = " . convert_friendly_interface_to_real_interface_name($siproxd_conf['if_outbound']) . "\n"); } if ($siproxd_conf['port'] != "") { @@ -286,7 +311,7 @@ function sync_package_siproxd() { sleep(3); } /* Only (re)start the service when siproxd is enabled */ - if ($siproxd_conf['sipenable'] != "0") { + if ($siproxd_conf['sipenable'] == "on") { start_service("siproxd"); sleep(3); } diff --git a/config/siproxd/siproxd.priv.inc b/config/siproxd/siproxd.priv.inc new file mode 100644 index 00000000..9980a353 --- /dev/null +++ b/config/siproxd/siproxd.priv.inc @@ -0,0 +1,42 @@ +<?php +/* + siproxd.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-siproxd'] = array(); +$priv_list['page-services-siproxd']['name'] = "WebCfg - Services: siproxd package"; +$priv_list['page-services-siproxd']['descr'] = "Allow access to siproxd package GUI"; + +$priv_list['page-services-siproxd']['match'] = array(); +$priv_list['page-services-siproxd']['match'][] = "pkg.php?xml=siproxd.xml*"; +$priv_list['page-services-siproxd']['match'][] = "pkg.php?xml=siproxdusers.xml*"; +$priv_list['page-services-siproxd']['match'][] = "pkg_edit.php?xml=siproxd.xml*"; +$priv_list['page-services-siproxd']['match'][] = "pkg_edit.php?xml=siproxdusers.xml*"; +$priv_list['page-services-siproxd']['match'][] = "siproxd_registered_phones.php*"; + +?> diff --git a/config/siproxd/siproxd.xml b/config/siproxd/siproxd.xml index e4375d8e..b0866eb1 100644 --- a/config/siproxd/siproxd.xml +++ b/config/siproxd/siproxd.xml @@ -43,25 +43,25 @@ ]]> </copyright> <name>siproxdsettings</name> - <version>1.0.6</version> + <version>1.0.7</version> <title>siproxd: Settings</title> <include_file>/usr/local/pkg/siproxd.inc</include_file> - <aftersaveredirect>/pkg_edit.php?xml=siproxd.xml&id=0</aftersaveredirect> + <aftersaveredirect>/pkg_edit.php?xml=siproxd.xml</aftersaveredirect> <menu> <name>siproxd</name> - <tooltiptext>Modify siproxd users and settings.</tooltiptext> <section>Services</section> - <url>/pkg_edit.php?xml=siproxd.xml&id=0</url> + <url>/pkg_edit.php?xml=siproxd.xml</url> </menu> <service> <name>siproxd</name> <rcfile>siproxd.sh</rcfile> <executable>siproxd</executable> + <description>Proxy/Masquerading Daemon for SIP</description> </service> <tabs> <tab> <text>Settings</text> - <url>/pkg_edit.php?xml=siproxd.xml&id=0</url> + <url>/pkg_edit.php?xml=siproxd.xml</url> <active/> </tab> <tab> @@ -82,6 +82,10 @@ <item>https://packages.pfsense.org/packages/config/siproxd/siproxd.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/siproxd/siproxd.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/</prefix> <item>https://packages.pfsense.org/packages/config/siproxd/siproxd_registered_phones.php</item> </additional_files_needed> @@ -89,23 +93,23 @@ <field> <fielddescr>Enable siproxd</fielddescr> <fieldname>sipenable</fieldname> - <description>Enable or disable siproxd</description> + <description>Enable or disable siproxd.</description> <type>checkbox</type> </field> <field> - <fielddescr>Inbound interface</fielddescr> + <fielddescr>Inbound Interface</fielddescr> <fieldname>if_inbound</fieldname> <description>Select the inbound interface.</description> <type>interfaces_selection</type> </field> <field> - <fielddescr>Outbound interface</fielddescr> + <fielddescr>Outbound Interface</fielddescr> <fieldname>if_outbound</fieldname> <description>Select the outbound interface.</description> <type>interfaces_selection</type> </field> <field> - <fielddescr>Listening port</fielddescr> + <fielddescr>Listening Port</fielddescr> <fieldname>port</fieldname> <description> <![CDATA[ @@ -114,11 +118,12 @@ ]]> </description> <type>input</type> + <default_value>5060</default_value> </field> <field> - <fielddescr>Default expiration timeout</fielddescr> + <fielddescr>Default Expiration Timeout</fielddescr> <fieldname>defaulttimeout</fieldname> - <description>If a REGISTER request dose not contain an Expires header or expires= parameter, this number of seconds will be used and reported back to the UA in the answer.</description> + <description>If a REGISTER request does not contain an Expires header or expires= parameter, this number of seconds will be used and reported back to the UA in the answer.</description> <type>input</type> </field> <field> @@ -126,38 +131,36 @@ <type>listtopic</type> </field> <field> - <fielddescr>Enable RTP proxy</fielddescr> + <fielddescr>Enable RTP Proxy</fielddescr> <fieldname>rtpenable</fieldname> - <description>Enable or disable the RTP proxy. (default is enabled)</description> + <description>Enable or disable the RTP proxy. (Default: enabled)</description> <type>select</type> <options> - <option> - <name>Enable</name> - <value>1</value> - </option> - <option> - <name>Disable</name> - <value>0</value> - </option> + <option><name>Enable</name><value>1</value></option> + <option><name>Disable</name><value>0</value></option> </options> + <default_value>1</default_value> </field> <field> - <fielddescr>RTP port range (lower)</fielddescr> + <fielddescr>RTP Port Range (Lower)</fielddescr> <fieldname>rtplower</fieldname> - <description>Enter the bottom edge of the port range siproxd will allocate for incoming RTP traffic. This range must be one not blocked by the firewall (default 7070).</description> + <description>Enter the bottom edge of the port range siproxd will allocate for incoming RTP traffic. This range must not be blocked by the firewall. (Default: 7070)</description> <type>input</type> + <default_value>7070</default_value> </field> <field> - <fielddescr>RTP port range (upper)</fielddescr> + <fielddescr>RTP Port Range (Upper)</fielddescr> <fieldname>rtpupper</fieldname> - <description>Enter the top edge of the port range siproxd will allocate for incoming RTP traffic. This range must be one not blocked by the firewall (default 7079).</description> + <description>Enter the top edge of the port range siproxd will allocate for incoming RTP traffic. This range must not be blocked by the firewall. (Default: 7079)</description> <type>input</type> + <default_value>7079</default_value> </field> <field> - <fielddescr>RTP stream timeout</fielddescr> + <fielddescr>RTP Stream Timeout</fielddescr> <fieldname>rtptimeout</fieldname> - <description>After this number of seconds, an RTP stream is considered dead and proxying it will be stopped (default 300sec).</description> + <description>After this number of seconds, an RTP stream is considered dead and proxying it will be stopped. (Default: 300sec)</description> <type>input</type> + <default_value>300</default_value> </field> <field> <name>Dejittering Settings</name> @@ -180,7 +183,7 @@ <type>listtopic</type> </field> <field> - <fielddescr>TCP inactivity timeout</fielddescr> + <fielddescr>TCP Inactivity Timeout</fielddescr> <fieldname>tcp_timeout</fieldname> <description> <![CDATA[ @@ -195,8 +198,8 @@ <fieldname>tcp_connect_timeout</fieldname> <description> <![CDATA[ - Defines How many msecs siproxd will wait for an successful connect when establishing an outgoing SIP signalling connection.<br /> - This should be kept as short as possible as waiting for an TCP connection to establish is a BLOCKING operation - while waiting for a connect to succeed no SIP messages are processed (RTP is not affected). + Defines How many msecs siproxd will wait for a successful connect when establishing an outgoing SIP signalling connection.<br /> + This should be kept as short as possible as waiting for an TCP connection to establish is a BLOCKING operation - no SIP messages are processed while waiting for a connect to succeed (RTP is not affected). ]]> </description> <type>input</type> @@ -212,19 +215,19 @@ <type>listtopic</type> </field> <field> - <fielddescr>Enable proxy authentication</fielddescr> + <fielddescr>Enable Proxy Authentication</fielddescr> <fieldname>authentication</fieldname> - <description>If this is checked, clients will be forced to authenticate themselves at the proxy (for registration only).</description> + <description>If checked, clients will be forced to authenticate themselves at the proxy (for registration only).</description> <type>checkbox</type> </field> <field> - <fielddescr>Outbound proxy hostname</fielddescr> + <fielddescr>Outbound Proxy Hostname</fielddescr> <fieldname>outboundproxyhost</fieldname> <description>Enter the hostname of an outbound proxy to send all traffic to. This is only useful if you have multiple masquerading firewalls to cross.</description> <type>input</type> </field> <field> - <fielddescr>Outbound proxy port</fielddescr> + <fielddescr>Outbound Proxy Port</fielddescr> <fieldname>outboundproxyport</fieldname> <description>Enter the port of the outbound proxy to send all traffic to. This is only useful if you have multiple masquerading firewalls to cross.</description> <type>input</type> @@ -266,7 +269,7 @@ <type>checkbox</type> </field> <field> - <fielddescr>Log redirected calls</fielddescr> + <fielddescr>Log Redirected Calls</fielddescr> <fieldname>plugin_defaulttarget_log</fieldname> <description>Log redirected calls.</description> <type>checkbox</type> @@ -371,6 +374,12 @@ <type>input</type> </field> </fields> + <custom_php_install_command> + install_package_siproxd(); + </custom_php_install_command> + <custom_php_deinstall_command> + deinstall_package_siproxd(); + </custom_php_deinstall_command> <custom_add_php_command> sync_package_siproxd(); </custom_add_php_command> @@ -378,7 +387,7 @@ sync_package_siproxd(); </custom_php_resync_config_command> <filter_rules_needed> - siproxd_generate_rules(); + siproxd_generate_rules </filter_rules_needed> <custom_php_validation_command> validate_form_siproxd($_POST, $input_errors); diff --git a/config/siproxd/siproxd_registered_phones.php b/config/siproxd/siproxd_registered_phones.php index 51eb474a..0648aa2f 100644 --- a/config/siproxd/siproxd_registered_phones.php +++ b/config/siproxd/siproxd_registered_phones.php @@ -82,7 +82,7 @@ require("head.inc"); <tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "pkg_edit.php?xml=siproxd.xml&id=0"); + $tab_array[] = array(gettext("Settings"), false, "pkg_edit.php?xml=siproxd.xml"); $tab_array[] = array(gettext("Users"), false, "pkg.php?xml=siproxdusers.xml"); $tab_array[] = array(gettext("Registered Phones"), true, "siproxd_registered_phones.php"); display_top_tabs($tab_array); diff --git a/config/siproxd/siproxdusers.xml b/config/siproxd/siproxdusers.xml index 6dd53efe..390c4f35 100644 --- a/config/siproxd/siproxdusers.xml +++ b/config/siproxd/siproxdusers.xml @@ -43,13 +43,13 @@ ]]> </copyright> <name>siproxdusers</name> - <version>1.0.6</version> + <version>1.0.7</version> <title>siproxd: Users</title> <include_file>/usr/local/pkg/siproxd.inc</include_file> <tabs> <tab> <text>Settings</text> - <url>/pkg_edit.php?xml=siproxd.xml&id=0</url> + <url>/pkg_edit.php?xml=siproxd.xml</url> </tab> <tab> <text>Users</text> @@ -61,7 +61,6 @@ <url>/siproxd_registered_phones.php</url> </tab> </tabs> - <configpath>installedpackages->package->$packagename->configuration->settings</configpath> <adddeleteeditpagefields> <columnitem> <fielddescr>Username</fielddescr> @@ -76,19 +75,19 @@ <field> <fielddescr>Username</fielddescr> <fieldname>username</fieldname> - <description>Enter the username here</description> + <description>Enter the username here.</description> <type>input</type> </field> <field> <fielddescr>Password</fielddescr> <fieldname>password</fieldname> - <description>Enter the password here</description> + <description>Enter the password here.</description> <type>password</type> </field> <field> <fielddescr>Username Description</fielddescr> <fieldname>description</fieldname> - <description>Enter the description of the user here</description> + <description>Enter the description of the user here.</description> <type>input</type> </field> </fields> diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 60959ad6..5cdd5a00 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -2934,6 +2934,7 @@ rc_start() { ### Remove the lock since we have started all interfaces if [ -f {$g['varrun_path']}/snort_pkg_starting.lck ]; then + sleep 2 /bin/rm {$g['varrun_path']}/snort_pkg_starting.lck fi } @@ -2954,8 +2955,12 @@ case $1 in rc_stop ;; restart) - rc_stop - rc_start + if [ ! -f {$g['varrun_path']}/snort_pkg_starting.lck ]; then + rc_stop + rc_start + else + /usr/bin/logger -p daemon.info -i -t SnortRestart "Ignoring RESTART command since Snort is already starting..." + fi ;; esac diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 9d20a4ab..e9e43202 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -45,7 +45,7 @@ </copyright> <description>Snort IDS/IPS Package</description> <name>Snort</name> - <version>3.2.8.2</version> + <version>3.2.9</version> <title>Services: Snort IDS</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 123661e4..929ddad1 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -5,7 +5,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009 Robert Zelaya * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2013-2014 Bill Meeks + * Copyright (C) 2013-2015 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -35,7 +35,7 @@ require_once("service-utils.inc"); require_once("/usr/local/pkg/snort/snort.inc"); require("/usr/local/pkg/snort/snort_defs.inc"); -global $g, $config, $pkg_interface, $snort_gui_include, $rebuild_rules; +global $g, $config, $pkg_interface, $snort_gui_include, $rebuild_rules, $static_output; $snortdir = SNORTDIR; $snortlibdir = SNORT_PBI_BASEDIR . "lib"; @@ -266,45 +266,56 @@ function snort_check_rule_md5($file_url, $file_dst, $desc = "") { /* error occurred. */ /**********************************************************/ - global $pkg_interface, $last_curl_error, $update_errors; + global $last_curl_error, $update_errors, $static_output; $snortdir = SNORTDIR; $filename_md5 = basename($file_dst); - if ($pkg_interface <> "console") - update_status(gettext("Downloading {$desc} md5 file...")); + update_status(gettext("Downloading {$desc} md5 file...")); + $static_output .= gettext("Downloading {$desc} md5 file..."); + update_output_window($static_output); error_log(gettext("\tDownloading {$desc} md5 file {$filename_md5}...\n"), 3, SNORT_RULES_UPD_LOGFILE); $rc = snort_download_file_url($file_url, $file_dst); // See if download from URL was successful if ($rc === true) { - if ($pkg_interface <> "console") - update_status(gettext("Done downloading {$filename_md5}.")); + update_status(gettext("Done downloading {$filename_md5}.")); + $static_output .= gettext(" done.\n"); + update_output_window($static_output); error_log("\tChecking {$desc} md5 file...\n", 3, SNORT_RULES_UPD_LOGFILE); + $static_output .= gettext("Checking {$desc} md5 file..."); + update_output_window($static_output); // check md5 hash in new file against current file to see if new download is posted if (file_exists("{$snortdir}/{$filename_md5}")) { $md5_check_new = file_get_contents($file_dst); $md5_check_old = file_get_contents("{$snortdir}/{$filename_md5}"); + $static_output .= gettext(" done.\n"); + update_output_window($static_output); if ($md5_check_new == $md5_check_old) { - if ($pkg_interface <> "console") - update_status(gettext("{$desc} are up to date...")); + update_status(gettext("{$desc} are up to date...")); log_error(gettext("[Snort] {$desc} are up to date...")); error_log(gettext("\t{$desc} are up to date.\n"), 3, SNORT_RULES_UPD_LOGFILE); + $static_output .= gettext("{$desc} are current. No update required.\n"); + update_output_window($static_output); return false; } - else + else { return true; + } } + $static_output .= gettext(" done.\n"); + update_output_window($static_output); return true; } else { error_log(gettext("\t{$desc} md5 download failed.\n"), 3, SNORT_RULES_UPD_LOGFILE); $snort_err_msg = gettext("Server returned error code {$rc}."); - if ($pkg_interface <> "console") { - update_status(gettext("{$desc} md5 error ... Server returned error code {$rc} ...")); - update_output_window(gettext("{$desc} will not be updated.\n\t{$snort_err_msg}")); - } + update_status(gettext("{$desc} md5 error ... Server returned error code {$rc} ...")); + $static_output .= gettext(" FAILED!\n"); + update_output_window($static_output); + $static_output .= gettext("{$desc} will not be updated.\n{$snort_err_msg}\n"); + update_output_window($static_output); log_error(gettext("[Snort] {$desc} md5 download failed...")); log_error(gettext("[Snort] Server returned error code {$rc}...")); error_log(gettext("\t{$snort_err_msg}\n"), 3, SNORT_RULES_UPD_LOGFILE); @@ -334,29 +345,31 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { /* FALSE if download was not successful. */ /**********************************************************/ - global $pkg_interface, $last_curl_error, $update_errors; + global $last_curl_error, $update_errors, $static_output; $snortdir = SNORTDIR; $filename = basename($file_dst); - if ($pkg_interface <> "console") - update_status(gettext("There is a new set of {$desc} posted. Downloading...")); + update_status(gettext("There is a new set of {$desc} posted. Downloading...")); log_error(gettext("[Snort] There is a new set of {$desc} posted. Downloading {$filename}...")); error_log(gettext("\tThere is a new set of {$desc} posted.\n"), 3, SNORT_RULES_UPD_LOGFILE); error_log(gettext("\tDownloading file '{$filename}'...\n"), 3, SNORT_RULES_UPD_LOGFILE); + $static_output .= gettext("There is a new set of {$desc} posted.\nDownloading {$filename}..."); + update_output_window($static_output); $rc = snort_download_file_url($file_url, $file_dst); // See if the download from the URL was successful if ($rc === true) { - if ($pkg_interface <> "console") - update_status(gettext("Done downloading {$desc} file.")); + update_status(gettext("Done downloading {$desc} file.")); log_error("[Snort] {$desc} file update downloaded successfully"); error_log(gettext("\tDone downloading rules file.\n"),3, SNORT_RULES_UPD_LOGFILE); + $static_output .= gettext(" done.\n"); + update_output_window($static_output); // Test integrity of the rules file. Turn off update if file has wrong md5 hash if ($file_md5 != trim(md5_file($file_dst))){ - if ($pkg_interface <> "console") - update_output_window(gettext("{$desc} file MD5 checksum failed...")); + $static_output .= gettext("{$desc} file MD5 checksum failed...\n"); + update_output_window($static_output); log_error(gettext("[Snort] {$desc} file download failed. Bad MD5 checksum...")); log_error(gettext("[Snort] Downloaded File MD5: " . md5_file($file_dst))); log_error(gettext("[Snort] Expected File MD5: {$file_md5}")); @@ -370,12 +383,16 @@ function snort_fetch_new_rules($file_url, $file_dst, $file_md5, $desc = "") { return true; } else { - if ($pkg_interface <> "console") - update_output_window(gettext("{$desc} file download failed...")); + $static_output .= gettext(" FAILED!\n"); + update_output_window($static_output); + $static_output .= gettext("{$desc} file download failed... server returned error '{$rc}'.\n"); + update_output_window($static_output); log_error(gettext("[Snort] {$desc} file download failed... server returned error '{$rc}'...")); error_log(gettext("\t{$desc} file download failed. Server returned error {$rc}.\n"), 3, SNORT_RULES_UPD_LOGFILE); error_log(gettext("\tThe error text was: {$last_curl_error}\n"), 3, SNORT_RULES_UPD_LOGFILE); error_log(gettext("\t{$desc} will not be updated.\n"), 3, SNORT_RULES_UPD_LOGFILE); + $static_output .= gettext("{$desc} will not be updated.\n"); + update_output_window($static_output); $update_errors = true; return false; } @@ -462,6 +479,9 @@ if ($emergingthreats == 'on') { /* Untar Snort rules file to tmp and install the rules */ if ($snortdownload == 'on') { if (file_exists("{$tmpfname}/{$snort_filename}")) { + $static_output .= gettext("Installing Sourcefire VRT rules..."); + update_output_window($static_output); + /* Currently, only FreeBSD-8-1, FreeBSD-9-0 and FreeBSD-10-0 precompiled SO rules exist from Snort.org */ /* Default to FreeBSD 8.1, and then test for FreeBSD 9.x or FreeBSD 10.x */ $freebsd_version_so = 'FreeBSD-8-1'; @@ -471,13 +491,11 @@ if ($snortdownload == 'on') { $freebsd_version_so = 'FreeBSD-10-0'; /* Remove the old Snort rules files */ + update_status(gettext("Removing old Snort VRT rules...")); $vrt_prefix = VRT_FILE_PREFIX; unlink_if_exists("{$snortdir}/rules/{$vrt_prefix}*.rules"); - if ($pkg_interface <> "console") { - update_status(gettext("Extracting Snort VRT rules...")); - update_output_window(gettext("Installing Sourcefire VRT rules...")); - } + update_status(gettext("Extracting new Snort VRT rules...")); error_log(gettext("\tExtracting and installing Snort VRT rules...\n"), 3, SNORT_RULES_UPD_LOGFILE); /* extract snort.org rules and add VRT_FILE_PREFIX prefix to all snort.org files */ safe_mkdir("{$tmpfname}/snortrules"); @@ -495,8 +513,7 @@ if ($snortdownload == 'on') { } rmdir_recursive("{$tmpfname}/snortrules"); /* Extract the Snort preprocessor rules */ - if ($pkg_interface <> "console") - update_output_window(gettext("Extracting preprocessor rules files...")); + update_status(gettext("Extracting preprocessor rules files...")); exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} preproc_rules/"); $files = glob("{$tmpfname}/preproc_rules/*.rules"); foreach ($files as $file) { @@ -505,10 +522,7 @@ if ($snortdownload == 'on') { } rmdir_recursive("{$tmpfname}/preproc_rules"); /* extract so rules */ - if ($pkg_interface <> "console") { - update_status(gettext("Extracting Snort VRT Shared Objects rules...")); - update_output_window(gettext("Installing precompiled Shared Objects rules for {$freebsd_version_so}...")); - } + update_status(gettext("Extracting Snort VRT Shared Objects rules...")); error_log(gettext("\tUsing Snort VRT precompiled SO rules for {$freebsd_version_so} ...\n"), 3, SNORT_RULES_UPD_LOGFILE); $snort_arch = php_uname("m"); $nosorules = false; @@ -523,8 +537,7 @@ if ($snortdownload == 'on') { rmdir_recursive("{$tmpfname}/so_rules/"); if ($nosorules == false) { /* extract Shared Object stub rules, rename and copy to the rules folder. */ - if ($pkg_interface <> "console") - update_status(gettext("Copying Snort VRT Shared Objects rules...")); + update_status(gettext("Copying Snort VRT Shared Objects rules...")); exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} --exclude precompiled/ --exclude src/ so_rules/"); $files = glob("{$tmpfname}/so_rules/*.rules"); foreach ($files as $file) { @@ -534,10 +547,7 @@ if ($snortdownload == 'on') { rmdir_recursive("{$tmpfname}/so_rules/"); } /* extract base etc files */ - if ($pkg_interface <> "console") { - update_status(gettext("Extracting Snort VRT config and map files...")); - update_output_window(gettext("Copying config and map files...")); - } + update_status(gettext("Extracting Snort VRT config and map files...")); exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$tmpfname} etc/"); foreach (array("classification.config", "reference.config", "gen-msg.map", "unicode.map") as $file) { if (file_exists("{$tmpfname}/etc/{$file}")) @@ -545,14 +555,12 @@ if ($snortdownload == 'on') { } rmdir_recursive("{$tmpfname}/etc"); if (file_exists("{$tmpfname}/{$snort_filename_md5}")) { - if ($pkg_interface <> "console") - update_status(gettext("Copying md5 signature to snort directory...")); + update_status(gettext("Copying md5 signature to snort directory...")); @copy("{$tmpfname}/{$snort_filename_md5}", "{$snortdir}/{$snort_filename_md5}"); } - if ($pkg_interface <> "console") { - update_status(gettext("Extraction of Snort VRT rules completed...")); - update_output_window(gettext("Installation of Sourcefire VRT rules completed...")); - } + update_status(gettext("Extraction of Snort VRT rules completed...")); + $static_output .= gettext(" done.\n"); + update_output_window($static_output); error_log(gettext("\tInstallation of Snort VRT rules completed.\n"), 3, SNORT_RULES_UPD_LOGFILE); } } @@ -561,20 +569,25 @@ if ($snortdownload == 'on') { if ($openappid_detectors == 'on') { // If we have a valid downloaded file, then first cleanup the old directory if (file_exists("{$tmpfname}/{$snort_openappid_filename}")) { + update_status(gettext("Extracting Snort OpenAppID detectors...")); + $static_output .= gettext("Installing Snort OpenAppID detectors..."); $snort_openappid_path = SNORT_APPID_ODP_PATH; rmdir_recursive("{$snort_openappid_path}odp"); error_log(gettext("\tExtracting and installing Snort OpenAppID detectors...\n"), 3, SNORT_RULES_UPD_LOGFILE); safe_mkdir(SNORT_APPID_ODP_PATH); exec("/usr/bin/tar oxzf {$tmpfname}/{$snort_openappid_filename} -C {$snort_openappid_path}"); if (file_exists("{$tmpfname}/{$snort_openappid_filename_md5}")) { - if ($pkg_interface <> "console") - update_status(gettext("Copying md5 signature to snort directory...")); + update_status(gettext("Copying md5 signature to snort directory...")); @copy("{$tmpfname}/{$snort_openappid_filename_md5}", "{$snortdir}/{$snort_openappid_filename_md5}"); } - if ($pkg_interface <> "console") { - update_status(gettext("Extraction of Snort OpenAppID detectors completed...")); - update_output_window(gettext("Installation of Snort OpenAppID detectors completed...")); + if (!is_dir("{$snort_openappid_path}custom")) { + safe_mkdir("{$snort_openappid_path}custom"); + safe_mkdir("{$snort_openappid_path}custom/lua"); + touch("{$snort_openappid_path}custom/userappid.conf"); } + update_status(gettext("Extraction of Snort OpenAppID detectors completed...")); + $static_output .= gettext(" done.\n"); + update_output_window($static_output); unlink_if_exists("{$tmpfname}/{$snort_openappid_filename}"); error_log(gettext("\tInstallation of Snort OpenAppID detectors completed.\n"), 3, SNORT_RULES_UPD_LOGFILE); } @@ -584,10 +597,9 @@ if ($openappid_detectors == 'on') { if ($snortcommunityrules == 'on') { safe_mkdir("{$tmpfname}/community"); if (file_exists("{$tmpfname}/{$snort_community_rules_filename}")) { - if ($pkg_interface <> "console") { - update_status(gettext("Extracting Snort GPLv2 Community Rules...")); - update_output_window(gettext("Installing Snort GPLv2 Community Rules...")); - } + update_status(gettext("Extracting Snort GPLv2 Community Rules...")); + $static_output .= gettext("Installing Snort GPLv2 Community Rules...\n"); + update_output_window($static_output); error_log(gettext("\tExtracting and installing Snort GPLv2 Community Rules...\n"), 3, SNORT_RULES_UPD_LOGFILE); exec("/usr/bin/tar xzf {$tmpfname}/{$snort_community_rules_filename} -C {$tmpfname}/community/"); @@ -603,14 +615,12 @@ if ($snortcommunityrules == 'on') { } /* Copy snort community md5 sig to snort dir */ if (file_exists("{$tmpfname}/{$snort_community_rules_filename_md5}")) { - if ($pkg_interface <> "console") - update_status(gettext("Copying md5 signature to snort directory...")); + update_status(gettext("Copying md5 signature to snort directory...")); @copy("{$tmpfname}/{$snort_community_rules_filename_md5}", "{$snortdir}/{$snort_community_rules_filename_md5}"); } - if ($pkg_interface <> "console") { - update_status(gettext("Extraction of Snort GPLv2 Community Rules completed...")); - update_output_window(gettext("Installation of Snort GPLv2 Community Rules file completed...")); - } + update_status(gettext("Extraction of Snort GPLv2 Community Rules completed...")); + $static_output .= gettext(" done.\n"); + update_output_window($static_output); error_log(gettext("\tInstallation of Snort GPLv2 Community Rules completed.\n"), 3, SNORT_RULES_UPD_LOGFILE); rmdir_recursive("{$tmpfname}/community/"); } @@ -620,22 +630,23 @@ if ($snortcommunityrules == 'on') { if ($emergingthreats == 'on') { safe_mkdir("{$tmpfname}/emerging"); if (file_exists("{$tmpfname}/{$emergingthreats_filename}")) { - if ($pkg_interface <> "console") { - update_status(gettext("Extracting {$et_name} rules...")); - update_output_window(gettext("Installing {$et_name} rules...")); - } + update_status(gettext("Extracting {$et_name} rules...")); + $static_output .= gettext("Installing {$et_name} rules..."); + update_output_window($static_output); error_log(gettext("\tExtracting and installing {$et_name} rules...\n"), 3, SNORT_RULES_UPD_LOGFILE); exec("/usr/bin/tar xzf {$tmpfname}/{$emergingthreats_filename} -C {$tmpfname}/emerging rules/"); /* Remove the old Emerging Threats rules files */ $eto_prefix = ET_OPEN_FILE_PREFIX; $etpro_prefix = ET_PRO_FILE_PREFIX; + update_status(gettext("Removing old {$et_name} files...")); unlink_if_exists("{$snortdir}/rules/{$eto_prefix}*.rules"); unlink_if_exists("{$snortdir}/rules/{$etpro_prefix}*.rules"); unlink_if_exists("{$snortdir}/rules/{$eto_prefix}*ips.txt"); unlink_if_exists("{$snortdir}/rules/{$etpro_prefix}*ips.txt"); $files = glob("{$tmpfname}/emerging/rules/*.rules"); + update_status(gettext("Copying new {$et_name} files...")); foreach ($files as $file) { $newfile = basename($file); if ($etpro == "on") @@ -664,14 +675,12 @@ if ($emergingthreats == 'on') { /* Copy emergingthreats md5 sig to snort dir */ if (file_exists("{$tmpfname}/{$emergingthreats_filename_md5}")) { - if ($pkg_interface <> "console") - update_status(gettext("Copying md5 signature to snort directory...")); + update_status(gettext("Copying md5 signature to snort directory...")); @copy("{$tmpfname}/{$emergingthreats_filename_md5}", "{$snortdir}/{$emergingthreats_filename_md5}"); } - if ($pkg_interface <> "console") { - update_status(gettext("Extraction of {$et_name} rules completed...")); - update_output_window(gettext("Installation of {$et_name} rules completed...")); - } + update_status(gettext("Extraction of {$et_name} rules completed...")); + $static_output .= gettext(" done.\n"); + update_output_window($static_output); error_log(gettext("\tInstallation of {$et_name} rules completed.\n"), 3, SNORT_RULES_UPD_LOGFILE); rmdir_recursive("{$tmpfname}/emerging/"); } @@ -710,8 +719,7 @@ function snort_apply_customizations($snortcfg, $if_real) { if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules == 'on') { - if ($pkg_interface <> "console") - update_status(gettext('Copying new config and map files...')); + update_status(gettext('Copying new config and map files...')); error_log(gettext("\tCopying new config and map files...\n"), 3, SNORT_RULES_UPD_LOGFILE); /******************************************************************/ @@ -757,10 +765,9 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = foreach ($config['installedpackages']['snortglobal']['rule'] as $id => $value) { $if_real = get_real_interface($value['interface']); $tmp = "Updating rules configuration for: " . convert_friendly_interface_to_friendly_descr($value['interface']) . " ..."; - if ($pkg_interface <> "console"){ - update_status(gettext($tmp)); - update_output_window(gettext("Please wait while Snort interface files are updated...")); - } + update_status(gettext($tmp)); + $static_output .= gettext($tmp . "..."); + update_output_window($static_output); // Make sure the interface subdirectory and required sub-directories exists. // We need to re-create them during a pkg reinstall for the intial rules set @@ -783,13 +790,14 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = $tmp .= convert_friendly_interface_to_friendly_descr($value['interface']) . "...\n"; } error_log($tmp, 3, SNORT_RULES_UPD_LOGFILE); + $static_output .= gettext(" done.\n"); + update_output_window($static_output); } } else { - if ($pkg_interface <> "console") { - update_output_window(gettext("Warning: No interfaces configured for Snort were found...")); - update_output_window(gettext("No interfaces currently have Snort configured and enabled on them...")); - } + $static_output .= gettext("Warning: No interfaces configured for Snort were found...\n"); + $static_output .= gettext("No interfaces currently have Snort configured and enabled on them.\n"); + update_output_window($static_output); error_log(gettext("\tWarning: No interfaces configured for Snort were found...\n"), 3, SNORT_RULES_UPD_LOGFILE); } @@ -798,24 +806,19 @@ if ($snortdownload == 'on' || $emergingthreats == 'on' || $snortcommunityrules = /* Restart snort if running, and not in post-install, so as to pick up the new rules. */ if (!$g['snort_postinstall'] && is_service_running("snort") && count($config['installedpackages']['snortglobal']['rule']) > 0) { - if ($pkg_interface <> "console") { - update_status(gettext('Restarting Snort to activate the new set of rules...')); - update_output_window(gettext("Please wait ... restarting Snort will take some time...")); - } + update_status(gettext('Restarting Snort to activate the new set of rules...')); + $static_output .= gettext("Restarting Snort..."); + update_output_window($static_output); error_log(gettext("\tRestarting Snort to activate the new set of rules...\n"), 3, SNORT_RULES_UPD_LOGFILE); touch("{$g['varrun_path']}/snort_pkg_starting.lck"); snort_restart_all_interfaces(TRUE); sleep(3); unlink_if_exists("{$g['varrun_path']}/snort_pkg_starting.lck"); - if ($pkg_interface <> "console") - update_output_window(gettext("Snort has restarted with your new set of rules...")); + $static_output .= gettext(" done.\n"); + update_output_window($static_output); log_error(gettext("[Snort] Snort has restarted with your new set of rules...")); error_log(gettext("\tSnort has restarted with your new set of rules.\n"), 3, SNORT_RULES_UPD_LOGFILE); } - else { - if ($pkg_interface <> "console") - update_output_window(gettext("The rules update task is complete...")); - } } elseif ($openappid_detectors == 'on') { /**************************************************************************************/ @@ -823,33 +826,31 @@ elseif ($openappid_detectors == 'on') { /* Restart snort if running, and not in post-install, so as to pick up the detectors. */ /**************************************************************************************/ if (!$g['snort_postinstall'] && is_service_running("snort") && count($config['installedpackages']['snortglobal']['rule']) > 0) { - if ($pkg_interface <> "console") { - update_status(gettext('Restarting Snort to activate the new OpenAppID detectors...')); - update_output_window(gettext("Please wait ... restarting Snort will take some time...")); - } + update_status(gettext('Restarting Snort to activate the new OpenAppID detectors...')); + $static_output .= gettext("Restarting Snort..."); + update_output_window($static_output); error_log(gettext("\tRestarting Snort to activate the new OpenAppID detectors...\n"), 3, SNORT_RULES_UPD_LOGFILE); touch("{$g['varrun_path']}/snort_pkg_starting.lck"); snort_restart_all_interfaces(TRUE); sleep(2); unlink_if_exists("{$g['varrun_path']}/snort_pkg_starting.lck"); - if ($pkg_interface <> "console") - update_output_window(gettext("Snort has restarted with your new set of OpenAppID detectors...")); + $static_output .= gettext(" done.\n"); + update_output_window($static_output); log_error(gettext("[Snort] Snort has restarted with your new set of OpenAppID detectors...")); error_log(gettext("\tSnort has restarted with your new set of OpenAppID detectors.\n"), 3, SNORT_RULES_UPD_LOGFILE); } - else { - if ($pkg_interface <> "console") - update_output_window(gettext("The rules update task is complete...")); - } } /* remove $tmpfname files */ if (is_dir("{$tmpfname}")) { + $static_output .= gettext("Cleaning up temp dirs and files..."); + update_output_window($static_output); rmdir_recursive($tmpfname); + $static_output .= gettext(" done.\n"); + update_output_window($static_output); } -if ($pkg_interface <> "console") - update_status(gettext("The Rules update has finished...")); +update_status(gettext("The Rules update has finished.")); log_error(gettext("[Snort] The Rules update has finished.")); error_log(gettext("The Rules update has finished. Time: " . date("Y-m-d H:i:s"). "\n\n"), 3, SNORT_RULES_UPD_LOGFILE); diff --git a/config/snort/snort_conf_template.inc b/config/snort/snort_conf_template.inc index 6b362ce5..2ee3e72c 100644 --- a/config/snort/snort_conf_template.inc +++ b/config/snort/snort_conf_template.inc @@ -48,6 +48,9 @@ config event_queue: max_queue 8 log 5 order_events content_length # Configure to show year in timestamps config show_year +# Configure IPv6 address logging in unified2 extra data +config log_ipv6_extra_data + # Configure protocol aware flushing # # For more information see README.stream5 # {$paf_max_pdu_config} diff --git a/config/snort/snort_defs.inc b/config/snort/snort_defs.inc index ac09db44..961e8696 100644 --- a/config/snort/snort_defs.inc +++ b/config/snort/snort_defs.inc @@ -54,7 +54,7 @@ if (!defined("SNORT_BIN_VERSION")) { if (!empty($snortver)) define("SNORT_BIN_VERSION", $snortver); else - define("SNORT_BIN_VERSION", "2.9.7.5"); + define("SNORT_BIN_VERSION", "2.9.7.6"); } if (!defined("SNORT_SID_MODS_PATH")) define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/"); diff --git a/config/snort/snort_frag3_engine.php b/config/snort/snort_frag3_engine.php index 9489bf16..33f06a87 100644 --- a/config/snort/snort_frag3_engine.php +++ b/config/snort/snort_frag3_engine.php @@ -187,6 +187,9 @@ if ($_POST['save']) { /* Now write the new engine array to conf */ write_config("Snort pkg: modified frag3 engine settings."); + // We have saved a preproc config change, so set "dirty" flag + mark_subsystem_dirty('snort_preprocessors'); + header("Location: /snort/snort_preprocessors.php?id={$id}#frag3_row"); exit; } diff --git a/config/snort/snort_ftp_client_engine.php b/config/snort/snort_ftp_client_engine.php index f462efa8..2f3cd1bd 100644 --- a/config/snort/snort_ftp_client_engine.php +++ b/config/snort/snort_ftp_client_engine.php @@ -218,6 +218,9 @@ if ($_POST['save']) { /* Now write the new engine array to conf */ write_config("Snort pkg: modified ftp_telnet_client engine settings."); + // We have saved a preproc config change, so set "dirty" flag + mark_subsystem_dirty('snort_preprocessors'); + header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts"); exit; } diff --git a/config/snort/snort_ftp_server_engine.php b/config/snort/snort_ftp_server_engine.php index cb9abc9c..7f3e5a10 100644 --- a/config/snort/snort_ftp_server_engine.php +++ b/config/snort/snort_ftp_server_engine.php @@ -189,6 +189,9 @@ if ($_POST['save']) { /* Now write the new engine array to conf */ write_config("Snort pkg: modified ftp_telnet_server engine settings."); + // We have saved a preproc config change, so set "dirty" flag + mark_subsystem_dirty('snort_preprocessors'); + header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts"); exit; } diff --git a/config/snort/snort_generate_conf.php b/config/snort/snort_generate_conf.php index 646697bf..a0b5d425 100644 --- a/config/snort/snort_generate_conf.php +++ b/config/snort/snort_generate_conf.php @@ -896,6 +896,9 @@ EOD; $appid_memcap = $snortcfg['sf_appid_mem_cap'] * 1024 * 1024; $appid_params = "app_detector_dir " . rtrim(SNORT_APPID_ODP_PATH, '/') . ", \\\n\tmemcap {$appid_memcap}"; if ($snortcfg['sf_appid_statslog'] == "on") { + if (!file_exists("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/app-stats.log")) { + touch("{$snortlogdir}/snort_{$if_real}{$snort_uuid}/app-stats.log"); + } $appid_params .= ", \\\n\tapp_stats_filename app-stats.log"; $appid_params .= ", \\\n\tapp_stats_period {$snortcfg['sf_appid_stats_period']}"; $appid_params .= ", \\\n\tapp_stats_rollover_size " . strval($config['installedpackages']['snortglobal']['appid_stats_log_limit_size'] * 1024); @@ -1271,7 +1274,7 @@ if ($snortcfg['host_attribute_table'] == "on" && !empty($snortcfg['host_attribut $http_inspect_global = "preprocessor http_inspect: global "; if ($snortcfg['http_inspect'] == "off") $http_inspect_global .= "disabled "; -$http_inspect_global .= "\\\n\tiis_unicode_map unicode.map 1252 \\\n"; +$http_inspect_global .= "\\\n\tiis_unicode_map {$snortdir}/unicode.map 1252 \\\n"; $http_inspect_global .= "\tcompress_depth 65535 \\\n"; $http_inspect_global .= "\tdecompress_depth 65535 \\\n"; if (!empty($snortcfg['http_inspect_memcap'])) @@ -1291,7 +1294,7 @@ $http_inspect_default_engine = array( "name" => "default", "bind_to" => "all", " "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on", "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on", "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200, "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, - "max_header_length" => 0, "ports" => "default" ); + "max_header_length" => 0, "ports" => "default", "decompress_swf" => "off", "decompress_pdf" => "off" ); $http_ports = str_replace(",", " ", snort_expand_port_range($snort_ports['http_ports'])); $http_inspect_servers = ""; @@ -1385,6 +1388,10 @@ if ($snortcfg['http_inspect'] <> "off") { $http_inspect_servers .= " \\\n\tlog_uri"; if ($v['log_hostname'] == "on") $http_inspect_servers .= " \\\n\tlog_hostname"; + if ($v['decompress_swf'] == "on") + $http_inspect_servers .= " \\\n\tdecompress_swf"; + if ($v['decompress_pdf'] == "on") + $http_inspect_servers .= " \\\n\tdecompress_pdf"; // Add a pair of trailing newlines to terminate this server config $http_inspect_servers .= "\n\n"; diff --git a/config/snort/snort_httpinspect_engine.php b/config/snort/snort_httpinspect_engine.php index c7680892..55bdb5a7 100644 --- a/config/snort/snort_httpinspect_engine.php +++ b/config/snort/snort_httpinspect_engine.php @@ -1,7 +1,7 @@ <?php /* * snort_httpinspect_engine.php - * Copyright (C) 2013-2014 Bill Meeks + * Copyright (C) 2013-2015 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -66,7 +66,7 @@ if (empty($a_nat[$eng_id])) { "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on", "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on", "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200, "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, - "max_header_length" => 0, "ports" => "default" ); + "max_header_length" => 0, "ports" => "default", "decompress_swf" => "off", "decompress_pdf" => "off" ); // See if this is initial entry and set to "default" if true if ($eng_id < 1) { $def['name'] = "default"; @@ -124,6 +124,10 @@ else { $pconfig['max_spaces'] = 0; if (empty($pconfig['max_header_length'])) $pconfig['max_header_length'] = 0; + if (empty($pconfig['decompress_swf'])) + $pconfig['decompress_swf'] = "off"; + if (empty($pconfig['decompress_pdf'])) + $pconfig['decompress_pdf'] = "off"; } if ($_POST['Cancel']) { @@ -259,6 +263,8 @@ if ($_POST['save']) { $engine['normalize_javascript'] = $_POST['httpinspect_normalize_javascript'] ? 'on' : 'off'; $engine['allow_proxy_use'] = $_POST['httpinspect_allow_proxy_use'] ? 'on' : 'off'; $engine['inspect_uri_only'] = $_POST['httpinspect_inspect_uri_only'] ? 'on' : 'off'; + $engine['decompress_swf'] = $_POST['httpinspect_decompress_swf'] ? 'on' : 'off'; + $engine['decompress_pdf'] = $_POST['httpinspect_decompress_pdf'] ? 'on' : 'off'; // Can only have one "all" Bind_To address if ($engine['bind_to'] == "all" && $engine['name'] <> "default") { @@ -298,6 +304,9 @@ if ($_POST['save']) { // Now write the new engine array to conf write_config("Snort pkg: modified http_inspect engine settings."); + // We have saved a preproc config change, so set "dirty" flag + mark_subsystem_dirty('snort_preprocessors'); + header("Location: /snort/snort_preprocessors.php?id={$id}#httpinspect_row"); exit; } @@ -528,6 +537,24 @@ if ($savemsg) <strong><?php echo gettext("Checked");?></strong>.</td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Decompress SWF");?></td> + <td width="78%" class="vtable"><input name="httpinspect_decompress_swf" + type="checkbox" value="on" id="httpinspect_decompress_swf" + <?php if ($pconfig['decompress_swf']=="on") echo "checked";?>> + <?php echo gettext("Uncompress and inspect Shockwave Flash data in HTTP response. " . + "Default is ");?> + <strong><?php echo gettext("Not Checked");?></strong>.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Decompress PDF");?></td> + <td width="78%" class="vtable"><input name="httpinspect_decompress_pdf" + type="checkbox" value="on" id="httpinspect_decompress_pdf" + <?php if ($pconfig['decompress_pdf']=="on") echo "checked";?>> + <?php echo gettext("Uncompress and inspect PDF data in HTTP response. " . + "Default is ");?> + <strong><?php echo gettext("Not Checked");?></strong>.</td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Normalize Cookies");?></td> <td width="78%" class="vtable"><input name="httpinspect_normalize_cookies" type="checkbox" value="on" id="httpinspect_normalize_cookies" diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index 0d41c7db..41864a4f 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -4,7 +4,7 @@ * * Copyright (C) 2008-2009 Robert Zelaya. * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2014 Bill Meeks + * Copyright (C) 2015 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -269,7 +269,8 @@ if ($_POST["save"] && !$input_errors) { "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on", "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on", "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200, - "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default" ); + "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default", + "decompress_swf" => "off", "decompress_pdf" => "off" ); $ftp_client_eng = array( "name" => "default", "bind_to" => "all", "max_resp_len" => 256, "telnet_cmds" => "no", "ignore_telnet_erase_cmds" => "yes", diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index edcbb2d5..a0cf24fe 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -254,7 +254,8 @@ foreach ($rule as &$r) { "unlimited_decompress" => "on", "inspect_gzip" => "on", "normalize_cookies" =>"on", "normalize_headers" => "on", "normalize_utf" => "on", "normalize_javascript" => "on", "allow_proxy_use" => "off", "inspect_uri_only" => "off", "max_javascript_whitespaces" => 200, - "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default" ); + "post_depth" => -1, "max_headers" => 0, "max_spaces" => 0, "max_header_length" => 0, "ports" => "default", + "decompress_swf" => "off", "decompress_pdf" => "off" ); // Ensure sensible default values exist for global HTTP_INSPECT parameters if (empty($pconfig['http_inspect'])) diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index bbb2642c..486cd462 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -43,7 +43,7 @@ require_once("functions.inc"); require_once("/usr/local/pkg/snort/snort.inc"); require("/usr/local/pkg/snort/snort_defs.inc"); -global $config, $g, $rebuild_rules, $pkg_interface, $snort_gui_include; +global $config, $g, $rebuild_rules, $pkg_interface, $snort_gui_include, $static_output; $snortdir = SNORTDIR; $snortlogdir = SNORTLOGDIR; @@ -180,11 +180,12 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { /****************************************************************/ /* Do one-time settings migration for new multi-engine configurations */ - update_output_window(gettext("Please wait... migrating settings to new configuration...")); + $static_output .= gettext("\nMigrating settings to new configuration..."); + update_output_window($static_output); include('/usr/local/pkg/snort/snort_migrate_config.php'); - update_output_window(gettext("Please wait... rebuilding installation with saved settings...")); - log_error(gettext("[Snort] Downloading and updating configured rule types...")); - update_output_window(gettext("Please wait... downloading and updating configured rule sets...")); + $static_output .= gettext(" done.\n"); + update_output_window($static_output); + log_error(gettext("[Snort] Downloading and updating configured rule sets...")); if ($pkg_interface <> "console") $snort_gui_include = true; include('/usr/local/pkg/snort/snort_check_for_rule_updates.php'); @@ -198,7 +199,8 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { $if_real = get_real_interface($snortcfg['interface']); $snort_uuid = $snortcfg['uuid']; $snortcfgdir = "{$snortdir}/snort_{$snort_uuid}_{$if_real}"; - update_output_window(gettext("Generating configuration for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "...")); + $static_output .= gettext("Generating configuration for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "..."); + update_output_window($static_output); // Pull in the PHP code that generates the snort.conf file // variables that will be substituted further down below. @@ -224,10 +226,17 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { // Create barnyard2.conf file for interface if ($snortcfg['barnyard_enable'] == 'on') snort_generate_barnyard2_conf($snortcfg, $if_real); + + $static_output .= gettext(" done.\n"); + update_output_window($static_output); } /* create snort bootup file snort.sh */ + $static_output .= gettext("Generating snort.sh script in {$rcdir}..."); + update_output_window($static_output); snort_create_rc(); + $static_output .= gettext(" done.\n"); + update_output_window($static_output); /* Set Log Limit, Block Hosts Time and Rules Update Time */ snort_snortloglimit_install_cron(true); @@ -248,12 +257,14 @@ if ($config['installedpackages']['snortglobal']['forcekeepsettings'] == 'on') { if (!($g['booting'])) { if ($pkg_interface <> "console") { update_status(gettext("Starting Snort using rebuilt configuration...")); + $static_output .= gettext("Starting Snort as a background task using the rebuilt configuration... "); mwexec_bg("{$rcdir}snort.sh start"); - update_output_window(gettext("Snort is starting as a background task using the rebuilt configuration...")); + update_output_window($static_output); } else mwexec_bg("{$rcdir}snort.sh start"); } + update_status(""); } /* We're finished with conf partition mods, return to read-only */ diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php index dd8ec660..76582763 100755 --- a/config/snort/snort_preprocessors.php +++ b/config/snort/snort_preprocessors.php @@ -263,6 +263,9 @@ if ($_GET['act'] == "import" && isset($_GET['varname']) && !empty($_GET['varvalu // Now retrieve the "selected alias" returned from SELECT ALIAS page $pconfig[$_GET['varname']] = htmlspecialchars($_GET['varvalue']); + + // We have made a preproc config change, so set "dirty" flag + mark_subsystem_dirty('snort_preprocessors'); } // Handle deleting of any of the multiple configuration engines @@ -397,7 +400,7 @@ if ($_POST['ResetAll']) { $savemsg = gettext("All preprocessor settings have been reset to their defaults."); } -if ($_POST['save']) { +if ($_POST['save'] || $_POST['apply']) { $natent = array(); $natent = $pconfig; @@ -590,6 +593,9 @@ if ($_POST['save']) { /* Sync to configured CARP slaves if any are enabled */ snort_sync_on_changes(); + // We have saved changes, so clear "dirty" flag + clear_subsystem_dirty('snort_preprocessors'); + /* after click go to this page */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); @@ -619,6 +625,10 @@ if ($_POST['btn_import']) { $a_nat[$id]['max_attribute_services_per_host'] = $pconfig['max_attribute_services_per_host']; write_config("Snort pkg: imported Host Attribute Table data for {$a_nat[$id]['interface']}."); } + + // We have made a preproc config change, so set "dirty" flag + mark_subsystem_dirty('snort_preprocessors'); + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); @@ -675,6 +685,11 @@ if ($savemsg) { <form action="snort_preprocessors.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> <input name="id" type="hidden" value="<?=$id;?>"/> <input name="eng_id" id="eng_id" type="hidden" value=""/> + +<?php if (is_subsystem_dirty('snort_preprocessors')): ?><p> +<?php print_info_box_np(gettext("A change has been made to the preprocessors configuration.") . "<br/>" . gettext("Click SAVE when finished to apply the change to the Snort configuration."));?> +<?php endif; ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> <?php diff --git a/config/snort/snort_stream5_engine.php b/config/snort/snort_stream5_engine.php index 89b0bc02..e501de9f 100644 --- a/config/snort/snort_stream5_engine.php +++ b/config/snort/snort_stream5_engine.php @@ -330,6 +330,9 @@ if ($_POST['save']) { /* Now write the new engine array to conf */ write_config("Snort pkg: save modified stream5 engine."); + // We have saved a preproc config change, so set "dirty" flag + mark_subsystem_dirty('snort_preprocessors'); + header("Location: /snort/snort_preprocessors.php?id={$id}#stream5_row"); exit; } diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index aee85bcd..b7eb9889 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -41,12 +41,6 @@ require_once('service-utils.inc'); if (!function_exists("filter_configure")) { require_once("filter.inc"); } -/* Squid reverse proxy */ -require_once('/usr/local/pkg/squid_reverse.inc'); -/* Squid javascript helpers */ -require_once('/usr/local/pkg/squid_js.inc'); -/* Squid antivirus intergration features helpers */ -require_once('/usr/local/pkg/squid_antivirus.inc'); $shortcut_section = "squid"; @@ -77,6 +71,13 @@ if ($uname['machine'] == 'amd64') { ini_set('memory_limit', '250M'); } +/* Squid reverse proxy */ +require_once('/usr/local/pkg/squid_reverse.inc'); +/* Squid javascript helpers */ +require_once('/usr/local/pkg/squid_js.inc'); +/* Squid antivirus intergration features helpers */ +require_once('/usr/local/pkg/squid_antivirus.inc'); + /* * Utility functions */ @@ -1222,9 +1223,14 @@ EOD; foreach ($real_ifaces as $iface) { list($ip, $mask) = $iface; $ip = long2ip(ip2long($ip) & ip2long($mask)); - $mask = 32-log((ip2long($mask) ^ ip2long('255.255.255.255'))+1,2); + $mask = 32 - log((ip2long($mask) ^ ip2long('255.255.255.255')) +1, 2); if (!preg_match("@$ip/$mask@", $src)) { - $src .= " $ip/$mask"; + // XXX: Do not add invalid subnets (Bug #4331, Bug #4526) + if (is_subnet("{$ip}/{$mask}")) { + $src .= " $ip/$mask"; + } else { + log_error("[squid] 'Allow Users on Interface' ACL skipped for '{$ip}/{$mask}' since it is not a valid subnet."); + } } } $conf .= "# Allow local network(s) on interface(s)\n"; diff --git a/config/systempatches/patches.inc b/config/systempatches/patches.inc index 92825799..1c6ea4ba 100644 --- a/config/systempatches/patches.inc +++ b/config/systempatches/patches.inc @@ -175,6 +175,11 @@ function is_github_url($url) { function bootup_apply_patches() { global $config; + if (!isset($config['installedpackages']['patches']['item']) || + !is_array($config['installedpackages']['patches']['item'])) { + $config['installedpackages']['patches']['item'] = array(); + } + $a_patches = &$config['installedpackages']['patches']['item']; foreach ($a_patches as $patch) { diff --git a/config/systempatches/systempatches.xml b/config/systempatches/systempatches.xml index 61f3df84..01501df7 100644 --- a/config/systempatches/systempatches.xml +++ b/config/systempatches/systempatches.xml @@ -43,7 +43,7 @@ </copyright> <description>System Patches applies patches supplied by the user to the firewall.</description> <name>System Patches</name> - <version>1.0.6</version> + <version>1.0.8</version> <title>System: Patches</title> <include_file>/usr/local/pkg/patches.inc</include_file> <menu> diff --git a/config/zabbix2/zabbix2.inc b/config/zabbix2/zabbix2-agent.inc index 9b5f3ed3..4aa0d5f7 100644 --- a/config/zabbix2/zabbix2.inc +++ b/config/zabbix2/zabbix2-agent.inc @@ -1,6 +1,6 @@ <?php /* - zabbix2.inc + zabbix2-agent.inc part of pfSense (https://www.pfSense.org/) Copyright (C) 2013 Danilo G. Baio Copyright (C) 2013 Marcello Coutinho @@ -77,50 +77,7 @@ function php_deinstall_zabbix2_agent() { } } -function php_deinstall_zabbix2_proxy() { - global $config, $g; - - $pfs_version = php_zabbix2_pfs_version(); - $zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version); - - if ($pfs_version == "2.1" || $pfs_version == "2.2") { - define('ZABBIX_PROXY_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-proxy-' . php_uname("m")); - } else { - define('ZABBIX_PROXY_BASE', '/usr/local'); - } - - exec("/usr/bin/killall zabbix_proxy"); - unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_proxy.conf"); - unlink_if_exists("/var/log/zabbix2/zabbix_proxy.log"); - unlink_if_exists("/var/run/zabbix2/zabbix2_proxy.pid"); - - if (!is_array($config['installedpackages']['zabbixagent'])) { - if (is_dir("/var/log/zabbix2")) { - exec("/bin/rm -r /var/log/zabbix2/"); - } - if (is_dir("/var/run/zabbix2")) { - exec("/bin/rm -r /var/run/zabbix2/"); - } - } - - if (is_dir("/var/db/zabbix2")) { - exec("/bin/rm -r /var/db/zabbix2/"); - } -} - -function validate_input_zabbix2($post, &$input_errors) { - if (isset($post['proxyenabled'])) { - if (!is_numericint($post['serverport'])) { - $input_errors[] = "'Server Port' value is not numeric."; - } elseif ($post['serverport'] < 1 || $post['serverport'] > 65535) { - $input_errors[] = "You must enter a valid value for 'Server Port'."; - } - - if (!is_numericint($post['configfrequency'])) { - $input_errors[] = "'Config Frequency' value is not numeric."; - } - } - +function validate_input_zabbix2_agent($post, &$input_errors) { if (isset($post['agentenabled'])) { if (!preg_match("/\w+/", $post['server'])) { $input_errors[] = "Server field is required."; @@ -186,7 +143,7 @@ function validate_input_zabbix2($post, &$input_errors) { } } -function sync_package_zabbix2() { +function sync_package_zabbix2_agent() { global $config, $g; conf_mount_rw(); @@ -195,38 +152,10 @@ function sync_package_zabbix2() { if ($pfs_version == "2.1" || $pfs_version == "2.2") { define('ZABBIX_AGENT_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-agent-' . php_uname("m")); - define('ZABBIX_PROXY_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-proxy-' . php_uname("m")); } else { define('ZABBIX_AGENT_BASE', '/usr/local'); - define('ZABBIX_PROXY_BASE', '/usr/local'); } - // Check zabbix proxy config - if (is_array($config['installedpackages']['zabbixproxy'])) { - $zbproxy_config = $config['installedpackages']['zabbixproxy']['config'][0]; - if ($zbproxy_config['proxyenabled'] == "on") { - $Mode = (is_numericint($zbproxy_config['proxymode']) ? $zbproxy_config['proxymode'] : 0); - $AdvancedParams = base64_decode($zbproxy_config['advancedparams']); - - $zbproxy_conf_file = <<< EOF -Server={$zbproxy_config['server']} -ServerPort={$zbproxy_config['serverport']} -Hostname={$zbproxy_config['hostname']} -PidFile=/var/run/zabbix2/zabbix2_proxy.pid -DBName=/var/db/zabbix2/proxy.db -LogFile=/var/log/zabbix2/zabbix_proxy.log -ConfigFrequency={$zbproxy_config['configfrequency']} -FpingLocation=/usr/local/sbin/fping -# There's currently no fping6 (IPv6) dependency in the package, -# but if there was, the binary would likely also be in /usr/local/sbin. -Fping6Location=/usr/local/sbin/fping6 -ProxyMode={$Mode} -{$AdvancedParams} - -EOF; - file_put_contents(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => ""))); - } - } // Check zabbix agent settings if (is_array($config['installedpackages']['zabbixagent'])) { $zbagent_config = $config['installedpackages']['zabbixagent']['config'][0]; @@ -310,8 +239,8 @@ EOF; // Check startup script files // Create a few directories and ensure the sample files are in place - if (!is_dir(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base)) { - mwexec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base); + if (!is_dir(ZABBIX_AGENT_BASE . "/etc/" . $zabbix2_pkg_base)) { + mwexec("/bin/mkdir -p " . ZABBIX_AGENT_BASE . "/etc/" . $zabbix2_pkg_base); } $dir_checks = <<< EOF @@ -336,29 +265,6 @@ EOF; EOF; - $zproxy_rcfile = "/usr/local/etc/rc.d/zabbix2_proxy.sh"; - if (is_array($zbproxy_config) && $zbproxy_config['proxyenabled'] == "on") { - $zproxy_start = strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Proxy\"...\n"; - $zproxy_start .= ZABBIX_PROXY_BASE . "/sbin/zabbix_proxy\n"; - - $zproxy_stop = "echo \"Stopping Zabbix Proxy\"\n"; - $zproxy_stop .= "/usr/bin/killall zabbix_proxy\n"; - $zproxy_stop .= "/bin/sleep 5\n"; - - write_rcfile(array( - "file" => "zabbix2_proxy.sh", - "start" => $zproxy_start, - "stop" => $zproxy_stop - ) - ); - restart_service("zabbix_proxy"); - } else { - if (is_service_running("zabbix_proxy")) { - stop_service("zabbix_proxy"); - } - unlink_if_exists($zproxy_rcfile); - } - $zagent_rcfile="/usr/local/etc/rc.d/zabbix2_agentd.sh"; if (is_array($zbagent_config) && $zbagent_config['agentenabled']=="on") { $zagent_start .= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Agent...\"\n"; @@ -374,7 +280,11 @@ EOF; "stop" => $zagent_stop ) ); - restart_service("zabbix_agentd"); + if (is_service_running("zabbix_agentd")) { + restart_service("zabbix_agentd"); + } else { + start_service("zabbix_agentd"); + } } else { if (is_service_running("zabbix_agentd")) { stop_service("zabbix_agentd"); diff --git a/config/zabbix2/zabbix2-agent.xml b/config/zabbix2/zabbix2-agent.xml index e02caefc..be081603 100644 --- a/config/zabbix2/zabbix2-agent.xml +++ b/config/zabbix2/zabbix2-agent.xml @@ -45,13 +45,13 @@ <name>zabbixagent</name> <title>Services: Zabbix-2 Agent</title> <category>Monitoring</category> - <version>0.8.4</version> - <include_file>/usr/local/pkg/zabbix2.inc</include_file> - <addedit_string>Zabbix Agent has been created/modified.</addedit_string> - <delete_string>Zabbix Agent has been deleted.</delete_string> + <version>0.8.5</version> + <include_file>/usr/local/pkg/zabbix2-agent.inc</include_file> + <addedit_string>Zabbix Agent configuration has been created/modified.</addedit_string> + <delete_string>Zabbix Agent configuration has been deleted.</delete_string> <restart_command>/usr/local/etc/rc.d/zabbix2_agentd.sh restart</restart_command> <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2.inc</item> + <item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-agent.inc</item> <prefix>/usr/local/pkg/</prefix> </additional_files_needed> <additional_files_needed> @@ -204,14 +204,11 @@ <advancedfield/> </field> </fields> - <custom_php_install_command> - sync_package_zabbix2(); - </custom_php_install_command> <custom_php_validation_command> - validate_input_zabbix2($_POST, $input_errors); + validate_input_zabbix2_agent($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> - sync_package_zabbix2(); + sync_package_zabbix2_agent(); </custom_php_resync_config_command> <custom_php_deinstall_command> php_deinstall_zabbix2_agent(); diff --git a/config/zabbix2/zabbix2-proxy.inc b/config/zabbix2/zabbix2-proxy.inc new file mode 100644 index 00000000..aa21b817 --- /dev/null +++ b/config/zabbix2/zabbix2-proxy.inc @@ -0,0 +1,244 @@ +<?php +/* + zabbix2-proxy.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Danilo G. Baio + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once("util.inc"); +require_once("functions.inc"); +require_once("pkg-utils.inc"); +require_once("globals.inc"); + +function php_zabbix2_pfs_version() { + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + return $pfs_version; +} + +function php_zabbix2_pkg_base($pfs_version) { + if ($pfs_version >= 2.2) { + // pfSense 2.2 with zabbix 2.4 + $zabbix2_pkg_base = "zabbix24"; + } else { + // pfSense 2.1 with zabbix 2.2 + $zabbix2_pkg_base = "zabbix22"; + } + return $zabbix2_pkg_base; +} + +function php_deinstall_zabbix2_proxy() { + global $config, $g; + + $pfs_version = php_zabbix2_pfs_version(); + $zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version); + + if ($pfs_version == "2.1" || $pfs_version == "2.2") { + define('ZABBIX_PROXY_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-proxy-' . php_uname("m")); + } else { + define('ZABBIX_PROXY_BASE', '/usr/local'); + } + + exec("/usr/bin/killall zabbix_proxy"); + unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_proxy.conf"); + unlink_if_exists("/var/log/zabbix2/zabbix_proxy.log"); + unlink_if_exists("/var/run/zabbix2/zabbix2_proxy.pid"); + + if (!is_array($config['installedpackages']['zabbixagent'])) { + if (is_dir("/var/log/zabbix2")) { + exec("/bin/rm -r /var/log/zabbix2/"); + } + if (is_dir("/var/run/zabbix2")) { + exec("/bin/rm -r /var/run/zabbix2/"); + } + if (is_dir("/var/db/zabbix2")) { + exec("/bin/rm -r /var/db/zabbix2/"); + } + } +} + +function validate_input_zabbix2_proxy($post, &$input_errors) { + if (isset($post['proxyenabled'])) { + if (!is_numericint($post['serverport'])) { + $input_errors[] = "'Server Port' value is not numeric."; + } elseif ($post['serverport'] < 1 || $post['serverport'] > 65535) { + $input_errors[] = "You must enter a valid value for 'Server Port'."; + } + + if (!preg_match("/\w+/", $post['hostname'])) { + $input_errors[] = "Hostname field is required."; + } + + if (!is_numericint($post['configfrequency'])) { + $input_errors[] = "'Config Frequency' value is not numeric."; + } + } +} + +function sync_package_zabbix2_proxy() { + global $config, $g; + + conf_mount_rw(); + $pfs_version = php_zabbix2_pfs_version(); + $zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version); + + if ($pfs_version == "2.1" || $pfs_version == "2.2") { + define('ZABBIX_PROXY_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-proxy-' . php_uname("m")); + } else { + define('ZABBIX_PROXY_BASE', '/usr/local'); + } + + // Check zabbix proxy config + if (is_array($config['installedpackages']['zabbixproxy'])) { + $zbproxy_config = $config['installedpackages']['zabbixproxy']['config'][0]; + if ($zbproxy_config['proxyenabled'] == "on") { + $Mode = (is_numericint($zbproxy_config['proxymode']) ? $zbproxy_config['proxymode'] : 0); + $AdvancedParams = base64_decode($zbproxy_config['advancedparams']); + + $zbproxy_conf_file = <<< EOF +Server={$zbproxy_config['server']} +ServerPort={$zbproxy_config['serverport']} +Hostname={$zbproxy_config['hostname']} +PidFile=/var/run/zabbix2/zabbix2_proxy.pid +DBName=/var/db/zabbix2/proxy.db +LogFile=/var/log/zabbix2/zabbix_proxy.log +ConfigFrequency={$zbproxy_config['configfrequency']} +FpingLocation=/usr/local/sbin/fping +# There's currently no fping6 (IPv6) dependency in the package, +# but if there was, the binary would likely also be in /usr/local/sbin. +Fping6Location=/usr/local/sbin/fping6 +ProxyMode={$Mode} +{$AdvancedParams} + +EOF; + file_put_contents(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => ""))); + } + } + + $want_sysctls = array( + 'kern.ipc.shmall' => '2097152', + 'kern.ipc.shmmax' => '2147483648', + 'kern.ipc.semmsl' => '250' + ); + $sysctls = array(); + // Check sysctl file values + $sc_file=""; + if (file_exists("/etc/sysctl.conf")) { + $sc = file("/etc/sysctl.conf"); + foreach ($sc as $line) { + list($sysk, $sysv) = explode("=", $line, 2); + if (preg_match("/\w/", $line) && !array_key_exists($sysk, $want_sysctls)) { + $sc_file .= $line; + } + } + } + foreach ($want_sysctls as $ws => $wv) { + $sc_file .= "{$ws}={$wv}\n"; + mwexec("/sbin/sysctl {$ws}={$wv}"); + } + file_put_contents("/etc/sysctl.conf", $sc_file); + + // Check bootloader values + $lt_file = ""; + $want_tunables = array( + 'kern.ipc.semopm' => '100', + 'kern.ipc.semmni' => '128', + 'kern.ipc.semmns' => '32000', + 'kern.ipc.shmmni' => '4096' + ); + $tunables = array(); + if (file_exists("/boot/loader.conf")) { + $lt = file("/boot/loader.conf"); + foreach ($lt as $line) { + list($tunable, $val) = explode("=", $line, 2); + if (preg_match("/\w/", $line) && !array_key_exists($tunable, $want_tunables)) { + $lt_file .= $line; + } + } + } + foreach ($want_tunables as $wt => $wv) { + $lt_file .= "{$wt}={$wv}\n"; + } + file_put_contents("/boot/loader.conf", $lt_file); + + // Check startup script files + // Create a few directories and ensure the sample files are in place + if (!is_dir(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base)) { + mwexec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base); + } + + $dir_checks = <<< EOF + + if [ ! -d /var/log/zabbix2 ]; then + /bin/mkdir -p /var/log/zabbix2 + /usr/sbin/chmod 755 /var/log/zabbix2 + fi + /usr/sbin/chown -R zabbix:zabbix /var/log/zabbix2 + + if [ ! -d /var/run/zabbix2 ]; then + /bin/mkdir -p /var/run/zabbix2 + /usr/sbin/chmod 755 /var/run/zabbix2 + fi + /usr/sbin/chown -R zabbix:zabbix /var/run/zabbix2 + + if [ ! -d /var/db/zabbix2 ]; then + /bin/mkdir -p /var/db/zabbix2 + /usr/sbin/chmod 755 /var/db/zabbix2 + fi + /usr/sbin/chown -R zabbix:zabbix /var/db/zabbix2 + +EOF; + + $zproxy_rcfile = "/usr/local/etc/rc.d/zabbix2_proxy.sh"; + if (is_array($zbproxy_config) && $zbproxy_config['proxyenabled'] == "on") { + $zproxy_start = strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Proxy\"...\n"; + $zproxy_start .= ZABBIX_PROXY_BASE . "/sbin/zabbix_proxy\n"; + + $zproxy_stop = "echo \"Stopping Zabbix Proxy\"\n"; + $zproxy_stop .= "/usr/bin/killall zabbix_proxy\n"; + $zproxy_stop .= "/bin/sleep 5\n"; + + write_rcfile(array( + "file" => "zabbix2_proxy.sh", + "start" => $zproxy_start, + "stop" => $zproxy_stop + ) + ); + if (is_service_running("zabbix_proxy")) { + restart_service("zabbix_proxy"); + } else { + start_service("zabbix_proxy"); + } + } else { + if (is_service_running("zabbix_proxy")) { + stop_service("zabbix_proxy"); + } + unlink_if_exists($zproxy_rcfile); + } + + conf_mount_ro(); +} + +?> diff --git a/config/zabbix2/zabbix2-proxy.xml b/config/zabbix2/zabbix2-proxy.xml index 398c3df4..c39bbdc6 100644 --- a/config/zabbix2/zabbix2-proxy.xml +++ b/config/zabbix2/zabbix2-proxy.xml @@ -45,13 +45,13 @@ <name>zabbixproxy</name> <title>Services: Zabbix-2 Proxy</title> <category>Monitoring</category> - <version>0.8.4</version> - <include_file>/usr/local/pkg/zabbix2.inc</include_file> - <addedit_string>Zabbix Proxy has been created/modified.</addedit_string> - <delete_string>Zabbix Proxy has been deleted.</delete_string> + <version>0.8.5</version> + <include_file>/usr/local/pkg/zabbix2-proxy.inc</include_file> + <addedit_string>Zabbix Proxy configuration has been created/modified.</addedit_string> + <delete_string>Zabbix Proxy configuration has been deleted.</delete_string> <restart_command>/usr/local/etc/rc.d/zabbix2_proxy.sh restart</restart_command> <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2.inc</item> + <item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-proxy.inc</item> <prefix>/usr/local/pkg/</prefix> </additional_files_needed> <additional_files_needed> @@ -148,14 +148,11 @@ <advancedfield/> </field> </fields> - <custom_php_install_command> - sync_package_zabbix2(); - </custom_php_install_command> <custom_php_validation_command> - validate_input_zabbix2($_POST, $input_errors); + validate_input_zabbix2_proxy($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> - sync_package_zabbix2(); + sync_package_zabbix2_proxy(); </custom_php_resync_config_command> <custom_php_deinstall_command> php_deinstall_zabbix2_proxy(); |